CN107172462A - A kind of video-encryption and identity identifying method and security module - Google Patents
A kind of video-encryption and identity identifying method and security module Download PDFInfo
- Publication number
- CN107172462A CN107172462A CN201710594805.7A CN201710594805A CN107172462A CN 107172462 A CN107172462 A CN 107172462A CN 201710594805 A CN201710594805 A CN 201710594805A CN 107172462 A CN107172462 A CN 107172462A
- Authority
- CN
- China
- Prior art keywords
- data
- server
- decryption
- decrypted
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of video-encryption and identity identifying method and security module, the security for increasing data transfer.This method includes:Obtain video data;The video data is encrypted by preset algorithm to obtain the first data;First data are stored;Judge whether first data need decryption;If first data need decryption, first data are decrypted by the preset algorithm, and export the data after decryption.
Description
Technical field
The present invention relates to field of Internet communication, more particularly to a kind of video-encryption and identity identifying method and safe mould
Block.
Background technology
With the development of Internet technology, the application of multimedia messages is more and more extensive.Video information is multimedia messages
Core.Use a network for video conference, video request program, video monitoring, videophone, Video chat, drive recorder etc.
Turn into video traffic main flow at present.Because data are likely to occur the phenomenons such as packet loss, frame losing, error code in network transmission, especially
It is particularly important under wireless network environment, in some instances it may even be possible to can be by various attacks actively or passively, such as data interception, number
According to stealing, sabotage with transmission error code etc., this application to Video Encryption Algorithm proposes more stringent requirement.
Encryption technology is to realize one of maximally efficient method of communication security at present, is a heat of information security field
Point.Video-encryption technology is that the technology of video data is protected using password theory, is cryptographic technique and video coding technique
Combination.H.264 as video compression coding standard of new generation, in the side such as compression efficiency, the anti-bit error rate, transmission reliability
Face is superior to existing other standards.
The security of existing AES and real-time are often contradiction each other:Ensure safety, it is necessary to which encryption is enough
Many sensitive datas, encryption and decryption data amount is big, expends the time, and real-time is difficult to ensure that, and reduces the sensitive data of encryption
Reduce security.
The content of the invention
The embodiments of the invention provide a kind of video-encryption and identity identifying method and security module, passed for improving data
Defeated security.
First aspect of the embodiment of the present invention provides a kind of video-encryption and identity identifying method, specifically includes:
Obtain video data;
The video data is encrypted by preset algorithm to obtain the first data;
First data are stored;
Judge whether first data need decryption;
If first data need decryption, first data are decrypted by the preset algorithm, and
Data after output decryption.
Alternatively, when the first data are only stored without output, it can be stored by first data
Before, it is determined that with server complete bidirectional identity authentication, the server for the data after the reception decryption client institute
The server of the equipment of the server of carrying, independent server or storage first data;
, can be before the data after output decryption, it is determined that and server when first data need to be exported
Complete bidirectional identity authentication, server or independent clothes that the server is carried by the client of the data after receiving and deciphering
Business device.
Alternatively, the determination completes bidirectional identity authentication with server includes:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described
Preset key first ciphertext is decrypted to obtain first in plain text, and when first plaintext and default authentication data phase
During matching, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, recognize it is determined that completing bidirectional identification with the server
Card.
Alternatively, when first data need not be decrypted, first data are exported.
Second aspect of the embodiment of the present invention provides a kind of security module, specifically includes:
Acquiring unit, for obtaining video data;
Ciphering unit, for the video data to be encrypted by preset algorithm to obtain the first data;
Memory cell, for first data to be stored;
Judging unit, for judging whether first data need decryption;
Decryption unit, for when first data need decryption, being counted by the preset algorithm to described first
According to being decrypted, and export the data after decryption.
The third aspect of the embodiment of the present invention provides a kind of security module, including processor, and the processor is used to perform
Realized during the computer program stored in memory such as the step of above-mentioned each side methods described.
Fourth aspect of the embodiment of the present invention provides a kind of computer-readable recording medium, is stored thereon with computer journey
Sequence, it is characterised in that:The computer program is when being executed by processor the step of above-mentioned each side methods described.
As can be seen from the above technical solutions, in present example, when there is data flow to pass through, video counts can be got
According to, and video data is encrypted by preset algorithm to obtain the first data, the first data are stored, and judges
Whether the first data need decryption, when first data need decryption, are then decrypted by preset algorithm, and export
Data after decryption.In summary as can be seen that stored after the data that will be got are encrypted in the embodiment of the present invention, and
When needing that data are decrypted, ciphertext data is simultaneously exported, and only data could be decrypted by identical algorithm, is protected
The security of data transfer is demonstrate,proved.
Brief description of the drawings
Fig. 1 is one embodiment schematic diagram of video-encryption of the embodiment of the present invention and identity identifying method;
Fig. 2 is another embodiment schematic diagram of video-encryption of the embodiment of the present invention and identity identifying method;
Fig. 3 is one embodiment schematic diagram of security module of the embodiment of the present invention;
Fig. 4 is the hardware architecture diagram of security module in the embodiment of the present invention.
Embodiment
The embodiments of the invention provide a kind of video-encryption and identity identifying method and security module, for ensureing that data are passed
Defeated security.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.
Term " first ", " second ", " the 3rd " in description and claims of this specification and above-mentioned accompanying drawing, "
The (if present)s such as four " are for distinguishing similar object, without for describing specific order or precedence.It should manage
The data that solution is so used can be exchanged in the appropriate case, so that the embodiments described herein can be with except illustrating herein
Or the order beyond the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that
Covering is non-exclusive to be included, for example, containing process, method, system, product or the equipment of series of steps or unit need not limit
In those steps or unit for clearly listing, but may include not list clearly or for these processes, method, production
Product or the intrinsic other steps of equipment or unit.
In the embodiment of the present invention, it can specifically be divided into two parts, one is memory phase, another is the output stage,
Illustrate separately below:
Referring to Fig. 1, the implementation that Fig. 1 is video-encryption and identity identifying method memory phase in the embodiment of the present invention is illustrated
It is intended to, including:
101st, video data is obtained.
When there is data flow to be transmitted by I/O interfaces to security module, security module can get video data.
It should be noted that outside processing video data, other data can also be obtained, such as audio, picture, word
Data, are only illustrated by taking video data as an example herein, are not limited specifically.
It should be noted that can be provided with I/O interfaces in the security module, the I/O interfaces are responsible for receiving unencryption
Data message, and send the data message after decryption, the I/O interfaces can be divided into high-speed interface and low-speed interface two
Class, high-speed interface includes the interface types such as USB (USB2.0 or 3.0 etc.), SD (SD2.0 or SD3.0 etc.);Low-speed interface includes
ISO7816 and SPI, I2C, UART etc..
It should be noted that write-in information can be stored in information memory cell by the security module, the write-in information
Including:Device id, key and host configuration information etc., the key include encryption key, decruption key, certification key etc.
Information.The production distribution phase that is logged in of these information is completed, and can be write by I/O interface.
It should be noted that the working condition of security module can be divided into factory mode and user model (can also
Referred to as other two patterns, are not limited specifically), the reading and writing data attribute in information memory cell is different under different conditions,
Factory mode switches to user model, but user model does not switch to factory mode, is deposited with the safety for ensuring key message
Storage, i.e. factory mode can write information to information memory cell, and then no authority writes information to information and deposited user model
Storage unit, reads the authority of data only from information memory cell.
102nd, video data is encrypted by preset algorithm to obtain the first data.
After security module is getting video data, can by video data by preset algorithm be encrypted with
The first data are obtained, first data are the video data after encryption.
It should be noted that security module video data can be encrypted by security algorithm, can also be by it
His algorithm is encrypted, and such as symmetry algorithm (such as DES, 3DES, AES, SM1, SM4, SM7 scheduling algorithm), asymmetric arithmetic are (such as
RSA, DSA, SM2, SM9 etc.), hash algorithm (MD2, MD4, MD5, SHA, SHA-1, SM3 scheduling algorithm), as long as can be to video data
It is encrypted, does not limit specifically.
, can be with it should be noted that the security module can support the file system such as FAT32, exFAT, NTFS, Ext
The each data received are individually encrypted, can also all data be carried out with overall encryption.
103rd, the first data are stored.
After video data is encrypted security module obtains the first data, first data can be deposited
Storage, is possibly stored in the memory module of security module or stores into other mobile memory mediums, for example, move
Hard disk, USB flash disk or floppy disk, as long as can be stored the first data, are not limited specifically.
It should be noted that security module is possibly stored to the storage of itself when being stored to the first data
In medium, it can also store into other storage mediums, when storage is into other move medias, other storage mediums
Need to carry out authentication with security module, specific authentication procedures are as follows:
The first ciphertext calculated by preset-key is sent to the server of storage medium, to cause the storage medium
Server first ciphertext is decrypted according to the preset key with obtain first in plain text, and when described first in plain text
When matching with default authentication data, the server of the storage medium determines the security module recognizing by the server
Card;
Second ciphertext is received, second ciphertext passes through the preset-key meter for the server of the storage medium
Obtain;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, the server of the storage medium determines the peace
Full module completes bidirectional identity authentication with the server.
Do not limit the execution sequence that security module and storage medium carry out bidirectional identity authentication herein, can use
Each stage perform, for example obtain video data when perform, can also in device power-up or suspension reconnect when with
The server of storage medium carries out authentication.
Specifically, multiple platforms can have been set up on the server of storage medium, for example, authentication platform, business platform, number
According to storage platform, wherein, authentication platform completes networking examination & verification, identification authentication of security module etc., and business platform completes all industry
Explanation, judgement, coordination, execution of business etc., data storing platform are responsible for the preservation and forwarding of all data.
Referring to Fig. 2, Fig. 2 is the embodiment in the output stage of video-encryption and identity identifying method in the embodiment of the present invention
Schematic diagram, including:
201st, video data is obtained;
202nd, video data is encrypted by preset algorithm to obtain the first data;
203rd, the first data are stored;
It should be noted that step 201 is to the step 101 of step 203 and the embodiment shown in Fig. 1 to step 103 phase
Together, have been carried out describing in detail in the embodiment shown in Fig. 1, here is omitted.
204th, judge whether the first data need decryption.
In the present embodiment, after security module is stored to the first data, the output of client transmission can received
Information carries in output information to be exported to the first data and decrypts instruction, and security module indicates to judge according to decryption
Whether need the first data are decrypted (data that output is determined according to output information is received be the data of plaintext also
It is the data of ciphertext), if so, step 105 is then performed, if it is not, then performing step 106.
205th, the first data are decrypted by preset algorithm, and export the data after decryption.
When security module determines that first data need decryption, the first data can be carried out by preset algorithm
Decryption, and export the data after decryption.
206th, the first data are exported.
When security module determines that the first data need not be decrypted, then the first data are exported.
It should be noted that it should be noted that security module can be carried out the data after decryption by escape way
Output, it is ensured that the security of data.
It should be noted that the trigger condition of the data or the data do not decrypted after security module output decryption can be
It is passive, for example receive command information or the active of output data, such as it is i.e. defeated when being completed to data deciphering
Go out the data of decryption completion or be previously provided with preset time, the data after will being decrypted when preset time is completed
Or the data do not decrypted are exported, e.g. 3 hours, every 3 hours, i.e., data are decrypted and export either every
The data do not decrypted were exported in individual 3 hours, either, whether the first preset value is more than according to current network transmission rate
And/or whether the size of the video data is judged whether to be uploaded video data less than the second preset value, the peace
Full module may determine that whether current network transmission speed is more than the first preset value, e.g. 200KB/S, if pre- more than first
If value, then video data is decrypted, and is exported, or, the security module can also judge the video counts
According to size whether be more than the second preset value, e.g. 50M, if more than the second preset value, the video data is not exported, or
Person can receive the instruction of output end transmission, and the part for extracting video data according to instruction is exported, and is e.g. worked as
When being video data, the video data of first 30 seconds that range data encryption completes the moment can be exported, or output should
The last 5M data of video data, are not limited specifically.The trigger condition of the output data of the security module can also have it
Data are decrypted and exported as long as security module can be triggered, do not limited specifically by his mode.
It should be noted that security module can carry out bidirectional identity authentication with server, (server can be to connect
Receive the server that the client of the data after decryption is carried, or independent server).
Specifically, when the data to encryption are stored carry out bidirectional identity authentication both sides for security module with
Storage medium, and in the client for the data after security module and receiving and deciphering being authenticated before output data, Fig. 1
The bidirectional identity authentication of memory phase is described in detail, bidirectional identity authentication and Fig. 1 institutes of memory phase herein
The embodiment shown it is similar, here is omitted, herein only to export the stage bidirectional identity authentication be described in detail, specifically
It is as follows:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described
Preset key first ciphertext is decrypted to obtain first in plain text, and when first plaintext and default authentication data phase
During matching, certification of the security module by the server is determined;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, determine that the security module and the server are complete
Into bidirectional identity authentication.
The execution sequence that security module carries out bidirectional identity authentication with server is not limited herein, when the first data need
When being exported, security module carries out bidirectional identity authentication with server, can be performed before the data after output decryption,
It can perform, such as be performed when obtaining video data in each stage for using, can also be in device power-up or suspension weight
During new connection authentication is carried out with server.
Specifically, multiple platforms can have been set up on server, for example, authentication platform, business platform, data storage are flat
Platform, wherein, networking examination & verification, identification authentication of authentication platform completion security module etc., the explanation of all business of business platform completion,
Judge, coordinate, performing etc., data storing platform is responsible for the preservation and forwarding of all data.
In view of the foregoing it is apparent that, when there is data flow to pass through, video data can be got, and video data is led to
Cross preset algorithm to be encrypted to obtain the first data, the first data are stored, judge whether the first data need solution
It is close, if so, the first data are decrypted by preset algorithm, and by the data output after decryption.It can see in summary
Go out, stored after the data that will be got are encrypted in the embodiment of the present invention, when needing that the first data are decrypted, solution
Close first data simultaneously export the data after decryption, and the data to encryption are decrypted and sent, and what it is due to storage is the safe mould
The data that block was encrypted, the only security module are decrypted by identical algorithm and data could be decrypted, and are protected
The security of data transfer is demonstrate,proved.
The embodiment of the present invention is described the angle from video-encryption and identity identifying method above, below from safe mould
The embodiment of the present invention is described the angle of block, please participate in one embodiment bag of security module in Fig. 3, the embodiment of the present invention
Include:
Acquiring unit 301, for obtaining video data;
Ciphering unit 302, for video data to be encrypted by preset algorithm to obtain the first data;
Memory cell 303, for the first data to be stored;
Judging unit 304, for judging whether the first data need decryption;
First data, if the first data need decryption, are decrypted by decryption unit 305 by preset algorithm, and
Data after output decryption;
Authentication unit 306, before first data are stored for memory cell 303 or decryption unit 305 exports solution
Before data after close, it is determined that with server complete bidirectional identity authentication, server be receiving and deciphering after data client
Server, the server of the equipment of the first data of independent server or storage carried.
Wherein, decryption unit 305 is additionally operable to when the first data need not be decrypted, and exports the first data.
Wherein, authentication unit 306 specifically for:
The first ciphertext calculated by preset-key is sent to server, to cause server according to preset key to
One ciphertext is decrypted to obtain first in plain text, and when the first plaintext matches with default authentication data, it is determined that passing through service
The certification of device;
Second ciphertext is received, the second ciphertext is that server is obtained by preset-key calculating;
Second ciphertext is decrypted by preset key to obtain second plaintext;
When second plaintext and default authentication data match, it is determined that completing bidirectional identity authentication with server.
In view of the foregoing it is apparent that, when there is data flow to pass through, video data can be got, and video data is led to
Cross preset algorithm to be encrypted to obtain the first data, the first data are stored, judge whether the first data need solution
It is close, if so, the first data are decrypted by preset algorithm, and by the data output after decryption.It can see in summary
Go out, stored after the data that will be got are encrypted in the embodiment of the present invention, when needing that the first data are decrypted, solution
Close first data simultaneously export the data after decryption, and the data to encryption are decrypted and sent, and what it is due to storage is the safe mould
The data that block was encrypted, the only security module are decrypted by identical algorithm and data could be decrypted, and are protected
The security of data transfer is demonstrate,proved.
Referring to Fig. 4, Fig. 4 is the structural representation of security module provided in an embodiment of the present invention.The safety of the embodiment
Module 400 includes:Processor, memory and it is stored in the computer that can be run in the memory and on the processor
Program, for example, obtain program.Above-mentioned video-encryption and authentication are realized described in the computing device during computer program
Step in the embodiment of method, such as step 101 shown in Fig. 1, or, described in the computing device during computer program
Realize the function of each unit in above-described embodiment, such as acquiring unit.
Exemplary, the computer program can be divided into one or more units, one or more of lists
Member is stored in the memory, and by the computing device, to complete the present invention.One or more of units can be with
It is that can complete the series of computation machine programmed instruction section of specific function, the instruction segment is used to describe the computer program in institute
State the implementation procedure in security module.For example, the computer program can be divided into acquiring unit, ciphering unit, storage
Unit, judging unit, decryption unit and authentication unit, the concrete function of each unit are as follows:
Acquiring unit, for obtaining video data;
Ciphering unit, for video data to be encrypted by preset algorithm to obtain the first data;
Memory cell, for the first data to be stored;
Judging unit, for judging whether the first data need decryption;
Decryption unit, for when the first data need decryption, the first data to be decrypted by preset algorithm, and
Data after output decryption.
Authentication unit, the data before the first data are stored for memory module or after decryption unit output decryption
Before, it is determined that completing bidirectional identity authentication with server, server is the client of the data after receiving and deciphering or is independent
Server.
Wherein, authentication unit specifically for:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described
Preset key first ciphertext is decrypted to obtain first in plain text, and when first plaintext and default authentication data phase
During matching, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, recognize it is determined that completing bidirectional identification with the server
Card.
The security module can be that mobile phone, desktop PC, notebook, palm PC and cloud server etc. are calculated
Equipment.The security module may include, but be not limited only to, processor, memory.It will be understood by those skilled in the art that described
Schematic diagram is only the example of security module, does not constitute the restriction to security module, can be included more more or less than illustrating
Part, either combine some parts or different parts, such as described security module can also be set including input and output
Standby, network access equipment, bus etc..
The processor can be CPU (Central Processing Unit, CPU), can also be it
His general processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) or other PLDs, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng the processor is the control centre of the security module, utilizes each of various interfaces and the whole security module of connection
Individual part.
The memory can be used for storing the computer program and/or unit, and the processor is by running or performing
Computer program and/or unit in the memory are stored in, and calls the data being stored in memory, is realized described
The various functions of security module.The memory can mainly include storing program area and storage data field, wherein, storing program area
Application program (such as sound-playing function, image player function etc.) that can be needed for storage program area, at least one function etc.;
Storage data field can be stored uses created data (such as voice data, phone directory etc.) etc. according to mobile phone.In addition, storage
Device can include high-speed random access memory, can also include nonvolatile memory, such as hard disk, internal memory, plug-in type are hard
Disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card
(Flash Card), at least one disk memory, flush memory device or other volatile solid-state parts.
If the integrated unit of the security module is realized using in the form of SFU software functional unit and is used as independent product pin
Sell or in use, can be stored in a computer read/write memory medium.Understood based on such, the present invention realizes above-mentioned
All or part of flow in embodiment method, can also instruct the hardware of correlation to complete by computer program, described
Computer program can be stored in a computer-readable recording medium, the computer program, can be real when being executed by processor
The step of each existing above-mentioned embodiment of the method.Wherein, the computer program includes computer program code, the computer journey
Sequence code can be source code form, object identification code form, executable file or some intermediate forms etc..It is described computer-readable
Medium can include:Any entity or device of the computer program code can be carried, it is recording medium, USB flash disk, mobile hard
Disk, magnetic disc, CD, computer storage, read-only storage (ROM, Read-Only Memory), random access memory
(RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..Need explanation
It is that the content that the computer-readable medium is included can be fitted according to legislation in jurisdiction and the requirement of patent practice
When increase and decrease, such as in some jurisdictions, according to legislation and patent practice, computer-readable medium does not include electric carrier wave letter
Number and telecommunication signal.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces
Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the invention can be integrated in a transmitting element, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially
The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to preceding
State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. a kind of video-encryption and identity identifying method, it is characterised in that including:
Obtain video data;
The video data is encrypted by preset algorithm to obtain the first data;
First data are stored;
Judge whether first data need decryption;
If first data need decryption, first data are decrypted by the preset algorithm, and exports
Data after decryption.
2. according to the method described in claim 1, it is characterised in that described to be stored first data or the output
Before data after decryption, methods described also includes:
It is determined that completing bidirectional identity authentication with server, the server is taken by the client of the data after the reception decryption
The server of the equipment of the server of load, independent server or storage first data.
3. method according to claim 2, it is characterised in that the determination completes bidirectional identity authentication bag with server
Include:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described preset
Key first ciphertext is decrypted to obtain first in plain text, and when first plaintext matches with default authentication data
When, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key to obtain second plaintext;
When the second plaintext and the default authentication data match, it is determined that completing bidirectional identity authentication with the server.
4. according to the method described in claim 1, it is characterised in that when first data need not be decrypted, methods described
Also include:
Export first data.
5. a kind of security module, it is characterised in that including:
Acquiring unit, for obtaining video data;
Ciphering unit, for the video data to be encrypted by preset algorithm to obtain the first data;
Memory cell, for first data to be stored;
Judging unit, for judging whether first data need decryption;
Decryption unit, for when first data need decryption, being entered by the preset algorithm to first data
Row decryption, and export the data after decryption.
6. security module according to claim 5, it is characterised in that described device also includes:
Authentication unit, for after the memory module is stored first data or decryption unit output is decrypted
Data before, it is determined that complete bidirectional identity authentication with server, the server is receives the visitor of the data after the decryption
The server of the equipment of server, independent server or storage first data that family end is carried.
7. security module according to claim 6, it is characterised in that the authentication unit specifically for:
The first ciphertext calculated by preset-key is sent to the server, to cause the server according to described preset
Key first ciphertext is decrypted to obtain first in plain text, and when first plaintext matches with default authentication data
When, it is determined that passing through the certification of the server;
Second ciphertext is received, second ciphertext is that the server is obtained by preset-key calculating;
Second ciphertext is decrypted by the preset key, to obtain second plaintext;
When the second plaintext and the default authentication data match, it is determined that completing bidirectional identity authentication with the server.
8. security module according to claim 5, it is characterised in that the decryption unit is additionally operable to:
When first data need not be decrypted, first data are exported.
9. a kind of security module, it is characterised in that the security module includes processor, the processor is used to perform memory
The step of any one methods described in such as claim 1-4 is realized during the computer program of middle storage.
10. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that:The computer program
The step of any one methods described in such as claim 1-4 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710594805.7A CN107172462A (en) | 2017-07-19 | 2017-07-19 | A kind of video-encryption and identity identifying method and security module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710594805.7A CN107172462A (en) | 2017-07-19 | 2017-07-19 | A kind of video-encryption and identity identifying method and security module |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107172462A true CN107172462A (en) | 2017-09-15 |
Family
ID=59817923
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710594805.7A Pending CN107172462A (en) | 2017-07-19 | 2017-07-19 | A kind of video-encryption and identity identifying method and security module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107172462A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743170A (en) * | 2018-11-30 | 2019-05-10 | 视联动力信息技术股份有限公司 | A kind of Streaming Media logs in and the method and apparatus of data transmission encryption |
CN109905627A (en) * | 2019-02-13 | 2019-06-18 | 视联动力信息技术股份有限公司 | A kind of method and apparatus of audio/video flow data recording |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120254618A1 (en) * | 2011-03-28 | 2012-10-04 | Sony Europe Limited | Authentication certificates |
CN103516515A (en) * | 2012-06-28 | 2014-01-15 | 中兴通讯股份有限公司 | Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system |
CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
CN106131603A (en) * | 2016-08-23 | 2016-11-16 | 北京永信至诚科技股份有限公司 | A kind of video broadcasting method based on dynamic dictionary and system |
CN106453318A (en) * | 2016-10-14 | 2017-02-22 | 北京握奇智能科技有限公司 | Data transmission system and method based on security module |
-
2017
- 2017-07-19 CN CN201710594805.7A patent/CN107172462A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120254618A1 (en) * | 2011-03-28 | 2012-10-04 | Sony Europe Limited | Authentication certificates |
CN103516515A (en) * | 2012-06-28 | 2014-01-15 | 中兴通讯股份有限公司 | Encryption/decryption seamless switch achieving method, OLT and ONU in GPON system |
CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
CN106131603A (en) * | 2016-08-23 | 2016-11-16 | 北京永信至诚科技股份有限公司 | A kind of video broadcasting method based on dynamic dictionary and system |
CN106453318A (en) * | 2016-10-14 | 2017-02-22 | 北京握奇智能科技有限公司 | Data transmission system and method based on security module |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743170A (en) * | 2018-11-30 | 2019-05-10 | 视联动力信息技术股份有限公司 | A kind of Streaming Media logs in and the method and apparatus of data transmission encryption |
CN109743170B (en) * | 2018-11-30 | 2021-12-10 | 视联动力信息技术股份有限公司 | Method and device for logging in streaming media and encrypting data transmission |
CN109905627A (en) * | 2019-02-13 | 2019-06-18 | 视联动力信息技术股份有限公司 | A kind of method and apparatus of audio/video flow data recording |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112073375B (en) | Isolation device and isolation method suitable for client side of electric power Internet of things | |
US11063941B2 (en) | Authentication system, authentication method, and program | |
CN107222476B (en) | A kind of authentication service method | |
CN108615154B (en) | Block chain digital signature system based on hardware encryption protection and using process | |
CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
CN103201998A (en) | Data processing for securing local resources in a mobile device | |
CN101325485A (en) | A method for processing information in an electronic device, a system, an electronic device and a processing block | |
CN107911370A (en) | A kind of data ciphering method and device, data decryption method and device | |
CN106789024B (en) | A kind of remote de-locking method, device and system | |
CN106295290B (en) | Method, device and system for generating authentication information based on fingerprint information | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
WO2018121377A1 (en) | Transaction method, device and system used in virtual reality environment | |
CN115208705B (en) | Encryption and decryption method and device based on link data self-adaptive adjustment | |
CN109729000B (en) | Instant messaging method and device | |
CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
CN106027251A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
CN106899584A (en) | Management method and its device that a kind of hardware device is accessed | |
US20190288833A1 (en) | System and Method for Securing Private Keys Behind a Biometric Authentication Gateway | |
CN109245885A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
CN108200037A (en) | A kind of method and system that safety operation is performed using safety equipment | |
CN111143474A (en) | One-key mobile phone number binding changing method based on block chain technology | |
CN106650372A (en) | open method and device of administrator authority | |
CN109831782B (en) | Safety transmission verification method for electronic card information | |
CN107172462A (en) | A kind of video-encryption and identity identifying method and security module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Jiao Huaqing Inventor after: Zhao Xiaobao Inventor after: Ren Meng Inventor after: Chen Yiping Inventor before: Ren Meng Inventor before: Jiao Huaqing Inventor before: Chen Yiping |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170915 |