WO2023039871A1 - Procédé, appareil, dispositif et système de surveillance de données - Google Patents

Procédé, appareil, dispositif et système de surveillance de données Download PDF

Info

Publication number
WO2023039871A1
WO2023039871A1 PCT/CN2021/119269 CN2021119269W WO2023039871A1 WO 2023039871 A1 WO2023039871 A1 WO 2023039871A1 CN 2021119269 W CN2021119269 W CN 2021119269W WO 2023039871 A1 WO2023039871 A1 WO 2023039871A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
client
encrypted
server
target
Prior art date
Application number
PCT/CN2021/119269
Other languages
English (en)
Chinese (zh)
Inventor
刘军飞
关洪军
Original Assignee
海能达通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 海能达通信股份有限公司 filed Critical 海能达通信股份有限公司
Priority to PCT/CN2021/119269 priority Critical patent/WO2023039871A1/fr
Publication of WO2023039871A1 publication Critical patent/WO2023039871A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • the present invention relates to the field of data processing, more specifically, to a data monitoring method, device, equipment and system.
  • the data transmitted between devices is not encrypted, the data can be monitored directly based on the transmitted data, but when the transmitted data is encrypted, because the encryption password is unknown, the transmitted data cannot be decrypted, and thus the actual transmitted data cannot be obtained And realize the monitoring of data, reduce the reliability of data transmission.
  • the present invention provides a data monitoring method, device, equipment and system to solve the problem that the monitoring function of transmitted encrypted data cannot be realized and the reliability of data transmission is reduced.
  • a data monitoring method applied to a server comprising:
  • the target call In the case where the target call is monitored, obtain user information of a client subscribed to monitor the target call;
  • the encrypted call subscription monitoring message includes a target call identifier
  • acquiring user information of a client subscribed to monitor the target call includes:
  • the target call includes a target group call or a target individual call.
  • a data monitoring method applied to a client comprising:
  • the call key information is when the server monitors that there is a target call Next, obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can configure the call key based on the user information obtained after being encrypted and sent to the server;
  • the receiving server before the call key information sent by the receiving server, it also includes:
  • the encrypted call subscription monitoring message includes a target call identifier
  • the data monitoring method also includes:
  • the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists
  • the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  • a data monitoring device applied to a server comprising:
  • An information acquisition module configured to acquire user information of a client subscribed to monitor the target call when the target call is detected
  • a data encryption module configured to send the user information to a call control terminal corresponding to the target call, so that the call control terminal encrypts a call key based on the user information to obtain encrypted call key information, and sent to said server;
  • a data forwarding module configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information, get call key;
  • a call monitoring module configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call encryption
  • the encryption key is used to decrypt the encrypted call content data to obtain the call content data.
  • a data monitoring device, an application client, the data monitoring device includes:
  • the decryption module is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key;
  • the call key information is the In the case of a target call, obtain user information of the client subscribed to monitor the target call, and send the user information to a call control terminal corresponding to the target call, so that the call control terminal is based on the user
  • the information is obtained by encrypting the call key and sending it to the server;
  • the monitoring module is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data.
  • a data monitoring device comprising: a memory and a processor
  • the memory is used to store programs
  • the processor invokes the program and is used to execute the above data monitoring method.
  • a data monitoring system comprising a server for executing the above data monitoring method, and a client for executing the above data monitoring method.
  • a storage medium includes a stored program, wherein when the program is running, the device where the storage medium is located is controlled to execute the above data monitoring method.
  • the present invention has the following beneficial effects:
  • the present invention provides a data monitoring method, device, equipment and system.
  • a target call When a target call is monitored, the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the target call.
  • the corresponding call control terminal so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and Sending the call key information to the client, so that the client decrypts the call key information based on the user information to obtain a call key, and obtains the encrypted key information transmitted during the target call.
  • call content data and send the encrypted call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data .
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • Fig. 1 is a method flowchart of a data monitoring method provided by an embodiment of the present invention
  • FIG. 2 is a method flowchart of another data monitoring method provided by an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a scene of a data monitoring method provided by an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of another data monitoring method provided by an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a data monitoring device provided by an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of another data monitoring device provided by an embodiment of the present invention.
  • the data transmitted between devices is not encrypted, the data can be monitored directly based on the transmitted data, but when the transmitted data is encrypted, because the encryption password is unknown, the transmitted data cannot be decrypted, and thus the actual transmitted data cannot be obtained And realize the monitoring of data, reduce the reliability of data transmission.
  • the inventors found that when data is encrypted, the transmitted data cannot be decrypted because the encryption password is unknown. If the encryption password can be obtained, the transmitted data can be decrypted, thereby realizing data monitoring.
  • the present invention provides a data monitoring method, device, device, and system.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the The call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information, and sends it to the server, and receives the call key information , and send the call key information to the client, so that the client decrypts the call key information based on the user information, obtains the call key, and obtains the the encrypted call content data, and send the encrypted call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain Call content data.
  • the server sends the call key used by the encrypted data during the call to the client, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actually transmitted call content data.
  • the special encryption ensures that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • an embodiment of the present invention provides a data monitoring method applied to a server, and the server in this embodiment may be a mission-critical MCS server.
  • the invention can be applied to the field of mobile communication such as call monitoring under the encrypted situation of 3GPP key task end-to-end call.
  • the data monitoring method may include:
  • the target call may be a target group call or a target individual call, that is, in this embodiment, the group call or individual call may be monitored.
  • the server can pre-set the call monitoring function of the client. Specifically, before monitoring the existence of the target call, it also includes:
  • the encrypted call subscription monitoring message includes a target call identifier. That is to say, if a certain client wants to monitor a certain call, it can determine the target call to be monitored, and then send an encrypted call subscription monitoring message including the target call identifier of the target call to the server.
  • the target call ID can be:
  • target A and target B when target A calls with target B, such as the user numbers of A and B;
  • either a single call or a group call can be monitored.
  • the server is provided with an association relationship between the client and the authority to monitor the call, and the server inquires whether the client has the authority to monitor the target call from the above association relationship.
  • the target call is a call that the client can monitor, then send a successful subscription response message to the client, and record the client and the encrypted call subscription monitoring message.
  • the server starts listening to the call and confirms whether there is a client subscription to listen to the upcoming call or the ongoing call.
  • one client can subscribe to monitor multiple calls, and one call can also be subscribed and monitored by multiple clients.
  • the server will record the subscription message and monitor whether there is a call that is subscribed to monitor.
  • obtaining the user information of the client that subscribes to monitor the target call includes:
  • a target call when a target call is received, it is first determined whether there is a client monitoring the call, and if so, a client with the monitoring authority of the target call is determined, and then the client is sent A user information acquisition request is sent to the client, so that the client feeds back the user information of the client.
  • the user information of the client with monitoring authority may also be directly stored in the server.
  • User information can be information such as client name, identity mark, communication address, etc., so that when user information is needed, it can be obtained directly.
  • the user information may also be carried when the client sends the subscription monitoring message, or it may be sent separately in other business processes.
  • the number of clients is not limited, and may be one or multiple, that is, at least one client may monitor the same call.
  • the client In order to implement call monitoring, the client needs to obtain the call key used in the call process, and in order to ensure the security of the transmitted information, it is also necessary to ensure that other clients cannot obtain the call key. Furthermore, in this embodiment, the user information of the client may be used to encrypt the call key. Since the user information of the client is known only to the client and not to other clients, the client in this embodiment can decrypt the call key information encrypted with the user information to obtain the call key. At the same time, other clients cannot decrypt, ensuring the security of the encrypted data transmitted.
  • the call control terminal In order to use the user information of the client to encrypt the call key, the call control terminal needs to obtain the user information.
  • the server sends the user information to the call control terminal corresponding to the target call, so that all The call control end encrypts the call key based on the user information to obtain encrypted call key information.
  • the call control terminal may be the calling terminal.
  • the call control terminal may be a GMS agent terminal of the group management server in the group call, such as a group management server.
  • the call control terminal After the call control terminal obtains the encrypted call key information, it will send the call key information to the server, and the server will send the call key information to the client.
  • the client after receiving the call key information sent by the server, the client uses its own user information to decrypt the call key information to obtain the call key, and then can use the call key to The encrypted call content data is decrypted to obtain the call content data, so as to monitor the call content data, and output warning information in time when there are sensitive words in the call content data.
  • the encrypted call content data will be transmitted through the server.
  • the server will send the encrypted call content data to the client, so that the client can use the call
  • the key decrypts the encrypted call content data to obtain the call content data, realizing the monitoring of the transmitted data.
  • the server obtains the user information of each client and sends it to the call control terminal, and the call control terminal encrypts the key based on the user information respectively and then sends it to the server, and the server Then send them to the corresponding clients respectively. Subsequently, the server sends the obtained call content data to each client respectively, so that each client uses the call key to decrypt the encrypted call content data to obtain the call content data, thereby realizing the transmission of data. monitoring.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • the data monitoring method includes:
  • S21 Receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key; In the case of , obtain the user information of the client that subscribes to monitor the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can make calls based on the user information
  • the key is obtained after being encrypted and sent to the server.
  • the server before receiving the call key information sent by the server, it also includes:
  • the encrypted call subscription monitoring message includes a target call identifier
  • the data monitoring method also includes:
  • the server sends the user information of the client to the call control terminal corresponding to the target call when the server detects that the target call exists
  • the The call control end encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • Step 1 Monitoring terminal 1 and monitoring terminal 2 send a subscription request to the MCS server.
  • monitoring terminal 1 UE-DL1
  • monitoring terminal 2 UE-DL2
  • UE-DL1 monitoring terminal 1
  • UE-DL2 monitoring terminal 2
  • one listening terminal alone initiates the request, for example, only the listening terminal 1 (UE-DL1) initiates the encrypted call subscription monitoring of the user.
  • Step 2 The MCS server performs an authorization check, and sends subscription confirmation information to the monitoring terminal 1 and the monitoring terminal 2.
  • the MCS server After the MCS server receives the subscription request for careful monitoring of encrypted calls, it conducts an authorization check, specifically checking whether the corresponding terminal is configured with monitoring authority. After the authority check is passed, the encrypted call monitoring subscription context is recorded locally, and encrypted call subscription success response messages are sent back to the monitoring terminals UE-DL1 and UE-DL2 respectively.
  • monitoring terminal 1 UE-DL1
  • monitoring terminal 2 UE-DL2
  • UE-O the calling terminal
  • UE-T the called terminal Single call between
  • Step 3 The calling terminal initiates a call request to the called party to the MCS server.
  • the request carries identification numbers of the calling terminal UE-O and the called terminal UE-T.
  • the calling terminal UE-O decides to initiate a voice or video encrypted single call to the terminal UE-T.
  • the calling terminal UE-O locally generates a PCK (Private Call Key, private call key), and sends the session initiation protocol
  • the invitation message SIP invite (SIP: Session Initial Protocol, session initiation protocol) carries mikey (PCK, UE-T) to the MCS server.
  • Step 4 The MCS server initiates a call request to the called party.
  • the MCS server receives and processes the invite message and forwards it to the called terminal UE-T, and the called terminal UE-T decrypts mikey(PCK, UE-T) to obtain the single call key PCK.
  • the MCS server checks the local encrypted call subscription monitoring context, and determines that monitoring terminal 1 and monitoring terminal 2 have subscribed to the call monitoring.
  • Step 5 The MCS server sends the call key acquisition request of the monitoring terminal to the calling terminal.
  • the MCS server sends a request message for obtaining a call key to the calling terminal, where the key request message includes user information of the monitoring terminal 1 and the monitoring terminal 2 .
  • Step 6 The calling terminal sends a response message carrying the encryption key usable by the monitoring terminal to the MCS server.
  • the calling terminal UE-O encrypts the single call key of this call based on the user information of the monitoring terminal 1 (UE-DL1) and the monitoring terminal 2 (UE-DL2), and generates the encryption key of the monitoring terminal 1 and the monitoring terminal 1.
  • the encryption key of terminal 2 is then sent to the server through a response message.
  • the calling terminal after receiving the message, the calling terminal encrypts the PCK with the user information of the listening terminal 1 (UE-DL1) and the listening terminal 2 (UE-DL2), and sends a message carrying mikey (PCK, UE-DL1) and mikey (PCK, UE-DL2) to the MCS server.
  • Steps 7-8 The MCS server sends a monitor call request to monitor terminal 1 and monitor terminal 2 .
  • the MCS server forwards the secret key information mikey (PCK, UE-DL1) and mikey (PCK, UE-DL2) to the monitoring terminal 1 (UE- DL1) and the monitoring terminal 2 (UE-DL2), specifically forward the encryption key mikey (PCK, UE-DL1) to the monitoring terminal 1, and the encryption key mikey (PCK, UE-DL2) to the monitoring terminal 2.
  • the monitoring terminals UE-DL1 and UE-DL2 respectively use their own user information to decrypt the mikey information, and take out the private call key PCK.
  • Step 9 The called terminal sends a call response to the MCS server.
  • Step 10 The MCS server sends the call response to the calling terminal.
  • Step 11 The calling terminal sends a call second handshake response to the MCS server.
  • Step 12 The MCS server sends a call second handshake response to the called terminal.
  • the called terminal UE-T sends a call signaling SIP:18X/200 to the MCS server, and the call information may be to accept a single call, reject a single call, or report progress.
  • the MCS server forwards the message to the calling terminal UE-O, and the calling terminal UE-O sends the call second handshake response message to the MCS server after receiving it, and the MCS server forwards the call second handshake response message to the calling terminal UE-T.
  • Steps 13-14 the monitoring terminal sends a call response to the MCS server.
  • Steps 15-16 The MCS server sends a call second handshake response to the monitoring terminal.
  • the monitoring terminals UE-DL1/UE-DL2 respectively send call signaling SIP:18X/200 to the MCS server, and the MCS server sends call second handshake response messages to the terminal UE-DL1/UE-DL2 respectively.
  • steps 9-16 are a normal communication process between two devices during data transmission.
  • Step 17 The calling terminal sends SRTP to the MCS server.
  • Steps 18-20 The MCS server sends SRTP to the called terminal and the listening terminal.
  • the speaking party is speaking (may be the calling terminal or the called terminal), in this embodiment, the speaking party is the calling terminal as an example.
  • the MCS server forwards the SRTP (Security Secure Real-time Transport Protocol, secure RTP protocol) encrypted media sent by the calling terminal to the called terminal, and the MCS server also forwards the SRTP encrypted media to the monitoring terminal 1/2 respectively, and the monitoring terminal receives the encrypted media After that, the PCK is used for decryption and playback, so that monitoring can be realized based on the decrypted content.
  • SRTP Security Secure Real-time Transport Protocol, secure RTP protocol
  • steps 5-8 and corresponding steps 13-14 may be performed after the call negotiation between the calling terminal and the called terminal is completed and the call service is officially started. That is, the server checks whether there is a monitoring subscription after confirming that the call negotiation is successful, and does not check the subscription monitoring status for a call that fails in negotiation or is rejected by the called party.
  • the group call monitoring process is similar to the single call monitoring process. In this embodiment, only a brief introduction is made to the group call process, as follows:
  • Step 1-2
  • Monitoring terminal 1 UE-DL1
  • monitoring terminal 2 UE-DL2
  • the MCS server After receiving the subscription message, the MCS server performs an authorization check. After the authorization check passes, the local Record the encrypted call subscription monitoring context, and send back the careful monitoring encrypted call subscription success response message to the monitoring terminals UE-DL1 and UE-DL2 respectively.
  • the calling terminal UE-O decides to initiate a voice or video encrypted single call to the group.
  • UE-O obtains the GMK, and sends a group call request.
  • SIP invite carries mikey (GMK, group) to the MCS server, and the MCS server receives After the invite message is processed, it is forwarded to the group called terminal UE-Ts, and UE-Ts uses the group secret key to decrypt mikey(GMK, group) to obtain the secret key GMK.
  • the MCS server checks the local encrypted call subscription monitoring context, and determines that the monitoring terminals UE-DL1 and UE-DL2 have subscribed to user or group monitoring.
  • the MCS server sends the monitoring terminal key to the group management server.
  • the group management server replies the monitoring terminal key response information to the MCS server. It should be noted that, in this embodiment, for the single call mode, the calling terminal may generate a key for the monitoring terminal to perform the monitoring function.
  • the group management server may generate a key for the interception terminal to perform the interception function.
  • the group management server After receiving the message, the group management server encrypts the GMK with UE-DL1 and UE-DL2 user information respectively, and sends the message carrying mikey(GMK, UE-DL1) and mikey(GMK, UE-DL2) to the MCS server.
  • the MCS server After receiving the GMS monitoring key response message, the MCS server forwards the encryption key mikey (GMK, UE-DL1) to the terminal UE-DL1, and the encryption key mikey (GMK, UE-DL2) to the terminal UE-DL2; the terminal UE -DL1 and UE-DL2 use their own key material to decrypt the mikey information and take out the key GMK.
  • Terminals UE-Ts each send a call response (including acceptance/rejection/progress) to MCS-Server, such as call signaling SIP: 18X/200, and the MCS server will process it after receiving it, and send a call response to terminal UE-O, such as SIP : 18X/200.
  • MCS-Server such as call signaling SIP: 18X/200
  • terminal UE-O After receiving it, the terminal UE-O sends a call second handshake response message to the MCS server, and the MCS server also sends a call second handshake response message to the called terminal of each group member.
  • the monitoring terminals UE-DL1/UE-DL2 each send a call response (including acceptance/rejection/progress) to the MCS server, such as call signaling SIP: 18X/200, and the MCS server sends a second call handshake response message to the terminal UE-DL1 respectively /UE-DL2.
  • a call response including acceptance/rejection/progress
  • the MCS server sends a second call handshake response message to the terminal UE-DL1 respectively /UE-DL2.
  • the MCS server forwards the SRTP encrypted media to the receiver in the group, and the MCS server also forwards the SRTP encrypted media to the listening terminal For UE-DL1/UE-DL2, after receiving the encrypted media, the monitoring terminal uses GMK to decrypt and play.
  • an MCX client authorized by the system can effectively monitor an end-to-end encrypted call, such as a single call between two terminals, or a group call between multiple terminals. In the case of ensuring high security, it can also provide monitoring function to optimize user experience.
  • another embodiment of the present invention provides a data monitoring device, which is applied to a server.
  • the data monitoring device includes:
  • An information acquisition module 11 configured to acquire user information of a client subscribed to monitor the target call when the target call is detected;
  • a data encryption module 12 configured to send the user information to the call control terminal corresponding to the target call, so that the call control terminal encrypts the call key based on the user information to obtain encrypted call key information , and sent to the server;
  • a data forwarding module 13 configured to receive the call key information, and send the call key information to the client, so that the client decrypts the call key information based on the user information , get the calling key;
  • a call monitoring module 14 configured to obtain encrypted call content data transmitted during the target call, and send the encrypted call content data to the client, so that the client uses the call
  • the key decrypts the encrypted call content data to obtain the call content data.
  • a subscription information receiving module configured to receive an encrypted call subscription monitoring message sent by the client; the encrypted call subscription monitoring message includes a target call identifier;
  • An authority determining module configured to determine whether the client has the authority to monitor the target call corresponding to the target call identifier
  • a subscription message sending module configured to send a successful subscription response message to the client if yes, and record the client and the encrypted call subscription monitoring message.
  • information acquisition module 11 is specifically used for:
  • the target call includes a target group call or a target individual call.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • another embodiment of the present invention provides a data monitoring device, an application client, referring to FIG. 6, the data monitoring device includes:
  • the decryption module 21 is configured to receive the call key information sent by the server, and decrypt the call key information based on the user information of the client to obtain the call key;
  • the call key information is the When there is a target call, obtain the user information of the client subscribed to listen to the target call, and send the user information to the call control terminal corresponding to the target call, so that the call control terminal can based on the The user information is obtained by encrypting the call key and sending it to the server;
  • the monitoring module 22 is configured to receive the encrypted call content data transmitted during the target call sent by the server, and use the call key to decrypt the encrypted call content data to obtain the call content data .
  • the monitoring subscription module is configured to send an encrypted call subscription monitoring message to the server; receive the successful subscription response information sent by the server when it is determined that the client has the right to monitor the target call corresponding to the target call identifier;
  • the encrypted call subscription monitoring message includes the target call identifier.
  • a request receiving module configured to receive a user information acquisition request sent by the server when it is determined that the client has the monitoring authority of the target call;
  • an information sending module configured to send the user information of the client to the server, so that the server sends the user information of the client to the corresponding
  • the call control terminal encrypts the call key based on the user information to obtain encrypted call key information and sends it to the server.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.
  • another embodiment of the present invention provides a data monitoring device, which is characterized in that it includes: a memory and a processor;
  • the memory is used to store programs
  • the processor invokes the program and is used to execute the above data monitoring method.
  • another embodiment of the present invention provides a data monitoring system, including a system for executing the above-mentioned data monitoring method applied to a server The server, and the client of the above-mentioned data monitoring method applied to the client.
  • another embodiment of the present invention provides a storage medium, the storage medium includes a stored program, wherein When the program is running, control the device where the storage medium is located to execute the above data monitoring method.
  • the user information of the client subscribed to monitor the target call is obtained, and the user information is sent to the call control terminal corresponding to the target call, so that the call
  • the control terminal encrypts the call key information based on the user information to obtain encrypted call key information, and sends it to the server, receives the call key information, and sends the call key information to the client terminal, so that the client terminal decrypts the call key information based on the user information, obtains a call key, obtains the encrypted call content data transmitted during the target call, and stores the encrypted Send the call content data to the client, so that the client uses the call key to decrypt the encrypted call content data to obtain the call content data.
  • the server sends the client the call key used to encrypt the data during the call after special encryption, and then the client can use the call key to decrypt the encrypted call content data during the call to obtain the actual
  • the transmitted call content data is specially encrypted to ensure that only the client can decrypt the encryption key, which not only realizes the monitoring during encrypted data transmission, but also improves the reliability of data transmission.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Procédé, appareil, dispositif et système de surveillance de données. Un terminal de commande d'appel crypte une clé d'appel sur la base d'informations d'utilisateur d'un client pour obtenir des informations de clé d'appel, et transfère la clé d'appel à un client au moyen d'un serveur, de sorte que le client obtienne la clé d'appel ; le serveur obtient des données de contenu d'appel cryptées transmises pendant un appel cible, et transfère les données de contenu d'appel cryptées au client, de sorte que le client décrypte les données de contenu d'appel cryptées au moyen de la clé d'appel pour obtenir des données de contenu d'appel ; le serveur envoie au client une clé d'appel soumise à un cryptage spécial et utilisée par des données cryptées pendant l'appel, de sorte que le client puisse utiliser la clé d'appel pour décrypter les données de contenu d'appel qui sont cryptées pendant l'appel, de façon à obtenir des données de contenu d'appel réellement transmises. Le cryptage spécial garantit que seul le client peut décrypter une clé de cryptage, c'est-à-dire que la surveillance pendant la transmission de données cryptées est réalisée, et la fiabilité de transmission de données est améliorée.
PCT/CN2021/119269 2021-09-18 2021-09-18 Procédé, appareil, dispositif et système de surveillance de données WO2023039871A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/119269 WO2023039871A1 (fr) 2021-09-18 2021-09-18 Procédé, appareil, dispositif et système de surveillance de données

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/119269 WO2023039871A1 (fr) 2021-09-18 2021-09-18 Procédé, appareil, dispositif et système de surveillance de données

Publications (1)

Publication Number Publication Date
WO2023039871A1 true WO2023039871A1 (fr) 2023-03-23

Family

ID=85602350

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/119269 WO2023039871A1 (fr) 2021-09-18 2021-09-18 Procédé, appareil, dispositif et système de surveillance de données

Country Status (1)

Country Link
WO (1) WO2023039871A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025485A (zh) * 2009-09-14 2011-04-20 中兴通讯股份有限公司 密钥协商的方法、密钥管理服务器及终端
CN102026174A (zh) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 一种寻呼过程中用户标识的保密方法及装置
CN102843675A (zh) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 一种集群呼叫语音加密的方法、终端和***
CN103987037A (zh) * 2014-05-28 2014-08-13 大唐移动通信设备有限公司 一种保密通信实现方法及装置
CN106982419A (zh) * 2016-01-18 2017-07-25 普天信息技术有限公司 一种宽带集群***单呼端到端加密方法及***
CN107959655A (zh) * 2016-10-14 2018-04-24 北京信威通信技术股份有限公司 一种端到端加密语音通信的主被叫关联方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025485A (zh) * 2009-09-14 2011-04-20 中兴通讯股份有限公司 密钥协商的方法、密钥管理服务器及终端
CN102026174A (zh) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 一种寻呼过程中用户标识的保密方法及装置
CN102843675A (zh) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 一种集群呼叫语音加密的方法、终端和***
CN103987037A (zh) * 2014-05-28 2014-08-13 大唐移动通信设备有限公司 一种保密通信实现方法及装置
CN106982419A (zh) * 2016-01-18 2017-07-25 普天信息技术有限公司 一种宽带集群***单呼端到端加密方法及***
CN107959655A (zh) * 2016-10-14 2018-04-24 北京信威通信技术股份有限公司 一种端到端加密语音通信的主被叫关联方法

Similar Documents

Publication Publication Date Title
US7975140B2 (en) Key negotiation and management for third party access to a secure communication session
US8364772B1 (en) System, device and method for dynamically securing instant messages
US9167422B2 (en) Method for ensuring media stream security in IP multimedia sub-system
US8495363B2 (en) Securing messages associated with a multicast communication session within a wireless communications system
JP5775210B2 (ja) セキュリティアソシエーションの発見法
EP1717986B1 (fr) Procede de distribution de cles
US8583809B2 (en) Destroying a secure session maintained by a server on behalf of a connection owner
EP2426852B1 (fr) Procédé et système servant à mettre en place une session d'appel de ramification sécurisée dans un sous-système multimédia ip
KR20130140873A (ko) 공개키에 의존하는 키 관리를 위한 보안 연계의 발견
US11637818B2 (en) Securely recording and retrieving encrypted video conferences
CN101420413A (zh) 会话密钥协商方法、网络***、认证服务器及网络设备
CN108833943B (zh) 码流的加密协商方法、装置及会议终端
US20110135093A1 (en) Secure telephone devices, systems and methods
JP2024520245A (ja) VoLTE音声暗号化通信方法、端末及びシステム
US8693686B2 (en) Secure telephone devices, systems and methods
CN111756726A (zh) 一种支持国密算法的sip安全认证方法
US20240031345A1 (en) Securing Videoconferencing Meetings
CN112332986A (zh) 一种基于权限控制的私有加密通信方法及***
WO2011040847A1 (fr) Envoi de données protégées dans un réseau de communications
EP2448172A1 (fr) Procédé et système de retardement de transmission d'une information concernant les supports dans un sous-système multimédia en protocole internet (ip)
WO2023039871A1 (fr) Procédé, appareil, dispositif et système de surveillance de données
US20190281033A1 (en) Communication apparatus, communication method, and program
CN115842643A (zh) 一种数据监听方法、装置、设备以及***
EP3624393B1 (fr) Système et procédé de distribution de clé, dispositif de génération de clé, terminal utilisateur représentatif, dispositif serveur, terminal utilisateur et programme
CN108616494B (zh) 基于多pdn连接的安全通话方法、装置及终端

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21957150

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE