Terminal media stream encryption system

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
By setting up encryption/decryption control services and direct interaction with the IMS encryption/decryption algorithm library in the terminal media stream encryption system, the unreasonable system architecture of 4G/5G terminal devices is solved, the encryption/decryption process is optimized, power consumption and packet loss rate are reduced, and user experience is improved.

CN116389082BActive Publication Date: 2026-06-12BEIJING SPREADTRUM HI TECH COMM TECH CO LTD

View PDF 1 Cites 0 Cited by

Patent Information

Authority / Receiving Office: CN · China
Patent Type: Patents(China)
Current Assignee / Owner: BEIJING SPREADTRUM HI TECH COMM TECH CO LTD
Filing Date: 2023-03-16
Publication Date: 2026-06-12

Application Information

Patent Timeline

16 Mar 2023

Application

12 Jun 2026

Publication

CN116389082B

IPC: H04L9/40; H04L65/1066; H04L65/65

CPC: H04L63/0428; H04L65/1066

AI Tagging

Application Domain

Securing communication

Explore More Agents

Novelty Search
Search existing technologies and assess novelty
↗
FTO
Analyze whether a product may infringe others' patents
↗
Design FTO
Check prior-design risk for exterior design
↗
Drafting
Draft patent application text based on a technical solution
↗
Find Solutions with TRIZ
Generate feasible solution to solve your technical challenge
↗

Similar Technology Patents

A cyberspace counter-mapping false response method, device and equipment
CN122204399ASecuring communication
Method for protecting communication in a vehicle
WO2026124869A1Digital data protection Securing communication
Systems and methods for privacy controlled and quality controlled requests
US20260163880A1Computer security arrangementsSecuring communication
Intelligent protection method and system for network attack based on AI algorithm
CN122204521AKnowledge representation Inference methods
Systems and methods for use in enhanced biometric authentication
WO2026128406A1Securing communication

Get free access to AI patent search and analysis

Check patentability, review prior art and ask IP Agent with full patent context.

Smart Images

Figure CN116389082B_ABST

Patent Text Reader

Abstract

The present application relates to computer technology field, especially terminal media stream encryption system, the system includes: the encryption and decryption control service is used for obtaining session identification ID and session key, and session ID and session key are sent to calling terminal side core network IMS, calling terminal side IMS carries out session negotiation with called terminal side IMS based on session ID and session key, calling terminal side IMS obtains the first real-time transport protocol RTP packet sent by calling terminal side peripheral after session negotiation is completed, and first RTP packet is sent to encryption and decryption algorithm library, encryption and decryption algorithm library carries out encryption to first RTP packet, and sends the first RTP packet after encryption to calling terminal side IMS, calling terminal side IMS sends the first RTP packet after encryption to called terminal side IMS. Through setting encryption and decryption control service obtains session ID and session key, and calling terminal side IMS directly interacts with encryption and decryption algorithm, reduces the signaling transmission link, and reduces power consumption.

Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of computer technology, and in particular to a terminal media stream encryption system. Background Technology

[0002] Currently, 4G / 5G terminals use the 3rd Generation Partnership Project (3GPP) encryption and decryption algorithms to encrypt and decrypt user plane data, enabling terminals to transmit data securely during calls.

[0003] As encryption technology advances, the encryption and decryption algorithms defined and used by 3GPP may lag behind those developed by some companies. Therefore, some 4G / 5G terminals may use non-3GPP encryption and decryption algorithms on their chip platforms to encrypt and decrypt user plane data (voice, data, and video, etc.). This method suffers from low efficiency and a poor user experience due to an unreasonable division of system architecture and software functions (encryption / decryption, call control). Summary of the Invention

[0004] This invention provides a terminal media stream encryption system. By setting up an encryption / decryption control service, the system obtains a session identifier (ID) and a session key, and sends the session ID and session key to the calling terminal's core network (IP Multimedia Subsystem, IMS). The calling terminal's IMS directly interacts with the encryption / decryption algorithm library to encrypt and decrypt Real-time Transport Protocol (RTP) packets. This reduces the number of memory read / write operations, reduces signaling transmission links, lowers power consumption, and reduces RTP packet encryption / decryption processing latency and packet loss probability.

[0005] In a first aspect, embodiments of the present invention provide a terminal media stream encryption system, the system being deployed on a calling terminal, the system comprising:

[0006] The encryption / decryption control service is used to obtain the session identifier ID and session key, and send the session ID and session key to the calling terminal's core network IMS;

[0007] The calling terminal-side IMS is used to perform session negotiation with the called terminal-side IMS based on the session ID and the session key.

[0008] The calling terminal-side IMS is also used to obtain the first Real-Time Transport Protocol (RTP) packet sent by the calling terminal-side peripheral after the session negotiation is completed, and send the first RTP packet to the encryption / decryption algorithm library.

[0009] The encryption / decryption algorithm library is used to encrypt the first RTP packet and send the encrypted first RTP packet to the calling terminal's IMS.

[0010] The calling terminal-side IMS is also used to send the encrypted first RTP packet to the called terminal-side IMS.

[0011] In one embodiment, the system further includes: an encryption / decryption service;

[0012] The process of obtaining the session identifier ID and session key includes:

[0013] The encryption / decryption control service is used to send an application message to the encryption / decryption service;

[0014] The encryption / decryption service is used to send the session ID and the session key to the encryption / decryption control service after receiving the application message.

[0015] In one embodiment, the encryption / decryption service is further configured to send the encryption / decryption service status and authentication status to the encryption / decryption control service.

[0016] In one embodiment, the encryption / decryption control service is further configured to send a first notification message to the relevant application, the first notification message indicating that the session ID and the session key have been successfully applied for.

[0017] In one embodiment, the calling terminal-side IMS is further configured to receive a second RTP packet sent by the called terminal-side IMS, and send the second RTP packet to the encryption / decryption algorithm library;

[0018] The encryption / decryption algorithm library is also used to decrypt the second RTP packet and send the decrypted second RTP packet to the calling terminal's IMS.

[0019] The calling terminal-side IMS is also used to send the decrypted second RTP packet to the calling terminal-side peripheral device.

[0020] In one embodiment, the calling terminal-side IMS is further configured to send a second notification message to the relevant application after the session negotiation is completed, the second notification message being used to indicate that the session ID and the session key have been successfully negotiated.

[0021] In one embodiment, before sending the session ID and the session key to the encryption / decryption control service,

[0022] The encryption / decryption service is also used to send subscription query information to the encryption service platform on the network side, so as to trigger the encryption service platform to send the session ID.

[0023] In one embodiment, before sending the session ID and the session key to the encryption / decryption control service,

[0024] The encryption / decryption service is also used to send key request information to the key management platform on the network side, so as to trigger the key management platform to send the session key.

[0025] In one embodiment, the system further includes:

[0026] The codec chip is used to receive the first audio and video data sent by the peripheral device on the calling terminal side, encode the first audio and video data to obtain the first RTP packet, and send the first RTP packet to the IMS on the calling terminal side.

[0027] In one embodiment, the codec chip is further configured to receive the decrypted second RTP packet sent by the calling terminal's IMS, and decode the decrypted second RTP packet to obtain second audio and video data; and send the second audio and video data to the calling terminal's peripheral device.

[0028] In this embodiment of the invention, the terminal media stream encryption system includes: an encryption / decryption control service, used to obtain a session identifier ID and a session key, and send the session ID and session key to the calling terminal's core network IMS. The calling terminal's IMS performs session negotiation with the called terminal's IMS based on the session ID and session key. After the session negotiation is completed, the calling terminal's IMS obtains a first Real-Time Transport Protocol (RTP) packet sent by the calling terminal's peripheral device, and sends the first RTP packet to an encryption / decryption algorithm library. The encryption / decryption algorithm library encrypts the first RTP packet and sends the encrypted first RTP packet to the calling terminal's IMS. The calling terminal's IMS then sends the encrypted first RTP packet to the called terminal's IMS. By setting up an encryption / decryption control service to obtain the session ID and session key, and by having the calling terminal's IMS directly interact with the encryption / decryption algorithm, the signaling transmission links are reduced, and power consumption is lowered. Attached Figure Description

[0029] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0030] Figure 1 This is a schematic diagram of the structure of a terminal media stream encryption system provided in an embodiment of the present invention;

[0031] Figure 2A flowchart of a terminal media stream encryption method provided in an embodiment of the present invention;

[0032] Figure 3 This is a schematic diagram of another terminal media stream encryption system provided in an embodiment of the present invention;

[0033] Figure 4 A flowchart of another terminal media stream encryption method provided in an embodiment of the present invention. Detailed Implementation

[0034] To better understand the technical solutions in this specification, the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0035] It should be understood that the described embodiments are merely some, not all, of the embodiments in this specification. All other embodiments obtained by those skilled in the art based on the embodiments in this specification without inventive effort are within the scope of protection of this specification.

[0036] The terminology used in the embodiments of this invention is for the purpose of describing particular embodiments only and is not intended to be limiting of this specification. The singular forms “a,” “the,” and “the” as used in the embodiments of this invention and the appended claims are also intended to include the plural forms unless the context clearly indicates otherwise.

[0037] Currently, there are some problems with 4G / 5G terminal devices using non-3GPP encryption and decryption algorithms to encrypt and decrypt media streams. Taking 4G Long Term Evolution (LTE) Voice Bearer (VoLTE) encryption and decryption as an example, terminal devices suffer from low efficiency and poor user experience due to unreasonable system architecture and software function (encryption and decryption, call control) division. The problems are mainly reflected in the following three aspects: (1) Redundancy of software function modules and multiple signaling processes lead to long call setup time for encryption and decryption calls, low success rate, and poor service type scalability; (2) The unreasonable position of RTP packet encryption and decryption processing functions leads to the introduction of additional memory read and write, increasing call processing latency. If the VoLTE call time is long, the power consumption of the entire call will increase significantly, and the standby time will be shortened; (3) Redundancy in the process of processing RTP packets leads to RTP packet loss, data discontinuity, and noise during the call.

[0038] Existing media stream encryption and decryption system architectures can be as follows: Figure 1As shown, the system includes: VendorIMS Service 101, encryption / decryption service 102, related applications 103, Android Native RIL 104, encryption / decryption algorithm library 105, terminal-side IMS 106, codec chip 107, and terminal-side peripherals 108. The codec chip 107 includes a voice codec chip 109 and a cellular component 110, and the terminal-side peripherals 108 include a microphone 111 and a speaker 112. During the media stream encryption process, after receiving a request message from VendorIMS Service 101, encryption / decryption service 102 sends a session ID and session key to VendorIMS Service 101. VendorIMS Service 101, upon receiving the session ID and session key, sends them to Android Native RIL 104. Android Native RIL 104 then negotiates a session with the peer device, i.e., negotiating the session ID and session key. In addition, Vendor IMS Service 101 will send a notification message to the relevant application 103. The relevant application 103 can display the successful application ID and session key application on the front-end interface to notify the user. After successful session negotiation, Android Native RIL 104 will send the session negotiation result to Vendor IMS Service 101 and terminal-side IMS 106 respectively. After the call between the local device and the remote device is connected, the microphone 111 collects voice data, the voice codec chip 109 encodes the voice data into a first RTP packet, the terminal-side IMS 106 sends the first RTP packet to Android Native RIL 104, Android Native RIL 104 sends the first RTP packet to the encryption / decryption algorithm library 105 for encryption, the encryption / decryption algorithm library 105 sends the encrypted first RTP packet to Android Native RIL 104, and Android Native RIL 104 sends the encrypted first RTP packet to the remote device.Meanwhile, the Android Native RIL104 can also receive encrypted second RTP packets sent by the peer device. The Android Native RIL104 sends the encrypted second RTP packets to the encryption / decryption algorithm library 105 for decryption. After the encryption / decryption algorithm library 105 completes the decryption, it sends the decrypted second RTP packets back to the Android Native RIL104. The Android Native RIL104 then sends the decrypted second RTP packets to the terminal-side IMS106. The terminal-side IMS106 then sends them to the voice codec chip 109. The voice codec chip 109 decodes the second RTP packets into voice data and sends it to the speaker 112 for playback.

[0039] In one embodiment, the process of running the above system can be as follows: Figure 2 As shown, it specifically includes:

[0040] 230. Notify service status.

[0041] 231. Apply for authentication.

[0042] 232. Return the authentication result.

[0043] The encryption / decryption service 203 first notifies the Vendor IMS Service 202 of the current service status. After receiving the message, the Vendor IMS Service 202 requests authentication from the encryption / decryption service 203. After authentication, the encryption / decryption service 203 sends the authentication result to the Vendor IMS Service 202.

[0044] 233. Call / call.

[0045] The user initiates a call through the relevant application 201 of the calling device. The corresponding instructions pass through VendorIMS Service 202, Android Native RIL 204, terminal-side IMS 206, network-side IMS 213, terminal-side IMS 223, Android Native RIL 225, Vendor IMS Service 227 and the relevant application 228 in sequence.

[0046] 234. Call Ringback

[0047] After receiving the relevant instructions for the call, the terminal-side IMS223 sends the relevant instructions for the call ringback. The called terminal goes through Android Native RIL225 and Vendor IMS Service227, while the calling terminal goes through network-side IMS213, terminal-side IMS206, Android Native RIL204 and Vendor IMS Service202.

[0048] 235. Check contract information.

[0049] 236. Query the contract information of the called device.

[0050] 237. Return the session ID of this call.

[0051] 238. Return the session ID of this call.

[0052] Vendor IMS Service 202 sends a query for subscription information to Encryption / Decryption Service 203. Encryption / Decryption Service 203 can establish a connection with the encryption service platform 211 on the network side 21 to query the subscription information of the called device. After receiving the query information, Encryption Service Platform 211 sends the session ID of this call to Encryption / Decryption Service 203, and Encryption / Decryption Service 203 then sends the session ID to Vendor IMS Service 202.

[0053] 239. Notify Session ID.

[0054] 240. Notify Session ID.

[0055] Vendor IMS Service 202 sends the information that the session ID has been obtained to the relevant application 201 to notify the user, and Vendor IMS Service 202 sends the session ID to Android Native RIL 204.

[0056] 241. Session key request.

[0057] 242. Session key request.

[0058] 243. Session key returned.

[0059] 244. Session key returned.

[0060] Vendor IMS Service 202 sends a session key request to Encryption / Decryption Service 203. Encryption / Decryption Service 203 can establish a connection with the key management platform 212 on the network side 21 to query the session key. The key management platform 212 sends the session key for this call to Encryption / Decryption Service 203, and then Encryption / Decryption Service 203 sends the session key to Vendor IMS Service 202.

[0061] 245. Notify the session key.

[0062] Vendor IMS Service202 sends the session key to Android Native RIL204.

[0063] 246. The call is connected.

[0064] The network-side IMS213 sends the call connection information to the calling terminal and the called terminal. The calling terminal information passes through the terminal-side IMS206, Android Native RIL204, Vendor IMS Service202 and related applications 201 in sequence. The called terminal information passes through the terminal-side IMS223, Android Native RIL225, Vendor IMS Service227 and related applications 228 in sequence.

[0065] 247. Send the first instruction.

[0066] The Android Native RIL204 sends the first instruction to the terminal-side IMS206, instructing the terminal-side IMS206 to send an RTP packet.

[0067] 248. Send voice data.

[0068] The terminal-side peripheral 208 collects the voice data input by the user and sends the voice data to the codec chip 207.

[0069] 249. Send RTP packets.

[0070] The codec chip 207 receives voice data sent by the terminal-side peripheral 208 and encodes the voice data to obtain RTP packets.

[0071] 250. Send RTP packets.

[0072] The terminal-side IMS206 sends the RTP packet to the Android Native RIL204.

[0073] 251. Dialogue and negotiation.

[0074] 252. Send RTP packets.

[0075] Android Native RIL204 and Android Native RIL225 negotiate a session, specifically the session ID and session key. Upon successful negotiation, Android Native RIL204 sends the RTP packet to the encryption / decryption algorithm library 205.

[0076] 253. Send the encrypted RTP packet.

[0077] The encryption / decryption algorithm library 205 encrypts the received RTP packets and sends the encrypted RTP packets to AndroidNative RIL204.

[0078] 254. Send the encrypted RTP packet.

[0079] Android Native RIL204 sends the encrypted RTP packet to the terminal side IMS206.

[0080] 255. Send the encrypted RTP packet.

[0081] The terminal-side IMS206 sends the encrypted RTP packet to the terminal-side IMS223.

[0082] 256. Send the encrypted RTP packet.

[0083] The terminal-side IMS223 sends the encrypted RTP packet to the Android Native RIL225.

[0084] 257. Send the encrypted RTP packet.

[0085] Android Native RIL225 sends the encrypted RTP packet to encryption / decryption algorithm library 224.

[0086] 258. Send the decrypted RTP packet.

[0087] The encryption / decryption algorithm library 224 decrypts the encrypted RTP packet and sends the decrypted RTP packet to AndroidNative RIL225.

[0088] 259. Send the decrypted RTP packet.

[0089] The Android Native RIL225 sends the decrypted RTP packet to the terminal-side IMS223.

[0090] 260. Send the decrypted RTP packet.

[0091] The terminal-side IMS223 sends the decrypted RTP packet to the codec chip 222.

[0092] 261. Send voice data.

[0093] The codec chip 222 decodes the RTP packets to obtain voice data and sends the voice data to the terminal peripheral 221.

[0094] The above process involves excessive signaling, too many memory reads, high power consumption, redundant RTP packet processing steps, and RTP packets are prone to loss, affecting the normal operation of the call.

[0095] To address the aforementioned issues, this invention provides a media stream encryption / decryption system that optimizes the overall architecture and process. The encryption / decryption control service obtains the session ID and session key, and the terminal-side IMS directly interacts with the encryption / decryption algorithm, reducing signaling transmission links and lowering power consumption.

[0096] The improved media stream encryption system according to embodiments of the present invention can be as follows: Figure 3As shown, the system includes: encryption / decryption control service 301, encryption / decryption service 302, related applications 303, terminal-side IMS 304, encryption / decryption algorithm library 305, codec chip 306, and terminal-side peripherals 307. The codec chip 306 includes a voice codec chip 308, a video codec chip 309, and a cellular component 310. The terminal-side peripherals 307 include a microphone 311, a speaker 312, a camera 313, and a display 314. During the media stream encryption process, after receiving an application message from the encryption / decryption control service 301, the encryption / decryption service 302 sends a session ID and session key to the encryption / decryption control service 301. Upon receiving the session ID and session key, the encryption / decryption control service 301 sends them to the terminal-side IMS 304. The terminal-side IMS 304 then negotiates a session with the peer device, i.e., negotiating the session ID and session key. In addition, the encryption / decryption control service 301 will send notification messages to the relevant application 303. The relevant application 303 can display the successful application for session ID and session key on the front-end interface to notify the user. After the call between the local device and the remote device is connected, the microphone 311 collects voice data, the camera 313 collects video data, the voice codec chip 308 and the video codec chip 309 encode the voice data and video data into the first RTP packet, respectively. The terminal-side IMS 304 sends the first RTP packet to the encryption / decryption algorithm library 305 for encryption. The encryption / decryption algorithm library 305 sends the encrypted first RTP packet to the terminal-side IMS 304, and the terminal-side IMS 304 sends the encrypted first RTP packet to the remote device. Simultaneously, the terminal-side IMS304 can also receive the encrypted second RTP packet sent by the peer device. The terminal-side IMS304 sends the encrypted second RTP packet to the encryption / decryption algorithm library 305 for decryption. After the encryption / decryption algorithm library 305 completes the decryption, it sends the decrypted second RTP packet back to the terminal-side IMS304. The terminal-side IMS304 then sends it to the voice codec chip 308 and the video codec chip 309. The voice codec chip 308 and the video codec chip 309 decode the second RTP packet into voice data and video data, and send them to the speaker 312 and the display 314 for playback.

[0097] The runtime process of the media stream encryption system according to this embodiment of the invention can be as follows: Figure 4 As shown, it specifically includes:

[0098] 430. Notification of service status.

[0099] 431. Apply for authentication.

[0100] 432. Return the authentication result.

[0101] Encryption / decryption service 203 first notifies encryption / decryption control service 403 of the current service status. After receiving the message, encryption / decryption control service 403 requests authentication from encryption / decryption service 203. After authentication, encryption / decryption service 203 sends the authentication result to encryption / decryption control service 403.

[0102] 433. Call / Contact.

[0103] The user initiates a call through the relevant application 401 of the calling device. The corresponding instructions pass through the encryption / decryption control service 403, the terminal-side IMS 405, the network-side IMS 413, the terminal-side IMS 423, the encryption / decryption control service 425, and the relevant application 427 in sequence.

[0104] 434. Call Ringback

[0105] After receiving the relevant instructions for the call, the terminal-side IMS423 sends the relevant instructions for the call ringback. The called terminal goes through the encryption / decryption control service 435 and related applications 427, while the calling terminal goes through the network-side IMS413, the terminal-side IMS405, the encryption / decryption control service 403 and related applications 401.

[0106] 435. Check contract information.

[0107] 436. Query the contract information of the called device.

[0108] 437. Return the session ID of this call.

[0109] 438. Return the session ID of this call.

[0110] The encryption / decryption control service 403 sends a query for subscription information to the encryption / decryption service 402. The encryption / decryption service 402 can establish a connection with the encryption service platform 411 on the network side 41 to query the subscription information of the called device. After receiving the query information, the encryption service platform 411 sends the session ID of this call to the encryption / decryption service 402, and the encryption / decryption service 402 then sends the session ID to the encryption / decryption control service 403.

[0111] 439. Notify Session ID.

[0112] The encryption / decryption control service 403 sends a message that the session ID has been requested to the relevant application 401, which can then display the message on the front-end interface.

[0113] 440. Session key request.

[0114] 441. Session key request.

[0115] 442. Session key returned.

[0116] 443. Session key returned.

[0117] Encryption / decryption control service 403 sends a session key request to encryption / decryption service 402. Encryption / decryption service 402 can establish a connection with key management platform 412 on network side 41 to query the session key. Key management platform 412 sends the session key for this call to encryption / decryption service 402. Encryption / decryption service 403 then sends the session key to encryption / decryption control service 403.

[0118] 444. The call is connected.

[0119] The network-side IMS213 sends the call connection information to the calling terminal and the called terminal. The calling terminal information passes through the terminal-side IMS405, the encryption / decryption control service 403, and the related application 401 in sequence, while the called terminal information passes through the terminal-side IMS423, the encryption / decryption control service 425, and the related application 427 in sequence.

[0120] 445. Send the first instruction.

[0121] The encryption / decryption control service 403 sends a first instruction to the terminal-side IMS 405, instructing the terminal-side IMS 405 to send an RTP packet.

[0122] 446. Send audio and video data.

[0123] The terminal-side peripheral 407 collects the audio and video data input by the user and sends the voice data to the codec chip 406.

[0124] 447. Send RTP packets.

[0125] The codec chip 406 receives audio and video data sent by the terminal-side peripheral 407, encodes the audio and video data to obtain RTP packets, and sends the RTP packets to the terminal-side IMS 405.

[0126] 448. Dialogue and negotiation.

[0127] The terminal-side IMS405 and terminal-side IMS423 conduct session negotiation, namely, the negotiation of session ID and session key.

[0128] 449. Notification of successful session negotiation.

[0129] The 401 application can display a message indicating successful session negotiation on the front-end interface.

[0130] 450. Send RTP packets.

[0131] 451. Send the encrypted RTP packet.

[0132] The terminal-side IMS405 sends the RTP packet to the encryption / decryption algorithm library 404, which encrypts the RTP packet and then sends the encrypted RTP packet back to the terminal-side IMS405.

[0133] 452. Send the encrypted RTP packet.

[0134] The terminal-side IMS405 sends the encrypted RTP packet to the terminal-side IMS423.

[0135] 453. Send the encrypted RTP packet.

[0136] The terminal-side IMS423 sends the encrypted RTP packet to the encryption / decryption algorithm library424.

[0137] 454. Send the decrypted RTP packet.

[0138] The encryption / decryption algorithm library 424 decrypts the encrypted RTP packet and sends the decrypted RTP packet to the terminal side IMS 423.

[0139] 455. Send the decrypted RTP packet.

[0140] The terminal-side IMS423 sends the decrypted RTP packet to the codec chip 422.

[0141] 456. Send audio and video data.

[0142] The codec chip 422 decodes the RTP packets to obtain audio and video data, and then sends the audio and video data to the terminal peripheral 421 for playback.

[0143] Compared with existing encryption and decryption systems, the media stream encryption and decryption system of this invention sets up an encryption and decryption control service, which reduces the number of memory read and write operations and lowers power consumption; the terminal-side IMS can directly interact with the encryption and decryption algorithm library, reducing signaling transmission links and lowering the RTP packet encryption and decryption processing latency and packet loss probability; and the addition of a video codec chip in the terminal-side peripherals expands the types of services that can be supported.

[0144] In the description of this specification, the references to terms such as "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of the present invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.

[0145] Furthermore, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of that feature. In the description of this invention, "a plurality of" means at least two, such as two, three, etc., unless otherwise explicitly specified.

[0146] Any process or method description in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing custom logic functions or processes, and the scope of preferred embodiments of the invention includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order depending on the functions involved, as should be understood by those skilled in the art to which embodiments of the invention pertain.

[0147] In the embodiments provided by this invention, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between devices or units may be electrical, mechanical, or other forms.

[0148] Furthermore, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or in the form of hardware plus software functional units.

[0149] The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.

Claims

1. A terminal media stream encryption system, characterized in that, The system is deployed on the calling terminal, and the system includes: The encryption / decryption control service is used to obtain the session identifier ID and session key, and send the session ID and session key to the calling terminal's core network IMS; The calling terminal-side IMS is used to perform session negotiation with the called terminal-side IMS based on the session ID and the session key. The calling terminal-side IMS is also used to obtain the first Real-Time Transport Protocol (RTP) packet sent by the calling terminal-side peripheral after the session negotiation is completed, and send the first RTP packet to the encryption / decryption algorithm library. The encryption / decryption algorithm library is used to encrypt the first RTP packet and send the encrypted first RTP packet to the calling terminal's IMS. The calling terminal-side IMS is also used to send the encrypted first RTP packet to the called terminal-side IMS; The system also includes: encryption / decryption services; The process of obtaining the session identifier ID and session key includes: The encryption / decryption control service is used to send an application message to the encryption / decryption service; The encryption / decryption service is used to send the session ID and the session key to the encryption / decryption control service after receiving the application message.

2. The system according to claim 1, characterized in that, The encryption / decryption service is also used to send the encryption / decryption service status and authentication status to the encryption / decryption control service.

3. The system according to claim 1, characterized in that, The encryption / decryption control service is also used to send a first notification message to the relevant application, the first notification message being used to indicate that the session ID and the session key have been successfully applied for.

4. The system according to claim 1, characterized in that, The calling terminal-side IMS is also used to receive the second RTP packet sent by the called terminal-side IMS, and send the second RTP packet to the encryption / decryption algorithm library; The encryption / decryption algorithm library is also used to decrypt the second RTP packet and send the decrypted second RTP packet to the calling terminal's IMS. The calling terminal-side IMS is also used to send the decrypted second RTP packet to the calling terminal-side peripheral device.

5. The system according to claim 1, characterized in that, The calling terminal-side IMS is also used to send a second notification message to the relevant application after the session negotiation is completed. The second notification message is used to indicate that the session ID and the session key have been successfully negotiated.

6. The system according to claim 1, characterized in that, Before sending the session ID and the session key to the encryption / decryption control service. The encryption / decryption service is also used to send subscription query information to the encryption service platform on the network side, so as to trigger the encryption service platform to send the session ID.

7. The system according to claim 1, characterized in that, Before sending the session ID and the session key to the encryption / decryption control service. The encryption / decryption service is also used to send key request information to the key management platform on the network side, so as to trigger the key management platform to send the session key.

8. The system according to claim 4, characterized in that, The system also includes: The codec chip is used to receive the first audio and video data sent by the peripheral device on the calling terminal side, encode the first audio and video data to obtain the first RTP packet, and send the first RTP packet to the IMS on the calling terminal side.

9. The system according to claim 8, characterized in that, The codec chip is also used to receive the decrypted second RTP packet sent by the IMS on the calling terminal side, and to decode the decrypted second RTP packet to obtain second audio and video data; and to send the second audio and video data to the peripheral device on the calling terminal side.