preface

Data security and user privacy protection are the unavoidable topics of Internet products, which is also a platitude. However, in the current context, Internet products must face the security and compliance problems of their own products.

Relying on the “real-time audio and video” as the carrier of interactive communication, anyRTC services online education, social broadcast, enterprise collaboration, online medical, financial insurance and other industries, for audio and video real-time interaction to provide a complete set of security technology solutions. As the world’s leading audio and video cloud service provider, the service covers customers in more than 200 countries and regions around the world. Under the premise of complying with relevant laws and regulations, it provides reliable guarantee for the confidentiality, integrity and availability of business services.

Safety compliance program

AnyRTC real-time audio and video, security compliance from three aspects of access layer, data and transmission layer, content identification.

AnyRTC one-stop security service

1: identity authentication: dynamic key

2: Data encryption: AES-128/AES-256/ NATIONAL secret encryption

3: Transmission encryption: SSL, HTTPS, Websocket, DTLS, and SRTP

4: Service protection: anti-ddos and hide core services

I. Access layer

AnyRTC real-time audio and video uses “channel” as the communication medium. Users need to log in the channel before speaking or listening to audio and video on the mic. Therefore, anyRTC prevents illegal user login through two measures of “permission authentication – channel authentication” and “authentication blacklist”.

The identity authentication

When the user enters the channel, the business service needs to give the user an authorization permission. This scheme effectively avoids the user who logs in the channel abnormally. Enabling permission authentication can effectively protect communication security. AnyRTC recommends that all formal environments enable this function to prevent communication insecurity caused by their own APPID theft.

The implementation process

  1. Obtain authentication information from the service

  2. Log in to audio and video services for identity authentication

  3. The audio and video service requests authentication from a third party

Second, data and transmission layer

AnyRTC adopts four levels of encryption to stabilize the system, which are system level, signaling level, streaming media data encryption and streaming media transmission encryption.

1. Level 1 – system level

System transmission protocol, design using HTTPS and WSS

AnyRTC system adopts HTTP and WS protocol for transmission, The protocol itself is plaintext transmission, so for data security, we use SSL as an encryption channel to transmit data over SSL. The HTTP protocol running on SSL encryption channel is called HTTPS/WSS.

2. Level 2 – Signaling level

Aes-256 symmetric encryption algorithm is used for encryption

Although secure transmission protocols such as HTTPS are adopted at the system level, because plaintext transmission and other reasons are not very secure, anyRTC performs secondary encryption on signaling.

3. Level 3 – Streaming media data encryption

Aes-128-xts is used for streaming media encryption by default, and anyRTC supports custom encryption. If the custom encryption mode is used, you need to set the same encryption mode for multiple terminals to communicate with each other. Otherwise, no image or sound is displayed.

  • Aes-128-xts: 128-bit AES encryption, XTS mode.

  • Aes-128-ecb: 128-bit AES encryption, ECB mode;

  • Aes-256-xts: 256-bit AES encryption, XTS mode.

  • The default encryption mode is AES-128-XTS.

  • Custom encryption of raw data in streaming media

4. The fourth level – streaming media transmission encryption

AnyRTC systems use secure Real-time Transmission Protocol (SRTP) for encryption

There are different ways to expose real-time communication software to security risks. Of particular note is the interception of unencrypted media or data during information transmission. This can happen during browser-to-browser or browser-to-server communication, where a third party can steal all the data sent. However, after data encryption, it can effectively prevent eavesdroppers from obtaining the content of communication flow. Only session participants with encryption keys can decode a traffic stream.

Encryption is mandatory in anyRTC, and everything, including the signaling mechanism, must be encrypted. Therefore, all media streams sent through anyRTC are protected by standardized and well-known encryption protocols. The encryption protocol is determined by the type of transmission channel. Data streams are encrypted using the Datagram Transport Layer Security Protocol (DTLS) and media streams are encrypted using the Secure Real-time Transport Protocol (SRTP).

Third, content identification

Video audit is required for audio and video scenes such as live video and video conference, such as pornography, obscenity and violence. Voice calls, voice blackcalls and other scenes should be audited, such as pornography, politics, abuse, advertising, etc., and indirect non-semantic voice audit, such as the voice print of political leaders, reactionary banned songs, etc.

In view of the above problems, anyRTC launched an integrated scheme of “audio and video + content authentication” through cooperation with the AI authentication platform of the head. It only needs to “call the interface, initiate the authentication request, and wait for the callback result” to realize the authentication function of voice content. Developers can also audit the SDK using third-party content. The SDK level will call back the audio and video data to the client. The Linux SDK can also be used to obtain audio and video data on the service level and connect with third-party content audit services. Developers can choose the method of content identification according to their own conditions.

Based on excellent self-developed audio and video engine, anyRTC mature 3A voice processing technology and AI noise reduction function, can greatly improve the accuracy of speech recognition; Global ultra-low latency voice interaction to speed up the return of speech recognition results.

The flexible audio and video architecture supports the content authentication at the channel level. Each channel can mix all users’ audio and video streams into one stream for authentication, instead of pulling each stream for authentication separately, which can greatly reduce the platform side’s content verification cost.

Secure and controllable RTC PaaS platform

AnyRTC is committed to providing customers with real-time interactive services anytime, anywhere and everywhere. We always regard data security and user privacy protection as the primary security principle and integrate it into security capacity building as a concept. We are responsible for the security of RTC PaaS platform and SDK output to customers. So that the business of all walks of life can run smoothly.

AnyRTC has complete management system and IT system construction and operation experience, and actively manages and continuously improves the integration, operation and maintenance of cloud services. The professional safety team provides the safety protection of the whole life cycle of products and provides the safety emergency response of 7×24 hours. Developers pay attention to the release of our SDK and timely update to the latest version of SDK. This ensures that developers’ apps have access to the latest features and services as soon as possible, and that security-related bugs and vulnerabilities are fixed in a timely manner.

Safety system certification

AnyRTC USES is level 3 protection strategy we from the physical information system, network, host, applications, data, etc., have been approved by the authority safety protection ability, anyRTC data center, the functions of the management system, research and development, through the certification means that we have been in the field of information security management with the international standard for standard, With sufficient information security risk identification and control capabilities, can provide safe and reliable services for global customers.

Communications security

AnyRTC is based on self-developed private protocol for secure transmission, network architecture design can cope with more than 10 times the load, with SSL/TLS encryption, signature verification, state monitoring and other security features. AnyRTC adopts encryption mode from system level, signaling level, media stream data, and media stream transmission level. At the media transmission level, there are corresponding APIS for clients to call, and the key is in the hands of business developers, which can prevent users’ audio data from spreading through abnormal channels after being intercepted and broken in the transmission process.

Business continuity

AnyRTC adopts two places and three centers backup, any machine room under attack, will not affect the normal operation of other machine rooms, does not affect the overall service; If the data center encounters denial of Service (DoS) and other malicious attacks that are difficult to guard against, anyRTC will automatically isolate the faulty machine to ensure that the service is not affected to ensure fast recovery in case of disaster; AnyRTC is equipped with anti-ddos firewalls in every core cloud data center, and there are more than two hundred distributed data centers around the world, with sufficient capabilities and resources to control DDoS risks. Can guarantee to provide continuous and stable service in all directions.

From what has been discussed above

As a real-time audio and video communication cloud service provider, anyRTC will continue to play its advantages in the field of audio and video communication, we provide excellent data security, so that developers can focus on innovation and create new applications.