CN112954388B - Data file acquisition method and device, terminal equipment and storage medium - Google Patents

Abstract

The embodiment of the invention provides a method, a device, terminal equipment and a storage medium for acquiring a data file, which comprise the following steps: sending an acquisition request of the on-demand file to a storage server, and receiving an encrypted on-demand file corresponding to an on-demand file identifier returned by the storage server and a target video networking number of a core server corresponding to the on-demand file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

Description

Data file acquisition method and device, terminal equipment and storage medium

Technical Field

The present invention relates to the field of video networking technologies, and in particular, to a method and apparatus for acquiring a data file, a terminal device, and a storage medium.

Background

When service data transmission is carried out in the video network, the service data can be stored in the storage server, if a hard disk of the storage server is maliciously dismantled, the content of the hard disk can be directly read, so that the problem of service data leakage can be caused when the service data transmission is carried out, and therefore, how to ensure the safety of the service data and not to be leaked is the problem which needs to be solved at present.

Disclosure of Invention

In view of the foregoing, embodiments of the present invention are directed to providing a method, apparatus, terminal device, and storage medium for acquiring a data file that overcome or at least partially solve the foregoing problems.

In a first aspect, an embodiment of the present invention provides a method for acquiring a data file, where the method includes:

sending an acquisition request of the on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier;

receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server;

receiving a target video-on-demand number of a core server corresponding to the video-on-demand file identifier returned by the storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises a file identifier and a video-on-demand number of the core server corresponding to the file identifier;

Obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video-on-demand number through a video-on-demand protocol;

and decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

Optionally, before the sending the request for acquiring the on-demand file to the storage server, the method further includes:

encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting the private key to obtain the encrypted on-demand file.

Optionally, the method further comprises:

and sending the encrypted on-demand file to the storage server, so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video networking number of a core server connected with the on-demand device.

Optionally, before the encrypting the original on-demand file with the symmetric key to obtain the first encrypted file, the method further includes:

Determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand device, and the public key is stored on the core server;

sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

Optionally, decrypting the encrypted on-demand file with the decryption key to obtain the on-demand file, including:

obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by adopting the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

Optionally, the method further comprises:

and carrying out hash operation on the original on-demand file and the symmetric key to obtain a first hash value.

Optionally, after decrypting the encrypted on-demand file with the encryption key to obtain the original on-demand file, the method further includes:

Performing hash operation on the on-demand file and the symmetric key to obtain a second hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

In a second aspect, an embodiment of the present invention provides an apparatus for acquiring a data file, where the apparatus includes:

the request module is used for sending an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier;

the first receiving module is used for receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is stored in the storage server in advance;

the acquisition module is used for receiving a target video-on-line number of the core server corresponding to the on-demand file identifier returned by the storage server, wherein the target video-on-line number is determined by the storage server according to the on-demand file identifier and a prestored log file, and the log file comprises a file identifier and a video-on-line number of the core server corresponding to the file identifier;

The second receiving module is used for obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video network number through a video network protocol;

and the decryption module is used for decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

Optionally, the apparatus further includes a first encryption module, where the first encryption module is configured to:

encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting the private key to obtain the encrypted on-demand file.

Optionally, the first encryption module is further configured to:

and sending the encrypted on-demand file to the storage server, so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video networking number of a core server connected with the on-demand device.

Optionally, the apparatus further includes a second encryption module, where the second encryption module is configured to:

Determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand device, and the public key is stored on the core server;

sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

Optionally, the decryption module is configured to:

obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by adopting the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

Optionally, the apparatus further includes a third encryption module, where the third encryption module is configured to:

and carrying out hash operation on the original on-demand file and the symmetric key to obtain a first hash value.

Optionally, the apparatus further comprises a verification module, the verification module being configured to:

Performing hash operation on the on-demand file and the symmetric key to obtain a second hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

In a third aspect, an embodiment of the present invention provides a terminal device, including: at least one processor and memory;

the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for acquiring a data file provided in the first aspect.

In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium having stored therein a computer program that, when executed, implements the method for acquiring a data file provided in the first aspect.

The embodiment of the invention has the following advantages:

according to the data file acquisition method, the data file acquisition device, the terminal equipment and the storage medium, an acquisition request of the on-demand file is sent to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

Drawings

FIG. 1 is a flow chart of steps of an embodiment of a method for retrieving a data file according to the present invention;

FIG. 2 is a flow chart of steps of an embodiment of a method for saving a data file according to the present invention;

FIG. 3 is a flow chart of steps of yet another embodiment of a method for retrieving a data file according to the present invention;

FIG. 4 is a flow chart of steps of yet another embodiment of a method for retrieving a data file according to the present invention;

FIG. 5 is a block diagram illustrating an exemplary embodiment of a data file acquisition apparatus according to the present invention;

fig. 6 is a schematic structural diagram of a terminal device of the present invention.

Detailed Description

In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.

The video networking is an important milestone for network development, is a real-time network, can realize real-time transmission of high-definition videos, and pushes numerous internet applications to high-definition videos, and the high definition faces.

The video networking adopts a real-time high-definition video exchange technology, and can integrate all required services such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delay television, network teaching, live broadcast, VOD on demand, television mail, personal record (PVR), intranet (self-processing) channel, intelligent video playing control, information release and other tens of services into one system platform, and realize high-definition quality video playing through television or computer.

Based on the characteristics of the video networking, one of the core concepts of the embodiment of the invention is provided, and an acquisition request of the on-demand file is sent to a storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

The nouns are explained as follows:

SM2 asymmetric encryption algorithm: i.e. elliptic curve public key cryptography algorithm; the SM2 algorithm is an ECC elliptic curve cryptography mechanism, but is different from international standards such as ECDSA, ECDH and the like in terms of signature and key exchange, and adopts a safer mechanism. In addition, SM2 recommends a 256-bit curve as a standard curve. The SM2 standard includes four parts, namely a general rule, a digital signature algorithm, a key exchange protocol and a public key encryption algorithm, and relevant details and examples of implementation are described in detail in an appendix of each part. The SM2 algorithm mainly considers elliptic curves on the prime fields Fp and F2m, and introduces the representation, operation and multiple point calculation algorithm of the two fields, and the representation, operation and multiple points of the elliptic curves on the fields. Data conversion in a programming language is then introduced, including integer and byte strings, byte strings and bit strings, field elements and integers, and rules for data conversion between point and byte strings. The method is characterized by specifically describing the generation and verification of the parameters of the elliptic curve on the finite field, wherein the parameters of the elliptic curve comprise the selection of the finite field, the parameters of elliptic curve equation, the selection of the base points of elliptic curve groups and the like, and providing the selection standard for the verification. And finally, generating a key pair on the elliptic curve and verifying a public key, wherein the key pair of the user is (s, sP), s is a private key of the user, sP is a public key of the user, s is difficult to obtain from sP due to the discrete logarithm problem, and a key pair generation detail and a verification mode are provided for a prime domain and a binary expansion domain. A digital signature algorithm (including a digital signature generation algorithm and a verification algorithm), a key exchange protocol, and a public key encryption algorithm (including an encryption algorithm and a decryption algorithm) are given on the basis of a general rule, and an algorithm description, an algorithm flow, and related examples are given in each section. The digital signature algorithm, the key exchange protocol and the public key encryption algorithm all use an SM3 password hash algorithm approved by the national institutes of cryptographic and a random number generator. The digital signature algorithm, the key exchange protocol and the public key encryption algorithm select a finite field and an elliptic curve according to a general rule and generate a key pair.

SM3 algorithm: namely a cryptographic hash (hash ) algorithm, a calculation method and a calculation step of the hash function algorithm are given, and an operation example is given. The algorithm is suitable for digital signature and verification in commercial password application, generation and verification of the message authentication code and generation of random numbers, and can meet the security requirements of various password applications. The algorithm generates a hash value with 256 bits by padding and iterative compression on a bit message with the input length less than 64 times of 2, wherein exclusive or, modulo addition, shift, and or, non-operation is used, and the hash value is formed by padding, iterative process, message expansion and compression function. Specific algorithms and operation examples are found in the SM3 standard. In order to ensure the security of the hash algorithm, the length of the generated hash value should not be too short, for example, the MD5 outputs a 128-bit hash value, the output length is too short, the output length of the SHA-1 algorithm affecting the security is 160 bits, and the output length of the SM3 algorithm is 256 bits, so the security of the SM3 algorithm is higher than that of the MD5 algorithm and SHA-1 algorithm.

SM4 symmetry algorithm: is a grouping algorithm for wireless local area network products. The algorithm has a packet length of 128 bits and a key length of 128 bits. The encryption algorithm and the key expansion algorithm both adopt a 32-round nonlinear iterative structure. The decryption algorithm is the same as the encryption algorithm except that the round keys are used in reverse order, and the decryption round keys are in reverse order of the encryption round keys. The algorithm adopts a nonlinear iterative structure, each iteration is given by a round function, wherein the round function is formed by compounding a nonlinear transformation and a linear transformation, and the nonlinear transformation is given by an S box. Where rki is the round key and the synthetic permutation T constitutes the round function. The round key is generated by taking the encryption key as input, and the round key is generated by the round key, the linear transformation in the round function is different, and parameters are different. See SM4 standard for specific description and examples of SM4 algorithms.

An embodiment of the invention provides a data file acquisition method for acquiring an encrypted on-demand file. The execution main body of the embodiment is an acquisition device of a data file, and the acquisition device is arranged on terminal equipment, wherein the terminal equipment can be a video networking terminal or a monitoring access server, and the monitoring access server is connected with monitoring equipment.

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a method for acquiring a data file according to the present invention may specifically include the following steps:

s101, sending an acquisition request of a video-on-demand file to a storage server, wherein the acquisition request comprises a video-on-demand file identifier;

specifically, the video networking terminal or the monitoring access server is respectively connected with the storage server, and meanwhile, is respectively connected with the core server, and the monitoring access server is connected with the monitoring equipment. In order to ensure the safety of data transmission in video conferences or monitoring dispatch services, encryption chips are arranged on a video networking terminal, a monitoring access server, a storage server and a core server, and the encryption chips are used for generating keys.

When the video data of a certain monitoring device or the video data of a video networking terminal is wanted to be acquired during service, the terminal device sends an acquisition request of the on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier.

S102, receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is stored in the storage server in advance;

specifically, an encrypted on-demand file is stored on a storage server, after the terminal equipment encrypts an original on-demand file in advance, the encrypted on-demand file is obtained, then the encrypted on-demand file is sent to the storage server, the storage server stores the on-demand file identifier and the encrypted on-demand file corresponding to the on-demand file identifier in a database, and after receiving an acquisition request sent by the terminal equipment, the storage server searches the database for the encrypted on-demand file corresponding to the on-demand file identifier.

S103, receiving a target video-on-demand network number of a core server corresponding to the video-on-demand file identifier returned by the storage server, wherein the target video-on-demand network number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises a file identifier and a video-on-demand network number of the core server corresponding to the file identifier;

specifically, after receiving an encrypted on-demand file sent by a terminal device, a storage server generates a log file corresponding to the encrypted on-demand file according to the encrypted on-demand file, and stores a video-on-network number of an upper core server connected with the terminal device, namely, a position of a key required for decrypting the encrypted on-demand file in the log file;

The storage server sends the target video network number of the core server corresponding to the on-demand file identification to the terminal equipment, so that the terminal equipment can acquire the decryption key corresponding to the on-demand file identification from the core server.

S104, obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;

specifically, the terminal device sends a key acquisition request to a core server corresponding to the target video-on-demand network number, the key acquisition request includes the on-demand file identifier, and the core server sends a decryption key corresponding to the on-demand file identifier to the terminal device.

S105, decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.

Specifically, after obtaining the decryption key and the encrypted on-demand file, the terminal device decrypts the encrypted on-demand file by using the decryption key to obtain the on-demand file.

The decryption key at least comprises a public key and a symmetric key which correspond to the on-demand file identification, the terminal equipment firstly adopts the public key to decrypt the encrypted on-demand file, and then adopts the symmetric key to decrypt again, so as to obtain the on-demand file.

According to the data file acquisition method provided by the embodiment of the invention, the acquisition request of the on-demand file is sent to the storage server, wherein the acquisition request comprises the on-demand file identification; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

The method for acquiring the data file provided by the embodiment of the invention is further described in a further embodiment of the invention.

As shown in fig. 2, a step flow chart of an embodiment of a method for storing a data file according to the present invention is shown, where the method for storing a data file includes:

s201, determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand device, and the public key is stored on the core server;

specifically, the video networking terminal or the monitoring access server is respectively connected with the storage server, and meanwhile, is respectively connected with the core server, and the monitoring access server is connected with the monitoring equipment. In order to ensure the safety of data transmission in video conferences or monitoring dispatch services, encryption chips are arranged on a video networking terminal, a monitoring access server, a storage server and a core server, and the encryption chips are used for generating keys.

The encryption chip installed on the terminal equipment adopts an asymmetric encryption algorithm, namely an SM2 algorithm in advance, generates a key pair comprising a private key and a public key, sends the public key to a core server for storage, and the private key is used for encrypting the file. The private key and the public key are generated in advance.

S202, sending a symmetric key request to the core server;

specifically, when the service is performed, the terminal device sends a symmetric key request to the core server, and an encryption chip on the core server adopts a symmetric encryption algorithm, namely an SM4 algorithm, to generate a symmetric key.

In the service, there are several terminal devices, the core server will send the symmetric key to each terminal device, the terminal device can encrypt with the symmetric key, and can decrypt with the symmetric key;

s203, receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

S204, encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm; and carrying out hash operation on the original on-demand file and the symmetric key to obtain a first hash value.

Specifically, the terminal device encrypts the original on-demand file by using the symmetric key to obtain a first encrypted file, and then performs SM3 operation, i.e. hash operation, on the original on-demand file and the symmetric key to obtain a first hash value, where the hash value is used to determine whether the transmitted file content is correct or not.

S205, encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.

Specifically, in order to improve the security of the data, the terminal device may further encrypt the first encrypted file, for example, encrypt the first encrypted file with a private key, to obtain an encrypted on-demand file.

S206, sending the encrypted on-demand file to the storage server, so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video networking number of a core server connected with the on-demand device.

Specifically, the log file includes an on-demand file identifier, an identifier of a terminal device corresponding to the on-demand file identifier, and an internet-of-view number of an upper core server connected to the terminal device, where the internet-of-view number is a location of a key required for decrypting the encrypted on-demand file.

As shown in fig. 3, a step flow chart of an embodiment of a method for acquiring a data file according to the present invention is shown, where the method for acquiring a data file includes:

S301, sending an acquisition request of a video-on-demand file to a storage server, wherein the acquisition request comprises a video-on-demand file identifier;

specifically, when the video data of a certain monitoring device or the video data of the video networking terminal is wanted to be acquired during service, the terminal device sends an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier.

S302, receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is stored in the storage server in advance;

specifically, an encrypted on-demand file is stored on a storage server, after the terminal equipment encrypts an original on-demand file in advance, the encrypted on-demand file is obtained, then the encrypted on-demand file is sent to the storage server, the storage server stores the on-demand file identifier and the encrypted on-demand file corresponding to the on-demand file identifier in a database, and after receiving an acquisition request sent by the terminal equipment, the storage server searches the database for the encrypted on-demand file corresponding to the on-demand file identifier.

S303, receiving a target video-on-demand network number of a core server corresponding to the video-on-demand file identifier returned by the storage server, wherein the target video-on-demand network number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises a file identifier and a video-on-demand network number of the core server corresponding to the file identifier;

Specifically, after receiving an encrypted on-demand file sent by a terminal device, a storage server generates a log file corresponding to the encrypted on-demand file according to the encrypted on-demand file, and stores a video-on-network number of an upper core server connected with the terminal device, namely, a position of a key required for decrypting the encrypted on-demand file in the log file;

the storage server sends the target video network number of the core server corresponding to the on-demand file identification to the terminal equipment, so that the terminal equipment can acquire the decryption key corresponding to the on-demand file identification from the core server.

S304, obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

specifically, the terminal equipment acquires a public key and a symmetric key corresponding to the on-demand file identifier from a core server corresponding to the video networking number;

s305, decrypting the encrypted on-demand file by adopting the public key to obtain a second encrypted file;

s306, decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

S307, carrying out hash operation on the on-demand file and the symmetric key to obtain a second hash value;

S308, comparing the first hash value with the second hash value;

s309, if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

Specifically, in order to verify that the on-demand file decrypted by the terminal device is an original on-demand file, the content of the on-demand file is not tampered, the terminal device receives a first hash value sent by the storage server, wherein the first hash value is obtained by performing hash operation according to the original on-demand file and the symmetric key.

After the terminal equipment decrypts to obtain the on-demand file, SM3 operation is carried out again by adopting the on-demand file and the symmetric key to obtain a second hash value; comparing the first hash value with the second hash value, if the first hash value and the second hash value are the same, the decrypted on-demand file is the original on-demand file, and if the first hash value and the second hash value are different, the decrypted on-demand file is tampered.

FIG. 4 is a flowchart illustrating steps of another embodiment of a method for acquiring a data file according to the present invention, as shown in FIG. 4, in which the embodiment of the present invention includes a terminal device, a core server, and a storage server, where the terminal device includes a video networking terminal and a monitoring access server, and the monitoring access server is connected to a monitoring device; the method specifically comprises the following steps:

The video networking terminal or the monitoring access server: a random number generation function needs to be developed for generating a random SM3 key; the SM4 algorithm is implanted and is used for encrypting and decrypting the video stream;

the core server: development support stores a random key generated by a terminal; the key needs to support the terminal to acquire through the video networking protocol; the key adopts a hierarchical storage scheme, and the core server only stores the key of the own subordinate video network terminal or the monitoring access server.

The video network core server adopts the video network protocol, so that the video network core server cannot be directly read, and the video network number cannot be addressed by equipment outside the video network, so that the secret key cannot be exposed.

The storage server: supporting continuous storage of encrypted data packets; generating a log file in a storage server, wherein the log file is used for recording a video networking number of a core server corresponding to the encrypted video stream; when the terminal reads the video stream, the log file, namely the log file, is read first, and then the video stream file is read after the key is obtained.

In the embodiment of the invention, the encrypted video stream of the internet of view and the secret key are stored separately, each storage file corresponds to a random secret key, and the secret keys can be stored in different positions; the position of the key storage can only be obtained by the video networking terminal through the video networking number addressing mode, so that the safety of data transmission is improved in the data transmission process.

It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.

According to the data file acquisition method provided by the embodiment of the invention, the acquisition request of the on-demand file is sent to the storage server, wherein the acquisition request comprises the on-demand file identification; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

Another embodiment of the present invention provides a data file obtaining apparatus, configured to execute the data file obtaining method provided in the foregoing embodiment.

Referring to fig. 5, there is shown a block diagram of an embodiment of a data file acquisition apparatus according to the present invention, which may specifically include the following modules: a request module 501, a first receiving module 502, an obtaining module 503, a second receiving module 504, and a decryption module 505, wherein:

the request module 501 is configured to send an acquisition request of an on-demand file to a storage server, where the acquisition request includes an on-demand file identifier;

the first receiving module 502 is configured to receive an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, where the encrypted on-demand file is pre-stored on the storage server;

the obtaining module 503 is configured to receive a target internet-of-view number of a core server corresponding to the on-demand file identifier returned by the storage server, where the target internet-of-view number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file includes a file identifier and an internet-of-view number of the core server corresponding to the file identifier;

The second receiving module 504 is configured to obtain, by using a video-on-demand protocol, a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video-on-demand number;

the decryption module 505 is configured to decrypt the encrypted on-demand file by using the decryption key, so as to obtain the on-demand file.

According to the data file acquisition device provided by the embodiment of the invention, the acquisition request of the on-demand file is sent to the storage server, wherein the acquisition request comprises the on-demand file identification; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

In a further embodiment of the present invention, the data file obtaining device provided in the above embodiment is further described in a supplementary manner.

Optionally, the apparatus further includes a first encryption module, where the first encryption module is configured to:

encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm;

and encrypting the first encrypted file again by adopting the private key to obtain the encrypted on-demand file.

Optionally, the first encryption module is further configured to:

and sending the encrypted on-demand file to the storage server, so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video networking number of a core server connected with the on-demand device.

Optionally, the apparatus further includes a second encryption module, where the second encryption module is configured to:

determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand device, and the public key is stored on the core server;

Sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

Optionally, the decryption module is configured to:

obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by adopting the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

Optionally, the apparatus further includes a third encryption module, where the third encryption module is configured to:

and carrying out hash operation on the original on-demand file and the symmetric key to obtain a first hash value.

Optionally, the apparatus further comprises a verification module, the verification module being configured to:

performing hash operation on the on-demand file and the symmetric key to obtain a second hash value;

comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file. It should be noted that, in this embodiment, each of the possible embodiments may be implemented separately, or may be implemented in any combination without conflict, which is not limited to the implementation of the present application.

For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.

According to the data file acquisition device provided by the embodiment of the invention, the acquisition request of the on-demand file is sent to the storage server, wherein the acquisition request comprises the on-demand file identification; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

Still another embodiment of the present invention provides a terminal device, configured to execute the method for acquiring a data file provided in the foregoing embodiment.

Fig. 6 is a schematic structural view of a terminal device of the present invention, as shown in fig. 6, the terminal device includes: at least one processor 601 and memory 602;

the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for acquiring the data file provided in the foregoing embodiment.

The terminal device provided in this embodiment sends an acquisition request of the on-demand file to the storage server, where the acquisition request includes an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

Still another embodiment of the present application provides a computer readable storage medium having a computer program stored therein, the computer program when executed implementing the method for acquiring a data file provided in any one of the above embodiments.

According to the computer readable storage medium of the present embodiment, an acquisition request of an on-demand file is sent to a storage server, wherein the acquisition request includes an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video-on-demand number of a core server corresponding to a video-on-demand file identifier returned by a storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises the file identifier and the video-on-demand number of the core server corresponding to the file identifier; obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by adopting the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored on different devices, so that even if the encrypted on-demand file is obtained and the corresponding decryption key is not available, the encrypted on-demand file cannot be decrypted, and the original on-demand file is obtained, thereby improving the security of the service data in the transmission process.

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.

It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, electronic devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing electronic device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing electronic device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or electronic device that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or electronic device. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or electronic device that comprises the element.

The above description of a method for obtaining a data file and an apparatus for obtaining a data file provided by the present invention are detailed, and specific examples are applied to illustrate the principles and embodiments of the present invention, where the above description of the examples is only for helping to understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (10)

1. A method for obtaining a data file, the method comprising:

sending an acquisition request of the on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier;

receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server;

receiving a target video-on-demand number of a core server corresponding to the video-on-demand file identifier returned by the storage server, wherein the target video-on-demand number is determined by the storage server according to the video-on-demand file identifier and a prestored log file, and the log file comprises a file identifier and a video-on-demand number of the core server corresponding to the file identifier;

obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video-on-demand number through a video-on-demand protocol;

decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file;

the encrypted on-demand file is obtained by encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file and encrypting the first encrypted file again by adopting a private key; the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

2. The method of claim 1, wherein prior to said sending the request to the storage server for retrieval of the on-demand file, the method further comprises:

encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file;

and encrypting the first encrypted file again by adopting the private key to obtain the encrypted on-demand file.

3. The method according to claim 2, wherein the method further comprises:

and sending the encrypted on-demand file to the storage server, so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video networking number of a core server connected with on-demand equipment.

4. The method of claim 2, wherein prior to encrypting the original on-demand file using the symmetric key to obtain the first encrypted file, the method further comprises:

determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of on-demand equipment, and the public key is stored on the core server;

Sending a symmetric key request to the core server;

and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

5. The method of claim 4, wherein decrypting the encrypted on-demand file using the decryption key results in an on-demand file comprising:

obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;

decrypting the encrypted on-demand file by adopting the public key to obtain a second encrypted file;

and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.

6. The method according to claim 4, wherein the method further comprises:

and carrying out hash operation on the original on-demand file and the symmetric key to obtain a first hash value.

7. The method of claim 5, wherein after decrypting the encrypted on-demand file using the decryption key to obtain the on-demand file, the method further comprises:

performing hash operation on the on-demand file and the symmetric key to obtain a second hash value;

Comparing the first hash value with the second hash value;

and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.

8. An apparatus for obtaining a data file, the apparatus comprising:

the request module is used for sending an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier;

the first receiving module is used for receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is stored in the storage server in advance;

the acquisition module is used for receiving a target video-on-line number of the core server corresponding to the on-demand file identifier returned by the storage server, wherein the target video-on-line number is determined by the storage server according to the on-demand file identifier and a prestored log file, and the log file comprises a file identifier and a video-on-line number of the core server corresponding to the file identifier;

the second receiving module is used for obtaining a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video network number through a video network protocol;

The decryption module is used for decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file;

the encrypted on-demand file is obtained by encrypting an original on-demand file by adopting a symmetric key to obtain a first encrypted file and encrypting the first encrypted file again by adopting a private key; the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.

9. A terminal device, comprising: at least one processor and memory;

the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the method of retrieving a data file according to any of claims 1-7.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed, implements the method of acquiring a data file according to any one of claims 1-7.