CN110505531B - Media data transmission system, method and device - Google Patents

Media data transmission system, method and device Download PDF

Info

Publication number
CN110505531B
CN110505531B CN201910591517.5A CN201910591517A CN110505531B CN 110505531 B CN110505531 B CN 110505531B CN 201910591517 A CN201910591517 A CN 201910591517A CN 110505531 B CN110505531 B CN 110505531B
Authority
CN
China
Prior art keywords
media data
key
encrypted
client
management platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910591517.5A
Other languages
Chinese (zh)
Other versions
CN110505531A (en
Inventor
陈加栋
陈学明
王滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN201910591517.5A priority Critical patent/CN110505531B/en
Publication of CN110505531A publication Critical patent/CN110505531A/en
Application granted granted Critical
Publication of CN110505531B publication Critical patent/CN110505531B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/239Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests
    • H04N21/2393Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests involving handling client requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a system, a method and a device for transmitting media data. The management platform respectively allocates a first RC, a RM and an RV to the client, the management platform and the media server; determining a first Key by utilizing a first RC, an RM and an RV and a preset secret sharing algorithm; sending a first RC and a first Key to a client; and sending the RM, the RV and the first Key to the media server. The client side encrypts the first RC by using the first Key to obtain an encrypted RC; and sending a first media data request carrying the encrypted RC to a media server. The media server decrypts the encrypted RC by using the first Key to obtain a second RC; determining a second Key through a preset secret sharing algorithm according to the second RC, the RM and the RV; and if the first Key and the second Key are the same, acquiring the encrypted media data and sending the encrypted media data to the client. By applying the technical scheme provided by the embodiment of the application, the efficiency of media data transmission is improved, and the network security is improved.

Description

Media data transmission system, method and device
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a system, a method, and an apparatus for media data transmission.
Background
The video monitoring system comprises a management platform, a media server, front-end equipment and a client. The front-end equipment collects media data and sends the media data to the media server. The media server sends the media data to the management platform. And the management platform analyzes and processes the media data and sends the processed media data to the client. The client outputs the display media data. In the process of media data transmission based on the video monitoring system, the risk of data leakage exists.
In order to reduce the risk of data leakage, the front-end device and the management platform perform key agreement, and determine a first encryption key for transmitting media data between the front-end device and the management platform. And the client and the management platform carry out key agreement to determine a second encryption key for transmitting the media data between the client and the management platform. At this time, the media data transmission process is that the front-end device encrypts the acquired media data by using the first encryption key, and sends the encrypted media data to the management platform through the media server. The management platform decrypts the received media data by using the first encryption key, analyzes the decrypted media data, encrypts the media data by using the second encryption key, and sends the encrypted media data to the client.
In the transmission process of the media data, the management platform and other devices perform key agreement for multiple times, and the media data is encrypted for multiple times. This makes data transmission inefficient. In addition, in the process of transmitting the media data, if an attacker intercepts the encryption key, the attacker can easily imitate the client or the front-end equipment, and the network security is poor.
Disclosure of Invention
An object of the embodiments of the present application is to provide a system, a method and a device for transmitting media data, so as to improve efficiency of media data transmission and improve network security. The specific technical scheme is as follows:
in order to achieve the above object, an embodiment of the present application provides a media data transmission system, where the system includes a client, a management platform, and a media server;
the management platform allocates a first RC (Random-number Client, Client Random number) to the Client, allocates a RM (Random-number manager, management Random number) to the management platform, and allocates a RV (Random-number vector, media Random number) to the media server; determining a first Key (Key) by using the first RC, the RM and the RV and a preset secret sharing algorithm; sending the first RC and the first Key to the client; sending the RM, the RV and the first Key to the media server;
the client side encrypts the first RC by using the first Key to obtain an encrypted RC; sending a first media data request carrying the encrypted RC and a target media data identifier to the media server;
the media server receives the first media data request; decrypting the encrypted RC by using the first Key to obtain a second RC; determining a second Key according to the second RC, the RM, the RV and the preset secret sharing algorithm; judging whether the first Key and the second Key are the same; if the encrypted media data are the same as the target media data, acquiring encrypted media data corresponding to the target media data identifier, and sending the encrypted media data to the client;
the client receives the encrypted media data; and decrypting the encrypted media data by using the first Key to obtain the target media data.
Optionally, the media server obtains target media data corresponding to the target media data identifier from locally cached media data; encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
Optionally, the system further includes a front-end device;
the management platform allocates a first RI (Random-number In-front, front-end Random data) to the front-end device; determining a first Key by using the first RC, the RM, the RV and the first RI, and a preset secret sharing algorithm; and sending the first RI and the first Key to the front-end equipment.
Optionally, the media server sends a second media data request carrying the target media data identifier to the front-end device;
the front-end equipment receives the second media data request; acquiring target media data corresponding to the target media data identifier; encrypting the target media data by using the first Key to obtain encrypted media data; encrypting the first RI by using the first Key to obtain an encrypted RI; sending the encrypted RI and the encrypted media data to the media server;
the media server receives the encrypted RI and the encrypted media data; decrypting the encrypted RI by using the first Key to obtain a second RI; determining a third Key according to the second RI, the RM, the RV and the preset secret sharing algorithm; judging whether the first Key and the third Key are the same; and if the encrypted media data are the same, sending the encrypted media data to the client.
Optionally, the management platform sends a preset public key to the client, the media server, and the front-end device, respectively; encrypting the first RC and the first Key by using a preset private Key corresponding to the preset public Key to obtain first encrypted data, and sending the first encrypted data to the client; encrypting the RM, the RV and the first Key by using the preset private Key to obtain second encrypted data, and sending the second encrypted data to the media server; encrypting the RI and the first Key by using the preset private Key to obtain third encrypted data, and sending the third encrypted data to the front-end equipment;
the client receives the first encrypted data, and decrypts the first encrypted data by using the preset public Key to obtain the first RC and the first Key;
the media server receives the second encrypted data, and decrypts the second encrypted data by using the preset public Key to obtain the RM, the RV and the first Key;
and the front-end equipment receives the third encrypted data, and decrypts the third encrypted data by using the preset public Key to obtain the first RI and the first Key.
In order to achieve the above object, an embodiment of the present application further provides a media data transmission method, which is applied to a media server included in a media data transmission system, where the media data transmission system further includes a client and a management platform; the method comprises the following steps:
receiving a first media data request sent by the client, wherein the first media data request comprises an encrypted RC and a target media data identifier, and the encrypted RC is obtained by encrypting a first RC distributed by the management platform for the client by the client;
decrypting the encrypted RC by using a first Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm by using the first RC, the RM distributed by the management platform for the management platform and the RV distributed by the management platform for the media server;
determining a second Key according to the second RC, the RM, the RV and the preset secret sharing algorithm;
judging whether the first Key and the second Key are the same;
if the encrypted media data are the same as the target media data, the encrypted media data corresponding to the target media data identification are obtained, and the encrypted media data are sent to the client.
Optionally, the step of obtaining the encrypted media data corresponding to the target media data identifier includes:
acquiring target media data corresponding to the target media data identifier from locally cached media data;
encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
Optionally, the media data transmission system further includes a front-end device;
the step of obtaining the encrypted media data corresponding to the target media data identifier and sending the encrypted media data to the client comprises:
sending a second media data request carrying the target media data identifier to the front-end equipment;
receiving encrypted RI and encrypted media data sent by the front-end equipment, wherein the encrypted RI is obtained by encrypting the first RI by the front-end equipment by using the first Key, and the encrypted media data is obtained by encrypting the target media data by the front-end equipment by using the first Key;
decrypting the encrypted RI by using the first Key to obtain a second RI;
determining a third Key according to the second RI, the RM, the RV and the preset secret sharing algorithm;
judging whether the first Key and the third Key are the same;
and if the encrypted media data are the same, sending the encrypted media data to the client.
Optionally, before receiving the first media data request sent by the client, the method further includes:
receiving a preset public key sent by the management platform;
receiving encrypted data sent by the management platform, wherein the encrypted data is obtained by the management platform encrypting the RM, the RV and the first Key by using a preset private Key corresponding to the preset public Key;
and decrypting the encrypted data by using the preset public Key to obtain the RM, the RV and the first Key.
In order to achieve the above object, an embodiment of the present application further provides a media data transmission apparatus, which is applied to a media server included in a media data transmission system, where the media data transmission system further includes a client and a management platform; the device comprises:
a receiving unit, configured to receive a first media data request sent by the client, where the first media data request includes an encrypted RC and a target media data identifier, and the encrypted RC is obtained by encrypting, by the client, a first RC that is allocated to the client by the management platform;
the decryption unit is used for decrypting the encrypted RC by using the first Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm by using the first RC, the RM distributed by the management platform for the management platform and the RV distributed by the management platform for the media server;
a determining unit, configured to determine a second Key according to the second RC, the RM, the RV, and the preset secret sharing algorithm;
a judging unit, configured to judge whether the first Key and the second Key are the same;
and the sending unit is used for acquiring the encrypted media data corresponding to the target media data identifier and sending the encrypted media data to the client if the first Key is the same as the second Key.
Optionally, the sending unit is specifically configured to:
acquiring target media data corresponding to the target media data identifier from locally cached media data; encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
Optionally, the media data transmission system further includes a front-end device;
the sending unit is specifically configured to send a second media data request carrying the target media data identifier to the front-end device; receiving encrypted RI and encrypted media data sent by the front-end equipment, wherein the encrypted RI is obtained by encrypting the first RI by the front-end equipment by using the first Key, and the encrypted media data is obtained by encrypting the target media data by the front-end equipment by using the first Key; decrypting the encrypted RI by using the first Key to obtain a second RI; determining a third Key according to the second RI, the RM, the RV and the preset secret sharing algorithm; judging whether the first Key and the third Key are the same; and if the encrypted media data are the same, sending the encrypted media data to the client.
Optionally, the apparatus further comprises:
the receiving unit is further configured to receive a preset public key sent by the management platform before receiving a first media data request sent by the client; receiving encrypted data sent by the management platform, wherein the encrypted data is obtained by the management platform encrypting the RM, the RV and the first Key by using a preset private Key corresponding to the preset public Key;
the decryption unit is further configured to decrypt the encrypted data by using the preset public Key to obtain the RM, the RV, and the first Key.
To achieve the above object, an embodiment of the present application provides a server, including a processor and a memory; wherein, the memory is used for storing computer programs; the processor is configured to implement any of the above method steps when executing the program stored in the memory.
To achieve the above object, the present application provides a machine-readable storage medium storing machine-executable instructions executable by the processor, and when the machine-executable instructions are executed by the processor, the machine-executable instructions implement any one of the above method steps.
According to the media data transmission system, the media data transmission method and the media data transmission device, each device in the media data transmission system adopts the same secret key to encrypt the media data, multiple times of secret key negotiation is not needed, the media data are only encrypted once, and the efficiency of media data transmission is effectively improved. In addition, the media server verifies the client by using the first Key and the preset secret sharing algorithm, so that the client can be effectively prevented from being counterfeited, and the network security is improved.
Of course, not all of the advantages described above need to be achieved at the same time in the practice of any one product or method of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a media data transmission system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a media data transmission system according to an embodiment of the present application;
fig. 3 is a signaling diagram of media data transmission provided in an embodiment of the present application;
fig. 4 is another signaling diagram of media data transmission provided by an embodiment of the present application;
fig. 5 is a schematic flowchart of a media data transmission method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a media data transmission apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, in the process of media data transmission, a management platform and other devices perform multiple key negotiations, and media data is encrypted for multiple times. This makes data transmission inefficient. In addition, in the process of transmitting the media data, if an attacker intercepts the encryption key, the attacker can easily imitate the client or the front-end equipment, and the network security is poor.
In order to improve the efficiency of media data transmission and improve the network security, the embodiment of the application provides a media data transmission system. Specifically, the media data transmission system shown in fig. 1 includes a client 101, a management platform 102, and a media server 103.
The management platform 102 is configured to allocate a first RC to the client 101, allocate an RM to the management platform 102, and allocate an RV to the media server 103; determining a first secret Key by using the first RC, the RM and the RV and a preset secret sharing algorithm; sending the first RC and the first Key to the client 101; the RM, RV, and first Key are sent to the media server 103.
In this embodiment, after the management platform 102 is started, the first RC is allocated to the client 101, the RM is allocated to the management platform 102, and the RV is allocated to the media server 103. The management platform 102 determines a first Key by using the first RC, RM, and RV through a preset secret sharing algorithm. The management platform 102 sends the first RC and the first Key to the client 101. The management platform 102 sends the RM, RV, and first Key to the media server 103.
The preset secret sharing algorithm may be a Shamir threshold secret sharing algorithm, or may be another secret sharing algorithm, which is not limited in this embodiment of the present application. The first RC, RM, and RV are random numbers generated by the management platform 102. The first Key, the first RC, the RM and the RV are integrated together and used for checking the client.
In an embodiment of the present application, after the management platform 102 is started, if a media data request sent by the client 101 is received, a first RC is allocated to the client 101, an RM is allocated to the management platform 102, an RV is allocated to the media server 103, a first Key is determined by using the first RC, the RM, and the RV through a preset secret sharing algorithm, and the first RC and the first Key are sent to the client 101. Thereafter, the management platform 102 sends a media data request to the media server 103. After receiving the media data request, the media server 103 sends a key request to the management platform 102. The management platform 102 sends the RM, RV, and first Key to the media server 103 according to the Key request.
If the media data request sent by the client 101 is not received, the first RC is not allocated to the client 101, an RM is allocated to the management platform 102, and an RV is allocated to the media server 103. In this way, the workload of the management platform 102 is effectively reduced.
The media data request may be a live request. The live request is for requesting acquisition of media data collected in real time. The media data request may be a video playback request. The video recording playback request is used for requesting to acquire the media data cached in the history.
In an embodiment of the present application, in order to improve security of key transmission, the management platform 102 stores a preset public key and a preset private key. For example, the public and private keys of the RSA2048 algorithm. The management platform 102 synchronizes the preset public key to the client 101 and the media server 103.
The management platform 102 allocates a first RC to the client 101, allocates an RM to the management platform 102, allocates an RV to the media server 103, determines a first Key by using the first RC, the RM, and the RV through a preset secret sharing algorithm, and then encrypts the first RC and the first Key by using a preset private Key to obtain first encrypted data. The management platform 102 transmits the first encrypted data to the client 101. The client 101 obtains a preset public Key in advance, and after receiving the first encrypted data, decrypts the first encrypted data by using the preset public Key to obtain the first RC and the first Key.
The management platform 102 allocates a first RC to the client 101, allocates an RM to the management platform 102, allocates an RV to the media server 103, determines a first Key by using the first RC, the RM, and the RV through a preset secret sharing algorithm, and then encrypts the RM, the RV, and the first Key by using a preset private Key to obtain second encrypted data. The management platform 102 sends the second encrypted data to the media server 103. The media server 103 obtains a preset public Key in advance, and after receiving the first encrypted data, decrypts the second encrypted data by using the preset public Key to obtain the RM, the RV, and the first Key.
The client 101 is configured to encrypt the first RC by using the first Key to obtain an encrypted RC; a first media data request carrying the encrypted RC and the target media data identifier is sent to the media server 103.
In the embodiment of the application, when the client 101 acquires the media data, the first Key and the first RC are acquired, and the first RC is encrypted by using the first Key to obtain the encrypted RC. The client 101 sends a first media data request to the media server 103. The first media data request carries the encrypted RC and the target media data identifier.
The media server 103 is configured to receive a first media data request; decrypting the encrypted RC by using the first Key to obtain a second RC; determining a second Key according to the second RC, the RM and the RV and a preset secret sharing algorithm; judging whether the first Key and the second Key are the same; if the encrypted media data is the same as the target media data, the encrypted media data corresponding to the target media data identifier is obtained, and the encrypted media data is sent to the client 101.
In this embodiment of the application, the media server 103 receives a first media data request sent by the client 101, and the encrypted RC and the target media data identifier are obtained in the first media data request. The media server 103 obtains the first Key, and decrypts the encrypted RC using the first Key to obtain the second RC. The media server 103 determines a second Key through a preset secret sharing algorithm by using the second RC, RM, and RV. The media server 103 determines whether the first Key and the second Key are the same. If the first Key and the second Key are the same, the media server 103 may determine that the client 101 is a valid client, acquire the encrypted media data corresponding to the target media data identifier, and send the encrypted media data to the client 101.
In one embodiment, if the first Key and the second Key are different, the media server 103 may determine that the client 101 is an illegal client, and discard the first media data request.
The client 101 is configured to receive encrypted media data; and decrypting the encrypted media data by using the first Key to obtain the target media data.
In the embodiment of the present application, the client 101 receives encrypted media data sent by the media server 103. The client 101 acquires the first Key, and decrypts the encrypted media data by using the first Key to obtain the target media data. The client 101 presents or caches the target media data.
In the media data transmission system provided by the embodiment of the application, each device in the media data transmission system encrypts the media data by using the same key, does not need to perform multiple key negotiations, and encrypts the media data only once, thereby effectively improving the efficiency of media data transmission. In addition, the media server verifies the client by using the first Key and the preset secret sharing algorithm, so that the client can be effectively prevented from being counterfeited, and the network security is improved.
In this embodiment, the media server 103 may acquire the encrypted media data in different manners.
In an embodiment of the present application, if the first media data request is a video playback request or other request for obtaining historical media data, the media server 103 obtains target media data corresponding to the target media data identifier from the media data cached in the media server 103. The media server 103 encrypts the target media data by using the first Key to obtain encrypted media data; the encrypted media data is sent to the client 101.
For example, the media server 103 obtains the target media data corresponding to the target media data identifier from the media data cached in the media server 103. The media server 103 encrypts the target media data by using the first Key to obtain encrypted media data; the encrypted media data is sent to the client 101.
In another embodiment of the present application, the media data transmission system shown with reference to fig. 2 may further include a front-end device 104. Based on the media data transmission system, the management platform 102 may be further configured to allocate a first RI to the front-end device 104; determining a first Key by utilizing the first RC, the RM, the RV, the first RI and a preset secret sharing algorithm; the first RI and the first Key are sent to the front-end device 104.
In one embodiment, in order to improve the security of key transmission, based on the media data transmission system shown in fig. 2, the management platform 102 synchronizes the preset public key to the client 101, the media server 103 and the front-end device 104. The management platform 102 allocates a first RC to the client 101, allocates an RM to the management platform 102, allocates an RV to the media server 103, allocates a first RI to the front-end device 104, and uses the first RC, the RM, the RV, and the RI to encrypt the first RI and the first Key by using a preset private Key after determining the first Key by using a preset secret sharing algorithm, so as to obtain third encrypted data. The management platform 102 sends the third encrypted data to the front-end device 104. The front-end device 104 obtains a preset public Key in advance, and after receiving the third encrypted data, decrypts the third encrypted data by using the preset public Key to obtain the first RI and the first Key.
Based on the media data transmission system shown in fig. 2, if the first media data request is a live request or other request for acquiring real-time media data, the process of acquiring encrypted media data by the media server 103 is as follows.
The media server 103 sends a second media data request carrying the target media data identifier to the front-end device 104.
The front-end device 104 receives the second media data request. The front-end device 104 acquires the target media data identifier from the second media data request. The front-end device 104 obtains the target media data corresponding to the target media data identifier in real time. The front-end device 104 obtains the first Key, and encrypts the target media data by using the first Key to obtain the encrypted media data. The front-end device 104 encrypts the first RI by using the first Key to obtain an encrypted RI. The front-end device 104 sends the encrypted RI and the encrypted media data to the media server 103;
the media server 103 receives the encrypted RI and the encrypted media data. The media server 103 obtains the first Key, and decrypts the encrypted RI using the first Key to obtain the second RI. The media server 103 determines a third Key according to the second RI, RM, and RV by using a preset secret sharing algorithm. The media server 103 determines whether the first Key and the third Key are the same. If the first Key is the same as the third Key, the media server 103 determines that the front-end device 104 is a legal front-end device, and sends the encrypted media data to the client.
If the first Key and the third Key are different, the media server 103 determines that the front-end device 104 is an illegal front-end device, and may discard the encrypted media data.
In the embodiment of the application, after the media server 103 acquires the encrypted media data, the first Key and the preset secret sharing algorithm are used to verify the front-end device, so that the front-end device can be effectively prevented from being counterfeited, and the network security is improved.
The following describes a media data transmission process provided by the embodiment of the present application with reference to the media data transmission system shown in fig. 2 and a signaling diagram of media data transmission shown in fig. 3. When the management platform 102 is started, a public key 1 of the RSA2048 algorithm and a private key 1 corresponding to the public key 1 are prefabricated.
In step 301, the client 101 sends a live request to the management platform 102.
In step 302, the management platform 102 sends the public key 1 to the client 101.
In step 303, the management platform 102 generates 4 random numbers. Specifically, the 4 random numbers include: RC assigned to client 1011RMs assigned to the management platform 1021RV assigned for media server 1031RI assigned to the headend 1041
The execution order of steps 302 and 303 is not limited in the embodiments of the present application.
Step 304, the management platform 102 utilizes the RC1、RM1、RV1And RI1Generating Key for encrypting media data by presetting Shamir secret sharing algorithm1
Step 305, the management platform 102 utilizes private Key 1 to Key1And RC1The encryption processing is performed to obtain first encrypted data, and the first encrypted data is sent to the client 101.
Step 306, the client 101 decrypts the first encrypted data by using the public Key 1 to obtain Key1And RC1
In step 307, the management platform 102 forwards the live request to the media server 103.
The media server 103 sends a public key request to the management platform 102, step 308.
The public key request is used for requesting to obtain a public key.
In step 309, the management platform 102 sends the public key 1 to the media server 103.
Step 310, the management platform 102 uses the private Key 1 to match Key1、RM1And RV1Performs encryption processing to obtain second encrypted data, and sends the second encrypted data to the media server 103.
In step 311, the media server 103 utilizes the public key 1 pairThe second encrypted data is decrypted to obtain Key1、RM1And RV1
The media server 103 forwards the live request to the front-end device 104, step 312.
In step 313, the front-end device 104 sends a request response to the live request to the media server 103.
The media server 103 establishes a connection with the head-end 104 based on the request response. At this time, the front-end device 104 may transmit the media data collected in real time to the media server 103.
At step 314, the front-end device 104 sends a public key request to the management platform 102.
In step 315, the management platform 102 sends the public key 1 to the front-end device 104.
Step 316, the management platform 102 pairs Key with private Key 11And RI1And performing encryption processing to obtain third encrypted data, and sending the third encrypted data to the front-end device 104.
Step 317, the front-end device 104 decrypts the third encrypted data by using the public Key 1 to obtain the Key1And RI1
Step 318, the client 101 utilizes Key1To RC1Performing encryption processing to obtain an encrypted RC1
In step 319, the client 101 sends a media data request 11 to the media server 103. The media data request 11 includes: encrypted RC1And a target media data identification.
In step 320, the media server 103 obtains the encrypted RC from the media data request 111By means of Key1For encryption RC1Carrying out decryption processing to obtain RC1'。
Step 321, the media server 103 utilizes the RC1'、RM1And RV1Obtaining Key by presetting Shamir secret sharing algorithm1'。
Step 322, media server 103 determines Key1And Key1Whether or not' is the same. If so, go to step 324. If not, go to step 323.
In step 323, the media server 103 determines that the client 101 is an illegal client, and discards the media data request 11.
In step 324, the media server 103 determines that the client 101 is a valid client, and sends the media data request 12 to the front-end device 104. The media data request 12 includes: and identifying the target media data.
Step 325, the front-end device 104 collects the target media data corresponding to the target media data identifier in real time, and utilizes Key1Encrypting the target media data to obtain encrypted media data, and utilizing Key1For RI1Performing encryption processing to obtain encrypted RI1
In step 326, the headend device 104 sends the encrypted RI to the media server 1031And encrypting the media data.
Step 327, media Server 103 utilizes Key1For encryption RI1Decryption processing is carried out to obtain RI1'。
Step 328, the media server 103 utilizes the RI1'、RM1And RV1Obtaining Key by presetting Shamir secret sharing algorithm1”。
Step 329, media server 103 determines Key1And Key1"is the same. If yes, go to step 331. If not, go to step 330.
In step 330, the media server 103 determines that the front-end device 104 is an illegal front-end device, and discards the encrypted media data.
In step 331, the media server 103 determines that the front-end device 104 is a valid front-end device, and sends the encrypted media data to the client 101.
Step 332, client 101 utilizes Key1And decrypting the encrypted media data to obtain the target media data.
At this time, the client 101 may present the target media data.
The following describes a media data transmission process provided by the embodiment of the present application with reference to the media data transmission system shown in fig. 2 and another signaling diagram for media data transmission shown in fig. 4. When the management platform 102 is started, a public key 1 of the RSA2048 algorithm and a private key 1 corresponding to the public key 1 are prefabricated.
In step 401, the client 101 sends a video playback request to the management platform 102.
In step 402, the management platform 102 sends the public key 1 to the client 101.
In step 403, the management platform 102 generates 4 random numbers. Specifically, the 4 random numbers include: RC assigned to client 1012RMs assigned to the management platform 1022RV assigned for media server 1032RI assigned to the headend 1042
In step 404, the management platform 102 utilizes the RC2、RM2、RV2And RI2Generating Key for encrypting media data by presetting Shamir secret sharing algorithm2
Step 405, the management platform 102 pairs Key with private Key 12And RC2The encryption processing is performed to obtain first encrypted data, and the first encrypted data is sent to the client 101.
Step 406, the client 101 decrypts the first encrypted data by using the public Key 1 to obtain Key2And RC2
In step 407, the management platform 102 forwards the video playback request to the media server 103.
The media server 103 sends a public key request to the management platform 102, step 408.
In step 409, the management platform 102 sends the public key 1 to the media server 103.
Step 410, the management platform 102 utilizes private Key 1 to Key2、RM2And RV2Performs encryption processing to obtain second encrypted data, and sends the second encrypted data to the media server 103.
In step 411, the media server 103 decrypts the second encrypted data with the public Key 1 to obtain Key2、RM2And RV2
Step 412, client 101 utilizes Key2To RC2Performing encryption processing to obtain an encrypted RC2
In step 413, the client 101 sends a media data request 21 to the media server 103. The media data request 21 includes: encrypted RC1And a target media data identification.
In step 414, the media server 103 obtains the encrypted RC from the media data request 212By means of Key2For encryption RC2Carrying out decryption processing to obtain RC2'。
In step 415, the media server 103 utilizes the RC2'、RM2And RV2Obtaining Key by presetting Shamir secret sharing algorithm2'。
Step 416, the media server 103 determines Key2And Key2Whether or not' is the same. If so, step 418 is performed. If not, go to step 417.
In step 417, the media server 103 determines that the client 101 is an illegal client, and discards the media data request 21.
Step 418, the media server 103 determines that the client 101 is a valid client, and obtains target media data corresponding to the target media data identifier from the locally cached media data; by means of keys2And encrypting the target media data to obtain encrypted media data.
In step 419, the media server 103 transmits the encrypted media data to the client 101.
Step 420, client 101 utilizes Key2And decrypting the encrypted media data to obtain the target media data.
At this time, the client 101 may present the target media data.
The descriptions of the steps 301-332 and 401-421 are relatively simple, and refer to the descriptions of fig. 1-2.
Based on the media data transmission system, the embodiment of the application also provides a media data transmission method. Referring to fig. 5, fig. 5 is a schematic flowchart of a media data transmission method provided in an embodiment of the present application, where the method is applied to a media server included in a media data transmission system, and the media data transmission system further includes a client and a management platform. The method comprises the following steps.
Step 501, receiving a first media data request sent by a client, where the first media data request includes an encrypted RC and a target media data identifier, and the encrypted RC is obtained by encrypting, by the client, a first RC allocated by a management platform for the client.
And 502, decrypting the encrypted RC by using the first Key to obtain a second RC. The first Key is a Key determined by a preset secret sharing algorithm, wherein the first RC, the RM distributed by the management platform for the management platform and the RV distributed by the management platform for the media server are utilized.
And step 503, determining a second Key according to the second RC, RM and RV and a preset secret sharing algorithm.
Step 504, determine whether the first Key and the second Key are the same. If yes, go to step 505.
And 505, acquiring the encrypted media data corresponding to the target media data identifier, and sending the encrypted media data to the client.
In an optional embodiment, the step 505 of obtaining the encrypted media data corresponding to the target media data identifier and sending the encrypted media data to the client may be: the media server acquires target media data corresponding to the target media data identifier from the locally cached media data; encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
In another optional embodiment, the media data transmission system may further include a front-end device. At this time, the step 505 obtains the encrypted media data corresponding to the target media data identifier, and sends the encrypted media data to the client, which may be: the media server sends a second media data request carrying the target media data identifier to the front-end equipment; receiving encrypted RI and encrypted media data sent by front-end equipment, wherein the encrypted RI is obtained by the front-end equipment through encrypting the first RI by using a first Key, and the encrypted media data is obtained by the front-end equipment through encrypting target media data by using the first Key; decrypting the encrypted RI by using the first Key to obtain a second RI; determining a third Key according to the second RI, RM and RV and a preset secret sharing algorithm; judging whether the first Key and the third Key are the same; and if the encrypted media data are the same, sending the encrypted media data to the client.
In an embodiment of the application, before receiving a first media data request sent by a client, a media server receives a preset public key sent by a management platform; receiving encrypted data sent by a management platform, wherein the encrypted data is obtained by the management platform through encrypting RM, RV and a first Key by using a preset private Key corresponding to a preset public Key; and decrypting the encrypted data by using a preset public Key to obtain the RM, the RV and the first Key.
According to the media data transmission system, the media data transmission method and the media data transmission device, each device in the media data transmission system adopts the same secret key to encrypt the media data, multiple times of secret key negotiation is not needed, the media data are only encrypted once, and the efficiency of media data transmission is effectively improved. In addition, the media server verifies the client by using the first Key and the preset secret sharing algorithm, so that the client can be effectively prevented from being counterfeited, and the network security is improved.
Based on the media data transmission method, the embodiment of the application also provides a media data transmission device. Referring to fig. 6, fig. 6 is a schematic structural diagram of a media data transmission apparatus according to an embodiment of the present application. The device includes:
the receiving unit 601 is configured to receive a first media data request sent by a client, where the first media data request includes an encrypted RC and a target media data identifier, and the encrypted RC is obtained by encrypting, by the client, a first RC that is allocated to the client by a management platform;
a decryption unit 602, configured to decrypt the encrypted RC using the first Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm, wherein the first RC, the RM distributed by the management platform for the management platform and the RV distributed by the management platform for the media server are utilized;
a determining unit 603, configured to determine a second Key according to the second RC, RM, and RV and a preset secret sharing algorithm;
a judging unit 604, configured to judge whether the first Key and the second Key are the same;
a sending unit 605, configured to obtain the encrypted media data corresponding to the target media data identifier if the first Key is the same as the second Key, and send the encrypted media data to the client.
In an optional embodiment, the sending unit 605 may specifically be configured to:
acquiring target media data corresponding to the target media data identifier from the locally cached media data; encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
In an optional embodiment, the media data transmission system may further include a front-end device;
the sending unit may be specifically configured to send a second media data request carrying the target media data identifier to the front-end device; receiving encrypted RI and encrypted media data sent by front-end equipment, wherein the encrypted RI is obtained by the front-end equipment through encrypting the first RI by using a first Key, and the encrypted media data is obtained by the front-end equipment through encrypting target media data by using the first Key; decrypting the encrypted RI by using the first Key to obtain a second RI; determining a third Key according to the second RI, RM and RV and a preset secret sharing algorithm; judging whether the first Key and the third Key are the same; and if the encrypted media data are the same, sending the encrypted media data to the client.
In an optional embodiment, the media data transmission apparatus may further include:
the receiving unit 601 may be further configured to receive a preset public key sent by the management platform before receiving the first media data request sent by the client; receiving encrypted data sent by a management platform, wherein the encrypted data is obtained by the management platform through encrypting RM, RV and a first Key by using a preset private Key corresponding to a preset public Key;
the decryption unit 602 may further be configured to decrypt the encrypted data by using a preset public Key to obtain the RM, the RV, and the first Key.
According to the media data transmission system, the media data transmission method and the media data transmission device, each device in the media data transmission system adopts the same secret key to encrypt the media data, multiple times of secret key negotiation is not needed, the media data are only encrypted once, and the efficiency of media data transmission is effectively improved. In addition, the media server verifies the client by using the first Key and the preset secret sharing algorithm, so that the client can be effectively prevented from being counterfeited, and the network security is improved.
Based on the above media data transmission method, an embodiment of the present application further provides a server, as shown in fig. 7, including a processor 701 and a memory 702. A memory 702 for storing a computer program; the processor 701 is configured to implement the following steps when executing the program stored in the memory 702:
receiving a first media data request sent by a client, wherein the first media data request comprises an encrypted RC and a target media data identifier, and the encrypted RC is obtained by encrypting a first RC distributed by a management platform for the client by the client;
decrypting the encrypted RC by using the first Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm, wherein the first RC, the RM distributed by the management platform for the management platform and the RV distributed by the management platform for the media server are utilized;
determining a second Key according to the second RC, the RM and the RV and a preset secret sharing algorithm;
judging whether the first Key and the second Key are the same;
and if the encrypted media data are the same as the target media data, acquiring the encrypted media data corresponding to the target media data identifier, and sending the encrypted media data to the client.
According to the media data transmission system, the media data transmission method and the media data transmission device, each device in the media data transmission system adopts the same secret key to encrypt the media data, multiple times of secret key negotiation is not needed, the media data are only encrypted once, and the efficiency of media data transmission is effectively improved. In addition, the media server verifies the client by using the first Key and the preset secret sharing algorithm, so that the client can be effectively prevented from being counterfeited, and the network security is improved.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided herein, there is also provided a machine-readable storage medium having stored therein machine-executable instructions executable by a processor, the machine-executable instructions when executed by the processor implementing the steps of:
receiving a first media data request sent by a client, wherein the first media data request comprises an encrypted RC and a target media data identifier, and the encrypted RC is obtained by encrypting a first RC distributed by a management platform for the client by the client;
decrypting the encrypted RC by using the first Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm, wherein the first RC, the RM distributed by the management platform for the management platform and the RV distributed by the management platform for the media server are utilized;
determining a second Key according to the second RC, the RM and the RV and a preset secret sharing algorithm;
judging whether the first Key and the second Key are the same;
and if the encrypted media data are the same as the target media data, acquiring the encrypted media data corresponding to the target media data identifier, and sending the encrypted media data to the client.
According to the media data transmission system, the media data transmission method and the media data transmission device, each device in the media data transmission system adopts the same secret key to encrypt the media data, multiple times of secret key negotiation is not needed, the media data are only encrypted once, and the efficiency of media data transmission is effectively improved. In addition, the media server verifies the client by using the first Key and the preset secret sharing algorithm, so that the client can be effectively prevented from being counterfeited, and the network security is improved.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the media data transmission method, the media data transmission apparatus, the server and the machine-readable storage medium, since they are substantially similar to the embodiments of the media data transmission system, the description is simple, and the relevant points can be referred to the partial description of the embodiments of the media data transmission system.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (12)

1. A media data transmission system is characterized in that the system comprises a client, a management platform and a media server;
the management platform distributes a first client random number RC for the client, distributes a management random number RM for the management platform and distributes a media random number RV for the media server; determining a first Key of a secret Key by using the first RC, the RM, the RV and a preset secret sharing algorithm; sending the first RC and the first Key to the client; sending the RM, the RV and the first Key to the media server;
the client side encrypts the first RC by using the first Key to obtain an encrypted RC; sending a first media data request carrying the encrypted RC and a target media data identifier to the media server;
the media server receives the first media data request; decrypting the encrypted RC by using the first Key to obtain a second RC; determining a second Key according to the second RC, the RM, the RV and the preset secret sharing algorithm; judging whether the first Key and the second Key are the same; if the encrypted media data are the same as the target media data, acquiring encrypted media data corresponding to the target media data identifier, and sending the encrypted media data to the client;
the client receives the encrypted media data; and decrypting the encrypted media data by using the first Key to obtain the target media data.
2. The system according to claim 1, wherein the media server obtains target media data corresponding to the target media data identifier from locally cached media data; encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
3. The system of claim 1, further comprising a front-end device;
the management platform distributes a first RI of the front-end random data to the front-end equipment; determining a first Key by using the first RC, the RM, the RV and the first RI, and a preset secret sharing algorithm; and sending the first RI and the first Key to the front-end equipment.
4. The system of claim 3,
the media server sends a second media data request carrying the target media data identifier to the front-end equipment;
the front-end equipment receives the second media data request; acquiring target media data corresponding to the target media data identifier; encrypting the target media data by using the first Key to obtain encrypted media data; encrypting the first RI by using the first Key to obtain an encrypted RI; sending the encrypted RI and the encrypted media data to the media server;
the media server receives the encrypted RI and the encrypted media data; decrypting the encrypted RI by using the first Key to obtain a second RI; determining a third Key according to the second RI, the RM, the RV and the preset secret sharing algorithm; judging whether the first Key and the third Key are the same; and if the encrypted media data are the same, sending the encrypted media data to the client.
5. The system according to claim 3 or 4, wherein the management platform sends preset public keys to the client, the media server and the front-end device respectively; encrypting the first RC and the first Key by using a preset private Key corresponding to the preset public Key to obtain first encrypted data, and sending the first encrypted data to the client; encrypting the RM, the RV and the first Key by using the preset private Key to obtain second encrypted data, and sending the second encrypted data to the media server; encrypting the RI and the first Key by using the preset private Key to obtain third encrypted data, and sending the third encrypted data to the front-end equipment;
the client receives the first encrypted data, and decrypts the first encrypted data by using the preset public Key to obtain the first RC and the first Key;
the media server receives the second encrypted data, and decrypts the second encrypted data by using the preset public Key to obtain the RM, the RV and the first Key;
and the front-end equipment receives the third encrypted data, and decrypts the third encrypted data by using the preset public Key to obtain the first RI and the first Key.
6. A media data transmission method is characterized in that the method is applied to a media server included in a media data transmission system, and the media data transmission system also comprises a client and a management platform; the method comprises the following steps:
receiving a first media data request sent by the client, wherein the first media data request comprises a client random number encryption (RC) and a target media data identifier, and the encryption RC is obtained by encrypting a first RC distributed by the management platform for the client by using a Key first Key sent by the management platform;
decrypting the encrypted RC by using a first Key of a secret Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm by using the first RC, a management random number RM distributed by the management platform for the management platform, and a media random number RV distributed by the management platform for the media server;
determining a second Key according to the second RC, the RM, the RV and the preset secret sharing algorithm;
judging whether the first Key and the second Key are the same;
if the encrypted media data is the same as the target media data, acquiring encrypted media data corresponding to the target media data identifier, and sending the encrypted media data to the client, wherein the encrypted media data is obtained by encrypting the target media data corresponding to the target media data identifier by using the first Key.
7. The method according to claim 6, wherein the step of obtaining the encrypted media data corresponding to the target media data identifier comprises:
acquiring target media data corresponding to the target media data identifier from locally cached media data;
encrypting the target media data by using the first Key to obtain encrypted media data; and sending the encrypted media data to the client.
8. The method of claim 6, wherein the media data transmission system further comprises a front-end device;
the step of obtaining the encrypted media data corresponding to the target media data identifier and sending the encrypted media data to the client comprises:
sending a second media data request carrying the target media data identifier to the front-end equipment;
receiving a front-end random data encryption RI and encrypted media data sent by the front-end equipment, wherein the encryption RI is obtained by encrypting the first RI by the front-end equipment by using the first Key, and the encrypted media data is obtained by encrypting the target media data by the front-end equipment by using the first Key;
decrypting the encrypted RI by using the first Key to obtain a second RI;
determining a third Key according to the second RI, the RM, the RV and the preset secret sharing algorithm;
judging whether the first Key and the third Key are the same;
and if the encrypted media data are the same, sending the encrypted media data to the client.
9. The method of claim 6, wherein prior to receiving the first media data request sent by the client, the method further comprises:
receiving a preset public key sent by the management platform;
receiving encrypted data sent by the management platform, wherein the encrypted data is obtained by the management platform encrypting the RM, the RV and the first Key by using a preset private Key corresponding to the preset public Key;
and decrypting the encrypted data by using the preset public Key to obtain the RM, the RV and the first Key.
10. The media data transmission device is applied to a media server included in a media data transmission system, and the media data transmission system further comprises a client and a management platform; the device comprises:
a receiving unit, configured to receive a first media data request sent by the client, where the first media data request includes a client random number encryption RC and a target media data identifier, and the encryption RC is obtained by performing encryption processing on a first RC allocated by the management platform to the client by using a Key first Key sent by the management platform by the client;
the decryption unit is used for decrypting the encrypted RC by using the first Key of the Key to obtain a second RC; the first Key is a Key determined by a preset secret sharing algorithm by using the first RC, a management random number RM distributed by the management platform for the management platform, and a media random number RV distributed by the management platform for the media server;
a determining unit, configured to determine a second Key according to the second RC, the RM, the RV, and the preset secret sharing algorithm;
a judging unit, configured to judge whether the first Key and the second Key are the same;
and the sending unit is configured to, if the first Key and the second Key are the same, obtain encrypted media data corresponding to the target media data identifier, and send the encrypted media data to the client, where the encrypted media data is obtained by encrypting the target media data corresponding to the target media data identifier with the first Key.
11. A server, comprising a processor and a memory; wherein, the memory is used for storing computer programs; the processor, when executing the program stored in the memory, is adapted to perform the method steps of any of claims 6-9.
12. A machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method steps of any one of claims 6 to 9.
CN201910591517.5A 2019-07-02 2019-07-02 Media data transmission system, method and device Active CN110505531B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910591517.5A CN110505531B (en) 2019-07-02 2019-07-02 Media data transmission system, method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910591517.5A CN110505531B (en) 2019-07-02 2019-07-02 Media data transmission system, method and device

Publications (2)

Publication Number Publication Date
CN110505531A CN110505531A (en) 2019-11-26
CN110505531B true CN110505531B (en) 2021-04-16

Family

ID=68585891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910591517.5A Active CN110505531B (en) 2019-07-02 2019-07-02 Media data transmission system, method and device

Country Status (1)

Country Link
CN (1) CN110505531B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111586066B (en) * 2020-05-12 2022-08-12 上海依图网络科技有限公司 Method and device for encrypting multimedia data

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101702725A (en) * 2009-11-12 2010-05-05 清华大学 System, method and device for transmitting streaming media data
CN102739687A (en) * 2012-07-09 2012-10-17 广州杰赛科技股份有限公司 Application service network access method and system based on identifier
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television
CN104244026A (en) * 2014-09-04 2014-12-24 浙江宇视科技有限公司 Secret key distribution device in video monitoring system
CN105141568A (en) * 2014-05-28 2015-12-09 腾讯科技(深圳)有限公司 Safe communication channel establishment method and system, client and server
CN107404461A (en) * 2016-05-19 2017-11-28 阿里巴巴集团控股有限公司 Data safe transmission method, client and service end method, apparatus and system
CN108650526A (en) * 2018-05-18 2018-10-12 武汉斗鱼网络科技有限公司 A kind of recognition methods, computer equipment and storage medium
CN109905627A (en) * 2019-02-13 2019-06-18 视联动力信息技术股份有限公司 A kind of method and apparatus of audio/video flow data recording

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110066857A1 (en) * 2001-06-22 2011-03-17 Probst David K Method for secure delivery of digital content
US9721244B2 (en) * 2013-03-15 2017-08-01 Maher Pedersoli Authentication system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101702725A (en) * 2009-11-12 2010-05-05 清华大学 System, method and device for transmitting streaming media data
CN102739687A (en) * 2012-07-09 2012-10-17 广州杰赛科技股份有限公司 Application service network access method and system based on identifier
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television
CN105141568A (en) * 2014-05-28 2015-12-09 腾讯科技(深圳)有限公司 Safe communication channel establishment method and system, client and server
CN104244026A (en) * 2014-09-04 2014-12-24 浙江宇视科技有限公司 Secret key distribution device in video monitoring system
CN107404461A (en) * 2016-05-19 2017-11-28 阿里巴巴集团控股有限公司 Data safe transmission method, client and service end method, apparatus and system
CN108650526A (en) * 2018-05-18 2018-10-12 武汉斗鱼网络科技有限公司 A kind of recognition methods, computer equipment and storage medium
CN109905627A (en) * 2019-02-13 2019-06-18 视联动力信息技术股份有限公司 A kind of method and apparatus of audio/video flow data recording

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
安全的无线视频监控系统研究与设计;张群芳;《中国优秀硕士学位论文全文数据库--信息科技辑》;20120315;I140-963 *

Also Published As

Publication number Publication date
CN110505531A (en) 2019-11-26

Similar Documents

Publication Publication Date Title
CN111585749B (en) Data transmission method, device, system and equipment
TWI510066B (en) Systems and methods for securely streaming media content
WO2017020452A1 (en) Authentication method and authentication system
CN108111497B (en) Mutual authentication method and device for camera and server
US11831753B2 (en) Secure distributed key management system
CN110276000B (en) Method and device for acquiring media resources, storage medium and electronic device
CN104836784B (en) A kind of information processing method, client and server
CN104219228A (en) User registration and user identification method and user registration and user identification system
CN113114668B (en) Information transmission method, mobile terminal, storage medium and electronic equipment
CN108809940B (en) Interactive encryption method for power grid system server and client
CN105491409B (en) Enhance CA system in a kind of digital television system
CN105491073B (en) Data downloading method, device and system
CN108092761B (en) Secret key management method and system based on RSA and 3DES
CN105447715A (en) Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party
WO2018090967A1 (en) Secure data transmission method and system based on eoc network
CN111355921A (en) Video conference encryption method and system
CN110505531B (en) Media data transmission system, method and device
CN108206961B (en) Method for calculating popularity of live broadcast platform and related equipment
CN113886793A (en) Device login method, device, electronic device, system and storage medium
CN112860790A (en) Data management method, system and device
CN108429621B (en) Identity verification method and device
CN114640524B (en) Method, apparatus, device and medium for processing transaction replay attack
CN105100030B (en) Access control method, system and device
JP4871253B2 (en) Delayed access control method and system
CN114615087A (en) Data sharing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant