[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN117978946A - Security management method and system for cloud computing video conference - Google Patents

Security management method and system for cloud computing video conference Download PDF

Info

Publication number
CN117978946A
CN117978946A CN202410091406.9A CN202410091406A CN117978946A CN 117978946 A CN117978946 A CN 117978946A CN 202410091406 A CN202410091406 A CN 202410091406A CN 117978946 A CN117978946 A CN 117978946A
Authority
CN
China
Prior art keywords
terminal equipment
video conference
video
conference
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410091406.9A
Other languages
Chinese (zh)
Other versions
CN117978946B (en
Inventor
马文科
辛锋
肖永江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pingxiang University
Original Assignee
Pingxiang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pingxiang University filed Critical Pingxiang University
Priority to CN202410091406.9A priority Critical patent/CN117978946B/en
Publication of CN117978946A publication Critical patent/CN117978946A/en
Application granted granted Critical
Publication of CN117978946B publication Critical patent/CN117978946B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/14Systems for two-way working
    • H04N7/15Conference systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The application provides a security management method and a security management system for a cloud computing video conference, wherein the method comprises the following steps: responding to a request for creating the video conference, creating the video conference based on the content of the request for creating the video conference, and generating conference joining information; after the meeting information is encrypted, an encrypted data packet of the meeting information is obtained, and decryption data corresponding to the encrypted data packet of the meeting information is packed into a decrypted data packet of the meeting information; searching all terminal equipment needing to be joined based on the content of the video conference creating request, and sending the joining information encryption data packet and the joining information decryption data packet to the terminal equipment needing to be joined through different channels; receiving the decrypted meeting information and the identity information of the terminal equipment, and verifying the terminal equipment based on the decrypted meeting information and the identity information of the terminal equipment. The method and the device for improving the cloud computing video conference safety and the cloud computing video conference joining efficiency are achieved.

Description

一种云计算视频会议的安全管理方法及系统A security management method and system for cloud computing video conferencing

技术领域Technical Field

本申请涉及移动通讯技术领域,尤其涉及一种云计算视频会议的安全管理方法及系统。The present application relates to the field of mobile communication technology, and in particular to a security management method and system for cloud computing video conferencing.

背景技术Background technique

随着互联网技术的快速发展,以网络为媒介的线上视频会议可以突破时间、地域的限制,直接通过互联网创建视频会议实现面对面交流的效果,目前,视频会议包括云视频会议和传统自建视频会议。云视频会议相对于传统自建视频会议,因为是基于公网运行,所以产品形态更加多样化,应用场景更为复杂。With the rapid development of Internet technology, online video conferencing based on the Internet can break through the limitations of time and region, and directly create video conferencing through the Internet to achieve the effect of face-to-face communication. At present, video conferencing includes cloud video conferencing and traditional self-built video conferencing. Compared with traditional self-built video conferencing, cloud video conferencing is based on the public network, so the product form is more diversified and the application scenarios are more complex.

目前,普遍将视频会议软件安装在移动终端(手机、台式机或者笔记本电脑)上,登录视频会议软件后,进入云视频会议,该方式适合出差在外或者个人办公使用,具备视频会议和办公协同功能。At present, video conferencing software is generally installed on mobile terminals (mobile phones, desktops or laptops). After logging into the video conferencing software, you can enter the cloud video conference. This method is suitable for business trips or personal office use, and has video conferencing and office collaboration functions.

云视频会议(云计算视频会议)是由参加线上会议的会议发起人通过终端设备在云服务器上创建的会议群组,云会议创建后会生成相应的入会信息(云会议加入码、链接等),参会者使用各自的用户设备输入入会信息,加入到云会议中,这种方式需要用户一步步操作,操作麻烦,并且参会者较多的情况下,查看参会者是否全部入会较为麻烦,另外,入会信息容易被盗取,非法人员通过盗取的入会信息加入云会议,造成会议内容的泄露,造成较大的安全隐患,如果会议发起人再对用户身份进行一一验证,验证也较为麻烦,会造成时间的浪费、会议的延迟,以及验证的不准确。Cloud video conferencing (cloud computing video conferencing) is a conference group created by the conference initiator participating in the online conference on the cloud server through the terminal device. After the cloud conference is created, the corresponding membership information (cloud conference joining code, link, etc.) will be generated. Participants use their respective user devices to enter the membership information and join the cloud conference. This method requires users to operate step by step, which is cumbersome to operate. In addition, when there are many participants, it is more troublesome to check whether all participants have joined the meeting. In addition, the membership information is easily stolen. Illegal personnel join the cloud conference through the stolen membership information, resulting in the leakage of meeting content and causing greater security risks. If the conference initiator verifies the user identity one by one, the verification is also more troublesome, which will cause waste of time, delay of the meeting, and inaccurate verification.

因此,目前亟需解决的技术问题是,如何提高云计算视频会议的安全性和提高云计算视频会议的加入效率。Therefore, the technical problem that urgently needs to be solved is how to improve the security of cloud computing video conferencing and improve the efficiency of joining cloud computing video conferencing.

发明内容Summary of the invention

本申请的目的在于提供一种云计算视频会议的安全管理方法及系统,实现提高云计算视频会议的安全性和提高云计算视频会议的加入效率。The purpose of this application is to provide a security management method and system for cloud computing video conferencing, so as to improve the security of cloud computing video conferencing and improve the efficiency of joining cloud computing video conferencing.

为达到上述目的,作为本申请的第一方面,本申请提供一种云计算视频会议的安全管理方法,该方法包括如下步骤:To achieve the above-mentioned purpose, as a first aspect of the present application, the present application provides a method for managing security of a cloud computing video conference, the method comprising the following steps:

响应于创建视频会议的请求,基于创建视频会议请求的内容,创建视频会议,并生成入会信息;In response to a request to create a video conference, based on the content of the request to create a video conference, create a video conference and generate conference joining information;

将入会信息进行加密后,获得入会信息加密数据包,将入会信息加密数据包对应的解密数据打包为入会信息解密数据包;After encrypting the membership information, an encrypted membership information data packet is obtained, and decrypted data corresponding to the encrypted membership information data packet is packaged into a decrypted membership information data packet;

基于创建视频会议请求的内容,搜索所有需要入会的终端设备,将入会信息加密数据包和入会信息解密数据包通过不同的通道发送给需要入会的终端设备;Based on the content of the video conference creation request, search for all terminal devices that need to join the conference, and send the encrypted data packet and the decrypted data packet of the conference information to the terminal devices that need to join the conference through different channels;

接收解密后的入会信息,以及终端设备的身份信息,基于解密后的入会信息,以及终端设备的身份信息,对终端设备进行验证,若验证通过,则允许该终端设备加入视频会议中,否则,禁止该终端设备加入视频会议中。The decrypted joining information and the identity information of the terminal device are received, and the terminal device is verified based on the decrypted joining information and the identity information of the terminal device. If the verification is successful, the terminal device is allowed to join the video conference, otherwise, the terminal device is prohibited from joining the video conference.

如上所述的云计算视频会议的安全管理方法,其中,该方法还包括如下步骤:统计所有需要入会的终端设备是否已经加入视频会议中,若是,则关闭视频会议的加入通道,在视频会议中发送入会人员全部入会的通知,否则,无需关闭视频会议的加入通道。The security management method for cloud computing video conferencing as described above, wherein the method also includes the following steps: counting whether all terminal devices that need to join the conference have joined the video conference; if so, closing the joining channel of the video conference, and sending a notification of all participants joining the conference in the video conference; otherwise, there is no need to close the joining channel of the video conference.

如上所述的云计算视频会议的安全管理方法,其中,该方法还包括如下步骤:The security management method for cloud computing video conferencing as described above, wherein the method further comprises the following steps:

接收入会的终端设备发送的音视频数据流,并存储在云端。Receive audio and video data streams sent by participating terminal devices and store them in the cloud.

如上所述的云计算视频会议的安全管理方法,其中,该方法还包括如下步骤:The security management method for cloud computing video conferencing as described above, wherein the method further comprises the following steps:

响应于一个或多个音视频数据流的画面播放请求,向终端设备发送音视频数据流,在终端设备播放相应的音视频数据流。In response to a picture play request of one or more audio and video data streams, the audio and video data streams are sent to the terminal device, and the corresponding audio and video data streams are played on the terminal device.

如上所述的云计算视频会议的安全管理方法,其中,该方法还包括如下步骤:The security management method for cloud computing video conferencing as described above, wherein the method further comprises the following steps:

采集终端设备的音视频数据流的异常数据和异常风险数据;Collect abnormal data and abnormal risk data of the audio and video data streams of terminal devices;

根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值;Calculate the risk value of the terminal device based on the abnormal data and abnormal risk data of the audio and video data stream of the terminal device;

比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测。Compare the risk value of the terminal device with the preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, the terminal device is removed from the video conference. Otherwise, continue to perform security monitoring on the terminal device.

作为本申请的第二方面,本申请提供一种云计算视频会议的安全管理系统,执行所述的云计算视频会议的安全管理方法,该系统包括:As a second aspect of the present application, the present application provides a cloud computing video conferencing security management system, which executes the cloud computing video conferencing security management method, and the system includes:

创建模块,用于响应于创建视频会议的请求,基于创建视频会议请求的内容,创建视频会议,并生成入会信息;A creation module, configured to respond to a request for creating a video conference, create a video conference based on the content of the request for creating a video conference, and generate conference joining information;

生成模块,用于将入会信息进行加密后,获得入会信息加密数据包,将入会信息加密数据包对应的解密数据打包为入会信息解密数据包;A generating module, used for encrypting the membership information to obtain an encrypted membership information data packet, and packaging the decrypted data corresponding to the encrypted membership information data packet into a decrypted membership information data packet;

发送模块,用于基于创建视频会议请求的内容,搜索所有需要入会的终端设备,将入会信息加密数据包和入会信息解密数据包通过不同的通道发送给需要入会的终端设备;The sending module is used to search all the terminal devices that need to join the conference based on the content of the video conference creation request, and send the encrypted data packet of the joining information and the decrypted data packet of the joining information to the terminal devices that need to join the conference through different channels;

验证模块,用于接收解密后的入会信息,以及终端设备的身份信息,基于解密后的入会信息,以及终端设备的身份信息,对终端设备进行验证,若验证通过,则允许该终端设备加入视频会议中,否则,禁止该终端设备加入视频会议中。The verification module is used to receive the decrypted joining information and the identity information of the terminal device, and verify the terminal device based on the decrypted joining information and the identity information of the terminal device. If the verification is successful, the terminal device is allowed to join the video conference, otherwise, the terminal device is prohibited from joining the video conference.

如上所述的云计算视频会议的安全管理系统,其中,该系统还包括:The security management system for cloud computing video conferencing as described above, wherein the system further comprises:

统计模块,用于统计所有需要入会的终端设备是否已经加入视频会议中,若是,则关闭视频会议的加入通道,在视频会议中发送入会人员全部入会的通知,否则,无需关闭视频会议的加入通道。The statistics module is used to count whether all terminal devices that need to join the conference have joined the video conference. If so, the joining channel of the video conference is closed and a notification of all the participants joining the conference is sent in the video conference. Otherwise, there is no need to close the joining channel of the video conference.

如上所述的云计算视频会议的安全管理系统,其中,该系统还包括:The security management system for cloud computing video conferencing as described above, wherein the system further comprises:

存储模块,用于接收入会的终端设备发送的音视频数据流,并存储在云端。The storage module is used to receive the audio and video data streams sent by the terminal devices participating in the conference and store them in the cloud.

如上所述的云计算视频会议的安全管理系统,其中,该系统还包括:The security management system for cloud computing video conferencing as described above, wherein the system further comprises:

数据传输模块,用于响应于一个或多个音视频数据流的画面播放请求,向终端设备发送音视频数据流,在终端设备播放相应的音视频数据流。The data transmission module is used to respond to a picture playback request of one or more audio and video data streams, send the audio and video data streams to the terminal device, and play the corresponding audio and video data streams on the terminal device.

如上所述的云计算视频会议的安全管理系统,其中,该系统还包括:The security management system for cloud computing video conferencing as described above, wherein the system further comprises:

采集模块,用于采集终端设备的音视频数据流的异常数据和异常风险数据;A collection module, used to collect abnormal data and abnormal risk data of the audio and video data streams of the terminal device;

数据处理器,用于根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值;A data processor, used for calculating a risk value of the terminal device according to abnormal data and abnormal risk data of the audio and video data stream of the terminal device;

数据比较器,用于比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测。The data comparator is used to compare the risk value of the terminal device with the preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, the terminal device is removed from the video conference. Otherwise, the terminal device continues to be monitored for security.

本申请实现的有益效果如下:The beneficial effects achieved by this application are as follows:

(1)本申请一种云计算视频会议的安全管理方法及系统,对加入视频会议的终端设备进行验证,实现提高云计算视频会议的安全性。(1) The present application provides a security management method and system for cloud computing video conferencing, which verifies terminal devices joining a video conference to improve the security of cloud computing video conferencing.

(2)本申请一种云计算视频会议的安全管理方法及系统,实现自动邀请终端设备加入会议,自动对终端设备的身份进行验证,无需人工邀请和验证操作,提高云计算视频会议的安全性的同时,还提高云计算视频会议的加入效率。(2) The present application provides a security management method and system for cloud computing video conferencing, which can automatically invite terminal devices to join the conference and automatically verify the identity of the terminal devices without manual invitation and verification operations. While improving the security of cloud computing video conferencing, it also improves the efficiency of joining cloud computing video conferencing.

(3)本申请通过第一通道和第二通道这两个通道分别给所有需要入会的终端设备发送入会信息加密数据包和入会信息解密数据包,避免入会信息加密数据包和入会信息解密数据包被同一个恶意设备截获,从而避免恶意设备同时获得入会信息加密数据包和入会信息解密数据包,进而使得恶意设备无法通过入会信息解密数据包对入会信息加密数据包进行解密,避免入会信息的泄露。(3) The present application sends a membership information encryption data packet and a membership information decryption data packet to all terminal devices that need to join the meeting through the first channel and the second channel, respectively, to prevent the membership information encryption data packet and the membership information decryption data packet from being intercepted by the same malicious device, thereby preventing the malicious device from simultaneously obtaining the membership information encryption data packet and the membership information decryption data packet, and further making it impossible for the malicious device to decrypt the membership information encryption data packet through the membership information decryption data packet, thereby preventing the leakage of membership information.

(4)本申请根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值,比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测,提高云计算视频会议的安全性。(4) The present application calculates the risk value of the terminal device based on the abnormal data and abnormal risk data of the audio and video data stream of the terminal device, and compares the risk value of the terminal device with the preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, the terminal device is removed from the video conference. Otherwise, the terminal device continues to be monitored for security, thereby improving the security of cloud computing video conferencing.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域技术人员来讲,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in the present application. For those skilled in the art, other drawings can also be obtained based on these drawings.

图1为本申请实施例的一种云计算视频会议的安全管理方法的流程图。FIG1 is a flow chart of a security management method for a cloud computing video conference according to an embodiment of the present application.

图2为本申请实施例的一种云计算视频会议的安全管理系统的结构示意图。FIG2 is a schematic diagram of the structure of a security management system for cloud computing video conferencing according to an embodiment of the present application.

图3为本申请实施例的一种云计算视频会议的安全架构示意图。FIG3 is a schematic diagram of a security architecture of a cloud computing video conference according to an embodiment of the present application.

具体实施方式Detailed ways

下面结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following is a clear and complete description of the technical solutions in the embodiments of the present application in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those skilled in the art without creative work are within the scope of protection of the present application.

实施例一Embodiment 1

如图1所示,本申请提供一种云计算视频会议的安全管理方法,该方法包括如下步骤:As shown in FIG1 , the present application provides a method for managing security of a cloud computing video conference, the method comprising the following steps:

步骤S1,响应于创建视频会议的请求,基于创建视频会议请求的内容,创建视频会议,并生成入会信息。Step S1, in response to a request for creating a video conference, based on the content of the request for creating a video conference, creating a video conference and generating conference joining information.

作为本发明的具体实施例,创建视频会议请求的内容包括:请求会议的主题、时间、参会人员的通信通道和参会人员的身份信息等。As a specific embodiment of the present invention, the content of the request for creating a video conference includes: the subject and time of the requested conference, the communication channels of the participants and the identity information of the participants, etc.

作为本发明的具体实施例,响应于云计算视频会议创建成功,将入会信息进行加密后,发送给会议创建者。As a specific embodiment of the present invention, in response to the successful creation of the cloud computing video conference, the conference entry information is encrypted and sent to the conference creator.

作为本发明的具体实施例,会议创建者向云服务器发送创建视频会议的请求,并且向云服务器发送参会人员的身份信息,云服务器响应于创建视频会议的请求创建视频会议,生成入会信息(包括入会的口令、链接和主题等),并对入会信息进行加密,将加密后的入会信息发送给创建者。As a specific embodiment of the present invention, the conference creator sends a request to create a video conference to the cloud server, and sends the identity information of the participants to the cloud server. The cloud server creates a video conference in response to the request to create a video conference, generates joining information (including a joining password, link and topic, etc.), encrypts the joining information, and sends the encrypted joining information to the creator.

步骤S2,将入会信息进行加密后,获得入会信息加密数据包,将入会信息加密数据包对应的解密数据打包为入会信息解密数据包。Step S2: After encrypting the membership information, an encrypted membership information data packet is obtained, and the decrypted data corresponding to the encrypted membership information data packet is packaged into a decrypted membership information data packet.

作为本发明的具体实施例,将入会信息进行加密的方法包括:通过密钥加密、通过口令加密或通过加密算法加密,在此,不限制入会信息的加密方法,可以选择现有的加密方法对入会信息进行加密。As a specific embodiment of the present invention, the method for encrypting the membership information includes: encryption by key, encryption by password or encryption by encryption algorithm. Here, the encryption method of the membership information is not limited, and an existing encryption method can be selected to encrypt the membership information.

步骤S3,基于创建视频会议请求的内容,搜索所有需要入会的终端设备,将入会信息加密数据包和入会信息解密数据包通过不同的通道发送给需要入会的终端设备。Step S3, based on the content of the request to create a video conference, search for all terminal devices that need to join the conference, and send the encrypted data packet of the joining information and the decrypted data packet of the joining information to the terminal devices that need to join the conference through different channels.

具体的,通过第一通道将入会信息加密数据包发送给所有需要入会的终端设备,通过第二通道将入会信息解密数据包发送给所有需要入会的终端设备。Specifically, the encrypted data packet of the joining information is sent to all the terminal devices that need to join the conference through the first channel, and the decrypted data packet of the joining information is sent to all the terminal devices that need to join the conference through the second channel.

具体的,终端设备根据入会信息解密数据包将入会信息加密数据包中的入会信息解密,获得入会信息。Specifically, the terminal device decrypts the membership information in the membership information encrypted data packet according to the membership information decryption data packet to obtain the membership information.

本发明通过第一通道和第二通道这两个通道分别给所有需要入会的终端设备发送入会信息加密数据包和入会信息解密数据包,避免入会信息加密数据包和入会信息解密数据包被同一个恶意设备截获,从而避免恶意设备同时获得入会信息加密数据包和入会信息解密数据包,进而使得恶意设备无法通过入会信息解密数据包对入会信息加密数据包进行解密,避免入会信息的泄露。The present invention sends a membership information encryption data packet and a membership information decryption data packet to all terminal devices that need to join the meeting through the first channel and the second channel respectively, so as to prevent the membership information encryption data packet and the membership information decryption data packet from being intercepted by the same malicious device, thereby preventing the malicious device from simultaneously obtaining the membership information encryption data packet and the membership information decryption data packet, thereby making it impossible for the malicious device to decrypt the membership information encryption data packet through the membership information decryption data packet, thereby preventing the leakage of the membership information.

作为本发明的一个具体实施例,第一通道和第二通道可以采用加密数据传输通道。As a specific embodiment of the present invention, the first channel and the second channel may adopt encrypted data transmission channels.

步骤S4,接收解密后的入会信息,以及终端设备的身份信息,基于解密后的入会信息,以及终端设备的身份信息,对终端设备进行验证,若验证通过,则允许该终端设备加入视频会议中,否则,禁止该终端设备加入视频会议中。Step S4, receiving the decrypted joining information and the identity information of the terminal device, and verifying the terminal device based on the decrypted joining information and the identity information of the terminal device. If the verification passes, the terminal device is allowed to join the video conference, otherwise, the terminal device is prohibited from joining the video conference.

其中,终端设备的身份信息包括:用户身份、IP地址、MAC地址、证书等。Among them, the identity information of the terminal device includes: user identity, IP address, MAC address, certificate, etc.

作为本发明的具体实施例,对终端设备进行验证的方法为:根据创建视频会议请求的内容中参会人员的身份信息,判断终端设备的身份信息是否与创建视频会议请求的内容中参会人员的身份信息一致,若一致,则终端设备的验证通过,否则,终端设备的验证不通过。As a specific embodiment of the present invention, the method for verifying the terminal device is: based on the identity information of the participants in the content of the video conference request, determine whether the identity information of the terminal device is consistent with the identity information of the participants in the content of the video conference request; if they are consistent, the verification of the terminal device succeeds; otherwise, the verification of the terminal device fails.

步骤S5,统计所有需要入会的终端设备是否已经加入视频会议中,若是,则关闭视频会议的加入通道,在视频会议中发送入会人员全部入会的通知,否则,无需关闭视频会议的加入通道。Step S5, counting whether all the terminal devices that need to join the conference have joined the video conference, if so, closing the joining channel of the video conference, and sending a notification of all the participants joining the conference in the video conference, otherwise, there is no need to close the joining channel of the video conference.

步骤S6,接收入会的终端设备发送的音视频数据流,并存储在云端。Step S6, receiving the audio and video data stream sent by the terminal device joining the conference and storing it in the cloud.

其中,云端具有较大的存储空间,能够存储所有加入视频会议的终端设备发送的音视频数据流,并且方便实现所有加入视频会议的终端设备发送的音视频数据流的数据共享。Among them, the cloud has a large storage space, which can store the audio and video data streams sent by all terminal devices joining the video conference, and facilitate the data sharing of the audio and video data streams sent by all terminal devices joining the video conference.

步骤S7,响应于一个或多个音视频数据流的画面播放请求,向终端设备发送音视频数据流,在终端设备播放相应的音视频数据流。Step S7, in response to a picture play request of one or more audio and video data streams, the audio and video data streams are sent to the terminal device, and the corresponding audio and video data streams are played on the terminal device.

具体的,云服务器响应于一个或多个音视频数据流的画面播放请求,向终端设备发送音视频数据流,在终端设备播放相应的音视频数据流。Specifically, the cloud server responds to a picture playback request of one or more audio and video data streams, sends the audio and video data streams to the terminal device, and plays the corresponding audio and video data streams on the terminal device.

作为本发明具体的实施例,终端设备包括主屏画面区和分屏画面区,用户可以在终端设备的主屏画面区和分屏画面区分别选择对应播放的音视频数据流,用户可以在主屏画面区和分屏画面区选择来自不同终端设备的音视频数据流,从而播放不同终端设备的音视频数据流,获取不同终端设备共享的音视频数据流,用户根据选择的音视频数据流,在主屏画面区和分屏画面区播放相应的画面,用户可以只选择在主屏画面区或分屏画面区播放相应的画面,方便实现不同终端设备之间的数据共享。As a specific embodiment of the present invention, the terminal device includes a main screen area and a split-screen area. The user can respectively select the corresponding audio and video data streams to be played in the main screen area and the split-screen area of the terminal device. The user can select the audio and video data streams from different terminal devices in the main screen area and the split-screen area, thereby playing the audio and video data streams of different terminal devices and obtaining the audio and video data streams shared by different terminal devices. The user plays the corresponding pictures in the main screen area and the split-screen area according to the selected audio and video data streams. The user can choose to play the corresponding pictures only in the main screen area or the split-screen area, thereby facilitating data sharing between different terminal devices.

作为本发明的具体实施例,用户可以根据需要,自由切换主屏画面区和分屏画面区所播放的音视频数据流。As a specific embodiment of the present invention, the user can freely switch the audio and video data streams played in the main screen area and the split screen area as needed.

步骤S8,采集终端设备的音视频数据流的异常数据和异常风险数据,根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值。Step S8, collecting abnormal data and abnormal risk data of the audio and video data stream of the terminal device, and calculating the risk value of the terminal device according to the abnormal data and abnormal risk data of the audio and video data stream of the terminal device.

其中,音视频数据流的异常数据的种类包括:视频或音频信号插入数据(包括插入异常画面或声音等)、视频或音频信号缺失数据(缺失画面帧或缺失音频信号等)和异常数据插入(插入攻击脚本、插入恶意链接、插入弹窗数据等)。Among them, the types of abnormal data in audio and video data streams include: video or audio signal insertion data (including insertion of abnormal pictures or sounds, etc.), video or audio signal missing data (missing picture frames or missing audio signals, etc.) and abnormal data insertion (insertion of attack scripts, insertion of malicious links, insertion of pop-up window data, etc.).

其中,终端设备的异常风险数据包括:终端设备的视频会议软件存在漏洞的数量、终端设备中存在恶意软件的数量、监测终端设备存在钓鱼式攻击的数量。Among them, abnormal risk data of terminal devices include: the number of vulnerabilities in the video conferencing software of terminal devices, the number of malware in terminal devices, and the number of phishing attacks on monitored terminal devices.

其中,在终端设备传送音视频数据流的前一段时间内(例如5天)和传送音视频数据流的过程中,采集终端设备的异常风险数据。Among them, abnormal risk data of the terminal device is collected during a period of time before the terminal device transmits the audio and video data stream (for example, 5 days) and during the process of transmitting the audio and video data stream.

具体的,根据终端设备的音视频数据流的异常数据和异常风险数据,每间隔一定时间(例如10分钟、20分钟),计算终端设备的风险值。Specifically, based on the abnormal data and abnormal risk data of the audio and video data stream of the terminal device, the risk value of the terminal device is calculated at regular intervals (eg, 10 minutes, 20 minutes).

具体的,终端设备的风险值的计算公式如下:Specifically, the calculation formula for the risk value of the terminal device is as follows:

其中,Fz表示终端设备的风险值;α1表示音视频数据流的异常数据的影响权重;M表示音视频数据流的异常数据的总种类数;Ni表示第i种音视频数据流的异常数据出现的个数;Wi表示第i种音视频数据流的异常数据的影响因子;Uij表示第i种音视频数据流的异常数据中第j个异常数据的危险值;α2表示终端设备的异常风险数据的影响权重;H表示终端设备的异常风险数据的总种类数;Qh表示终端设备的第h种异常风险数据的影响因子;Ph表示终端设备出现第h种异常风险数据的次数;v1表示终端设备第h种异常风险数据成功攻击终端设备的影响权重因子;Ph表示终端设备出现第h种异常风险数据的次数;Pc表示终端设备出现第h种异常风险数据成功攻击终端设备的次数;v2表示终端设备的第h种异常风险数据的侵入手段侵入成功的影响权重因子;Vh表示终端设备的第h种异常风险数据的侵入手段总种类数;VCh表示终端设备的第h种异常风险数据的侵入手段侵入成功的数量;v3表示终端设备的侵入手段实施成功的容易度影响权重因子;Gr表示第r种侵入手段实施的次数;Dr表示第r种侵入手段的侵入成功所需要的时间。Wherein, Fz represents the risk value of the terminal device; α1 represents the influence weight of the abnormal data of the audio and video data stream; M represents the total number of types of abnormal data of the audio and video data stream; Ni represents the number of abnormal data of the i-th audio and video data stream; Wi represents the influence factor of the abnormal data of the i-th audio and video data stream; Uij represents the danger value of the j-th abnormal data in the abnormal data of the i-th audio and video data stream; α2 represents the influence weight of the abnormal risk data of the terminal device; H represents the total number of types of abnormal risk data of the terminal device; Qh represents the influence factor of the h-th abnormal risk data of the terminal device; Ph represents the number of times the h-th abnormal risk data appears in the terminal device; v1 represents the influence weight factor of the successful attack of the terminal device by the h-th abnormal risk data of the terminal device; Ph represents the number of times the h-th abnormal risk data appears in the terminal device; Pc represents the number of successful attacks on the terminal device by the h-th abnormal risk data of the terminal device; v2 represents the influence weight factor of the successful intrusion of the h-th abnormal risk data of the terminal device; Vh represents the total number of intrusion means of the h-th abnormal risk data of the terminal device; VCh represents the number of successful intrusions of the h-th abnormal risk data of the terminal device; v 3 represents the weight factor affecting the ease of successful implementation of the intrusion means of the terminal device; Gr represents the number of times the r-th intrusion means is implemented; and Dr represents the time required for the successful intrusion of the r-th intrusion means.

步骤S9,比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测。Step S9, compare the risk value of the terminal device with the preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, remove the terminal device from the video conference. Otherwise, continue to perform security monitoring on the terminal device.

本申请根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值,比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测,提高云计算视频会议的安全性。本申请提高终端设备的风险值的计算准确度。The present application calculates the risk value of the terminal device based on the abnormal data and abnormal risk data of the audio and video data stream of the terminal device, and compares the risk value of the terminal device with the preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, the terminal device is removed from the video conference. Otherwise, the terminal device continues to be monitored for security, thereby improving the security of the cloud computing video conference. The present application improves the calculation accuracy of the risk value of the terminal device.

作为本发明的一个具体实施例,在终端设备正在进行视频会议的过程中,采集终端设备的网络通信性能数据,根据网络通信性能数据,计算终端设备的网络障碍评估值,比较终端设备的网络障碍评估值与预设阈值的大小,若终端设备的网络障碍评估值大于预设阈值,则提示终端设备网络障碍严重,需要切换优质网络,否则,继续对终端设备的网络通信性能进行监测。As a specific embodiment of the present invention, while the terminal device is conducting a video conference, network communication performance data of the terminal device is collected, and a network obstacle assessment value of the terminal device is calculated based on the network communication performance data. The network obstacle assessment value of the terminal device is compared with a preset threshold value. If the network obstacle assessment value of the terminal device is greater than the preset threshold value, it is prompted that the network obstacle of the terminal device is serious and it is necessary to switch to a high-quality network. Otherwise, the network communication performance of the terminal device continues to be monitored.

作为本发明的一个具体实施例,从终端设备加入视频会议后开始采集终端设备的网络通信性能数据。As a specific embodiment of the present invention, the network communication performance data of the terminal device is collected after the terminal device joins the video conference.

作为本发明的一个具体实施例,终端设备的网络障碍评估值的计算公式如下:As a specific embodiment of the present invention, the calculation formula of the network obstacle evaluation value of the terminal device is as follows:

其中,ZW表示终端设备的网络障碍评估值;表示终端设备的网络通信指标影响因子;Ps表示采样时间段内网络丢包率;Nw表示网络延迟时间;/>表示终端设备的实际画面卡顿影响因子;TZ表示采样时长;CH表示采样时长内出现画面卡顿的次数;Tf表示第f次画面卡顿的时长。Wherein, ZW represents the network obstacle assessment value of the terminal device; Indicates the influencing factor of the network communication index of the terminal device; Ps indicates the network packet loss rate during the sampling period; Nw indicates the network delay time; /> It represents the actual screen freeze impact factor of the terminal device; TZ represents the sampling duration; CH represents the number of screen freezes within the sampling duration; Tf represents the duration of the fth screen freeze.

本申请提高终端设备的网络障碍评估值的准确度,并且比较终端设备的网络障碍评估值与预设阈值的大小,若终端设备的网络障碍评估值大于预设阈值,则提示终端设备网络障碍严重,需要切换优质网络,否则,继续对终端设备的网络通信性能进行监测,从而使得终端设备在较优质的网络下进行视频会议,提高视频会议画面的流畅性。The present application improves the accuracy of the network obstacle assessment value of the terminal device, and compares the network obstacle assessment value of the terminal device with a preset threshold value. If the network obstacle assessment value of the terminal device is greater than the preset threshold value, it indicates that the network obstacle of the terminal device is serious and needs to be switched to a high-quality network. Otherwise, the network communication performance of the terminal device continues to be monitored, so that the terminal device can conduct video conferencing under a higher-quality network and improve the smoothness of the video conferencing picture.

如图3所示,本发明提供一种云计算视频会议的安全架构。具体的,该安全架构包括:As shown in FIG3 , the present invention provides a security architecture for cloud computing video conferencing. Specifically, the security architecture includes:

数据安全管理模块,提供数据隔离、数据访问控制、数据加密等安全防护措施。The data security management module provides security protection measures such as data isolation, data access control, and data encryption.

虚拟化安全管理模块,提供虚拟机隔离、虚拟防火墙等安全防护措施。The virtualization security management module provides security protection measures such as virtual machine isolation and virtual firewall.

管理安全模块,提供接入云视频会议认证、用户管理、日志审计、镜像签名等安全防护措施。The management security module provides security protection measures such as access to cloud video conferencing authentication, user management, log auditing, and image signing.

网络安全管理模块,提供防火墙、蠕虫检测、网络平面隔离、传输安全等安全防护措施。The network security management module provides security protection measures such as firewall, worm detection, network plane isolation, and transmission security.

设备安全管理模块,提供系统完整性保护、加固、补丁、病毒防护等安全防护措施。The device security management module provides security protection measures such as system integrity protection, reinforcement, patching, and virus protection.

物理安全管理模块,提供视频会议系统、云监控系统等。The physical security management module provides video conferencing systems, cloud monitoring systems, etc.

作为本发明的其他实施例,云计算视频会议从使用场景可以分为以下几类:As other embodiments of the present invention, cloud computing video conferencing can be divided into the following categories based on usage scenarios:

第一,会议室硬件视频会议终端:集成一体式硬件视频会议终端,部署在企业会议室,只需要连接上internet,即可召开视频会议,相对于传统专网视频会议,部署更为简单,而且成本更低,相较于软件视频会议,由于集成化设计,系统更稳定,专业性更强。First, conference room hardware video conferencing terminal: integrated all-in-one hardware video conferencing terminal, deployed in the company's conference room, only needs to be connected to the internet to hold a video conference. Compared with traditional private network video conferencing, the deployment is simpler and the cost is lower. Compared with software video conferencing, due to the integrated design, the system is more stable and more professional.

第二,视频会议软件:安装在台式机或者笔记本电脑上,适合出差在外或者个人办公使用,具备视频会议和办公协同功能,与云视频会议其他终端形成有效配合。Second, video conferencing software: installed on a desktop or laptop computer, suitable for business trips or personal office use, with video conferencing and office collaboration functions, and effective coordination with other cloud video conferencing terminals.

第三,电话会议:在没有网络的情况下,无法进入视频会议,云视频会议模式包含电话会议系统,将电话会议与视频会议无缝融合,通过云视频会议其他视频会议终端可以直接呼叫普通电话进入会议,让用户实现随时随地进入会议。Third, telephone conferencing: Without the Internet, it is impossible to enter a video conference. The cloud video conferencing mode includes a telephone conferencing system, which seamlessly integrates telephone conferencing and video conferencing. Through cloud video conferencing, other video conferencing terminals can directly call ordinary phones to enter the conference, allowing users to enter the conference anytime and anywhere.

第四,移动会议终端:随着移动互联网,智能手机,平板电脑的普及,会议终端更加多样化,云视频会议模式支持ipad,iphone,安卓智能手机,平板电脑视频会议接入,让会议无处不在。Fourth, mobile conference terminals: With the popularization of mobile Internet, smart phones, and tablet computers, conference terminals have become more diversified. The cloud video conferencing mode supports iPad, iPhone, Android smart phones, and tablet computer video conferencing access, making meetings ubiquitous.

本发明一种云计算视频会议的安全管理方法可以应用到上述使用场景。The security management method of cloud computing video conferencing of the present invention can be applied to the above-mentioned usage scenarios.

实施例二Embodiment 2

如图2所示,本申请提供一种云计算视频会议的安全管理系统100,执行所述的云计算视频会议的安全管理方法,该系统包括:As shown in FIG. 2 , the present application provides a cloud computing video conference security management system 100 for executing the cloud computing video conference security management method. The system includes:

创建模块1,用于响应于创建视频会议的请求,基于创建视频会议请求的内容,创建视频会议,并生成入会信息;A creation module 1, configured to respond to a request for creating a video conference, create a video conference based on the content of the request for creating a video conference, and generate conference joining information;

生成模块2,用于将入会信息进行加密后,获得入会信息加密数据包,将入会信息加密数据包对应的解密数据打包为入会信息解密数据包;Generating module 2, used for encrypting the membership information to obtain a membership information encrypted data packet, and packaging the decrypted data corresponding to the membership information encrypted data packet into a membership information decrypted data packet;

发送模块3,用于基于创建视频会议请求的内容,搜索所有需要入会的终端设备,将入会信息加密数据包和入会信息解密数据包通过不同的通道发送给需要入会的终端设备;The sending module 3 is used to search all the terminal devices that need to join the conference based on the content of the video conference creation request, and send the encrypted data packet of the joining information and the decrypted data packet of the joining information to the terminal devices that need to join the conference through different channels;

验证模块4,用于接收解密后的入会信息,以及终端设备的身份信息,基于解密后的入会信息,以及终端设备的身份信息,对终端设备进行验证,若验证通过,则允许该终端设备加入视频会议中,否则,禁止该终端设备加入视频会议中。Verification module 4 is used to receive the decrypted joining information and the identity information of the terminal device, and verify the terminal device based on the decrypted joining information and the identity information of the terminal device. If the verification is successful, the terminal device is allowed to join the video conference, otherwise, the terminal device is prohibited from joining the video conference.

统计模块5,用于统计所有需要入会的终端设备是否已经加入视频会议中,若是,则关闭视频会议的加入通道,在视频会议中发送入会人员全部入会的通知,否则,无需关闭视频会议的加入通道。Statistics module 5 is used to count whether all terminal devices that need to join the conference have joined the video conference. If so, the joining channel of the video conference is closed and a notification of all the participants joining the conference is sent in the video conference. Otherwise, there is no need to close the joining channel of the video conference.

存储模块6,用于接收入会的终端设备发送的音视频数据流,并存储在云端。The storage module 6 is used to receive the audio and video data streams sent by the terminal devices joining the conference and store them in the cloud.

数据传输模块7,用于响应于一个或多个音视频数据流的画面播放请求,向终端设备发送音视频数据流,在终端设备播放相应的音视频数据流。The data transmission module 7 is used to respond to a picture playing request of one or more audio and video data streams, send the audio and video data streams to the terminal device, and play the corresponding audio and video data streams on the terminal device.

采集模块8,用于采集终端设备的音视频数据流的异常数据和异常风险数据;A collection module 8, used to collect abnormal data and abnormal risk data of the audio and video data stream of the terminal device;

数据处理器9,用于根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值;A data processor 9, configured to calculate a risk value of the terminal device according to the abnormal data and abnormal risk data of the audio and video data stream of the terminal device;

数据比较器10,用于比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测。The data comparator 10 is used to compare the risk value of the terminal device with a preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, the terminal device is removed from the video conference. Otherwise, the terminal device continues to be monitored for security.

本发明实施例提供一种处理器,用于处理上述的一种云计算视频会议的安全管理方法。An embodiment of the present invention provides a processor for processing the above-mentioned security management method for cloud computing video conferencing.

在本发明实施例中,处理器可以是一种集成电路芯片,具有信号的处理能力。处理器可以是通用处理器、数字信号处理器(Digital Signal Processor,简称DSP)、专用集成电路(Application Specific Integrated Circuit,简称ASIC)、现场可编程门阵列(FieldProgrammable Gate Array,简称FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。In the embodiment of the present invention, the processor may be an integrated circuit chip having the signal processing capability. The processor may be a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components.

可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本发明实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。处理器读取存储介质中的信息,结合其硬件完成上述方法的步骤。The methods, steps and logic block diagrams disclosed in the embodiments of the present invention can be implemented or executed. The general processor can be a microprocessor or the processor can also be any conventional processor, etc. The steps of the method disclosed in the embodiments of the present invention can be directly embodied as a hardware decoding processor for execution, or can be executed by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field such as a random access memory, a flash memory, a read-only memory, a programmable read-only memory or an electrically erasable programmable memory, a register, etc. The processor reads the information in the storage medium and completes the steps of the above method in combination with its hardware.

存储介质可以是存储器,例如可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。The storage medium may be a memory, which may be, for example, a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memory.

其中,非易失性存储器可以是只读存储器(Read-Only Memory,简称ROM)、可编程只读存储器(Programmable ROM,简称PROM)、可擦除可编程只读存储器(Erasable PROM,简称Z230078F8XM2016.EPROM)、电可擦除可编程只读存储器(Electrically EPROM,简称EEPROM)或闪存。易失性存储器可以是随机存取存储器(Random Access Memory,简称RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(Static RAM,简称SRAM)、动态随机存取存储器(Dynamic RAM,简称DRAM)、同步动态随机存取存储器(Synchronous DRAM,简称SDRAM)、双倍数据速率同步动态随机存取存储器(Double Data Rate SDRAM,简称DDRSDRAM)、增强型同步动态随机存取存储器(Enhanced SDRAM,简称ESDRAM)、同步连接动态随机存取存储器(Synchlink DRAM,简称SLDRAM)和直接内存总线随机存取存储器(Direct Rambus RAM,简称DRRAM)。Among them, the non-volatile memory can be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory. The volatile memory can be a random access memory (RAM), which is used as an external cache. By way of example but not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), double data rate synchronous dynamic random access memory (DDRSDRAM), enhanced synchronous dynamic random access memory (ESDRAM), synchronous link dynamic random access memory (SLDRAM) and direct RAM bus random access memory (DRRAM).

本申请实现的有益效果如下:The beneficial effects achieved by this application are as follows:

(1)本申请一种云计算视频会议的安全管理方法及系统,对加入视频会议的终端设备进行验证,实现提高云计算视频会议的安全性。(1) The present application provides a cloud computing video conferencing security management method and system, which verifies terminal devices that join the video conference to improve the security of the cloud computing video conference.

(2)本申请一种云计算视频会议的安全管理方法及系统,实现自动邀请终端设备加入会议,自动对终端设备的身份进行验证,无需人工邀请和验证操作,提高云计算视频会议的安全性的同时,还提高云计算视频会议的加入效率。(2) The present application provides a security management method and system for cloud computing video conferencing, which can automatically invite terminal devices to join the conference and automatically verify the identity of the terminal devices without manual invitation and verification operations. While improving the security of cloud computing video conferencing, it also improves the efficiency of joining cloud computing video conferencing.

(3)本申请通过第一通道和第二通道这两个通道分别给所有需要入会的终端设备发送入会信息加密数据包和入会信息解密数据包,避免入会信息加密数据包和入会信息解密数据包被同一个恶意设备截获,从而避免恶意设备同时获得入会信息加密数据包和入会信息解密数据包,进而使得恶意设备无法通过入会信息解密数据包对入会信息加密数据包进行解密,避免入会信息的泄露。(3) The present application sends a membership information encryption data packet and a membership information decryption data packet to all terminal devices that need to join the meeting through the first channel and the second channel, respectively, to prevent the membership information encryption data packet and the membership information decryption data packet from being intercepted by the same malicious device, thereby preventing the malicious device from simultaneously obtaining the membership information encryption data packet and the membership information decryption data packet, and further making it impossible for the malicious device to decrypt the membership information encryption data packet through the membership information decryption data packet, thereby preventing the leakage of membership information.

(4)本申请根据终端设备的音视频数据流的异常数据和异常风险数据,计算终端设备的风险值,比较终端设备的风险值与预设安全阈值的大小,若终端设备的风险值大于预设安全阈值,则将该终端设备从视频会议中剔除,否则,继续对终端设备进行安全监测,提高云计算视频会议的安全性。(4) The present application calculates the risk value of the terminal device based on the abnormal data and abnormal risk data of the audio and video data stream of the terminal device, and compares the risk value of the terminal device with the preset security threshold. If the risk value of the terminal device is greater than the preset security threshold, the terminal device is removed from the video conference. Otherwise, the terminal device continues to be monitored for security, thereby improving the security of cloud computing video conferencing.

在本申请的描述中,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个所述特征。在本申请的描述中,“多个”的含义是两个或两个以上,除非另有明确具体的限定。In the description of this application, the terms "first" and "second" are used for descriptive purposes only and should not be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of the features. In the description of this application, the meaning of "plurality" is two or more, unless otherwise clearly and specifically defined.

在本申请的描述中,“例如”一词用来表示“用作例子、例证或说明”。本申请中被描述为“例如”的任何实施例不一定被解释为比其它实施例更优选或更具优势。为了使本领域任何技术人员能够实现和使用本发明,给出了以下描述。在以下描述中,为了解释的目的而列出了细节。应当明白的是,本领域普通技术人员可以认识到,在不使用这些特定细节的情况下也可以实现本发明。在其它实例中,不会对公知的结构和过程进行详细阐述,以避免不必要的细节使本发明的描述变得晦涩。因此,本发明并非旨在限于所示的实施例,而是与符合本申请所公开的原理和特征的最广范围相一致。In the description of the present application, the word "for example" is used to mean "used as an example, illustration or explanation". Any embodiment described as "for example" in the present application is not necessarily to be construed as being more preferred or advantageous than other embodiments. The following description is given to enable any technician in the field to implement and use the present invention. In the following description, details are listed for the purpose of explanation. It should be understood that a person of ordinary skill in the art can recognize that the present invention can be implemented without using these specific details. In other examples, well-known structures and processes will not be elaborated in detail to avoid obscuring the description of the present invention with unnecessary details. Therefore, the present invention is not intended to be limited to the embodiments shown, but is consistent with the widest scope consistent with the principles and features disclosed in the present application.

以上所述仅为本发明的实施方式而已,并不用于限制本发明。对于本领域技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原理内所做的任何修改、等同替换、改进等,均应包括在本发明的权利要求范围之内。The above description is only an embodiment of the present invention and is not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and variations. Any modification, equivalent substitution, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (10)

1. The security management method for the cloud computing video conference is characterized by comprising the following steps of:
Responding to a request for creating the video conference, creating the video conference based on the content of the request for creating the video conference, and generating conference joining information;
After the meeting information is encrypted, an encrypted data packet of the meeting information is obtained, and decryption data corresponding to the encrypted data packet of the meeting information is packed into a decrypted data packet of the meeting information;
Searching all terminal equipment needing to be joined based on the content of the video conference creating request, and sending the joining information encryption data packet and the joining information decryption data packet to the terminal equipment needing to be joined through different channels;
and receiving decrypted meeting information and identity information of the terminal equipment, verifying the terminal equipment based on the decrypted meeting information and the identity information of the terminal equipment, and if the verification is passed, allowing the terminal equipment to join the video conference, otherwise, prohibiting the terminal equipment from joining the video conference.
2. The method for security management of a cloud computing video conference according to claim 1, further comprising the steps of: and counting whether all terminal equipment needing to enter into the video conference or not, if so, closing a joining channel of the video conference, and sending a notification of all the personnel entering into the conference in the video conference, otherwise, not needing to close the joining channel of the video conference.
3. The method for security management of a cloud computing video conference according to claim 1, further comprising the steps of:
and receiving the audio and video data stream sent by the terminal equipment of the meeting, and storing the audio and video data stream in the cloud.
4. A method of security management for a cloud computing video conference as claimed in claim 3, further comprising the steps of:
And responding to the picture playing request of one or more audio and video data streams, sending the audio and video data streams to the terminal equipment, and playing the corresponding audio and video data streams at the terminal equipment.
5. The method for security management of a cloud computing video conference of claim 4, further comprising the steps of:
acquiring abnormal data and abnormal risk data of an audio and video data stream of terminal equipment;
Calculating a risk value of the terminal equipment according to the abnormal data and the abnormal risk data of the audio and video data stream of the terminal equipment;
comparing the risk value of the terminal equipment with a preset safety threshold, if the risk value of the terminal equipment is larger than the preset safety threshold, eliminating the terminal equipment from the video conference, otherwise, continuing to monitor the safety of the terminal equipment.
6. A security management system for a cloud computing video conference, characterized in that the method of one of claims 1 to 5 is performed, the system comprising:
The creation module is used for responding to the request for creating the video conference, creating the video conference based on the content of the request for creating the video conference and generating conference information;
the generation module is used for obtaining an encryption data packet of the meeting information after encrypting the meeting information, and packaging decryption data corresponding to the encryption data packet of the meeting information into the decryption data packet of the meeting information;
the sending module is used for searching all terminal equipment needing to be joined based on the content of the video conference creating request, and sending the joining information encryption data packet and the joining information decryption data packet to the terminal equipment needing to be joined through different channels;
And the verification module is used for receiving the decrypted conference information and the identity information of the terminal equipment, verifying the terminal equipment based on the decrypted conference information and the identity information of the terminal equipment, and if the verification is passed, allowing the terminal equipment to join the video conference, otherwise, prohibiting the terminal equipment from joining the video conference.
7. The security management system for a cloud computing video conference of claim 6, further comprising:
The statistics module is used for counting whether all terminal equipment needing to enter into the video conference or not, if yes, closing the joining channel of the video conference, and sending a notification of all the personnel entering into the conference in the video conference, otherwise, not needing to close the joining channel of the video conference.
8. The security management system for a cloud computing video conference of claim 6, further comprising:
And the storage module is used for receiving the audio and video data stream sent by the terminal equipment of the meeting and storing the audio and video data stream in the cloud.
9. The security management system for a cloud computing video conference of claim 8, further comprising:
and the data transmission module is used for responding to the picture playing request of one or more audio and video data streams, sending the audio and video data streams to the terminal equipment and playing the corresponding audio and video data streams at the terminal equipment.
10. The security management system for a cloud computing video conference of claim 9, further comprising:
the acquisition module is used for acquiring abnormal data and abnormal risk data of the audio and video data stream of the terminal equipment;
the data processor is used for calculating the risk value of the terminal equipment according to the abnormal data and the abnormal risk data of the audio and video data stream of the terminal equipment;
And the data comparator is used for comparing the risk value of the terminal equipment with a preset safety threshold value, if the risk value of the terminal equipment is larger than the preset safety threshold value, the terminal equipment is removed from the video conference, and otherwise, the safety monitoring of the terminal equipment is continued.
CN202410091406.9A 2024-01-22 2024-01-22 Security management method and system for cloud computing video conference Active CN117978946B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410091406.9A CN117978946B (en) 2024-01-22 2024-01-22 Security management method and system for cloud computing video conference

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410091406.9A CN117978946B (en) 2024-01-22 2024-01-22 Security management method and system for cloud computing video conference

Publications (2)

Publication Number Publication Date
CN117978946A true CN117978946A (en) 2024-05-03
CN117978946B CN117978946B (en) 2024-10-18

Family

ID=90845148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410091406.9A Active CN117978946B (en) 2024-01-22 2024-01-22 Security management method and system for cloud computing video conference

Country Status (1)

Country Link
CN (1) CN117978946B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106452749A (en) * 2016-10-18 2017-02-22 北京骏逸通达信息服务有限公司 Method and system for carrying out secret key and data separated transmission by satellite communication
WO2021190404A1 (en) * 2020-03-27 2021-09-30 阿里巴巴集团控股有限公司 Conference establishment and conference creation method, device and system, and storage medium
CN114615459A (en) * 2022-05-10 2022-06-10 全时云商务服务股份有限公司 Video conference joining method and device
CN116527837A (en) * 2023-05-06 2023-08-01 视联动力信息技术股份有限公司 Video conference processing method and device, electronic equipment and storage medium
CN116915658A (en) * 2023-09-12 2023-10-20 睿至科技集团有限公司 Internet of things fault detection method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106452749A (en) * 2016-10-18 2017-02-22 北京骏逸通达信息服务有限公司 Method and system for carrying out secret key and data separated transmission by satellite communication
WO2021190404A1 (en) * 2020-03-27 2021-09-30 阿里巴巴集团控股有限公司 Conference establishment and conference creation method, device and system, and storage medium
CN114615459A (en) * 2022-05-10 2022-06-10 全时云商务服务股份有限公司 Video conference joining method and device
CN116527837A (en) * 2023-05-06 2023-08-01 视联动力信息技术股份有限公司 Video conference processing method and device, electronic equipment and storage medium
CN116915658A (en) * 2023-09-12 2023-10-20 睿至科技集团有限公司 Internet of things fault detection method and system

Also Published As

Publication number Publication date
CN117978946B (en) 2024-10-18

Similar Documents

Publication Publication Date Title
US10664583B2 (en) Secure communication between a virtual smartcard enclave and a trusted I/O enclave
CN109361668B (en) Trusted data transmission method
CN107995499B (en) Media data processing method and device and related equipment
CN113557703B (en) Authentication method and device of network camera
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN111274578A (en) Data safety protection system and method for video monitoring system
US10311215B2 (en) Secure recording and rendering of encrypted multimedia content
CN111741268B (en) Video transmission method, device, server, equipment and medium
CN104113409A (en) Secret key managing method and system of SIP (session initiation protocol) video monitoring networking system
TW201539239A (en) Server, user device, and method of interaction between user device and server
WO2022134812A1 (en) Consortium blockchain-based multi-institution data processing method, apparatus, and related device
Sivaprasad Secured proactive network forensic framework
CN115022850A (en) A D2D communication authentication method, device, system, electronic device and medium
CN114710490A (en) Medical Internet of things data sharing method and system based on block chain
CN117978946B (en) Security management method and system for cloud computing video conference
Han et al. The privacy protection framework for biometric information in network based CCTV environment
JP7208383B2 (en) Video data transmission system, method and apparatus
WO2022135383A1 (en) Identity authentication method and apparatus
WO2018121394A1 (en) Mobile terminal, alarm information acquisition and sending method and device
Lal et al. An architecture methodology for secure video conferencing
CN112039852B (en) Method, storage medium, electronic device and system for protecting core interface
TWI794126B (en) A supervision system and method on end-to-end encrypted messaging
CN118118276B (en) Speech encryption near-end device, far-end device, system and encryption and decryption method based on coprocessor
Suja et al. New approach for highly secured I/O transfer with data on timer streaming
Wang Analyzing and Improving Security-Enhanced Communication Protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant