CN111885397A - Data encryption and decryption method and device - Google Patents

Data encryption and decryption method and device Download PDF

Info

Publication number
CN111885397A
CN111885397A CN202010556596.9A CN202010556596A CN111885397A CN 111885397 A CN111885397 A CN 111885397A CN 202010556596 A CN202010556596 A CN 202010556596A CN 111885397 A CN111885397 A CN 111885397A
Authority
CN
China
Prior art keywords
data
audio
video data
encryption
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010556596.9A
Other languages
Chinese (zh)
Inventor
聂培军
秦元河
赵亚婷
王艳辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visionvera Information Technology Co Ltd
Original Assignee
Visionvera Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visionvera Information Technology Co Ltd filed Critical Visionvera Information Technology Co Ltd
Priority to CN202010556596.9A priority Critical patent/CN111885397A/en
Publication of CN111885397A publication Critical patent/CN111885397A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/231Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers, prioritizing data for deletion
    • H04N21/23106Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers, prioritizing data for deletion involving caching operations

Abstract

The embodiment of the invention provides a data encryption and decryption method and a device, wherein the method comprises the following steps: analyzing the received audio and video data to obtain a target instruction; under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction, key stream data is generated, and meanwhile, the audio and video data are cached to obtain cached audio and video data; and carrying out data encryption and decryption based on the cached audio and video data and the secret key stream data to obtain encrypted and decrypted audio and video data. The embodiment of the invention can meet the requirements of OFB mode full encryption of data and simultaneous encryption and decryption functions of multi-channel video networking equipment.

Description

Data encryption and decryption method and device
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data encryption and decryption method and apparatus.
Background
Because the video networking technology can realize real-time transmission of full-network high-definition audio and video, the video networking technology is more and more applied to various large-scale conferences, and the video networking is well praised by users according to excellent high-definition video interaction technology, safety, high reliability and the like. In the process of carrying out live broadcasting such as video conference, video telephone and the like, the video networking equipment can ensure that the audio and video data can meet the safety requirements of all encryption and decryption or partial encryption and decryption by a complicated encryption and decryption mode before the transmitted audio and video data are transmitted to an external network.
At present, the traditional video network can encrypt and decrypt audio and video data through an encryption and decryption core module, and a Universal Serial Bus (USB) interface communication encryption and decryption mode (encryption and decryption dog) is usually adopted.
However, the encryption and decryption dog is adopted to encrypt and decrypt the audio and video data, so that the communication rate is low, the encryption and decryption mode is single, the technical requirements of all encryption and decryption of single-path audio and video data cannot be met, and the requirements of encryption and decryption of multi-path high-speed audio and video data cannot be met.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a data encryption and decryption method and apparatus that overcome or at least partially solve the above problems.
In order to solve the above problem, an embodiment of the present invention provides a data encryption and decryption method, where the method includes:
analyzing the received audio and video data to obtain a target instruction;
under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction, key stream data is generated, and meanwhile, the audio and video data are cached to obtain cached audio and video data;
and carrying out data encryption and decryption based on the cached audio and video data and the secret key stream data to obtain encrypted and decrypted audio and video data.
Optionally, the encrypting and decrypting data based on the cached audio and video data and the key stream data to obtain encrypted and decrypted audio and video data includes:
under the condition that the cached audio and video data are located in a first data cache region, converting the format of the cached audio and video data into a target format corresponding to the key stream data to obtain target cached audio and video data; the first data cache region is a cache region of which the data follows the principle of a data first-out cache region which firstly enters the cache region;
and combining the secret key stream data with the target cache audio/video data to encrypt and decrypt the data to obtain the encrypted and decrypted audio/video data.
Optionally, the generating key stream data and caching the audio and video data to obtain cached audio and video data includes:
generating key stream data by combining random numbers;
and storing the secret key stream data, and caching the audio and video data to obtain cached audio and video data.
Optionally, after the data encryption and decryption is performed based on the cached audio and video data and the key stream data to obtain encrypted and decrypted audio and video data, the method further includes:
and sending the encrypted and decrypted audio and video data to a data receiving end.
In order to solve the above problem, an embodiment of the present invention provides a data encryption and decryption apparatus, where the apparatus includes:
the analysis module is used for analyzing the received audio and video data to obtain a target instruction;
the generating module is used for generating secret key stream data under the condition that the target instruction comprises an updating secret key instruction and an encryption and decryption data caching instruction, and caching the audio and video data to obtain cached audio and video data;
and the encryption and decryption module is used for carrying out data encryption and decryption based on the cached audio and video data and the secret key stream data to obtain the encrypted and decrypted audio and video data.
Optionally, the encryption and decryption module includes:
the format conversion submodule is used for converting the format of the cached audio and video data into a target format corresponding to the key stream data under the condition that the cached audio and video data is located in the first data cache region to obtain target cached audio and video data; the first data cache region is a cache region of which the data follows the principle of a data first-out cache region which firstly enters the cache region;
and the encryption and decryption submodule is used for carrying out data encryption and decryption on the secret key stream data in combination with the target cache audio and video data to obtain the encrypted and decrypted audio and video data.
Optionally, the generating module includes:
the generation submodule is used for generating key stream data by combining random numbers under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction;
and the storage submodule is used for storing the secret key stream data and caching the audio and video data to obtain cached audio and video data.
Optionally, the apparatus further comprises:
and the sending module is used for sending the encrypted and decrypted audio and video data to a data receiving end.
In order to solve the above problem, an embodiment of the present invention provides an electronic device, including:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the above-described data encryption and decryption methods.
In order to solve the above problem, an embodiment of the present invention provides a computer-readable storage medium storing a computer program that causes a processor to execute the above data encryption and decryption method.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, the video networking server can analyze the received audio and video data to obtain a target instruction, generate key stream data under the condition that the target instruction comprises an update key instruction and an encryption and decryption data cache instruction, cache the audio and video data to obtain cached audio and video data, and perform data encryption and decryption based on the cached audio and video data and the key stream data to obtain encryption and decryption audio and video data.
Drawings
Fig. 1 is a flowchart illustrating steps of a data encryption and decryption method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an encryption and decryption system provided by an embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps of a data encryption/decryption method according to a second embodiment of the present invention;
fig. 4 shows a block diagram of a data encryption and decryption apparatus according to a third embodiment of the present invention;
FIG. 5 illustrates a networking diagram of a video network of the present invention;
FIG. 6 is a schematic diagram of a hardware architecture of a node server according to the present invention;
fig. 7 shows a hardware architecture diagram of an access switch of the present invention;
fig. 8 is a schematic diagram illustrating a hardware structure of an ethernet protocol conversion gateway according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Referring to fig. 1, a flowchart illustrating steps of a data encryption and decryption method according to an embodiment of the present invention is shown, which may specifically include the following steps:
and step 501, analyzing the received audio and video data to obtain a target instruction.
In the embodiment of the present invention, a technical solution of the embodiment of the present invention may be described in detail with reference to fig. 2.
Referring to fig. 2, a schematic diagram of an encryption and decryption system according to an embodiment of the present invention is shown, and as shown in fig. 2, the encryption and decryption system may include an ethernet (eth) transceiver module 10, a protocol packet parsing module 20, a data caching module 30, a seed storage module 40, a key storage module 50, a key stream storage module 60, an encryption and decryption processing module 70, and a transmission control module 80, which are connected in sequence. The encryption and decryption system can be arranged in the video network server.
The ethernet transceiving module 10 may be a data transceiving functional module from a video network port, and is mainly responsible for receiving and transmitting video and audio data of the video network, and the received video and audio data may be firstly analyzed by the protocol packet analyzing module 20 to obtain a corresponding target instruction.
After the received audio and video data is analyzed to obtain the target instruction, step 502 is executed.
Step 502, under the condition that the target instruction includes an update key instruction and an encryption and decryption data caching instruction, generating key stream data, and caching the audio and video data to obtain cached audio and video data.
In the present invention, when the target instruction includes an update key instruction and an encryption/decryption data caching instruction, the audio/video data may be cached in the data caching module 30, the parallel seed storage module 40 and the key storage module 50 may cache the audio/video data, generate key stream data according to the update key instruction, and store the key stream data in the key stream storage module 60, specifically, store the key stream data in a Block Memory (Block Random Access Memory, BRAM) in the key stream storage module 60.
And under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction, generating key stream data, caching the audio and video data to obtain cached audio and video data, and then executing step 503.
And 503, performing data encryption and decryption based on the cached audio and video data and the secret key stream data to obtain encrypted and decrypted audio and video data.
In the present invention, the audio/video data may be buffered by the data buffering module 30, and the buffered audio/video data is transmitted to the encryption/decryption processing module 70.
The parallel seed storage module 40 and the key storage module 50 may generate key stream data according to an update key instruction while caching the audio/video data, and store the key stream data through the key stream storage module 60, specifically, store the key stream data in a Block Memory (BRAM) in the key stream storage module 60, and transmit the key stream data to the encryption/decryption processing module.
The encryption and decryption processing module can perform data Output Feedback (OFB) mode encryption and decryption processing according to the cached audio and video data and the key stream data to obtain the encrypted and decrypted audio and video data, can send the encrypted and decrypted audio and video data to the data cache region, simultaneously starts the sending control module to send, sends the encrypted and decrypted audio and video data out through the Ethernet transceiving module 10, realizes the sending of the encrypted and decrypted audio and video data, can realize the maximum 300Mbit/S audio and video data processing capacity, can realize the OFB mode full encryption of the data, and meets the requirements of simultaneous encryption and decryption functions of the multi-path video networking equipment.
In the embodiment of the invention, the video networking server can analyze the received audio and video data to obtain a target instruction, generate key stream data under the condition that the target instruction comprises an update key instruction and an encryption and decryption data cache instruction, cache the audio and video data to obtain cached audio and video data, and perform data encryption and decryption based on the cached audio and video data and the key stream data to obtain encryption and decryption audio and video data.
Referring to fig. 3, a flowchart illustrating steps of a data encryption and decryption method according to a second embodiment of the present invention is shown, which may specifically include the following steps:
step 601, analyzing the received audio and video data to obtain a target instruction.
In the embodiment of the present invention, a technical solution of the embodiment of the present invention may be described in detail with reference to fig. 2.
Referring to fig. 2, a schematic diagram of an encryption and decryption system according to an embodiment of the present invention is shown, and as shown in fig. 2, the encryption and decryption system may include an ethernet (eth) transceiver module 10, a protocol packet parsing module 20, a data caching module 30, a seed storage module 40, a key storage module 50, a key stream storage module 60, an encryption and decryption processing module 70, and a transmission control module 80, which are connected in sequence. The encryption and decryption system can be arranged in the video network server.
The ethernet transceiving module 10 may be a data transceiving functional module from a video network port, and is mainly responsible for receiving and transmitting video and audio data of the video network, and the received video and audio data may be firstly analyzed by the protocol packet analyzing module 20 to obtain a corresponding target instruction.
The formats of the audio and video data received and sent by the ethernet transceiving module 10 are both 8-byte (Bit) data, a counter inside a Field Programmable Gate Array (FPGA) can record the number of the received audio and video data at any time, and a target instruction of the received audio and video data can be determined according to an internal protocol of a video network.
After the received audio and video data is analyzed to obtain the target instruction, step 602 is executed.
Step 602, in case that the target instruction includes an update key instruction and an encrypt/decrypt data cache instruction, generating key stream data by combining the random number.
In the present invention, under the condition that the target instruction includes an update key instruction and an encryption/decryption data caching instruction, the audio/video data may be cached by the data caching module 30, and the parallel seed storage module 40 and the key storage module 50 perform generation of key stream data by combining a random number according to the update key instruction while caching the audio/video data.
Specifically, the Random number (randomly taken seed) is 128-Bit data, which is used as the data input of the encryption/decryption processing module, the 128-Bit key updated by the key storage module is used to jointly output a first result of 128-Bit encryption, which is used as the data input of the next encryption/decryption processing module, and the second result of 128-Bit encryption is output after being jointly encrypted with the 128-Bit key, so that 1500 pieces of encrypted key stream data are generated and stored in a Block memory (BRAM) for standby.
In the case that the target instruction includes an update key instruction and an encrypt/decrypt data buffer instruction, step 603 is performed after generating key stream data in combination with the random number.
Step 603, storing the key stream data, and caching the audio and video data to obtain cached audio and video data.
In the present invention, when the target instruction includes an update key instruction and an encryption/decryption data caching instruction, key stream data is stored through the key stream storage module 60, specifically, the key stream data may be generated in combination with a Random number, and the key stream data is stored in a Block memory (BRAM) in the key stream storage module 60 for standby. The audio and video data can be buffered by the parallel data buffer module 30 to obtain buffered audio and video data.
And step 604, converting the format of the cached audio and video data into a target format corresponding to the key stream data under the condition that the cached audio and video data is located in the first data cache region, so as to obtain the target cached audio and video data.
The first data buffer area is a buffer area of which the data follows the principle of a data first-out buffer area of which the data enters the buffer area first.
In the invention, the storage position of the cached audio and video data can be identified by the encryption and decryption processing module, the storage position of the cached audio and video data is at the encryption and decryption position corresponding to the encryption grouping standard, the encryption and decryption position can be in a first-in first-out data cache region, and the encryption and decryption processing module can convert the format of the cached audio and video data into a target format corresponding to secret key stream data.
And step 605, combining the secret key stream data with the target cache audio/video data to perform data encryption and decryption to obtain the encrypted and decrypted audio/video data.
In the present invention, the audio/video data may be buffered by the data buffering module 30, and the buffered audio/video data is transmitted to the encryption/decryption processing module 70, and the target buffered audio/video data is obtained at the encryption/decryption processing module.
The parallel seed storage module 40 and the key storage module 50 may generate key stream data according to an update key instruction while caching the audio/video data, and store the key stream data through the key stream storage module 60, specifically, store the key stream data in a Block Memory (BRAM) in the key stream storage module 60, and transmit the key stream data to the encryption/decryption processing module.
The encryption and decryption processing module can perform data Output Feedback (OFB) mode encryption and decryption processing according to the target cached audio and video data and the key stream data to obtain the encrypted and decrypted audio and video data, and the encrypted and decrypted audio and video data in the target format needs to be converted into a data format corresponding to the ethernet transceiving module, for example, the 128Bit audio and video data can be converted into 8Bit audio and video data.
And 606, sending the encrypted and decrypted audio and video data to a data receiving end.
In the invention, the encrypted and decrypted audio and video data can be sent to the data buffer area, and meanwhile, the sending control module is started to send the encrypted and decrypted audio and video data, and the encrypted and decrypted audio and video data is sent out through the Ethernet transceiving module 10 and sent to the data receiving end, so that the encrypted and decrypted audio and video data are sent.
In the embodiment of the invention, a video networking server can analyze received audio and video data to obtain a target instruction, generate key stream data by combining random numbers under the condition that the target instruction comprises an update key instruction and an encryption and decryption data cache instruction, store the key stream data, cache the audio and video data to obtain cached audio and video data, convert the format of the cached audio and video data into a target format corresponding to the key stream data under the condition that the cached audio and video data is stored in a first-in first-out data cache region to obtain target cached audio and video data, encrypt and decrypt the key stream data and the target cached audio and video data to obtain the encryption and decryption audio and video data, and send the encryption and decryption audio and video data, because the audio and video data are cached while the key stream data are generated, the parallel processing of the audio and video data can be realized, the encryption and decryption of high-speed video networking audio and video data can be realized, the maximum 300Mbit/S audio and video data processing capacity can be realized, the OFB mode full encryption of data can be realized, and the requirements of simultaneous encryption and decryption functions of multiple video networking devices can be met.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a block diagram of a data encryption and decryption apparatus according to a third embodiment of the present invention is shown, where the data encryption and decryption apparatus 700 specifically includes:
the analysis module 701 is used for analyzing the received audio and video data to obtain a target instruction;
the generating module 702 is configured to generate key stream data and cache audio and video data to obtain cached audio and video data when the target instruction includes an update key instruction and an encryption and decryption data caching instruction;
the encryption and decryption module 703 is configured to perform data encryption and decryption based on the cached audio and video data and the key stream data, so as to obtain encrypted and decrypted audio and video data.
Optionally, the encryption and decryption module includes:
the format conversion submodule is used for converting the format of the cached audio and video data into a target format corresponding to the key stream data under the condition that the cached audio and video data are located in the first data cache region, so that target cached audio and video data are obtained; the first data buffer area is a buffer area of which the data follows the principle of a data first-out buffer area of which the data enters the buffer area first;
and the encryption and decryption submodule is used for encrypting and decrypting the data of the secret key stream data in combination with the target cache audio and video data to obtain the encrypted and decrypted audio and video data.
Optionally, in a case that the target instruction includes an update key instruction and an encrypt/decrypt data cache instruction, the generating module includes:
the generation submodule is used for generating key stream data by combining random numbers under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction;
and the storage submodule is used for storing the secret key stream data and caching the audio and video data to obtain cached audio and video data.
Optionally, the apparatus further comprises:
and the transmitting module is used for transmitting the encrypted and decrypted audio and video data to the data receiving end.
In the embodiment of the invention, the video networking server can analyze the received audio and video data through the analysis module to obtain a target instruction, generate key stream data under the condition that the target instruction comprises an update key instruction and an encryption and decryption data cache instruction through the generation module, cache the audio and video data to obtain cached audio and video data, and encrypt and decrypt the data based on the cached audio and video data and the key stream data through the encryption and decryption module to obtain the encrypted and decrypted audio and video data, because the audio and video data are cached while the key stream data are generated, namely the parallel processing of the audio and video data can be realized, the high-speed encryption and decryption of the audio and video data of the video networking can be realized, the maximum 300Mbit/S audio and video data processing capacity can be realized, and the OFB mode full encryption of the data can be realized, the requirement of simultaneous encryption and decryption functions of multiple video networking devices.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
An embodiment of the present invention further provides an electronic device, including:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the data encryption and decryption method described above.
The embodiment of the invention also provides a computer readable storage medium, which stores a computer program for enabling a processor to execute the data encryption and decryption method.
The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.
The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like on a system platform on a network platform, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcast control, information distribution and the like, and realizes high-definition quality video broadcast through a television or a computer.
To better understand the embodiments of the present invention, the following description refers to the internet of view:
some of the technologies applied in the video networking are as follows:
network Technology (Network Technology)
Network technology innovation in video networking has improved over traditional Ethernet (Ethernet) to face the potentially enormous video traffic on the network. Unlike pure network Packet Switching (Packet Switching) or network circuit Switching (circuit Switching), the Packet Switching is adopted by the technology of the video networking to meet the Streaming requirement. The video networking technology has the advantages of flexibility, simplicity and low price of packet switching, and simultaneously has the quality and safety guarantee of circuit switching, thereby realizing the seamless connection of the whole network switching type virtual circuit and the data format.
Switching Technology (Switching Technology)
The video network adopts two advantages of asynchronism and packet switching of the Ethernet, eliminates the defects of the Ethernet on the premise of full compatibility, has end-to-end seamless connection of the whole network, is directly communicated with a user terminal, and directly bears an IP data packet. The user data does not require any format conversion across the entire network. The video networking is a higher-level form of the Ethernet, is a real-time exchange platform, can realize the real-time transmission of the whole-network large-scale high-definition video which cannot be realized by the existing Internet, and pushes a plurality of network video applications to high-definition and unification.
Server Technology (Server Technology)
The server technology on the video networking and unified video platform is different from the traditional server, the streaming media transmission of the video networking and unified video platform is established on the basis of connection orientation, the data processing capacity of the video networking and unified video platform is independent of flow and communication time, and a single network layer can contain signaling and data transmission. For voice and video services, the complexity of video networking and unified video platform streaming media processing is much simpler than that of data processing, and the efficiency is greatly improved by more than one hundred times compared with that of a traditional server.
Storage Technology (Storage Technology)
The super-high speed storage technology of the unified video platform adopts the most advanced real-time operating system in order to adapt to the media content with super-large capacity and super-large flow, the program information in the server instruction is mapped to the specific hard disk space, the media content is not passed through the server any more, and is directly sent to the user terminal instantly, and the general waiting time of the user is less than 0.2 second. The optimized sector distribution greatly reduces the mechanical motion of the magnetic head track seeking of the hard disk, the resource consumption only accounts for 20% of that of the IP internet of the same grade, but concurrent flow which is 3 times larger than that of the traditional hard disk array is generated, and the comprehensive efficiency is improved by more than 10 times.
Network Security Technology (Network Security Technology)
The structural design of the video network completely eliminates the network security problem troubling the internet structurally by the modes of independent service permission control each time, complete isolation of equipment and user data and the like, generally does not need antivirus programs and firewalls, avoids the attack of hackers and viruses, and provides a structural carefree security network for users.
Service Innovation Technology (Service Innovation Technology)
The unified video platform integrates services and transmission, and is not only automatically connected once whether a single user, a private network user or a network aggregate. The user terminal, the set-top box or the PC are directly connected to the unified video platform to obtain various multimedia video services in various forms. The unified video platform adopts a menu type configuration table mode to replace the traditional complex application programming, can realize complex application by using very few codes, and realizes infinite new service innovation.
Networking of the video network is as follows:
the video network is a centralized control network structure, and the network can be a tree network, a star network, a ring network and the like, but on the basis of the centralized control node, the whole network is controlled by the centralized control node in the network.
As shown in fig. 5, the video network is divided into an access network and a metropolitan network.
The devices of the access network part can be mainly classified into 3 types: node server, access switch, terminal (including various set-top boxes, coding boards, memories, etc.). The node server is connected to an access switch, which may be connected to a plurality of terminals and may be connected to an ethernet network.
The node server is a node which plays a centralized control function in the access network and can control the access switch and the terminal. The node server can be directly connected with the access switch or directly connected with the terminal.
Similarly, devices of the metropolitan network portion may also be classified into 3 types: a metropolitan area server, a node switch and a node server. The metro server is connected to a node switch, which may be connected to a plurality of node servers.
The node server is a node server of the access network part, namely the node server belongs to both the access network part and the metropolitan area network part.
The metropolitan area server is a node which plays a centralized control function in the metropolitan area network and can control a node switch and a node server. The metropolitan area server can be directly connected with the node switch or directly connected with the node server.
Therefore, the whole video network is a network structure with layered centralized control, and the network controlled by the node server and the metropolitan area server can be in various structures such as tree, star and ring.
The access network part can form a unified video platform (the part in the dotted circle), and a plurality of unified video platforms can form a video network; each unified video platform may be interconnected via metropolitan area and wide area video networking.
Video networking device classification
1.1 devices in the video network of the embodiment of the present invention can be mainly classified into 3 types: servers, switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.). The video network as a whole can be divided into a metropolitan area network (or national network, global network, etc.) and an access network.
1.2 wherein the devices of the access network part can be mainly classified into 3 types: node servers, access switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.).
The specific hardware structure of each access network device is as follows:
a node server:
as shown in fig. 6, the system mainly includes a network interface module 201, a switching engine module 202, a CPU module 203, and a disk array module 204;
the network interface module 201, the CPU module 203, and the disk array module 204 all enter the switching engine module 202; the switching engine module 202 performs an operation of looking up the address table 205 on the incoming packet, thereby obtaining the direction information of the packet; and stores the packet in a queue of the corresponding packet buffer 206 based on the packet's steering information; if the queue of the packet buffer 206 is nearly full, it is discarded; the switching engine module 202 polls all packet buffer queues for forwarding if the following conditions are met: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero. The disk array module 204 mainly implements control over the hard disk, including initialization, read-write, and other operations on the hard disk; the CPU module 203 is mainly responsible for protocol processing with an access switch and a terminal (not shown in the figure), configuring an address table 205 (including a downlink protocol packet address table, an uplink protocol packet address table, and a data packet address table), and configuring the disk array module 204.
The access switch:
as shown in fig. 7, the network interface module (downlink network interface module 301, uplink network interface module 302), switching engine module 303 and CPU module 304 are mainly included;
wherein, the packet (uplink data) coming from the downlink network interface module 301 enters the packet detection module 305; the packet detection module 305 detects whether the Destination Address (DA), the Source Address (SA), the packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id) and enters the switching engine module 303, otherwise, discards the stream identifier; the packet (downstream data) coming from the upstream network interface module 302 enters the switching engine module 303; the incoming data packet of the CPU module 304 enters the switching engine module 303; the switching engine module 303 performs an operation of looking up the address table 306 on the incoming packet, thereby obtaining the direction information of the packet; if the packet entering the switching engine module 303 is from the downstream network interface to the upstream network interface, the packet is stored in the queue of the corresponding packet buffer 307 in association with the stream-id; if the queue of the packet buffer 307 is nearly full, it is discarded; if the packet entering the switching engine module 303 is not from the downlink network interface to the uplink network interface, the data packet is stored in the queue of the corresponding packet buffer 307 according to the guiding information of the packet; if the queue of the packet buffer 307 is nearly full, it is discarded.
The switching engine module 303 polls all packet buffer queues, which in this embodiment of the present invention is divided into two cases:
if the queue is from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queued packet counter is greater than zero; 3) obtaining a token generated by a code rate control module;
if the queue is not from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero.
The rate control module 308 is configured by the CPU module 304, and generates tokens for packet buffer queues from all downstream network interfaces to upstream network interfaces at programmable intervals to control the rate of upstream forwarding.
The CPU module 304 is mainly responsible for protocol processing with the node server, configuration of the address table 306, and configuration of the code rate control module 308.
Ethernet protocol conversion gateway
As shown in fig. 8, the apparatus mainly includes a network interface module (a downlink network interface module 401 and an uplink network interface module 402), a switching engine module 403, a CPU module 404, a packet detection module 405, a rate control module 408, an address table 406, a packet buffer 407, a MAC adding module 409, and a MAC deleting module 410.
Wherein, the data packet coming from the downlink network interface module 401 enters the packet detection module 405; the packet detection module 405 detects whether the ethernet MAC DA, the ethernet MAC SA, the ethernet length or frame type, the video network destination address DA, the video network source address SA, the video network packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id); then, the MAC deletion module 410 subtracts MAC DA, MAC SA, length or frame type (2byte) and enters the corresponding receiving buffer, otherwise, discards it;
the downlink network interface module 401 detects the sending buffer of the port, and if there is a packet, obtains the ethernet MAC DA of the corresponding terminal according to the destination address DA of the packet, adds the ethernet MAC DA of the terminal, the MACSA of the ethernet coordination gateway, and the ethernet length or frame type, and sends the packet.
The other modules in the ethernet protocol gateway function similarly to the access switch.
A terminal:
the system mainly comprises a network interface module, a service processing module and a CPU module; for example, the set-top box mainly comprises a network interface module, a video and audio coding and decoding engine module and a CPU module; the coding board mainly comprises a network interface module, a video and audio coding engine module and a CPU module; the memory mainly comprises a network interface module, a CPU module and a disk array module.
1.3 devices of the metropolitan area network part can be mainly classified into 2 types: node server, node exchanger, metropolitan area server. The node switch mainly comprises a network interface module, a switching engine module and a CPU module; the metropolitan area server mainly comprises a network interface module, a switching engine module and a CPU module.
2. Video networking packet definition
2.1 Access network packet definition
The data packet of the access network mainly comprises the following parts: destination Address (DA), Source Address (SA), reserved bytes, payload (pdu), CRC.
As shown in the following table, the data packet of the access network mainly includes the following parts:
DA SA Reserved Payload CRC
wherein:
the Destination Address (DA) is composed of 8 bytes (byte), the first byte represents the type of the data packet (such as various protocol packets, multicast data packets, unicast data packets, etc.), there are 256 possibilities at most, the second byte to the sixth byte are metropolitan area network addresses, and the seventh byte and the eighth byte are access network addresses;
the Source Address (SA) is also composed of 8 bytes (byte), defined as the same as the Destination Address (DA);
the reserved byte consists of 2 bytes;
the payload part has different lengths according to different types of datagrams, and is 64 bytes if the datagram is various types of protocol packets, and is 32+1024 or 1056 bytes if the datagram is a unicast packet, of course, the length is not limited to the above 2 types;
the CRC consists of 4 bytes and is calculated in accordance with the standard ethernet CRC algorithm.
2.2 metropolitan area network packet definition
The topology of a metropolitan area network is a graph and there may be 2, or even more than 2, connections between two devices, i.e., there may be more than 2 connections between a node switch and a node server, a node switch and a node switch, and a node switch and a node server. However, the metro network address of the metro network device is unique, and in order to accurately describe the connection relationship between the metro network devices, parameters are introduced in the embodiment of the present invention: a label to uniquely describe a metropolitan area network device.
In this specification, the definition of the Label is similar to that of the Label of MPLS (Multi-Protocol Label Switch), and assuming that there are two connections between the device a and the device B, there are 2 labels for the packet from the device a to the device B, and 2 labels for the packet from the device B to the device a. The label is classified into an incoming label and an outgoing label, and assuming that the label (incoming label) of the packet entering the device a is 0x0000, the label (outgoing label) of the packet leaving the device a may become 0x 0001. The network access process of the metro network is a network access process under centralized control, that is, address allocation and label allocation of the metro network are both dominated by the metro server, and the node switch and the node server are both passively executed, which is different from label allocation of MPLS, and label allocation of MPLS is a result of mutual negotiation between the switch and the server.
As shown in the following table, the data packet of the metro network mainly includes the following parts:
DA SA Reserved label (R) Payload CRC
Namely Destination Address (DA), Source Address (SA), Reserved byte (Reserved), tag, payload (pdu), CRC. The format of the tag may be defined by reference to the following: the tag is 32 bits with the upper 16 bits reserved and only the lower 16 bits used, and its position is between the reserved bytes and payload of the packet.
Based on the characteristics of the video network, the video network server can analyze the received audio and video data to obtain a target instruction, generating key stream data in case the target instruction comprises an update key instruction and an encrypt/decrypt data cache instruction, meanwhile, the audio and video data are cached to obtain cached audio and video data, data encryption and decryption are carried out based on the cached audio and video data and secret key stream data to obtain encrypted and decrypted audio and video data, because the audio and video data are cached while the key stream data are generated, the parallel processing of the audio and video data can be realized, the encryption and decryption of the high-speed video and audio data of the video network can be realized, the maximum 300Mbit/S audio and video data processing capacity can be realized, the OFB mode full encryption of data and the requirement of simultaneous encryption and decryption functions of multiple video networking devices can be realized.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The above detailed description is provided for the data encryption and decryption method and apparatus provided by the present invention, and the principle and the implementation of the present invention are explained by applying specific examples, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A method for encrypting and decrypting data, the method comprising:
analyzing the received audio and video data to obtain a target instruction;
under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction, key stream data is generated, and meanwhile, the audio and video data are cached to obtain cached audio and video data;
and carrying out data encryption and decryption based on the cached audio and video data and the secret key stream data to obtain encrypted and decrypted audio and video data.
2. The method according to claim 1, wherein the encrypting and decrypting data based on the buffered audio/video data and the key stream data to obtain encrypted and decrypted audio/video data comprises:
under the condition that the cached audio and video data are located in a first data cache region, converting the format of the cached audio and video data into a target format corresponding to the key stream data to obtain target cached audio and video data; the first data cache region is a cache region of which the data follows the principle of a data first-out cache region which firstly enters the cache region;
and combining the secret key stream data with the target cache audio/video data to encrypt and decrypt the data to obtain the encrypted and decrypted audio/video data.
3. The method according to claim 1, wherein the generating key stream data and the caching the audio/video data to obtain cached audio/video data comprises:
generating key stream data by combining random numbers;
and storing the secret key stream data, and caching the audio and video data to obtain cached audio and video data.
4. The method according to claim 1, wherein after the data encryption and decryption is performed based on the buffered audio/video data and the key stream data to obtain encrypted and decrypted audio/video data, the method further comprises:
and sending the encrypted and decrypted audio and video data to a data receiving end.
5. An apparatus for encrypting and decrypting data, the apparatus comprising:
the analysis module is used for analyzing the received audio and video data to obtain a target instruction;
the generating module is used for generating secret key stream data under the condition that the target instruction comprises an updating secret key instruction and an encryption and decryption data caching instruction, and caching the audio and video data to obtain cached audio and video data;
and the encryption and decryption module is used for carrying out data encryption and decryption based on the cached audio and video data and the secret key stream data to obtain the encrypted and decrypted audio and video data.
6. The apparatus of claim 5, wherein the encryption/decryption module comprises:
the format conversion submodule is used for converting the format of the cached audio and video data into a target format corresponding to the key stream data under the condition that the cached audio and video data is located in the first data cache region to obtain target cached audio and video data; the first data cache region is a cache region of which the data follows the principle of a data first-out cache region which firstly enters the cache region;
and the encryption and decryption submodule is used for carrying out data encryption and decryption on the secret key stream data in combination with the target cache audio and video data to obtain the encrypted and decrypted audio and video data.
7. The apparatus of claim 5, wherein the generating module comprises:
the generation submodule is used for generating key stream data by combining random numbers under the condition that the target instruction comprises an updating key instruction and an encryption and decryption data caching instruction;
and the storage submodule is used for storing the secret key stream data and caching the audio and video data to obtain cached audio and video data.
8. The apparatus of claim 5, further comprising:
and the sending module is used for sending the encrypted and decrypted audio and video data to a data receiving end.
9. An electronic device, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the data encryption and decryption method of any one of claims 1 to 4.
10. A computer-readable storage medium storing a computer program for causing a processor to execute the data encryption/decryption method according to any one of claims 1 to 4.
CN202010556596.9A 2020-06-17 2020-06-17 Data encryption and decryption method and device Pending CN111885397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010556596.9A CN111885397A (en) 2020-06-17 2020-06-17 Data encryption and decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010556596.9A CN111885397A (en) 2020-06-17 2020-06-17 Data encryption and decryption method and device

Publications (1)

Publication Number Publication Date
CN111885397A true CN111885397A (en) 2020-11-03

Family

ID=73157625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010556596.9A Pending CN111885397A (en) 2020-06-17 2020-06-17 Data encryption and decryption method and device

Country Status (1)

Country Link
CN (1) CN111885397A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101101624A (en) * 2007-07-31 2008-01-09 北京华大恒泰科技有限责任公司 Encryption control system and method
CN101795450A (en) * 2009-02-03 2010-08-04 沈阳晨讯希姆通科技有限公司 Method and device for carrying out security protection on mobile phone data
US20120195425A1 (en) * 2010-12-23 2012-08-02 Electronics And Telecommunications Research Institute Security video transmission apparatus, video data reception apparatus, and key generation method thereof
WO2017060277A1 (en) * 2015-10-06 2017-04-13 Qutools Gmbh Methods and apparatuses for local key distribution
CN109547198A (en) * 2018-11-16 2019-03-29 南京钟山虚拟现实技术研究院有限公司 The method and system of network transmission video file
CN110912679A (en) * 2019-11-19 2020-03-24 海南众博数据科技有限公司 Password device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101101624A (en) * 2007-07-31 2008-01-09 北京华大恒泰科技有限责任公司 Encryption control system and method
CN101795450A (en) * 2009-02-03 2010-08-04 沈阳晨讯希姆通科技有限公司 Method and device for carrying out security protection on mobile phone data
US20120195425A1 (en) * 2010-12-23 2012-08-02 Electronics And Telecommunications Research Institute Security video transmission apparatus, video data reception apparatus, and key generation method thereof
WO2017060277A1 (en) * 2015-10-06 2017-04-13 Qutools Gmbh Methods and apparatuses for local key distribution
CN109547198A (en) * 2018-11-16 2019-03-29 南京钟山虚拟现实技术研究院有限公司 The method and system of network transmission video file
CN110912679A (en) * 2019-11-19 2020-03-24 海南众博数据科技有限公司 Password device

Similar Documents

Publication Publication Date Title
CN110557680B (en) Audio and video data frame transmission method and system
CN111083425B (en) Video stream processing method, device, server, electronic equipment and storage medium
CN110198345B (en) Data request method, system and device and storage medium
CN110022295B (en) Data transmission method and video networking system
CN109547163B (en) Method and device for controlling data transmission rate
CN112333210B (en) Method and equipment for realizing data communication function of video network
CN110392044B (en) Information transmission method and device based on video networking
CN111221664A (en) Operation log processing system
CN109977137B (en) Data query method and device
CN110650147A (en) Data acquisition method and system
CN110535856B (en) User authentication method, device and storage medium
CN109889516B (en) Method and device for establishing session channel
CN110266577B (en) Tunnel establishment method and video networking system
CN110012063B (en) Data packet processing method and system
CN109698859B (en) Data storage method and device based on video network
CN110087147B (en) Audio and video stream transmission method and device
CN110830762B (en) Audio and video data processing method and system
CN109376507B (en) Data security management method and system
CN110677315A (en) Method and system for monitoring state
CN108965366B (en) Version information query method and device
CN110557411A (en) video stream processing method and device based on video network
CN110620936B (en) Video network video backup method and device, electronic equipment and storage medium
CN109639627B (en) Encryption mode switching method and device
CN109617858B (en) Encryption method and device for streaming media link
CN110536148B (en) Live broadcasting method and equipment based on video networking

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination