CN111372056A - Video data encryption and decryption processing method and device - Google Patents
Video data encryption and decryption processing method and device Download PDFInfo
- Publication number
- CN111372056A CN111372056A CN202010225347.1A CN202010225347A CN111372056A CN 111372056 A CN111372056 A CN 111372056A CN 202010225347 A CN202010225347 A CN 202010225347A CN 111372056 A CN111372056 A CN 111372056A
- Authority
- CN
- China
- Prior art keywords
- key
- code stream
- video
- symmetric key
- symmetric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 15
- 238000000034 method Methods 0.000 claims abstract description 40
- 238000012544 monitoring process Methods 0.000 claims description 79
- 238000004590 computer program Methods 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 14
- 238000004806 packaging method and process Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000005538 encapsulation Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N5/00—Details of television systems
- H04N5/76—Television signal recording
- H04N5/91—Television signal processing therefor
- H04N5/913—Television signal processing therefor for scrambling ; for copy protection
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention provides a video data encryption and decryption processing method and a device, wherein the method is based on asymmetric encryption symmetric cipher, avoids the risk of cipher leakage, encrypts video data by a symmetric cipher key, firstly sends a cipher key information frame, after the code stream data frame is sent, the network platform can decrypt the code stream data frame received later based on the decrypted symmetric key, until the updated symmetric key is received again, the code stream data frame received after decryption according to the updated symmetric key is not received again, thereby ensuring the corresponding relation between the symmetric key and the code stream data frame, namely, the symmetric key is used for decoding the code stream data frame, the risk of leakage of the key of the negotiated encrypted video key in the related technology can be solved, and if a plurality of video encryption keys exist in the process, the problem of synchronization between the keys and the video data cannot be processed friendly.
Description
Technical Field
The invention relates to the field of video monitoring, in particular to a video data encryption and decryption processing method and device.
Background
With the wider and wider application of video monitoring, the requirements on privacy protection and data security are higher and higher, and the encryption and decryption of the code stream data monitored by the video is a technical means for directly and effectively protecting the data and the privacy.
Related art encryption and decryption are typically based on secure transmission links, such as TLS, which is too performance-intensive, inefficient, and inflexible with respect to key management.
In the related art, a special Key Management System (KMS) is also proposed, a double key is used, namely a video encryption key and a key for encrypting a video key, a monitoring platform and a monitoring camera negotiate the key for encrypting the video key before code stream transmission in the implementation process, then the monitoring camera encrypts the video by using the video encryption key, encrypts the video encryption key by using the key for encrypting the video key, and transmits the encrypted video encryption key and the video encryption key to the monitoring platform together. The monitoring platform decrypts the video encryption key by using the key for encrypting the video key, and then decrypts the video data by using the decrypted video encryption key. The method has the risk of leakage when the key for encrypting the video key is negotiated, and the problem of synchronization between the key and the video data cannot be processed friendly if a plurality of video encryption keys exist in the process, namely which key manages which part of data.
Aiming at the problems that in the related art, the key for negotiating the video encryption key is leaked, and the key and video data cannot be synchronized in a friendly way if a plurality of video encryption keys exist in the process, no solution is provided.
Disclosure of Invention
The embodiment of the invention provides a video data encryption and decryption processing method and device, which are used for at least solving the problems that in the related technology, the risk of leakage exists in the key for negotiating the encrypted video key, and the synchronization between the key and the video data cannot be processed in a friendly way if a plurality of video encryption keys exist in the process.
According to an embodiment of the present invention, there is provided a video data encryption processing method including:
receiving a request message for acquiring a video code stream sent by a monitoring platform, wherein the request message carries a public key in an asymmetric encryption mode;
acquiring a symmetric key according to the request message, and encrypting the symmetric key through the public key to obtain a key information frame;
encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
and sending the key information frame to the monitoring platform, and then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, after sending the key information frame to the monitoring platform and then sending the encrypted code stream data frame to the monitoring platform, the method further includes:
updating the symmetric key at a predetermined time period;
and encrypting the updated symmetric key through the public key in each preset time period to obtain an updated key information frame.
Optionally, the method further comprises:
encrypting the collected video code stream according to the updated symmetric key to obtain an encrypted code stream data frame;
and sending the updated key information frame and the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the updated key information frame by using a private key corresponding to the public key to obtain an updated symmetric key, and decrypts the encrypted code stream data frame according to the updated symmetric key to obtain the video code stream.
Optionally, before sending the key information frame to the monitoring platform and then sending the encrypted code stream data frame to the monitoring platform, the method further includes:
and packaging the video code stream and the key information frame by using the same packaging head.
According to another embodiment of the present invention, there is also provided a video data decryption processing method including:
sending a request message for acquiring a video code stream to a network camera, wherein the request message carries a public key in an asymmetric encryption mode;
receiving a key information frame and an encrypted code stream data frame sent by the network camera, wherein the key information frame is obtained by encrypting an acquired symmetric key by the network camera by using the public key, and the encrypted code stream data frame is obtained by encrypting an acquired video code stream by the network camera by using the symmetric key;
decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
and decrypting the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, after decrypting the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream, the method further includes:
receiving an updated key information frame and an encrypted code stream data frame sent by the network camera, wherein the updated key information frame is obtained by encrypting a collected video code stream by the network camera according to an updated symmetric key, and the updated symmetric key is updated by the network camera in a preset time period;
decrypting the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key;
and decrypting the encrypted code stream data frame received later according to the updated symmetric key to obtain the video code stream.
According to another embodiment of the present invention, there is also provided a video data encryption processing apparatus including:
the first receiving module is used for receiving a request message for acquiring a video code stream, wherein the request message carries a public key in an asymmetric encryption mode, and the request message is sent by a monitoring platform;
the acquisition module is used for acquiring a symmetric key according to the request message and encrypting the symmetric key through the public key to obtain a key information frame;
the first encryption module is used for encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
and the first sending module is used for sending the key information frame to the monitoring platform, then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, the apparatus further comprises:
an updating module for updating the symmetric key at a predetermined time period;
and the second encryption module is used for encrypting the updated symmetric key through the public key in each preset time period to obtain an updated key information frame.
Optionally, the apparatus further comprises:
the third encryption module is used for encrypting the collected video code stream according to the updated symmetric key to obtain an encrypted code stream data frame;
and the second sending module is used for sending the updated key information frame and the encrypted code stream data frame to the monitoring platform so that the monitoring platform decrypts the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key, and decrypts the encrypted code stream data frame according to the updated symmetric key to obtain the video code stream.
Optionally, the apparatus further comprises:
and the encapsulation module is used for encapsulating the video code stream and the key information frame by using the same encapsulation head.
According to another embodiment of the present invention, there is also provided a video data decryption processing apparatus including:
the third sending module is used for sending a request message for acquiring the video code stream to the network camera, wherein the request message carries a public key in an asymmetric encryption mode;
a second receiving module, configured to receive a key information frame and an encrypted code stream data frame sent by the network camera, where the key information frame is obtained by encrypting an acquired symmetric key by using the public key by the network camera, and the encrypted code stream data frame is obtained by encrypting an acquired video code stream by using the symmetric key by the network camera;
the first decryption module is used for decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
and the second decryption module is used for decrypting the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, the apparatus further comprises:
a third receiving module, configured to receive an updated key information frame and an encrypted code stream data frame sent by the network camera, where the updated key information frame is obtained by the network camera encrypting a collected video code stream according to an updated symmetric key, and the updated symmetric key is updated by the network camera at a predetermined time period;
the third decryption module is used for decrypting the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key;
and the fourth decryption module is used for decrypting the encrypted code stream data frame received later according to the updated symmetric key to obtain the video code stream.
According to a further embodiment of the present invention, a computer-readable storage medium is also provided, in which a computer program is stored, wherein the computer program is configured to perform the steps of any of the above-described method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
According to the invention, the symmetric cipher is encrypted based on an asymmetric mode, so that the risk of cipher leakage is avoided, the video data is encrypted by the symmetric cipher key, the cipher key information frame is firstly sent, the code stream data frame is sent, so that the network platform can decrypt the later received code stream data frame based on the decrypted symmetric cipher key, and the later received code stream data frame is not decrypted according to the updated symmetric cipher key until the updated symmetric cipher key is received again, so that the corresponding relation between the symmetric cipher key and the code stream data frame is ensured, namely the symmetric cipher key is used for decrypting the later code stream data frame, and the problem that the cipher key for negotiating the encrypted video cipher key in the related technology has the risk of leakage and the cipher key and the video data are not friendly to process when a plurality of video encryption keys exist in the process can be solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a block diagram of a hardware structure of a mobile terminal of a video data encryption and decryption processing method according to an embodiment of the present invention;
fig. 2 is a flowchart of a video data encryption processing method according to an embodiment of the present invention;
fig. 3 is a flowchart of a video data decryption processing method according to an embodiment of the present invention;
FIG. 4 is a first flowchart of a surveillance video encryption and decryption method according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a codestream data encapsulation format according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a symmetric key encapsulation format according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a video sequence according to an embodiment of the present invention;
FIG. 8 is a flowchart II of a surveillance video encryption and decryption method according to an embodiment of the present invention;
fig. 9 is a block diagram of a video data encryption processing apparatus according to an embodiment of the present invention;
fig. 10 is a block diagram of a video data decryption processing apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Example 1
The method provided by the first embodiment of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Taking a mobile terminal as an example, fig. 1 is a block diagram of a hardware structure of the mobile terminal of a video data encryption and decryption processing method according to an embodiment of the present invention, as shown in fig. 1, a mobile terminal 10 may include one or more processors 102 (only one is shown in fig. 1) (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), and a memory 104 for storing data, and optionally, the mobile terminal may further include a transmission device 106 for a communication function and an input/output device 108. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration, and does not limit the structure of the mobile terminal. For example, the mobile terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to the message receiving method in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the method described above. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the mobile terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal 10. In one example, the transmission device 106 includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
In this embodiment, a video data encryption processing method operating in the mobile terminal or the network architecture is provided, and fig. 2 is a flowchart of a video data encryption processing method according to an embodiment of the present invention, as shown in fig. 2, the flowchart includes the following steps:
step S202, receiving a request message for acquiring a video code stream sent by a monitoring platform, wherein the request message carries a public key in an asymmetric encryption mode;
step S204, obtaining a symmetric key according to the request message, and encrypting the symmetric key through the public key to obtain a key information frame;
namely, the symmetric key of the symmetric encryption mode is encrypted based on the public key in the asymmetric encryption mode, and the encrypted video stream and the encrypted symmetric key are sent to the monitoring platform.
Step S206, encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
the symmetric Encryption mode may be an Advanced Encryption Standard (AES) symmetric Encryption mode. The network camera acquires video stream, sends the encrypted code stream video frame to the monitoring platform, and the monitoring platform receives the code stream video frame and decrypts the video frame based on a symmetric encryption mode.
In the embodiment of the invention, before the key information frame and the encrypted code stream data frame are sent, the video code stream and the key information frame are packaged by using the same packaging head.
Step S208, sending the key information frame to the monitoring platform, and then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
By inserting the key information frame before encrypting the code stream, the data synchronization in the multi-key process is ensured. The public key is transmitted, and the symmetric key is encrypted in an asymmetric encryption mode, so that the safety of the symmetric key is guaranteed.
After the network camera collects the video stream, the code stream is recoded by adopting a symmetric key to form an encrypted video code stream, and the monitoring platform decrypts the video stream by adopting a matched decryption key, so that the transmission safety of the video stream is ensured. All videos are encrypted code streams after being collected by the network camera, so that any unauthorized person cannot watch the video content, even an administrator at a server cannot obtain the video content, and the privacy reliability of the videos is high.
Through the steps S202 to S208, the symmetric cipher is encrypted based on the asymmetric mode, the risk of cipher leakage is avoided, the video data is encrypted through the symmetric key, the key information frame is firstly sent, the code stream data frame is sent, so that the network platform can decrypt the code stream data frame received later based on the decrypted symmetric key, and the code stream data frame received later is decrypted according to the updated symmetric key until the updated symmetric key is received again, thereby ensuring the corresponding relation between the symmetric key and the code stream data frame, namely the symmetric key is used for the decrypted code stream data frame, and solving the problems that the key for negotiating the encrypted video key in the related technology has the risk of leakage, and the key cannot be friendly to process the synchronization of the key and the video data if a plurality of video encryption keys exist in the process.
In the embodiment of the invention, after the key information frame is sent to the monitoring platform and the encrypted code stream data frame is sent to the monitoring platform, the symmetric key is updated in a preset time period; and encrypting the updated symmetric key through the public key in each preset time period to obtain an updated key information frame. The keys are flexibly managed, namely updated in a preset time period, and can be accurately matched with video data under the condition of multiple keys.
In the embodiment of the invention, the collected video code stream is encrypted according to the updated symmetric key to obtain an encrypted code stream data frame; and sending the updated key information frame and the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the updated key information frame by using a private key corresponding to the public key to obtain an updated symmetric key, and decrypts the encrypted code stream data frame according to the updated symmetric key to obtain the video code stream.
Example 2
According to another embodiment of the present invention, there is also provided a video data decryption processing method, and fig. 3 is a flowchart of a video data decryption processing method according to an embodiment of the present invention, as shown in fig. 3, the flowchart includes the following steps:
step S302, sending a request message for acquiring a video code stream to a network camera, wherein the request message carries a public key in an asymmetric encryption mode;
step S304, receiving a key information frame and an encrypted code stream data frame sent by the network camera, wherein the key information frame is obtained by the network camera by using the public key to encrypt an obtained symmetric key, and the encrypted code stream data frame is obtained by the network camera by using the symmetric key to encrypt an acquired video code stream;
step S306, decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
step S308, the symmetric key is used for decrypting the encrypted code stream data frame received later to obtain the video code stream.
Through the steps S302 to S308, the symmetric cipher is encrypted based on the asymmetric mode, the risk of cipher leakage is avoided, the video data is encrypted through the symmetric cipher key, the cipher key information frame is firstly sent, the code stream data frame is sent, so that the network platform can decrypt the code stream data frame received later based on the decrypted symmetric cipher key, and the code stream data frame received later is decrypted according to the updated symmetric cipher key until the updated symmetric cipher key is received again, thereby ensuring the corresponding relation between the symmetric cipher key and the code stream data frame, namely the symmetric cipher key is used for the decrypted code stream data frame, and solving the problems that the cipher key for negotiating the encrypted video cipher key in the related technology has the risk of leakage, and the cipher key and the video data cannot be processed in a friendly way if a plurality of video encryption keys exist in the process.
In the embodiment of the present invention, after the symmetric key is used to decrypt the encrypted code stream data frame received later to obtain the video code stream, an updated key information frame and an encrypted code stream data frame sent by the network camera are received, wherein the updated key information frame is obtained by the network camera encrypting the collected video code stream according to the updated symmetric key, and the updated symmetric key is updated by the network camera at a predetermined time period; decrypting the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key; and decrypting the encrypted code stream data frame received later according to the updated symmetric key to obtain the video code stream.
Fig. 4 is a first flowchart of a surveillance video encryption and decryption method according to an embodiment of the present invention, as shown in fig. 4, including:
s401, the monitoring platform requests a network camera to browse code streams in real time, wherein the request carries a public key of the monitoring platform;
s402, the network camera generates or acquires a symmetric key for encrypting the code stream, the symmetric key can be generated by itself or acquired from a key management system, and the updating of the symmetric key is periodically carried out.
S403, the network camera encapsulates the key information frame, encrypts the code stream generated in real time using the symmetric key, encapsulates the encrypted code stream data, and encapsulates the encrypted code stream data using the format header as shown in fig. 5.
And, when generating and updating the symmetric key each time, before encrypting the code stream, a key information frame is generated, the public key sent by the monitoring platform is used to encrypt the symmetric key to be used next, and the symmetric key is encapsulated by the same encapsulation header as the above encapsulated code stream data as shown in fig. 6.
S404, the network camera sends a key information frame to the monitoring platform;
s405, encrypting the cipher stream by using the symmetric key;
s406, the network camera sends the encrypted code stream data frame to the monitoring platform, wherein the key information frame is sent first, and then the encrypted code stream data frame is sent, and the sequence is shown in FIG. 7.
And S406, the monitoring platform decrypts the key information frame firstly and then decrypts the code stream frame data, specifically, after receiving the data sent by the network camera, the monitoring platform analyzes and decrypts the data, decrypts the symmetric key in the key information frame by using the private key of the monitoring platform, then enables the symmetric key to be in contact with the next code stream frame till the next key information frame, and performs circular processing.
Through the process, the transmission time of the code stream data from the network camera to the platform is encrypted, so that the code stream data is stored on the platform in an encrypted manner. Similarly, when the client initiates real-time browsing/playback of the code stream to the platform, the client carries a public key in an asymmetric encryption manner, when the platform receives the request and sends the code stream to the client, the platform decrypts the key information frame with the private key of the platform, then encrypts the key information frame with the public key sent by the client, replaces the original key information frame, and sends the encrypted key information frame to the client, where the encrypted code stream data does not need to be changed, fig. 8 is a second flowchart of the surveillance video encryption and decryption method according to the embodiment of the present invention, as shown in fig. 8, including:
step S801, a monitoring client requests a monitoring platform to browse code stream/playback history code stream in real time;
step S802, the monitoring platform uses the public key of the platform client to package the replacement key information frame, specifically, the monitoring platform generates or obtains a symmetric key for encrypting the cipher stream, the symmetric key may be generated by itself or obtained from the key management system, and the symmetric key is periodically updated.
Step S803, the monitoring client sends a key information frame to the monitoring platform;
step S804, the monitoring client sends the encrypted code stream data frame to the monitoring platform.
Example 3
According to another embodiment of the present invention, there is also provided a video data encryption processing apparatus, and fig. 9 is a block diagram of the video data encryption processing apparatus according to the embodiment of the present invention, as shown in fig. 9, including:
a first receiving module 92, configured to receive a request message for acquiring a video code stream sent by a monitoring platform, where the request message carries a public key in an asymmetric encryption manner;
an obtaining module 94, configured to obtain a symmetric key according to the request message, and encrypt the symmetric key through the public key to obtain a key information frame;
the first encryption module 96 is configured to encrypt the acquired video code stream according to the symmetric key to obtain an encrypted code stream data frame;
a first sending module 98, configured to send the key information frame to the monitoring platform, and then send the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, the apparatus further comprises:
an updating module for updating the symmetric key at a predetermined time period;
and the second encryption module is used for encrypting the updated symmetric key through the public key in each preset time period to obtain an updated key information frame.
Optionally, the apparatus further comprises:
the third encryption module is used for encrypting the collected video code stream according to the updated symmetric key to obtain an encrypted code stream data frame;
and the second sending module is used for sending the updated key information frame and the encrypted code stream data frame to the monitoring platform so that the monitoring platform decrypts the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key, and decrypts the encrypted code stream data frame according to the updated symmetric key to obtain the video code stream.
Optionally, the apparatus further comprises:
and the encapsulation module is used for encapsulating the video code stream and the key information frame by using the same encapsulation head.
Example 4
According to another embodiment of the present invention, there is also provided a video data decryption processing apparatus, and fig. 10 is a block diagram of the video data decryption processing apparatus according to the embodiment of the present invention, as shown in fig. 10, including:
a third sending module 102, configured to send a request message for obtaining a video code stream to a network camera, where the request message carries a public key in an asymmetric encryption manner;
a second receiving module 104, configured to receive a key information frame and an encrypted code stream data frame sent by the network camera, where the key information frame is obtained by encrypting an obtained symmetric key by using the public key by the network camera, and the encrypted code stream data frame is obtained by encrypting a collected video code stream by using the symmetric key by the network camera;
a first decryption module 106, configured to decrypt the key information frame using a private key corresponding to the public key to obtain the symmetric key;
and the second decryption module 108 is configured to decrypt the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, the apparatus further comprises:
a third receiving module, configured to receive an updated key information frame and an encrypted code stream data frame sent by the network camera, where the updated key information frame is obtained by the network camera encrypting a collected video code stream according to an updated symmetric key, and the updated symmetric key is updated by the network camera at a predetermined time period;
the third decryption module is used for decrypting the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key;
and the fourth decryption module is used for decrypting the encrypted code stream data frame received later according to the updated symmetric key to obtain the video code stream.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Example 5
Embodiments of the present invention also provide a computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s11, receiving a request message for acquiring a video code stream sent by a monitoring platform, wherein the request message carries a public key in an asymmetric encryption mode;
s12, obtaining a symmetric key according to the request message, and encrypting the symmetric key through the public key to obtain a key information frame;
s13, encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
s14, sending the key information frame to the monitoring platform, then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, in this embodiment, the storage medium may be further configured to store a computer program for executing the following steps:
s21, sending a request message for acquiring a video code stream to a network camera, wherein the request message carries a public key in an asymmetric encryption mode;
s22, receiving a key information frame and an encrypted code stream data frame sent by the network camera, wherein the key information frame is obtained by the network camera by using the public key to encrypt an acquired symmetric key, and the encrypted code stream data frame is obtained by the network camera by using the symmetric key to encrypt an acquired video code stream;
s23, decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
s24, the symmetric key is used to decrypt the encrypted code stream data frame received later to obtain the video code stream.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Example 6
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s11, receiving a request message for acquiring a video code stream sent by a monitoring platform, wherein the request message carries a public key in an asymmetric encryption mode;
s12, obtaining a symmetric key according to the request message, and encrypting the symmetric key through the public key to obtain a key information frame;
s13, encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
s14, sending the key information frame to the monitoring platform, then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
Optionally, in this embodiment, the processor may be further configured to execute, by the computer program, the following steps:
s21, sending a request message for acquiring a video code stream to a network camera, wherein the request message carries a public key in an asymmetric encryption mode;
s22, receiving a key information frame and an encrypted code stream data frame sent by the network camera, wherein the key information frame is obtained by the network camera by using the public key to encrypt an acquired symmetric key, and the encrypted code stream data frame is obtained by the network camera by using the symmetric key to encrypt an acquired video code stream;
s23, decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
s24, the symmetric key is used to decrypt the encrypted code stream data frame received later to obtain the video code stream.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for video data encryption processing, comprising:
receiving a request message for acquiring a video code stream sent by a monitoring platform, wherein the request message carries a public key in an asymmetric encryption mode;
acquiring a symmetric key according to the request message, and encrypting the symmetric key through the public key to obtain a key information frame;
encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
and sending the key information frame to the monitoring platform, and then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
2. The method of claim 1, wherein after sending the key information frame to the monitoring platform and then sending the encrypted codestream data frame to the monitoring platform, the method further comprises:
updating the symmetric key at a predetermined time period;
and encrypting the updated symmetric key through the public key in each preset time period to obtain an updated key information frame.
3. The method of claim 2, further comprising:
encrypting the collected video code stream according to the updated symmetric key to obtain an encrypted code stream data frame;
and sending the updated key information frame and the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the updated key information frame by using a private key corresponding to the public key to obtain an updated symmetric key, and decrypts the encrypted code stream data frame according to the updated symmetric key to obtain the video code stream.
4. The method of any of claims 1 to 3, wherein before sending the key information frame to the monitoring platform and then sending the encrypted codestream data frame to the monitoring platform, the method further comprises:
and packaging the video code stream and the key information frame by using the same packaging head.
5. A method for decrypting video data, comprising:
sending a request message for acquiring a video code stream to a network camera, wherein the request message carries a public key in an asymmetric encryption mode;
receiving a key information frame and an encrypted code stream data frame sent by the network camera, wherein the key information frame is obtained by encrypting an acquired symmetric key by the network camera by using the public key, and the encrypted code stream data frame is obtained by encrypting an acquired video code stream by the network camera by using the symmetric key;
decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
and decrypting the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
6. The method of claim 5, wherein after decrypting the subsequently received encrypted bitstream data frames using the symmetric key to obtain the video bitstream, the method further comprises:
receiving an updated key information frame and an encrypted code stream data frame sent by the network camera, wherein the updated key information frame is obtained by encrypting a collected video code stream by the network camera according to an updated symmetric key, and the updated symmetric key is updated by the network camera in a preset time period;
decrypting the updated key information frame by using a private key corresponding to the public key to obtain the updated symmetric key;
and decrypting the encrypted code stream data frame received later according to the updated symmetric key to obtain the video code stream.
7. A video data encryption processing apparatus, comprising:
the first receiving module is used for receiving a request message for acquiring a video code stream, wherein the request message carries a public key in an asymmetric encryption mode, and the request message is sent by a monitoring platform;
the acquisition module is used for acquiring a symmetric key according to the request message and encrypting the symmetric key through the public key to obtain a key information frame;
the first encryption module is used for encrypting the collected video code stream according to the symmetric key to obtain an encrypted code stream data frame;
and the first sending module is used for sending the key information frame to the monitoring platform, then sending the encrypted code stream data frame to the monitoring platform, so that the monitoring platform decrypts the key information frame by using a private key corresponding to the public key to obtain the symmetric key, and decrypts the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
8. A video data decryption processing apparatus, comprising:
the third sending module is used for sending a request message for acquiring the video code stream to the network camera, wherein the request message carries a public key in an asymmetric encryption mode;
a second receiving module, configured to receive a key information frame and an encrypted code stream data frame sent by the network camera, where the key information frame is obtained by encrypting an acquired symmetric key by using the public key by the network camera, and the encrypted code stream data frame is obtained by encrypting an acquired video code stream by using the symmetric key by the network camera;
the first decryption module is used for decrypting the key information frame by using a private key corresponding to the public key to obtain the symmetric key;
and the second decryption module is used for decrypting the encrypted code stream data frame received later by using the symmetric key to obtain the video code stream.
9. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to perform the method of any one of claims 1 to 4 and 5 to 6 when the computer program is executed.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the method of any one of claims 1 to 4 and 5 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010225347.1A CN111372056A (en) | 2020-03-26 | 2020-03-26 | Video data encryption and decryption processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010225347.1A CN111372056A (en) | 2020-03-26 | 2020-03-26 | Video data encryption and decryption processing method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111372056A true CN111372056A (en) | 2020-07-03 |
Family
ID=71212076
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010225347.1A Pending CN111372056A (en) | 2020-03-26 | 2020-03-26 | Video data encryption and decryption processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111372056A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113727058A (en) * | 2021-08-31 | 2021-11-30 | 成都卫士通信息产业股份有限公司 | Multimedia conference data processing method, system, equipment and storage medium |
CN113784097A (en) * | 2021-09-14 | 2021-12-10 | 广东中星电子有限公司 | Key generation and distribution method and device, electronic equipment and computer readable medium |
CN115022012A (en) * | 2022-05-30 | 2022-09-06 | 中国银行股份有限公司 | Data transmission method, device, system, equipment and storage medium |
WO2024113865A1 (en) * | 2022-11-29 | 2024-06-06 | 华为技术有限公司 | Secure transmission method and apparatus for video stream |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101958907A (en) * | 2010-09-30 | 2011-01-26 | 中兴通讯股份有限公司 | Method, system and device for transmitting key |
CN102196304A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method, system and equipment for generating secrete key in video monitoring |
CN106161383A (en) * | 2015-04-15 | 2016-11-23 | 北京视联动力国际信息技术有限公司 | A kind of multimedia data encryption, the method and device of deciphering |
US20180007015A1 (en) * | 2015-10-28 | 2018-01-04 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data encryption and decryption method and encryption and decryption device |
US20180234399A1 (en) * | 2016-02-02 | 2018-08-16 | Tencent Technology (Shenzhen) Company Limited | Apparatus and method of encrypted communication |
CN109150502A (en) * | 2018-09-19 | 2019-01-04 | 广州通达汽车电气股份有限公司 | Data ciphering method, device, system, computer equipment and storage medium |
CN109698935A (en) * | 2017-10-24 | 2019-04-30 | 中国移动通信有限公司研究院 | Monitor video encrypting and decrypting method and device, equipment, storage medium, system |
CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
-
2020
- 2020-03-26 CN CN202010225347.1A patent/CN111372056A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102196304A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method, system and equipment for generating secrete key in video monitoring |
CN101958907A (en) * | 2010-09-30 | 2011-01-26 | 中兴通讯股份有限公司 | Method, system and device for transmitting key |
CN106161383A (en) * | 2015-04-15 | 2016-11-23 | 北京视联动力国际信息技术有限公司 | A kind of multimedia data encryption, the method and device of deciphering |
US20180007015A1 (en) * | 2015-10-28 | 2018-01-04 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data encryption and decryption method and encryption and decryption device |
US20180234399A1 (en) * | 2016-02-02 | 2018-08-16 | Tencent Technology (Shenzhen) Company Limited | Apparatus and method of encrypted communication |
CN109698935A (en) * | 2017-10-24 | 2019-04-30 | 中国移动通信有限公司研究院 | Monitor video encrypting and decrypting method and device, equipment, storage medium, system |
CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
CN109150502A (en) * | 2018-09-19 | 2019-01-04 | 广州通达汽车电气股份有限公司 | Data ciphering method, device, system, computer equipment and storage medium |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113727058A (en) * | 2021-08-31 | 2021-11-30 | 成都卫士通信息产业股份有限公司 | Multimedia conference data processing method, system, equipment and storage medium |
CN113784097A (en) * | 2021-09-14 | 2021-12-10 | 广东中星电子有限公司 | Key generation and distribution method and device, electronic equipment and computer readable medium |
CN113784097B (en) * | 2021-09-14 | 2024-02-27 | 广东中星电子有限公司 | Key generation and distribution method, device, electronic equipment and computer readable medium |
CN115022012A (en) * | 2022-05-30 | 2022-09-06 | 中国银行股份有限公司 | Data transmission method, device, system, equipment and storage medium |
CN115022012B (en) * | 2022-05-30 | 2024-04-16 | 中国银行股份有限公司 | Data transmission method, device, system, equipment and storage medium |
WO2024113865A1 (en) * | 2022-11-29 | 2024-06-06 | 华为技术有限公司 | Secure transmission method and apparatus for video stream |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111372056A (en) | Video data encryption and decryption processing method and device | |
EP2814199A1 (en) | Method and system for downloading file | |
WO2021244489A1 (en) | Method and apparatus for transmitting encryption control overhead in optical transport network | |
KR20120071556A (en) | Image secure tansmission apparatus, image data reception apparatus, and key generation method therefor | |
CN111614670A (en) | Method and device for sending encrypted file and storage medium | |
CN105959281B (en) | File encryption transmission method and device | |
KR20150079489A (en) | Instant messaging method and system | |
CN112383881B (en) | Information reporting method, device, equipment and storage medium | |
CN110839240B (en) | Method and device for establishing connection | |
CN114500064B (en) | Communication security verification method and device, storage medium and electronic equipment | |
CN112436936A (en) | Cloud storage method and system with quantum encryption function | |
CN111277802B (en) | Video code stream processing method, device, equipment and storage medium | |
CN101621661A (en) | Audio-video encryption and decryption transmission system | |
CN111224772B (en) | Data processing method, device and computer readable storage medium | |
CN101621677A (en) | Method, device and system for multi-level encryption and decryption of audios and videos for monitoring | |
CN111934995B (en) | Internet of things gateway system | |
CN114978769A (en) | Unidirectional lead-in device, method, medium, and apparatus | |
CN114826748A (en) | Audio and video stream data encryption method and device based on RTP, UDP and IP protocols | |
CN111431846B (en) | Data transmission method, device and system | |
CN113708928A (en) | Edge cloud communication method and related device | |
CN108809632B (en) | Quantum safety sleeving layer device and system | |
CN113452514A (en) | Key distribution method, device and system | |
CN110855628A (en) | Data transmission method and system | |
KR101503009B1 (en) | Method and apparatus for identifying application based on data size | |
CN114124914B (en) | Data security transmission method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200703 |