CN107172462A - A kind of video-encryption and identity identifying method and security module - Google Patents

A kind of video-encryption and identity identifying method and security module Download PDF

Info

Publication number
CN107172462A
CN107172462A CN201710594805.7A CN201710594805A CN107172462A CN 107172462 A CN107172462 A CN 107172462A CN 201710594805 A CN201710594805 A CN 201710594805A CN 107172462 A CN107172462 A CN 107172462A
Authority
CN
China
Prior art keywords
data
server
decryption
decrypted
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710594805.7A
Other languages
Chinese (zh)
Inventor
任猛
焦华清
陈毅平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HUAHONG INTEGRATED CIRCUIT DESIGN Co Ltd
Original Assignee
BEIJING HUAHONG INTEGRATED CIRCUIT DESIGN Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HUAHONG INTEGRATED CIRCUIT DESIGN Co Ltd filed Critical BEIJING HUAHONG INTEGRATED CIRCUIT DESIGN Co Ltd
Priority to CN201710594805.7A priority Critical patent/CN107172462A/en
Publication of CN107172462A publication Critical patent/CN107172462A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of video-encryption and identity identifying method and security module, the security for increasing data transfer.This method includes:Obtain video data;The video data is encrypted by preset algorithm to obtain the first data;First data are stored;Judge whether first data need decryption;If first data need decryption, first data are decrypted by the preset algorithm, and export the data after decryption.

Description

A kind of video-encryption and identity identifying method and security module
Technical field
The present invention relates to field of Internet communication, more particularly to a kind of video-encryption and identity identifying method and safe mould Block.
Background technology
With the development of Internet technology, the application of multimedia messages is more and more extensive.Video information is multimedia messages Core.Use a network for video conference, video request program, video monitoring, videophone, Video chat, drive recorder etc. Turn into video traffic main flow at present.Because data are likely to occur the phenomenons such as packet loss, frame losing, error code in network transmission, especially It is particularly important under wireless network environment, in some instances it may even be possible to can be by various attacks actively or passively, such as data interception, number According to stealing, sabotage with transmission error code etc., this application to Video Encryption Algorithm proposes more stringent requirement.
Encryption technology is to realize one of maximally efficient method of communication security at present, is a heat of information security field Point.Video-encryption technology is that the technology of video data is protected using password theory, is cryptographic technique and video coding technique Combination.H.264 as video compression coding standard of new generation, in the side such as compression efficiency, the anti-bit error rate, transmission reliability Face is superior to existing other standards.
The security of existing AES and real-time are often contradiction each other:Ensure safety, it is necessary to which encryption is enough Many sensitive datas, encryption and decryption data amount is big, expends the time, and real-time is difficult to ensure that, and reduces the sensitive data of encryption Reduce security.
The content of the invention
The embodiments of the invention provide a kind of video-encryption and identity identifying method and security module, passed for improving data Defeated security.
First aspect of the embodiment of the present invention provides a kind of video-encryption and identity identifying method, specifically includes:
Obtain video data;
The video data is encrypted by preset algorithm to obtain the first data;
First data are stored;
Judge whether first data need decryption;
If first data need decryption, first data are decrypted by the preset algorithm, and Data after output decryption.
Alternatively, when the first data are only stored without output, it can be stored by first data Before, it is determined that with server complete bidirectional identity authentication, the server for the data after the reception decryption client institute The server of the equipment of the server of carrying, independent server or storage first data;
, can be before the data after output decryption, it is determined that and server when first data need to be exported Complete bidirectional identity authentication, server or independent clothes that the server is carried by the client of the data after receiving and deciphering Business device.
Alternatively, the determination completes bidirectional identity authentication with server includes:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described Preset key first ciphertext is decrypted to obtain first in plain text, and when first plaintext and default authentication data phase During matching, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, recognize it is determined that completing bidirectional identification with the server Card.
Alternatively, when first data need not be decrypted, first data are exported.
Second aspect of the embodiment of the present invention provides a kind of security module, specifically includes:
Acquiring unit, for obtaining video data;
Ciphering unit, for the video data to be encrypted by preset algorithm to obtain the first data;
Memory cell, for first data to be stored;
Judging unit, for judging whether first data need decryption;
Decryption unit, for when first data need decryption, being counted by the preset algorithm to described first According to being decrypted, and export the data after decryption.
The third aspect of the embodiment of the present invention provides a kind of security module, including processor, and the processor is used to perform Realized during the computer program stored in memory such as the step of above-mentioned each side methods described.
Fourth aspect of the embodiment of the present invention provides a kind of computer-readable recording medium, is stored thereon with computer journey Sequence, it is characterised in that:The computer program is when being executed by processor the step of above-mentioned each side methods described.
As can be seen from the above technical solutions, in present example, when there is data flow to pass through, video counts can be got According to, and video data is encrypted by preset algorithm to obtain the first data, the first data are stored, and judges Whether the first data need decryption, when first data need decryption, are then decrypted by preset algorithm, and export Data after decryption.In summary as can be seen that stored after the data that will be got are encrypted in the embodiment of the present invention, and When needing that data are decrypted, ciphertext data is simultaneously exported, and only data could be decrypted by identical algorithm, is protected The security of data transfer is demonstrate,proved.
Brief description of the drawings
Fig. 1 is one embodiment schematic diagram of video-encryption of the embodiment of the present invention and identity identifying method;
Fig. 2 is another embodiment schematic diagram of video-encryption of the embodiment of the present invention and identity identifying method;
Fig. 3 is one embodiment schematic diagram of security module of the embodiment of the present invention;
Fig. 4 is the hardware architecture diagram of security module in the embodiment of the present invention.
Embodiment
The embodiments of the invention provide a kind of video-encryption and identity identifying method and security module, for ensureing that data are passed Defeated security.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.
Term " first ", " second ", " the 3rd " in description and claims of this specification and above-mentioned accompanying drawing, " The (if present)s such as four " are for distinguishing similar object, without for describing specific order or precedence.It should manage The data that solution is so used can be exchanged in the appropriate case, so that the embodiments described herein can be with except illustrating herein Or the order beyond the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that Covering is non-exclusive to be included, for example, containing process, method, system, product or the equipment of series of steps or unit need not limit In those steps or unit for clearly listing, but may include not list clearly or for these processes, method, production Product or the intrinsic other steps of equipment or unit.
In the embodiment of the present invention, it can specifically be divided into two parts, one is memory phase, another is the output stage, Illustrate separately below:
Referring to Fig. 1, the implementation that Fig. 1 is video-encryption and identity identifying method memory phase in the embodiment of the present invention is illustrated It is intended to, including:
101st, video data is obtained.
When there is data flow to be transmitted by I/O interfaces to security module, security module can get video data.
It should be noted that outside processing video data, other data can also be obtained, such as audio, picture, word Data, are only illustrated by taking video data as an example herein, are not limited specifically.
It should be noted that can be provided with I/O interfaces in the security module, the I/O interfaces are responsible for receiving unencryption Data message, and send the data message after decryption, the I/O interfaces can be divided into high-speed interface and low-speed interface two Class, high-speed interface includes the interface types such as USB (USB2.0 or 3.0 etc.), SD (SD2.0 or SD3.0 etc.);Low-speed interface includes ISO7816 and SPI, I2C, UART etc..
It should be noted that write-in information can be stored in information memory cell by the security module, the write-in information Including:Device id, key and host configuration information etc., the key include encryption key, decruption key, certification key etc. Information.The production distribution phase that is logged in of these information is completed, and can be write by I/O interface.
It should be noted that the working condition of security module can be divided into factory mode and user model (can also Referred to as other two patterns, are not limited specifically), the reading and writing data attribute in information memory cell is different under different conditions, Factory mode switches to user model, but user model does not switch to factory mode, is deposited with the safety for ensuring key message Storage, i.e. factory mode can write information to information memory cell, and then no authority writes information to information and deposited user model Storage unit, reads the authority of data only from information memory cell.
102nd, video data is encrypted by preset algorithm to obtain the first data.
After security module is getting video data, can by video data by preset algorithm be encrypted with The first data are obtained, first data are the video data after encryption.
It should be noted that security module video data can be encrypted by security algorithm, can also be by it His algorithm is encrypted, and such as symmetry algorithm (such as DES, 3DES, AES, SM1, SM4, SM7 scheduling algorithm), asymmetric arithmetic are (such as RSA, DSA, SM2, SM9 etc.), hash algorithm (MD2, MD4, MD5, SHA, SHA-1, SM3 scheduling algorithm), as long as can be to video data It is encrypted, does not limit specifically.
, can be with it should be noted that the security module can support the file system such as FAT32, exFAT, NTFS, Ext The each data received are individually encrypted, can also all data be carried out with overall encryption.
103rd, the first data are stored.
After video data is encrypted security module obtains the first data, first data can be deposited Storage, is possibly stored in the memory module of security module or stores into other mobile memory mediums, for example, move Hard disk, USB flash disk or floppy disk, as long as can be stored the first data, are not limited specifically.
It should be noted that security module is possibly stored to the storage of itself when being stored to the first data In medium, it can also store into other storage mediums, when storage is into other move medias, other storage mediums Need to carry out authentication with security module, specific authentication procedures are as follows:
The first ciphertext calculated by preset-key is sent to the server of storage medium, to cause the storage medium Server first ciphertext is decrypted according to the preset key with obtain first in plain text, and when described first in plain text When matching with default authentication data, the server of the storage medium determines the security module recognizing by the server Card;
Second ciphertext is received, second ciphertext passes through the preset-key meter for the server of the storage medium Obtain;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, the server of the storage medium determines the peace Full module completes bidirectional identity authentication with the server.
Do not limit the execution sequence that security module and storage medium carry out bidirectional identity authentication herein, can use Each stage perform, for example obtain video data when perform, can also in device power-up or suspension reconnect when with The server of storage medium carries out authentication.
Specifically, multiple platforms can have been set up on the server of storage medium, for example, authentication platform, business platform, number According to storage platform, wherein, authentication platform completes networking examination & verification, identification authentication of security module etc., and business platform completes all industry Explanation, judgement, coordination, execution of business etc., data storing platform are responsible for the preservation and forwarding of all data.
Referring to Fig. 2, Fig. 2 is the embodiment in the output stage of video-encryption and identity identifying method in the embodiment of the present invention Schematic diagram, including:
201st, video data is obtained;
202nd, video data is encrypted by preset algorithm to obtain the first data;
203rd, the first data are stored;
It should be noted that step 201 is to the step 101 of step 203 and the embodiment shown in Fig. 1 to step 103 phase Together, have been carried out describing in detail in the embodiment shown in Fig. 1, here is omitted.
204th, judge whether the first data need decryption.
In the present embodiment, after security module is stored to the first data, the output of client transmission can received Information carries in output information to be exported to the first data and decrypts instruction, and security module indicates to judge according to decryption Whether need the first data are decrypted (data that output is determined according to output information is received be the data of plaintext also It is the data of ciphertext), if so, step 105 is then performed, if it is not, then performing step 106.
205th, the first data are decrypted by preset algorithm, and export the data after decryption.
When security module determines that first data need decryption, the first data can be carried out by preset algorithm Decryption, and export the data after decryption.
206th, the first data are exported.
When security module determines that the first data need not be decrypted, then the first data are exported.
It should be noted that it should be noted that security module can be carried out the data after decryption by escape way Output, it is ensured that the security of data.
It should be noted that the trigger condition of the data or the data do not decrypted after security module output decryption can be It is passive, for example receive command information or the active of output data, such as it is i.e. defeated when being completed to data deciphering Go out the data of decryption completion or be previously provided with preset time, the data after will being decrypted when preset time is completed Or the data do not decrypted are exported, e.g. 3 hours, every 3 hours, i.e., data are decrypted and export either every The data do not decrypted were exported in individual 3 hours, either, whether the first preset value is more than according to current network transmission rate And/or whether the size of the video data is judged whether to be uploaded video data less than the second preset value, the peace Full module may determine that whether current network transmission speed is more than the first preset value, e.g. 200KB/S, if pre- more than first If value, then video data is decrypted, and is exported, or, the security module can also judge the video counts According to size whether be more than the second preset value, e.g. 50M, if more than the second preset value, the video data is not exported, or Person can receive the instruction of output end transmission, and the part for extracting video data according to instruction is exported, and is e.g. worked as When being video data, the video data of first 30 seconds that range data encryption completes the moment can be exported, or output should The last 5M data of video data, are not limited specifically.The trigger condition of the output data of the security module can also have it Data are decrypted and exported as long as security module can be triggered, do not limited specifically by his mode.
It should be noted that security module can carry out bidirectional identity authentication with server, (server can be to connect Receive the server that the client of the data after decryption is carried, or independent server).
Specifically, when the data to encryption are stored carry out bidirectional identity authentication both sides for security module with Storage medium, and in the client for the data after security module and receiving and deciphering being authenticated before output data, Fig. 1 The bidirectional identity authentication of memory phase is described in detail, bidirectional identity authentication and Fig. 1 institutes of memory phase herein The embodiment shown it is similar, here is omitted, herein only to export the stage bidirectional identity authentication be described in detail, specifically It is as follows:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described Preset key first ciphertext is decrypted to obtain first in plain text, and when first plaintext and default authentication data phase During matching, certification of the security module by the server is determined;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, determine that the security module and the server are complete Into bidirectional identity authentication.
The execution sequence that security module carries out bidirectional identity authentication with server is not limited herein, when the first data need When being exported, security module carries out bidirectional identity authentication with server, can be performed before the data after output decryption, It can perform, such as be performed when obtaining video data in each stage for using, can also be in device power-up or suspension weight During new connection authentication is carried out with server.
Specifically, multiple platforms can have been set up on server, for example, authentication platform, business platform, data storage are flat Platform, wherein, networking examination & verification, identification authentication of authentication platform completion security module etc., the explanation of all business of business platform completion, Judge, coordinate, performing etc., data storing platform is responsible for the preservation and forwarding of all data.
In view of the foregoing it is apparent that, when there is data flow to pass through, video data can be got, and video data is led to Cross preset algorithm to be encrypted to obtain the first data, the first data are stored, judge whether the first data need solution It is close, if so, the first data are decrypted by preset algorithm, and by the data output after decryption.It can see in summary Go out, stored after the data that will be got are encrypted in the embodiment of the present invention, when needing that the first data are decrypted, solution Close first data simultaneously export the data after decryption, and the data to encryption are decrypted and sent, and what it is due to storage is the safe mould The data that block was encrypted, the only security module are decrypted by identical algorithm and data could be decrypted, and are protected The security of data transfer is demonstrate,proved.
The embodiment of the present invention is described the angle from video-encryption and identity identifying method above, below from safe mould The embodiment of the present invention is described the angle of block, please participate in one embodiment bag of security module in Fig. 3, the embodiment of the present invention Include:
Acquiring unit 301, for obtaining video data;
Ciphering unit 302, for video data to be encrypted by preset algorithm to obtain the first data;
Memory cell 303, for the first data to be stored;
Judging unit 304, for judging whether the first data need decryption;
First data, if the first data need decryption, are decrypted by decryption unit 305 by preset algorithm, and Data after output decryption;
Authentication unit 306, before first data are stored for memory cell 303 or decryption unit 305 exports solution Before data after close, it is determined that with server complete bidirectional identity authentication, server be receiving and deciphering after data client Server, the server of the equipment of the first data of independent server or storage carried.
Wherein, decryption unit 305 is additionally operable to when the first data need not be decrypted, and exports the first data.
Wherein, authentication unit 306 specifically for:
The first ciphertext calculated by preset-key is sent to server, to cause server according to preset key to One ciphertext is decrypted to obtain first in plain text, and when the first plaintext matches with default authentication data, it is determined that passing through service The certification of device;
Second ciphertext is received, the second ciphertext is that server is obtained by preset-key calculating;
Second ciphertext is decrypted by preset key to obtain second plaintext;
When second plaintext and default authentication data match, it is determined that completing bidirectional identity authentication with server.
In view of the foregoing it is apparent that, when there is data flow to pass through, video data can be got, and video data is led to Cross preset algorithm to be encrypted to obtain the first data, the first data are stored, judge whether the first data need solution It is close, if so, the first data are decrypted by preset algorithm, and by the data output after decryption.It can see in summary Go out, stored after the data that will be got are encrypted in the embodiment of the present invention, when needing that the first data are decrypted, solution Close first data simultaneously export the data after decryption, and the data to encryption are decrypted and sent, and what it is due to storage is the safe mould The data that block was encrypted, the only security module are decrypted by identical algorithm and data could be decrypted, and are protected The security of data transfer is demonstrate,proved.
Referring to Fig. 4, Fig. 4 is the structural representation of security module provided in an embodiment of the present invention.The safety of the embodiment Module 400 includes:Processor, memory and it is stored in the computer that can be run in the memory and on the processor Program, for example, obtain program.Above-mentioned video-encryption and authentication are realized described in the computing device during computer program Step in the embodiment of method, such as step 101 shown in Fig. 1, or, described in the computing device during computer program Realize the function of each unit in above-described embodiment, such as acquiring unit.
Exemplary, the computer program can be divided into one or more units, one or more of lists Member is stored in the memory, and by the computing device, to complete the present invention.One or more of units can be with It is that can complete the series of computation machine programmed instruction section of specific function, the instruction segment is used to describe the computer program in institute State the implementation procedure in security module.For example, the computer program can be divided into acquiring unit, ciphering unit, storage Unit, judging unit, decryption unit and authentication unit, the concrete function of each unit are as follows:
Acquiring unit, for obtaining video data;
Ciphering unit, for video data to be encrypted by preset algorithm to obtain the first data;
Memory cell, for the first data to be stored;
Judging unit, for judging whether the first data need decryption;
Decryption unit, for when the first data need decryption, the first data to be decrypted by preset algorithm, and Data after output decryption.
Authentication unit, the data before the first data are stored for memory module or after decryption unit output decryption Before, it is determined that completing bidirectional identity authentication with server, server is the client of the data after receiving and deciphering or is independent Server.
Wherein, authentication unit specifically for:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described Preset key first ciphertext is decrypted to obtain first in plain text, and when first plaintext and default authentication data phase During matching, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, recognize it is determined that completing bidirectional identification with the server Card.
The security module can be that mobile phone, desktop PC, notebook, palm PC and cloud server etc. are calculated Equipment.The security module may include, but be not limited only to, processor, memory.It will be understood by those skilled in the art that described Schematic diagram is only the example of security module, does not constitute the restriction to security module, can be included more more or less than illustrating Part, either combine some parts or different parts, such as described security module can also be set including input and output Standby, network access equipment, bus etc..
The processor can be CPU (Central Processing Unit, CPU), can also be it His general processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) or other PLDs, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng the processor is the control centre of the security module, utilizes each of various interfaces and the whole security module of connection Individual part.
The memory can be used for storing the computer program and/or unit, and the processor is by running or performing Computer program and/or unit in the memory are stored in, and calls the data being stored in memory, is realized described The various functions of security module.The memory can mainly include storing program area and storage data field, wherein, storing program area Application program (such as sound-playing function, image player function etc.) that can be needed for storage program area, at least one function etc.; Storage data field can be stored uses created data (such as voice data, phone directory etc.) etc. according to mobile phone.In addition, storage Device can include high-speed random access memory, can also include nonvolatile memory, such as hard disk, internal memory, plug-in type are hard Disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-state parts.
If the integrated unit of the security module is realized using in the form of SFU software functional unit and is used as independent product pin Sell or in use, can be stored in a computer read/write memory medium.Understood based on such, the present invention realizes above-mentioned All or part of flow in embodiment method, can also instruct the hardware of correlation to complete by computer program, described Computer program can be stored in a computer-readable recording medium, the computer program, can be real when being executed by processor The step of each existing above-mentioned embodiment of the method.Wherein, the computer program includes computer program code, the computer journey Sequence code can be source code form, object identification code form, executable file or some intermediate forms etc..It is described computer-readable Medium can include:Any entity or device of the computer program code can be carried, it is recording medium, USB flash disk, mobile hard Disk, magnetic disc, CD, computer storage, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..Need explanation It is that the content that the computer-readable medium is included can be fitted according to legislation in jurisdiction and the requirement of patent practice When increase and decrease, such as in some jurisdictions, according to legislation and patent practice, computer-readable medium does not include electric carrier wave letter Number and telecommunication signal.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the invention can be integrated in a transmitting element, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to preceding State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (10)

1. a kind of video-encryption and identity identifying method, it is characterised in that including:
Obtain video data;
The video data is encrypted by preset algorithm to obtain the first data;
First data are stored;
Judge whether first data need decryption;
If first data need decryption, first data are decrypted by the preset algorithm, and exports Data after decryption.
2. according to the method described in claim 1, it is characterised in that described to be stored first data or the output Before data after decryption, methods described also includes:
It is determined that completing bidirectional identity authentication with server, the server is taken by the client of the data after the reception decryption The server of the equipment of the server of load, independent server or storage first data.
3. method according to claim 2, it is characterised in that the determination completes bidirectional identity authentication bag with server Include:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described preset Key first ciphertext is decrypted to obtain first in plain text, and when first plaintext matches with default authentication data When, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, it is determined that completing bidirectional identity authentication with the server.
4. according to the method described in claim 1, it is characterised in that when first data need not be decrypted, methods described Also include:
Export first data.
5. a kind of security module, it is characterised in that including:
Acquiring unit, for obtaining video data;
Ciphering unit, for the video data to be encrypted by preset algorithm to obtain the first data;
Memory cell, for first data to be stored;
Judging unit, for judging whether first data need decryption;
Decryption unit, for when first data need decryption, being entered by the preset algorithm to first data Row decryption, and export the data after decryption.
6. security module according to claim 5, it is characterised in that described device also includes:
Authentication unit, for after the memory module is stored first data or decryption unit output is decrypted Data before, it is determined that complete bidirectional identity authentication with server, the server is receives the visitor of the data after the decryption The server of the equipment of server, independent server or storage first data that family end is carried.
7. security module according to claim 6, it is characterised in that the authentication unit specifically for:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described preset Key first ciphertext is decrypted to obtain first in plain text, and when first plaintext matches with default authentication data When, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key, to obtain second plaintext;
When the second plaintext and the default authentication data match, it is determined that completing bidirectional identity authentication with the server.
8. security module according to claim 5, it is characterised in that the decryption unit is additionally operable to:
When first data need not be decrypted, first data are exported.
9. a kind of security module, it is characterised in that the security module includes processor, the processor is used to perform memory The step of any one methods described in such as claim 1-4 is realized during the computer program of middle storage.
10. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that:The computer program The step of any one methods described in such as claim 1-4 is realized when being executed by processor.
CN201710594805.7A 2017-07-19 2017-07-19 A kind of video-encryption and identity identifying method and security module Pending CN107172462A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710594805.7A CN107172462A (en) 2017-07-19 2017-07-19 A kind of video-encryption and identity identifying method and security module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710594805.7A CN107172462A (en) 2017-07-19 2017-07-19 A kind of video-encryption and identity identifying method and security module

Publications (1)

Publication Number Publication Date
CN107172462A true CN107172462A (en) 2017-09-15

Family

ID=59817923

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710594805.7A Pending CN107172462A (en) 2017-07-19 2017-07-19 A kind of video-encryption and identity identifying method and security module

Country Status (1)

Country Link
CN (1) CN107172462A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743170A (en) * 2018-11-30 2019-05-10 视联动力信息技术股份有限公司 A kind of Streaming Media logs in and the method and apparatus of data transmission encryption
CN109905627A (en) * 2019-02-13 2019-06-18 视联动力信息技术股份有限公司 A kind of method and apparatus of audio/video flow data recording

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120254618A1 (en) * 2011-03-28 2012-10-04 Sony Europe Limited Authentication certificates
CN103516515A (en) * 2012-06-28 2014-01-15 中兴通讯股份有限公司 Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television
CN106131603A (en) * 2016-08-23 2016-11-16 北京永信至诚科技股份有限公司 A kind of video broadcasting method based on dynamic dictionary and system
CN106453318A (en) * 2016-10-14 2017-02-22 北京握奇智能科技有限公司 Data transmission system and method based on security module

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120254618A1 (en) * 2011-03-28 2012-10-04 Sony Europe Limited Authentication certificates
CN103516515A (en) * 2012-06-28 2014-01-15 中兴通讯股份有限公司 Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television
CN106131603A (en) * 2016-08-23 2016-11-16 北京永信至诚科技股份有限公司 A kind of video broadcasting method based on dynamic dictionary and system
CN106453318A (en) * 2016-10-14 2017-02-22 北京握奇智能科技有限公司 Data transmission system and method based on security module

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743170A (en) * 2018-11-30 2019-05-10 视联动力信息技术股份有限公司 A kind of Streaming Media logs in and the method and apparatus of data transmission encryption
CN109743170B (en) * 2018-11-30 2021-12-10 视联动力信息技术股份有限公司 Method and device for logging in streaming media and encrypting data transmission
CN109905627A (en) * 2019-02-13 2019-06-18 视联动力信息技术股份有限公司 A kind of method and apparatus of audio/video flow data recording

Similar Documents

Publication Publication Date Title
CN112073375B (en) Isolation device and isolation method suitable for client side of electric power Internet of things
US11063941B2 (en) Authentication system, authentication method, and program
CN107222476B (en) A kind of authentication service method
CN108615154B (en) Block chain digital signature system based on hardware encryption protection and using process
CN102215221A (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
CN103201998A (en) Data processing for securing local resources in a mobile device
CN101325485A (en) A method for processing information in an electronic device, a system, an electronic device and a processing block
CN107911370A (en) A kind of data ciphering method and device, data decryption method and device
CN106789024B (en) A kind of remote de-locking method, device and system
CN106295290B (en) Method, device and system for generating authentication information based on fingerprint information
CN111131416A (en) Business service providing method and device, storage medium and electronic device
WO2018121377A1 (en) Transaction method, device and system used in virtual reality environment
CN115208705B (en) Encryption and decryption method and device based on link data self-adaptive adjustment
CN109729000B (en) Instant messaging method and device
CN110598429B (en) Data encryption storage and reading method, terminal equipment and storage medium
CN106027251A (en) Identity card reading terminal and cloud authentication platform data transmission method and system
CN106899584A (en) Management method and its device that a kind of hardware device is accessed
US20190288833A1 (en) System and Method for Securing Private Keys Behind a Biometric Authentication Gateway
CN109245885A (en) Cryptographic key negotiation method, equipment, storage medium and system
CN101944216A (en) Two-factor online transaction safety authentication method and system
CN108200037A (en) A kind of method and system that safety operation is performed using safety equipment
CN111143474A (en) One-key mobile phone number binding changing method based on block chain technology
CN106650372A (en) open method and device of administrator authority
CN109831782B (en) Safety transmission verification method for electronic card information
CN107172462A (en) A kind of video-encryption and identity identifying method and security module

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Jiao Huaqing

Inventor after: Zhao Xiaobao

Inventor after: Ren Meng

Inventor after: Chen Yiping

Inventor before: Ren Meng

Inventor before: Jiao Huaqing

Inventor before: Chen Yiping

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170915