CN106506144A - A kind of multimedia output system - Google Patents
A kind of multimedia output system Download PDFInfo
- Publication number
- CN106506144A CN106506144A CN201610921531.3A CN201610921531A CN106506144A CN 106506144 A CN106506144 A CN 106506144A CN 201610921531 A CN201610921531 A CN 201610921531A CN 106506144 A CN106506144 A CN 106506144A
- Authority
- CN
- China
- Prior art keywords
- information
- output
- encryption
- key
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Abstract
The invention discloses a kind of multimedia output system, including encrypting module, server, authentication module and outlet terminal based on Android technology;Wherein, the encrypting module is used for receiving and encrypting information to be output, and the information to be output after marking this encrypted is encryption information;The server is used for receiving, store and processing the encryption information;The authentication module is used for verifying the encryption information and exporting checking information;The outlet terminal, for receiving encryption key and checking information, processes encryption information based on checking information and exports the information to be output.The present invention is by being digitally signed process to information to be output, while limiting the scope and processing mode of information to be output by security strategy, increases the recognition capability and disposal ability of the information for invading to external world, improves security of system.
Description
Technical field
The present invention relates to a kind of multimedia output system, belongs to field of multimedia systems.
Background technology
The demands of the every profession and trade in terms of image shows such as retail, sports and amusement and traffic are constantly being lifted, digital business
Show that industry quickly grows, have good prospects.Simultaneously, the safety problem of commercial display system also increasingly projects existing business
In aobvious system, often C/S models, service end are invaded, and are often resulted in large stretch of terminal and are fallen into enemy hands, and terminal is remotely controlled, arbitrarily
Play illegal audio frequency and video etc..In addition, the network dangerous that often terminal is accessed, hacker is often through forging base station, control
Wi-Fi hotspot etc. invades terminal.
Mainly faced on the market now is the outlet terminal of simple display firmware, and the development with technology, more
Intelligent with multi-functional terminal can a similar panel computer or mobile phone, i.e., using the terminal of operating system, carried based on system
For program carry out the process to data.Safety precaution now for the system with this kind of outlet terminal is also playing step
Section a, it is desirable to provide system that Safety output can be realized.
Content of the invention
In order to solve the above problems, the present invention is by providing a kind of multimedia output system.
On the one hand the technical solution used in the present invention is a kind of multimedia output system, including encrypting module, server, tests
Card module and the outlet terminal based on Android technology;Wherein, the encrypting module is used for receiving and encrypting information to be output,
Information to be output after marking this encrypted is encryption information;The server is used for receiving, store and processing the encryption
Information;The authentication module is used for verifying the encryption information and exporting checking information;The outlet terminal, for receiving encryption
Information and checking information, process encryption information based on checking information and export the information to be output.
Preferably, the encrypting module is treated output information based on USB key and is encrypted.
Preferably, the encrypting module is treated the step of output information is encrypted and is included:Treated using USB key process defeated
Go out information and obtain corresponding cryptographic Hash;The cryptographic Hash is digitally signed using the private key of USB key and obtains signature value;
Base64URL coded treatments are carried out to signature value to obtain secret value, and combining encryption value obtains encryption information with information to be output.
Preferably, the encrypting module is treated and is treated using USB key process
Output information carries out base64URL coded treatments to obtain secret value to generate timestamp to signature value and timestamp, in conjunction with plus
Close value obtains encryption information with information to be output.
Preferably, the public key of the authentication module storage USB key, based on public key verifications encryption information and exports checking letter
Breath.
Preferably, the outlet terminal is additionally operable to based on security policy manager encryption information, and its step includes:From server
Receiving encryption key, distinguishes and marks encryption information for non-control information and control information based on security strategy;It is based on mark
Reason encryption information, wherein, for non-control information, directly processes the non-control information and exports corresponding information to be output;Right
In control information, checking application is proposed to authentication module, the checking information returned based on authentication module is processed and exported corresponding
Information to be output.
Preferably, the outlet terminal is additionally operable to from server receiving terminal fresh information, the terminal fresh information bag
The APK and security strategy more new file for being applied to android system is included, the terminal fresh information is realized adding based on encrypting module
Close process.
Beneficial effects of the present invention are by being digitally signed process to information to be output, while passing through security strategy
The scope and processing mode of information to be output is limited, is increased the recognition capability and disposal ability of the information for invading to external world, is improved
Security of system.
Description of the drawings
Fig. 1 show a kind of schematic diagram of the multimedia output system based on the embodiment of the present invention.
Specific embodiment
The present invention will be described with reference to embodiments.
Inventive embodiment is based on, as shown in Figure 1 a kind of multimedia output system, including encrypting module, server, checking
Module and the outlet terminal based on Android technology;Wherein, the encrypting module is used for receiving and encrypting information to be output, marks
Remember this encrypted after information to be output be encryption information;The server is used for receiving, store and processing the encryption letter
Breath;The authentication module is used for verifying the encryption information and exporting checking information;The outlet terminal, for receiving encryption letter
Breath and checking information, process encryption information based on checking information and export the information to be output.
Encrypting module is mainly used in encryption(It is digitally signed, or by complete for information encipherment, i.e. basis
Code book carries out transcoding to information, and this programme mainly carries out data signature process)The information to be output of extraneous input, encryption
Information mainly includes that multi-medium data body and digital signature fragments, server are mainly used in receiving, store and processing(Send to
Certain terminal, changes the information content, change information labels etc.)The encryption information, authentication module are used for being encrypted place
The information of reason is processed(Based on the type of encryption, for example, verifying data signature is carried out, contrasts key, be decoded,
This programme is mainly digitally signed checking and key is contrasted), the authentication module can be independently of outlet terminal, it is also possible to
It is function that outlet terminal itself can be realized(The program of android system is for example run on).
Under wherein key can be by line(Module itself is arranged in advance, such as a USB key, private key directly makes
It is used in encrypting module, public key is stored on authentication module, both do not have straight-forward network to connect)Or on line(That is USB key are deposited
Where an encrypting module, authentication module can connect, while providing corresponding public and private key online according to module type)Association
Business's key.It can also be symmetrically asymmetrical that key can be, under symmetrical mechanism, authentication module is shared with encrypting module symmetrically close
Key;Under asymmetric mechanism, the public key of authentication module maintenance key pair, the private key of encrypting module security maintenance key pair;Safety rises
See, the key of encrypting module is protected by password or secure hardware.
The encrypting module is treated output information based on USB key and is encrypted.
USB Key are a kind of hardware devices of USB interface.Its built-in single-chip microcomputer or intelligent card chip, have certain storage
Space, can store the private key and digital certificate of user, be realized to user identity using the built-in public key algorithms of USB Key
Certification.As private key for user is stored in coded lock, makes in theory all read in any way, therefore ensure that user recognizes
The security of card.
The encrypting module is treated the step of output information is encrypted to be included:Using USB key process information to be output
Obtain corresponding cryptographic Hash;The cryptographic Hash is digitally signed using the private key of USB key and obtains signature value;To signature
Value carries out base64URL coded treatments to obtain secret value, combining encryption value and information to be output(Raw information, is not added
Information after close)Obtain encryption information.
The step of encrypting module processing information, includes carrying out information to be output digest calculations first, based on digest algorithm
The sha1 series of stream, sha2 series, md5 algorithms etc., are processed after being made a summary, using the private of the intelligent chip in USB key
Key is signed to summary,
Base64 codings can be used to transmit longer identification information under HTTP environment.For example, in Java Persistence systems
In system Hibernate, Base64 is just employed by a longer unique identifier(The generally UUID of 128-bit)Coding
For a character string, as the parameter in HTTP lists and HTTP GET URL.In other application programs, handle is also usually needed
Binary data coding is to be suitable for being placed on URL(Including hiding form fields)In form.Now, not only compared using Base64 codings
Relatively brief, while also having unreadable property, i.e., coded data not with the naked eye to be immediately seen by people.However, standard
Base64 is not appropriate for being placed directly in URL and transmits, because URL encoders can become the "/" in standard Base64 and "+" character
For the form of shape such as " %XX ", and these " % " number also need to be changed when database is stored in again, because in ANSI SQL
" % " number is used as asterisk wildcard.For solving this problem, a kind of improvement Base64 for URL can be adopted to encode, it is not filled out at end
Fill '=' number, and made the "+" and "/" in standard Base64 into " * " and "-" respectively, thus eliminate in URL encoding and decoding
With conversion to be made during database purchase, it is to avoid coding information length increase in the process, and unified database,
The form of list etc. object identifier.
The encrypting module is treated
To generate timestamp, carry out base64URL coded treatments to obtain secret value to signature value and timestamp, combining encryption value with treat
Output information obtains encryption information.
Timestamp(time stamp), typically one character string uniquely identifies the time at certain a moment.Digit time
Stamp technology is a kind of application of mutation of digital signature technology.Timestamp produce process be:The text that first needs are added timestamp
Part forms summary with Hash coding encryptings, and the summary is sent to DTS then(Decode Time Stamp), DTS adding
Again this document is encrypted after receiving the date and time information of document(Digital signature), then export.
The authentication module prestores the public key of USB key, based on public key verifications encryption information and exports checking information.
I.e. using offline method, USB key are stored in authentication module, mainly guarding network attack;The public key
After checking, checking information is returned(I.e. correct code and video file digest value.Otherwise do not pass through, return error code), output
After terminal receives checking information, the processing method to encryption information is determined based on checking information.
The outlet terminal is additionally operable to based on security policy manager encryption information, and its step includes:Receive from server and add
Confidential information, distinguishes and marks encryption information for non-control information and control information based on security strategy;Encryption is processed based on mark
Information, wherein, for non-control information, directly processes the non-control information and exports corresponding information to be output;For control
Information, proposes checking application to authentication module, and the checking information returned based on authentication module is processed and exported corresponding to be output
Information.
Android system can provide system strategy related function(That is security strategy), based on these functions, can be to letter
Breath carries out prophase management, for example, when should play that type(Audio frequency, video, image etc.)Multimedia(Such as 7 points can only
Play news hookup etc.), security strategy is the strategy for pre-setting/passing through reliable renewal process, can be by encryption information
Make a distinction(Such as to be output information of the part for more believable Long-Time Service person, another part are less believable new
Information of appearance etc.), it is control information and non-control information to mark which, carries out various handling processes to this two category information;Its
In, for non-control information, it is not necessary to verify digital signature, multimedia segment is directly loaded into, the process of system can be so improved
Speed, and for control information, then need to be verified, verification mode is first to propose a checking application, and authentication module is received
After application, digital signature fragments are verified based on public key, and return the result of checking(Checking information), outlet terminal is then
Decide whether to play control information based on checking information.
The outlet terminal is additionally operable to from server receiving terminal fresh information, and the terminal fresh information includes being applied to
The APK of android system and security strategy more new file, the terminal fresh information realize encryption based on encrypting module.
Inventive embodiment is based on, outlet terminal includes showing firmware, android system and application program, Android
(System framework layer is serviced)TCS is authentication module;Application program is according to code logic downloading video files(Information to be output), detection
It is required that playing video file, active security policy calculate video file digest value, timestamp is verified for TCS together with signature value;
TCS calls public key to signing messages(Digital signature)Verification checking, by returning correct code and video file digest value.Otherwise
Do not pass through, return error code;Application checks return value, correctly then verifies video file digest value, unanimously then executes video
Play, inconsistent or error code then terminates video playback.
Inventive embodiment is based on, end application starts APK/ firmware flow processs of upgrading according to code logic:Detection is required
Upgrade command is verified, Preservation tactics are activated, command information, timestamp are verified for TCS together with signature value.TCS calls public affairs
Key is verified to signing messages verification, by returning correct code and command information.Otherwise do not pass through, return error code.Application journey
Sequence verifies return value, the command information that correctly then parsing is returned, and downloads APK or firmware bag by the URL of command information, downloads
After finishing, whether verification digest value is consistent with the digest value of command information, unanimously then requires that system is carried out to application program or firmware
Upgrading, inconsistent or error code then terminate flow process of upgrading.
The above, simply presently preferred embodiments of the present invention, the invention is not limited in above-mentioned embodiment, as long as
Which reaches the technique effect of the present invention with identical means, should all belong to protection scope of the present invention.Protection model in the present invention
In enclosing, its technical scheme and/or embodiment can have a variety of modifications and variations.
Claims (7)
1. a kind of multimedia output system, it is characterised in that including encrypting module, server, authentication module and be based on Android
The outlet terminal of technology;Wherein,
The encrypting module is used for receiving and encrypting information to be output, and the information to be output after marking this encrypted is encryption letter
Breath;
The server is used for receiving, store and processing the encryption information;
The authentication module is used for verifying the encryption information and exporting checking information;
The outlet terminal, for receiving encryption key and checking information, processes encryption information based on checking information and exports institute
State information to be output.
2. a kind of multimedia output system according to claim 1, it is characterised in that the encrypting module is based on USB
Key treats output information and is encrypted.
3. a kind of multimedia output system according to claim 2, it is characterised in that the encrypting module is to letter to be output
The step of breath is encrypted includes:
Corresponding cryptographic Hash is obtained using USB key process information to be output;
The cryptographic Hash is digitally signed using the private key of USB key and obtains signature value;
Base64URL coded treatments are carried out to signature value to obtain secret value, and combining encryption value is encrypted with information to be output
Information.
4. a kind of multimedia output system according to claim 3, it is characterised in that the encrypting module is to letter to be output
The step of breath is encrypted also includes generating timestamp using USB key process information to be output, to signature value and timestamp
Base64URL coded treatments are carried out to obtain secret value, combining encryption value obtains encryption information with information to be output.
5. a kind of multimedia output system according to claim 1, it is characterised in that the authentication module stores USB
The public key of key, based on public key verifications encryption information and exports checking information.
6. a kind of multimedia output system according to claim 1, it is characterised in that the outlet terminal is additionally operable to be based on
Security policy manager encryption information, its step include:
From server receiving encryption key, it is that non-control information and control are believed to distinguish and mark encryption information based on security strategy
Breath;
Encryption information is processed based on mark, wherein, for non-control information, the non-control information is directly processed and is exported corresponding
Information to be output;
For control information, checking application is proposed to authentication module, the checking information returned based on authentication module is processed and exported
Corresponding information to be output.
7. a kind of multimedia output system according to claim 1, it is characterised in that the outlet terminal is additionally operable to from clothes
Business device receiving terminal fresh information, the terminal fresh information include that the APK for being applied to android system and security strategy update
File, the terminal fresh information realize encryption based on encrypting module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610921531.3A CN106506144A (en) | 2016-10-21 | 2016-10-21 | A kind of multimedia output system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610921531.3A CN106506144A (en) | 2016-10-21 | 2016-10-21 | A kind of multimedia output system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106506144A true CN106506144A (en) | 2017-03-15 |
Family
ID=58318399
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610921531.3A Pending CN106506144A (en) | 2016-10-21 | 2016-10-21 | A kind of multimedia output system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106506144A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070130084A1 (en) * | 2005-12-06 | 2007-06-07 | Microsoft Corporation | Key Distribution For Secure Messaging |
CN101296148A (en) * | 2008-06-26 | 2008-10-29 | 蓝汛网络科技(北京)有限公司 | Verification method, system and device for validity of multimedia contents |
CN101567738A (en) * | 2008-04-24 | 2009-10-28 | 威盛电子(中国)有限公司 | Multi-media broadcasting device and multi-media broadcast receiving device |
CN102164156A (en) * | 2010-02-24 | 2011-08-24 | 腾讯科技(深圳)有限公司 | Method and system for publishing resources |
US8621208B1 (en) * | 2009-07-06 | 2013-12-31 | Guoan Hu | Secure key server based file and multimedia management system |
CN104966000A (en) * | 2015-06-05 | 2015-10-07 | 浪潮电子信息产业股份有限公司 | Multimedia copyright protection method based on security engine |
-
2016
- 2016-10-21 CN CN201610921531.3A patent/CN106506144A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070130084A1 (en) * | 2005-12-06 | 2007-06-07 | Microsoft Corporation | Key Distribution For Secure Messaging |
CN101567738A (en) * | 2008-04-24 | 2009-10-28 | 威盛电子(中国)有限公司 | Multi-media broadcasting device and multi-media broadcast receiving device |
CN101296148A (en) * | 2008-06-26 | 2008-10-29 | 蓝汛网络科技(北京)有限公司 | Verification method, system and device for validity of multimedia contents |
US8621208B1 (en) * | 2009-07-06 | 2013-12-31 | Guoan Hu | Secure key server based file and multimedia management system |
CN102164156A (en) * | 2010-02-24 | 2011-08-24 | 腾讯科技(深圳)有限公司 | Method and system for publishing resources |
CN104966000A (en) * | 2015-06-05 | 2015-10-07 | 浪潮电子信息产业股份有限公司 | Multimedia copyright protection method based on security engine |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7506381B2 (en) | Method for securing an electronic device, a security system and an electronic device | |
CN109040067A (en) | A kind of user authentication device and authentication method based on the unclonable technology PUF of physics | |
CN110677418A (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
CN105069876A (en) | Control method and system for intelligent access control | |
CN108768963B (en) | Communication method and system of trusted application and secure element | |
CN108616531B (en) | Radio frequency signal secure communication method and system | |
KR101078546B1 (en) | Apparatus for coding and decoding of security data file based on data storage unit idedtification, system for electronic signature using the same | |
CN111130798B (en) | Request authentication method and related equipment | |
CN104471581A (en) | Protecting media items using a media security controller | |
CN108171019B (en) | Anti-counterfeiting verification method, anti-counterfeiting verification system, anti-counterfeiting verification device and storage medium | |
CN111143856A (en) | PLC remote firmware upgrading system and method | |
CN115618399A (en) | Identity authentication method and device based on block chain, electronic equipment and readable medium | |
CN115859267A (en) | Method for safely starting application program, storage control chip and electronic equipment | |
CN112217635B (en) | Information encryption transmission method and system based on block chain and high-speed encryption card | |
WO2017066995A1 (en) | Method and device for preventing unauthorized access to server | |
CN103516524A (en) | Security authentication method and system | |
CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
CN104992329A (en) | Method for safely issuing transaction message | |
US20060200667A1 (en) | Method and system for consistent recognition of ongoing digital relationships | |
CN110266653A (en) | A kind of method for authenticating, system and terminal device | |
CN104579673B (en) | Interactive authentication method between RFID card and card reader | |
CN113591109A (en) | Method and system for communication between trusted execution environment and cloud | |
CN104883260B (en) | Certificate information processing and verification method, processing terminal and authentication server | |
JP2004013560A (en) | Authentication system, communication terminal, and server | |
KR102053993B1 (en) | Method for Authenticating by using Certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170315 |
|
RJ01 | Rejection of invention patent application after publication |