CN112600833A - Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre - Google Patents
Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre Download PDFInfo
- Publication number
- CN112600833A CN112600833A CN202011447296.3A CN202011447296A CN112600833A CN 112600833 A CN112600833 A CN 112600833A CN 202011447296 A CN202011447296 A CN 202011447296A CN 112600833 A CN112600833 A CN 112600833A
- Authority
- CN
- China
- Prior art keywords
- private key
- data packet
- terminal
- encryption
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012545 processing Methods 0.000 title description 4
- 238000013475 authorization Methods 0.000 abstract description 8
- 238000012423 maintenance Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000010367 cloning Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012858 packaging process Methods 0.000 description 2
- 101100277598 Sorghum bicolor DES3 gene Proteins 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a cloud distributed storage system and a method for private keys of DCP playing equipment of a video-on-demand theater, wherein the system comprises the following components: the system comprises a private key coding module, an encryption module, a cloud server, an authentication server, terminal equipment, a terminal decryption module, a terminal decoding module and the like, and the terminal decoding module and the like. The invention further discloses that the system comprises the encryption equipment and the terminal equipment, wherein the encryption equipment and the terminal equipment jointly form the system of the invention and execute each process of the method of the invention. The invention can solve the problem of the safety storage of the private key of the 1-3 level equipment of the video-on-demand cinema, is compatible with various existing terminal equipment, reduces the safety storage cost of the private key while maintaining the safety of the private key compared with the commercial cinema, adopts cloud unified management and authorization and provides certain convenience for after-sale maintenance and updating.
Description
Technical Field
The invention relates to an encryption system and method, in particular to a cloud distributed storage system and method for private keys of video-on-Demand (DCP) playing equipment.
Background
The video-on-demand cinema is a new film watching mode, and is rapidly developed and reaches a certain scale in China. Meanwhile, the whole industry is accompanied by the problems of non-certified management, fire safety, unqualified showing quality, copyright infringement and the like, and certain restriction is formed on the whole development of the industry. Under the background, the national news publishing broadcast and television bureau publishes a series of regulations and policies, so that the legal status of the video-on-demand cinema is confirmed, meanwhile, the short board of the traditional cinema is made up, a user can watch videos more easily and freely, and meanwhile, new playing channels are added for more videos.
Commercial Cinema movies are currently packaged in the form of a DCP (Digital Cinema Package), which is a set of Digital files used to store and convert audio, image, and data streams of Digital imagery. Generally, an AES symmetric encryption algorithm is used to encrypt the content, and the used film content key is placed in a key transfer message KDM and transferred to an authorized cinema in a secure manner, and each device in the cinema decrypts the received specific film KDM authorization file with its own private key. The whole set of system design fully considers the anti-cloning and anti-piracy, and one key core is the protection of the private key, and the private key storage is protected by adopting a special hardware security module according to the suggestion of the digital cinema initiative alliance (DCI).
The video-on-demand cinema specification divides equipment into 4 levels, the 4 levels of equipment are equipment security levels adopted by the current urban commercial cinema, the 1-3 levels of equipment are security level settings newly proposed in the video-on-demand cinema specification, and the security requirements of each level are mainly determined in the aspects of watermarking, hardware security, anti-piracy and the like. The several levels all bring importance to an authorization and authentication mechanism, and technically carry out classified subdivision on copyright management, thereby not only saving equipment cost, but also promoting the development of the film industry.
However, on-demand cinema is a new digital transmission mode, which needs to meet necessary requirements in terms of security and encryption, otherwise, the digital film source distribution process faces serious anti-cloning and anti-piracy challenges.
Disclosure of Invention
In view of the above problems in the prior art, an object of the present invention is to provide a cloud distributed storage system and method for private keys of a DCP playback device in a video-on-demand theater.
In order to achieve the purpose, the invention adopts the following technical scheme:
a cloud distributed storage system of a private key of a video-on-Demand (DCP) playing device comprises: the private key coding module divides a private key which is distributed to the terminal equipment into a plurality of private key data packets; the encryption module encrypts each private key data packet and converts each private key data packet into an encrypted data packet; the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server; the authentication server stores all the download addresses and authenticates the identity request of the terminal; the terminal device prestores an encryption algorithm of the encryption module, acquires a download address by accessing the authentication server and downloads a corresponding encrypted data packet from each cloud server; the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet; and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
Further, the private key encoding module randomly breaks the private key data plus its own hash check data into a number of packets, each packet plus the packet number and the total number of packets in the header.
Further, the encryption module encrypts the private key data packet using different encryption algorithms.
Furthermore, the terminal equipment only temporarily reserves the private key obtained by decoding and checking in the memory, and sets the use condition of the private key under the condition of network disconnection.
In order to achieve the purpose, the invention also adopts the following technical scheme:
an encryption device for private keys of a video-on-Demand (DCP) playing device comprises: the private key coding module divides a private key which is distributed to the terminal equipment into a plurality of private key data packets; the encryption module encrypts each private key data packet; the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server; and the authentication server stores all the download addresses.
Further, the private key encoding module randomly breaks the private key data plus its own hash check data into a number of packets, each packet plus the packet number and the total number of packets in the header.
Further, the encryption module encrypts the private key data packet using different encryption algorithms.
In order to achieve the purpose, the invention also adopts the following technical scheme:
a DCP playing terminal device for a video-on-demand (VOD) cinema comprises a terminal decryption module and a terminal decoding module: the terminal device prestores an encryption algorithm, and downloads encrypted data packets from each cloud server; the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet; and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
In order to achieve the purpose, the invention also adopts the following technical scheme:
a cloud distribution storage method for private keys of a video-on-Demand (DCP) playing device comprises the following steps: dividing a private key assigned to the device into a plurality of private key packets; encrypting each private key data packet by adopting different encryption modes, and converting each private key data packet into an encrypted data packet; storing the encrypted data packets on different cloud servers, and distributing a downloading address to each encrypted data packet on the corresponding cloud server; storing all the download addresses on an authentication server; the terminal equipment accesses the authentication server to obtain a download address of a cloud server where the encrypted data packet is located; the terminal equipment acquires corresponding encrypted data packets from each cloud server; decrypting each encrypted data packet by using a terminal decryption module of the terminal equipment to obtain each corresponding private key data packet; and logically splicing the private key data packets to form a complete private key.
Furthermore, the complete private key of the terminal equipment is only reserved in the memory for a certain time, so that the situation that the terminal equipment cannot play the private key when the network is suddenly disconnected is avoided.
In the technical scheme, the method and the system can solve the problem of the safety storage of the private key of the 1-3-level equipment of the video-on-demand cinema, are compatible with various existing terminal equipment, reduce the safety storage cost of the private key while maintaining the safety of the private key compared with a commercial cinema, adopt cloud unified management and authorization and provide certain convenience for after-sale maintenance and update.
Drawings
FIG. 1 is a schematic diagram of a digital cinema packaging process according to the present invention;
FIG. 2 is a schematic diagram of cloud-based distributed storage of private keys according to the present invention;
FIG. 3 is a schematic diagram illustrating a process of requesting to obtain a private key by a terminal device according to the present invention;
fig. 4 is a flow chart of the method of the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the drawings and the embodiment.
The invention discloses a cloud distributed storage system and a cloud distributed storage method for private keys of DCP playing equipment of a video-on-demand theater.
As shown in fig. 1, the whole packaging process of the digital cinema content of the video-on-demand theater DCP mainly operates on data such as video, audio and the like, the data are encrypted by an AES-128 method, the video and the audio are respectively encrypted by different keys, and finally, the key data are encrypted again and stored in a movie authorization file KDM by an asymmetric encryption method RSA.
As shown in fig. 1, for example, the packing of video and audio data is performed, the original of the digital power supply is divided into video data and audio data, the two portions of data are encrypted by AES-128 method, and then mxf (material eXchange format) data processing is performed, so as to form a digital cinema DCP packet. In the AES-128 encryption process, the video data and the audio data respectively form a video AES Key and an audio AES Key, the two keys are jointly formed and stored in a set of the digital film AES Key, and a digital film authorization KDM file is finally formed after the encryption of the equipment public Key.
As can be seen from the whole process of fig. 1, the KDM is encrypted by the device public key, and finally, the device-specific private key is essential for the terminal device to successfully decrypt the KDM. The private key leakage can directly cause the appearance of cloned equipment, and the equivalent film authorization can be used by two or more than two equipment at the same time, namely, the film is played at the same time. To avoid this, private key protection is critical.
In view of this, referring to fig. 2 and fig. 3, the system of the present invention mainly includes a private key encoding module 1, an encryption module 2, a cloud server 3, an authentication server 4, a terminal decryption module 5, and a terminal decoding module 6. The cloud distributed storage technology for the private key of the DCP playing equipment of the video-on-demand movie theatre disclosed by the invention has the following characteristics: the private key fragmentation cloud distributed storage method comprises the steps of selecting various encryption algorithms, carrying out decryption by a local hardware security module, and storing private key data without a localized medium.
Thus, fig. 2 shows the encryption and distributed storage scheme of the system of the present invention, while fig. 3 shows the decryption and decoding scheme of the terminal device of the present invention. Each terminal projection device distributes a pair of public and private keys, the public key is submitted to a film authorized producer, and the private key is split, encrypted and cloud distributed stored according to the invention.
As shown in fig. 2, the private key encoding module 1 divides the private key allocated to the terminal device into a plurality of private key data packets, and adopts a scheme of performing hash check on private key data, attaching data obtained by the hash check to the tail of the private key data, and then randomly dividing the private key data and the hash check data into a plurality of packets, and adding the packet number and the total packet number to the head of each packet. For example, the private key encoding module 1 divides the data combining the private key and the hash check value into n parts, and assuming that n is 3, it can be understood that the data is divided into 3 private key data packets, and each private key data packet is preceded by a packet number and a total number of packets to form 3 private key data packets D1, D2, and D3.
The encryption module 2 encrypts each private key data packet and converts each private key data packet into an encrypted data packet. As a preferred embodiment of the present invention, the encryption module 2 encrypts the private key data packet by using different encryption algorithms. Next, in the above example, the encryption module 2 selects 3 encryption algorithms to encrypt D1, D2, and D3, for example, the private key data packet D1 adopts AES encryption algorithm, the private key data packet D2 adopts DES3 encryption algorithm, the private key data packet D3 adopts xor encryption algorithm, and meanwhile, the encrypted data header is added with the algorithm number description data, so as to obtain the encrypted data packets D1', D2', and D3 '.
Continuing with fig. 2, as a more general description, the split private key forms private key data package 1, private key data package 2 … … private key data package n, each of which contains a respective packet number. At this time, the encryption module 2 presets a plurality of encryption modes, and randomly extracts one encryption mode to encrypt the specific private key data packet. For example, the encryption module 2 encrypts the private key packet 1 by the method 2 to generate an encrypted packet, and the encrypted packet includes a corresponding encryption method number. Similarly, the encryption module 2 encrypts … … the private key packet 2 using mode 3 and encrypts n the private key packet n using mode 1.
The cloud server 3 stores the encrypted data packets, the encrypted data packets are stored in different cloud servers 3, and each encrypted data packet has a download address on the corresponding cloud server 3. Following the above example, the system of the present invention uploads the encrypted packets D1', D2', D3' to the A, B, C of the different cloud servers 3 and stores the download address to the authentication server 4 used.
The authentication server 4 stores all the download addresses, and when the terminal equipment provides the identity information and the movie information to the authentication server 4 to request authentication, if the authentication passes, the authentication server 4 issues a private key address list of the cloud server 3.
As shown in fig. 3, the terminal device prestores the encryption algorithm of the encryption module 2, and the terminal device obtains a download address by accessing the authentication server 4 and downloads a corresponding encrypted data packet from each cloud server 3. Next to the above example, the terminal device downloads the data packets according to the private key address list obtained by the authentication server 4, respectively, to obtain the encrypted data packets D1', D2', and D3', and analyzes the encryption algorithm numbers used by the encrypted data packets.
Continuing with fig. 3, as a more general description, the terminal device first requests authentication by the authentication server 4, and obtains the private key address set after passing the authentication. As can be seen from the foregoing system flow, the private key is made into a plurality of encrypted data packets and stored in different cloud servers 3, so that the address of the private key obtained by the terminal device is not a single address, but a set of addresses, where the set includes the download addresses 1 and 2 … … n of the corresponding encrypted data packets. After obtaining the download addresses, the terminal device downloads the data request at the download address n from the download address 1 and the download address 2 … …, respectively, to obtain a plurality of corresponding encrypted packets 1 and encrypted packets 2 … …, which each contain an encryption mode number.
The terminal decryption module 5 decrypts the downloaded encrypted data packet, thereby obtaining a private key data packet. Following the above example, the terminal decryption module 5 sends the encrypted data packets D1', D2' and D3' to the hardware security module for decryption according to the serial numbers of the encryption algorithm, and restores the private key data packets D1, D2 and D3.
And the terminal decoding module 6 decodes and checks the private key data packet to obtain a private key. Next to the above example, the terminal decoding module 6 splices the original data according to the packet numbers of the headers of the private key data D1, D2, and D3 and the total packet number, then analyzes the private key data and the hash check data, and if the check is passed, the private key data is valid private key data.
At this time, the terminal device decrypts the film authorization file KDM by using the obtained valid private key data, and obtains an AES key required by decryption of video and audio of the film.
As a preferred embodiment of the present invention, the terminal device stores the private key obtained by decoding verification, and sets the use condition of the private key under the offline condition. When the authentication cannot be performed due to network reasons, the terminal device can judge the time of passing the authentication last time and the interval of the current time, if the time is in the allowable interval range, judge whether the played movie field in the interval range is smaller than the allowable field range, and if the time is consistent with the allowable field range, allow the playing to adopt the private key data reserved in the memory.
The above description details the specific architecture of the system of the present invention and the operation modes of the various modules within it. Besides the system of the invention, the invention also discloses corresponding encryption equipment and terminal equipment.
Referring to fig. 2, the encryption device of the present invention mainly includes a private key encoding module 1, an encryption module 2, a cloud server 3, and an authentication server 4. The specific functions of the private key encoding module 1, the encryption module 2, the cloud server 3 and the authentication server 4 are similar to those of the corresponding modules in the system of the present invention, and are not described herein again.
Referring to fig. 3, the terminal device of the present invention mainly includes a terminal decryption module 5 and a terminal decoding module 6, and the specific functions of the terminal decryption module 5 and the terminal decoding module 6 are consistent with the corresponding modules in the system of the present invention, and are not described herein again. In this embodiment, the terminal decryption module 5 and the terminal decoding module 6 are integrated in the terminal device, but it should be understood by those skilled in the art that the terminal decryption module 5 and the terminal decoding module 6 may also be arranged independently of the terminal device, so that the terminal device, the terminal decryption module 5 and the terminal decoding module 6 are parallel modules in the system of the present invention, and all of them fall into the protection scope of the present invention.
The cloud distributed storage system of the private key of the DCP playing equipment of the video-on-demand theater, the encryption equipment and the terminal equipment which form the system can be designed as a USB port or a PCI on hardware safety module hardware, are combined with a customized software library, are well provided with a corresponding decryption algorithm and algorithm parameters after handshake communication authentication, are transmitted into an encrypted data packet, and obtain decrypted data after decryption.
Referring to fig. 4, in addition to the system, the encryption device and the terminal device of the present invention, the present invention also discloses a cloud distribution storage method for private keys of a DCP playing device of a video-on-demand theater, which is applicable to the system of the present invention. As shown in fig. 4, the method of the present invention mainly includes the following steps:
s1: the private key assigned to the terminal device is divided into a plurality of private key data packets. In this step, the complete private key data plus its own hash check data is first randomly broken into several packets, and then each packet is added with the packet number and the total number of packets at the header, which means that the packet is totally divided into several packets, currently the number of the packets.
S2: and encrypting each private key data packet by adopting different encryption modes, and converting each private key data packet into an encrypted data packet. The invention presets several encryption algorithms, which can be same algorithm and different key parameters, and can also be different algorithms, and each algorithm is numbered, and the algorithm set is also correspondingly built in the terminal equipment security module. As a preferred embodiment of the method of the present invention, the present invention may randomly adopt several encryption algorithms, encrypt several private key packets split at S1, and add an algorithm number to the header of the encrypted data packet.
S3: and storing the encrypted data packets on different cloud servers, and distributing a downloading address to each encrypted data packet on the corresponding cloud server. Specifically, the encrypted part of the private key is uploaded to different cloud servers, a corresponding download address is generated, and the corresponding download address is stored in the authentication server.
S4: all download addresses are saved on the authentication server. And an authentication service program is arranged in the authentication server, and when the terminal equipment provides identity information and movie information to request authentication, the authentication server provides a corresponding cloud server private key address list.
S5: the terminal equipment accesses the authentication server to obtain the download address of the cloud server where the encrypted data packet is located. Specifically, the terminal device downloads corresponding parts from private key addresses of the cloud servers, and knows which part of algorithm is used for decrypting the part of data according to the description of the head algorithm numbers.
S6: and the terminal equipment acquires the corresponding encrypted data packets from each cloud server. In the step, according to the algorithm number obtained in step S5, the corresponding algorithm type and algorithm parameters are set to the hardware security module, and the unencrypted private key data of each part is obtained by decryption.
S7: and decrypting each encrypted data packet by using a terminal decryption module of the terminal equipment to obtain each corresponding private key data packet. The total number of the packets and the number of the packets are analyzed according to the decrypted data obtained in the step S6, splicing is carried out according to the fact whether the packet sequence number and the total packet number are complete or not, the real private key data and the tail hash verification part are split after splicing is completed, and the packets are regarded as effective private key data after verification is passed.
S8: and logically splicing the private key data packets to form a complete private key.
S9: the terminal device reserves the complete private key in the memory for a certain time, so that the situation that the private key cannot be played during sudden network disconnection is avoided. In the step, the design of accidental network break in the broadcasting cinema place is considered, the equipment cannot obtain the private key when the network break occurs, and the equipment judges whether the previously obtained private key data in the memory can be set according to preset conditions. As a preferred embodiment of the present invention, in step S9, the preset conditions mainly include 2: the method comprises the steps of reasonably setting the interval time and the use times, wherein the private key can be used for 12 times within 24 hours of network disconnection, resetting the interval time and the use times once the private key can be obtained again through network connection authentication, starting from a new obtaining time point at the starting point of the interval time, and reducing the use times to the surplus of 12 times. It should be understood by those skilled in the art that the preset condition is only a choice of many embodiments of the present invention, and in other embodiments, the preset condition may be different conditions.
According to the system and the method, the private key is stored in a distributed manner by utilizing the cloud, the data storage and processing in the whole process are carried out in the memory, and the data trace of the private key cannot be left on the storage media such as a hard disk and a flash memory.
It should be understood by those skilled in the art that the above embodiments are only for illustrating the present invention and are not to be used as a limitation of the present invention, and that changes and modifications to the above described embodiments are within the scope of the claims of the present invention as long as they are within the spirit and scope of the present invention.
Claims (10)
1. The utility model provides a cinema DCP broadcast equipment private key's high in clouds distribution storage system on demand which characterized in that includes:
the private key encoding module divides a private key which is exclusively distributed to the terminal equipment into a plurality of private key data packets;
the encryption module encrypts each private key data packet and converts each private key data packet into an encrypted data packet;
the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server;
the authentication server stores all the download addresses and authenticates the identity request of the terminal;
the terminal device prestores an encryption algorithm of the encryption module, acquires the download address by accessing an authentication server, and downloads a corresponding encrypted data packet from each cloud server;
the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet;
and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
2. The cloud distributed storage system for private keys of video-on-Demand (DCP) playback devices of claim 1, wherein:
the private key encoding module randomly breaks private key data plus its own hash check data into a plurality of packets, and each packet is added with the packet number and the total packet number at the head.
3. The cloud distributed storage system for private keys of video-on-Demand (DCP) playback devices of claim 1, wherein:
the encryption module encrypts the private key data packet using different encryption algorithms.
4. The cloud distributed storage system for private keys of video-on-Demand (DCP) playback devices of claim 1, wherein:
and the terminal equipment only temporarily reserves the private key obtained by decoding and checking in the memory and sets the use condition of the private key under the condition of network disconnection.
5. An encryption device for private keys of a video-on-Demand (DCP) playing device is characterized by comprising:
the private key encoding module divides a private key which is exclusively distributed to the terminal equipment into a plurality of private key data packets;
an encryption module that encrypts each private key data packet;
the cloud server stores the encrypted data packets, the encrypted data packets are stored on different cloud servers, and each encrypted data packet has a download address on the corresponding cloud server;
an authentication server storing all download addresses.
6. The encryption device for private keys of a video-on-demand cinema DCP playback device of claim 5, wherein:
the private key encoding module randomly breaks private key data plus its own hash check data into a plurality of packets, and each packet is added with the packet number and the total packet number at the head.
7. The encryption device for private keys of a video-on-demand cinema DCP playback device of claim 5, wherein:
the encryption module encrypts the private key data packet using different encryption algorithms.
8. A DCP playing terminal device for a video-on-demand movie is characterized by comprising a terminal decryption module and a terminal decoding module:
the terminal device prestores an encryption algorithm, and downloads encrypted data packets from each cloud server;
the terminal decryption module decrypts the downloaded encrypted data packet so as to obtain a private key data packet;
and the terminal decoding module is used for decoding and checking the private key data packet to obtain a private key.
9. A cloud distribution storage method for private keys of a video-on-Demand (DCP) playing device is characterized by comprising the following steps:
dividing a private key allocated to the terminal device into a plurality of private key data packets;
encrypting each private key data packet by adopting different encryption modes, and converting each private key data packet into an encrypted data packet;
storing the encrypted data packets on different cloud servers, and distributing a downloading address to each encrypted data packet on the corresponding cloud server;
storing all the download addresses on an authentication server;
the terminal equipment accesses the authentication server to obtain a download address of a cloud server where the encrypted data packet is located;
the terminal equipment acquires corresponding encrypted data packets from each cloud server;
decrypting each encrypted data packet by using a terminal decryption module of the terminal equipment to obtain each corresponding private key data packet;
and logically splicing the private key data packets to form a complete private key.
10. The cloud distributed storage method for the private key of the DCP playback device of the video-on-demand theater as claimed in claim 9, wherein the terminal device only reserves the complete private key in the memory for a certain time, thereby avoiding the situation that the private key cannot be played in case of sudden network outage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011447296.3A CN112600833A (en) | 2020-12-09 | 2020-12-09 | Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011447296.3A CN112600833A (en) | 2020-12-09 | 2020-12-09 | Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112600833A true CN112600833A (en) | 2021-04-02 |
Family
ID=75191925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011447296.3A Pending CN112600833A (en) | 2020-12-09 | 2020-12-09 | Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112600833A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106686008A (en) * | 2017-03-03 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Information storage method and information storage device |
| US9673975B1 (en) * | 2015-06-26 | 2017-06-06 | EMC IP Holding Company LLC | Cryptographic key splitting for offline and online data protection |
| CN110278078A (en) * | 2019-06-17 | 2019-09-24 | 矩阵元技术(深圳)有限公司 | A kind of data processing method, apparatus and system |
| CN111600710A (en) * | 2017-10-27 | 2020-08-28 | 财付通支付科技有限公司 | Key storage method, device, terminal, server and readable medium |
-
2020
- 2020-12-09 CN CN202011447296.3A patent/CN112600833A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9673975B1 (en) * | 2015-06-26 | 2017-06-06 | EMC IP Holding Company LLC | Cryptographic key splitting for offline and online data protection |
| CN106686008A (en) * | 2017-03-03 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Information storage method and information storage device |
| CN111600710A (en) * | 2017-10-27 | 2020-08-28 | 财付通支付科技有限公司 | Key storage method, device, terminal, server and readable medium |
| CN110278078A (en) * | 2019-06-17 | 2019-09-24 | 矩阵元技术(深圳)有限公司 | A kind of data processing method, apparatus and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10848806B2 (en) | Technique for securely communicating programming content | |
| US10754930B2 (en) | Remotely managed trusted execution environment for digital rights management in a distributed network with thin clients | |
| EP3105882B1 (en) | Method, apparatus and computer readable medium for securing content keys delivered in manifest files | |
| KR100957121B1 (en) | Key distribution method and authentication server | |
| US8413256B2 (en) | Content protection and digital rights management (DRM) | |
| US10055553B2 (en) | PC secure video path | |
| US9385997B2 (en) | Protection of control words employed by conditional access systems | |
| US8160248B2 (en) | Authenticated mode control | |
| CN105190660A (en) | Security and key management of digital content | |
| CN106797309B (en) | Method and system for securing communication with a control module in a playback device | |
| JP2007511946A (en) | System and method for using DRM for conditional access control of broadcast digital content | |
| US20110113443A1 (en) | IP TV With DRM | |
| US20060018465A1 (en) | Information-processing system, information-processing apparatus, information-processing method, and program | |
| KR20110004332A (en) | Processing recordable content in a stream | |
| WO2008139335A1 (en) | Transferring digital data | |
| EP3317796A1 (en) | Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients | |
| CN112600833A (en) | Cloud distributed storage system and method for private key of DCP (digital data processing) playing equipment of video-on-demand movie theatre | |
| KR102286784B1 (en) | A security system for broadcasting system | |
| KR101383378B1 (en) | Mobile iptv service system using downloadable conditional access system and method thereof | |
| KR100950596B1 (en) | Broadcasting receiving apparatus based on downloadable conditional access system and method for reinforcing security thereof | |
| KR20080069789A (en) | Broadcast receiver and method for authentication of copy protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210402 |
|
| RJ01 | Rejection of invention patent application after publication |