CN112600833A - Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre - Google Patents

Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre Download PDF

Info

Publication number
CN112600833A
CN112600833A CN202011447296.3A CN202011447296A CN112600833A CN 112600833 A CN112600833 A CN 112600833A CN 202011447296 A CN202011447296 A CN 202011447296A CN 112600833 A CN112600833 A CN 112600833A
Authority
CN
China
Prior art keywords
private key
data packet
terminal
encryption
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011447296.3A
Other languages
Chinese (zh)
Inventor
高伟
徐巧勇
王嶺
袁伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANGHAI MEDIA & ENTERTAINMENT TECHNOLOGY GROUP
Original Assignee
SHANGHAI MEDIA & ENTERTAINMENT TECHNOLOGY GROUP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANGHAI MEDIA & ENTERTAINMENT TECHNOLOGY GROUP filed Critical SHANGHAI MEDIA & ENTERTAINMENT TECHNOLOGY GROUP
Priority to CN202011447296.3A priority Critical patent/CN112600833A/en
Publication of CN112600833A publication Critical patent/CN112600833A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention discloses a cloud distributed storage system and a method for private keys of DCP playing equipment of a video-on-demand theater, wherein the system comprises the following components: the system comprises a private key coding module, an encryption module, a cloud server, an authentication server, terminal equipment, a terminal decryption module, a terminal decoding module and the like, and the terminal decoding module and the like. The invention further discloses that the system comprises the encryption equipment and the terminal equipment, wherein the encryption equipment and the terminal equipment jointly form the system of the invention and execute each process of the method of the invention. The invention can solve the problem of the safety storage of the private key of the 1-3 level equipment of the video-on-demand cinema, is compatible with various existing terminal equipment, reduces the safety storage cost of the private key while maintaining the safety of the private key compared with the commercial cinema, adopts cloud unified management and authorization and provides certain convenience for after-sale maintenance and updating.

Description

Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre
Technical Field
The invention relates to an encryption system and method, in particular to a cloud distributed storage system and method for private keys of video-on-Demand (DCP) playing equipment.
Background
The video-on-demand cinema is a new film watching mode, and is rapidly developed and reaches a certain scale in China. Meanwhile, the whole industry is accompanied by the problems of non-certified management, fire safety, unqualified showing quality, copyright infringement and the like, and certain restriction is formed on the whole development of the industry. Under the background, the national news publishing broadcast and television bureau publishes a series of regulations and policies, so that the legal status of the video-on-demand cinema is confirmed, meanwhile, the short board of the traditional cinema is made up, a user can watch videos more easily and freely, and meanwhile, new playing channels are added for more videos.
Commercial Cinema movies are currently packaged in the form of a DCP (Digital Cinema Package), which is a set of Digital files used to store and convert audio, image, and data streams of Digital imagery. Generally, an AES symmetric encryption algorithm is used to encrypt the content, and the used film content key is placed in a key transfer message KDM and transferred to an authorized cinema in a secure manner, and each device in the cinema decrypts the received specific film KDM authorization file with its own private key. The whole set of system design fully considers the anti-cloning and anti-piracy, and one key core is the protection of the private key, and the private key storage is protected by adopting a special hardware security module according to the suggestion of the digital cinema initiative alliance (DCI).
The video-on-demand cinema specification divides equipment into 4 levels, the 4 levels of equipment are equipment security levels adopted by the current urban commercial cinema, the 1-3 levels of equipment are security level settings newly proposed in the video-on-demand cinema specification, and the security requirements of each level are mainly determined in the aspects of watermarking, hardware security, anti-piracy and the like. The several levels all bring importance to an authorization and authentication mechanism, and technically carry out classified subdivision on copyright management, thereby not only saving equipment cost, but also promoting the development of the film industry.
However, on-demand cinema is a new digital transmission mode, which needs to meet necessary requirements in terms of security and encryption, otherwise, the digital film source distribution process faces serious anti-cloning and anti-piracy challenges.
Disclosure of Invention
In view of the above problems in the prior art, an object of the present invention is to provide a cloud distributed storage system and method for private keys of a DCP playback device in a video-on-demand theater.
In order to achieve the purpose, the invention adopts the following technical scheme:
a cloud distributed storage system of a private key of a video-on-Demand (DCP) playing device comprises: the private key coding module divides a private key which is distributed to the terminal equipment into a plurality of private key data packets; the encryption module encrypts each private key data packet and converts each private key data packet into an encrypted data packet; the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server; the authentication server stores all the download addresses and authenticates the identity request of the terminal; the terminal device prestores an encryption algorithm of the encryption module, acquires a download address by accessing the authentication server and downloads a corresponding encrypted data packet from each cloud server; the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet; and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
Further, the private key encoding module randomly breaks the private key data plus its own hash check data into a number of packets, each packet plus the packet number and the total number of packets in the header.
Further, the encryption module encrypts the private key data packet using different encryption algorithms.
Furthermore, the terminal equipment only temporarily reserves the private key obtained by decoding and checking in the memory, and sets the use condition of the private key under the condition of network disconnection.
In order to achieve the purpose, the invention also adopts the following technical scheme:
an encryption device for private keys of a video-on-Demand (DCP) playing device comprises: the private key coding module divides a private key which is distributed to the terminal equipment into a plurality of private key data packets; the encryption module encrypts each private key data packet; the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server; and the authentication server stores all the download addresses.
Further, the private key encoding module randomly breaks the private key data plus its own hash check data into a number of packets, each packet plus the packet number and the total number of packets in the header.
Further, the encryption module encrypts the private key data packet using different encryption algorithms.
In order to achieve the purpose, the invention also adopts the following technical scheme:
a DCP playing terminal device for a video-on-demand (VOD) cinema comprises a terminal decryption module and a terminal decoding module: the terminal device prestores an encryption algorithm, and downloads encrypted data packets from each cloud server; the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet; and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
In order to achieve the purpose, the invention also adopts the following technical scheme:
a cloud distribution storage method for private keys of a video-on-Demand (DCP) playing device comprises the following steps: dividing a private key assigned to the device into a plurality of private key packets; encrypting each private key data packet by adopting different encryption modes, and converting each private key data packet into an encrypted data packet; storing the encrypted data packets on different cloud servers, and distributing a downloading address to each encrypted data packet on the corresponding cloud server; storing all the download addresses on an authentication server; the terminal equipment accesses the authentication server to obtain a download address of a cloud server where the encrypted data packet is located; the terminal equipment acquires corresponding encrypted data packets from each cloud server; decrypting each encrypted data packet by using a terminal decryption module of the terminal equipment to obtain each corresponding private key data packet; and logically splicing the private key data packets to form a complete private key.
Furthermore, the complete private key of the terminal equipment is only reserved in the memory for a certain time, so that the situation that the terminal equipment cannot play the private key when the network is suddenly disconnected is avoided.
In the technical scheme, the method and the system can solve the problem of the safety storage of the private key of the 1-3-level equipment of the video-on-demand cinema, are compatible with various existing terminal equipment, reduce the safety storage cost of the private key while maintaining the safety of the private key compared with a commercial cinema, adopt cloud unified management and authorization and provide certain convenience for after-sale maintenance and update.
Drawings
FIG. 1 is a schematic diagram of a digital cinema packaging process according to the present invention;
FIG. 2 is a schematic diagram of cloud-based distributed storage of private keys according to the present invention;
FIG. 3 is a schematic diagram illustrating a process of requesting to obtain a private key by a terminal device according to the present invention;
fig. 4 is a flow chart of the method of the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the drawings and the embodiment.
The invention discloses a cloud distributed storage system and a cloud distributed storage method for private keys of DCP playing equipment of a video-on-demand theater.
As shown in fig. 1, the whole packaging process of the digital cinema content of the video-on-demand theater DCP mainly operates on data such as video, audio and the like, the data are encrypted by an AES-128 method, the video and the audio are respectively encrypted by different keys, and finally, the key data are encrypted again and stored in a movie authorization file KDM by an asymmetric encryption method RSA.
As shown in fig. 1, for example, the packing of video and audio data is performed, the original of the digital power supply is divided into video data and audio data, the two portions of data are encrypted by AES-128 method, and then mxf (material eXchange format) data processing is performed, so as to form a digital cinema DCP packet. In the AES-128 encryption process, the video data and the audio data respectively form a video AES Key and an audio AES Key, the two keys are jointly formed and stored in a set of the digital film AES Key, and a digital film authorization KDM file is finally formed after the encryption of the equipment public Key.
As can be seen from the whole process of fig. 1, the KDM is encrypted by the device public key, and finally, the device-specific private key is essential for the terminal device to successfully decrypt the KDM. The private key leakage can directly cause the appearance of cloned equipment, and the equivalent film authorization can be used by two or more than two equipment at the same time, namely, the film is played at the same time. To avoid this, private key protection is critical.
In view of this, referring to fig. 2 and fig. 3, the system of the present invention mainly includes a private key encoding module 1, an encryption module 2, a cloud server 3, an authentication server 4, a terminal decryption module 5, and a terminal decoding module 6. The cloud distributed storage technology for the private key of the DCP playing equipment of the video-on-demand movie theatre disclosed by the invention has the following characteristics: the private key fragmentation cloud distributed storage method comprises the steps of selecting various encryption algorithms, carrying out decryption by a local hardware security module, and storing private key data without a localized medium.
Thus, fig. 2 shows the encryption and distributed storage scheme of the system of the present invention, while fig. 3 shows the decryption and decoding scheme of the terminal device of the present invention. Each terminal projection device distributes a pair of public and private keys, the public key is submitted to a film authorized producer, and the private key is split, encrypted and cloud distributed stored according to the invention.
As shown in fig. 2, the private key encoding module 1 divides the private key allocated to the terminal device into a plurality of private key data packets, and adopts a scheme of performing hash check on private key data, attaching data obtained by the hash check to the tail of the private key data, and then randomly dividing the private key data and the hash check data into a plurality of packets, and adding the packet number and the total packet number to the head of each packet. For example, the private key encoding module 1 divides the data combining the private key and the hash check value into n parts, and assuming that n is 3, it can be understood that the data is divided into 3 private key data packets, and each private key data packet is preceded by a packet number and a total number of packets to form 3 private key data packets D1, D2, and D3.
The encryption module 2 encrypts each private key data packet and converts each private key data packet into an encrypted data packet. As a preferred embodiment of the present invention, the encryption module 2 encrypts the private key data packet by using different encryption algorithms. Next, in the above example, the encryption module 2 selects 3 encryption algorithms to encrypt D1, D2, and D3, for example, the private key data packet D1 adopts AES encryption algorithm, the private key data packet D2 adopts DES3 encryption algorithm, the private key data packet D3 adopts xor encryption algorithm, and meanwhile, the encrypted data header is added with the algorithm number description data, so as to obtain the encrypted data packets D1', D2', and D3 '.
Continuing with fig. 2, as a more general description, the split private key forms private key data package 1, private key data package 2 … … private key data package n, each of which contains a respective packet number. At this time, the encryption module 2 presets a plurality of encryption modes, and randomly extracts one encryption mode to encrypt the specific private key data packet. For example, the encryption module 2 encrypts the private key packet 1 by the method 2 to generate an encrypted packet, and the encrypted packet includes a corresponding encryption method number. Similarly, the encryption module 2 encrypts … … the private key packet 2 using mode 3 and encrypts n the private key packet n using mode 1.
The cloud server 3 stores the encrypted data packets, the encrypted data packets are stored in different cloud servers 3, and each encrypted data packet has a download address on the corresponding cloud server 3. Following the above example, the system of the present invention uploads the encrypted packets D1', D2', D3' to the A, B, C of the different cloud servers 3 and stores the download address to the authentication server 4 used.
The authentication server 4 stores all the download addresses, and when the terminal equipment provides the identity information and the movie information to the authentication server 4 to request authentication, if the authentication passes, the authentication server 4 issues a private key address list of the cloud server 3.
As shown in fig. 3, the terminal device prestores the encryption algorithm of the encryption module 2, and the terminal device obtains a download address by accessing the authentication server 4 and downloads a corresponding encrypted data packet from each cloud server 3. Next to the above example, the terminal device downloads the data packets according to the private key address list obtained by the authentication server 4, respectively, to obtain the encrypted data packets D1', D2', and D3', and analyzes the encryption algorithm numbers used by the encrypted data packets.
Continuing with fig. 3, as a more general description, the terminal device first requests authentication by the authentication server 4, and obtains the private key address set after passing the authentication. As can be seen from the foregoing system flow, the private key is made into a plurality of encrypted data packets and stored in different cloud servers 3, so that the address of the private key obtained by the terminal device is not a single address, but a set of addresses, where the set includes the download addresses 1 and 2 … … n of the corresponding encrypted data packets. After obtaining the download addresses, the terminal device downloads the data request at the download address n from the download address 1 and the download address 2 … …, respectively, to obtain a plurality of corresponding encrypted packets 1 and encrypted packets 2 … …, which each contain an encryption mode number.
The terminal decryption module 5 decrypts the downloaded encrypted data packet, thereby obtaining a private key data packet. Following the above example, the terminal decryption module 5 sends the encrypted data packets D1', D2' and D3' to the hardware security module for decryption according to the serial numbers of the encryption algorithm, and restores the private key data packets D1, D2 and D3.
And the terminal decoding module 6 decodes and checks the private key data packet to obtain a private key. Next to the above example, the terminal decoding module 6 splices the original data according to the packet numbers of the headers of the private key data D1, D2, and D3 and the total packet number, then analyzes the private key data and the hash check data, and if the check is passed, the private key data is valid private key data.
At this time, the terminal device decrypts the film authorization file KDM by using the obtained valid private key data, and obtains an AES key required by decryption of video and audio of the film.
As a preferred embodiment of the present invention, the terminal device stores the private key obtained by decoding verification, and sets the use condition of the private key under the offline condition. When the authentication cannot be performed due to network reasons, the terminal device can judge the time of passing the authentication last time and the interval of the current time, if the time is in the allowable interval range, judge whether the played movie field in the interval range is smaller than the allowable field range, and if the time is consistent with the allowable field range, allow the playing to adopt the private key data reserved in the memory.
The above description details the specific architecture of the system of the present invention and the operation modes of the various modules within it. Besides the system of the invention, the invention also discloses corresponding encryption equipment and terminal equipment.
Referring to fig. 2, the encryption device of the present invention mainly includes a private key encoding module 1, an encryption module 2, a cloud server 3, and an authentication server 4. The specific functions of the private key encoding module 1, the encryption module 2, the cloud server 3 and the authentication server 4 are similar to those of the corresponding modules in the system of the present invention, and are not described herein again.
Referring to fig. 3, the terminal device of the present invention mainly includes a terminal decryption module 5 and a terminal decoding module 6, and the specific functions of the terminal decryption module 5 and the terminal decoding module 6 are consistent with the corresponding modules in the system of the present invention, and are not described herein again. In this embodiment, the terminal decryption module 5 and the terminal decoding module 6 are integrated in the terminal device, but it should be understood by those skilled in the art that the terminal decryption module 5 and the terminal decoding module 6 may also be arranged independently of the terminal device, so that the terminal device, the terminal decryption module 5 and the terminal decoding module 6 are parallel modules in the system of the present invention, and all of them fall into the protection scope of the present invention.
The cloud distributed storage system of the private key of the DCP playing equipment of the video-on-demand theater, the encryption equipment and the terminal equipment which form the system can be designed as a USB port or a PCI on hardware safety module hardware, are combined with a customized software library, are well provided with a corresponding decryption algorithm and algorithm parameters after handshake communication authentication, are transmitted into an encrypted data packet, and obtain decrypted data after decryption.
Referring to fig. 4, in addition to the system, the encryption device and the terminal device of the present invention, the present invention also discloses a cloud distribution storage method for private keys of a DCP playing device of a video-on-demand theater, which is applicable to the system of the present invention. As shown in fig. 4, the method of the present invention mainly includes the following steps:
s1: the private key assigned to the terminal device is divided into a plurality of private key data packets. In this step, the complete private key data plus its own hash check data is first randomly broken into several packets, and then each packet is added with the packet number and the total number of packets at the header, which means that the packet is totally divided into several packets, currently the number of the packets.
S2: and encrypting each private key data packet by adopting different encryption modes, and converting each private key data packet into an encrypted data packet. The invention presets several encryption algorithms, which can be same algorithm and different key parameters, and can also be different algorithms, and each algorithm is numbered, and the algorithm set is also correspondingly built in the terminal equipment security module. As a preferred embodiment of the method of the present invention, the present invention may randomly adopt several encryption algorithms, encrypt several private key packets split at S1, and add an algorithm number to the header of the encrypted data packet.
S3: and storing the encrypted data packets on different cloud servers, and distributing a downloading address to each encrypted data packet on the corresponding cloud server. Specifically, the encrypted part of the private key is uploaded to different cloud servers, a corresponding download address is generated, and the corresponding download address is stored in the authentication server.
S4: all download addresses are saved on the authentication server. And an authentication service program is arranged in the authentication server, and when the terminal equipment provides identity information and movie information to request authentication, the authentication server provides a corresponding cloud server private key address list.
S5: the terminal equipment accesses the authentication server to obtain the download address of the cloud server where the encrypted data packet is located. Specifically, the terminal device downloads corresponding parts from private key addresses of the cloud servers, and knows which part of algorithm is used for decrypting the part of data according to the description of the head algorithm numbers.
S6: and the terminal equipment acquires the corresponding encrypted data packets from each cloud server. In the step, according to the algorithm number obtained in step S5, the corresponding algorithm type and algorithm parameters are set to the hardware security module, and the unencrypted private key data of each part is obtained by decryption.
S7: and decrypting each encrypted data packet by using a terminal decryption module of the terminal equipment to obtain each corresponding private key data packet. The total number of the packets and the number of the packets are analyzed according to the decrypted data obtained in the step S6, splicing is carried out according to the fact whether the packet sequence number and the total packet number are complete or not, the real private key data and the tail hash verification part are split after splicing is completed, and the packets are regarded as effective private key data after verification is passed.
S8: and logically splicing the private key data packets to form a complete private key.
S9: the terminal device reserves the complete private key in the memory for a certain time, so that the situation that the private key cannot be played during sudden network disconnection is avoided. In the step, the design of accidental network break in the broadcasting cinema place is considered, the equipment cannot obtain the private key when the network break occurs, and the equipment judges whether the previously obtained private key data in the memory can be set according to preset conditions. As a preferred embodiment of the present invention, in step S9, the preset conditions mainly include 2: the method comprises the steps of reasonably setting the interval time and the use times, wherein the private key can be used for 12 times within 24 hours of network disconnection, resetting the interval time and the use times once the private key can be obtained again through network connection authentication, starting from a new obtaining time point at the starting point of the interval time, and reducing the use times to the surplus of 12 times. It should be understood by those skilled in the art that the preset condition is only a choice of many embodiments of the present invention, and in other embodiments, the preset condition may be different conditions.
According to the system and the method, the private key is stored in a distributed manner by utilizing the cloud, the data storage and processing in the whole process are carried out in the memory, and the data trace of the private key cannot be left on the storage media such as a hard disk and a flash memory.
It should be understood by those skilled in the art that the above embodiments are only for illustrating the present invention and are not to be used as a limitation of the present invention, and that changes and modifications to the above described embodiments are within the scope of the claims of the present invention as long as they are within the spirit and scope of the present invention.

Claims (10)

1. The utility model provides a cinema DCP broadcast equipment private key's high in clouds distribution storage system on demand which characterized in that includes:
the private key encoding module divides a private key which is exclusively distributed to the terminal equipment into a plurality of private key data packets;
the encryption module encrypts each private key data packet and converts each private key data packet into an encrypted data packet;
the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server;
the authentication server stores all the download addresses and authenticates the identity request of the terminal;
the terminal device prestores an encryption algorithm of the encryption module, acquires the download address by accessing an authentication server, and downloads a corresponding encrypted data packet from each cloud server;
the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet;
and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
2. The cloud distributed storage system for private keys of video-on-Demand (DCP) playback devices of claim 1, wherein:
the private key encoding module randomly breaks private key data plus its own hash check data into a plurality of packets, and each packet is added with the packet number and the total packet number at the head.
3. The cloud distributed storage system for private keys of video-on-Demand (DCP) playback devices of claim 1, wherein:
the encryption module encrypts the private key data packet using different encryption algorithms.
4. The cloud distributed storage system for private keys of video-on-Demand (DCP) playback devices of claim 1, wherein:
and the terminal equipment only temporarily reserves the private key obtained by decoding and checking in the memory and sets the use condition of the private key under the condition of network disconnection.
5. An encryption device for private keys of a video-on-Demand (DCP) playing device is characterized by comprising:
the private key encoding module divides a private key which is exclusively distributed to the terminal equipment into a plurality of private key data packets;
an encryption module that encrypts each private key data packet;
the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server;
an authentication server storing all download addresses.
6. The encryption device for private keys of a video-on-demand cinema DCP playback device of claim 5, wherein:
the private key encoding module randomly breaks private key data plus its own hash check data into a plurality of packets, and each packet is added with the packet number and the total packet number at the head.
7. The encryption device for private keys of a video-on-demand cinema DCP playback device of claim 5, wherein:
the encryption module encrypts the private key data packet using different encryption algorithms.
8. A DCP playing terminal device for a video-on-demand movie is characterized by comprising a terminal decryption module and a terminal decoding module:
the terminal device prestores an encryption algorithm, and downloads encrypted data packets from each cloud server;
the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet;
and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
9. A cloud distribution storage method for private keys of a video-on-Demand (DCP) playing device is characterized by comprising the following steps:
dividing a private key allocated to the terminal device into a plurality of private key data packets;
encrypting each private key data packet by adopting different encryption modes, and converting each private key data packet into an encrypted data packet;
storing the encrypted data packets on different cloud servers, and distributing a downloading address to each encrypted data packet on the corresponding cloud server;
storing all the download addresses on an authentication server;
the terminal equipment accesses the authentication server to obtain a download address of a cloud server where the encrypted data packet is located;
the terminal equipment acquires corresponding encrypted data packets from each cloud server;
decrypting each encrypted data packet by using a terminal decryption module of the terminal equipment to obtain each corresponding private key data packet;
and logically splicing the private key data packets to form a complete private key.
10. The cloud distributed storage method for the private key of the DCP playback device of the video-on-demand theater as claimed in claim 9, wherein the terminal device only reserves the complete private key in the memory for a certain time, thereby avoiding the situation that the private key cannot be played in case of sudden network outage.
CN202011447296.3A 2020-12-09 2020-12-09 Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre Pending CN112600833A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011447296.3A CN112600833A (en) 2020-12-09 2020-12-09 Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011447296.3A CN112600833A (en) 2020-12-09 2020-12-09 Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre

Publications (1)

Publication Number Publication Date
CN112600833A true CN112600833A (en) 2021-04-02

Family

ID=75191925

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011447296.3A Pending CN112600833A (en) 2020-12-09 2020-12-09 Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre

Country Status (1)

Country Link
CN (1) CN112600833A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106686008A (en) * 2017-03-03 2017-05-17 腾讯科技(深圳)有限公司 Information storage method and information storage device
US9673975B1 (en) * 2015-06-26 2017-06-06 EMC IP Holding Company LLC Cryptographic key splitting for offline and online data protection
CN110278078A (en) * 2019-06-17 2019-09-24 矩阵元技术(深圳)有限公司 A kind of data processing method, apparatus and system
CN111600710A (en) * 2017-10-27 2020-08-28 财付通支付科技有限公司 Key storage method, device, terminal, server and readable medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9673975B1 (en) * 2015-06-26 2017-06-06 EMC IP Holding Company LLC Cryptographic key splitting for offline and online data protection
CN106686008A (en) * 2017-03-03 2017-05-17 腾讯科技(深圳)有限公司 Information storage method and information storage device
CN111600710A (en) * 2017-10-27 2020-08-28 财付通支付科技有限公司 Key storage method, device, terminal, server and readable medium
CN110278078A (en) * 2019-06-17 2019-09-24 矩阵元技术(深圳)有限公司 A kind of data processing method, apparatus and system

Similar Documents

Publication Publication Date Title
US10848806B2 (en) Technique for securely communicating programming content
US10754930B2 (en) Remotely managed trusted execution environment for digital rights management in a distributed network with thin clients
EP3105882B1 (en) Method, apparatus and computer readable medium for securing content keys delivered in manifest files
KR100957121B1 (en) Key distribution method and authentication server
US8413256B2 (en) Content protection and digital rights management (DRM)
US10055553B2 (en) PC secure video path
US9385997B2 (en) Protection of control words employed by conditional access systems
US8160248B2 (en) Authenticated mode control
CN105190660A (en) Security and key management of digital content
CN106797309B (en) Method and system for securing communication with a control module in a playback device
JP2007511946A (en) System and method for using DRM for conditional access control of broadcast digital content
US20110113443A1 (en) IP TV With DRM
US20060018465A1 (en) Information-processing system, information-processing apparatus, information-processing method, and program
KR20110004332A (en) Processing recordable content in a stream
WO2008139335A1 (en) Transferring digital data
EP3317796A1 (en) Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients
CN112600833A (en) Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre
KR102286784B1 (en) A security system for broadcasting system
KR101383378B1 (en) Mobile iptv service system using downloadable conditional access system and method thereof
KR100950596B1 (en) Broadcasting receiving apparatus based on downloadable conditional access system and method for reinforcing security thereof
KR20080069789A (en) Broadcast receiver and method for authentication of copy protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210402

RJ01 Rejection of invention patent application after publication