CN108924596B

CN108924596B - Media data transmission method, device and storage medium

Info

Publication number: CN108924596B
Application number: CN201810986718.0A
Authority: CN
Inventors: 谢志钢; 胡小鹏; 万春雷; 陈冬根
Original assignee: Suzhou Keda Technology Co Ltd
Current assignee: Suzhou Keda Technology Co Ltd
Priority date: 2018-08-28
Filing date: 2018-08-28
Publication date: 2020-11-13
Anticipated expiration: 2038-08-28
Also published as: CN108924596A

Abstract

The application relates to a media data transmission method, a device and a storage medium, belonging to the technical field of communication, wherein the method comprises the following steps: determining an original protocol version number of a transmission protocol used when the target media segment is transmitted; expanding the original protocol version number to obtain an expanded protocol version number; generating a key label according to the process identifier of the expanded encryption process and the key identifier of the encryption key; encrypting the target media segment according to the expansion encryption process and the encryption key to obtain an encrypted media segment; generating a media play list according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; issuing a media playlist and encrypted media segments; the problem that the encryption mode is relatively limited because media data can only be encrypted by using the encryption process defined by the original HLS transmission protocol in the live video transmission process can be solved; the encryption scheme may be extended.

Description

Media data transmission method, device and storage medium

Technical Field

The application relates to a media data transmission method, a device and a storage medium, belonging to the technical field of communication.

Background

HTTP Live Streaming (HLS) is a protocol defined by Apple inc for real-time Streaming. HLS is implemented based on the HyperText Transfer Protocol (HTTP), and provides a method for efficiently and reliably transmitting continuous video over the internet.

The HLS protocol defines at least two encryption processes for encrypting media data. Such as: advanced Encryption Standard (AES) -128 Encryption process and SAMPLE-AES Encryption process are defined. In the AES-128 encryption process, 128-bit data is used as a group of block encryption algorithms for symmetric encryption and a Cipher-block chaining (CBC) encryption mode is used in a matching manner to encrypt the whole target media fragment; the SAMPLE-AES encryption process is used to encrypt media SAMPLE data within a target media fragment using the AES-128 encryption algorithm in conjunction with the CBC encryption mode.

However, when the HLS protocol is used to transmit data in the live video broadcast process, the data can only be encrypted by using the encryption process defined by the HLS protocol, and the encryption mode is limited.

Disclosure of Invention

The application provides a media data transmission method, a device and a storage medium, which can solve the problem that the encryption mode is relatively limited because media data can only be encrypted by using an encryption process defined by a transmission protocol in the video live broadcast process. The application provides the following technical scheme:

in a first aspect, a media data transmission method is provided, where the method includes:

determining an original protocol version number of a transmission protocol used when the target media segment is transmitted;

expanding the original protocol version number to obtain an expanded protocol version number; the extended encryption process is an encryption process outside the transmission protocol definition range;

generating a key label according to the process identifier of the extended encryption process and the key identifier of the encryption key;

encrypting the target media segment according to the expansion encryption process and the encryption key to obtain an encrypted media segment;

generating a media play list according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment;

and issuing the media play list and the encrypted media segments, wherein the media play list is used for a receiving end to decrypt the encrypted media segments according to the extended protocol version number and the key labels.

Optionally, the encrypting the target media segment according to the extended encryption process and the encryption key to obtain an encrypted media segment includes:

and taking the target media segment as a whole, and encrypting the target media segment by using the extended encryption process and the encryption key to obtain the encrypted media segment.

and encrypting the media sample data in the target media fragment by using the extended encryption process and the encryption key to obtain the encrypted media fragment.

Optionally, the generating a key tag according to the process identifier of the extended encryption process and the key identifier of the encryption key includes:

acquiring an encrypted initial vector;

acquiring the key identification;

and setting the algorithm attribute in the key label as the process identifier of the expanded encryption process according to the transmission protocol, setting the key attribute in the key label as the key identifier, and setting the initial vector attribute in the key label as the encrypted initial vector to obtain the key label.

performing exclusive or operation on the encrypted initial vector and a target media fragment in an encrypted block chain (CBC) block encryption mode; encrypting the XOR target media segment by using the expansion encryption process and the encryption key to obtain the encrypted media segment;

or,

encrypting the encrypted initial vector using the extended encryption process and the encryption key in a counter CTR packet encryption mode; and carrying out XOR operation on the encrypted initial vector and the target media segment to obtain the encrypted media segment.

Optionally, after generating the key tag according to the extended encryption process and the key identifier of the encryption key, the method further includes:

updating the key label when the use time of the encryption key reaches a preset time;

and generating an updated media play list according to the updated key label and the target media segment corresponding to the time for updating the key label.

In a second aspect, a media data transmission method is provided, the method including:

acquiring a media play list issued by a sending end; the media play list is generated by the sending end according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; the extended protocol version number is obtained by extending the original protocol version number of the transmission protocol; the key label is generated according to the process identification of the expanded encryption process and the key identification of the encryption key; the encrypted media segment is obtained by encrypting the target media segment by using the extended encryption process and the encryption key; the extended encryption process refers to an encryption process outside the transmission protocol definition range;

determining the processing process of the target media segment according to the extended protocol version number in the media play list;

downloading the encrypted media segments indicated by the segment identifiers in the media playlist according to the processing process;

acquiring the encryption key indicated by the key identifier in the key label according to the processing process;

decrypting the encrypted media segment according to the extended encryption process indicated by the process identifier and the encryption key to obtain the target media segment;

and processing the target media segment.

In a third aspect, an apparatus for transmitting media data is provided, the apparatus comprising:

a version number determining module, which is used for determining the original protocol version number of the transmission protocol used when the target media segment is transmitted;

the version number expansion module is used for expanding the original protocol version number to obtain an expanded protocol version number; the extended encryption process is an encryption process outside the transmission protocol definition range;

the label generating module is used for generating a key label according to the process identifier of the expanded encryption process and the key identifier of the encryption key;

the data encryption module is used for encrypting the target media segment according to the expansion encryption process and the encryption key to obtain an encrypted media segment;

the list generation module is used for generating a media play list according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment;

and the data issuing module is used for issuing the media playlist and the encrypted media segments, and the media playlist is used for a receiving end to decrypt the encrypted media segments according to the extended protocol version number and the key labels.

In a fourth aspect, there is provided a media data transmission apparatus, the apparatus comprising:

the list acquisition module is used for acquiring a media play list issued by a sending end; the media play list is generated by the sending end according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; the extended protocol version number is obtained by extending the original protocol version number of the transmission protocol; the key label is generated according to the process identification of the expanded encryption process and the key identification of the encryption key; the encrypted media segment is obtained by encrypting the target media segment by using the extended encryption process and the encryption key; the extended encryption process refers to an encryption process outside the transmission protocol definition range;

a process determining module, configured to determine a processing process of the target media segment according to the extended protocol version number in the media playlist;

a data downloading module, configured to download the encrypted media segment indicated by the segment identifier in the media playlist according to the processing procedure;

a key obtaining module, configured to obtain the encryption key indicated by the key identifier in the key tag according to the processing procedure;

the data decryption module is used for decrypting the encrypted media segment according to the extended encryption process indicated by the process identification and the encryption key to obtain the target media segment;

and the data processing module is used for processing the target media fragment.

In a fifth aspect, there is provided a media data transmission apparatus, the apparatus comprising a processor and a memory; the memory stores therein a program that is loaded and executed by the processor to implement the media data transmission method of the first aspect; or the media data transmission method according to the second aspect.

In a sixth aspect, there is provided a computer-readable storage medium having a program stored therein, the program being loaded and executed by the processor to implement the media data transmission method of the first aspect; or the media data transmission method according to the second aspect.

The beneficial effect of this application lies in: determining an original protocol version number of a transmission protocol used when a target media segment is transmitted; when the target media segment is encrypted by using an expansion encryption process, expanding the original protocol version number to obtain an expansion protocol version number; generating a key label according to the process identifier of the expanded encryption process and the key identifier of the encryption key; encrypting the target media segment according to the expansion encryption process and the encryption key to obtain an encrypted media segment; generating a media play list according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; issuing a media playlist and encrypted media segments; the problem that the encryption mode is relatively limited because media data can only be encrypted by using the encryption process defined by the original transmission protocol in the video live broadcast process can be solved; because the version number of the original protocol can be expanded, a new encryption process is introduced, and therefore, the expansion of the encryption process on the basis of the original transmission protocol can be realized.

The foregoing description is only an overview of the technical solutions of the present application, and in order to make the technical solutions of the present application more clear and clear, and to implement the technical solutions according to the content of the description, the following detailed description is made with reference to the preferred embodiments of the present application and the accompanying drawings.

Drawings

Fig. 1 is a schematic structural diagram of a media data transmission system according to an embodiment of the present application;

fig. 2 is a flowchart of a media data transmission method according to an embodiment of the present application;

fig. 3 is a block diagram of a media data transmission apparatus according to an embodiment of the present application;

fig. 4 is a block diagram of a media data transmission apparatus according to an embodiment of the present application;

fig. 5 is a block diagram of a media data transmission apparatus according to an embodiment of the present application.

Detailed Description

The following detailed description of embodiments of the present application will be described in conjunction with the accompanying drawings and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.

First, several terms referred to in the present application will be described.

HTTP Live Streaming (HLS) is a protocol for Streaming in real time. The HLS is implemented based on a HyperText Transfer Protocol (HTTP), and data transmitted based on the HLS includes at least two parts, one part is descriptive text content in an M3U8 format (referred to as an M3U8 file in this application), and the other part is media content in a TS format (referred to as a TS file in this application).

Alternatively, the M3U8 file is used to define a Media Playlist (Media Playlist). A media playlist is a text that is composed of a set of Uniform Resource Locators (URLs) and various information tags listed in temporal and semantic order. Each URL is associated with a media segment that is a chunk of data of a contiguous data stream that is transportable within a certain time period. In order to play the data stream, the receiving end first obtains the media playlist, and then obtains and plays the media segments indicated by the media playlist.

The media segments may also be referred to as media data segments, media segment files, and the like, and the names of the media segments are not limited in this application.

Optionally, the media segment comprises media sample data and structure description data; the media sample data is used for indicating the media content in the media segment; the structure description data is used to describe a sequence of media sample data such that a target media segment constitutes a segment of a transmittable data chunk. Among them, media sample data includes but is not limited to: indicating that the user is provided directly with audio information for sound media, directly with video information for image media, etc. The structure description data includes, but is not limited to: the auxiliary description information is used for describing and packaging audio media provided for a user into streaming audio data according to a certain media transmission format requirement, the auxiliary description information is used for describing and packaging video media provided for the user into streaming video data according to a certain media transmission format requirement, the auxiliary description information is used for multiplexing the streaming audio data and the streaming video data according to a certain media transmission format requirement, and the like.

Optionally, a certain line URL in the media playlist is preceded by an information tag describing a certain characteristic of the media segment associated with the line URL; alternatively, some characteristic of the entire media playlist is described; or describe some characteristic of the media segment that appears after the informational tag. Alternatively, the info tag uses a "#" to direct the name of one info tag.

Illustratively, the contents of the M3U8 file are as follows:

#EXTM3U

#EXT-X-TARGETDURATION:10

#EXT-X-VERSION:7

#EXT-X-ALLOW-CACHE:NO

#EXT-X-MEDIA-SEQUENCE:1

#EXT-X-KEY:METHOD＝SAMPLE-SM4，

URI＝https://media.example.com/key/keyid，

IV＝0x2F170FB605C5765EBA8D619612ACA7E5

#EXT-X-MAP:URI＝"live.mp4",BYTERANGE＝"560@0"

#EXTINF:4.96907,

#EXT-X-BYTERANGE:25312@560

live.mp4

#EXTINF:4.96907,

#EXT-X-BYTERANGE:25440@25872

live.mp4

#EXTINF:9.009,

http://media.example.com/first.ts

#EXTINF:9.009,

http://media.example.com/second.ts

#EXTINF:3.003,

http://media.example.com/third.ts

in the above example, # EXTM3U in the top line is used to instruct the parser to understand the content of this piece of text in the syntax format of a media playlist in HLS protocol.

The EXT-X-TARGETDURATION tag specifies the maximum value of the duration of the media segment. Alternatively, the EXT-X-TARGETDURATIO has an integer value. The duration of the media segments in the media playlist defined in the extlnf tag is less than or equal to the duration specified by the EXT-X-TARGETDURATION tag. Optionally, the EXT-X-TARGETDURATION tag appears once in the media playlist in the format:

#EXT-X-TARGETDURATION：<s>

where s is an integer in seconds.

EXT-X-VERSION is a VERSION number tag used to indicate the VERSION number of the HLS protocol used by the media segment files in the media playlist. The value of the VERSION number tag EXT-X-VERSION is the protocol VERSION number of the HLS protocol that can be executed by each transmission device during the media data transmission.

The EXT-X-ALLOW-CATCH is a cache indication tag, and the cache indication tag is used for indicating that the media segments are allowed to be cached or not. The cache indication tag is applicable to each media segment in the media playlist. The format of EXT-X-ALLOW-CATCH is as follows:

#EXT-X-ALLOW-CACHE：<YES|NO>

wherein YES is used for indicating that the media segment is allowed to be cached; NO is used to indicate that caching of media fragments is not allowed.

EXT-X-MEDIA-SEQUENCE is a SEQUENCE number indication tag used to indicate the SEQUENCE number of the first MEDIA segment in the MEDIA playlist file in the entire SEQUENCE of live MEDIA segments. The format of EXT-X-MEDIA-SEQUENCE is as follows:

#EXT-X-MEDIA-SEQUENCE：<Number>

where Number is the value of the sequence Number. Optionally, the sequence number is an integer.

Optionally, the number of EXT-X-MEDIA-SEQUENCE tags in the MEDIA playlist file is less than or equal to 1. If there is no EXT-X-MEDIA-SEQUENCE tag in the MEDIA playlist file, the SEQUENCE number of the first URL in the MEDIA playlist is considered to be 0.

EXT-X-KEY is a KEY tag used to provide information needed to decrypt a media segment, and the format of the EXT-X-KEY tag is as follows:

#EXT-X-KEY：METHOD＝<method>，[URI＝“<uri>”]，[IV＝<iv>]

METHOD is an algorithm attribute whose value METHOD specifies the encryption process, which may be a process identification of the encryption process. The process identification is used for uniquely identifying a certain encryption process, and can be the name of the encryption process (including an original encryption process and an extended encryption process); or, the process identifier may also be a random character string, and the setting manner of the process identifier is not limited in this embodiment. Three encryption procedures are defined in the current latest HLS protocol, such as: NONE, AES-128 and SAMPLE-AES. The encryption process NONE indicates that the media file is not encrypted, if the encryption process is NONE, then a Uniform Resource Identifier (URI) and an IV attribute do not exist, and then the EXT-X-KEY label may also be omitted; the Encryption process AES-128 represents that the media fragments are encrypted using an Advanced Encryption Standard (AES) -128-bit key in conjunction with a Cipher-block chaining (CBC) grouping mode; the encryption process SAMPLE-AES represents the use of the AES-128 encryption process for media SAMPLE data within a media fragment in conjunction with the CBC grouping mode for encryption, while format information constituting the media fragment is not encrypted. The URI attribute is a key attribute, and may specify a method of obtaining an encryption key. The value URI of the URI is the key identification of the encryption key. The IV attribute may specify an initialization vector using the key. Alternatively, if the media playlist does not contain an EXT-X-KEY tag, the media segment will not be encrypted. Optionally, the key tag may also include other attributes, such as: keyfremat, and other attributes, which are not described in detail herein; keyfremat and keyfrematcovers are used to describe the way in which the key is parsed from the content obtained through the URI in the key tag.

The EXT-X-MAP tag is used to indicate the manner in which the media initialization portion required for acquisition is obtained. The EXT-X-MAP tag is applied to subsequent media segments until the next EXT-X-MAP tag appears. The format of the XT-X-MAP tag is as follows:

#EXT-X-MAP:URI＝<uri>，BYTERANGE＝<byterange>

the URI is used for indicating the position of the media initialization part resource; BYTERANGE is used to indicate the byte length and byte start position of the block of bytes occupied by the initialization resource. Byterang is an option that, if not specified, indicates that the entire specified resource is needed.

The extlnf tag is a record tag that is used to describe the media file specified by the URI later. Optionally, the format of the record label is:

#EXTINF:<DURATION>，<TITLE>

wherein the DURATION is used to specify the DURATION of the media segment, which may be in seconds, which may be rounded to the nearest integer. The remainder following the inline comma is the title of the media file, which may also be empty.

The EXT-X-Byterange tag is used to indicate that the media fragment is a segment of a media URI resource, and is valid for the URL that follows, and the format of the EXT-X-Byterange tag is as follows:

#EXT-X-BYTERANGE:<n>[@<o>]

wherein n represents the byte length of the media resource linked by the URL occupied by the data block of the media segment, and o represents the byte starting position of the data block of the media segment in the media resource linked by the URI.

Of course, the above is only an exemplary illustration of the M3U8 file, and in practical implementation, the M3U8 file may include more or less information tags, which is not limited in this application.

"http:// media. example. com/first.ts", "http:// media. example. com/second.ts", "http:// media. example. com/third.ts" is a Uniform Resource Locator (URL) address of a media fragment.

Uniform Resource Identifier (URI): refers to a string of characters used to identify a name of an internet resource.

Uniform Resource Locator (URL): the location and access method for indicating the resources obtained from the internet is the address of a standard resource on the internet. In general, a URI marks a web resource that includes the address and access mode of the Internet resource, and a URL marks the address and access mode of the Internet resource, i.e., the URI includes a URL; in other words, all URLs are URIs, but not all URIs are URLs.

Original transmission protocol: refers to an existing protocol for media data transmission, such as: the HLS protocol described above.

Original protocol version number: refers to the version number provided by the original transport protocol, such as: HLS protocol second edition, HLS protocol fifth edition, etc.

The extended transmission protocol is as follows: the method refers to a transmission protocol obtained by expanding a media data transmission mode on the basis of an original transmission protocol. In this application, the extended transport protocol refers to an extensible way that the encryption process of the media data is extended on the basis of the original transport protocol, and the encryption process is added on the basis of the NONE, AES-128 encryption process and SAMPLE-AES encryption process provided by the original HLS protocol, such as: the extensibility is such that characters are added after the original protocol version number to represent extensions to the encryption process. In other words, the protocol content of the original transmission protocol is not changed by the extended transmission protocol, but the extensible mode of the encryption process is added on the basis of the original transmission protocol.

Extended protocol version number: when the media data is transmitted by using the extended transmission protocol, if the media data is encrypted by using the encryption process extended encryption process, the protocol version number is obtained by extending the original protocol version number. Such as: the original protocol version number is 2, and the extended protocol version number obtained by extending the original protocol version number is 2.1.

And (3) an original encryption process: refers to the encryption process defined by the original transport protocol, such as: AES-128 encryption procedure defined in HLS protocol.

And (3) expanding an encryption process: refers to other encryption processes outside the scope defined by the transmission protocol (including the original transmission protocol and the extended transmission protocol), such as: encrypting the target media segment by using a Chinese commercial key algorithm SM4 decryption process which is outside the definition range of the HLS protocol; for another example: encrypt target SAMPLE data in the target media fragment using SAMPLE-SM4 that is outside the HLS protocol definition, and so on. SM4 and SAMPLE-SM4 are extended encryption processes.

Fig. 1 is a schematic structural diagram of a media data transmission system according to an embodiment of the present application, and as shown in fig. 1, the system at least includes: a transmitting end 110 and a receiving end 120.

The transmitting end 110 and the receiving end 120 are devices supporting media data transmission, such as: a mobile phone, a computer, a wearable device, a tablet computer, a personal computer, etc., which are not listed here.

Optionally, the sender 110 is communicatively coupled to the key service subsystem 130 and the media distribution subsystem 140, respectively.

The services that the key service subsystem 130 may provide to the sender 110 include, but are not limited to, the following:

service 1, creates an encryption key and provides the sender 110 with the encryption key and a key identification for the encryption key.

The encryption key may be a randomly generated character string, such as: 16 bytes of binary data, or 128 bits of binary data, etc., and the length and generation method of the encryption key are not limited in this embodiment.

Each encryption key corresponds to a unique key identification by which the encryption key can be associated. Optionally, the key identifier is a uniform fragment identifier, or a string of characters, etc.

Optionally, the encryption keys created by the key service subsystem 130 are time-sensitive, in other words, the encryption keys are valid only for the validity period. The effective duration may be 24 hours, 12 hours, or the like, and the value of the effective duration is not limited in this embodiment.

And the service 2 obtains the associated encryption key according to the key identification.

When the key service subsystem 130 needs to obtain the associated target encryption key according to the target key identifier, the key service subsystem may retrieve the associated target encryption key from the created encryption key and the associated key identifier; when a key identifier consistent with the target key identifier is retrieved, a target encryption key associated with the target key identifier can be obtained; when a key identification that is consistent with the target key identification is not retrieved, a retrieval error is returned to the sender 110 to inform the sender 110 that the target encryption key is not retrieved.

Alternatively, the key service subsystem 130 may provide services through GET requests of the HTTP protocol, the GET requests including key identifications; and returns the original data of the encryption key in the response message of the GET request, such as: binary data represented by 16 bytes.

Alternatively, the key service subsystem 130 may provide access services for keys through some higher security private key transmission channel other than GET requests of the HTTP protocol, such as: a Virtual Private Network (VPN) channel provides access service of the key, and the present application does not limit the transmission manner of the key.

And the service 3, according to the key identification, logs off the associated encryption key.

Optionally, when the key service subsystem 130 receives a logout request, it retrieves from the created encryption key and the associated key identifier according to the target key identifier in the logout request; when a key identification consistent with the target key identification is retrieved, the target encryption key associated with the target key identification is cancelled (deleted); if the key identification consistent with the target key identification is not searched, the process is ended.

Alternatively, the key service subsystem 130 may be provided in a device separate from the sender 110, such as: a server, or a mobile terminal, etc.; or, the method may also be provided in the transmitting end 110; the key service subsystem 130 may be a hardware, software, or combination of hardware and software system when implemented in practice.

The sending end 110 is configured to, after obtaining media data (or called a media stream), segment the media data according to a time interval of a fixed time length (for example, several seconds) to obtain at least one segment; then, the media data (such as audio media data and/or video media data) in the same slice are multiplexed according to the transmission format to obtain the media slice. Wherein, multiplexing the media data means: and creating media structure data of the sequence of the media sample data in each media segment according to the transmission format of the media data, and combining the obtained structure description data with the media sample data to obtain a transmittable media data block.

Among them, the Transport format may be Moving Picture Experts Group (MPEG) 2-Transport Stream (TS).

The sending end 110 is further configured to, after obtaining the target media segment, create a resource of a media playlist for recording the target media segment; and determines the protocol version number of the transmission protocol used when transmitting the target media segment. Wherein, the transmission protocol can be an original transmission protocol; the version number may be an original protocol version number of an original transport protocol; alternatively, the transmission protocol may also be an extended transmission protocol; the version number may also be an extended protocol version number extended based on the original protocol version number. Such as: the sender 110 determines the extended protocol VERSION number to be 5.1, i.e., sets "# EXT-X-VERSION: 5.1".

The media data may be live data or on-demand data, and the media data may be video data, audio data, text data, or picture data, and the like, and the type of the media data is not limited in this embodiment.

Optionally, after obtaining the target media segment, the sending end 110 first obtains an encryption key and a key identifier of the encryption key through a service 1 service provided by the key service subsystem 130; the URI in the key label is then generated from the key identification.

Optionally, the sending end 110 may also randomly generate a string of characters as an encrypted initial vector before generating the key tag, for example: 16 bytes or 128 bits of binary data; then, the sending end 110 uses the encrypted initial vector, the URI generated according to the key identifier, and the key tag obtained by splicing the process identifier of the encryption process; the media playlist is derived before adding the key tag to the segment identification of the target media segment.

Wherein, the process identifier is used to uniquely identify a certain encryption process, and the process identifier may be the name of the encryption process; or, the process identifier may also be a random character string, and the setting manner of the process identifier is not limited in this embodiment.

The fragment identification may be a Uniform Resource Locator (URL) generated by the sender 110 for the target media fragment. Optionally, when the number of segment identifiers recorded in the media playlist reaches a number threshold, the sending end 110 removes the segment identifier added first; and when the key label used by the removed fragment identifier is different from the key label used by the subsequent fragment identifier, removing the key label used by the removed fragment identifier, and sending a logout request to the key service subsystem 130, where the logout request carries the key identifier in the removed key label, and at this time, the key service subsystem 130 provides the service 3.

Optionally, the sending end 110 starts a timer after obtaining the encryption key, and obtains the encryption key and the key identifier through the key service subsystem 130 again when the duration indicated by the timer reaches a preset duration; and/or regenerating the encrypted initial vector, thereby updating the key tag to obtain an updated key tag; and adding the updated key tag to the front of the segment identifier of the target media segment corresponding to the current moment, and generating an updated media play list. The preset duration may be 1 hour, or any value between more than 1 hour and less than 24 hours, or any value between more than the average duration of the media segment file and less than 1 hour, and the embodiment does not limit the setting manner and value of the preset duration.

In this embodiment, the encryption process in the key tag is an original encryption process or an extended encryption process. Such as: the process identification in the key label is SM 4; alternatively, the process in the key tag identifies METHOD-SM 4, where SM4 and SAMPLE-SM4 are extended encryption processes.

Optionally, when the process in the key tag identifies a METHOD as SM4, the sender 110 encrypts the target media segment using SM4 in cooperation with a CBC encryption mode and an encryption key, to obtain an encrypted media segment. Encrypting the media SAMPLE data in the target media fragment using SM4 in cooperation with using the CBC encryption mode and the encryption key when the process identifies METHOD-SM 4; the encrypted target media sample data and the media structure data which are not encrypted form an encrypted media segment; or, reconstructing the media structure data of the encrypted media sample data according to the sequence to obtain the encrypted media segment.

After the sender 110 generates the media playlist, the media playlist may be sent to the media distribution subsystem 140.

Alternatively, the media distribution subsystem 140 may be provided in a device separate from the sender 110, such as: a server, or a mobile terminal, etc.; or, the method may also be provided in the transmitting end 110; the media distribution subsystem 140 may be a hardware, software, or combination of hardware and software system when implemented in practice. Media publication subsystem 140 may be a Web page (Web) site, a Web server, a content distribution network, or any service, program, module, or device that supports the HTTP protocol and the HTTPs protocol.

The media publication subsystem 140 is configured to publish a media playlist and target media segments indicated by segment identifiers in the media playlist.

Optionally, the receiving end 120 is communicatively coupled to the media distribution subsystem 140.

The receiving end 120 obtains a media playlist issued by the media issuing subsystem 140, and obtains a corresponding target media segment according to a segment identifier in the media playlist; and processing the target media segment according to the protocol version number, the encryption process and the key identification indicated by the media playlist.

Optionally, the receiving end 120 obtains the protocol version number after obtaining the media playlist, and when the format of the protocol version number conforms to the format of the extended protocol version number, processes the target media segment using the extended transport protocol.

Optionally, the receiving end 120 obtains the key identifier after obtaining the media playlist; the key identifier is sent to the media distribution subsystem 140, and the media distribution subsystem 140 obtains the encryption key corresponding to the key identifier from the key service subsystem 130, at this time, the key service subsystem 130 provides the service 2 according to the key identifier.

Of course, the receiving end 120 may also be connected to the key service subsystem 130 to directly send the key identifier to the key service subsystem 130 without the media distribution subsystem 140 acting on the key service subsystem 130 to provide the encryption key.

Illustratively, when the encryption process in the key tag in the media playlist is an extended encryption process, and the extended encryption process is to encrypt the target media segment using SM4 in cooperation with the CBC encryption mode, if the process identifier metal is SM4, the receiving end 120 decrypts the encrypted media segment using SM4 and the encryption key, so as to obtain the target media segment. If the process identifier is same-SM 4, the receiving end 120 decrypts the media SAMPLE data in the encrypted media segment by using SM4 and the encryption key, and obtains the target media segment by combining the unencrypted structure description data; or, the decrypted media sample data is subjected to data description according to the sequence reconstruction structure to obtain the target media segment.

Fig. 2 is a flowchart of a media data transmission method according to an embodiment of the present application, and this embodiment explains an example in which the method is applied to the media data transmission system shown in fig. 1. The method at least comprises the following steps:

step 201, the sending end determines the original protocol version number of the transmission protocol used when transmitting the target media segment.

The target media segment is obtained by the sending end fragmenting the obtained media data according to a certain time interval. The target media segment may include video media data, audio media data, or the like, and the present embodiment does not limit the type of the media data in the target media segment.

The media data acquired by the sending end may be acquired by the sending end through an acquisition component, such as: collected through a camera and a microphone; or, the information may also be sent by the acquisition device, such as: transmitted by the camera; or, it may be sent by an external service system, such as: transmitted by the video conference system; alternatively, it may be read from a storage medium, such as: read from a stored file.

Alternatively, the transport protocol may be the original transport protocol; alternatively, it may be an extended transmission protocol.

The original transmission protocol may have multiple original protocol versions, and according to different service types, the sending end may select the original protocol version corresponding to the current service type to transmit the target media segment. Because the extended transmission protocol is extended on the basis of the original transmission protocol, the original transmission protocol of each version has a corresponding extended transmission protocol.

Such as: the original transmission protocol is an HLS protocol, the original protocol version number of the HLS protocol comprises multiple versions such as 2, 3, 4, 5, 6, 7 and 8, and the sending end determines that the original protocol version number is 5 according to the service type of the target media fragment.

Step 202, the sending end expands the original protocol version number to obtain an expanded protocol version number.

The extended encryption process refers to an encryption process outside the transmission protocol definition range.

The sending end may encrypt the target media segment by using an encryption process outside the original transmission protocol definition range, and at this time, the original protocol version number is expanded to obtain an expanded protocol version number.

Optionally, the expanding the original protocol version number means that on the basis of reserving the original protocol version number, other identifiers are added to identify the transmission protocol as the expanded transmission protocol, so as to obtain an expanded protocol version number. Illustratively, on the basis of retaining an integer indicating the original protocol version number, a decimal point and a number are added after the integer, resulting in an extended protocol version. Such as: and adding a decimal point and a number 1 after the original protocol version number 3 of the original transmission protocol HLS to obtain an extended protocol version number 3.1.

Such as: the extended protocol version number in the media playlist generated by the sending end is as follows:

#EXT-X-VERSION:3.1

in step 203, the transmitting end generates a key label according to the process identifier of the extended encryption process and the key identifier of the encryption key.

The process identification is used for uniquely identifying a certain encryption process, and can be the name of the encryption process (including the extended encryption process); or, the process identifier may also be a random character string, and the setting manner of the process identifier is not limited in this embodiment. Such as: the procedures are identified as SM4, SAMPLE-SM 4.

The encryption key may be generated by the sending end; or, the sending end may also obtain the key from the key service subsystem.

Optionally, before the sending end generates the key tag, an encrypted initial vector may also be obtained; acquiring a key identification; and then, setting the algorithm attribute in the key label as a process identifier for expanding the encryption process according to the transmission protocol, setting the key attribute in the key label as the key identifier, and setting the initial vector attribute in the key label as an encryption initial vector to obtain the key label.

Optionally, the block encryption of the media data has a plurality of encryption modes, and in addition to the encryption key required in each encryption mode, an encryption initial vector with a random component may be included as a starting parameter of the encryption process, and the encryption initial vector and the encryption key act together on the target media segment to be encrypted to generate the encrypted media segment. The specific operations applied to the data during the encryption process by the encrypted initial vector vary with the encryption grouping mode.

In one example, in CBC block encryption mode, the encrypted initial vector is used to xor with the target media segment; and then, encrypting the XOR target media segment by using the expansion encryption process and the encryption key to obtain the encrypted media segment.

In yet another example, in a Counter (CTR) packet encryption mode, an encrypted initial vector is encrypted using an extended encryption process and an encryption key; and then, carrying out exclusive OR operation on the encrypted initial vector and the target media segment to obtain the encrypted media segment.

Optionally, the sending end obtains an encrypted initial vector every time a target media segment is sent; or, the sending end acquires an encrypted initial vector for the subsequently sent target media segment at intervals; or the sending end obtains a new encrypted initial vector when encrypting a preset number of target media segments by using the same encrypted initial vector; or, the sending end obtains a new encryption initial vector when obtaining the encryption key; or, the sending end obtains the encrypted initial vector when sending the target media segment for the first time; the present embodiment does not limit the generation timing, the application range, and the replacement rule of the encrypted initial vector.

Such as: the key labels in the media playlist generated by the sending end are as follows:

#EXT-X-KEY:METHOD＝SM4，URI＝"https://media.example.com/key/keyid",

IV＝0xBFE5DD026B3170DE8854EA0D9E142479

and step 204, the sending end encrypts the target media segment according to the expanded encryption process and the encryption key to obtain the encrypted media segment.

Optionally, the method for encrypting the target media segment by the sending end includes, but is not limited to, the following:

the first method comprises the following steps: and taking the target media segment as a whole, and encrypting the target media segment by using an expanded encryption process and an encryption key to obtain the encrypted media segment.

Such as: and when the process identifier (METHOD) in the key tag is SM4, the sending end encrypts the whole target media segment to obtain the encrypted media segment.

Alternatively, the first encryption scheme may be applied to only a part of the original protocol version number, such as: only for the original HLS protocol version numbers 1, 2 and 3.

And the second method comprises the following steps: the target media segment comprises media sample data and structure description data, and the media sample data in the target media segment is encrypted by using an expanded encryption process and an encryption key to obtain an encrypted media segment.

The sending end separates the media sample data and the media structure data in the target media segment, encrypts the media sample data by using an expanded encryption process and an encryption key, and then recombines the encrypted media sample data and the unencrypted media structure data into the encrypted media segment; or, the sending end encrypts the media sample data by using the expansion encryption process and the encryption key, reconstructs media structure data according to the encrypted media sample data, and reconstructs the encrypted media sample data and the reconstructed structure description data to obtain encrypted media segments.

Such as: when the process identifier in the key tag is identical-SM 4, the sending end first separates and encrypts the media SAMPLE data in the target media segment, and then recombines the encrypted media SAMPLE data and the media structure data to obtain the encrypted media segment.

Alternatively, the second encryption scheme may be applied to only a part of the original protocol version number, such as: only the original HLS protocol version number 5 and the following original protocol version number.

Optionally, when the sending end encrypts the target media segment by using the extended encryption process, the sending end may encrypt the target media segment by combining the working mode of block encryption. Such as: and encrypting the target media segment in combination with the CBC mode.

Such as: in the MPEG-2_ TS format, the sending end skips the fixed length bytes at the beginning of each data frame to not encrypt the data, and then encrypts and protects the next data. The fixed length byte at the beginning is a preamble plaintext and belongs to structure description data; the data preceding the plaintext in the data frame is the media sample data.

Alternatively, the length of the preamble plaintext may be different according to the media data encoding type. Such as: for Audio data, when the Audio encoding format is an Advanced Audio Coding (AAC) format, the leading plaintext includes header data of the Audio data and subsequent data of 16 bytes in length. For another example, for Audio data, when the Audio Coding format is Audio Coding-3 (AC-3) format, the preamble plaintext is data of 16 bytes in length. For another example, for video media data, when the video coding format is an h.264 coding format expressed using NALU, the preamble plaintext is data of 32 bytes in length.

Optionally, when media sample data in the target media segment is encrypted, if the length of the remaining media sample data to be encrypted does not reach the length (for example, 16 bytes) required by the encryption packet, the remaining media sample data to be encrypted may be used as a plaintext, and no encryption process is performed. In this case, the encryption packet length is shorter than the length of the media sample data, and at this time, even if a block of media sample data is not encrypted, the encryption effect of the entire media sample data is not significantly adversely affected.

Optionally, when media sample data in the target media segment is encrypted, if the length of the remaining media sample data to be encrypted does not reach the length required by the encrypted packet (for example, 16 bytes), the remaining media sample data to be encrypted may be spliced into the length required by the encrypted packet by using random data at the tail, and then participate in encryption. In this case, the length of the encrypted data is larger than that of the data before encryption, so that the original unencrypted media structure data is not used in combination, but new media structure data is reconstructed, and the encrypted media sample data and the new media structure data are recombined into encrypted media fragments.

Certainly, when the key tag includes the encrypted initial vector, the sending end may also encrypt the target media segment by using the encrypted initial vector and the encryption key, which is not described herein in this embodiment.

In step 205, the sending end generates a media playlist according to the version number of the extended protocol, the key label and the segment identifier of the encrypted media segment.

Optionally, the segment identifier of the encrypted media segment may be a URL address of the encrypted media segment; and the receiving terminal downloads the corresponding encrypted media segments according to the URL address.

The media play list is used for the receiving end to decrypt the encrypted media segments according to the version number of the extended protocol and the key label.

In step 206, the sending end issues a media playlist and encrypted media segments.

Optionally, the sending end may publish the media playlist and the encrypted media segment through the media publishing subsystem.

Optionally, the media playlist and the encrypted media segment published by the media publishing subsystem are allowed to be accessed by the receiving end within a specified access time period. The access period may be sender-specified.

Alternatively, the access time period may be a multiple of the duration of the encrypted media segment, such as: 10 times; or, when the media data acquired by the sending end is live data, the time length of the access time period is greater than or equal to the live time length, and the time length of the access time period is not limited in this embodiment.

Optionally, the media publishing subsystem publishes the media playlist and the encrypted media segment based on an HTTP protocol; or, the media playlist and the encrypted media segment are issued based on a hypertext Transfer Protocol over Secure Socket Layer (HTTPS) Protocol, which does not limit the Protocol used by the media issuing subsystem in this embodiment.

Optionally, the media publishing subsystem publishes the encrypted media segment in a cache-inhibited manner.

Step 207, the receiving end obtains the media playlist issued by the sending end.

When a transmitting end encrypts a target media segment by using an extended encryption process, a media playlist is generated by the transmitting end according to an extended protocol version number, a key label and a segment identifier of the encrypted media segment; the extended protocol version number is obtained by extending the original protocol version number of the transmission protocol; the key label is generated according to the process identification of the expanded encryption process and the key identification of the encryption key; the encrypted media segment is obtained by encrypting the target media segment by using an extended encryption process and an encryption key.

Optionally, after being authorized by the media publishing subsystem, the receiving end obtains the media playlist published by the transmitting end. Such as: the receiving end sends the login information to the media publishing subsystem, and when the media publishing subsystem verifies that the login information is correct, the receiving end is allowed to acquire the media playlist.

Optionally, the receiving end periodically obtains the media playlist issued by the sending end according to the URL of the media playlist.

And step 208, the receiving end determines the processing process of the target media segment according to the extended protocol version number in the media play list.

Optionally, the receiving end obtains the version number tag after obtaining the media playlist, and when the format of the version number tag is the format of the extended protocol version number, it indicates that the receiving end uses the extended transmission protocol to process the target media segment.

Step 209, the receiving end downloads the encrypted media segments indicated by the segment identifiers in the media playlist according to the processing procedure.

And the receiving terminal downloads the encrypted media fragments from the media publishing subsystem according to the fragment identifications.

Step 210, the receiving end obtains the encryption key indicated by the key identifier in the key label according to the processing procedure.

Optionally, the receiving end sends the key identifier to the key subsystem through the media publishing subsystem, and then the key subsystem returns the corresponding encryption key according to the key identifier; or the receiving end directly communicates with the key subsystem, and the key subsystem returns the corresponding encryption key according to the key identifier.

And step 211, the receiving end decrypts the encrypted media segment according to the extended encryption process and the encryption key indicated by the process identifier to obtain the target media segment.

According to the two encryption methods provided in step 204, the corresponding decryption methods include, but are not limited to, the following:

a first decryption mode corresponding to the first encryption mode: and decrypting the encrypted media segment by using the expanded encryption process and the encryption key, namely the target media segment.

A second decryption mode corresponding to the second encryption mode: separating the encrypted media segments to obtain structure description data and encrypted media sample data; decrypting the encrypted media sample data by using the expanded encryption process and the encryption key, and recombining the decrypted media sample data and the media structure to obtain a target media segment; or reconstructing media structure data according to the sequence of the decrypted media sample data, and reconstructing the decrypted media sample data and the reconstructed structure description data to obtain the target media segment.

Of course, if the sending end uses the encrypted initial vector to encrypt the target media segment in the encryption process, correspondingly, the receiving end needs to use the same method to generate the corresponding decrypted initial vector in the decryption process, and use the decrypted initial vector to decrypt the encrypted media segment.

Step 212, the receiving end processes the target media segment.

Optionally, the receiving end processes the target media segment to play the target media segment.

In summary, the media data transmission method provided in this embodiment determines the original protocol version number of the transmission protocol used when the target media segment is transmitted; when the target media segment is encrypted by using an expansion encryption process, expanding the original protocol version number to obtain an expansion protocol version number; generating a key label according to the process identifier of the expanded encryption process and the key identifier of the encryption key; encrypting the target media segment according to the expansion encryption process and the encryption key to obtain an encrypted media segment; generating a media play list according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; issuing a media playlist and encrypted media segments; the problem that the encryption mode is relatively limited because media data can only be encrypted by using the encryption process defined by the original transmission protocol in the video live broadcast process can be solved; because the version number of the original protocol can be expanded, a new encryption process is introduced, and therefore, the expansion of the encryption process on the basis of the original transmission protocol can be realized.

In addition, the media data transmission method provided by the embodiment can be suitable for various media transmission protocols, and even if the existing transmission protocols are upgraded subsequently, the media data transmission method is still effective.

In addition, the media structure description data in the media segment is selectively disclosed; carrying out encryption protection on media sample data; under the condition of not reducing the protection of the media sample data, the media segments are processed by format conversion and the like, for example, the structural description data of the media is reconstructed according to the requirements of a new media format and the media data is recombined, and the media segments can be directly integrated into a service system of the new media format.

Alternatively, step 201 and 206 may be implemented separately as a method embodiment on the sending end side; steps 207-212 can be implemented separately as an embodiment of the method on the receiving side, which is not limited in this embodiment.

Optionally, the sending end needs to change the encryption key periodically when providing the media data, thereby reducing the possibility that the media data is attacked during the long-time media data transmission process. When replacing a new encryption key, the sending end needs to apply the new encryption key to the media playlist, and insert a key identifier to which the new encryption key is applied before the segment identifier of the media segment encrypted and protected by using the encryption key.

Based on the above embodiment, after step 203, the sending end updates the key tag when the usage duration of the encryption key reaches the preset duration, so as to obtain an updated key tag; and generating an updated media playlist according to the updated key label and the target media segment corresponding to the time for updating the key label.

Optionally, the preset time is 1 hour; alternatively, greater than 1 hour and less than 24 hours; or less than 1 hour and greater than the average duration of the target media segment. The present embodiment does not limit the setting manner and value of the preset duration.

Wherein, the sending end updates the key label and includes: the key identification in the key tag is updated and/or the initial vector is encrypted.

In summary, in the embodiment, the key identifier of the encryption key and/or the encryption initial vector are updated every preset time interval, so that the possibility that the media data is attacked in the long-time media data transmission process can be reduced; the security of the media data is improved.

Fig. 3 is a block diagram of a media data transmission apparatus according to an embodiment of the present application, and this embodiment takes the sending end 110 of the apparatus applied in the media data transmission system shown in fig. 1 as an example for explanation. The device at least comprises the following modules: a version number determination module 310, a version number expansion module 320, a tag generation module 330, a data encryption module 340, a list generation module 350, and a data publication module 360.

A version number determining module 310, configured to determine an original protocol version number of a transmission protocol used when the target media segment is transmitted;

a version number extension module 320, configured to extend the original protocol version number to obtain an extended protocol version number; the extended encryption process is an encryption process outside the transmission protocol definition range;

a tag generating module 330, configured to generate a key tag according to the process identifier of the extended encryption process and the key identifier of the encryption key;

the data encryption module 340 is configured to encrypt the target media segment according to the extended encryption process and the encryption key to obtain an encrypted media segment;

a list generating module 350, configured to generate a media playlist according to the extended protocol version number, the key tag, and the segment identifier of the encrypted media segment;

the data publishing module 360 is configured to publish the media playlist and the encrypted media segment, where the media playlist is used for a receiving end to decrypt the encrypted media segment according to the extended protocol version number and the key tag.

For relevant details reference is made to the above-described method embodiments.

Fig. 4 is a block diagram of a media data transmission apparatus according to an embodiment of the present application, and the embodiment takes the apparatus as an example for being applied to the receiving end 120 in the media data transmission system shown in fig. 1. The device at least comprises the following modules: list acquisition module 410, procedure determination module 420, data download module 430, key acquisition module 440, data decryption module 450, and data processing module 460.

A list obtaining module 410, configured to obtain a media playlist issued by a sending end; the media play list is generated by the sending end according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; the extended protocol version number is obtained by extending the original protocol version number of the transmission protocol; the key label is generated according to the process identification of the extended encryption process and the key identification of the encryption key; the encrypted media segment is obtained by encrypting the target media segment by using the extended encryption process and the encryption key; the extended encryption process refers to an encryption process outside the transmission protocol definition range;

a process determining module 420, configured to determine a processing process of the target media segment according to the extended protocol version number in the media playlist;

a data downloading module 430, configured to download the encrypted media segment indicated by the segment identifier in the media playlist according to the processing procedure;

a key obtaining module 440, configured to obtain the encryption key indicated by the key identifier in the key tag according to the processing procedure;

the data decryption module 450 is configured to decrypt the encrypted media segment according to the extended encryption process indicated by the process identifier and the encryption key to obtain the target media segment;

a data processing module 460, configured to process the target media segment.

It should be noted that: in the media data transmission device provided in the above embodiment, when media data is transmitted, only the division of the above functional modules is taken as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the media data transmission device is divided into different functional modules, so as to complete all or part of the above described functions. In addition, the media data transmission device and the media data transmission method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.

Fig. 5 is a block diagram of a media data transmission apparatus according to an embodiment of the present application, where the apparatus may be the transmitting end 110 in the media data transmission system shown in fig. 1; alternatively, it may be the receiving end 120. The apparatus comprises at least a processor 501 and a memory 502.

Processor 501 may include one or more processing cores such as: 4 core processors, 5 core processors, etc. The processor 501 may be a Digital Signal Processing (DSP), a Field Programmable Gate Array (FPGA), or a Programmable Gate Array (PLA)

(Programmable Logic Array ) in a Programmable Logic Array. The processor 501 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 501 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, processor 501 may also include an AI (Artificial Intelligence) processor for processing computational operations related to machine learning.

Memory 502 may include one or more computer-readable storage media, which may be non-transitory. Memory 502 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 502 is used to store at least one instruction for execution by processor 501 to implement the media data transmission method provided by the method embodiments herein.

In some embodiments, the media data transmission device may further include: a peripheral interface and at least one peripheral. The processor 501, memory 502 and peripheral interfaces may be connected by buses or signal lines. Each peripheral may be connected to the peripheral interface via a bus, signal line, or circuit board. Illustratively, peripheral devices include, but are not limited to: radio frequency circuit, touch display screen, audio circuit, power supply, etc.

Of course, the media data transmission apparatus may also include fewer or more components, which is not limited in this embodiment.

Optionally, the present application further provides a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the media data transmission method of the above method embodiment.

Optionally, the present application further provides a computer product, which includes a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the media data transmission method of the above-mentioned method embodiment.

The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. A method for media data transmission, the method comprising:

expanding the original protocol version number to obtain an expanded protocol version number;

generating a key label according to the process identifier of the expanded encryption process and the key identifier of the encryption key; the extended encryption process is an encryption process outside the transmission protocol definition range;

the media play list and the encrypted media segments are issued, and the media play list is used for a receiving end to decrypt the encrypted media segments according to the extended protocol version number and the key labels;

generating a key label according to the process identifier of the extended encryption process and the key identifier of the encryption key, including:

acquiring an encrypted initial vector;

acquiring the key identification;

2. The method according to claim 1, wherein the target media segment includes media sample data and structure description data, and the encrypting the target media segment according to the extended encryption process and the encryption key to obtain an encrypted media segment includes:

3. The method of claim 1, wherein the encrypting the target media segment according to the extended encryption process and the encryption key to obtain an encrypted media segment comprises:

or,

4. The method of claim 1, wherein after generating the key label according to the process identifier of the extended encryption process and the key identifier of the encryption key, the method further comprises:

5. A method for media data transmission, the method comprising:

acquiring a media play list issued by a sending end; the media play list is generated by the sending end according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; the extended protocol version number is obtained by extending the original protocol version number of the transmission protocol; the key tag is obtained by setting the algorithm attribute in the key tag as a process identifier for expanding an encryption process according to the transmission protocol, setting the key attribute in the key tag as a key identifier for encrypting a key, and setting the initial vector attribute in the key tag as an encrypted initial vector; the encrypted media segment is obtained by encrypting the target media segment by using the extended encryption process and the encryption key; the extended encryption process refers to an encryption process outside the transmission protocol definition range;

and processing the target media segment.

6. An apparatus for media data transmission, the apparatus comprising:

the version number expansion module is used for expanding the original protocol version number to obtain an expanded protocol version number;

the label generating module is used for generating a key label according to the process identifier of the expanded encryption process and the key identifier of the encryption key; the extended encryption process is an encryption process outside the transmission protocol definition range;

the data release module is used for releasing the media playlist and the encrypted media segments, and the media playlist is used for a receiving end to decrypt the encrypted media segments according to the extended protocol version number and the key labels;

the tag generation module is configured to:

acquiring an encrypted initial vector;

acquiring the key identification;

7. An apparatus for media data transmission, the apparatus comprising:

the list acquisition module is used for acquiring a media play list issued by a sending end; the media play list is generated by the sending end according to the version number of the extended protocol, the key label and the fragment identification of the encrypted media fragment; the extended protocol version number is obtained by extending the original protocol version number of the transmission protocol; the key tag is obtained by setting the algorithm attribute in the key tag as a process identifier for expanding an encryption process according to the transmission protocol, setting the key attribute in the key tag as a key identifier for encrypting a key, and setting the initial vector attribute in the key tag as an encrypted initial vector; the encrypted media segment is obtained by encrypting the target media segment by using the extended encryption process and the encryption key; the extended encryption process refers to an encryption process outside the transmission protocol definition range;

8. An apparatus for media data transmission, the apparatus comprising a processor and a memory; the memory stores therein a program that is loaded and executed by the processor to implement the media data transmission method according to any one of claims 1 to 4; or, implementing the media data transmission method as claimed in claim 5.

9. A computer-readable storage medium, characterized in that the storage medium has stored therein a program for implementing the media data transmission method according to any one of claims 1 to 4 when executed by a processor; or, implementing the media data transmission method as claimed in claim 5.