WO2023169187A1

WO2023169187A1 - Conference secret key generation method, terminal and device

Info

Publication number: WO2023169187A1
Application number: PCT/CN2023/077022
Authority: WO
Inventors: 赵高永; 耿峰
Original assignee: 华为技术有限公司
Priority date: 2022-03-09
Filing date: 2023-02-18
Publication date: 2023-09-14
Also published as: CN116782207A

Abstract

The application discloses a conference key generation method, a terminal and a device, which are applied to the technical field of computers. In the method, a user terminal obtains a GAKE of a conference; according to the GAKE, the user terminal negotiates, with user terminals of other conference participating users, a conference secret key for joining the conference; the user terminal sends the conference secret key to the conference terminal, so that the conference terminal encrypts and decrypts data of the conference according to the conference secret key after joining the conference; or, the user terminal encrypts and decrypts the data of the conference according to the conference key. Because the conference terminal obtains the conference secret key by means of the user terminal having a strong binding relationship with the user, the authentication between the conference terminal and the user participating in the conference is enhanced, and the enhanced user authentication can effectively reduce the risk of man-in-the-middle attacks. Or, operations such as encryption and decryption of the conference data are completed by the user terminal, and the risk of man-in-the-middle attacks can also be effectively reduced based on the user terminal having a strong binding.

Description

一种会议秘钥生成方法、终端及设备A conference key generation method, terminal and equipment

技术领域Technical field

本申请涉及计算机技术领域，尤其涉及一种会议秘钥生成方法、终端及设备。The present application relates to the field of computer technology, and in particular, to a conference key generation method, terminal and equipment.

背景技术Background technique

端到端加密(end-to-end encryption，E2EE)允许数据在从源点到终点的传输过程中始终以密文形式存在，采用端到端加密时消息在被传输时到达终点之前不进行解密，因为消息在整个传输过程中均受到保护，所以即使有节点被损坏也不会使消息泄露。端到端安全通信一般应用于面向消费者的在线社交媒体的即时消息通信场景。End-to-end encryption (E2EE) allows data to always exist in ciphertext during transmission from the source to the destination. When using end-to-end encryption, the message is not decrypted before it reaches the destination when being transmitted. , because the message is protected throughout the transmission process, the message will not be leaked even if a node is damaged. End-to-end secure communication is generally used in instant messaging communication scenarios in consumer-oriented online social media.

面向企业的会议服务，通常会采用会议终端进行。会议终端是配合前端模拟摄像机采集图像、音频采集后进行输入输出编解码处理后进行点对点、点对多传输的智能主机、智能中控等设备。企业内部人员使用专用的会议终端加入会议，以接收或发送音视频数据。Conference services for enterprises are usually carried out using conference terminals. The conference terminal is an intelligent host, intelligent central control and other equipment that cooperates with the front-end analog camera to collect images and audio, perform input and output encoding and decoding processing, and then perform point-to-point and point-to-multi transmission. Internal personnel of the enterprise use dedicated conference terminals to join the conference to receive or send audio and video data.

面向企业的会议服务，一般在会议建立起来后，通过群组OOB技术事后检测是否存在中间人攻击(man-in-the-middle，MitM)风险，而这样只能检测设备到设备(station-to-station)的管道MitM风险，无法确定是否有人员冒用会议终端加入了会议。Conference services for enterprises generally use group OOB technology to detect whether there is a man-in-the-middle (MitM) risk after the conference is established. However, this can only detect station-to-device (station-to-device) attacks. Station) pipeline MitM risk, it is impossible to determine whether someone has used the conference terminal to join the conference.

发明内容Contents of the invention

本申请实施例提供一种会议秘钥生成方法、终端及设备，用于实现通过带外数据进行用户与设备之间的安全认证。Embodiments of the present application provide a conference key generation method, terminal and device, which are used to implement security authentication between users and devices through out-of-band data.

第一方面，本申请实施例提供一种会议秘钥生成方法，该方法包括：所述用户终端获取会议的群组认证秘钥协商协议GAKE；所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商加入所述会议的会议秘钥；所述用户终端将所述会议秘钥发送至会议终端，以使所述会议终端在加入所述会议后根据所述会议秘钥对所述会议的数据进行加密、解密；或者，所述用户终端根据所述会议秘钥对所述会议的数据进行加密、解密。In a first aspect, embodiments of the present application provide a method for generating a conference key. The method includes: the user terminal obtains the group authentication key agreement protocol GAKE of the conference; the user terminal communicates with the conference key according to the GAKE. The user terminals of other participating users negotiate the conference secret key for joining the conference; the user terminal sends the conference secret key to the conference terminal, so that the conference terminal can use the conference secret key after joining the conference. The user terminal encrypts and decrypts the conference data according to the conference secret key.

在上述方法中，用户终端可以是用户的终端设备(如手机、平板电脑等)，会议终端为用户加入会议所使用的终端设备(如语音会议终端或视频会议终端等)。在传统的会议服务中，仅能够对会议终端进行身份验证、检测会议终端到会议终端之间的管道风险，但是用户与会议终端之间的认证较为薄弱，并不能检测用户到会议终端之间的风险。而在本申请上述方法中，可以将用于协商秘钥的GAKE发送至与用户强绑定的用户终端，再由用户终端将根据GAKE确定出的会议秘钥发送至会议终端，由会议终端对会议数据进行加密、解密等操作，从而为参会用户提供会议服务，在该实现方式中，由于会议终端通过用户终端获取会议秘钥，基于参会用户与用户终端之间的强绑定关系，使得会议终端与参会用户之间的认证得到了增强，不仅能够基于会议秘钥保证会议终端到会议终端之间的加密，增强的用户认证有助于降低中间人攻击的风险。或者，也可以由用户终端完成对会议数据加密、解码等操作；该实现方式也能够基于会议秘钥保证会议终端到会议终端之间的加密，并基于强绑定的用户终端有效降低了中间人攻击的风险。In the above method, the user terminal can be the user's terminal device (such as a mobile phone, a tablet computer, etc.), and the conference terminal is a terminal device used by the user to join the conference (such as a voice conference terminal or a video conference terminal, etc.). In traditional conference services, it is only possible to authenticate conference terminals and detect pipeline risks from conference terminals to conference terminals. However, the authentication between users and conference terminals is relatively weak and cannot detect risks from users to conference terminals. risk. In the above method of this application, the GAKE used to negotiate the secret key can be sent to the user terminal that is strongly bound to the user, and then the user terminal sends the conference secret key determined based on GAKE to the conference terminal, and the conference terminal The conference data is encrypted and decrypted to provide conference services to participating users. In this implementation, since the conference terminal obtains the conference secret key through the user terminal, based on the strong binding relationship between the participating users and the user terminal, The authentication between the conference terminal and the participating users has been enhanced. Not only can the encryption between the conference terminal and the conference terminal be guaranteed based on the conference key, the enhanced user authentication can help reduce the risk of man-in-the-middle attacks. Alternatively, the user terminal can also complete operations such as encryption and decoding of conference data; this implementation can also ensure encryption from conference terminal to conference terminal based on the conference key, and effectively reduces man-in-the-middle attacks based on strong binding of user terminals risks of.

在一种可能的实现方式中，所述用户终端将所述会议秘钥发送至会议终端，包括：所述用户终端生成所述用户终端的公钥和私钥；所述用户终端将所述用户终端的公钥发送给所述会议终端，并获取所述会议终端的公钥；所述用户终端根据所述用户终端的私钥和所述会议终端的公钥，对所述会议秘钥进行加密；所述用户终端将加密后的会议秘钥发送给所述会议终端，以使所述会议终端根据所述用户终端的公钥和所述会议终端的私钥进行解密获取所述会议秘钥。在上述实现方式中，用户终端和会议终端分别生成各自的公钥和私钥，并交互各自的公钥，以使在后续通信过程中，用户终端和会议终端根据自身的私钥和对端的公钥对发送或接收到的数据进行加密或解密，从而保证信息交互的安全性。由于用户终端与用户之间存在强绑定关系，而用户终端与会议终端之间又进行了安全加密，从而实现了用户到会议终端之间的安全性，降低了中间人攻击的风险。In a possible implementation manner, the user terminal sending the conference secret key to the conference terminal includes: the user terminal generates the public key and private key of the user terminal; the user terminal sends the user terminal The terminal’s public key is sent to the conference terminal, and obtains the public key of the conference terminal; the user terminal encrypts the conference secret key according to the private key of the user terminal and the public key of the conference terminal; the user terminal encrypts the The conference secret key is sent to the conference terminal, so that the conference terminal decrypts and obtains the conference secret key according to the public key of the user terminal and the private key of the conference terminal. In the above implementation, the user terminal and the conference terminal generate their own public keys and private keys respectively, and exchange their respective public keys, so that in the subsequent communication process, the user terminal and the conference terminal use their own private keys and the public keys of the other end. The key encrypts or decrypts the data sent or received, thereby ensuring the security of information interaction. Since there is a strong binding relationship between the user terminal and the user, and the user terminal and the conference terminal are securely encrypted, the security between the user and the conference terminal is achieved and the risk of man-in-the-middle attacks is reduced.

在一种可能的实现方式中，所述用户终端根据所述会议秘钥对所述会议的数据进行加密、解密，包括：所述用户终端根据所述会议秘钥，对从所述会议终端获取到的远端数据进行解密，所述远端数据为来自远端的所述会议的数据；所述用户终端将解密后的数据发送至所述会议终端；和/或，所述用户终端根据所述会议秘钥对从所述会议终端获取到的本地数据进行加密，所述本地数据为所述会议终端从本地收集的所述会议的数据；所述用户终端将加密后的数据发送给所述会议终端。在该实现方式中，会议终端不需要获取会议秘钥并对会议数据进行加密、解密，而是由与用户存在强绑定关系的用户终端对会议数据进行加密、解密，从而保障会议数据的安全性。In a possible implementation manner, the user terminal encrypts and decrypts the data of the conference according to the conference secret key, including: the user terminal obtains data from the conference terminal according to the conference secret key. The received remote data is decrypted, and the remote data is the data of the conference from the remote end; the user terminal sends the decrypted data to the conference terminal; and/or the user terminal sends the decrypted data to the conference terminal according to the The conference secret key encrypts local data obtained from the conference terminal, and the local data is the conference data collected locally by the conference terminal; the user terminal sends the encrypted data to the Conference terminal. In this implementation, the conference terminal does not need to obtain the conference secret key and encrypt and decrypt the conference data. Instead, the user terminal with a strong binding relationship with the user encrypts and decrypts the conference data, thereby ensuring the security of the conference data. sex.

在一种可能的实现方式中，所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥，包括：所述用户终端根据所述GAKE，确定基于信号Signal协议与所述会议的其他参会用户协商会议秘钥；或者，所述用户终端根据所述GAKE，确定基于消息层安全MLS协议与所述会议的其他参会用户协商会议秘钥。在本申请实施例中，用户终端可以基于Signal协议或MLS协议与其他用户终端协商会议秘钥。基于Signal协议协商会议秘钥有助于降低初始化成本，基于MLS协议协商会议秘钥有助于降低后续更新会议秘钥的成本。In a possible implementation manner, the user terminal negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, including: the user terminal determines based on the signal Signal based on the GAKE The protocol negotiates a conference secret key with other participating users of the conference; or, the user terminal determines, based on the GAKE, to negotiate a conference secret key with other participating users of the conference based on the message layer security MLS protocol. In this embodiment of the present application, the user terminal can negotiate the conference key with other user terminals based on the Signal protocol or the MLS protocol. Negotiating the conference key based on the Signal protocol helps reduce initialization costs, and negotiating the conference key based on the MLS protocol helps reduce the cost of subsequent update of the conference key.

在一种可能的实现方式中，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述次级群组中包括一个次级群主节点，所述用户终端为所述群组的主群主节点；所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥，包括：所述用户终端将生成的会议秘钥，基于信号Signal协议或消息层安全MLS协议发送给次级群组的所述次级群主节点。其中，上述用户终端可以与会议的所有其他与会方组成一个群组，或者，也可以与部分与会方组成一个群组。在群组中构建次级群组，次级群组中分发会议秘钥的过程可以是同时进行的，因此有助于降低会议秘钥更新的时间，尤其是在大型会议中，降低会议秘钥分发时间的效果更为显著。在该实现方式中，上述用户终端作为群组中的主群主节点，将其确定出的会议秘钥基于Signal协议或MLS协议分发给次级群主节点，以使次级群主节点将会议秘钥分发给各自次级群主中的其他节点。In a possible implementation, the user terminal and other participants are included in a group, the group includes at least one secondary group, and the secondary group includes a secondary group owner Node, the user terminal is the main group master node of the group; the user terminal negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, including: the user terminal will The generated conference key is sent to the secondary group master node of the secondary group based on the Signal protocol or the message layer security MLS protocol. The above-mentioned user terminal may form a group with all other participants in the conference, or may also form a group with some participants. Construct a sub-group in the group. The process of distributing conference keys in the sub-group can be carried out at the same time, thus helping to reduce the time for updating the conference key, especially in large conferences. The effect of distribution time is more significant. In this implementation, the above-mentioned user terminal serves as the primary group master node in the group and distributes the conference key determined by it to the secondary group master node based on the Signal protocol or the MLS protocol, so that the secondary group master node can transfer the conference key to the secondary group master node. The secret key is distributed to other nodes in their respective secondary group owners.

在一种可能的实现方式中，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述用户终端为所述次级群组的次级群主节点，所述群组包括主群主节点；所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥，包括：所述用户终端接收所述主群主节点发送的会议秘钥；所述用户终端基于消息层安全MLS协议将所述会议秘钥发送给所述次级群组中的其他节点。在群组中构建次级群组，次级群组中分发会议秘钥的过程可以是同时进行的，因此有助于降低会议秘钥更新的时间，尤其适用于大型会议中。在该实现方式中，上述用户终端可以作为次级群主的次级群主节点，并基于MLS协议将会议秘钥分发给次级群主中的其他节点。在大型会议中，次级群组也可能包含有数量较多的节点，基于MLS协议分发会议秘钥更加有助于降低会议秘钥更新的成本。 In a possible implementation, the user terminal and other participants are included in a group, the group includes at least one secondary group, and the user terminal is a subordinate of the secondary group. Level group master node, the group includes a master group master node; the user terminal negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, including: the user terminal receives the The conference secret key sent by the master node of the primary group; the user terminal sends the conference secret key to other nodes in the secondary group based on the message layer security MLS protocol. Construct a sub-group in the group, and the process of distributing conference keys in the sub-group can be carried out at the same time, thus helping to reduce the time for updating the conference key, especially suitable for large conferences. In this implementation, the above-mentioned user terminal can serve as the secondary group owner node of the secondary group owner, and distribute the meeting secret key to other nodes in the secondary group owner based on the MLS protocol. In large conferences, secondary groups may also contain a larger number of nodes. Distributing conference keys based on the MLS protocol is more helpful in reducing the cost of conference key updates.

在一种可能的实现方式中，所述方法还包括：所述用户终端获取更新后的GAKE，根据更新后的GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥。In a possible implementation manner, the method further includes: the user terminal obtains the updated GAKE, and negotiates the conference secret key with the user terminals of other participating users of the conference based on the updated GAKE.

第二方面，本申请实施例提供一种会议秘钥生成方法，应用于带外认证设备中。所述带外认证设备的数据通道与会议***的数据通道不同。该方法包括：所述带外认证设备接收会议信息，所述会议信息中包括N个参会用户的信息；所述带外认证设备生成所述会议的群组认证秘钥协商协议GAKE；所述带外认证设备将所述GAKE分别发送至每个所述参会用户的用户终端，以使所述N个用户的用户终端根据所述GAKE协商所述会议的会议秘钥。所述带外认证设备的数据通道与所述会议的会议***的数据通道不同。在该方法中，带外认证设备将根据会议信息生成的GAKE发送给每个参会用户的用户终端，由于用户终端与用户之间存在强绑定关系，使得GAKE的安全性得到保障，有助于避免中间人攻击的风险。In the second aspect, embodiments of the present application provide a conference key generation method, which is applied to out-of-band authentication equipment. The data channel of the out-of-band authentication device is different from the data channel of the conference system. The method includes: the out-of-band authentication device receives conference information, and the conference information includes information of N participating users; the out-of-band authentication device generates a group authentication key agreement protocol GAKE for the conference; The out-of-band authentication device sends the GAKE to the user terminal of each user participating in the conference, so that the user terminals of the N users negotiate the conference key of the conference based on the GAKE. The data channel of the out-of-band authentication device is different from the data channel of the conference system of the conference. In this method, the out-of-band authentication device sends the GAKE generated based on the conference information to the user terminal of each participating user. Since there is a strong binding relationship between the user terminal and the user, the security of GAKE is guaranteed and helps To avoid the risk of man-in-the-middle attacks.

在一种可能的实现方式中，所述方法还包括：所述带外认证设备接收所述会议更新后的会议信息，所述更新后的会议信息包括M个参会用户的信息；所述带外认证设备更新所述会议的GAKE；所述带外认证设备将所述更新后的GAKE，分别发送至所述M个参会用户中每个参会用户的用户终端，以使所述M个用户的终端根据更新后的GAKE更新所述会议的会议秘钥。In a possible implementation, the method further includes: the out-of-band authentication device receiving updated conference information of the conference, where the updated conference information includes information of M participating users; The out-of-band authentication device updates the GAKE of the conference; the out-of-band authentication device sends the updated GAKE to the user terminal of each of the M participating users, so that the M The user's terminal updates the conference key of the conference according to the updated GAKE.

在一种可能的实现方式中，所述GAKE包括以下指示信息中的至少一种或任意组合：指示所述参会用户的终端基于信号Signal协议生成会议秘钥的指示信息；指示所述参会用户的终端基于消息层安全MLS协议生成会议秘钥的指示信息；指示所述参会用户构建次级群组的指示信息；指示次级群组内部基于MLS协议生成会议秘钥的指示信息；指示次级群组之间基于Signal协议或MLS协议生成会议秘钥的指示信息。In a possible implementation, the GAKE includes at least one or any combination of the following indication information: indication information instructing the terminal of the participating user to generate a conference key based on the Signal protocol; instructing the participating user Instruction information that the user's terminal generates a conference key based on the message layer security MLS protocol; instruction information that instructs the participating users to construct a secondary group; instruction information that instructs the secondary group to generate a conference key based on the MLS protocol; instruction information Instruction information for generating conference keys between secondary groups based on Signal protocol or MLS protocol.

第三方面，本申请实施例提供一种用户终端，所述终端包括执行上述第一方面以及第一方面的任意一种可能的实现方式的模块/单元；这些模块/单元可以通过硬件实现，也可以通过硬件执行相应的软件实现。In a third aspect, embodiments of the present application provide a user terminal, which includes modules/units that execute the above first aspect and any possible implementation of the first aspect; these modules/units can be implemented by hardware, or A corresponding software implementation can be executed via hardware.

示例性的，该用户终端包括：获取模块，用于获取会议的群组认证秘钥协商协议GAKE；协商模块，用于根据所述GAKE，与所述会议的其他参会用户的用户终端协商加入所述会议的会议秘钥；所述终端还包括发送模块，用于将所述会议秘钥发送至会议终端，以使所述会议终端在加入所述会议后根据所述会议秘钥对所述会议的数据进行加密、解密；或者，所述终端还包括加解密模块，用于根据所述会议秘钥对所述会议的数据进行加密、解密。Exemplarily, the user terminal includes: an acquisition module, used to obtain the group authentication key agreement protocol GAKE of the conference; a negotiation module, used to negotiate with the user terminals of other participating users of the conference to join according to the GAKE The conference secret key of the conference; the terminal also includes a sending module for sending the conference secret key to the conference terminal, so that the conference terminal can send the conference secret key to the conference according to the conference secret key after joining the conference. The conference data is encrypted and decrypted; or the terminal further includes an encryption and decryption module for encrypting and decrypting the conference data according to the conference secret key.

第四方面，本申请实施例提供一种计算机设备，所述计算机设备包括存储器和处理器；所述存储器存储有计算机程序；所述处理器用于调用所述存储器中存储的计算机程序，以执行如第一方面及第一方面任一实现方式所述的方法，或者执行如第二方面及第二方面任一实现方式所述的方法。In a fourth aspect, embodiments of the present application provide a computer device. The computer device includes a memory and a processor; the memory stores a computer program; and the processor is configured to call the computer program stored in the memory to execute the following: The method described in the first aspect and any implementation of the first aspect, or performing the method described in the second aspect and any implementation of the second aspect.

第五方面，本申请实施例提供一种计算机可读存储介质，所述计算机可读存储介质中存储有指令，当所述指令在计算机上运行时，使得所述计算机执行如第一方面及第一方面任一实现方式所述的方法，或者执行如第二方面及第二方面任一实现方式所述的方法。In a fifth aspect, embodiments of the present application provide a computer-readable storage medium. Instructions are stored in the computer-readable storage medium. When the instructions are run on a computer, they cause the computer to execute the steps as described in the first aspect and the third aspect. The method described in any implementation manner in one aspect, or the method described in any implementation manner of the second aspect and the second aspect is performed.

第六方面，本申请实施例提供一种包含指令的计算机程序产品，当其在计算机上运行时，使得如第一方面及第一方面任一实现方式所述的方法被执行，或者使得如第二方面及第二方面任一实现方式所述的方法被执行。In a sixth aspect, embodiments of the present application provide a computer program product containing instructions that, when run on a computer, cause the method described in the first aspect and any implementation manner of the first aspect to be executed, or cause the method as described in any of the first aspect implementations to be executed. The method described in the second aspect and any implementation manner of the second aspect is executed.

上述第二方面至第六方面中任一方面中的任一可能实现方式可以实现的技术效果，请参照上述第一方面中相应实现方案可以达到的技术效果说明，重复之处不予论述。For the technical effects that can be achieved by any of the possible implementation methods in any of the above-mentioned second to sixth aspects, please refer to the description of the technical effects that can be achieved by the corresponding implementation scheme in the above-mentioned first aspect, and repeated points will not be discussed.

附图说明 Description of the drawings

图1为本申请实施例提供的一种生成会议密钥的场景示意图；Figure 1 is a schematic diagram of a scenario for generating a conference key provided by an embodiment of the present application;

图2为本申请实施例提供的基于Signal协议协商会议秘钥的示意图；Figure 2 is a schematic diagram of negotiating a conference key based on the Signal protocol provided by the embodiment of the present application;

图3为本申请实施例提供的基于MLS协议建立的棘轮树结构；Figure 3 is a ratchet tree structure established based on the MLS protocol provided by the embodiment of the present application;

图4为本申请实施例提供的会议秘钥生成方法的适用场景示意图；Figure 4 is a schematic diagram of applicable scenarios of the conference key generation method provided by the embodiment of the present application;

图5为本申请实施例提供的应用于用户终端的会议秘钥生成方法的流程示意图；Figure 5 is a schematic flowchart of a conference key generation method applied to a user terminal provided by an embodiment of the present application;

图6为本申请实施例提供的一种用户终端与会议终端交互会议秘钥的流程示意图；Figure 6 is a schematic flow chart of a user terminal and a conference terminal interacting with a conference key provided by an embodiment of the present application;

图7a为本申请实施例提供的一种会议流程示意图；Figure 7a is a schematic diagram of a conference process provided by an embodiment of the present application;

图7b为本申请实施例提供的另一种会议流程示意图；Figure 7b is a schematic diagram of another meeting process provided by the embodiment of the present application;

图8为本申请实施例提供的一种会议秘钥更新流程示意图；Figure 8 is a schematic diagram of a conference key update process provided by an embodiment of the present application;

图9为本申请实施例提供的一种用户终端的结构示意图；Figure 9 is a schematic structural diagram of a user terminal provided by an embodiment of the present application;

图10为本申请实施例提供的一种计算机设备的结构示意图。Figure 10 is a schematic structural diagram of a computer device provided by an embodiment of the present application.

具体实施方式Detailed ways

为保证通信中各个终端(每个终端可以作为一个节点)之间传递消息的安全性，对通信数据进行加密为目前较为常见的处理方法。面向企业提供的会议服务，通常为群组通信，群组通信中的所有节点可以使用一个约定好的密钥对发送的消息进行加密，或者对接收到的消息进行解密，从而实现加密通信。一般来说，会议召开过程中用于对通信消息进行加密的秘钥可以称为会议密钥。参会的各个节点可以按角色分为群主节点和成员节点。群主节点负责生成会议密钥，并将会议密钥下发给成员节点。为保证安全地下发会议密钥，群主节点可以分别与每个成员节点协商信道密钥，确定群主节点与每个成员节点之间的信道密钥。然后，群主节点可以使用与各个成员节点之间的信道密钥对会议密钥进行加密，再将加密后的会议密钥发送给对应的成员节点，从而在群组中安全的分发会议密钥。也就是说，在所有节点进行加密通信之前，群主节点需要与各个成员节点协商信道密钥以及基于该信道密钥分发会议密钥。In order to ensure the security of messages transmitted between various terminals in communication (each terminal can be used as a node), encrypting communication data is currently a common processing method. Conference services provided to enterprises are usually group communications. All nodes in group communications can use an agreed key to encrypt sent messages or decrypt received messages to achieve encrypted communications. Generally speaking, the secret key used to encrypt communication messages during the conference can be called the conference key. Each node participating in the conference can be divided into group master nodes and member nodes according to their roles. The group master node is responsible for generating the conference key and delivering the conference key to the member nodes. In order to ensure safe distribution of conference keys, the group master node can negotiate the channel key with each member node separately to determine the channel key between the group master node and each member node. Then, the group master node can use the channel key with each member node to encrypt the conference key, and then send the encrypted conference key to the corresponding member node, thereby safely distributing the conference key in the group . That is to say, before all nodes carry out encrypted communication, the group master node needs to negotiate the channel key with each member node and distribute the conference key based on the channel key.

例如，图1为本申请实施例提供的一种生成会议密钥的场景示意图。参考图1，该场景包括服务器10以及多个终端设备，图1中以终端设备11、终端设备12、终端设备13以及终端设备14为例示出。当然，图1所示场景中可以具有更多的终端设备，如当图1所示场景为大型组织会议时，终端设备的数量可能超过1000个。For example, FIG. 1 is a schematic diagram of a scenario for generating a conference key according to an embodiment of the present application. Referring to FIG. 1 , this scenario includes a server 10 and multiple terminal devices. In FIG. 1 , terminal device 11 , terminal device 12 , terminal device 13 and terminal device 14 are shown as an example. Of course, the scenario shown in Figure 1 may have more terminal devices. For example, when the scenario shown in Figure 1 is a large-scale organizational meeting, the number of terminal devices may exceed 1,000.

实施中，群主节点与各个成员节点协商信道密钥时，可以根据E2EE密钥协商协议或者群组密钥协商协议进行信道密钥协商。下面对常见的两种信道密钥协商协议进行介绍。In implementation, when the group master node negotiates the channel key with each member node, the channel key negotiation can be performed according to the E2EE key agreement protocol or the group key agreement protocol. Two common channel key agreement protocols are introduced below.

1、E2EE密钥协商协议中的信号(Signal)协议。1. Signal protocol in the E2EE key agreement protocol.

Signal协议为一种E2EE密钥协商协议。实施中，需要进行通信的多个节点可以基于Signal协议进行信道密钥协商。参考图2，群主节点可以与每个成员节点分别进行一次密钥协商，确定群主节点与每个成员节点之间的信道密钥，群主节点与每个成员节点之间均有一对信道密钥。例如，图2中以群组内包括1个群主节点(群主节点A)和3个成员节点(成员节点B、成员节点C以及成员节点D)为例示出。群主节点A与成员节点B进行密钥协商后得到的群主节点A与成员节点B之间的信道密钥为EK_AB，群主节点A与成员节点C进行密钥协商后得到的群主节点A与成员节点C之间的信道密钥为EK_AC，群主节点A与成员节点D进行密钥协商后得到的群主节点A与成员节点D之间的信道密钥为EK_AD。Signal protocol is an E2EE key agreement protocol. In implementation, multiple nodes that need to communicate can negotiate channel keys based on the Signal protocol. Referring to Figure 2, the group master node can conduct a key negotiation with each member node to determine the channel key between the group master node and each member node. There is a pair of channels between the group master node and each member node. key. For example, FIG. 2 shows that the group includes one group master node (group master node A) and three member nodes (member node B, member node C, and member node D). The channel key between group master node A and member node B obtained after key negotiation between group master node A and member node B is EK _AB , and the channel key between group master node A and member node B obtained after key negotiation between group master node A and member node C The channel key between node A and member node C is EK _AC , and the channel key between group master node A and member node D obtained after key negotiation between group master node A and member node D is EK _AD .

具体实施中，每个节点可以独立生成自己的密钥库，其中每个节点的密钥库中包括公钥和私钥，每个节点将公钥上传到服务器10。群主节点在与每个成员节点进行密钥协商时，从服务器10获取每个成员节点的公钥，并根据自身的密钥库和每个成员节点的公钥生成与每个成员节点对应的信道密钥。In specific implementation, each node can independently generate its own keystore, where the keystore of each node includes a public key and a private key, and each node uploads the public key to the server 10 . When the group master node performs key negotiation with each member node, it starts from The server 10 obtains the public key of each member node, and generates a channel key corresponding to each member node based on its own key database and the public key of each member node.

群主节点在生成与每个成员节点之间的信道密钥之后，可以认为和每个成员节点之间建立安全信任关系，此时，群主节点可以将用于安全通信的会议密钥分发给每个成员节点。After the group master node generates the channel key with each member node, it can be considered to have established a secure trust relationship with each member node. At this time, the group master node can distribute the conference key used for secure communication to each member node.

一种可选的实施方式中，群主节点随机生成会议密钥，会议密钥用于所有节点进行加密的群组通信。为实现会议密钥的安全分发，群主节点通过与每个成员节点之间的信道密钥对会议密钥进行加密，再将加密后的会议密钥发送给每个成员节点。In an optional implementation, the group master node randomly generates a conference key, and the conference key is used by all nodes for encrypted group communication. In order to achieve safe distribution of conference keys, the group master node encrypts the conference key through the channel key with each member node, and then sends the encrypted conference key to each member node.

在完成会议密钥的分发后，所有节点可以进行加密的群组通信。具体的，发送消息的节点可以使用会议密钥对消息进行加密，再发送加密后的消息，接收消息的节点使用会议密钥对接收到的消息进行解密，以获取到传输的消息。After the distribution of the conference key is completed, all nodes can conduct encrypted group communication. Specifically, the node that sends the message can use the conference key to encrypt the message, and then sends the encrypted message. The node that receives the message uses the conference key to decrypt the received message to obtain the transmitted message.

通过上述介绍可知，群主节点与各个成员节点在基于Signal协议进行信道密钥协商后，在分发会议密钥阶段中，群主节点可以使用与每个成员节点之间的信道密钥加密会议密钥，能够保证安全下发会议密钥，但当群组中节点增加或节点退出时，群主节点需要重新确定会议密钥，并将会议密钥重新分别下发给当前群组中的每一个成员节点。也就是说，基于Signal协议协商信道密钥时，可以快速建立群主节点与成员节点之间的信道密钥，但更新会议密钥时开销较大。From the above introduction, it can be seen that after the group master node and each member node perform channel key negotiation based on the Signal protocol, during the conference key distribution phase, the group master node can use the channel key with each member node to encrypt the conference key. key, which can ensure safe distribution of conference keys. However, when nodes in the group are added or nodes exit, the group master node needs to re-determine the conference key and re-issue the conference key to each member of the current group. member node. In other words, when negotiating the channel key based on the Signal protocol, the channel key between the group master node and the member nodes can be quickly established, but the overhead of updating the conference key is high.

2、群组密钥协商协议中的消息层安全(Message Laver Security，MLS)协议。2. Message Laver Security (MLS) protocol in the group key agreement protocol.

MLS协议为一种建立棘轮树结构的群组密钥协商协议，如图3示出的基于MLS协议建立的棘轮树结构。其中，最底层的节点为叶子节点，所有叶子节点对应于群组中需要进行通信的节点，非叶节点用于辅助构成棘轮树，并不对应实际需要通信的节点。The MLS protocol is a group key agreement protocol that establishes a ratchet tree structure. The ratchet tree structure established based on the MLS protocol is shown in Figure 3 . Among them, the nodes at the bottom are leaf nodes, and all leaf nodes correspond to the nodes in the group that need to communicate. The non-leaf nodes are used to assist in forming the ratchet tree and do not correspond to the nodes that actually need to communicate.

如图3所示，棘轮树为所有节点构成的优先左满的二叉平衡树，其中，群主节点可以为所有节点中的任一个节点，群主节点用于辅助所有节点建立棘轮树结构。以图3所示的棘轮树结构为例，假设四个需要进行通信的节点A、B、C、D，其中，节点A和节点B对应非叶节点E，节点C和节点D对应非叶节点F，节点A、B、C、D分别拥有自己的辅助信息，该辅助信息包括公私钥对。如图3中，节点A的辅助信息包括节点A的公钥PK_A和私钥SK_A，节点B的辅助信息包括节点B的公钥PK_B和私钥SK_B，节点C的辅助信息包括节点C的公钥PK_C和私钥SK_C，节点D的辅助信息包括节点D的公钥PK_D和私钥SK_D。同时，节点E的辅助信息是根据节点A和节点B的辅助信息派生得到的，节点E的辅助信息包括节点E的公钥PK_AB和私钥SK_AB。节点F的辅助信息是根据节点C和节点D的辅助信息派生得到的，节点F的辅助信息包括节点F的公钥PK_CD和私钥SK_CD。节点G的辅助信息是根据节点E和节点F的辅助信息派生得到的,节点G的辅助信息包括节点G的公钥PK_ABCD和私钥SK_ABCD。As shown in Figure 3, the ratchet tree is a left-first binary balanced tree composed of all nodes. The group master node can be any node among all nodes, and the group master node is used to assist all nodes in establishing the ratchet tree structure. Taking the ratchet tree structure shown in Figure 3 as an example, assume four nodes A, B, C, and D that need to communicate. Among them, node A and node B correspond to non-leaf node E, and node C and node D correspond to non-leaf nodes. F, nodes A, B, C, and D each have their own auxiliary information, which includes public and private key pairs. As shown in Figure 3, the auxiliary information of node A includes the public key PK _A and the private key SK _A of the node A, the auxiliary information of the node B includes the public key PK _B and the private key SK _B of the node B, and the auxiliary information of the node C includes the node C's public key PK _C and private key SK _C , and node D's auxiliary information includes node D's public key PK _D and private key SK _D . At the same time, the auxiliary information of node E is derived based on the auxiliary information of node A and node B. The auxiliary information of node E includes the public key PK _AB and private key SK _AB of node E. The auxiliary information of node F is derived based on the auxiliary information of node C and node D. The auxiliary information of node F includes the public key PK _CD and private key SK _CD of node F. The auxiliary information of node G is derived based on the auxiliary information of node E and node F. The auxiliary information of node G includes the public key PK _ABCD and private key SK _ABCD of node G.

每个节点存储该节点的所有祖先节点的辅助信息，并保存祖先节点的邻居节点的辅助信息中的公钥。举例来说，节点A存储节点E和节点G的辅助信息，并存储节点F的公钥。Each node stores the auxiliary information of all ancestor nodes of the node and saves the public key in the auxiliary information of the ancestor node's neighbor nodes. For example, node A stores the auxiliary information of nodes E and node G, and stores the public key of node F.

在建立起棘轮树结构后，可以认为所有节点之间建立起安全信任关系，此时，群主节点可以通过棘轮树结构安全分发会议密钥。例如，假设节点A为群主节点，则节点A可以使用节点E的公钥加密会议密钥生成加密数据1，并发送该加密数据1，由于节点B存储节点E的辅助信息，则节点B可以使用节点E的私钥解密加密数据1以获取会议密钥。同样的，节点A还可以使用节点G的公钥加密会议密钥生成加密数据2，并发送该加密数据2，同样节点C和节点D可以对加密数据2进行解密以获取会议密钥，进而完成会议密钥的分发。可见，非叶节点的辅助信息用于加密会议密钥，则非叶节点的辅助信息也可以认为是群主节点与各个节点之间的信道密钥。 After the ratchet tree structure is established, it can be considered that a secure trust relationship is established between all nodes. At this time, the group master node can safely distribute the conference key through the ratchet tree structure. For example, assuming that node A is the group master node, node A can use the public key of node E to encrypt the conference key to generate encrypted data 1 and send the encrypted data 1. Since node B stores the auxiliary information of node E, node B can Decrypt the encrypted data 1 using node E's private key to obtain the conference key. Similarly, node A can also use the public key of node G to encrypt the conference key to generate encrypted data 2, and send the encrypted data 2. Similarly, node C and node D can decrypt the encrypted data 2 to obtain the conference key, and then complete the Distribution of conference keys. It can be seen that the auxiliary information of non-leaf nodes is used to encrypt the conference key, and the auxiliary information of non-leaf nodes can also be considered as the channel key between the group master node and each node.

通过上述介绍可知，在基于MLS协议协商信道密钥时，假设需要进行通信的节点数量为n，则在建立棘轮树结构的过程中需要额外产生n-1组公私钥对，此阶段内节点之间的通信量约为O(n*log₂n)～O(n²)。也就是说，基于MLS协议协商信道密钥时，通信量与群组大小有密切的关系。另一方面，基于MLS协议协商信道密钥时，当群组内节点发生变化，如节点增加、退出等，需要重新对各个节点的辅助信息进行更新时，可以基于棘轮树结构进行快速更新。举例来说，当图3中的节点C退出群组时，需要根据节点D重新派生节点F的辅助信息，再根据节点F和节点E的辅助信息派生节点G的辅助信息。最后，对节点A、B、D存储的祖先节点的辅助信息，以及祖先节点的邻居节点的公钥进行更新，即可完成信道密钥更新。也就是说，基于MLS协议协商信道密钥，可以实现非全量的信道密钥更新，以减少信道密钥更新过程的开销。From the above introduction, it can be seen that when negotiating the channel key based on the MLS protocol, assuming that the number of nodes that need to communicate is n, then n-1 additional sets of public and private key pairs need to be generated in the process of establishing the ratchet tree structure. The communication volume between them is about O(n*log ₂ n)~O(n ² ). In other words, when negotiating channel keys based on the MLS protocol, the communication volume is closely related to the group size. On the other hand, when negotiating the channel key based on the MLS protocol, when the nodes in the group change, such as adding nodes, exiting, etc., and the auxiliary information of each node needs to be updated again, it can be quickly updated based on the ratchet tree structure. For example, when node C in Figure 3 exits the group, the auxiliary information of node F needs to be re-derived based on node D, and then the auxiliary information of node G needs to be derived based on the auxiliary information of node F and node E. Finally, the channel key update can be completed by updating the auxiliary information of the ancestor nodes stored in nodes A, B, and D, and the public keys of the neighbor nodes of the ancestor nodes. In other words, by negotiating the channel key based on the MLS protocol, non-full channel key updates can be implemented to reduce the cost of the channel key update process.

与Signal协议相比，基于MLS协议协商信道秘钥时开销较大，但信道秘钥更新时效率更高。Compared with the Signal protocol, the overhead of negotiating the channel key based on the MLS protocol is higher, but the channel key update is more efficient.

此外，上述两种协商会议秘钥的方法，仅能够保障设备到设备之间的安全性，无法解决中间人攻击的风险。例如，企业内部分员工使用会议终端设备召开会议，但会议设备的使用人是否为允许参会的人员，则无法通过技术手段进行识别。尤其是在大型会议中，甚至很难通过人工进行鉴别。In addition, the above two methods of negotiating conference keys can only ensure device-to-device security and cannot solve the risk of man-in-the-middle attacks. For example, some employees within the enterprise use conference terminal equipment to hold meetings, but whether the user of the conference equipment is a person allowed to participate in the meeting cannot be identified through technical means. Especially in large conferences, it can even be difficult to identify manually.

有鉴于此，本申请实施例提供一种会议秘钥的生成方法，用于实现通过带外数据进行用户与设备之间的安全认证。In view of this, embodiments of the present application provide a method for generating a conference key to implement security authentication between the user and the device through out-of-band data.

上述会议秘钥生成方法可以应用于如图4所示的会议场景中。如图4所示，会议场景包括会议管理***，多点控制单元(multipoint control unit，MCU)，带外认证设备，若干用于接入会议的会议终端(如视频会议终端、语音会议终端等)，用户的用户终端(如手机、电脑、平板电脑等)。The above conference key generation method can be applied to the conference scenario shown in Figure 4. As shown in Figure 4, the conference scenario includes a conference management system, a multipoint control unit (MCU), out-of-band authentication equipment, and several conference terminals used to access the conference (such as video conference terminals, voice conference terminals, etc.) , the user's user terminal (such as mobile phone, computer, tablet computer, etc.).

其中，会议管理***，可以用于创建会议、确定参会用户以及相应的用户终端、确定会议创建时间、确定每个用户终端在会议中的编号、更新参会用户、对会议进行管理等。Among them, the conference management system can be used to create a conference, determine the participating users and corresponding user terminals, determine the conference creation time, determine the number of each user terminal in the conference, update participating users, manage the conference, etc.

MCU，可以用于对会议数据进行转发。例如，会议终端将从本地采集到的会议数据发送给MCU，MCU将会议数据发送给其他会议终端；会议终端也可以MCU获取其他会议终端采集的会议数据。会议管理***和MCU可以分开部署，也可以部署在同一物理设备中。MCU can be used to forward conference data. For example, the conference terminal sends the conference data collected locally to the MCU, and the MCU sends the conference data to other conference terminals; the conference terminal can also obtain the conference data collected by other conference terminals from the MCU. The conference management system and MCU can be deployed separately or in the same physical device.

带外认证设备，可以根据会议管理***下发的会议信息，生成群组认证秘钥协商协议(group authenticated key exchange，GAKE)，并将GAKE发送给用户终端。带外认证设备通过带外管理方式实现，其数据通道与会议***的数据通道不同，因此，不会占用会议***的资源，不会影响会议的质量。The out-of-band authentication device can generate a group authentication key exchange protocol (GAKE) based on the conference information issued by the conference management system, and send GAKE to the user terminal. The out-of-band authentication device is implemented through out-of-band management, and its data channel is different from that of the conference system. Therefore, it will not occupy the resources of the conference system and will not affect the quality of the conference.

图4以会议包含3个参会用户为例，每个用户可以使用用户终端与会议终端加入会议。其中，P1表示用户Alice的用户终端，T1表示用户Alice加入会议所使用的会议终端；P2表示用户Bob的用户终端，T2表示用户Bob加入会议所使用的会议终端；P3表示用户Carol的用户终端，T3表示用户Carol加入会议所使用的会议终端。Figure 4 takes the conference as containing three participating users as an example. Each user can use a user terminal and a conference terminal to join the conference. Among them, P1 represents the user terminal of user Alice, T1 represents the conference terminal used by user Alice to join the conference; P2 represents the user terminal of user Bob, T2 represents the conference terminal used by user Bob to join the conference; P3 represents the user terminal of user Carol, T3 indicates the conference terminal used by user Carol to join the conference.

参见图5，为本申请实施例提供的应用于用户终端的会议秘钥生成方法的流程示意图，如图所示，该方法可以包括以下步骤：Refer to Figure 5, which is a schematic flow chart of a conference key generation method applied to a user terminal provided by an embodiment of the present application. As shown in the figure, the method may include the following steps:

步骤501、用户终端获取会议的GAKE。Step 501: The user terminal obtains the GAKE of the conference.

例如，用户终端可以从图4所示的带外认证设备获取用于协商会议秘钥的GAKE。For example, the user terminal can obtain the GAKE used to negotiate the conference key from the out-of-band authentication device shown in FIG. 4 .

在传统会议秘钥生成的过程中，由于没有用户终端的介入，仅由会议终端生成会议秘钥，而企业内部人员(不论是否为会议的参会用户)通过能够轻易使用的企业的会议终端，这就使得非参会用户也能够通过会议终端轻松接入会议。In the process of traditional conference key generation, since there is no intervention of user terminals, only the conference key is generated by the conference terminal, and internal personnel of the enterprise (whether they are participants in the conference or not) use the enterprise's conference terminal that can be easily used. That's it This enables non-participating users to easily access the conference through the conference terminal.

而在本申请方案中，用户终端是与用户存在强绑定关系的终端，如手机、平板电脑等。带外认证设备将GAKE发送给用户终端，使得GAKE仅被发送至会议参会用户的用户终端，由于用户终端与用户之间存在强绑定关系，即会议秘钥不容易被泄露至非参会用户，进而使得根据GAKE生成的会议秘钥更加安全、可靠。即使非参会用户使用了企业的会议终端，但由于会议终端无法获取到GAKE从而无法获取到会议秘钥，也无法接入会议。因此，与传统方案相比，本申请方案在设备到设备加密的基础上，还实现了用户到设备的认证，降低了中间人攻击的风险。In this application solution, the user terminal is a terminal that has a strong binding relationship with the user, such as a mobile phone, a tablet computer, etc. The out-of-band authentication device sends GAKE to the user terminal, so that GAKE is only sent to the user terminal of the conference participant. Since there is a strong binding relationship between the user terminal and the user, the conference secret key is not easily leaked to non-participants. users, thus making the conference key generated based on GAKE more secure and reliable. Even if non-participating users use the enterprise's conference terminal, the conference terminal cannot obtain GAKE and therefore cannot obtain the conference key and cannot access the conference. Therefore, compared with traditional solutions, the solution of this application also realizes user-to-device authentication on the basis of device-to-device encryption, reducing the risk of man-in-the-middle attacks.

用户终端获取GAKE的方式有多种，例如，带外认证设备可以通过短信的方式将GAKE发送给用户终端，或者，也可以预先在用户终端中安装会议的应用程序(application，APP)，带外认证设备通过会议APP将GAKE发送给用户终端，或者，用户也可以通过其他方式获取GAKE，本申请实施例对此不做限制。There are many ways for the user terminal to obtain GAKE. For example, the out-of-band authentication device can send GAKE to the user terminal through SMS, or the conference application (APP, APP) can be installed in the user terminal in advance. The authentication device sends GAKE to the user terminal through the conference APP, or the user can also obtain GAKE through other methods. This application embodiment does not limit this.

步骤502、用户终端根据GAKE，与会议的其他参会用户的用户终端协商加入会议的会议秘钥。Step 502: The user terminal negotiates the conference key for joining the conference with the user terminals of other participating users in the conference according to GAKE.

例如，若用户终端根据GAKE的指示确定基于Signal协议生成会议秘钥，那么用户终端可以根据图2所示的方式进行会议秘钥的协商；若用户终端根据GAKE的指示确定基于MLS协议生成会议秘钥，那么用户终端可以根据图3所示的方式进行会议秘钥的协商。这两种方式中，用户终端可以是群主节点，也可以是成员节点。For example, if the user terminal determines to generate the conference key based on the Signal protocol according to the instructions of GAKE, then the user terminal can negotiate the conference key according to the method shown in Figure 2; if the user terminal determines to generate the conference secret based on the MLS protocol according to the instructions of GAKE, key, then the user terminal can negotiate the conference key according to the method shown in Figure 3. In these two methods, the user terminal can be the group master node or a member node.

又或者，用户终端也可以根据GAKE的指示进行分组，形成次级群组，用户终端在次级群组内基于MLS协议生成会议秘钥，而次级群组与次级群组之间可以基于Signal协议或MLS协议生成会议秘钥；上述用户终端可以是整个群组的主群主节点，也可以是次级群组的次级群主节点，也可以是次级群组的成员节点。Alternatively, the user terminals can also be grouped according to the instructions of GAKE to form a secondary group. The user terminals in the secondary group generate the conference key based on the MLS protocol, and the secondary groups can communicate with each other based on the MLS protocol. Signal protocol or MLS protocol generates a conference key; the above-mentioned user terminal can be the main group master node of the entire group, the secondary group master node of the secondary group, or the member node of the secondary group.

用户终端协商会议秘钥的过程，是通过带外通道实现的，即，协商会议秘钥不占用会议***的资源，从而避免占用会议***资源而对会议产生影响，导致会议数据延迟等状况。尤其是在会议过程中对会议秘钥的更新过程，是否占用***会议资源对会议数据的影响有显著区别。The process of the user terminal negotiating the conference key is implemented through an out-of-band channel. That is, the conference key negotiation does not occupy the resources of the conference system, thereby avoiding the impact of occupying conference system resources on the conference and causing delays in conference data. Especially in the process of updating the conference key during the conference, whether the system conference resources are occupied has a significant impact on the conference data.

用户终端在协商出会议秘钥之后，可以执行下述步骤503a，或者，也可以执行下述步骤503b，从而为用户提供会议服务。After the user terminal negotiates the conference key, it can perform the following step 503a, or it can also perform the following step 503b, thereby providing the user with conference services.

步骤503a、用户终端将会议秘钥发送至会议终端，以使会议终端在加入会议后根据所述会议秘钥对所述会议的数据进行加密、解密。Step 503a: The user terminal sends the conference secret key to the conference terminal, so that the conference terminal can encrypt and decrypt the conference data according to the conference secret key after joining the conference.

在该实现方式中，参会用户通过会议终端加入会议，通过会议终端获取会议数据，并通过会议终端发送会议数据，用户终端仅用于提供会议秘钥，不需要获取、发送会议数据，也不需要对会议数据进行解密、加密等。在该场景下，用户终端根据用户的操作将会议秘钥发送至用户加入会议所使用的会议终端，以使会议终端根据会议秘钥加入会议，由会议终端获取会议数据，并对会议数据进行解密提供给用户，或者由会议终端对会议数据进行加密并发送加密后的会议数据。In this implementation, participating users join the conference through the conference terminal, obtain conference data through the conference terminal, and send conference data through the conference terminal. The user terminal is only used to provide the conference secret key and does not need to obtain or send conference data. Meeting data needs to be decrypted, encrypted, etc. In this scenario, the user terminal sends the conference secret key to the conference terminal used by the user to join the conference according to the user's operation, so that the conference terminal joins the conference according to the conference secret key, and the conference terminal obtains the conference data and decrypts the conference data. Provide it to the user, or the conference terminal encrypts the conference data and sends the encrypted conference data.

可选的，用户终端和会议终端，可以通过近场通信(near field communication，NFC)、蓝牙、无线局域网(wireless local area network，WLAN)等无线通信方式连接，或者，也可以通过硬件连接，从而使得用户终端将GAKE发送给会议终端。Optionally, user terminals and conference terminals can be connected through wireless communication methods such as near field communication (NFC), Bluetooth, wireless local area network (WLAN), etc., or they can also be connected through hardware, thus Cause the user terminal to send GAKE to the conference terminal.

步骤503b、用户终端根据所述会议秘钥对所述会议的数据进行加密、解密。Step 503b: The user terminal encrypts and decrypts the conference data according to the conference key.

在该实现方式中，也可以不必由会议终端对会议数据进行加密、解密的操作，而是由用户终端来进行对会议数据的加密、解密。具体的，可以包括以下两种情况：In this implementation, it is not necessary for the conference terminal to encrypt and decrypt the conference data. Instead, the user The user terminal is used to encrypt and decrypt the conference data. Specifically, it can include the following two situations:

情况1、用户终端与会议终端连接，参会用户虽然使用会议终端接入会议，但由用户终端对会议数据进行加密、解密的操作。具体的，会议终端加入会议后，会议终端在获取到远端数据(即来自远端的会议数据)后，将远端数据发送至用户终端，用户终端根据会议秘钥对远端数据进行解密，并将解密后的数据发送至会议终端，会议终端将解密后的数据展示给用户，如播放语音信息、播放视频信息、显示文字信息等；会议终端在获取到本地数据(即会议终端从本地收集到的会议数据，如通过扬声器、摄像头等输入设备获取到的本地数据)后，可以将本地数据发送至用户终端，用户终端根据会议秘钥对本地数据进行加密，并将加密后的数据发送至会议终端，以使会议终端将加密后的数据发送至MCU或参会的其他会议终端。Situation 1: The user terminal is connected to the conference terminal. Although the participating users use the conference terminal to access the conference, the user terminal performs encryption and decryption operations on the conference data. Specifically, after the conference terminal joins the conference, after obtaining the remote data (that is, the conference data from the remote end), the conference terminal sends the remote data to the user terminal, and the user terminal decrypts the remote data according to the conference secret key. And send the decrypted data to the conference terminal, and the conference terminal will display the decrypted data to the user, such as playing voice information, playing video information, displaying text information, etc.; the conference terminal obtains local data (that is, the conference terminal collects it from the local After receiving the conference data (such as local data obtained through input devices such as speakers and cameras), the local data can be sent to the user terminal. The user terminal encrypts the local data according to the conference key and sends the encrypted data to Conference terminal, so that the conference terminal sends encrypted data to the MCU or other conference terminals participating in the conference.

可选的，用户终端和会议终端可以通过NFC、蓝牙、WLAN等无线通信方式连接，或者，也可以通过硬件连接。Optionally, the user terminal and the conference terminal can be connected through wireless communication methods such as NFC, Bluetooth, and WLAN, or they can also be connected through hardware.

情况2、参会用户使用用户终端接入会议，由用户终端从MCU获取加密的会议数据，并根据会议秘钥对加密的会议数据进行解密；由用户终端对待发送的会议数据进行加密，并将加密后的会议数据发送至MCU。例如，可以预先在用户终端中安装会议APP，带外认证设备通过会议APP将GAKE发送给用户终端，用户终端通过会议APP获取会议数据以及发送会议数据。在这种情况下，无需使用硬件的会议终端。Scenario 2: Participants use user terminals to access the conference. The user terminal obtains the encrypted conference data from the MCU and decrypts the encrypted conference data based on the conference secret key. The user terminal encrypts the conference data to be sent and The encrypted conference data is sent to the MCU. For example, the conference APP can be installed in the user terminal in advance, the out-of-band authentication device sends GAKE to the user terminal through the conference APP, and the user terminal obtains and sends conference data through the conference APP. In this case, there is no need to use hardware for the conference terminal.

在传统的会议服务中，仅能够对会议终端进行身份验证、检测会议终端到会议终端之间的管道风险，但是用户与会议终端之间的认证较为薄弱，并不能检测用户到会议终端之间的风险。而在本申请上述方法中，可以将用于协商秘钥的GAKE发送至与用户强绑定的用户终端，再由用户终端将根据GAKE确定出的会议秘钥发送至会议终端，由会议终端对会议数据进行加密、解密等操作，从而为参会用户提供会议服务，在该实现方式中，由于会议终端通过用户终端获取会议秘钥，基于参会用户与用户终端之间的强绑定关系，使得会议终端与参会用户之间的认证得到了增强，不仅能够基于会议秘钥保证会议终端到会议终端之间的加密，增强的用户认证有助于降低中间人攻击的风险。或者，也可以由用户终端完成对会议数据加密、解码等操作；该实现方式也能够基于会议秘钥保证会议终端到会议终端之间的加密，并基于强绑定的用户终端有效降低了中间人攻击的风险。In traditional conference services, it is only possible to authenticate conference terminals and detect pipeline risks from conference terminals to conference terminals. However, the authentication between users and conference terminals is relatively weak and cannot detect risks from users to conference terminals. risk. In the above method of this application, the GAKE used to negotiate the secret key can be sent to the user terminal that is strongly bound to the user, and then the user terminal sends the conference secret key determined based on GAKE to the conference terminal, and the conference terminal The conference data is encrypted and decrypted to provide conference services to participating users. In this implementation, since the conference terminal obtains the conference secret key through the user terminal, based on the strong binding relationship between the participating users and the user terminal, The authentication between the conference terminal and the participating users has been enhanced. Not only can the encryption between the conference terminal and the conference terminal be guaranteed based on the conference key, the enhanced user authentication can help reduce the risk of man-in-the-middle attacks. Alternatively, the user terminal can also complete operations such as encryption and decoding of conference data; this implementation can also ensure encryption from conference terminal to conference terminal based on the conference key, and effectively reduces man-in-the-middle attacks based on strong binding of user terminals risks of.

此前已经分别对Signal协议和MLS协议进行了简单介绍，基于Signal协议协商信道密钥时，可以快速建立群主节点与成员节点之间的信道密钥，即信道秘钥初始化成本较低，但后续更新会议密钥时开销较大；基于MLS协议协商信道密钥，信道秘钥初始化成本较高，但可以实现非全量的信道密钥更新，以减少信道密钥更新过程的开销。在大型会议中，例如1000方以上的群组会议，复杂的初始化过程和复杂的秘钥更新过程都会对会议产生较大影响，如会议创建过程较长导致用户等待会议创建时间过程，或者秘钥更新开销较大导致会议数据延迟，都会严重影响用户体验。The Signal protocol and the MLS protocol have been briefly introduced before. When negotiating the channel key based on the Signal protocol, the channel key between the group master node and the member node can be quickly established. That is, the initialization cost of the channel key is low, but subsequent The cost of updating the conference key is high; the channel key is negotiated based on the MLS protocol, and the channel key initialization cost is high, but non-full channel key updates can be achieved to reduce the cost of the channel key update process. In large conferences, such as group conferences with more than 1,000 parties, complex initialization processes and complex key update processes will have a greater impact on the conference. For example, the long conference creation process causes users to wait for the conference creation time process, or the secret key The large update overhead leads to delays in meeting data, which will seriously affect the user experience.

因此，在大型会议中，采用分组的方式协商信道秘钥有利于缩短初始化、更新过程的耗时。在一种可能的实现方式中，可以由会议管理***构建群组。具体的，会议管理***可以在获取到参会用户的信息之后，对用户构建会议群组；虽然是对用户构建群组，但群组中每个节点的操作由用户的用户终端执行。或者，若允许一个用户使用一个或多个用户终端并基于多个用户终端加入会议，那么会议管理***也可以在获取到参会用户以及参会用户的每个用户终端信息之后，对用户终端构建会议群组，此时，每个用户终端在群组中都是一个独立节点。可选的，当参会用户的数量或者用户终端的数量达到预设阈值时，会议管理***可以对会议群组构建次级群组，以降低秘钥协商的开销。Therefore, in large conferences, negotiating channel keys in groups can help shorten the time-consuming initialization and update processes. In a possible implementation, the group can be constructed by the conference management system. Specifically, the conference management system can construct a conference group for the users after obtaining the information of the participating users; although the group is constructed for the users, the operation of each node in the group is performed by the user's user terminal. Alternatively, if a user is allowed to use one or more user terminals and join a conference based on multiple user terminals, the conference management system can also build a system for the user terminal after obtaining the participating users and each user terminal information of the participating users. Conference group, at this time, each user terminal is an independent node in the group. Optionally, when the number of participating users or the number of user terminals reaches a preset threshold, the conference management system can Construct a secondary group for the conference group to reduce the cost of key negotiation.

会议群组中可以设置有一个群主节点(为了便于区别，也可以称为主群主节点)，那么其他节点可以称为成员节点。会议群组中的主群主节点可以是由会议管理***指定的，也就是说会议管理***还具有指定主群主节点的功能；或者，主群主节点也可以是默认的，例如默认会议群组中编号为1的节点作为主群主节点。每个次级群组中也可以设置有一个次级群主节点。次级群主节点可以是会议管理***指定的；也可以是默认的，例如默认次级群组中编号为1的节点作为次级群主节点。A conference group can be set up with a group master node (for convenience of distinction, it can also be called the main group master node), and other nodes can be called member nodes. The main group master node in the conference group can be designated by the conference management system, which means that the conference management system also has the function of specifying the main group master node; or the main group master node can also be the default, such as the default conference group The node numbered 1 in the group serves as the main group master node. Each secondary group can also have a secondary group master node. The secondary group master node can be specified by the conference management system; it can also be the default one. For example, the node numbered 1 in the default secondary group serves as the secondary group master node.

例如，当存在100个节点时，每个节点的编号分别对应1～100，可以设置默认的主群主节点为节点1；该群组中每10个节点构建一个次级群组，那么次级群组1对应节点1～节点10，次级群组2对应节点11～节点20，次级群组3对应节点21～节点30，…，次级群组10对应节点91～节点100，并默认每个次级群组中的次级群主节点为该次级群组中编号最小的节点，即，次级群组1的次级群主节点为节点1，次级群组2的次级群主节点为节点11，次级群组3的次级群主节点为节点21，…，次级群组10的次级群主节点为节点91。可以看出，节点1既可以作为该会议群组的主群主节点，也可以作为次级群组1中的次级群主节点。For example, when there are 100 nodes, and the number of each node corresponds to 1 to 100, you can set the default primary group master node to node 1; a secondary group is constructed for every 10 nodes in the group, then the secondary group Group 1 corresponds to node 1 ~ node 10, secondary group 2 corresponds to node 11 ~ node 20, secondary group 3 corresponds to node 21 ~ node 30,..., secondary group 10 corresponds to node 91 ~ node 100, and defaults The secondary group master node in each secondary group is the node with the smallest number in the secondary group, that is, the secondary group master node of secondary group 1 is node 1, and the secondary group master node of secondary group 2 is The group master node is node 11, the secondary group master node of secondary group 3 is node 21,..., and the secondary group master node of secondary group 10 is node 91. It can be seen that node 1 can serve as the main group master node of the conference group, or as the secondary group master node in secondary group 1.

当构建次级群组后，主群主节点可以将生成的会议秘钥分发给各次级群主节点，然后由各次级群主节点再将会议秘钥分发给各次级群组中的成员节点。由于各次级群组内部分发会议秘钥的过程可以是同时进行的，即并行处理，因此，有助于减少会议秘钥更新的时间。After the secondary group is established, the primary group master node can distribute the generated conference key to each secondary group master node, and then each secondary group master node distributes the conference secret key to each secondary group. member node. Since the process of distributing conference keys within each sub-group can be carried out at the same time, that is, processed in parallel, it helps to reduce the time for updating the conference keys.

可选的，可以在各次级群组内部可以基于MLS协议协商会议秘钥，而次级群组之间可以基于Signal协议或MLS协议进行会议秘钥的协商，从而进一步减少初始化、更新过程中的总体开销。下面仍以会议群组包括100个节点进行举例说明：Optionally, the conference key can be negotiated based on the MLS protocol within each secondary group, and the conference key can be negotiated between secondary groups based on the Signal protocol or the MLS protocol, thereby further reducing the initialization and update process. of overall expenses. The following is still an example of a conference group including 100 nodes:

-在不构建次级群组的情况下基于Signal协议进行会议秘钥的分发。-Distribute conference keys based on the Signal protocol without building a secondary group.

基于Signal协议进行会议秘钥分发时，首先需要确定每个节点的公、私秘钥对，那么初始化过程中需要确定100个公、私秘钥对，然后，群主节点即可根据自身的私钥以及成员节点的公钥生成与群主节点的信道秘钥，成员节点可以根据自身的私钥以及群主节点的公钥生成信道秘钥。基于Signal协议分发会议秘钥的初始化成本为100。When distributing conference keys based on the Signal protocol, you first need to determine the public and private key pairs of each node. Then 100 public and private key pairs need to be determined during the initialization process. Then, the group master node can determine the public and private key pairs according to its own private key pair. The key and the public key of the member node are used to generate the channel secret key of the group master node. The member node can generate the channel secret key based on its own private key and the public key of the group master node. The initialization cost for distributing conference keys based on the Signal protocol is 100.

在群主节点生成会议秘钥后，群主节点将生成的会议秘钥分别发送给每个成员节点。当群主节点将会议秘钥发送给成员节点N时，可以采用群主节点与成员节点N的信道秘钥对会议秘钥进行加密；成员节点在接收到加密的会议秘钥后，根据信道秘钥进行解密即可获取到会议秘钥。成员节点共99个，群主节点需要将会议秘钥发送给秘钥成员节点，故一次会议秘钥每次分发的成本为99。After the group master node generates the conference secret key, the group master node sends the generated conference secret key to each member node respectively. When the group master node sends the conference secret key to the member node N, the channel secret key between the group master node and the member node N can be used to encrypt the conference secret key; after receiving the encrypted conference secret key, the member node can encrypt the conference secret key according to the channel secret key. Decrypt the key to obtain the conference secret key. There are 99 member nodes in total. The group master node needs to send the conference key to the key member nodes, so the cost of each distribution of the conference key is 99.

那么在不构建次级群组的情况下基于Signal协议进行会议秘钥的分发时，初始化的成本加上一次会议秘钥分发的成本为100+99＝199。Then, when the conference key is distributed based on the Signal protocol without building a secondary group, the initialization cost plus the cost of one conference key distribution is 100+99=199.

-在不构建次级群组的情况下基于MLS协议进行会议秘钥的分发。-Meeting key distribution based on MLS protocol without building secondary groups.

如前所述，基于MLS协议进行会议秘钥分发时，首先需要确定每个节点的公、私秘钥对，即n个公、私秘钥对，并需要额外确定n-1个公、私秘钥对，其中n表示群组中的总节点数量。基于MLS协议分发会议秘钥的初始化成本为100+100-1＝199。As mentioned before, when distributing conference keys based on the MLS protocol, you first need to determine the public and private key pairs of each node, that is, n public and private key pairs, and additionally determine n-1 public and private key pairs. Key pair, where n represents the total number of nodes in the group. The initialization cost of distributing conference keys based on the MLS protocol is 100+100-1=199.

在群主节点生成会议秘钥后，群主节点基于左满的二叉平衡树将会议秘钥分发给每个成员节点，共需要发送2*log₂n-2＝12次，即一次会议秘钥分发的成本为12。After the group master node generates the conference secret key, the group master node distributes the conference secret key to each member node based on the left-full binary balanced tree. It needs to send a total of 2*log ₂ n-2=12 times, that is, a conference secret key. The cost of key distribution is 12.

那么在不构建次级群组的情况下基于MLS协议进行会议秘钥的分发时，初始化的成本加上一次会议秘钥分发的成本为199+12＝211。Then, when the conference key is distributed based on the MLS protocol without building a secondary group, the initialization cost plus the cost of one conference key distribution is 199+12=211.

-构建2个次级群组、次级群组内基于MLS协议进行会议秘钥的分发、次级群组之间基于 Signal协议进行会议秘钥的分发。-Construct two secondary groups, distribute conference keys based on MLS protocol within the secondary groups, and distribute meeting keys between secondary groups based on Signal protocol distributes conference keys.

100个节点构建2个次级群组，那么每个次级群组包含50个节点。2个次级群组基于Signal协议进行会议秘钥的分发时，初始化的成本为2。每个次级群组基于MLS协议进行会议秘钥的分发时，初始化的成本为99。由于两个次级群组的初始化可以同时进行，因此其初始化成本计算一次即可。那么在该方式中，初始化总成本为2+99＝101。100 nodes build 2 secondary groups, then each secondary group contains 50 nodes. When two secondary groups distribute conference keys based on the Signal protocol, the initialization cost is 2. When each secondary group distributes conference keys based on the MLS protocol, the initialization cost is 99. Since the initialization of the two secondary groups can be performed at the same time, the initialization cost can be calculated once. Then in this method, the total initialization cost is 2+99=101.

在主群主节点生成会议秘钥后，基于Signal协议将生成的会议秘钥发送给次级群主节点的成本为1。在每个次级群组中，次级群主节点基于左满的二叉平衡树将会议秘钥分发给每个成员节点的成本为10。那么在该方式中，一次会议秘钥分发的成本为1+10＝11。After the primary group master node generates the conference key, the cost of sending the generated conference key to the secondary group master node based on the Signal protocol is 1. In each secondary group, the cost of the secondary group master node distributing the conference key to each member node based on a left-full binary balanced tree is 10. Then in this method, the cost of distributing a conference key is 1+10=11.

因此在该实现方式中，初始化的成本加上一次会议秘钥分发的成本为101+11＝112。Therefore, in this implementation, the cost of initialization plus the cost of one conference key distribution is 101+11=112.

根据上述对三种方式的对比，可以看出，在节点数量较多时，构建次级节点并在次级群组内部基于MLS协议进行会议秘钥的分发、在次级群组之间基于Signal协议进行会议秘钥的分发的实现方式，在初始化及会议秘钥分发过程中的成本显著低于不构建次级群组的方式。Based on the above comparison of the three methods, it can be seen that when the number of nodes is large, secondary nodes are constructed and conference keys are distributed based on the MLS protocol within the secondary group, and the conference key is distributed between secondary groups based on the Signal protocol. The implementation method of distributing conference keys has significantly lower costs in the initialization and conference key distribution process than the method of not constructing a secondary group.

上述仅以次级群组之间基于Signal协议进行会议秘钥分发的方式进行举例，在次级群组之间也可以基于MLS协议进行会议秘钥分发，本申请实施例不再举例说明。The above is only an example of the method of distributing conference keys between secondary groups based on the Signal protocol. Conference keys can also be distributed between secondary groups based on the MLS protocol. This embodiment of the present application will not give an example.

上述实施例描述了会议创建时如何生成会议秘钥。进一步的，上述会议秘钥生成方法还可以应用于会议过程中对会议秘钥的更新过程中。例如，在会议进行过程中，参会人员发生了变化，有参会人员退出会议，此时可以对会议秘钥进行更新，以避免应该退出会议的人员继续获取到会议数据并进行解密；或者，有新的参会人员加入会议也可以更新会议秘钥，避免新加入的人员能够获取到其加入之前的会议数据进行解密。又例如，会议持续时间过长，而会议秘钥随着使用时间的增加其安全性随之降低，因此，也可以在会议每持续预设时间后便自动更新会议秘钥，以保证会议数据的安全性。The above embodiment describes how to generate a conference key when a conference is created. Furthermore, the above conference key generation method can also be applied to the updating process of the conference key during the conference. For example, during the course of the meeting, the participants change and a participant exits the meeting. At this time, the meeting secret key can be updated to prevent those who should exit the meeting from continuing to obtain and decrypt the meeting data; or, When new participants join the meeting, the meeting key can also be updated to prevent new participants from being able to obtain and decrypt the meeting data before joining. For another example, if the meeting lasts too long, the security of the meeting key will decrease as the usage time increases. Therefore, the meeting key can be automatically updated every time the meeting lasts for a preset time to ensure the security of the meeting data. safety.

具体的，用户终端获取更新后的GAKE，例如，从图4所示的带外认证设备获取更新后的GAKE，从而根据新的GAKE更新会议秘钥，进而对会议数据进行加密、解密。Specifically, the user terminal obtains the updated GAKE, for example, from the out-of-band authentication device shown in Figure 4, updates the conference key according to the new GAKE, and then encrypts and decrypts the conference data.

用户终端在接收到更新后的GAKE后，根据更新后的GAKE，与其他参与用户的用户终端协商新的会议秘钥。类似的，在更新过程中，用户终端也可以基于Signal协议或MLS协议与其他终端协商会议秘钥，或者，用户终端也可以根据更新的GAKE进行新的分组，与组内其他用户终端基于MLS协议协商会议秘钥，组与组之间基于Signal协议或MLS协议协商会议秘钥。更新过程中会议秘钥的分发与创建会议时会议秘钥的分发过程类似，可参照前述实施例中会议秘钥的分发过程，此处不再赘述。After receiving the updated GAKE, the user terminal negotiates a new conference key with the user terminals of other participating users based on the updated GAKE. Similarly, during the update process, the user terminal can also negotiate the conference key with other terminals based on the Signal protocol or the MLS protocol. Alternatively, the user terminal can also form a new group based on the updated GAKE and negotiate with other user terminals in the group based on the MLS protocol. Negotiate the conference key, and negotiate the conference key between groups based on the Signal protocol or MLS protocol. The distribution process of the conference key during the update process is similar to the distribution process of the conference key when creating a conference. Reference can be made to the conference key distribution process in the previous embodiment, which will not be described again here.

在上述步骤503a中，用户终端需要将会议秘钥发送至会议终端，为了保证用户终端与会议终端之间的通信安全，用户终端可以对会议秘钥进行加密，将加密后的会议秘钥发送给会议终端。在一种可能的实现方式中，用户终端与会议终端可以各自配置自身的公、私秘钥对，用户终端将自身的公钥发送给会议终端，会议终端将其公钥发送给用户终端，用于对发送的数据进行加密、解密。在用户终端在向会议终端发送信息时，用户终端根据自身的私钥和会议终端公钥对待发送的信息进行加密并发送；会议终端在接收到用户终端发送的信息后，根据自身的私钥和用户终端的公钥对接收到的信息进行解密，即可获取到正确的信息。在会议终端向用户终端发送信息时，会议终端根据自身的私钥和用户终端公钥对待发送的信息进行加密并发送；用户终端在接收到会议终端发送的信息后，根据自身的私钥和会议终端的公钥对接收到的信息进行解密，即可获取到正确的信息。In the above step 503a, the user terminal needs to send the conference secret key to the conference terminal. In order to ensure the communication security between the user terminal and the conference terminal, the user terminal can encrypt the conference secret key and send the encrypted conference secret key to Conference terminal. In a possible implementation, the user terminal and the conference terminal can each configure their own public and private key pairs. The user terminal sends its own public key to the conference terminal, and the conference terminal sends its public key to the user terminal, using Used to encrypt and decrypt sent data. When the user terminal sends information to the conference terminal, the user terminal encrypts the information to be sent based on its own private key and the public key of the conference terminal and sends it; after receiving the information sent by the user terminal, the conference terminal encrypts the information based on its own private key and the public key of the conference terminal. The public key of the user terminal decrypts the received information, and the correct information can be obtained. When the conference terminal sends information to the user terminal, the conference terminal encrypts the information to be sent according to its own private key and the user terminal public key and sends it; after receiving the information sent by the conference terminal, the user terminal encrypts and sends the information according to its own private key and the conference terminal's public key. The terminal's public key decrypts the received information and the correct information can be obtained.

图6示例性的提供了一种用于实现上述步骤503a的会议秘钥交互流程。参会用户打开手机的NFC功能，打开手机中安装的会议APP，开启手机与会议终端的认证功能，则手机随机生成个人识别码(personal identification number，PIN)并显示给用户，手机进一步根据PIN生成手机的公钥P-pub key和私钥P-private key。用户启动会议终端后，会议终端提示用户输入手机PIN，当用户输入PIN后，会议终端根据PIN生成会议终端的公钥T-pub key和私钥T-private key。手机通过NFC功能将手机的公钥P-pub key发送给会议终端，会议终端通过NFC功能将会议终端的公钥T-pub key发送给手机。手机根据自身的私钥P-private key和会议终端的公钥T-pub key计算sk值，并根据AES128GCM算法生成加密初始向量IV。然后手机根据sk值和加密初始向量IV对会议秘钥进行加密，并将加密初始向量IV和加密后的会议秘钥发送给会议终端。会议终端根据手机的公钥P-pub key、会议终端的私钥T-private key计算sk’值，然后根据sk’值和加密初始向量IV对加密的会议秘钥进行解密，从而获取正确的会议秘钥。进一步的，会议终端可以向手机发送认证成功的响应消息。Figure 6 exemplarily provides a conference key interaction process for implementing the above step 503a. The participating user turns on the NFC function of the mobile phone, opens the conference APP installed in the mobile phone, and turns on the authentication function between the mobile phone and the conference terminal. A personal identification number (PIN) is generated and displayed to the user. The mobile phone further generates the mobile phone's public key P-pub key and private key P-private key based on the PIN. After the user starts the conference terminal, the conference terminal prompts the user to enter the mobile phone PIN. When the user enters the PIN, the conference terminal generates the conference terminal's public key T-pub key and private key T-private key based on the PIN. The mobile phone sends the public key P-pub key of the mobile phone to the conference terminal through the NFC function, and the conference terminal sends the public key T-pub key of the conference terminal to the mobile phone through the NFC function. The mobile phone calculates the sk value based on its own private key P-private key and the public key T-pub key of the conference terminal, and generates the encryption initial vector IV according to the AES128GCM algorithm. Then the mobile phone encrypts the conference secret key based on the sk value and the encrypted initial vector IV, and sends the encrypted initial vector IV and the encrypted conference secret key to the conference terminal. The conference terminal calculates the sk' value based on the public key P-pub key of the mobile phone and the private key T-private key of the conference terminal, and then decrypts the encrypted conference secret key based on the sk' value and the encryption initial vector IV to obtain the correct conference Secret key. Further, the conference terminal can send a response message indicating successful authentication to the mobile phone.

在上述步骤503b的情况1中，用户终端也可以不将会议秘钥发送给会议终端，但用户终端和会议终端可以仍按照上述方法生成各自的公钥、私钥、sk值或sk’值，手机将加密初始向量IV发送给会议终端，从而实现用户终端与会议终端的绑定。在后续会议进行过程中，会议终端与手机交互会议数据时，会议终端可以基于sk’值和加密初始向量IV对待发送的数据加密或对从手机接收的数据进行解密，手机可以基于sk值和加密初始向量IV对接收的数据解密或对待发送的数据进行加密，保障用户终端与会议终端传输会议数据的安全性。In case 1 of step 503b above, the user terminal does not need to send the conference secret key to the conference terminal, but the user terminal and the conference terminal can still generate their respective public keys, private keys, sk values or sk' values according to the above method, The mobile phone sends the encrypted initial vector IV to the conference terminal, thereby realizing the binding of the user terminal and the conference terminal. During the subsequent meeting, when the conference terminal and the mobile phone interact with conference data, the conference terminal can encrypt the data to be sent based on the sk' value and the encryption initial vector IV or decrypt the data received from the mobile phone. The mobile phone can encrypt the data based on the sk value and the encryption initial vector IV. The initial vector IV decrypts the received data or encrypts the data to be sent to ensure the security of conference data transmitted between the user terminal and the conference terminal.

如前所述，在上述步骤501，用户终端获取到的GAKE可以是从带外认证设备获取的。在一种可能的实现方式中，带外认证设备可以在接收到会议管理***发送的会议信息后，生成会议的GAKE，然后将生成的GAKE发送至会议的每个与会用户的用户终端，以使每个用户终端根据图5所述的会议秘钥生成方法获取会议秘钥，从而为用户提供会议服务。As mentioned above, in the above step 501, the GAKE obtained by the user terminal may be obtained from the out-of-band authentication device. In one possible implementation, the out-of-band authentication device can generate the GAKE of the conference after receiving the conference information sent by the conference management system, and then send the generated GAKE to the user terminal of each participant in the conference, so that Each user terminal obtains the conference key according to the conference key generation method described in Figure 5, thereby providing conference services to the user.

具体的，会议管理***在确定需要创建会议后，可以将待创建会议的相关会议信息发送给带外认证设备，从而使得带外认证设备在不占用会议***资源的情况下，触发生成会议秘钥。其中，会议信息中可以包括参会用户的信息，从而使得带外认证设备可以根据参会用户的信息，将用于生成会议秘钥的相关信息，如GAKE，发送给用户终端。例如，若待创建会议共N个参会用户，则该会议信息中可以包括该N个参会用户中每个参会用户的信息。Specifically, after determining that a conference needs to be created, the conference management system can send the relevant conference information of the conference to be created to the out-of-band authentication device, so that the out-of-band authentication device can trigger the generation of the conference key without occupying conference system resources. . The conference information may include information of participating users, so that the out-of-band authentication device can send relevant information, such as GAKE, used to generate a conference key to the user terminal based on the information of participating users. For example, if a conference is to be created with a total of N participating users, the conference information may include information about each of the N participating users.

带外认证设备生成的GAKE可以包括前面介绍的Signal协议或MLS协议等。例如，带外认证设备可以根据参会用户的数量确定采用的GAKE。此外，带外认证设备还可以根据用户的数量确定是否需要对用户进行分组。进一步的，若带外认证设备确定需要进行分组，还可以进一步确定分组后组内用于协商会议秘钥所采用的GAKE以及组与组之间用于协商会议秘钥所采用的GAKE。The GAKE generated by the out-of-band authentication device can include the Signal protocol or MLS protocol introduced earlier. For example, the out-of-band authentication device can determine the GAKE to be used based on the number of participating users. In addition, the out-of-band authentication device can determine whether users need to be grouped based on the number of users. Furthermore, if the out-of-band authentication device determines that grouping is required, it can further determine the GAKE used to negotiate the conference key within the group after the grouping and the GAKE used to negotiate the conference key between groups.

为了更加清楚理解本申请上述实施例，下面结合图7a、图7b以及图8进行详细说明。In order to understand the above-mentioned embodiments of the present application more clearly, detailed description will be given below with reference to FIG. 7a, FIG. 7b and FIG. 8.

在图7a和图7b所示的实施例中，PA1表示与会用户1的用户终端，A1表示与会用户1接入会议所使用的会议终端，PA2表示与会用户2的用户终端，A2表示与会用户2接入会议所使用的会议终端。在图7a和图7b中，仅示出了2个用户各自的用户终端以及对应的2个会议终端，实际可以包括更多数量的用户以及用户终端、会议终端，不便在图中一一展示。其中，PA1可以作为所有用户终端组成的群组的主群主节点，可以是群组中的节点选举出来的，也可以是由带外认证设备或者会议管理***指定的，还可以是预先配置的默认选择出的。在图7a和图7b所示的实施例中，会议管理***和为会议提供业务服务的MCU分开部署，如前所述，也可以统一部署。In the embodiment shown in Figures 7a and 7b, PA1 represents the user terminal of participant 1, A1 represents the conference terminal used by participant 1 to access the conference, PA2 represents the user terminal of participant 2, and A2 represents participant 2. Access the conference terminal used for the conference. In Figures 7a and 7b, only the user terminals of two users and the corresponding two conference terminals are shown. In fact, it may include a larger number of users, user terminals, and conference terminals, and it is inconvenient to show them one by one in the figure. Among them, PA1 can serve as the main group master node of a group composed of all user terminals. It can be elected by the nodes in the group, or it can be designated by an out-of-band authentication device or conference management system, or it can be pre-configured. Selected by default. In the embodiments shown in Figures 7a and 7b, the conference management system and the MCU that provide business services for the conference are deployed separately. As mentioned above, they can also be deployed in a unified manner.

图7a所示的具体实施例可以包括以下步骤：The specific embodiment shown in Figure 7a may include the following steps:

步骤701、会议管理***向带外认证设备发送会议信息。 Step 701: The conference management system sends conference information to the out-of-band authentication device.

会议信息中可以包括每个与会用户的信息等。The conference information may include information about each participating user, etc.

步骤702、带外认证设备生成会议的GAKE。Step 702: The out-of-band authentication device generates a GAKE of the conference.

例如，带外认证设备可以根据参会用户的数量确定采用的GAKE。For example, the out-of-band authentication device can determine the GAKE to be used based on the number of participating users.

步骤703、带外认证设备将生成的GAKE发送至PA1和PA2。Step 703: The out-of-band authentication device sends the generated GAKE to PA1 and PA2.

应当理解，当该会议还涉及其他用户及用户终端时，带外认证设备还需要将生成的GAKE发送给其他用户终端，以使每个用户终端根据图5所述的会议秘钥生成方法获取会议秘钥，从而为用户提供会议服务。It should be understood that when the conference also involves other users and user terminals, the out-of-band authentication device also needs to send the generated GAKE to other user terminals, so that each user terminal obtains the conference key according to the conference key generation method described in Figure 5 secret key to provide users with conference services.

步骤704、PA1生成会议秘钥，并根据GAKE将会议秘钥发送给PA2。Step 704: PA1 generates a conference key and sends the conference key to PA2 according to GAKE.

PA1作为主群主节点生成会议秘钥，并将生成的会议秘钥发送给其他成员节点。在无需构建次级群主的情况下，PA2作为员节点，从PA1获取会议秘钥；若除了图中所示的PA2还可以存在其他成员节点，PA1还需要将会议秘钥发送给其他成员节点。在需要构建次级群组的情况下，则图中所示的PA2为次级群主节点，PA2在接收到会议秘钥后，还需要将会议秘钥分发给其所在的次级群组中的各成员节点(图7a中未示出)；若还存在图中未示出的其他次级群组及相应的次级群主节点，PA1还需要将会议秘钥发送给其他次级群主节点。PA1, as the master node of the main group, generates a conference key and sends the generated conference key to other member nodes. Without the need to build a secondary group leader, PA2 serves as a member node and obtains the conference key from PA1; if there can be other member nodes besides PA2 as shown in the figure, PA1 also needs to send the conference key to other member nodes. . When a secondary group needs to be constructed, PA2 shown in the figure is the secondary group master node. After PA2 receives the conference key, it also needs to distribute the conference key to the secondary group where it is located. Each member node (not shown in Figure 7a); if there are other secondary groups and corresponding secondary group master nodes not shown in the figure, PA1 also needs to send the conference secret key to other secondary group masters node.

步骤705、会议管理***在预约的会议时间到达时，指示MCU召集会议。Step 705: The conference management system instructs the MCU to convene a conference when the reserved conference time arrives.

步骤706a、PA1将加密的会议秘钥发送至A1，PA2将加密的会议秘钥发送至A2。Step 706a: PA1 sends the encrypted conference key to A1, and PA2 sends the encrypted conference key to A2.

可选的，PA1与A1、PA2与A2可以按照图6所示的方式传输加密的会议秘钥。Optionally, PA1 and A1, and PA2 and A2 can transmit the encrypted conference key in the manner shown in Figure 6.

可选的，步骤706与上述步骤705的顺序可以调换。Optionally, the order of step 706 and the above-mentioned step 705 can be exchanged.

步骤707a、A1根据会议秘钥对从MCU获取到的会议数据进行解密，根据会议秘钥对本地的会议数据进行加密并发送至MCU；A2根据会议秘钥对从MCU获取到的会议数据进行解密，根据会议秘钥对本地的会议数据进行加密并发送至MCU。Step 707a, A1 decrypts the conference data obtained from the MCU according to the conference secret key, encrypts the local conference data according to the conference secret key and sends it to the MCU; A2 decrypts the conference data obtained from the MCU according to the conference secret key , encrypt the local conference data according to the conference key and send it to the MCU.

在图7b所示的具体实施例中，可以包含有与图7a相同的步骤701至步骤705。In the specific embodiment shown in Figure 7b, the same steps 701 to 705 as those in Figure 7a may be included.

步骤706b、PA1与A1进行绑定，PA2与A2进行绑定。Step 706b: PA1 is bound to A1, and PA2 is bound to A2.

可选的，PA1与A1可以各自生成自身的公钥和私钥，然后将自身的公钥发送给对方，然后按照预设的算法进行绑定认证。PA2与A2的绑定方式类似，不再赘述。Optionally, PA1 and A1 can each generate their own public keys and private keys, then send their own public keys to the other party, and then perform binding authentication according to the preset algorithm. The binding methods of PA2 and A2 are similar and will not be described again.

本申请实施例对步骤706b的执行顺序不做限定，可以在步骤707b之前的任意时刻执行。The embodiment of the present application does not limit the execution order of step 706b, and it can be executed at any time before step 707b.

步骤707b、A1从MCU获取加密的会议数据。同时，A2也可以从MCU获取会议数据。Step 707b: A1 obtains the encrypted conference data from the MCU. At the same time, A2 can also obtain conference data from the MCU.

步骤708b、PA1从A1抓取加密的会议数据，并根据会议秘钥对加密的会议数据进行解密，并将解密后的会议数据发送给A1。同时，PA2也可以从A2抓取加密的会议数据，并根据会议秘钥对加密的会议数据进行解密，并将解密后的会议数据发送给A2。Step 708b: PA1 grabs the encrypted meeting data from A1, decrypts the encrypted meeting data according to the meeting secret key, and sends the decrypted meeting data to A1. At the same time, PA2 can also grab the encrypted meeting data from A2, decrypt the encrypted meeting data based on the meeting secret key, and send the decrypted meeting data to A2.

步骤709b、PA1从A1抓取本地收集的会议数据，并根据会议秘钥对本地的会议数据进行加密，并将加密后的会议数据发送给A1。同时，PA2也可以从A2抓取本地收集的会议数据，并根据会议秘钥对本地的会议数据进行加密，并将加密后的会议数据发送给A2。Step 709b: PA1 grabs the locally collected meeting data from A1, encrypts the local meeting data according to the meeting secret key, and sends the encrypted meeting data to A1. At the same time, PA2 can also capture the locally collected meeting data from A2, encrypt the local meeting data based on the meeting secret key, and send the encrypted meeting data to A2.

步骤710b、A1将本地加密后的会议数据发送至MCU。同时，A2也可以本地加密后的会议数据发送至MCU。Step 710b, A1 sends the locally encrypted conference data to the MCU. At the same time, A2 can also send locally encrypted conference data to the MCU.

本申请实施例对上述步骤707b-步骤708b，和步骤709b-步骤710b的执行顺序不做限定，根据会议的需求，执行相应的步骤，甚至可以同步执行。在同一时刻，PA1-A1和PA2-A2的执行步骤可以相同也可以不同，例如，PA1-A1可能正在执行步骤707b-步骤708b，而PA2-A2可能正在执行步骤709b-步骤710b；或者，PA1-A1可能正在执行步骤709b-步骤710b，而PA2-A2可能正在执行步骤707b-步骤708b。The embodiment of the present application does not limit the execution order of the above-mentioned steps 707b to 708b, and step 709b to 710b. According to the needs of the meeting, the corresponding steps can be executed, and they can even be executed synchronously. At the same moment, the execution steps of PA1-A1 and PA2-A2 may be the same or different. For example, PA1-A1 may be executing steps 707b-step 708b, while PA2-A2 may be executing steps 709b-step 710b; or, PA1 -A1 may be performing steps 709b-step 710b, while PA2-A2 may be performing steps 707b-step 708b.

图8所示的具体实施例可以包括以下步骤： The specific embodiment shown in Figure 8 may include the following steps:

步骤801、会议管理***向带外认证设备发送更新的会议信息。Step 801: The conference management system sends updated conference information to the out-of-band authentication device.

更新后的会议信息可以包括更新后的与会用户的信息。The updated conference information may include updated information of the participating users.

步骤802、带外认证设备生成更新后的GAKE。Step 802: The out-of-band authentication device generates an updated GAKE.

若带外认证设备认为更新后的会议需要基于与之前不同的协商协议分发会议秘钥，那么更新后的GAKE可以包含有指示更新的协商协议的指示信息；若带外认证设备认为无需更换协商协议，则更新后的GAKE可以仅用于指示更新会议秘钥，或者，也可以继续指示相同的协商协议。If the out-of-band authentication device believes that the updated conference needs to distribute conference keys based on a negotiation protocol different from the previous one, then the updated GAKE can contain indication information indicating the updated negotiation protocol; if the out-of-band authentication device believes that there is no need to change the negotiation protocol , the updated GAKE can be used only to indicate updating the conference key, or it can continue to indicate the same negotiation protocol.

步骤803、带外认证设备将更新后的GAKE发送至PA1和PA2。Step 803: The out-of-band authentication device sends the updated GAKE to PA1 and PA2.

在该实施例中，更新后的会议仍然包括用户1和用户2。若更新后的会议不再包括用户1或用户2，那么带外认证设备则不会将更新后的GAKE发送给PA1或PA2。若更新后的会议还涉及其他用户终端，带外认证设备还需要将更新后的GAKE发送给其他用户终端。In this example, the updated conference still includes User 1 and User 2. If the updated conference no longer includes user 1 or user 2, the out-of-band authentication device will not send the updated GAKE to PA1 or PA2. If the updated conference also involves other user terminals, the out-of-band authentication device also needs to send the updated GAKE to other user terminals.

步骤804、PA1生成新的会议秘钥，并根据GAKE将新的会议秘钥发送给PA2。Step 804: PA1 generates a new conference key and sends the new conference key to PA2 according to GAKE.

PA1作为主群主节点生成新的会议秘钥，并将新的会议秘钥发送给其他成员节点。在无需构建次级群主的情况下，PA2作为员节点，从PA1获取新的会议秘钥；若除了图中所示的PA2还可以存在其他成员节点，PA1还需要将新的会议秘钥发送给其他成员节点。在需要构建次级群组的情况下，则图中所示的PA2为次级群主节点，PA2在接收到会议秘钥后，还需要将新的会议秘钥分发给其所在的次级群组中的各成员节点(图7a中未示出)；若还存在图中未示出的其他次级群组及相应的次级群主节点，PA1还需要将新的会议秘钥发送给其他次级群主节点。PA1, as the master node of the main group, generates a new conference key and sends the new conference key to other member nodes. Without the need to build a secondary group leader, PA2 serves as a member node and obtains a new conference key from PA1; if there can be other member nodes besides PA2 as shown in the figure, PA1 also needs to send the new conference key. Give other members nodes. When a secondary group needs to be constructed, PA2 shown in the figure is the secondary group master node. After receiving the conference key, PA2 also needs to distribute the new conference key to the secondary group where it is located. Each member node in the group (not shown in Figure 7a); if there are other secondary groups and corresponding secondary group master nodes not shown in the figure, PA1 also needs to send the new conference key to other Secondary group master node.

在该实施例中，在更新后的会议中，PA1仍然是主群主节点。当然，更新后的主群主节点也可以发生变化，更新后的次级群主节点可能发生变化。In this embodiment, PA1 is still the main group master node in the updated conference. Of course, the updated primary group master node may also change, and the updated secondary group master node may also change.

在上述步骤804之后，PA1、A1、PA2和A2可以执行如步骤706a、步骤707a所示的操作，也可以执行如步骤707b至步骤710b所示的操作。After the above-mentioned step 804, PA1, A1, PA2 and A2 can perform the operations shown in steps 706a and 707a, or can also perform the operations shown in steps 707b to 710b.

基于相同的技术构思，本申请实施例还提供一种用户终端，用于实现上述方法实施例。该用户终端可以包括执行上述方法实施例中任意一种可能的实现方式的模块/单元；这些模块/单元可以通过硬件实现，也可以通过硬件执行相应的软件实现。Based on the same technical concept, embodiments of the present application also provide a user terminal for implementing the above method embodiments. The user terminal may include modules/units that execute any of the possible implementation methods in the above method embodiments; these modules/units may be implemented by hardware, or may be implemented by hardware executing corresponding software.

示例性的，该用户终端可以如图9所示，包括：获取模块901、协商模块902，进一步还可以包括发送模块903或者加解密模块904。For example, as shown in Figure 9, the user terminal may include: an acquisition module 901, a negotiation module 902, and further may include a sending module 903 or an encryption and decryption module 904.

获取模块901，用于获取会议的群组认证秘钥协商协议GAKE。The acquisition module 901 is used to acquire the group authentication key agreement protocol GAKE of the conference.

协商模块902，用于根据所述GAKE，与所述会议的其他参会用户的用户终端协商加入所述会议的会议秘钥。The negotiation module 902 is configured to negotiate a conference key for joining the conference with the user terminals of other participating users of the conference according to the GAKE.

所述终端还包括发送模块903，用于将所述会议秘钥发送至会议终端，以使所述会议终端在加入所述会议后根据所述会议秘钥对所述会议的数据进行加密、解密。The terminal also includes a sending module 903, which is used to send the conference secret key to the conference terminal, so that the conference terminal can encrypt and decrypt the data of the conference according to the conference secret key after joining the conference. .

所述终端还包括加解密模块904，用于根据所述会议秘钥对所述会议的数据进行加密、解密。The terminal also includes an encryption and decryption module 904, which is used to encrypt and decrypt the conference data according to the conference key.

在一种可能的实现方式中，所述发送模块903，具体用于：生成所述用户终端的公钥和私钥；将所述用户终端的公钥发送给所述会议终端，并获取所述会议终端的公钥；根据所述用户终端的私钥和所述会议终端的公钥，对所述会议秘钥进行加密；将加密后的会议秘钥发送给所述会议终端，以使所述会议终端根据所述用户终端的公钥和所述会议终端的私钥进行解密获取所述会议秘钥。 In a possible implementation, the sending module 903 is specifically configured to: generate the public key and private key of the user terminal; send the public key of the user terminal to the conference terminal, and obtain the The public key of the conference terminal; encrypt the conference secret key according to the private key of the user terminal and the public key of the conference terminal; send the encrypted conference secret key to the conference terminal so that the The conference terminal decrypts and obtains the conference secret key according to the public key of the user terminal and the private key of the conference terminal.

在一种可能的实现方式中，所述加解密模块904，具体用于：根据所述会议秘钥，对从所述会议终端获取到的远端数据进行解密，所述远端数据为来自远端的所述会议的数据；所述用户终端将解密后的数据发送至所述会议终端；和/或，根据所述会议秘钥对从所述会议终端获取到的本地数据进行加密，所述本地数据为所述会议终端从本地收集的所述会议的数据；所述用户终端将加密后的数据发送给所述会议终端。In a possible implementation, the encryption and decryption module 904 is specifically configured to: decrypt the remote data obtained from the conference terminal according to the conference secret key, and the remote data is from the remote the user terminal sends the decrypted data to the conference terminal; and/or encrypts the local data obtained from the conference terminal according to the conference secret key, The local data is the conference data collected locally by the conference terminal; the user terminal sends the encrypted data to the conference terminal.

在一种可能的实现方式中，所述协商模块902，具体用于：根据所述GAKE，确定基于信号Signal协议与所述会议的其他参会用户协商会议秘钥；或者，根据所述GAKE，确定基于消息层安全MLS协议与所述会议的其他参会用户协商会议秘钥。In a possible implementation, the negotiation module 902 is specifically configured to: determine, according to the GAKE, to negotiate a conference secret key with other participating users of the conference based on the Signal protocol; or, according to the GAKE, It is determined to negotiate the conference key with other participating users of the conference based on the message layer security MLS protocol.

在一种可能的实现方式中，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述次级群组中包括一个次级群主节点，所述用户终端为所述群组的主群主节点。In a possible implementation, the user terminal and other participants are included in a group, the group includes at least one secondary group, and the secondary group includes a secondary group owner Node, the user terminal is the main group master node of the group.

所述协商模块902，具体用于：将生成的会议秘钥，基于信号Signal协议或消息层安全MLS协议发送给次级群组的所述次级群主节点。The negotiation module 902 is specifically configured to send the generated conference key to the secondary group master node of the secondary group based on the Signal protocol or the message layer security MLS protocol.

在一种可能的实现方式中，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述用户终端为所述次级群组的次级群主节点，所述群组包括主群主节点。In a possible implementation, the user terminal and other participants are included in a group, the group includes at least one secondary group, and the user terminal is a subordinate of the secondary group. Level group master node, the group includes the main group master node.

所述协商模块902，具体用于：接收所述主群主节点发送的会议秘钥；基于消息层安全MLS协议将所述会议秘钥发送给所述次级群组中的其他节点。The negotiation module 902 is specifically configured to: receive the conference key sent by the primary group master node; and send the conference key to other nodes in the secondary group based on the message layer security MLS protocol.

基于相同的技术构思，本申请实施例还提供一种计算机设备。该计算机设备包括如图10所示的处理器1001，以及与处理器1001连接的通信接口1002。Based on the same technical concept, embodiments of the present application also provide a computer device. The computer device includes a processor 1001 as shown in Figure 10, and a communication interface 1002 connected to the processor 1001.

处理器1001可以是通用处理器，微处理器，特定集成电路(application specific integrated circuit，ASIC)，现场可编程门阵列(field programmable gate array，FPGA)或者其他可编程逻辑器件，分立门或者晶体管逻辑器件，或一个或多个用于控制本申请方案程序执行的集成电路等。通用处理器可以是微处理器或者任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成，或者用处理器中的硬件及软件模块组合执行完成。The processor 1001 may be a general processor, a microprocessor, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or one or more integrated circuits used to control the execution of the program of this application, etc. A general-purpose processor may be a microprocessor or any conventional processor, etc. The steps of the methods disclosed in conjunction with the embodiments of the present application can be directly implemented by a hardware processor for execution, or can be executed by a combination of hardware and software modules in the processor.

通信接口1002，用于与其他设备通信，如PCI总线接口、以太网，无线接入网(radio access network，RAN)，无线局域网(wireless local area networks，WLAN)等。Communication interface 1002 is used to communicate with other devices, such as PCI bus interface, Ethernet, wireless access network (radio access network, RAN), wireless local area networks (WLAN), etc.

在本申请实施例中，处理器1001用于调用通信接口1002执行接收和/或发送的功能，并执行如前任一种可能实现方式所述的方法。In this embodiment of the present application, the processor 1001 is used to call the communication interface 1002 to perform receiving and/or sending functions, and to perform the method described in the previous possible implementation manner.

进一步的，该计算机设备还可以包括存储器1003以及通信总线1004。Further, the computer device may also include a memory 1003 and a communication bus 1004.

存储器1003，用于存储程序指令和/或数据，以使处理器1001调用存储器1003中存储的指令和/或数据，实现处理器1001的上述功能。存储器1003可以是只读存储器(read-only memory，ROM)或可存储静态信息和指令的其他类型的静态存储设备，随机存取存储器(random access memory，RAM)或者可存储信息和指令的其他类型的动态存储设备，也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory，EEPROM)或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质，但不限于此。存储器1003可以是独立存在，例如片外存储器，通过通信总线1004与处理器1001相连接。存储器1003也可以和处理器1001集成在一起。The memory 1003 is used to store program instructions and/or data, so that the processor 1001 calls the instructions and/or data stored in the memory 1003 to implement the above functions of the processor 1001. The memory 1003 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory (RAM)) or other type that can store information and instructions. A dynamic storage device that can also be an electrically erasable programmable read-only memory (EEPROM) or can be used to carry or store desired program code in the form of instructions or data structures and can be stored by a computer. any other medium, but not limited to this. The memory 1003 may exist independently, such as an off-chip memory, and is connected to the processor 1001 through the communication bus 1004. The memory 1003 may also be integrated with the processor 1001.

通信总线1004可包括一通路，用于在上述组件之间传送信息。 Communication bus 1004 may include a path for communicating information between the components described above.

示例性的，处理器1001可以通过通信接口1002执行以下步骤：获取会议的群组认证秘钥协商协议GAKE；根据所述GAKE，与所述会议的其他参会用户的用户终端协商加入所述会议的会议秘钥；将所述会议秘钥发送至会议终端，以使所述会议终端在加入所述会议后根据所述会议秘钥对所述会议的数据进行加密、解密；或者，根据所述会议秘钥对所述会议的数据进行加密、解密。Exemplarily, the processor 1001 can perform the following steps through the communication interface 1002: obtain the group authentication key agreement protocol GAKE of the conference; negotiate with the user terminals of other participating users of the conference to join the conference according to the GAKE The conference secret key; sending the conference secret key to the conference terminal, so that the conference terminal can encrypt and decrypt the data of the conference according to the conference secret key after joining the conference; or, according to the The conference key encrypts and decrypts the conference data.

在一种可能的实现方式中，所述处理器1001在通过通信接口1002将所述会议秘钥发送至会议终端时，具体用于：生成所述计算机设备的公钥和私钥；将所述计算机设备的公钥发送给所述会议终端，并获取所述会议终端的公钥；根据所述计算机设备的私钥和所述会议终端的公钥，对所述会议秘钥进行加密；将加密后的会议秘钥发送给所述会议终端，以使所述会议终端根据所述计算机设备的公钥和所述会议终端的私钥进行解密获取所述会议秘钥。In a possible implementation, when the processor 1001 sends the conference secret key to the conference terminal through the communication interface 1002, it is specifically configured to: generate the public key and private key of the computer device; The public key of the computer device is sent to the conference terminal, and the public key of the conference terminal is obtained; the conference secret key is encrypted according to the private key of the computer device and the public key of the conference terminal; the encrypted key is The resulting conference secret key is sent to the conference terminal, so that the conference terminal decrypts and obtains the conference secret key according to the public key of the computer device and the private key of the conference terminal.

在一种可能的实现方式中，所述处理器1001在根据所述会议秘钥对所述会议的数据进行加密、解密时，具体用于：根据所述会议秘钥，对从所述会议终端获取到的远端数据进行解密，所述远端数据为来自远端的所述会议的数据，将解密后的数据发送至所述会议终端；和/或，根据所述会议秘钥对从所述会议终端获取到的本地数据进行加密，所述本地数据为所述会议终端从本地收集的所述会议的数据，将加密后的数据发送给所述会议终端。In a possible implementation, when the processor 1001 encrypts and decrypts the conference data according to the conference secret key, it is specifically configured to: Decrypt the obtained remote data, which is the data from the remote conference, and send the decrypted data to the conference terminal; and/or, according to the conference secret key, The local data obtained by the conference terminal is encrypted, the local data is the conference data collected locally by the conference terminal, and the encrypted data is sent to the conference terminal.

在一种可能的实现方式中，所述处理器1001在根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥时，具体用于：根据所述GAKE，确定基于信号Signal协议与所述会议的其他参会用户协商会议秘钥；或者根据所述GAKE，确定基于消息层安全MLS协议与所述会议的其他参会用户协商会议秘钥。In a possible implementation, when the processor 1001 negotiates the conference key with the user terminals of other participating users of the conference according to the GAKE, the processor 1001 is specifically configured to: determine based on the signal based on the GAKE The Signal protocol negotiates the conference secret key with other participating users of the conference; or according to the GAKE, it is determined to negotiate the conference secret key with other participating users of the conference based on the message layer security MLS protocol.

在一种可能的实现方式中，所述计算机设备和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述次级群组中包括一个次级群主节点，所述计算机设备为所述群组的主群主节点。所述处理器1001在根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥时，具体用于：将生成的会议秘钥，基于信号Signal协议或消息层安全MLS协议发送给次级群组的所述次级群主节点。In a possible implementation, the computer device and other participants are included in a group, the group includes at least one secondary group, and the secondary group includes a secondary group owner Node, the computer device is the main group master node of the group. When the processor 1001 negotiates the conference key with the user terminals of other participating users of the conference according to the GAKE, it is specifically used to: use the generated conference key based on the Signal protocol or the message layer security MLS protocol. Sent to the secondary group master node of the secondary group.

在一种可能的实现方式中，所述计算机设备和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述计算机设备为所述次级群组的次级群主节点，所述群组包括主群主节点。所述处理器1001在根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥时，具体用于：接收所述主群主节点发送的会议秘钥；基于消息层安全MLS协议将所述会议秘钥发送给所述次级群组中的其他节点。In a possible implementation, the computer device and other participants are included in a group, and the group includes at least one secondary group, and the computer device is a subordinate of the secondary group. Level group master node, the group includes the main group master node. When the processor 1001 negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, it is specifically used to: receive the conference secret key sent by the main group master node; based on message layer security The MLS protocol sends the conference key to other nodes in the secondary group.

基于相同的技术构思，本申请实施例还提供一种计算机可读存储介质，所述计算机可读存储介质中存储有计算机可读指令，当所述计算机可读指令在计算机上运行时，使得上述方法实施例被执行。Based on the same technical concept, embodiments of the present application also provide a computer-readable storage medium. Computer-readable instructions are stored in the computer-readable storage medium. When the computer-readable instructions are run on a computer, the above-mentioned Method embodiments are executed.

基于相同的技术构思，本申请实施例提供还一种包含指令的计算机程序产品，当其在计算机上运行时，使得上述方法实施例被执行。Based on the same technical concept, embodiments of the present application provide a computer program product containing instructions, which when run on a computer causes the above method embodiments to be executed.

需要理解的是，在本申请的描述中，“第一”、“第二”等词汇，仅用于区分描述的目的，而不能理解为指示或暗示相对重要性，也不能理解为指示或暗示顺序。在本说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此，在本说明书中的不同之处出现的语句“在一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例，而是意味着“一个或多个但不是所有的实施例”，除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”，除非是以其他方式另外特别强调。It should be understood that in the description of this application, words such as "first" and "second" are only used for the purpose of distinguishing the description, and cannot be understood as indicating or implying relative importance, nor can they be understood as indicating or implying. order. Reference in this specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Therefore, the phrases "in one embodiment", "in some embodiments", "in other embodiments", "in other embodiments", etc. appearing in different places in this specification are not necessarily all refer to the same embodiment, but rather means "one or more but not all embodiments" unless otherwise stated Also emphasized. The terms “including,” “includes,” “having,” and variations thereof all mean “including but not limited to,” unless otherwise specifically emphasized.

本领域内的技术人员应明白，本申请的实施例可提供为方法、***、或计算机程序产品。因此，本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will understand that embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请实施例的方法、设备(***)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

尽管已描述了本申请的优选实施例，但本领域内的技术人员一旦得知了基本创造性概念，则可对这些实施例作出另外的变更和修改。所以，所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。Although the preferred embodiments of the present application have been described, those skilled in the art will be able to make additional changes and modifications to these embodiments once the basic inventive concepts are apparent. Therefore, it is intended that the appended claims be construed to include the preferred embodiments and all changes and modifications that fall within the scope of this application.

显然，本领域的技术人员可以对本申请实施例进行各种改动和变型而不脱离本申请实施例的精神和范围。这样，倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内，则本申请也意图包含这些改动和变型在内。 Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. In this way, if these modifications and variations of the embodiments of the present application fall within the scope of the claims of this application and equivalent technologies, then this application is also intended to include these modifications and variations.

Claims

一种会议秘钥生成方法，其特征在于，应用于参会用户的用户终端中，所述方法包括：A method for generating a conference secret key, which is characterized in that it is applied to user terminals of participating users, and the method includes:

所述用户终端获取会议的群组认证秘钥协商协议GAKE；The user terminal obtains the group authentication key agreement protocol GAKE of the conference;

所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商加入所述会议的会议秘钥；The user terminal negotiates a conference key for joining the conference with the user terminals of other participating users of the conference according to the GAKE;

所述用户终端将所述会议秘钥发送至会议终端，以使所述会议终端在加入所述会议后根据所述会议秘钥对所述会议的数据进行加密、解密；或者，所述用户终端根据所述会议秘钥对所述会议的数据进行加密、解密。The user terminal sends the conference secret key to the conference terminal, so that the conference terminal encrypts and decrypts the data of the conference according to the conference secret key after joining the conference; or, the user terminal Encrypt and decrypt the meeting data according to the meeting secret key.
根据权利要求1所述的方法，其特征在于，所述用户终端将所述会议秘钥发送至会议终端，包括：The method according to claim 1, characterized in that the user terminal sends the conference secret key to the conference terminal, including:

所述用户终端生成所述用户终端的公钥和私钥；The user terminal generates the public key and private key of the user terminal;

所述用户终端将所述用户终端的公钥发送给所述会议终端，并获取所述会议终端的公钥；The user terminal sends the public key of the user terminal to the conference terminal, and obtains the public key of the conference terminal;

所述用户终端根据所述用户终端的私钥和所述会议终端的公钥，对所述会议秘钥进行加密；The user terminal encrypts the conference secret key according to the private key of the user terminal and the public key of the conference terminal;

所述用户终端将加密后的会议秘钥发送给所述会议终端，以使所述会议终端根据所述用户终端的公钥和所述会议终端的私钥进行解密获取所述会议秘钥。The user terminal sends the encrypted conference secret key to the conference terminal, so that the conference terminal decrypts and obtains the conference secret key according to the public key of the user terminal and the private key of the conference terminal.
根据权利要求1所述的方法，其特征在于，所述用户终端根据所述会议秘钥对所述会议的数据进行加密、解密，包括：The method according to claim 1, characterized in that the user terminal encrypts and decrypts the conference data according to the conference key, including:

所述用户终端根据所述会议秘钥，对从所述会议终端获取到的远端数据进行解密，所述远端数据为来自远端的所述会议的数据；所述用户终端将解密后的数据发送至所述会议终端；和/或The user terminal decrypts the remote data obtained from the conference terminal according to the conference secret key, and the remote data is the data of the conference from the remote end; the user terminal decrypts the decrypted Data is sent to the conference terminal; and/or

所述用户终端根据所述会议秘钥对从所述会议终端获取到的本地数据进行加密，所述本地数据为所述会议终端从本地收集的所述会议的数据；所述用户终端将加密后的数据发送给所述会议终端。The user terminal encrypts local data obtained from the conference terminal according to the conference secret key, where the local data is the conference data collected locally by the conference terminal; the user terminal encrypts the The data is sent to the conference terminal.
根据权利要求1-3任一项所述的方法，其特征在于，所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥，包括：The method according to any one of claims 1 to 3, characterized in that the user terminal negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, including:

所述用户终端根据所述GAKE，确定基于信号Signal协议与所述会议的其他参会用户协商会议秘钥；或者The user terminal determines, based on the GAKE, to negotiate a conference key with other participating users of the conference based on the Signal protocol; or

所述用户终端根据所述GAKE，确定基于消息层安全MLS协议与所述会议的其他参会用户协商会议秘钥。The user terminal determines, based on the GAKE, to negotiate a conference secret key with other participating users of the conference based on the message layer security MLS protocol.
根据权利要求1-3任一项所述的方法，其特征在于，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述次级群组中包括一个次级群主节点，所述用户终端为所述群组的主群主节点；The method according to any one of claims 1 to 3, characterized in that the user terminal and other participants are included in a group, and the group includes at least one secondary group, and the secondary group The group includes a secondary group master node, and the user terminal is the primary group master node of the group;

所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥，包括：The user terminal negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, including:

所述用户终端将生成的会议秘钥，基于信号Signal协议或消息层安全MLS协议发送给次级群组的所述次级群主节点。The user terminal sends the generated conference key to the secondary group master node of the secondary group based on the Signal protocol or the message layer security MLS protocol.
根据权利要求1-3任一项所述的方法，其特征在于，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述用户终端为所述次级群组的次级群主节点，所述群组包括主群主节点；The method according to any one of claims 1 to 3, characterized in that the user terminal and other participants are included in a group, the group includes at least one secondary group, the user terminal Be the secondary group master node of the secondary group, and the group includes the primary group master node;

所述用户终端根据所述GAKE，与所述会议的其他参会用户的用户终端协商会议秘钥，包括：The user terminal negotiates the conference secret key with the user terminals of other participating users of the conference according to the GAKE, including include:

所述用户终端接收所述主群主节点发送的会议秘钥；The user terminal receives the conference key sent by the main group master node;

所述用户终端基于消息层安全MLS协议将所述会议秘钥发送给所述次级群组中的其他节点。The user terminal sends the conference key to other nodes in the secondary group based on the message layer security MLS protocol.
一种用户终端，其特征在于，包括：A user terminal, characterized by including:

获取模块，用于获取会议的群组认证秘钥协商协议GAKE；Acquisition module, used to obtain the group authentication key agreement protocol GAKE of the conference;

协商模块，用于根据所述GAKE，与所述会议的其他参会用户的用户终端协商加入所述会议的会议秘钥；A negotiation module, configured to negotiate a conference key for joining the conference with the user terminals of other participating users of the conference according to the GAKE;

所述终端还包括发送模块，用于将所述会议秘钥发送至会议终端，以使所述会议终端在加入所述会议后根据所述会议秘钥对所述会议的数据进行加密、解密；或者，The terminal also includes a sending module for sending the conference secret key to the conference terminal, so that the conference terminal encrypts and decrypts the data of the conference according to the conference secret key after joining the conference; or,

所述终端还包括加解密模块，用于根据所述会议秘钥对所述会议的数据进行加密、解密。The terminal also includes an encryption and decryption module for encrypting and decrypting the conference data according to the conference key.
根据权利要求7所述的用户终端，其特征在于，所述发送模块，具体用于：The user terminal according to claim 7, characterized in that the sending module is specifically used for:

生成所述用户终端的公钥和私钥；Generate the public key and private key of the user terminal;

将所述用户终端的公钥发送给所述会议终端，并获取所述会议终端的公钥；Send the public key of the user terminal to the conference terminal, and obtain the public key of the conference terminal;

根据所述用户终端的私钥和所述会议终端的公钥，对所述会议秘钥进行加密；Encrypt the conference secret key according to the private key of the user terminal and the public key of the conference terminal;

将加密后的会议秘钥发送给所述会议终端，以使所述会议终端根据所述用户终端的公钥和所述会议终端的私钥进行解密获取所述会议秘钥。The encrypted conference secret key is sent to the conference terminal, so that the conference terminal decrypts and obtains the conference secret key according to the public key of the user terminal and the private key of the conference terminal.
根据权利要求7所述的用户终端，其特征在于，所述加解密模块，具体用于：The user terminal according to claim 7, characterized in that the encryption and decryption module is specifically used for:

根据所述会议秘钥，对从所述会议终端获取到的远端数据进行解密，所述远端数据为来自远端的所述会议的数据；所述用户终端将解密后的数据发送至所述会议终端；和/或According to the conference secret key, the remote data obtained from the conference terminal is decrypted, and the remote data is the data of the conference from the remote end; the user terminal sends the decrypted data to the conference terminal. the conference terminal; and/or

根据所述会议秘钥对从所述会议终端获取到的本地数据进行加密，所述本地数据为所述会议终端从本地收集的所述会议的数据；所述用户终端将加密后的数据发送给所述会议终端。Encrypt local data obtained from the conference terminal according to the conference secret key, where the local data is the conference data collected locally by the conference terminal; the user terminal sends the encrypted data to The conference terminal.
根据权利要求7-9任一项所述的用户终端，其特征在于，所述协商模块，具体用于：The user terminal according to any one of claims 7-9, characterized in that the negotiation module is specifically used for:

根据所述GAKE，确定基于信号Signal协议与所述会议的其他参会用户协商会议秘钥；或者According to the GAKE, determine to negotiate a conference key with other participating users of the conference based on the Signal protocol; or

根据所述GAKE，确定基于消息层安全MLS协议与所述会议的其他参会用户协商会议秘钥。According to the GAKE, it is determined to negotiate a conference key with other participating users of the conference based on the message layer security MLS protocol.
根据权利要求7-9任一项所述的用户终端，其特征在于，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述次级群组中包括一个次级群主节点，所述用户终端为所述群组的主群主节点；The user terminal according to any one of claims 7-9, characterized in that the user terminal and other participants are included in a group, and the group includes at least one secondary group, and the secondary group The first-level group includes a secondary group master node, and the user terminal is the primary group master node of the group;

所述协商模块，具体用于：The negotiation module is specifically used for:

将生成的会议秘钥，基于信号Signal协议或消息层安全MLS协议发送给次级群组的所述次级群主节点。The generated conference key is sent to the secondary group master node of the secondary group based on the Signal protocol or the message layer security MLS protocol.
根据权利要求7-9任一项所述的用户终端，其特征在于，所述用户终端和其他与会方被包含在一个群组中，所述群组至少包括一个次级群组，所述用户终端为所述次级群组的次级群主节点，所述群组包括主群主节点；The user terminal according to any one of claims 7 to 9, characterized in that the user terminal and other participants are included in a group, the group includes at least one secondary group, and the user terminal The terminal is a secondary group master node of the secondary group, and the group includes a primary group master node;

所述协商模块，具体用于：The negotiation module is specifically used for:

接收所述主群主节点发送的会议秘钥；Receive the conference key sent by the main group master node;

基于消息层安全MLS协议将所述会议秘钥发送给所述次级群组中的其他节点。The conference key is sent to other nodes in the secondary group based on the message layer security MLS protocol.
一种计算机设备，其特征在于，所述计算机设备包括存储器和处理器；A computer device, characterized in that the computer device includes a memory and a processor;

所述存储器存储有计算机程序；The memory stores a computer program;

所述处理器用于调用所述存储器中存储的计算机程序，以执行权利要求1-6任一项所述的方法。The processor is used to call the computer program stored in the memory to execute any one of claims 1-6. Methods.
一种计算机可读存储介质，其特征在于，所述计算机可读存储介质中存储有指令，当所述指令在计算机上运行时，使得所述计算机执行如权利要求1-6任一项所述的方法。 A computer-readable storage medium, characterized in that instructions are stored in the computer-readable storage medium, and when the instructions are run on a computer, they cause the computer to execute as described in any one of claims 1-6 Methods.