CN112954388A - Data file acquisition method and device, terminal equipment and storage medium - Google Patents

Abstract

The embodiment of the invention provides a method and a device for acquiring a data file, a terminal device and a storage medium, wherein the method comprises the following steps: sending an acquisition request of the on-demand file to a storage server, and receiving an encrypted on-demand file corresponding to an on-demand file identifier and a target video network number of a core server corresponding to the on-demand file identifier, which are returned by the storage server; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

Description

Data file acquisition method and device, terminal equipment and storage medium

Technical Field

The present invention relates to the field of video networking technologies, and in particular, to a method and an apparatus for acquiring a data file, a terminal device, and a storage medium.

Background

When business data transmission is carried out in the video network, the business data can be stored in the storage server, if the hard disk of the storage server is maliciously removed, the content of the hard disk can be directly read, and therefore when the business data transmission is carried out, the problem of business data leakage can be caused, so that the safety of the business data is guaranteed, and the problem of urgent need for solving at present is not leaked.

Disclosure of Invention

In view of the above problems, embodiments of the present invention are proposed to provide a data file acquisition method, apparatus, terminal device and storage medium that overcome or at least partially solve the above problems.

In a first aspect, an embodiment of the present invention provides a method for acquiring a data file, where the method includes:

sending an acquisition request of an on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier;

receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server;

receiving a target video networking number of a core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;

acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;

and decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

Optionally, before the sending the request for obtaining the on-demand file to the storage server, the method further includes:

encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.

Optionally, the method further comprises:

and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.

Optionally, before the encrypting the original on-demand file by using the symmetric key to obtain the first encrypted file, the method further includes:

determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;

sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

Optionally, the decrypting the encrypted on-demand file by using the decryption key to obtain an on-demand file includes:

acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

Optionally, the method further comprises:

and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.

Optionally, after the decrypting the encrypted on-demand file by using the encryption key to obtain an original on-demand file, the method further includes:

carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

In a second aspect, an embodiment of the present invention provides an apparatus for acquiring a data file, where the apparatus includes:

the request module is used for sending an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier;

the first receiving module is used for receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;

the acquisition module is used for receiving a target video networking number of the core server, corresponding to the on-demand file identifier, returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;

the second receiving module is used for acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;

and the decryption module is used for decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

Optionally, the apparatus further comprises a first encryption module, the first encryption module is configured to:

encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.

Optionally, the first encryption module is further configured to:

and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.

Optionally, the apparatus further comprises a second encryption module, the second encryption module being configured to:

determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;

sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

Optionally, the decryption module is configured to:

acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

Optionally, the apparatus further comprises a third encryption module, the third encryption module is configured to:

and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.

Optionally, the apparatus further comprises a verification module configured to:

carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

In a third aspect, an embodiment of the present invention provides a terminal device, including: at least one processor and memory;

the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for acquiring a data file provided in the first aspect.

In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed, the method for acquiring a data file provided in the first aspect is implemented.

The embodiment of the invention has the following advantages:

according to the method, the device, the terminal equipment and the storage medium for acquiring the data file, provided by the embodiment of the invention, the request for acquiring the on-demand file is sent to the storage server, wherein the request for acquiring the on-demand file comprises the on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

Drawings

FIG. 1 is a flowchart illustrating the steps of an embodiment of a method for obtaining a data file according to the present invention;

FIG. 2 is a flowchart illustrating steps of an embodiment of a method for saving a data file according to the present invention;

FIG. 3 is a flowchart illustrating the steps of another embodiment of a method for retrieving a data file;

FIG. 4 is a flowchart illustrating the steps of another embodiment of a method for retrieving a data file;

FIG. 5 is a block diagram of an embodiment of an apparatus for acquiring a data file according to the present invention;

fig. 6 is a schematic structural diagram of a terminal device of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.

The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.

The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like on a system platform on a network platform, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcast control, information distribution and the like, and realizes high-definition quality video broadcast through a television or a computer.

Based on the characteristics of the video network, one of the core concepts of the embodiment of the invention is provided, wherein the request for acquiring the on-demand file is sent to the storage server, and the request for acquiring the on-demand file comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

The nouns are explained as follows:

SM2 asymmetric encryption algorithm: namely an elliptic curve public key cryptographic algorithm; the SM2 algorithm is an ECC elliptic curve cryptography mechanism, but is different from international standards such as ECDSA, ECDH and the like in signature and key exchange, and adopts a more secure mechanism. In addition, the SM2 recommends a 256-bit curve as the standard curve. The SM2 standard includes four parts, a general rule, a digital signature algorithm, a key exchange protocol, and a public key encryption algorithm, and details and examples of implementation are described in the appendix of each part. The SM2 algorithm mainly considers elliptic curves on prime fields Fp and F2m, and introduces representation, operation, and point representation, operation, and multiple point calculation algorithms of the elliptic curves on the fields respectively. Then, data conversion in a programming language is introduced, including data conversion rules between integer and byte strings, byte strings and bit strings, field elements and integers, and dots and byte strings. The parameter generation and verification of the elliptic curve in the finite field are explained in detail, the parameter of the elliptic curve comprises the selection of the finite field, the parameter of an elliptic curve equation, the selection of a base point of an elliptic curve group and the like, and a selected standard is given for facilitating the verification. And finally, generating a key pair on the elliptic curve and verifying a public key, wherein the key pair of the user is (s, sP), s is a private key of the user, sP is a public key of the user, s is difficult to obtain from sP due to the discrete logarithm problem, and generating details and a verification mode of the key pair are provided aiming at a prime field and a binary expanded field. Digital signature algorithms (including digital signature generation algorithms and verification algorithms), key exchange protocols, and public key encryption algorithms (including encryption algorithms and decryption algorithms) are given on a general rule basis, and an algorithm description, an algorithm flow, and related examples are given in each section. The digital signature algorithm, the key exchange protocol, and the public key encryption algorithm all use the SM3 cryptographic hash algorithm and the random number generator approved by the national crypto authority. The digital signature algorithm, the key exchange protocol and the public key encryption algorithm select a finite field and an elliptic curve according to the general rule and generate a key pair.

SM3 algorithm: namely a cryptographic hash (hash ) algorithm, a computing method and computing steps of the hash function algorithm are given, and an operation example is given. The algorithm is suitable for digital signature and verification in commercial password application, generation and verification of message authentication codes and generation of random numbers, and can meet the safety requirements of various password applications. The algorithm generates a hash value with the length of 256 bits by filling and iterative compression on a 64 th power bit message with the input length less than 2, wherein the hash value uses exclusive or, module addition, shift and or, non-operation and is composed of filling, iterative process, message expansion and compression functions. See the SM3 standard for an example of specific algorithms and operations. In order to ensure the security of the hash algorithm, the length of the hash value generated by the hash algorithm should not be too short, for example, MD5 outputs a 128-bit hash value, the output length is too short, which affects the security of SHA-1 algorithm, the output length is 160 bits, and the output length of SM3 algorithm is 256 bits, so the security of SM3 algorithm is higher than that of MD5 algorithm and SHA-1 algorithm.

SM4 symmetric algorithm: is a grouping algorithm used for wireless local area network products. The packet length of the algorithm is 128 bits and the key length is 128 bits. Both the encryption algorithm and the key expansion algorithm adopt 32-round nonlinear iteration structures. The decryption algorithm has the same structure as the encryption algorithm, but the use sequence of the round keys is opposite, and the decryption round keys are the reverse sequence of the encryption round keys. The algorithm adopts a nonlinear iteration structure, each iteration is given by a round function, wherein the round function is formed by compounding a nonlinear transformation and a linear transformation, and the nonlinear transformation is given by an S box. Where rki is the round key, the composite permutation T constitutes a round function. The generation of round keys is similar to the above flow chart, and is generated by taking the encryption key as an input, and the linear transformation in the round function is different, and has some parameter differences. See the SM4 standard for a specific description and example of the SM4 algorithm.

An embodiment of the present invention provides a method for acquiring a data file, which is used for acquiring an encrypted on-demand file. The execution main body of the embodiment is an acquisition device of a data file, and is arranged on a terminal device, wherein the terminal device may be a video networking terminal or a monitoring access server, and the monitoring access server is connected with a monitoring device.

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a method for acquiring a data file according to the present invention is shown, where the method specifically includes the following steps:

s101, sending an on-demand file acquisition request to a storage server, wherein the acquisition request comprises an on-demand file identifier;

specifically, the video network terminal or the monitoring access server is respectively connected with the storage server and simultaneously respectively connected with the core server, and the monitoring access server is connected with the monitoring equipment. In order to ensure the security of data transmission in a video conference or a monitoring scheduling service, encryption chips are installed on a video network terminal, a monitoring access server, a storage server and a core server, and the encryption chips are used for generating a secret key.

When the video data of a certain monitoring device or the video data of a video network terminal are required to be acquired during service, the terminal device sends an acquisition request of an on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier.

S102, receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;

specifically, an encrypted on-demand file is stored in a storage server, the terminal device encrypts an original on-demand file in advance to obtain the encrypted on-demand file, then the encrypted on-demand file is sent to the storage server, the storage server stores an identifier of the on-demand file and the encrypted on-demand file corresponding to the identifier of the on-demand file in a database, and the storage server searches for the encrypted on-demand file corresponding to the identifier of the on-demand file in the database after receiving an acquisition request sent by the terminal device.

S103, receiving a target video networking number of a core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;

specifically, after receiving an encrypted on-demand file sent by a terminal device, a storage server generates a log file corresponding to the encrypted on-demand file according to the encrypted on-demand file, and stores a video networking number of a superior core server connected with the terminal device in the log file, that is, a position of a key required for decrypting the encrypted on-demand file;

and the storage server sends the target video network number of the core server corresponding to the on-demand file identifier to the terminal equipment, so that the terminal equipment can acquire the decryption key corresponding to the on-demand file identifier from the core server.

S104, acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;

specifically, the terminal device sends a key acquisition request to a core server corresponding to the target video networking number, the key acquisition request includes the on-demand file identifier, and the core server sends a decryption key corresponding to the on-demand file identifier to the terminal device.

S105, decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

Specifically, after the terminal device obtains the decryption key and the encrypted on-demand file, the terminal device decrypts the encrypted on-demand file by using the decryption key to obtain the on-demand file.

The terminal equipment decrypts the encrypted on-demand file by using the public key, and then decrypts the encrypted on-demand file again by using the symmetric key to obtain the on-demand file.

The method for acquiring the data file, provided by the embodiment of the invention, transmits an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

The present invention further provides a supplementary description of the method for acquiring a data file provided in the above embodiment.

As shown in fig. 2, a flowchart illustrating steps of an embodiment of a data file saving method according to the present invention is shown, where the data file saving method includes:

s201, determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;

specifically, the video network terminal or the monitoring access server is respectively connected with the storage server and simultaneously respectively connected with the core server, and the monitoring access server is connected with the monitoring equipment. In order to ensure the security of data transmission in a video conference or a monitoring scheduling service, encryption chips are installed on a video network terminal, a monitoring access server, a storage server and a core server, and the encryption chips are used for generating a secret key.

An encryption chip installed on the terminal equipment generates a key pair comprising a private key and a public key by adopting an asymmetric encryption algorithm, namely an SM2 algorithm in advance, the public key is sent to a core server to be stored, and the private key is used for encrypting a file. The private key and the public key are generated in advance.

S202, sending a symmetric key request to the core server;

specifically, when performing a service, the terminal device sends a symmetric key request to the core server, and the encryption chip on the core server generates a symmetric key by using a symmetric encryption algorithm, i.e., SM4 algorithm.

In the service, there are several terminal devices, the core server will send the symmetric key to each terminal device, and the terminal device can encrypt with the symmetric key and can also decrypt with the symmetric key;

s203, receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

S204, encrypting the original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm; and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.

Specifically, the terminal device encrypts the original on-demand file by using the symmetric key to obtain a first encrypted file, and then performs SM3 operation, that is, hash operation, on the original on-demand file and the symmetric key to obtain a first hash value, where the hash value is used to determine whether the content of the transmitted file is correct.

S205, encrypting the first encrypted file again by using a private key to obtain the encrypted on-demand file.

Specifically, in order to improve the data security, the terminal device may further encrypt the first encrypted file, for example, encrypt the first encrypted file with a private key, so as to obtain an encrypted on-demand file.

S206, sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.

Specifically, the log file includes an on-demand file identifier, an identifier of a terminal device corresponding to the on-demand file identifier, and a video networking number of a superior core server connected to the terminal device, where the video networking number is a location of a key required to decrypt and encrypt the on-demand file.

As shown in fig. 3, a flowchart illustrating steps of an embodiment of a data file obtaining method according to the present invention is shown, where the data file obtaining method includes:

s301, sending an on-demand file acquisition request to a storage server, wherein the acquisition request comprises an on-demand file identifier;

specifically, when a service is performed and video data of a certain monitoring device or video data of a video network terminal is to be acquired, the terminal device sends an acquisition request of an on-demand file to the storage server, where the acquisition request includes an on-demand file identifier.

S302, receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;

specifically, an encrypted on-demand file is stored in a storage server, the terminal device encrypts an original on-demand file in advance to obtain the encrypted on-demand file, then the encrypted on-demand file is sent to the storage server, the storage server stores an identifier of the on-demand file and the encrypted on-demand file corresponding to the identifier of the on-demand file in a database, and the storage server searches for the encrypted on-demand file corresponding to the identifier of the on-demand file in the database after receiving an acquisition request sent by the terminal device.

S303, receiving a target video networking number of the core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and the video networking number of the core server corresponding to the file identifier;

specifically, after receiving an encrypted on-demand file sent by a terminal device, a storage server generates a log file corresponding to the encrypted on-demand file according to the encrypted on-demand file, and stores a video networking number of a superior core server connected with the terminal device in the log file, that is, a position of a key required for decrypting the encrypted on-demand file;

and the storage server sends the target video network number of the core server corresponding to the on-demand file identifier to the terminal equipment, so that the terminal equipment can acquire the decryption key corresponding to the on-demand file identifier from the core server.

S304, obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

specifically, the terminal equipment acquires a public key and a symmetric key corresponding to the on-demand file identifier from a core server corresponding to the video networking number;

s305, decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;

s306, decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

S307, carrying out hash operation on the on-demand file and the symmetric key to obtain a second hash value;

s308, comparing the first hash value with the second hash value;

s309, if the first hash value and the second hash value are the same, determining the on-demand file as the original on-demand file.

Specifically, in order to verify that the on-demand file decrypted by the terminal device is the original on-demand file and the content of the on-demand file is not tampered, the terminal device receives a first hash value sent by the storage server, wherein the first hash value is obtained by performing hash operation according to the original on-demand file and the symmetric key.

After the terminal equipment decrypts the on-demand file, performing SM3 operation again by using the on-demand file and the symmetric key to obtain a second hash value; and comparing the first hash value with the second hash value, if the first hash value and the second hash value are the same, indicating that the on-demand file obtained by decryption is the original on-demand file, and if the first hash value and the second hash value are different, indicating that the on-demand file obtained by decryption has been tampered.

Fig. 4 is a flowchart of steps of another embodiment of a method for acquiring a data file according to the present invention, as shown in fig. 4, in the embodiment of the present invention, the method includes a terminal device, a core server, and a storage server, where the terminal device includes a video network terminal and a monitoring access server, and the monitoring access server is further connected to a monitoring device; the method specifically comprises the following steps:

video networking terminal or monitoring access server: a random number generation function needs to be developed for generating a random SM3 key; the SM4 algorithm is implanted for encrypting and decrypting the video stream;

a core server: the development support stores the random key generated by the terminal; the secret key needs to be obtained by a terminal supported by a video networking protocol; the key adopts a hierarchical storage scheme, and the core server only stores the key of the video network terminal or the monitoring access server of the core server.

The video network core server cannot be directly read because the video network protocol is adopted, and the video network number cannot be addressed by the equipment outside the video network, so the key cannot be exposed.

A storage server: continuous storage of encrypted data packets is supported; generating a log file in a storage server, wherein the log file is used for recording a core server video network number corresponding to the encrypted video stream; when the terminal reads the video stream, the log file, namely the log file, needs to be read first, and the video stream file needs to be read after the key is obtained.

In the embodiment of the invention, the video network encryption video stream and the key are stored separately, each storage file corresponds to a random key, and the keys can be stored in different positions; the position of key storage can only be obtained by the video network terminal in the mode of video network number addressing, thus improving the security of data transmission in the process of data transmission.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

The method for acquiring the data file, provided by the embodiment of the invention, transmits an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

Another embodiment of the present invention provides an apparatus for acquiring a data file, which is used to execute the method for acquiring a data file provided in the foregoing embodiment.

Referring to fig. 5, a block diagram of an embodiment of an apparatus for acquiring a data file according to the present invention is shown, and the apparatus may specifically include the following modules: a request module 501, a first receiving module 502, an obtaining module 503, a second receiving module 504 and a decryption module 505, wherein:

the request module 501 is configured to send an on-demand file acquisition request to a storage server, where the acquisition request includes an on-demand file identifier;

the first receiving module 502 is configured to receive an encrypted on-demand file corresponding to the on-demand file identifier, where the encrypted on-demand file is stored in the storage server in advance;

the obtaining module 503 is configured to receive a target video networking number of the core server, which is returned by the storage server and corresponds to the on-demand file identifier, where the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file includes a file identifier and a video networking number of the core server corresponding to the file identifier;

the second receiving module 504 is configured to obtain, through an internet protocol, a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target internet protocol number;

the decryption module 505 is configured to decrypt the encrypted on-demand file using the decryption key to obtain the on-demand file.

The data file acquisition device provided by the embodiment of the invention sends an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

The present invention further provides a supplementary description of the apparatus for acquiring a data file provided in the above embodiment.

Optionally, the apparatus further comprises a first encryption module, the first encryption module is configured to:

encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.

Optionally, the first encryption module is further configured to:

and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.

Optionally, the apparatus further comprises a second encryption module, the second encryption module being configured to:

determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;

sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

Optionally, the decryption module is configured to:

acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

Optionally, the apparatus further comprises a third encryption module, the third encryption module is configured to:

and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.

Optionally, the apparatus further comprises a verification module configured to:

carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file. It should be noted that the respective implementable modes in the present embodiment may be implemented individually, or may be implemented in combination in any combination without conflict, and the present application is not limited thereto.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

The data file acquisition device provided by the embodiment of the invention sends an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

Still another embodiment of the present invention provides a terminal device, configured to execute the method for acquiring a data file provided in the foregoing embodiment.

Fig. 6 is a schematic structural diagram of a terminal device of the present invention, and as shown in fig. 6, the terminal device includes: at least one processor 601 and memory 602;

the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for acquiring the data file provided by the above embodiment.

The terminal device provided in this embodiment sends an on-demand file acquisition request to the storage server, where the acquisition request includes an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

Yet another embodiment of the present application provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed, the method for acquiring a data file provided in any of the above embodiments is implemented.

According to the computer-readable storage medium of the embodiment, the request for acquiring the on-demand file is sent to the storage server, wherein the request for acquiring comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, electronic devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing electronic device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing electronic device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing electronic devices to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing electronic device to cause a series of operational steps to be performed on the computer or other programmable electronic device to produce a computer implemented process such that the instructions which execute on the computer or other programmable electronic device provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or electronic device that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or electronic device. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or electronic device that comprises the element.

The above method and device for acquiring a data file provided by the present invention are described in detail, and a specific example is applied in the text to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A method for acquiring a data file, the method comprising:

sending an acquisition request of an on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier;

receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server;

receiving a target video networking number of a core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;

acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;

and decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

2. The method of claim 1, wherein prior to said sending the request for the on-demand file to the storage server, the method further comprises:

encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.

3. The method of claim 2, further comprising:

and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.

4. The method of claim 2, wherein before encrypting the original on-demand file with the symmetric key to obtain the first encrypted file, the method further comprises:

determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;

sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

5. The method of claim 4, wherein decrypting the encrypted on-demand file using the decryption key to obtain an on-demand file comprises:

acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

6. The method of claim 4, further comprising:

and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.

7. The method of claim 5, wherein after decrypting the encrypted on-demand file using the encryption key to obtain an original on-demand file, the method further comprises:

carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

8. An apparatus for acquiring a data file, the apparatus comprising:

the request module is used for sending an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier;

the first receiving module is used for receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;

the acquisition module is used for receiving a target video networking number of the core server, corresponding to the on-demand file identifier, returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;

the second receiving module is used for acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;

and the decryption module is used for decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

9. A terminal device, comprising: at least one processor and memory;

the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the method of acquiring a data file of any of claims 1-7.

10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when executed, implements the method of acquiring a data file of any of claims 1-7.

Images