CN107809436A

CN107809436A - Authority discrimination method, encryption method, the apparatus and system of Internet video access

Info

Publication number: CN107809436A
Application number: CN201711107690.0A
Authority: CN
Inventors: 李伟华; 李毅; 要文涛
Original assignee: POWERINFO CO Ltd
Current assignee: POWERINFO CO Ltd
Priority date: 2017-11-10
Filing date: 2017-11-10
Publication date: 2018-03-16
Anticipated expiration: 2037-11-10
Also published as: CN107809436B

Abstract

Authority discrimination method, encryption method, the apparatus and system accessed the invention provides a kind of Internet video, it is related to internet video areas of information technology, by differentiating to the authority information that videoconference client is sent, and pass through decipherment algorithm and decruption key corresponding to advance rule determination, realize the decryption to authority information, and authority information after decryption is defined the competence and differentiated successfully when meeting preparatory condition.In authority discrimination process, it is not necessary to which user carries out account registration using videoconference client in advance, improves Consumer's Experience.Meanwhile the decryption of authority information needs just obtain correct authority information using correct decipherment algorithm and decruption key simultaneously, avoids the risk cracked in communication process by packet capturing analysis.Also, decipherment algorithm and decruption key are separate, in the case that one of both is cracked, remain to ensure by another Preservation tactics the security of system.

Description

Authority discrimination method, encryption method, the apparatus and system of Internet video access

Technical field

The present invention relates to internet video areas of information technology, differentiate more particularly, to the authority that a kind of Internet video accesses Method, encryption method, apparatus and system.

Background technology

Shown according to open source information, accounting of the flow in internet total flow is caused by Online Videos in 2016 73%, and this numeral will reach 82% in 2021.Internet video content is as activities such as office, amusement, information, education Main carriers, turn into most people and live an indispensable part.Video content provider leads to while video is provided Cross Video service end and launch the advertisement informations such as advertisement to videoconference client to realize commercial value.But in existing Video service, The information of transmission is easy to be cracked by packet capturing, and security is poor.

The content of the invention

In view of this, it is an object of the invention to provide a kind of Internet video access authority discrimination method, encryption method, Apparatus and system, to solve the problems, such as security risk existing for prior art.

Technical scheme provided by the invention is as follows：

The authority discrimination method that a kind of Internet video accesses, applied to Video service end, this method includes：

Receive the authority information by encryption that videoconference client is sent；

At least one decipherment algorithm and at least one according to corresponding to preset rules determine the authority information by encryption Individual decruption key；

The authority information by encryption is entered using at least one decipherment algorithm and at least one decruption key Row is decrypted at least once, the authority information after being decrypted；

Judge whether the authority information after decryption meets preparatory condition, if meeting preparatory condition, pass through at Video service end The Authority Verification of the videoconference client, Video service is provided as videoconference client using the operation according to videoconference client.

Second aspect, present invention also offers a kind of rights encryption method, applied to videoconference client, this method includes：

Defined the competence at least one AES corresponding to information and at least one encryption key according to preset rules；

The authority information is carried out at least once using at least one AES and at least one encryption key Encryption, the authority information after being encrypted；

Authority information after the encryption is sent to Video service end.

The third aspect, present invention also offers a kind of authority identification device, and applied to Video service end, the authority differentiates dress Put including：

Data obtaining module, for receiving the authority information by encryption of videoconference client transmission；

Decipherment algorithm and key determining module, for determining that the authority information by encryption is corresponding according to preset rules At least one decipherment algorithm and at least one decruption key；

Deciphering module, for passing through encryption to described using at least one decipherment algorithm and at least one decruption key Authority information decrypted at least once, the authority information after being decrypted；

Identification module, judges whether the authority information after decryption meets preparatory condition, if meeting preparatory condition, is taken in video Business Authority Verification of the end by the videoconference client, video clothes are provided by videoconference client of the operation according to videoconference client Business.

Fourth aspect, present invention also offers a kind of rights encryption device, applied to videoconference client, rights encryption dress Put including：

AES and key determining module, for being defined the competence at least one encryption corresponding to information according to preset rules Algorithm and at least one encryption key；

Encrypting module, for utilizing at least one AES and at least one encryption key to the authority information Encrypted at least once, the authority information after being encrypted；

Transport module, for the authority information after the encryption to be sent to Video service end.

5th aspect, present invention also offers a kind of authority identification system, including Video service end and videoconference client, its In, the videoconference client includes：

Encrypting module, for utilizing at least one AES and at least one encryption key to the authority information Encrypted at least once, the authority information after being encrypted；And

Transport module, for the authority information after the encryption to be sent to Video service end；

The Video service end includes：

Deciphering module, for passing through encryption to described using at least one decipherment algorithm and at least one decruption key Authority information decrypted at least once, the authority information after being decrypted；And

The authority discrimination method that Internet video provided in an embodiment of the present invention accesses, can be by sending to videoconference client Authority information differentiated, by advance rule determine corresponding to decipherment algorithm and decruption key, realize to authority information Decryption, and when authority information after decryption meets preparatory condition, define the competence and differentiate successfully.In authority discrimination process, no Need user to carry out account registration using videoconference client in advance, improve Consumer's Experience.Meanwhile the decryption of authority information needs Correct authority information can be just obtained using correct decipherment algorithm and decruption key simultaneously, is avoided in communication process by packet capturing Analyze the risk cracked.Also, decipherment algorithm and decruption key are separate, in the case that one of both is cracked, Remain to ensure by another Preservation tactics the security of system.

Brief description of the drawings

, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid Put, other accompanying drawings can also be obtained according to these accompanying drawings.

Fig. 1 is the schematic diagram that a kind of Video service end of the embodiment of the present invention interacts with videoconference client.

Fig. 2 is the schematic flow sheet for the authority discrimination method that a kind of Internet video of the embodiment of the present invention accesses.

Fig. 3 is the sub-step of step S102 in the authority discrimination method that a kind of Internet video of the embodiment of the present invention accesses Schematic flow sheet.

Fig. 4 is a kind of schematic flow sheet of rights encryption method of the embodiment of the present invention.

Fig. 5 be the embodiment of the present invention a kind of rights encryption method in step S201 sub-step schematic flow sheet.

Fig. 6 is a kind of schematic flow sheet of authority identification device of the embodiment of the present invention.

Fig. 7 is a kind of schematic flow sheet of rights encryption device of the embodiment of the present invention.

Icon：100- Video services end；200- videoconference clients；10- authority identification devices；20- rights encryption devices； 101- data obtaining modules；102- decipherment algorithms and key determining module；103- deciphering modules；104- identification modules；201- adds Close algorithm and key determining module；202- encrypting modules；203- transport modules.

Embodiment

To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention Technical scheme be clearly and completely described, it is clear that described embodiment is part of the embodiment of the present invention, rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belongs to the scope of protection of the invention.

Inventor has found that user by communication equipment when obtaining Video service, due to providing manufacturer's meeting of Video service Substantial amounts of video content is provided, some video contents need subscriber payment or could played after being registered as member.Such interaction Process just needs user is advanced at the manufacturer for providing Video service in advance to cross the registration process of account, the purchase of member, expense A series of processes such as pay after, could be when obtaining Video service, there is provided correct authority.It is and the account name of user, close The information such as code need to send to Video service end, and Video service end can determine according to information such as the account name of user, passwords Whether the user has correct authority.These information are in transmitting procedure, it is easy to are intercepted and cause userspersonal information Leakage.Also, such process needs user's registration, and registration step is cumbersome, and usage experience is bad.

Meanwhile the client that some non-video content providers authorize can obtain video clothes by cutting the methods of bag is analyzed The communication details being engaged between end and client, the client for having obtained mandate is pretended to be to obtain video content from Video service end, The advertisement informations such as the advertisement of Video service end offer are bypassed or replaced, are the direct or indirect incidents of the interests of video content provider To loss.

Based on it is such the problem of, can be verified by using session and authentication mechanism based on token.

Session checking flow be：Client produces session with username and password login service end, service end Object, for tracking the state of user, and session ID is returned to client；Client request server again, can will Session ID are sent to server in a manner of cookie request head, and after server receives session ID, index obtains Session objects, so as to track client state.

Flow based on token authentication mechanisms is：Client is with username and password login service end, and service end is by testing Card is sent to one token of user；Client stores token and gives this token value as an addition when accessing service end every time, takes End checking token values of being engaged in simultaneously returned data.

Session checkings are similar with based on token authentication mechanism flows, are required for user to input username and password, its Implicit premise is that user needs registered user's name and password.For most of video consumer end subscribers, this point will Consumer's Experience is set greatly to decline.Importantly, session and token can be cracked by way of network packet capturing is analyzed Out, security performance presence must defect.

First embodiment

The embodiments of the invention provide the authority discrimination method that a kind of Internet video accesses, applied to Video service end 100, The Video service end 100 can be that videoconference client 200 provides Video service, and videoconference client 200 can be that user uses The communication equipment of connection, such as personal computer, mobile phone, tablet personal computer equipment can be established with Video service end 100.User exists When needing the Video service end 100 to provide Video service using videoconference client 200, the different users of videoconference client 200 can be with Service with personalization, realized by Video service end 100 and the authority of videoconference client 200 is differentiated, to determine video visitor Whether family end 200 has correct access rights.As shown in figure 1, the interaction for videoconference client 200 and Video service end 100 Schematic diagram.

As shown in Fig. 2 the authority discrimination method that the Internet video accesses comprises the following steps.

Step S101, receive the authority information by encryption that videoconference client 200 is sent.

First authority information can be encrypted for videoconference client 200, the authority information after being encrypted, and can pass through The communication connection pre-established with Video service end 100, the authority information by encryption is sent to Video service end 100. In the embodiment of the present invention, authority information can make including the client code, client terminal version information, encryption pre-set The ginseng such as current time information at Video service end 100 that the summary info and videoconference client 200 of key file obtain One or more of number.Video service end 100 receives the authority information by encryption.

It is (the Red Hat Enterprise Linux of RHEL 7.0 that Video service end 100, which may operate in operating system, 7.0) in environment, Video service end 100 can be invoked at clothes when responding the connection of videoconference client 200 or playing request Authority information after encryption is decrypted the deciphering module 103 at business end.

Step S102, at least one decipherment algorithm according to corresponding to preset rules determine the authority information by encryption With at least one decruption key.

Video service end 100 can determine decipherment algorithm and decruption key according to predetermined preset rules, with docking The authority information by encryption received is decrypted.Video service end 100 is provided with multiple decipherment algorithms and multiple in advance Decruption key.Video service end 100 can use the document form of dynamic link library to store decipherment algorithm, decipherment algorithm At least one of AES-128, AES-192 and AES-256 can be included, naturally it is also possible to using the decipherment algorithm of other forms, The embodiment of the present invention is not intended to limit the specific algorithm form of decipherment algorithm.

Detailed, as shown in figure 3, decipherment algorithm and decruption key can be determined by following sub-step.

Sub-step S121, decipherment algorithm is determined according at least one of temporal information and communication interaction information, wherein, institute State the time value that temporal information determines for the Video service end 100 according to current time information.

For example, information is determined in the method for decipherment algorithm between when in use, can use Video service end 100 it is current when The number of seconds at quarter and 3 makees complementation, selects AES-128 to be selected as decipherment algorithm if result is 1 if result is 0 AES-192 selects AES-256 as decipherment algorithm as decipherment algorithm if result is 2.Can certainly be to temporal information Determine to select any algorithm as decipherment algorithm using the computing of other forms.

When determining decipherment algorithm using communication interaction information, communication interaction information can be Video service end 100 with regarding The relevant information to be communicated between frequency client 200.Before communication interaction information can include authority discriminating, Video service end 100 is sent out Deliver to the initial rights information of videoconference client 200, the connection after videoconference client 200 starts with Video service end 100 is shaken hands Detection that information, videoconference client 200 and Video service end 100 are mutually sent or data message etc., and communication interaction is believed In breath can including executable program etc. program language.Video service end 100 can pre-establish communication interaction information and decryption The corresponding relation of algorithm, corresponding decipherment algorithm can determine that by the communication interaction information of determination.Such as can be according to communication Decipherment algorithm corresponding to the default fixed data determination included in interactive information.If for example, numerical value of a certain fixed data For 0, it is determined that AES-128 is decipherment algorithm.If the numerical value of the fixed data is 1, it is determined that AES-192 is decipherment algorithm. If the numerical value of the fixed data is 2, it is determined that AES-256 is decipherment algorithm.

In addition, the executable program for including the decipherment algorithm can also be included in communication interaction information.Now, true When determining decipherment algorithm, interpreter corresponding with the executable program can be called to perform at least one in the executable program Part, can partly or entirely being performed using the executable program as decipherment algorithm.Executable program can be The sentence of the scripts such as Python, Lua, Perl, Video service end 100 can call interpreter corresponding with script to hold Sentence in row executable program, sentence information corresponding to the executable program is obtained, using the sentence information as the decryption At least a portion of algorithm.

For example, after performing obtained sentence information be by after authority information and the initial rights information pre-set splicing with Decruption key makees circulation XOR.Action of the can using the action of this information as decipherment algorithm.Or after execution Obtained sentence information is to regard sentence data message in itself as decipherment algorithm, now, it is possible to using the sentence as integrally Decryption method use.

By the above method can determine corresponding to decipherment algorithm.It is understood that Video service end 100 is right in advance Can be that decruption key configures replacement cycle D when decipherment algorithm and decruption key are configured, and can be using C1, C2 to be default Coefficient is decrypted, decryption coefficient can be as the parameter preset for carrying out associated decryption computing.

Sub-step S122, the decruption key is determined according at least one of the temporal information or communication interaction information Corresponding cipher key index number, determined according to the cipher key index number from the multiple decruption key corresponding with the cipher key index number Decruption key.

During authority information is decrypted, decipherment algorithm is not only needed to also need to decruption key, decruption key Parameter during as decryption.The length of decruption key corresponding to different decipherment algorithms is different.For example, consolidate in key file length When being set to 65536 byte, using different decipherment algorithms, the number of keys that this document includes also differs.Such as use AES- During 128 conduct decipherment algorithm, its decruption key quantity is 4096.When using AES-192 as decipherment algorithm, decruption key number Measure as 2730.When using AES-256 as decipherment algorithm, number of keys can be 2048.Can be according to the temporal information It is corresponding with the decruption key with reference to decruption key characteristic computing generation with least one of the communication interaction information The cipher key index number, wherein, the decruption key characteristic includes decruption key number, decryption coefficient and decruption key At least one parameter in module release information.

, can be with usage time information combination decruption key characteristic computing when information determines decruption key between when in use Obtain the cipher key index number of decruption key.It is for instance possible to use number of seconds of the current time relative on January 1st, 1970, by pre- If the cipher key index number of decruption key is calculated in formula.Preset formula can be：(((T/D) ^C1)+C2) %S, wherein, T is Relative to 1970.1.1 number of seconds, D is the decruption key module release information of current version, can be that decruption key is default more Change the cycle, C1, C2 are default decryption coefficient, and S is the number of decruption key.When can certainly use other operational forms pair Between information operation to determine cipher key index number.Corresponding decruption key is found using cipher key index number.

When determining decruption key using communication interaction information, can directly include in the data field of communication interaction information The cipher key index number of decruption key, by the cipher key index number in data field, it is determined that corresponding decruption key.

Further, it is also possible to key rope is obtained by the data combination decruption key characteristic computing in communication interaction information Quotation marks.Such as the data in communication interaction information are X, then it can be used formula (((X/D) ^C1+C2) %S) that decryption is calculated close The cipher key index number of key.

In another embodiment, different decruption keys is pseudo- using different primitive polynomials and forming initial fields Random sequence, cipher key index of the data as the decruption key in the pseudo-random sequence is selected according to the temporal information Number；Or the data field in the communication interaction information selects the data in the pseudo-random sequence as the decryption The cipher key index number of key.For example, the primitive polynomial and forming initial fields pseudo-random sequence of Gold sequence algorithm can be used, then root Cipher key index number of the element as decruption key is selected from pseudo-random sequence according to temporal information.

In another embodiment, it can also be decrypted according to the mark that predetermined key file provides The determination of method and decruption key, such as set decryption method operation token on the head of key file.

Decipherment algorithm and corresponding decruption key can determine that using the above method.Video service end 100 can be advance Configure a variety of decipherment algorithms and multiple decruption keys, it is possible to achieve abundant decryption combination, improve peace during authority information decryption Quan Xing.It is determined that obtained decipherment algorithm and decruption key can be one or more.

Such as when in use between information when determining decipherment algorithm, if making complementation using the number of seconds and 3 of current time, AES-128 is selected when being as a result 0 as decipherment algorithm.AES-192 is selected when being as a result 1 as decipherment algorithm.Selected when being as a result 2 AES-256 is selected as decipherment algorithm.If only determine a unique algorithm as decipherment algorithm, then to be likely to occur due to being The decipherment algorithm that system error causes to determine is not correct decipherment algorithm.Therefore, in order to prevent rounding error, can forward and to A kind of method is respectively taken afterwards, such as result of calculation is 0 in the present embodiment, not only using AES-128 as decipherment algorithm, is also by previous AES-256 corresponding to 2 result also serves as decrypting as decipherment algorithm, while by latter for AES-192 corresponding to 1 result Algorithm.

It is above-mentioned cipher key index number can be determined by dependency rule after obtain corresponding decruption key, another specific real Apply in mode.The decruption key can also be at least one data file, the digital carrier file of camouflage or Digital Media text Part, now just need allocating conventional cipher key interface, camouflage to read interface, digital watermarking extraction interface or steganography content and carry Interface reading at least one data file, the digital carrier file of camouflage or digital media file is taken to obtain the decryption close The content of key.

Data file can directly store decruption key content.The digital carrier file of camouflage, it is close to refer to content itself The appearance forrns of key but file are one or more files of dynamic link library, image, audio, video.Carry the numeral of key Media file, the outward appearance for referring to file are digital media files, and the Digital Media also can normally show the content of media, decryption Key is to be stored in the method for digital watermarking or steganography in digital media file, visual inspection or uses Programmable detection It is difficult to the difference for detecting the media file and Conventional media file.The digital media file can include herein below one Kind or a variety of combinations：Image, video, audio.

Detailed, the digital watermarking referred in the present embodiment or steganography algorithm, the main LSB for including spatial domain The DCT of (Least Significant Bit, least significant bit) and frequency domain (Discrete Cosine Transform, it is discrete Cosine transform) algorithm.For the three types of above-mentioned Digital Media, LSB and DCT algorithms are applicable for image, and video and Audio is only applicable to DCT algorithms.It is introduced below by taking the processing method of image as an example：

1) LSB methods are utilized in coloured image rgb space, will be minimum in watermark or steganography information write-in RGB bytes In bit, because lowest bit position is that the 0 or 1 display effect influence for image is extremely low, human eye is also impossible to differentiate it Difference.Because human eye is least sensitive to the blueness (B) in rgb space, therefore the present embodiment can choose B byte and carry out steganography. Specific method is to write embedded information in the B byte of image pixel successively for unit according to bit.

2) when the principle of DCT methods is that digital watermarking adds watermark or steganography information in a frequency domain, by the figure of dct transform As data HFS energy very little, most of energy of original image is in Low Medium Frequency part, so generally embedding a watermark into Into the low frequency coefficient of image, the equalization point between the invisibility of watermark and robustness can be met.In the present embodiment, pin YIQ spaces are transformed to by rgb space by image to coloured image, take out monochrome information Y-component therein, to Y points extracted Amount carries out one-level wavelet decomposition, takes its low frequency part and by its piecemeal：Dct transform is carried out to each block image, converted DC components afterwards, then watermark or steganography information are write into DC components, DCT inverse transformations and inverse wavelet transform are then carried out, is obtained To new Y-component, new Y-component reverts to rgb space with reference to original IQ components.

For Voice ＆ Video, also with DCT principle, write information into video and the low frequency component of audio, from And reach the purpose of Information hiding.

By the way that the document form of decruption key is determined, corresponding extraction port is recycled to obtain the content of decruption key.

The determination process of above-mentioned decruption key, decruption key can be stored in an independent file, by upper State determination method can and obtain decruption key to independent file.In another embodiment, decruption key It can also be stored in multiple files, only read all related files simultaneously, can just obtain the complete interior of decruption key Hold.

In addition, the decruption key for determining to obtain can also be can be from decryption by encryption, Video service end 100 in itself The mark of the bright close state of key storage is determined in the configuration file of key, if key is ciphertext form, needs to use configuration The decruption key file of reading is decrypted key in file again, obtains not by the decruption key of encryption.

Step S103, using at least one decipherment algorithm and at least one decruption key to the power by encryption Limit information is decrypted at least once, the authority information after being decrypted.

After decipherment algorithm and decruption key being obtained by abovementioned steps, you can solved using decipherment algorithm and decruption key Close computing, the authority information by encryption is decrypted, the authority information after being decrypted.

It should be noted that the videoconference client 200 can be by the video data of request with the power by encryption Limit information is sent to the Video service end 100 in the lump.When authority information is decrypted, the video can also be first judged Whether the video data that client 200 is asked is default emphasis video, if default emphasis video, then calls standby decryption Key carries out standby decryption to the authority information by encryption, obtains the authority information by standby decryption.To by standby Secondary decryption is carried out again with the authority information of decryption.

Authority information corresponding to the default emphasis video of video data asked videoconference client 200 is decrypted Situation, can be before the step of normally decrypt.By the standby decryption to authority information corresponding to emphasis video, obtain The normal authority information by encryption.Normally solved in the decipherment algorithm and decruption key obtained using above-mentioned determination It is close, the authority information after being decrypted.

Emphasis video refers to be considered as business or the higher video content of social value, and Video service end 100 can root The species of video content is set according to preset rules, and it is emphasis video that some video contents, which are sorted out, is asked in videoconference client 200 Video content when being emphasis video, carry out the process of above-mentioned standby decryption, the authority information after normally being decrypted.

Step S104, judges whether the authority information after decryption meets preparatory condition, if meeting preparatory condition, the video Service end 100 is by the Authority Verification of the videoconference client 200, using the operation according to videoconference client 200 as video consumer End 200 provides Video service.

The key file version information for adding plaintext can be included in authority information.Can in authority information after decryption With comprising the key file version information, if the key file version information decrypted is not form as defined in system and interior Hold, then judge decryption failure, authority information differentiates failure.If key file version information is the content of legacy version, video clothes Business end 100 can notify client that key updating is encrypted, if be updated successfully, videoconference client 200 is added using new Key forms new authority information after authority information is encrypted again, Video service end 100 is entered to new authority information again Authority discriminating is carried out again after row decryption.If encryption key renewal failure, then it is assumed that the authority information of videoconference client 200 differentiates Failure.

In addition, the authority information after the decryption can also include client code, the client of the videoconference client 200 Hold the temporal information at the Video service end 100 of version information, the summary info of encryption key and the transmission of the videoconference client 200 At least one of, the authority information after decryption, which meets preparatory condition, to be determined according to following several ways：

Determine that the client code meets default system regulation；

Determine the client release information terminal corresponding with used Encryption key file of the videoconference client 200 Version is consistent；

Determine the summary info of the summary info of the encryption key and the decruption key file at the Video service end 100 Unanimously；And

Determine the temporal information at the Video service end 100 that the videoconference client 200 is sent and the Video service end 100 Current time differ within preset duration.Such as can preset, if the video that the videoconference client 200 is sent The temporal information of service end 100 is differed within 3 seconds with the current time at the Video service end 100, then it is assumed that authority information Differentiate successfully.

As it was previously stated, in order to prevent rounding error, multiple decipherment algorithms and corresponding multiple decruption keys can be obtained, are made The authority information after multiple decryption can be obtained with multiple decipherment algorithms and multiple decruption keys.If the authority after multiple decryption There is one to pass through above-mentioned judgement in information, then it is assumed that the authority information is correct authority information.

If the authority that the authority information that videoconference client 200 is sent has passed through Video service end 100 differentiates, video clothes Business end 100 can be that videoconference client 200 provides normal Video service.If authority differentiates failure, Video service end 100 can The Video service for reducing code check or the Video service for providing limitation duration can either be provided by providing Video service with refusal.

In another embodiment, the Video service end 100 can also be according to default renewal Policy Updates institute State decipherment algorithm and decruption key.It is understood that Video service end 100 can preset a renewal time point, at this Renewal time point is updated to decipherment algorithm and decruption key.For example, can be in the zero point of monthly 1 day from decruption key file Several decruption key renewals are randomly selected in storehouse into currently used key file.Simultaneously can more new key version information and Key file summary info.Meanwhile several new decruption keys can be randomly selected, and mend using current time as random number seed It is charged in decruption key library.By the renewal to decipherment algorithm and decruption key, can further lifting system safety Property, improve the difficulty being cracked.

The authority discrimination method that Internet video provided in an embodiment of the present invention accesses, can be by videoconference client 200 The authority information of transmission is differentiated, by decipherment algorithm and decruption key corresponding to advance rule determination, is realized to authority The decryption of information, and when authority information after decryption meets preparatory condition, define the competence and differentiate successfully.Authority discrimination process In, it is not necessary to user carries out account registration using videoconference client 200 in advance, improves Consumer's Experience.Meanwhile authority information Decryption needs just obtain correct authority information using correct decipherment algorithm and decruption key simultaneously, avoids communication process The middle risk cracked by packet capturing analysis.Also, decipherment algorithm and decruption key are separate, are cracked even in one of both In the case of, remain to by another Preservation tactics ensure system security.

Second embodiment

The authority discrimination method that above-mentioned Internet video accesses is the discrimination method applied to Video service end 100, accordingly Videoconference client 200 also needs to that authority information is encrypted.The embodiment of the present invention additionally provides a kind of rights encryption method, should For videoconference client 200, as shown in figure 4, this method comprises the following steps.

Step S201, defined the competence at least one AES corresponding to information and at least one encryption according to preset rules Key.

As it was previously stated, videoconference client 200 can regard this when sending Video service request to Video service end 100 Authority information corresponding to frequency client 200 is sent to Video service end 100.And the authority information sent is by encryption.

Detailed, the videoconference client 200 is configured with multiple AESs and multiple encryption keys, the preset rules Including at least one of temporal information and communication interaction information, the step of being encrypted such as Fig. 5, specifically includes following sub-step.

Sub-step S211, AES is determined according at least one of the temporal information and communication interaction information, its In, time value that the temporal information determines for the Video service end 100 according to current time information.

The determination of algorithm can be decrypted in Video service end 100 according to temporal information and communication interaction information, accordingly, The determination of algorithm can also be encrypted in videoconference client 200 according to temporal information and communication interaction information.

Videoconference client 200 when determining encryption method according to temporal information, make by the number of seconds and 3 that can use current time Complementation, AES-128 is selected if result is 0, and as AES, selection AES-192, which is used as, if result is 1 adds Close algorithm, AES-256 is selected if result is 2 as AES.Other forms can certainly be used to temporal information Computing determine to select any algorithm as AES.

When determining AES using communication interaction information, communication interaction information can be Video service end 100 with regarding The relevant information to be communicated between frequency client 200.Before communication interaction information can include authority discriminating, Video service end 100 is sent out Deliver to the initial rights information of videoconference client 200, the connection after videoconference client 200 starts with Video service end 100 is shaken hands Detection that information, videoconference client 200 and Video service end 100 are mutually sent or data message etc., and communication interaction is believed In breath can including executable program etc. program language.

Algorithm timing really, the Video service end 100 is encrypted in the information included in using initial rights information Initial rights information (A_auth) can be sent in advance to videoconference client 200, can be wrapped in A_auth during the initial rights are believed Containing herein below：

I. the temporal information that Video service end 100 obtains；

Ii. authority information logic loops displacement mark, i.e., carry out ring shift left or ring shift right computing by authority information After re-encrypt processing；

Iii. authority information mathematics plus-minus mark, i.e., re-encrypted after authority information being carried out into mathematics plus and minus calculation with certain numeral Processing；

Iv. version and other data messages.

The determination of algorithm can be encrypted in videoconference client 200 by being instructed shown in above-mentioned initial rights information.

In addition, videoconference client 200 can also pre-establish the corresponding relation of communication interaction information and AES, pass through The communication interaction information of determination can determine that corresponding AES.Such as can be default according to what is included in communication interaction information Fixed data determine corresponding to AES.For example, if the numerical value of a certain fixed data is 0, it is determined that AES-128 is to add Close algorithm.If the numerical value of the fixed data is 1, it is determined that AES-192 is AES.If the numerical value of the fixed data is 2, it is determined that AES-256 is AES.

In addition, the executable program for including the AES can also be included in communication interaction information.Now, true When determining AES, interpreter corresponding with the executable program can be called to perform at least one in the executable program Part, can partly or entirely being performed using the executable program as AES.Executable program can be The sentence of the scripts such as Python, Lua, Perl, Video service end 100 can call interpreter corresponding with script to hold Sentence in row executable program, sentence information corresponding to the executable program is obtained, using the sentence information as the encryption At least a portion of algorithm.

For example, after performing obtained sentence information be by after authority information and the initial rights information pre-set splicing with Encryption key makees circulation XOR.Action of the can using the action of this information as AES.Or after execution Obtained sentence information is to regard sentence data message in itself as AES, now, it is possible to using the sentence as integrally Encryption method use.

By the above method can determine corresponding to AES.It is understood that Video service end 100 is right in advance Can be that encryption key configures replacement cycle D when AES and encryption key are configured, and can be using C1, C2 to be default Coefficient is encrypted, encryption coefficient can be as the parameter preset for carrying out associated encryption computing.

Sub-step S212, the encryption key is determined according at least one of the temporal information and communication interaction information Corresponding cipher key index number, determined according to the cipher key index number from the multiple encryption key corresponding with the cipher key index number Encryption key.

The encryption of authority information not only needs AES, it is also necessary to encryption key.Because the quantity of encryption key is more, Each encryption key can be pre-configured with a corresponding cipher key index number, according to the cipher key index number of encryption key, it is possible to Find corresponding encryption key.The length of encryption key corresponding to different AESs is different.For example, in key file length When being fixed as 65536 byte, using different decipherment algorithms, the number of keys that this document includes also differs.Such as using When AES-128 is as AES, its decruption key quantity is 4096.When using AES-192 as AES, decryption is close Key quantity is 2730.When using AES-256 as AES, number of keys can be 2048.Encryption key can configure There is encryption key characteristic, the encryption key characteristic includes encryption key number, AES coefficient and encryption key At least one parameter in module release information.

, can be with usage time information combination decruption key when information determines the cipher key index of encryption key between when in use Characteristic computing obtains the cipher key index number of decruption key.It is for instance possible to use current time was relative on January 1st, 1970 Number of seconds, the cipher key index number of decruption key is calculated by preset formula.Preset formula can be：(((T/D)^C1)+ C2) %S, wherein, T be relative to 1970.1.1 number of seconds, D be current version decruption key module release information, Ke Yiwei Decruption key default replacement cycle, C1, C2 are default decryption coefficient, and S is the number of decruption key.Temporal information is once true It is fixed, it is possible to realize uniquely determining for AES and encryption key.

When determining encryption key using communication interaction information, can directly include in the data field of communication interaction information The cipher key index number of encryption key, by the cipher key index number in data field, it is determined that corresponding encryption key.

Further, it is also possible to key rope is obtained by the data combining encryption cipher key feature data operation in communication interaction information Quotation marks.Such as the data in communication interaction information are X, then it can be used formula (((X/D) ^C1+C2) %S) that encryption is calculated close The cipher key index number of key.

Different encryption keys uses different primitive polynomials and forming initial fields pseudo-random sequence, can be handed over by communicating The primitive polynomial and forming initial fields pseudo-random sequence of data combination cipher key module in mutual information obtain cipher key index number, example Such as, using Gold sequence algorithm by primitive polynomial and initial value pseudo-random sequence, the data in communication interaction information indicate it is pseudo- with Element in machine sequence is as cipher key index number.

In another optional embodiment, can also the mark that provides of the key file according to corresponding to encryption key carry out The determination of encryption method and key, such as set AES operation token on the key file head of encryption key.According to this AES and encryption key corresponding to the determination of AES operation token.

In another embodiment, the encryption key can also be at least one data file, the number of camouflage Word bearer documents or digital media file, allocating conventional cipher key interface, camouflage is now just needed to read interface, digital watermarking extraction Interface or steganography contents extraction interface read at least one data file, the digital carrier file of camouflage or numeral Media file obtains the content of the encryption key.

Encryption key used in encryption can be stored in the file of client 200 or from Video service end 100 fresh informations sent obtain in data-message, or Video service end 100 is by encryption key digital watermarking or numeral Steganographic algorithm is added in the advertisement picture before emphasis video playback, advertisement video or audio, and videoconference client 200 is playing phase , can be from advertisement with digital watermarking or steganography algorithm extraction encryption key while closing ad content.It is detailed, can be with Connect referring to interface, digital watermarking extraction interface or steganography contents extraction is read above by regular key interface, camouflage Mouth determines the process of decruption key, repeats no more here.

The determination process of above-mentioned encryption key, encryption key can be stored in an independent file, by upper State determination method can and obtain encryption key to independent file.In another embodiment, encryption key It can also be stored in multiple files, only read all related files simultaneously, can just obtain the complete interior of encryption key Hold.

It is determined that obtained encryption key can also be can be from encryption key by encryption, videoconference client 200 in itself Configuration file in determine the bright close state of key storage mark, if key is ciphertext form, need to use configuration file In key the Encryption key file of reading is decrypted, the encryption key after being decrypted.

Step S202, the authority information is carried out using at least one AES and at least one encryption key Encrypt at least once, the authority information after being encrypted.

Step S203, the authority information after the encryption is sent to Video service end 100.

After AES corresponding to being determined by the above method and encryption key, you can according to the computing of AES Authority information is encrypted for mode, combining encryption key.And transmit the authority information after encryption to Video service end 100, The authority information after encryption is decrypted again by Video service end 100, to continue authority discriminating.

Videoconference client 200 can generate the summary of key file, by client code, client terminal version information, Key file summary info and the temporal information of current video service end 100 of acquisition composition authority information, authority information can be with Spliced according to after the encryption method progress computing in the initial rights information A_auth being previously obtained with A_auth, to splicing Information afterwards is generated in cipher-text information B_auth, B_auth using the encryption method encryption determined and adds encryption of plaintext key C_auth, is added in the Http requests of video playback thereafter by the authority information C_auth after file version information generation encryption It is sent to Video service end 100.The summary of Encryption key file can be key file the 1024th -1027,1666-1669, 16 bytes of 10000-10003,28128-28131 position composition.Can certainly be other byte informations.

In another specific embodiment mode, the rights encryption method can also include right according to default renewal rule The AES and encryption key are updated.

In the present embodiment, the application program of directly renewal videoconference client 200 can realize that videoconference client 200 is encrypted The renewal of algorithm and encryption key, Video service end 100 send the fresh information of encryption/decryption module 103 or data-message to video visitor Family end 200, the renewal of algorithm and encryption is encrypted.

The renewal of client key module, the cipher key module fresh information or data that key file can be sent by service end Message, carry out the renewal of key file, while the version information in more new configuration file., can in an optional embodiment In image, audio or video that the key file of renewal is put into client terminal start-up picture with digital steganography method.Work as visitor When family end starts, current client key version information is added in the connection handshaking information with service end；If there is new key New key file is added in client terminal start-up picture and is sent to client by version, service end with digital steganography method, visitor Family end carries out the renewal work of key while start picture is shown.

Rights encryption method provided in an embodiment of the present invention, using AES and encrypted close by videoconference client 200 Authority information can be encrypted for key so that send authority information to Video service end 100 be by encryption, even in It is intercepted in transmitting procedure, the difficulty being cracked is also very big, improves the security of Video service.AES and encryption key phase It is mutually independent, in the case that one of both is cracked, remain to ensure by another encryption policy the security of system. In ciphering process, account name, password or other identity informations are inputted without user, avoids causing information leakage, further carries The security of high Video service.Meanwhile the step of carrying out Account Registration without user, lift Consumer's Experience.

3rd embodiment

The embodiment of the present invention additionally provides a kind of authority identification device 10, applied to Video service end 100, as shown in fig. 6, The authority identification device 10 includes data obtaining module 101, decipherment algorithm and key determining module 102, deciphering module 103 and mirror Other module 104.

Data obtaining module 101, for receiving the authority information by encryption of the transmission of videoconference client 200；

Decipherment algorithm and key determining module 102, for determining the authority information by encryption according to preset rules Corresponding at least one decipherment algorithm and at least one decruption key；

Deciphering module 103, for utilizing at least one decipherment algorithm and at least one decruption key to the process The authority information of encryption is decrypted at least once, the authority information after being decrypted；

Identification module 104, judge decryption after authority information whether meet preparatory condition, if meeting preparatory condition, regarding Frequency service end 100 is by the Authority Verification of the videoconference client 200, using the operation according to videoconference client 200 as video visitor Family end 200 provides Video service.

Detailed, the Video service end 100 includes multiple decipherment algorithms and multiple decruption keys, the preset rules bag At least one of temporal information and communication interaction information are included, wherein, decipherment algorithm and the key determining module 102 is according to pre- If rule determines the method for at least one decipherment algorithm and at least one decruption key corresponding to the authority information for passing through encryption Including：

Decipherment algorithm is determined according at least one of the temporal information and communication interaction information, wherein, the time The time value that information determines for the Video service end 100 according to current time information；

The key according to corresponding at least one of the temporal information or communication interaction information determine the decruption key Call number, determine that decryption corresponding with the cipher key index number is close from the multiple decruption key according to the cipher key index number Key.Detailed, it may refer to above-mentioned steps S121 and step S122 description.

Further, decipherment algorithm and the key determining module 102 is according to the temporal information or the communication interaction At least one of information determines that the method for cipher key index number corresponding to the decruption key includes：

Decruption key characteristic fortune is combined according at least one of the temporal information and the communication interaction information Calculate and generate the cipher key index number, wherein, the decruption key characteristic includes decruption key number, decryption coefficient and decryption At least one parameter in cipher key module version information.

Further, different decruption keys uses different primitive polynomials and forming initial fields pseudo-random sequence, described Decipherment algorithm and key determining module 102 determine institute according at least one of the temporal information and the communication interaction information Stating the method for cipher key index number corresponding to decruption key includes：

Cipher key index of the data as the decruption key in the pseudo-random sequence is selected according to the temporal information Number；Or

Data field in the communication interaction information selects the data in the pseudo-random sequence as the solution The cipher key index number of key.Detailed, it may refer to the description of above method embodiment.

Further, the communication interaction information includes the executable program for including the decipherment algorithm, and the decryption is calculated Method and key determining module 102 method of decipherment algorithm according to corresponding to determining the communication interaction information include：

Call interpreter corresponding with the executable program to perform at least a portion in the executable program, obtain Sentence information corresponding to the executable program, at least a portion using the sentence information as the decipherment algorithm.Detailed, can With referring to the description of above method embodiment.

Further, the authority information after the decryption includes the client code of the videoconference client 200, client In the temporal information at the Video service end 100 that version information, the summary info of encryption key and the videoconference client 200 are sent At least one, the preparatory condition includes：

Client code meets default system regulation；

The client release information terminal versions corresponding with used Encryption key file of the videoconference client 200 Unanimously；

The summary info one of the summary info of the encryption key and the decruption key file at the Video service end 100 Cause；And

The temporal information at the Video service end 100 that the videoconference client 200 is sent is worked as with the Video service end 100 Preceding time phase difference is within preset duration.Detailed, it may refer to the description of step S104 in above method embodiment.

Further, the authority identification device also includes：Decruption key update module, for regular more according to default renewal The new decipherment algorithm and decruption key.

Further, authority information one of the videoconference client 200 by the video data of request with the process encryption And send to the Video service end 100；The identification module 104 is additionally operable to：

Judge whether the video data that the videoconference client 200 is asked is default emphasis video, if default heavy Point video, call standby decruption key to carry out standby decryption to the authority information by encryption, obtain by standby decryption Authority information；

Secondary decryption is carried out to the authority information Jing Guo standby decryption.

Further, the decruption key is at least one data file, the digital carrier file or Digital Media of camouflage File, the deciphering module 103 is at least one solution corresponding to the authority information for determining the process encryption according to preset rules After close algorithm and at least one decruption key, it is additionally operable to：

Allocating conventional cipher key interface, camouflage read interface, digital watermarking extraction interface or steganography contents extraction and connect Mouth reads at least one data file, the digital carrier file of camouflage or digital media file and obtains the decruption key Content.

Fourth embodiment

The embodiment of the present invention additionally provides a kind of rights encryption device 20, applied to videoconference client 200, as shown in fig. 7, The rights encryption device 20 includes：AES and key determining module 201, encrypting module 202 and transport module 203.

AES and key determining module 201, it is at least one corresponding to information for being defined the competence according to preset rules AES and at least one encryption key.Detailed, it may refer to above-mentioned steps S201 description.

Encrypting module 202, for utilizing at least one AES and at least one encryption key to the authority Information is encrypted at least once, the authority information after being encrypted.Detailed, it may refer to above-mentioned steps S202 description.

Transport module 203, for the authority information after the encryption to be sent to Video service end 100.It is detailed, can be with Referring to above-mentioned steps S203 description.

Further, the videoconference client 200 is configured with multiple AESs and multiple encryption keys, the default rule Then include at least one of temporal information and communication interaction information, wherein, AES and the key determining module 201 Include according to the preset rules method of at least one AES and at least one encryption key corresponding to information that defines the competence：

AES is determined according at least one of the temporal information and communication interaction information, wherein, the time The time value that information determines for the Video service end 100 according to current time information；

The key according to corresponding at least one of the temporal information and communication interaction information determine the encryption key Call number, determine that encryption corresponding with the cipher key index number is close from the multiple encryption key according to the cipher key index number Key.

Further, AES and the key determining module 201 is according to the temporal information and the communication interaction At least one of information determines that the method for cipher key index number corresponding to the encryption key includes：

Transported according at least one of the temporal information and the communication interaction information combining encryption cipher key feature data Calculate and generate the cipher key index number, wherein, the encryption key characteristic include encryption key number, AES coefficient and At least one parameter in encryption key module release information.

Further, different encryption keys uses different primitive polynomials and forming initial fields pseudo-random sequence, according to At least one of the temporal information or the communication interaction information determine cipher key index number corresponding to the encryption key Step includes：

Cipher key index of the data as the encryption key in the pseudo-random sequence is selected according to the temporal information Number；Or

According to or the communication interaction information in data field select the data in the pseudo-random sequence to be used as described in The cipher key index number of encryption key.

Further, the communication interaction information includes the executable program for including the AES, and the encryption is calculated Method and key determining module 201 method of AES according to corresponding to determining the communication interaction information include：

Call interpreter corresponding with the executable program to perform at least a portion in the executable program, obtain Sentence information corresponding to the executable program, using the sentence information as at least a portion with AES.

Further, the rights encryption device 20 also includes：

Encryption key update module, for being carried out more to the AES and encryption key according to default renewal rule Newly.

Further, the encryption key is at least one data file, the digital carrier file or Digital Media of camouflage File, AES and the key determining module 201 define the competence at least one encryption corresponding to information according to preset rules After algorithm and at least one encryption key, it is additionally operable to：

Allocating conventional cipher key interface, camouflage read interface, digital watermarking extraction interface or steganography contents extraction and connect Mouth reads at least one data file, the digital carrier file of camouflage or digital media file and obtains the encryption key Content.

5th embodiment

The embodiment of the present invention additionally provides a kind of authority identification system, then as shown in figure 1, including the He of Video service end 100 Videoconference client 200, wherein, the videoconference client 200 includes：

AES and key determining module 201, it is at least one corresponding to information for being defined the competence according to preset rules AES and at least one encryption key；

Encrypting module 202, for utilizing at least one AES and at least one encryption key to the authority Information is encrypted at least once, the authority information after being encrypted；And

Transport module 203, for the authority information after the encryption to be sent to Video service end 100；

The Video service end 100 includes：

Deciphering module 103, for utilizing at least one decipherment algorithm and at least one decruption key to the process The authority information of encryption is decrypted at least once, the authority information after being decrypted；And

The deciphering module 103 at Video service end 100 can include dynamic link library file, configuration file in the present embodiment And script file.

Wherein, dynamic link library file can contain decipherment algorithm, can also complete digital watermarking and add and extract calculation The realization of method, the realization of steganography algorithm, and the realization of key generation method, it can be ended up in RHEL 7.0 with so Document form；

Configuration file can contain the storage for each version client encryption/decryption parameter of different platform, in the present embodiment In i.e. encryption and decryption coefficient C1, C2 and current version key replacement cycle D.Contain the version information and summary of each key file Information, in favor of the quick indexing of key file.The storage of the bright ciphertext state of each key file is contained, if ciphertext The key file of form storage, further comprises 128 keys corresponding to decipherment algorithm；In the present embodiment in the form of XML file Storage.

Script file can be stored in the form of Python script files in the present embodiment.Include following functions：

Differentiate the function of client-class, version and used encipher-decipher method；

With the authority information preprocessing function sent to client, the cipher text part in authority information is differentiated, in dynamic After the completion of chained library file decryption, the checking of client jurisdiction information is carried out；

Key updating function, key updating current key text is read from spare key file according to certain pre-defined rule The key of each terminal latest edition in part；

According to the information of the transmission of client, client more new key is notified, and with plaintext or call dynamic link library Key is converted into ciphertext or steganography form, new key file is sent to client；

Auxiliary key systematic function, after completing a key updating, calling dynamic link library one group of new key of generation, and It is added in spare key file.

The decipherment algorithm and key determining module 102 at Video service end 100 are with 7.0 times data files of RHEL or configuration The form storage of file, due to supporting a variety of client terminals, and each version or terminal use different key files, because There are multiple different key files in this, key file is stored in the form of XML file in the present embodiment, and every kind of terminal takes one Individual XML file, the encryption key and current encryption key of this client terminal current version are contained in each XML file The primitive polynomial and initial value used, the primitive polynomial of different encryption keys are different with initial value.In addition, decipherment algorithm and close Key determining module 102 also includes spare key file, the backup keys that spare key file includes being used for updating current key with And the key for emphasis video playback, the quantity of backup keys can be at present with more than 10 times of terminal type, to preceding The authority information in the request of emphasis video playback described in face is in addition to carrying out conventional encryption, it is also necessary to carry out secondary encryption, two The key of secondary encryption is playing forward pass to client.It is close that emphasis video is randomly assigned a secondary encryption when creating, by system Key.

Videoconference client 200 can be android, IOS, Windows, the application program run on (SuSE) Linux OS, Can also be the program and component run in browser, different platform calls encrypting module 202 and using Encryption key file Mechanism is identical, except that：Operation platform is different, encipher-decipher method and parameter difference, the cipher key module used of use It is different.

Encrypting module 202 can include encryption function component and configuration file.

Encryption function component is combined together with Internet video client 200 in System build in the present embodiment, bag The realization of AES, digital watermarking addition and the realization of extraction algorithm, the realization of steganography algorithm, and key text are contained Interface is read in the camouflage of part.

Configuration file can include the storage form of Encryption key file, i.e., the digital carrier file of data file camouflage or Person carries the digital media file of key.Encryption and decryption coefficient C1, C2 corresponding to this terminal versions and current version key change week Phase D.The version information of key file can also be contained.And the storage of the bright ciphertext state comprising Encryption key file, such as Fruit is the key of AES ciphertext forms storage, can also contain 128 keys corresponding to aes algorithm.In the present embodiment with XML file form stores.

The embodiments of the invention provide a kind of authority identification system, by encryption of the videoconference client 200 to authority information, Again by decryption of the Video service end 100 to the authority information after encryption, the risk that packet capturing analysis cracks can be avoided passing through.And And AES, encryption key, decipherment algorithm, decruption key are all separate, in the case of being cracked one of wherein, Remain to ensure by other Preservation tactics the security of system.In authority discrimination process, Account Registration etc. is carried out without user Step, lift user experience.

The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims

A kind of 1. authority discrimination method that Internet video accesses, applied to Video service end, it is characterised in that this method includes：

Receive the authority information by encryption that videoconference client is sent；

At least one decipherment algorithm and at least one solution according to corresponding to preset rules determine the authority information by encryption Key；

The authority information by encryption is carried out using at least one decipherment algorithm and at least one decruption key to It is few once to decrypt, the authority information after being decrypted；

Judge whether the authority information after decryption meets preparatory condition, if meeting preparatory condition, pass through at Video service end described The Authority Verification of videoconference client, Video service is provided as videoconference client using the operation according to videoconference client.
2. the authority discrimination method that Internet video according to claim 1 accesses, it is characterised in that the Video service end Including multiple decipherment algorithms and multiple decruption keys, the preset rules are included in temporal information and communication interaction information at least One kind, wherein, at least one decipherment algorithm and at least one corresponding to the authority information for determining process encryption according to preset rules The step of individual decruption key, includes：

Decipherment algorithm is determined according at least one of the temporal information and communication interaction information, wherein, the temporal information The time value determined for the Video service end according to current time information；

The cipher key index according to corresponding at least one of the temporal information or communication interaction information determine the decruption key Number, decruption key corresponding with the cipher key index number is determined from the multiple decruption key according to the cipher key index number.
3. the authority discrimination method that Internet video according to claim 2 accesses, it is characterised in that believed according to the time At least one of breath or the communication interaction information determine that the step of cipher key index corresponding to the decruption key includes：

Decruption key characteristic computing life is combined according at least one of the temporal information and the communication interaction information Into the cipher key index number corresponding with the decruption key, wherein, the decruption key characteristic includes decruption key At least one parameter in number, decryption coefficient and decryption cipher key module version information.
4. the authority discrimination method that Internet video according to claim 2 accesses, it is characterised in that different decruption keys Using different primitive polynomials and forming initial fields pseudo-random sequence, according in the temporal information and the communication interaction information At least one the step of determining cipher key index corresponding to the decruption key include：

Cipher key index number of the data as the decruption key in the pseudo-random sequence is selected according to the temporal information；Or Person

Data field in the communication interaction information selects the data in the pseudo-random sequence close as the decryption The cipher key index number of key.
5. the authority discrimination method that Internet video according to claim 2 accesses, it is characterised in that the communication interaction letter Breath includes the executable program for including the decipherment algorithm, the step of decipherment algorithm according to corresponding to determining the communication interaction information Suddenly include：

Interpreter corresponding with the executable program is called to perform at least a portion in the executable program, obtaining this can Sentence information corresponding to configuration processor, at least a portion using the sentence information as the decipherment algorithm.
6. the authority discrimination method that Internet video according to claim 1 accesses, it is characterised in that the power after the decryption The client code of limit information including the videoconference client, client release information, the summary info of encryption key and described At least one of temporal information at Video service end that videoconference client is sent, the preparatory condition includes：

Client code meets default system regulation；

The client release information terminal versions corresponding with used Encryption key file of the videoconference client are consistent；

The summary info of the encryption key is consistent with the summary info of the decruption key file at the Video service end；And

The temporal information at the Video service end that the videoconference client is sent differs with the current time at the Video service end Within preset duration.
7. the authority discrimination method that Internet video according to claim 1 accesses, it is characterised in that this method also includes：

The Video service end decipherment algorithm and decruption key according to default renewal Policy Updates.
8. the authority discrimination method that Internet video according to claim 1 accesses, it is characterised in that the videoconference client The video data of request is sent to the Video service end in the lump with the authority information by encryption；This method is also wrapped Include:

Whether the video data for judging videoconference client request is default emphasis video, if default emphasis video, Call standby decruption key to carry out standby decryption to the authority information by encryption, obtain the authority letter by standby decryption Breath；

Secondary decryption is carried out to the authority information Jing Guo standby decryption.
9. the authority discrimination method that Internet video according to claim 1 accesses, it is characterised in that the decruption key is At least one data file, the digital carrier file or digital media file of camouflage, the process is being determined according to preset rules After the step of at least one decipherment algorithm corresponding to the authority information of encryption and at least one decruption key, this method is also wrapped Include：

Allocating conventional cipher key interface, camouflage read interface, digital watermarking extraction interface or steganography contents extraction interface and read At least one data file, the digital carrier file of camouflage or digital media file is taken to obtain the interior of the decruption key Hold.
A kind of 10. rights encryption method, applied to videoconference client, it is characterised in that this method includes：

Defined the competence at least one AES corresponding to information and at least one encryption key according to preset rules；

The authority information is encrypted at least once using at least one AES and at least one encryption key, Authority information after being encrypted；

Authority information after the encryption is sent to Video service end.
11. rights encryption method according to claim 10, it is characterised in that the videoconference client is configured with multiple add Close algorithm and multiple encryption keys, the preset rules include at least one of temporal information and communication interaction information, wherein, According to preset rules define the competence at least one AES corresponding to information and at least one encryption key the step of include：

AES is determined according at least one of the temporal information and communication interaction information, wherein, the temporal information The time value determined for the Video service end according to current time information；

The cipher key index according to corresponding at least one of the temporal information and communication interaction information determine the encryption key Number, encryption key corresponding with the cipher key index number is determined from the multiple encryption key according to the cipher key index number.
12. rights encryption method according to claim 11, it is characterised in that according to the temporal information and the communication At least one of interactive information determines that the step of cipher key index corresponding to the encryption key includes：

Given birth to according at least one of the temporal information and the communication interaction information combining encryption cipher key feature data operation Into the cipher key index number corresponding with the encryption key, wherein, the encryption key characteristic includes encryption key At least one parameter in number, AES coefficient and encryption key module release information.
13. rights encryption method according to claim 11, it is characterised in that different encryption keys uses different sheets Former multinomial and forming initial fields pseudo-random sequence, it is true according at least one of the temporal information or the communication interaction information Include corresponding to the fixed encryption key the step of cipher key index：

Cipher key index number of the data as the encryption key in the pseudo-random sequence is selected according to the temporal information；Or Person

According to or the communication interaction information in data field select the data in the pseudo-random sequence as the encryption The cipher key index number of key.
14. rights encryption method according to claim 11, it is characterised in that the communication interaction information includes including institute The executable program of AES is stated, is included according to corresponding to determining the communication interaction information the step of AES：

Interpreter corresponding with the executable program is called to perform at least a portion in the executable program, obtaining this can Sentence information corresponding to configuration processor, using the sentence information as at least a portion with AES.
15. rights encryption method according to claim 10, it is characterised in that this method also includes：

The AES and encryption key are updated according to default renewal rule.
16. rights encryption method according to claim 10, it is characterised in that the encryption key is at least one data File, the digital carrier file or digital media file of camouflage, define the competence at least one corresponding to information according to preset rules After the step of AES and at least one encryption key, this method also includes：

Allocating conventional cipher key interface, camouflage read interface, digital watermarking extraction interface or steganography contents extraction interface and read At least one data file, the digital carrier file of camouflage or digital media file is taken to obtain the interior of the encryption key Hold.
17. the authority identification device that a kind of Internet video accesses, applied to Video service end, it is characterised in that the authority differentiates Device includes：

Data obtaining module, for receiving the authority information by encryption of videoconference client transmission；

Decipherment algorithm and key determining module, for according to preset rules determine it is described by encryption authority information corresponding to extremely A few decipherment algorithm and at least one decruption key；

Deciphering module, for passing through the power encrypted to described using at least one decipherment algorithm and at least one decruption key Limit information is decrypted at least once, the authority information after being decrypted；

Identification module, judges whether the authority information after decryption meets preparatory condition, if meeting preparatory condition, at Video service end By the Authority Verification of the videoconference client, Video service is provided as videoconference client using the operation according to videoconference client.
18. authority identification device according to claim 17, it is characterised in that the Video service end includes multiple decryption Algorithm and multiple decruption keys, the preset rules include at least one of temporal information and communication interaction information, wherein, institute State decipherment algorithm and key determining module at least one solution according to corresponding to the authority information that preset rules determine process encryption The method of close algorithm and at least one decruption key includes：

Decipherment algorithm is determined according at least one of the temporal information and communication interaction information, wherein, the temporal information The time value determined for the Video service end according to current time information；

The cipher key index according to corresponding at least one of the temporal information or communication interaction information determine the decruption key Number, decruption key corresponding with the cipher key index number is determined from the multiple decruption key according to the cipher key index number.
19. authority identification device according to claim 18, it is characterised in that decipherment algorithm and the key determining module The cipher key index according to corresponding at least one of the temporal information or the communication interaction information determine the decruption key Number method include：

Decruption key characteristic computing life is combined according at least one of the temporal information and the communication interaction information Into the cipher key index number, wherein, the decruption key characteristic includes decruption key number, decryption coefficient and decruption key At least one parameter in module release information.
20. authority identification device according to claim 18, it is characterised in that different decruption keys uses different sheets Former multinomial and forming initial fields pseudo-random sequence, decipherment algorithm and the key determining module is according to the temporal information and described At least one of communication interaction information determines that the method for cipher key index number corresponding to the decruption key includes：

Cipher key index number of the data as the decruption key in the pseudo-random sequence is selected according to the temporal information；Or Person

Data field in the communication interaction information selects the data in the pseudo-random sequence close as the decryption The cipher key index number of key.
21. authority identification device according to claim 18, it is characterised in that the communication interaction information includes including institute The executable program of decipherment algorithm is stated, decipherment algorithm and the key determining module determines corresponding according to the communication interaction information The method of decipherment algorithm include：

Interpreter corresponding with the executable program is called to perform at least a portion in the executable program, obtaining this can Sentence information corresponding to configuration processor, at least a portion using the sentence information as the decipherment algorithm.
22. authority identification device according to claim 17, it is characterised in that the authority information after the decryption includes institute State client code, client release information, the summary info of encryption key and the videoconference client hair of videoconference client At least one of temporal information at Video service end sent, the preparatory condition include：

Client code meets default system regulation；

The client release information terminal versions corresponding with used Encryption key file of the videoconference client are consistent；

The summary info of the encryption key is consistent with the summary info of the decruption key file at the Video service end；And

The temporal information at the Video service end that the videoconference client is sent differs with the current time at the Video service end Within preset duration.
23. authority identification device according to claim 17, it is characterised in that the authority identification device also includes：

Decruption key update module, for decipherment algorithm and decruption key according to default renewal Policy Updates.
24. authority identification device according to claim 17, it is characterised in that the videoconference client is by the video of request Data are sent to the Video service end in the lump with the authority information by encryption；The identification module is additionally operable to：

Whether the video data for judging videoconference client request is default emphasis video, if default emphasis video, Call standby decruption key to carry out standby decryption to the authority information by encryption, obtain the authority letter by standby decryption Breath；

Secondary decryption is carried out to the authority information Jing Guo standby decryption.
25. authority identification device according to claim 17, it is characterised in that the decruption key is at least one data File, the digital carrier file or digital media file of camouflage, the deciphering module are determining the process according to preset rules After at least one decipherment algorithm corresponding to the authority information of encryption and at least one decruption key, it is additionally operable to：

Allocating conventional cipher key interface, camouflage read interface, digital watermarking extraction interface or steganography contents extraction interface and read At least one data file, the digital carrier file of camouflage or digital media file is taken to obtain the interior of the decruption key Hold.
26. a kind of rights encryption device, applied to videoconference client, it is characterised in that the rights encryption device includes：

AES and key determining module, for being defined the competence at least one AES corresponding to information according to preset rules With at least one encryption key；

Encrypting module, for being carried out using at least one AES and at least one encryption key to the authority information Encrypt at least once, the authority information after being encrypted；

Transport module, for the authority information after the encryption to be sent to Video service end.
27. rights encryption device according to claim 26, it is characterised in that the videoconference client is configured with multiple add Close algorithm and multiple encryption keys, the preset rules include at least one of temporal information and communication interaction information, wherein, AES and the key determining module defines the competence at least one AES corresponding to information and extremely according to preset rules The method of a few encryption key includes：

AES is determined according at least one of the temporal information and communication interaction information, wherein, the temporal information The time value determined for the Video service end according to current time information；

The cipher key index according to corresponding at least one of the temporal information and communication interaction information determine the encryption key Number, encryption key corresponding with the cipher key index number is determined from the multiple encryption key according to the cipher key index number.
28. rights encryption device according to claim 27, it is characterised in that AES and the key determining module The cipher key index according to corresponding at least one of the temporal information and the communication interaction information determine the encryption key Number method include：

Given birth to according at least one of the temporal information and the communication interaction information combining encryption cipher key feature data operation Into the cipher key index number, wherein, the encryption key characteristic includes encryption key number, AES coefficient and encryption At least one parameter in cipher key module version information.
29. rights encryption device according to claim 28, it is characterised in that different encryption keys uses different sheets Former multinomial and forming initial fields pseudo-random sequence, it is true according at least one of the temporal information or the communication interaction information Include corresponding to the fixed encryption key the step of cipher key index：

Cipher key index number of the data as the encryption key in the pseudo-random sequence is selected according to the temporal information；Or Person

According to or the communication interaction information in data field select the data in the pseudo-random sequence as the encryption The cipher key index number of key.
30. rights encryption device according to claim 28, it is characterised in that the communication interaction information includes including institute The executable program of AES is stated, AES and the key determining module determines corresponding according to the communication interaction information The method of AES include：

Interpreter corresponding with the executable program is called to perform at least a portion in the executable program, obtaining this can Sentence information corresponding to configuration processor, using the sentence information as at least a portion with AES.
31. rights encryption device according to claim 27, it is characterised in that the rights encryption device also includes：

Encryption key update module, for being updated according to default renewal rule to the AES and encryption key.
32. rights encryption device according to claim 27, it is characterised in that the encryption key is at least one data File, the digital carrier file or digital media file of camouflage, AES and the key determining module is according to preset rules Define the competence after at least one AES corresponding to information and at least one encryption key, be additionally operable to：

Allocating conventional cipher key interface, camouflage read interface, digital watermarking extraction interface or steganography contents extraction interface and read At least one data file, the digital carrier file of camouflage or digital media file is taken to obtain the interior of the encryption key Hold.
A kind of 33. authority identification system, it is characterised in that including Video service end and videoconference client, wherein, the video visitor Family end includes：

AES and key determining module, for being defined the competence at least one AES corresponding to information according to preset rules With at least one encryption key；

Encrypting module, for being carried out using at least one AES and at least one encryption key to the authority information Encrypt at least once, the authority information after being encrypted；And

Transport module, for the authority information after the encryption to be sent to Video service end；

The Video service end includes：

Data obtaining module, for receiving the authority information by encryption of videoconference client transmission；

Decipherment algorithm and key determining module, for according to preset rules determine it is described by encryption authority information corresponding to extremely A few decipherment algorithm and at least one decruption key；

Deciphering module, for passing through the power encrypted to described using at least one decipherment algorithm and at least one decruption key Limit information is decrypted at least once, the authority information after being decrypted；And

Identification module, judges whether the authority information after decryption meets preparatory condition, if meeting preparatory condition, at Video service end By the Authority Verification of the videoconference client, Video service is provided as videoconference client using the operation according to videoconference client.