CN113613040A - Video file encryption method, decryption method and key management method - Google Patents

Video file encryption method, decryption method and key management method Download PDF

Info

Publication number
CN113613040A
CN113613040A CN202111178714.8A CN202111178714A CN113613040A CN 113613040 A CN113613040 A CN 113613040A CN 202111178714 A CN202111178714 A CN 202111178714A CN 113613040 A CN113613040 A CN 113613040A
Authority
CN
China
Prior art keywords
key
video file
camera device
public key
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111178714.8A
Other languages
Chinese (zh)
Inventor
黄燕青
李建凯
杨洋
叶家强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Chuangmi Technology Co ltd
Beijing Chuangmizhihui Iot Technology Co ltd
Original Assignee
Shanghai Chuangmi Technology Co ltd
Beijing Chuangmizhihui Iot Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Chuangmi Technology Co ltd, Beijing Chuangmizhihui Iot Technology Co ltd filed Critical Shanghai Chuangmi Technology Co ltd
Priority to CN202111178714.8A priority Critical patent/CN113613040A/en
Publication of CN113613040A publication Critical patent/CN113613040A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption

Abstract

The disclosure provides a video file encryption method, a video file decryption method and a key management method. The video file encryption method can be applied to the camera device, and comprises the following steps: receiving a first public key for multiple times, wherein the first public key is a public key in a first key pair distributed by a server for the camera device for multiple times at regular intervals; generating a second key pair a plurality of times, the second key pair comprising a second public key and a second private key; generating an encryption key by using the newly received first public key and the newly generated second private key; and encrypting the video file by using the encryption key. According to the embodiment of the disclosure, the encryption key can be dynamically updated, the security of the video file is improved, and the privacy of the user is protected.

Description

Video file encryption method, decryption method and key management method
Technical Field
The present disclosure relates to the field of information security, and in particular, to a video file encryption method, a video file decryption method, and a key management method.
Background
At present, video files recorded in most of camera devices are not encrypted, and the privacy of users is easily leaked.
Disclosure of Invention
The disclosure provides a video file encryption method, a decryption method and a key management method, which can reduce the security risk of a video file recorded by a camera device and protect the privacy of a user.
In a first aspect, the present disclosure provides a video file encryption method, which may be applied to an image capturing apparatus, the method including:
receiving a first public key for multiple times, wherein the first public key is a public key in a first key pair distributed by a server for the camera device for multiple times at regular intervals;
generating a second key pair a plurality of times, the second key pair comprising a second public key and a second private key;
generating an encryption key by using the newly received first public key and the newly generated second private key;
and encrypting the video file by using the encryption key.
In one possible implementation manner, before receiving the first public key, the method further includes:
and sending the equipment identifier of the camera device to a server so that the server records a first key pair distributed for the camera device, wherein the first key pair comprises the first public key and a first private key.
In one possible implementation manner, the method further includes:
and writing the second public key into a file header of the encrypted video file.
In one possible implementation manner, the method further includes:
and under the condition that the camera device receives a file reading request of the terminal equipment, sending the encrypted video file to the terminal equipment.
In a possible implementation manner, a file header of the encrypted video file further carries at least one of a timestamp, version information, and product information of the camera device;
wherein the timestamp records at least one of a transmission time, a reception time, and a generation time of the first public key.
In one possible implementation, the receiving the first public key a plurality of times includes: receiving and storing a first public key sent by a server for multiple times at regular intervals; when a new first public key is received from the server, the new first public key is adopted to cover an old first public key received from the server last time;
the generating a second key pair a plurality of times comprises: generating and storing a second key pair a plurality of times; when a new second key pair is generated, the new second key pair is adopted to cover the old second key pair generated last time.
In one possible implementation, the first public key received from the server is generated by the server by:
randomly generating a first private key with the length of 32 bytes;
and calculating the public parameter and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes.
In one possible implementation, the generating the second key pair includes:
randomly generating a second private key with the length of 32 bytes;
calculating the public parameter and the second private key by using the public function to obtain a second public key with the length of 32 bytes; the second public key and the second private key form the second key pair.
In one possible implementation, the generating an encryption key using the first public key and the second private key includes:
calculating the first public key and the second private key by adopting the public function to obtain a shared key;
and using the shared key as the encryption key.
In one possible implementation, the encrypting the video file by using the encryption key includes:
searching a video frame containing privacy information from the video file; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
encrypting the privacy information in the video frames containing the privacy information to obtain encrypted video frames, and replacing the video frames containing the privacy information in the video file with the encrypted video frames to obtain a replaced video file;
and encrypting the video file after the replacement processing by using the encryption key.
In a possible implementation manner, the encrypting the privacy information in the video frame containing the privacy information includes:
sequentially extracting each pixel point in the privacy information from the video frame containing the privacy information;
encrypting each pixel point to obtain an encrypted pixel point;
and sequentially replacing each pixel point in the privacy information by each encrypted pixel point.
In one possible implementation, the encrypting the pixel point includes:
negating the pixel points;
and encrypting the pixel points after the negation by using the encryption key.
In a possible implementation manner, the camera device is a compound-eye camera device, the compound-eye camera device includes a plurality of camera modules, and each camera module generates a corresponding video file;
the receiving the first public key comprises: receiving a plurality of first public keys for a plurality of times, wherein each received first public key corresponds to one video file;
the generating a second key pair comprises: generating a plurality of second key pairs for a plurality of times, wherein each generated second key pair corresponds to one video file;
generating an encryption key using the newly received first public key and the newly generated second private key: generating a corresponding encryption key by adopting a corresponding newly received first public key and a second private key in a newly generated second key pair aiming at each video file;
the encrypting the video file by using the encryption key comprises: and for each video file, encrypting by adopting a corresponding encryption key.
In a second aspect, the present disclosure provides a video file decryption method, which can be applied to a terminal device, and includes:
reading the encrypted video file from the camera device;
reading a second public key generated by the camera device from a file header of the encrypted video file;
sending the second public key and the equipment identifier of the camera device to a server, so that the server searches a first private key in a first key pair distributed for the camera device in advance by using the equipment identifier of the camera device and generates a decryption key by using the first private key and the second public key;
receiving the decryption key from the server;
and decrypting the encrypted video file by using the decryption key.
In one possible implementation manner, the method further includes:
reading a timestamp from a file header of the encrypted video file, wherein the timestamp records at least one of sending time, receiving time and generating time of a first public key, and the first public key is a public key in a first key pair which is distributed by the server for the camera in advance;
and sending the timestamp to the server so that the server searches a first private key in a first key pair distributed for the camera in advance by using the equipment identifier of the camera and the timestamp.
In one possible implementation manner, the method further includes:
calculating the time interval between the generation time of the encrypted video file and the current time according to the timestamp;
and under the condition that the time interval is greater than or equal to a preset threshold value, ending the decryption process of the encrypted video file and prompting that the encrypted video file is expired.
In one possible implementation manner, the method further includes:
receiving login information of a user;
verifying the login information, and displaying at least one camera bound by the user under the condition that the login information passes the verification;
receiving a file reading request for at least one camera device bound by the user.
In a possible implementation manner, after decrypting the encrypted video file by using the decryption key, the method further includes:
under the condition that the video file obtained after decryption contains the video frames subjected to encryption processing, sequentially extracting all pixels subjected to encryption processing from the video frames containing the video frames subjected to encryption processing;
decrypting each encrypted pixel point to obtain privacy information; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
sequentially replacing each pixel point after encryption processing by each pixel point in the privacy information to obtain a restored video frame;
and replacing the encrypted video frame with the restored video frame.
In a possible implementation manner, the decrypting the encrypted pixel point to obtain the privacy information includes:
decrypting the encrypted pixel points by adopting the decryption key;
and negating the decrypted pixel points.
In one possible implementation, the reading the encrypted video file from the image capture device includes: reading a plurality of encrypted video files corresponding to a plurality of camera modules included in a compound eye camera device from the compound eye camera device;
the reading of the second public key generated by the camera device from the file header of the encrypted video file includes: respectively reading corresponding second public keys from file headers of the encrypted video files;
the receiving the decryption key from the server comprises: receiving a decryption key for each of the encrypted video files;
the decrypting the encrypted video file by using the decryption key includes: and respectively decrypting each encrypted video file by using the decryption key aiming at each encrypted video file, and combining the video files obtained after decryption.
In a third aspect, the present disclosure provides a key management method, which may be applied to a server, and includes:
the method comprises the steps that a server distributes and stores a first key pair for a camera device for multiple times at regular intervals, wherein the first key pair comprises a first public key and a first private key;
and respectively sending each first public key distributed for a plurality of times at regular intervals to an image pickup device so that the image pickup device generates an encryption key by adopting the first public key and a second private key in a second key pair generated by the image pickup device.
In one possible implementation manner, the method further includes:
receiving the equipment identification of the camera device and a second public key in a second key pair generated by the camera device from the terminal equipment;
searching for a first key pair distributed and stored for the camera device by using the equipment identifier of the camera device;
generating a decryption key by using the second public key and a first private key in the first key pair;
and sending the decryption key to the terminal equipment.
In one possible implementation manner, the server periodically allocates and stores the first key pair for the image capturing apparatus a plurality of times, and includes: the server allocates and stores the first key pair to the image pickup apparatus a plurality of times at regular intervals, and records the time of allocating the first key pair each time.
In one possible implementation manner, the method further includes: receiving a timestamp from the terminal device, the timestamp recording at least one of a transmission time, a reception time, and a generation time of the first public key;
the searching for the first key pair allocated and stored for the camera device by using the device identifier of the camera device includes: and searching for the first key pair which is distributed and stored for the camera device and corresponds to the timestamp by utilizing the equipment identification of the camera device, the timestamp and the time of distributing the first key pair each time.
In one possible implementation manner, the method further includes:
calculating the time interval between the generation time of the encrypted video file and the current time according to the timestamp;
and prompting the terminal equipment that the encrypted video file is expired when the time interval is greater than or equal to a preset threshold value.
In one possible implementation, the server assigns a first key pair to the camera, and includes:
randomly generating a first private key with the length of 32 bytes;
calculating public parameters and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes; the first public key and the first private key constitute the first key pair.
In one possible implementation manner, the generating a decryption key by using the second public key and the first private key of the first key pair includes:
calculating the second public key and the first private key by adopting the public function to obtain a shared key;
using the shared key as the decryption key.
In one possible implementation, the server allocating and storing a first key pair for the camera includes: under the condition that the camera device is a compound eye camera device, the server respectively distributes and stores corresponding first key pairs for all camera modules of the compound eye camera device;
the second public key of the second key pair generated by the camera device received from the terminal equipment comprises: a second public key in a second key pair corresponding to each camera module of the compound eye camera device;
the generating a decryption key using the second public key and the first private key of the first key pair comprises: and generating a corresponding decryption key by adopting the corresponding second public key and the corresponding first private key in the first key pair aiming at each camera module of the compound eye camera device.
In a fourth aspect, the present disclosure provides an image capturing apparatus for implementing video file encryption, including:
the first receiving module is used for receiving a first public key for multiple times, wherein the first public key is a public key in a first key pair distributed by the server for the camera device for multiple times at regular intervals;
the generation module is used for generating a second key pair for multiple times, wherein the second key pair comprises a second public key and a second private key;
the encryption module is used for generating an encryption key by utilizing the newly received first public key and the newly generated second private key; and encrypting the video file by using the encryption key.
In one possible implementation manner, the image capturing apparatus further includes: and the identification sending module is used for sending the equipment identification of the camera device to a server so as to record a first key pair distributed for the camera device by the server, wherein the first key pair comprises the first public key and a first private key.
In a possible implementation manner, the encryption module is further configured to: and writing the second public key into a file header of the encrypted video file.
In one possible implementation manner, the image capturing apparatus further includes:
and the file sending module is used for sending the encrypted video file to the terminal equipment under the condition that the camera device receives a file reading request of the terminal equipment.
In a possible implementation manner, the file header of the encrypted video file also carries at least one of a timestamp, version information and product information of the camera device;
wherein the timestamp records at least one of a transmission time, a reception time, and a generation time of the first public key.
In a possible implementation manner, the first receiving module is configured to receive and store a first public key sent by the server for multiple times at regular intervals; when a new first public key is received from the server, the new first public key is adopted to cover an old first public key received from the server last time;
the generation module is used for generating and storing a second key pair for multiple times; when a new second key pair is generated, the new second key pair is adopted to cover the old second key pair generated last time.
In one possible implementation, the first public key received from the server is generated by the server by:
randomly generating a first private key with the length of 32 bytes;
and calculating the public parameter and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes.
In a possible implementation manner, the generating module is configured to randomly generate a second private key with a length of 32 bytes; calculating the public parameter and the second private key by using the public function to obtain a second public key with the length of 32 bytes; the second public key and the second private key form the second key pair.
In a possible implementation manner, the encryption module is configured to calculate the first public key and the second private key by using the public function to obtain a shared key; and using the shared key as the encryption key.
In a possible implementation manner, the encryption module is configured to search a video frame containing privacy information from the video file; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
encrypting the privacy information in the video frames containing the privacy information to obtain encrypted video frames, and replacing the video frames containing the privacy information in the video file with the encrypted video frames to obtain a replaced video file;
and encrypting the video file after the replacement processing by using the encryption key.
In a possible implementation manner, the encrypting module encrypts the privacy information in the video frame containing the privacy information, and includes:
sequentially extracting each pixel point in the privacy information from the video frame containing the privacy information;
encrypting each pixel point to obtain an encrypted pixel point;
and sequentially replacing each pixel point in the privacy information by each encrypted pixel point.
In a possible implementation manner, the encrypting the pixel point by the encryption module includes: negating the pixel points; and encrypting the pixel points after the negation by using the encryption key.
In a possible implementation manner, the camera device is a compound-eye camera device, the compound-eye camera device includes a plurality of camera modules, and each camera module generates a corresponding video file;
the first receiving module receives a plurality of first public keys for a plurality of times, and each received first public key corresponds to one video file;
the generation module generates a plurality of second key pairs for a plurality of times, wherein each generated second key pair corresponds to one video file;
the encryption module generates a corresponding encryption key by adopting a corresponding newly received first public key and a second private key in a newly generated second key pair aiming at each video file; and for each video file, encrypting by adopting a corresponding encryption key.
In a fifth aspect, the present disclosure provides a terminal device for implementing decryption of a video file, including:
the first reading module is used for reading the encrypted video file from the camera device;
the second reading module is used for reading a second public key generated by the camera device from the file header of the encrypted video file;
the first sending module is used for sending the second public key and the equipment identifier of the camera device to a server so that the server can search a first private key in a first key pair distributed for the camera device in advance by using the equipment identifier of the camera device and generate a decryption key by using the first private key and the second public key;
a second receiving module, configured to receive the decryption key from the server;
and the decryption module is used for decrypting the encrypted video file by using the decryption key.
In a possible implementation manner, the second reading module is further configured to read a timestamp from a header of the encrypted video file, where the timestamp records at least one of a sending time, a receiving time, and a generating time of a first public key, where the first public key is a public key in a first key pair that is previously allocated by the server to the image capturing apparatus;
the first sending module is further configured to send the timestamp to the server, so that the server searches for a first private key in a first key pair allocated to the image capturing apparatus in advance by using the device identifier of the image capturing apparatus and the timestamp.
In a possible implementation manner, the decryption module is further configured to calculate, according to the timestamp, a time interval between a generation time of the encrypted video file and a current time;
and under the condition that the time interval is greater than or equal to a preset threshold value, ending the decryption process of the encrypted video file and prompting that the encrypted video file is expired.
In a possible implementation manner, the first reading module is further configured to receive login information of a user; verifying the login information, and displaying at least one camera bound by the user under the condition that the login information passes the verification; receiving a file reading request for at least one camera device bound by the user.
In a possible implementation manner, the decryption module is further configured to:
under the condition that the video file obtained after decryption contains the video frames subjected to encryption processing, sequentially extracting all pixels subjected to encryption processing from the video frames containing the video frames subjected to encryption processing;
decrypting each encrypted pixel point to obtain privacy information; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
sequentially replacing each pixel point after encryption processing by each pixel point in the privacy information to obtain a restored video frame;
and replacing the encrypted video frame with the restored video frame.
In a possible implementation manner, the decrypting module decrypts the encrypted pixel to obtain the private information, including: decrypting the encrypted pixel points by adopting the decryption key; and negating the decrypted pixel points.
In a possible implementation manner, the first reading module is configured to read, from a compound-eye imaging apparatus, a plurality of encrypted video files corresponding to a plurality of imaging modules included in the compound-eye imaging apparatus;
the second reading module is configured to read a corresponding second public key from a file header of each encrypted video file;
the second receiving module is configured to receive a decryption key for each encrypted video file;
the decryption module is used for decrypting each encrypted video file by using the decryption key for each encrypted video file respectively and combining the video files obtained after decryption.
In a sixth aspect, the present disclosure provides a server for implementing key management, including:
the distribution module is used for distributing and storing a first key pair for the camera device for multiple times at regular intervals, wherein the first key pair comprises a first public key and a first private key;
and the second sending module is used for respectively sending the first public keys distributed for a plurality of times at regular intervals to the camera device so that the camera device can generate an encryption key by adopting the first public keys and a second private key in a second key pair generated by the camera device.
In a possible implementation manner, the server further includes a decryption key sending module, configured to receive, from a terminal device, a device identifier of the image capturing apparatus and a second public key in a second key pair generated by the image capturing apparatus; searching for a first key pair distributed and stored for the camera device by using the equipment identifier of the camera device; generating a decryption key by using the second public key and a first private key in the first key pair; and sending the decryption key to the terminal equipment.
In a possible implementation manner, the assigning module is configured to assign and store the first key pair for the image capturing apparatus multiple times at regular intervals, and record the time of assigning the first key pair each time.
In a possible implementation manner, the decryption key sending module is further configured to receive a timestamp from the terminal device, where the timestamp records at least one of sending time, receiving time, and generating time of the first public key; and searching for the first key pair which is distributed and stored for the camera device and corresponds to the timestamp by utilizing the equipment identification of the camera device, the timestamp and the time of distributing the first key pair each time.
In a possible implementation manner, the decryption key sending module is further configured to calculate, according to the timestamp, a time interval between a generation time of the encrypted video file and a current time; and prompting the terminal equipment that the encrypted video file is expired when the time interval is greater than or equal to a preset threshold value.
In a possible implementation manner, the distribution module is configured to randomly generate a first private key with a length of 32 bytes; calculating public parameters and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes; the first public key and the first private key constitute the first key pair.
In a possible implementation manner, the decryption key sending module is configured to calculate the second public key and the first private key by using the public function to obtain a shared key; using the shared key as the decryption key.
In a possible implementation manner, the allocation module is configured to, in a case that the image capturing apparatus is a compound-eye image capturing apparatus, allocate and store corresponding first key pairs to each image capturing module of the compound-eye image capturing apparatus;
the decryption key sending module is used for receiving a second public key in a second key pair corresponding to each camera module of the compound eye camera device from the terminal equipment; and generating a corresponding decryption key by adopting the corresponding second public key and the corresponding first private key in the first key pair aiming at each camera module of the compound eye camera device.
In a seventh aspect, the present disclosure provides a system for implementing video file encryption, including the above-mentioned image pickup apparatus, terminal device, and server.
In an eighth aspect, the present disclosure provides an electronic device comprising:
one or more processors;
a memory communicatively coupled to the one or more processors;
one or more computer programs, wherein the one or more computer programs are stored in the memory, which when executed by the electronic device, cause the electronic device to perform the method provided by the first aspect above.
In a ninth aspect, the present disclosure provides a computer-readable storage medium storing computer instructions which, when executed on a computer, cause the computer to perform the method provided by the first aspect.
The technical scheme provided by the disclosure at least comprises the following beneficial effects: the camera device receives the first public key distributed by the server for multiple times, generates a second key pair for multiple times, and generates an encryption key by adopting the latest first public key and a second private key in the second key pair when the video file needs to be encrypted; real-time updating of the encryption key is realized, and therefore security protection of the video file is improved.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
FIG. 1 is a schematic diagram of an application system of the present disclosure;
FIG. 2 is a flow chart of a video file encryption method according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of a video file decryption method according to an embodiment of the present disclosure;
FIG. 4 is a flow diagram of a password management method according to an embodiment of the present disclosure;
FIG. 5 is a flow diagram of a method for encrypting and decrypting a video file according to an embodiment of the present disclosure;
fig. 6 is a first schematic structural diagram of an image capturing apparatus for implementing video file encryption according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a second image capturing apparatus for implementing video file encryption according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a terminal device for implementing decryption of a video file according to an embodiment of the present disclosure;
FIG. 9 is a first schematic diagram of a server implementing key management according to an embodiment of the present disclosure;
FIG. 10 is a diagram illustrating a second structure of a server for implementing key management according to an embodiment of the present disclosure;
fig. 11 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The present disclosure will be described in further detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, circuits, etc., that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
The present disclosure provides a video file encryption method, a decryption method, and a key management method for encrypting a video file captured by an image capture apparatus. The camera device encrypts the video file by using a symmetric encryption algorithm when storing the video file, wherein the used encryption key is generated by the camera device and the key generated by the server together, so that the video file cannot be opened even if the video file runs off accidentally, and the privacy of a user is protected.
Fig. 1 is a schematic structural diagram of an application system of the present disclosure, and the system includes a camera 110, a terminal device 120, and a server 130. The Camera devices may be network cameras (IPC, IP Camera) or conventional cameras, and each Camera device has a corresponding device identifier. The terminal device may be a mobile terminal, a wearable device, a computer, a tablet computer, etc. installed with a specific Application (APP). A data channel can exist between the camera device and the terminal equipment, and after a user logs in the terminal equipment by inputting a correct user name and a correct password, the encrypted video file is read from the camera device through the terminal equipment; or the terminal equipment stores the encrypted video file in a memory card, inserts the memory card into the computer, and reads the encrypted video file from the memory card after the user successfully logs in the computer. Since the user reads the encrypted video file, the video file cannot be directly opened, and therefore a decryption key for decrypting the video file needs to be further acquired from the server through the terminal device. A user can bind a plurality of camera devices, and the user selects which camera devices need to view the recorded video files through the terminal equipment. The server may be a dedicated server for managing a key, or the key management function may be provided in another existing server having a communication connection with the image pickup apparatus and the terminal device.
The above briefly introduces the applied system architecture of the present disclosure, and the following introduces the video file encryption method, decryption method and key management method proposed by the present disclosure from the perspective of different devices.
Fig. 2 is a flowchart of a video file encryption method according to an embodiment of the present disclosure, which may be applied to a camera device, and the method includes:
s201: receiving a first public key for multiple times, wherein the first public key is a public key in a first key pair distributed by a server for the camera device for multiple times at regular intervals;
s202: generating a second key pair a plurality of times, the second key pair comprising a second public key and a second private key;
s203: generating an encryption key by using the newly received first public key and the newly generated second private key;
s204: the video file is encrypted using the encryption key.
The camera device may be an IPC or an IPC that captures an image and generates the video file.
The server may assign a first key pair to the camera, the first key pair including a first public key and a first private key.
Before the step S201, the method may further include:
and sending the equipment identification of the camera to a server so that the server records a first key pair distributed for the camera, wherein the first key pair comprises a first public key and a first private key.
For example, the image capturing apparatus accesses the server through the network, transmits its own device identifier to the server, and after the server assigns the first key pair to the image capturing apparatus, the server may store the correspondence between the device identifier and the first key pair assigned to the image capturing apparatus, and transmit the first public key in the first key pair to the image capturing apparatus.
The step S203 may be executed when the video file is generated, or when the video file needs to be encrypted. The server and the camera device generate key pairs for multiple times, and when the camera device generates a video file or needs to encrypt the video file, the latest first public key and the latest second private key are used for generating an encryption key and encrypting the video file, so that the dynamic change of the key is realized, and the safety of the video file can be further ensured.
The step S204 may further include: and writing the second public key into the file header of the encrypted video file.
Subsequently, if the user who binds the camera device successfully logs in the terminal device and sends a file reading request to the camera device through the terminal device, the method (executed by the camera device) may further include: and under the condition of receiving a file reading request of the terminal equipment, sending the encrypted video file to the terminal equipment. Or, in the case that the terminal device is specifically a computer device, if a memory card recording an encrypted video file is inserted into the computer device, the user may read the encrypted video file from the memory card after successfully logging in the computer device. Then, the terminal device may read the second public key from the file header of the encrypted video file.
Subsequently, the terminal device may send the second public key to a server, and the server generates a decryption key by using the second public key and the first private key, and sends the decryption key to the terminal device; the terminal device can perform decryption by using the decryption key. Therefore, the terminal equipment can obtain the decryption key only under the condition that the user successfully logs in, and the file can be decrypted.
The foregoing process will be described in detail in the following description of the method performed by the server and the terminal device.
In the above process, the video file may be encrypted by using a symmetric Encryption algorithm, for example, using an Advanced Encryption Standard (AES) algorithm. Wherein the encryption key and the decryption key are the same. To summarize the above description, the encryption key is generated by the image pickup apparatus using the first public key and the second private key, and the decryption key is generated by the server using the second public key and the first private key; the first public key and the first private key form a first key pair and are generated by the server; the second public key and the second private key form a second key pair which is generated by the camera device. In the present disclosure, the image capturing apparatus and the server may use a key exchange algorithm, such as an Elliptic curve Diffie-Hellman (EDCH) algorithm, to exchange keys.
Taking the example of using the currve 25519 to implement the EDCH algorithm, for example, before performing key exchange, the server randomly generates a first private key (as denoted by Sc) with a length of 32 bytes;
and calculating the public parameter (such as the public character string 9) and the first private key by using a public function (such as the Curve25519 function) to obtain a first public key (such as Pc) with the length of 32 bytes.
E.g., Pc = Curve25519 (Sc, 9).
The camera device randomly generates a second private key (as Sa) with the length of 32 bytes;
calculating the public parameter (such as a public character string, with a value of 9) and the second private key by using the public function (such as a Curve25519 function) to obtain a second public key (such as Pa) with the length of 32 bytes;
for example, Pa = Curve25519 (Sa, 9);
the second public key and the second private key form a second key pair.
Curve25519 is an elliptic Curve, provides 128-bit security, and is designed for use in ECDH key agreement schemes. The curve used is a montgomery curve over a quadratic extension of the prime field defined by prime numbers and the base point x = 9 is used. The protocol uses compressed ellipsoid points (only X coordinates), so it allows efficient use of Montgomery ladders for ECDH using only X-Z coordinates.
When the image capturing apparatus generates the encryption key using the first public key and the second private key, the following method may be adopted:
calculating the first public key and the second private key by adopting the public function to obtain a shared key; the shared key is used as an encryption key.
For example, a shared key (i.e., encryption key) calculated by the camera device
= Curve25519(Sa, Curve25519(Sc,9))
When the server generates the decryption key by using the second public key and the first private key, the following method can be adopted:
calculating the second public key and the first private key by adopting the public function to obtain a shared key; the shared key is used as a decryption key.
For example, the server computes a shared secret (i.e., decryption key)
= Curve25519(Sc, Curve25519(Sa,9))
The encryption key is the same as the decryption key.
In order to further ensure the security of the video file, the server may continuously generate the first key pair for the image capturing device multiple times, for example, the server periodically generates the first key pair for the image capturing device multiple times, and sends the first public key in the first key pair to the image capturing device; the imaging apparatus may generate the second key pair a plurality of times, for example, periodically. Therefore, when the camera device encrypts the video file, the latest first public key and the latest second private key are used for calculating the encryption key, so that the encryption key is continuously updated and is not easy to crack.
Accordingly, the image pickup apparatus in the above step S201 receiving the first public key a plurality of times may include: receiving and storing a first public key sent by a server for multiple times at regular intervals; when a new first public key is received from the server, the new first public key is adopted to cover the old first public key received from the server last time;
the first public key sent by the server for multiple times may refer to a first public key in a first key pair periodically allocated by the server for the image capturing apparatus. The overwriting of the old first public key received from the server last time with the new first public key may refer to saving the new first public key received from the server while deleting the old first public key received from the server last time.
Accordingly, the image pickup apparatus in the above-described step S202 may generate the second key pair a plurality of times, including: generating and storing a second key pair a plurality of times; when a new second key pair is generated, the new second key pair is adopted to cover the old second key pair generated last time;
for example, the image pickup apparatus randomly generates one second key pair every minute, generates a new second key pair, and then stores the new second key pair and deletes the old second key pair.
The file header of the encrypted video file may further include at least one of a timestamp, version information, and product information of the camera device, where the timestamp records at least one of a sending time, a receiving time, and a generating time of the first public key, such as a time when the server sends the first public key and/or a time when the camera device receives the first public key.
In some possible embodiments, the format of the header may be as shown in table 1 below:
TABLE 1
Figure 857266DEST_PATH_IMAGE001
As shown in table 1, the file header may include the following:
a HEAD Magic number (HEAD Magic) with a length of 3 bytes, and the value of the HEAD Magic number is fixed as 'IMI';
a remaining header length indicator (len) having a length of 2 bytes;
the encryption version number, such as version number v1.0.0, is 6 bytes in length;
the public key generated by the camera device is 32 bytes in length as Pa;
the equipment identification of the camera device is 32 bytes in length;
and the time stamp is 70 bytes in length.
The purpose of carrying the timestamp (or called first public key timestamp) in the header may include: the server can conveniently find the first private key corresponding to the first public key when generating the decryption key. Specifically, when encrypting a video file, the image capture device generates an encryption key using the latest first public key and the latest second private key, and when subsequently decrypting, the server needs to generate a decryption password using the first private key corresponding to the first public key and the second public key corresponding to the second private key. The terminal device reads the timestamps of the second public key and the first public key in the file header and can send the second public key and the timestamp to the server; in this way, the server can determine a first private key belonging to the same first key pair as the first public key according to the timestamp, and generate a decryption key by using the first private key and the second public key.
In addition, the timestamp can also be used for another protection of the video file, namely, the time represented by the timestamp is close to the time of the generation of the encryption key, namely close to the time of the generation of the video file; thus, the time when a video file already exists can be estimated from the time stamp. By using the characteristic, the time interval between the generation time of the encrypted video file and the current time (namely the existing time of the video file) can be calculated, and if the time interval is too large, the user is not allowed to watch the video file, so that the video file with the earlier generation time is protected. The specific process can be implemented in the terminal device or the server, and will be described in detail later in the method applied to the terminal device or the server.
In addition, the encryption key can encrypt the video file, and can also encrypt the video frame containing the privacy information in the video file; for example, the privacy information in the video frame including the privacy information is first encrypted, and then the entire video is encrypted. The double encryption mode further improves the safety of the video file.
Specifically, in some embodiments, the encrypting the video file by using the encryption key may include:
searching a video frame containing privacy information from the video file; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
encrypting the privacy information in the video frames containing the privacy information to obtain encrypted video frames, and replacing the video frames containing the privacy information in the video file with the encrypted video frames to obtain a replaced video file;
and encrypting the video file after the replacement processing by using the encryption key.
The encrypting the privacy information in the video frame containing the privacy information may include:
sequentially extracting each pixel point in the privacy information from the video frame containing the privacy information;
encrypting each pixel point to obtain an encrypted pixel point;
and sequentially replacing each pixel point in the privacy information by each encrypted pixel point.
For example, firstly, an image recognition technology is adopted to recognize privacy information in a video frame, wherein the privacy information can comprise a face key area image, a number plate image, a license plate image and the like; the position of the private information in the video can be represented in the form of (x, y, w, h), wherein x, y, w, h respectively represent an x-axis coordinate, a y-axis coordinate, a width of a rectangular frame and a height of the rectangular frame of a central point of the rectangular frame containing the private information in the video frame. After a rectangular frame containing the privacy information is positioned, sequentially extracting pixel points in the rectangular frame from left to right and from top to bottom, and respectively encrypting each pixel point to obtain encrypted pixel points; and then, sequentially replacing original pixel points in the rectangular frame by adopting the encrypted pixel points according to the sequence from left to right and from top to bottom to obtain a processed video frame. Then, replacing the original video frame in the video file with each processed video frame to obtain a processed video file; and finally, encrypting the processed video file to obtain the encrypted video file.
In some embodiments, the encrypting the pixel point may include:
negating the pixel points;
and encrypting the pixel points after the negation by using the encryption key.
For example, if the video frame is an RGB image, R, G, B values of a certain pixel are r, g, and b, respectively, and R, G, B values of the pixel are negated, respectively, to obtain 255-r, 255-g, and 255-b; and encrypting the value after the negation.
Further, the present disclosure can also be applied to a compound-eye imaging apparatus. The compound eye camera device is a novel camera device, and adopts a bionic structure similar to insect eyes, and organically combines images of a plurality of camera modules through a compound eye algorithm to present a picture which is consistent with monocular imaging experience and has ultrahigh resolution; the compound eye camera device has the advantages of larger monitoring range, longer monitoring distance and clearer image.
Compared with a monocular camera, a compound-eye imaging device has a high pixel size and a large data volume of an image synthesized by the compound-eye imaging device. In order to reduce the computational pressure when encrypting video files, the present disclosure may encrypt the video files generated by each camera module in the compound eye camera device separately. Correspondingly, the server generates N first key pairs for one compound eye camera at the same time, wherein each first key pair corresponds to one camera module of the compound eye camera; the compound eye camera device generates N second key pairs at the same time, and each second key pair corresponds to one camera module of the compound eye camera device; and N is the number of the camera modules in the compound eye camera device.
During encryption, the camera shooting device generates corresponding encryption keys by adopting a first public key in a first key pair and a second private key in a second key pair which are generated latest and correspond to each camera shooting module; and then the video image generated by the camera module is encrypted by adopting the encryption key. Correspondingly, the decryption key also needs to be calculated by using the second public key in the second key pair corresponding to the camera module and the first private key in the first key pair.
Specifically, in some embodiments, the receiving the first public key in step S201 may include: receiving a plurality of first public keys for a plurality of times, wherein each received first public key corresponds to one video file;
the generating of the second key pair in step S202 includes: generating a plurality of second key pairs for multiple times, wherein each generated second key pair corresponds to one video file;
the generating of the encryption key using the newly received first public key and the newly generated second private key in the above step S203 may include: generating a corresponding encryption key by adopting a corresponding newly received first public key and a second private key in a newly generated second key pair aiming at each video file;
the encrypting the video file with the encryption key in step S204 may include: and for each video file, encrypting by adopting a corresponding encryption key.
It can be seen that the above-described embodiment may be combined with the aforementioned embodiment that the first key pair and the second key pair are generated multiple times (e.g., periodically), for example, for a compound-eye imaging apparatus, the server generates N first key pairs at a time, and records the distribution time of the N first key pairs. And N is the number of the camera modules contained in the compound eye camera device. Likewise, the image pickup apparatus generates N second key pairs at a time. Therefore, dynamic updating of the corresponding passwords of the camera modules is realized.
Fig. 3 is a flowchart of a video file decryption method according to an embodiment of the present disclosure, where the method may be applied to a terminal device, and the method includes:
s301: reading the encrypted video file from the camera device;
s302: reading a second public key generated by the camera device from a file header of the encrypted video file;
s303: sending the second public key and the equipment identifier of the camera device to a server, so that the server searches a first private key in a first key pair distributed for the camera device in advance by using the equipment identifier of the camera device and generates a decryption key by using the first private key and the second public key;
s304: receiving the decryption key from the server;
s305: and decrypting the encrypted video file by using the decryption key.
After step S303, the server receives the second public key and the device identifier of the image capturing apparatus, may search, by using the device identifier, a first private key in a first key pair that is pre-allocated to the image capturing apparatus, and generate a decryption key by using the first private key and the second public key; the server may then feed back the generated decryption key to the terminal device.
The terminal device can be a mobile terminal, a wearable device, a computer, a tablet computer and the like provided with a specific APP. A data channel can exist between the terminal equipment and the camera device, and after a user logs in the terminal equipment by inputting a correct user name and a correct password, the encrypted video file is read from the camera device through the terminal equipment; alternatively, the terminal device stores the encrypted video file in a memory card, inserts the memory card into the computer, and reads the encrypted video file from the memory card of the image pickup apparatus after the user successfully logs in the computer. A user can bind a plurality of camera devices, and the user selects which camera devices need to view the recorded video files through the terminal equipment.
In some embodiments, the step S301 may further include, before the step S:
receiving login information of a user;
verifying the login information, and displaying at least one camera bound by the user under the condition that the login information passes the verification;
a file read request for at least one camera device to which the user is bound is received.
For example, a user inputs a user name and a key on a terminal device, the terminal device performs authentication using the user name and the key, and if the authentication is passed, a plurality of image capture devices bound by the user are displayed. A user can select one or more of the plurality of camera devices displayed by the terminal equipment and send a file reading request aiming at the selected camera devices; the terminal device receives the file reading request, and then obtains the encrypted video file and the decryption password in the above steps S301 to S305, and decrypts the video file. Therefore, the terminal equipment can acquire the video file and the decryption password only under the condition that the user is authenticated, and the video file can be checked only by a legal user.
The server may be a dedicated server for managing keys; the key management function may be provided in another server that is connected to the image pickup apparatus and the terminal device in the related art, and the server may be used as the server used in the present disclosure.
The contents of the first key pair, the second key pair, the decryption key, the generation mode of the encryption key, and the like are the same as the corresponding contents introduced in the video file encryption method, and are not described herein again.
In some embodiments, the above method may further comprise: reading a timestamp from a file header of the encrypted video file, wherein the timestamp records at least one of sending time, receiving time and generating time of a first public key, and the first public key is a public key in a first key pair which is distributed by a server for the camera in advance; the first key pair includes a first public key and a first private key.
Correspondingly, the terminal device further sends the timestamp to a server, so that the server searches a first private key in a first key pair allocated to the camera device in advance by using the device identifier of the camera device and the timestamp.
For example, the server assigns the first key pair to the image capturing apparatus multiple times, and records the time of assigning the first key pair each time, and the specific form may be as follows in table 2:
TABLE 2
Serial number First key pair Distribution time
1 (p1,s1) T1
2 (p2,s2) T2
N (pn,sn) Tn
Where px in (px, sx) (x =1,2, …, n) denotes the first public key, and sx denotes the first private key. The terminal device sends a timestamp to the server, wherein the timestamp records at least one of the sending time, the receiving time and the generating time of the first public key, and it is easy to understand that the time information indicated by the timestamp is consistent or basically consistent with the distribution time in the table 2; therefore, the server can determine which first public key of the first key pair is used for generating the encryption key according to the timestamp and table 2 above, and the server can extract the first private key of the first key pair and generate the decryption key by combining the second public key.
In addition to this, the above-mentioned time stamp can also be used for another protection of the video file. Specifically, the time represented by the timestamp is the same as or close to the time of the generation of the encryption key, that is, close to the time of the generation of the video file, and with this feature, the method may further include:
calculating the time interval between the generation time of the encrypted video file and the current time according to the timestamp;
and under the condition that the time interval is greater than or equal to a preset threshold value, ending the decryption process of the encrypted video file and prompting that the encrypted video file is expired.
In some possible embodiments, after decrypting the encrypted video file by using the decryption key, the method may further include:
under the condition that the video file obtained after decryption contains the video frames subjected to encryption processing, sequentially extracting all pixels subjected to encryption processing from the video frames containing the video frames subjected to encryption processing;
decrypting each encrypted pixel point to obtain privacy information; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
sequentially replacing each pixel point after encryption processing by each pixel point in the privacy information to obtain a restored video frame;
and replacing the encrypted video frame with the restored video frame.
Optionally, the decrypting the encrypted pixel point to obtain the privacy information may include:
decrypting the encrypted pixel points by adopting the decryption key;
and negating the decrypted pixel points.
The present disclosure may also be applied to decrypting an encrypted video file generated by a compound-eye imaging apparatus, and specifically, reading the encrypted video file from the imaging apparatus in the above step S301 may include: reading a plurality of encrypted video files corresponding to a plurality of camera modules included in a compound eye camera device from the compound eye camera device;
reading the second public key generated by the image capturing device from the file header of the encrypted video file in the step S302 may include: respectively reading corresponding second public keys from file headers of the encrypted video files;
the receiving the decryption key from the server in the above step S304 includes: receiving a decryption key for each of the encrypted video files;
the decrypting the encrypted video file by using the decryption key in the step S305 includes: and respectively decrypting each encrypted video file by using the decryption key aiming at each encrypted video file, and combining the video files obtained after decryption.
By respectively transmitting and decrypting the encrypted video files generated by the camera modules of the compound eye camera, the data transmission pressure of a communication network between the terminal equipment and the camera device is reduced, and the calculation complexity of the terminal equipment during decryption can be reduced. Moreover, because the encrypted video files of the camera modules are transmitted respectively, if one or some encrypted video files fail to be transmitted, the encrypted video files can be selected to be retransmitted independently, so that the data transmission pressure is further reduced.
Fig. 4 is a flowchart of a password management method according to an embodiment of the present disclosure, where the method may be applied to a server, and the method includes:
s401: the method comprises the steps that a server distributes and stores a first key pair for a camera device for multiple times at regular intervals, wherein the first key pair comprises a first public key and a first private key;
s402: and respectively sending each first public key distributed for a plurality of times at regular intervals to the image pickup device so that the image pickup device generates an encryption key by adopting the first public key and a second private key in a second key pair generated by the image pickup device.
The server may be a dedicated server for managing keys; the key management function may be provided in another server that is connected to the image pickup apparatus and the terminal device in the related art, and the server may be used as the server used in the present disclosure.
Alternatively, the server may assign and store the first key pair for the image capturing apparatus a plurality of times at regular intervals, and may include: the server allocates and stores the first key pair to the image pickup apparatus a plurality of times at regular intervals, and records the time of allocating the first key pair each time. The manner in which the server records the first key pair and assigns the time may be the same as in table 1 above.
The server allocates a first key pair once, may send a first public key of the first key pair to the image pickup apparatus, and the image pickup apparatus generates an encryption key for encrypting the video file by using the latest first public key and the latest second private key.
And after the terminal equipment reads the video file, extracting a second public key from the file header of the video file, and sending the equipment identifier of the camera device and the second public key to the server.
Accordingly, the above password management method applied to the server may further include:
receiving the equipment identification of the camera device and a second public key in a second key pair generated by the camera device from the terminal equipment;
searching a first key pair distributed and stored for the camera device by using the equipment identifier of the camera device;
generating a decryption key by using the second public key and a first private key in the first key pair;
and sending the decryption key to the terminal equipment.
The contents of the first key pair, the second key pair, the generation manner of the encryption key and the decryption key, and the like are the same as the corresponding contents introduced in the video file encryption method, and are not described herein again.
In some embodiments, the method applied to the server may further include:
receiving a timestamp from the terminal device, the timestamp recording at least one of a transmission time, a reception time, and a generation time of the first public key;
accordingly, the searching for the first key pair allocated and stored for the image capturing apparatus by using the device identifier of the image capturing apparatus may include: and searching for the first key pair which is distributed and stored for the camera device and corresponds to the timestamp by utilizing the equipment identification of the camera device, the timestamp and the time of distributing the first key pair each time. For example, the server searches for a first key pair and distribution time which are distributed to the camera for multiple times according to the equipment identifier of the camera, such as determining a table 1 corresponding to the camera; and then according to the time stamp, determining which first public key of the first key pair is used for generating the encryption key, and correspondingly, the server can extract the first private key of the first key pair and generate the decryption key by combining the second public key.
In addition to this, the above-mentioned time stamp can also be used for another protection of the video file. Specifically, the time represented by the timestamp is the same as or close to the time of the generation of the encryption key, that is, close to the time of the generation of the video file, and with this feature, the method may further include:
calculating the time interval between the generation time of the encrypted video file and the current time according to the timestamp;
and in the case that the time interval is greater than or equal to a preset threshold value, prompting the terminal equipment that the encrypted video file is expired.
In some embodiments, the server assigns a first key pair to the camera, comprising:
randomly generating a first private key with the length of 32 bytes;
calculating public parameters and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes; the first public key and the first private key constitute the first key pair.
In one possible implementation, generating a decryption key using the second public key and the first private key of the first key pair includes:
calculating the second public key and the first private key by adopting the public function to obtain a shared key;
using the shared key as the decryption key.
Further, in some possible implementations, the server assigning and maintaining the first key pair for the camera includes: under the condition that the camera device is a compound eye camera device, the server respectively distributes and stores corresponding first key pairs for all camera modules of the compound eye camera device;
the second public key of the second key pair generated by the camera device received from the terminal equipment comprises: a second public key in a second key pair corresponding to each camera module of the compound eye camera device;
the generating a decryption key using the second public key and the first private key of the first key pair comprises: and generating a corresponding decryption key by adopting the corresponding second public key and the corresponding first private key in the first key pair aiming at each camera module of the compound eye camera device.
The video file encryption method applied to the image pickup apparatus, the video file decryption method applied to the terminal device, and the key management method applied to the server in the present solution have been described above, respectively. The system composed of the camera device, the terminal equipment and the server can realize encryption protection on the video file, so that the privacy of a user is protected. The following describes a complete video file encryption and decryption process by integrating the above three-terminal devices.
Fig. 5 is a flowchart of a video file encryption and decryption method according to an embodiment of the present disclosure, which may be applied to a system consisting of an image pickup apparatus, a terminal device, and a server, the method including:
s501: the camera device (such as IPC) acquires the connection network and completes the binding action with the user.
S502: the image pickup apparatus accesses a server, and the server records a device identifier of the image pickup apparatus and generates a first key pair for key agreement including a first public key (hereinafter Pc) and a first private key (hereinafter Sc).
S503: and the server issues the first public key Pc to the camera device.
The server may perform the key generation and issuing actions in steps S502 and S503 described above a plurality of times, and record the first key pair and the assignment time after assigning the first key pair each time. Each time the camera receives Pc, the old Pc received from the server last time may be overwritten with the new Pc.
S504: the image pickup device stores the first public key Pc and records a time stamp (hereinafter referred to as TS 1).
If the image pickup apparatus receives Pc from the server a plurality of times, it records the latest received Pc and a timestamp of the Pc, which may indicate a transmission time, a reception time, a generation time, a distribution time, or the like of the Pc.
S505: the image capturing apparatus randomly generates (e.g., periodically randomly generates) a second key pair including a second public key (hereinafter Pa) and a second private key (hereinafter Sa) a plurality of times.
After generating the new second key pair, the image pickup apparatus may overwrite the old second key pair generated last time with the new second key pair.
S506: the image pickup apparatus generates a shared key (hereinafter, shared key) using Pc and Sa, and uses the shared key as an encryption key.
S507: the image pickup device encrypts the video file by using the share _ key, and writes contents such as timestamps of Pa and Pc, version information, product information of the image pickup device and the like into a file header of the encrypted video file.
S508: after a user successfully logs in a terminal device (such as a specific APP or PC client), a file reading request for a camera bound by the user is sent to the terminal device. And the terminal equipment acquires the encrypted video file from the camera device.
S509: and the terminal equipment reads information such as the timestamps of Pa and Pc from the file header of the encrypted video file and sends the timestamps of Pa and Pc and the equipment identifier of the camera to the server.
S510: the server determines Sc assigned to the image pickup apparatus and belonging to the same first key pair as Pc based on the device identifier of the image pickup apparatus and the time stamp of Pc, generates a shared key using Pa and Sc, the shared key being equal to the shared key (i.e., encryption key) generated in step S506 and also denoted as share _ key, and uses the generated shared key as a decryption key.
S511: the server sends the decryption key (i.e. share _ key) to the terminal device, and the terminal device decrypts the encrypted video file by using the decryption key. After decryption is completed, the terminal device may save the decrypted video file.
In the above process, the camera and the server may use a key exchange algorithm, for example, an Elliptic curve Diffie-Hellman (EDCH) algorithm to exchange keys. Specifically, the contents of the first key pair, the second key pair, the generation manner of the encryption key, the generation manner of the decryption key, and the like are the same as the corresponding contents introduced in the video file encryption method, and are not described herein again.
In addition, the terminal device or the server may also determine a time interval between the generation time of the encrypted video file and the current time, that is, determine the storage duration of the encrypted video file, by using the timestamp; if the time interval is greater than or equal to the predetermined threshold, the decryption process for the encrypted video file is ended. For example, in step S509, after the terminal device reads the timestamp, the time interval between the generation time of the encrypted video file and the current time may be calculated, and if the time interval is greater than or equal to the predetermined threshold, the current process may be ended, the encrypted video file is not decrypted, and the user is prompted that the encrypted video file is expired. Or, in step S510, after receiving the timestamp, the server may calculate a time interval between the generation time of the encrypted video file and the current time, and if the time interval is greater than or equal to a predetermined threshold, the server may end the current process, stop calculating the decryption key, and prompt the terminal device that the encrypted video file is expired.
Fig. 6 is a first schematic structural diagram of an image capturing apparatus for implementing video file encryption according to an embodiment of the present disclosure. The image pickup apparatus includes:
a first receiving module 610, configured to receive a first public key multiple times, where the first public key is a public key in a first key pair that is periodically and multiple-times distributed by a server to the image capturing apparatus;
a generating module 620, configured to generate a second key pair for multiple times, where the second key pair includes a second public key and a second private key;
an encryption module 630, configured to generate an encryption key using the newly received first public key and the newly generated second private key; and encrypting the video file by using the encryption key.
Fig. 7 is a schematic structural diagram of an image capturing apparatus for implementing video file encryption according to an embodiment of the present disclosure. As shown in fig. 7, the image pickup apparatus includes: a first receiving module 610, a generating module 620, an encrypting module 630 and an identification sending module 740;
the first receiving module 610, the generating module 620 and the encrypting module 630 are the same as the corresponding modules in fig. 6;
an identifier sending module 740, configured to send the device identifier of the image capture apparatus to a server, so that the server records a first key pair allocated to the image capture apparatus, where the first key pair includes the first public key and a first private key.
In a possible implementation manner, the encryption module 630 is further configured to: and writing the second public key into a file header of the encrypted video file.
As shown in fig. 7, in a possible implementation manner, the image capturing apparatus further includes:
a file sending module 750, configured to send the encrypted video file to a terminal device when the image capturing apparatus receives a file reading request from the terminal device.
In a possible implementation manner, the file header of the encrypted video file also carries at least one of a timestamp, version information and product information of the camera device;
wherein the timestamp records at least one of a transmission time, a reception time, and a generation time of the first public key.
In a possible implementation manner, the first receiving module 610 is configured to receive and store a first public key sent by the server for multiple times at regular intervals; when a new first public key is received from the server, the new first public key is adopted to cover an old first public key received from the server last time;
the generating module 620 is configured to generate and store a second key pair for multiple times; when a new second key pair is generated, the new second key pair is adopted to cover the old second key pair generated last time.
In one possible implementation, the first public key received from the server is generated by the server by:
randomly generating a first private key with the length of 32 bytes;
and calculating the public parameter and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes.
In a possible implementation manner, the generating module 620 is configured to randomly generate a second private key with a length of 32 bytes; calculating the public parameter and the second private key by using the public function to obtain a second public key with the length of 32 bytes; the second public key and the second private key form the second key pair.
In a possible implementation manner, the encryption module 630 is configured to calculate the first public key and the second private key by using the public function to obtain a shared key; and using the shared key as the encryption key.
In a possible implementation manner, the encryption module 630 is configured to search for a video frame containing privacy information from the video file; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
encrypting the privacy information in the video frames containing the privacy information to obtain encrypted video frames, and replacing the video frames containing the privacy information in the video file with the encrypted video frames to obtain a replaced video file;
and encrypting the video file after the replacement processing by using the encryption key.
In a possible implementation manner, the encrypting module 630 encrypts the privacy information in the video frame containing the privacy information, and includes:
sequentially extracting each pixel point in the privacy information from the video frame containing the privacy information;
encrypting each pixel point to obtain an encrypted pixel point;
and sequentially replacing each pixel point in the privacy information by each encrypted pixel point.
In a possible implementation manner, the encrypting module 630 performs encryption processing on the pixel point, including: negating the pixel points; and encrypting the pixel points after the negation by using the encryption key.
In a possible implementation manner, the camera device is a compound-eye camera device, the compound-eye camera device includes a plurality of camera modules, and each camera module generates a corresponding video file;
the first receiving module 610 receives a plurality of first public keys for a plurality of times, wherein each received first public key corresponds to one video file;
the generating module 620 generates a plurality of second key pairs for a plurality of times, wherein each generated second key pair corresponds to one video file;
the encryption module 630 generates a corresponding encryption key by using the corresponding latest received first public key and the latest generated second private key of the second key pair for each video file; and for each video file, encrypting by adopting a corresponding encryption key.
Fig. 8 is a schematic structural diagram of a terminal device for implementing video file decryption according to an embodiment of the present disclosure. The terminal device includes:
a first reading module 810, configured to read an encrypted video file from a camera;
a second reading module 820, configured to read a second public key generated by the image capturing apparatus from a file header of the encrypted video file;
a first sending module 830, configured to send the second public key and the device identifier of the image capturing apparatus to a server, so that the server searches, by using the device identifier of the image capturing apparatus, a first private key in a first key pair that is pre-allocated to the image capturing apparatus, and generates a decryption key by using the first private key and the second public key;
a second receiving module 840, configured to receive the decryption key from the server;
and a decryption module 850, configured to decrypt the encrypted video file with the decryption key.
In a possible implementation manner, the second reading module 820 is further configured to read a timestamp from a file header of the encrypted video file, where the timestamp records at least one of a sending time, a receiving time, and a generating time of a first public key, where the first public key is a public key in a first key pair that is previously allocated by the server to the image capturing apparatus;
the first sending module 830 is further configured to send the timestamp to the server, so that the server searches for a first private key in a first key pair allocated to the image capturing apparatus in advance by using the device identifier of the image capturing apparatus and the timestamp.
In a possible implementation manner, the decryption module 850 is further configured to calculate, according to the timestamp, a time interval between the generation time of the encrypted video file and the current time;
and under the condition that the time interval is greater than or equal to a preset threshold value, ending the decryption process of the encrypted video file and prompting that the encrypted video file is expired.
In a possible implementation manner, the first reading module 810 is further configured to receive login information of a user; verifying the login information, and displaying at least one camera bound by the user under the condition that the login information passes the verification; receiving a file reading request for at least one camera device bound by the user.
In a possible implementation manner, the decryption module 850 is further configured to:
under the condition that the video file obtained after decryption contains the video frames subjected to encryption processing, sequentially extracting all pixels subjected to encryption processing from the video frames containing the video frames subjected to encryption processing;
decrypting each encrypted pixel point to obtain privacy information; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
sequentially replacing each pixel point after encryption processing by each pixel point in the privacy information to obtain a restored video frame;
and replacing the encrypted video frame with the restored video frame.
In a possible implementation manner, the decryption module 850 performs decryption processing on the encrypted pixel point to obtain the private information, including: decrypting the encrypted pixel points by adopting the decryption key; and negating the decrypted pixel points.
In a possible implementation manner, the first reading module 810 is configured to read, from a compound-eye imaging apparatus, a plurality of encrypted video files corresponding to a plurality of imaging modules included in the compound-eye imaging apparatus;
the second reading module 820 is configured to read a corresponding second public key from a header of each encrypted video file;
the second receiving module 840 is configured to receive a decryption key for each encrypted video file;
the decryption module 850 is configured to decrypt each encrypted video file by using the decryption key for each encrypted video file, and combine the decrypted video files.
Fig. 9 is a first schematic structural diagram of a server implementing key management according to an embodiment of the present disclosure. The server includes:
the distribution module 910 is configured to distribute and store a first key pair for the image capturing apparatus for multiple times at regular intervals, where the first key pair includes a first public key and a first private key;
the second sending module 920 is configured to send each first public key distributed for multiple times at regular intervals to the image capturing apparatus, so that the image capturing apparatus generates an encryption key by using the first public key and a second private key in a second key pair generated by the image capturing apparatus.
Fig. 10 is a schematic structural diagram of a server implementing key management according to an embodiment of the present disclosure. The server includes: a distribution module 910, a second sending module 920 and a decryption key sending module 1030;
the allocating module 910 and the second sending module 920 have the same functions as the corresponding modules in fig. 9;
a decryption key sending module 1030, configured to receive, from a terminal device, a device identifier of the image capturing apparatus and a second public key in a second key pair generated by the image capturing apparatus; searching for a first key pair distributed and stored for the camera device by using the equipment identifier of the camera device; generating a decryption key by using the second public key and a first private key in the first key pair; and sending the decryption key to the terminal equipment.
In a possible implementation manner, the assigning module 910 is configured to assign and store the first key pair for the image capturing apparatus multiple times at regular intervals, and record the time of assigning the first key pair each time.
In a possible implementation manner, the decryption key sending module 1030 is further configured to receive a timestamp from the terminal device, where the timestamp records at least one of a sending time, a receiving time, and a generating time of the first public key; and searching for the first key pair which is distributed and stored for the camera device and corresponds to the timestamp by utilizing the equipment identification of the camera device, the timestamp and the time of distributing the first key pair each time.
In a possible implementation manner, the decryption key sending module 1030 is further configured to calculate, according to the timestamp, a time interval between the generation time of the encrypted video file and the current time; and prompting the terminal equipment that the encrypted video file is expired when the time interval is greater than or equal to a preset threshold value.
In a possible implementation manner, the allocating module 910 is configured to randomly generate a first private key with a length of 32 bytes; calculating public parameters and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes; the first public key and the first private key constitute the first key pair.
In a possible implementation manner, the decryption key sending module 1030 is configured to calculate the second public key and the first private key by using the public function to obtain a shared key; using the shared key as the decryption key.
In a possible implementation manner, the allocating module 910 is configured to, in a case that the image capturing apparatus is a compound-eye image capturing apparatus, allocate and store corresponding first key pairs to each image capturing module of the compound-eye image capturing apparatus;
the decryption key transmitting module 1030 is configured to receive, from the terminal device, a second public key in a second key pair corresponding to each camera module of the compound-eye camera apparatus; and generating a corresponding decryption key by adopting the corresponding second public key and the corresponding first private key in the first key pair aiming at each camera module of the compound eye camera device.
The disclosure also provides a system for realizing video file encryption, which comprises the camera device, the terminal equipment and the server.
It should be noted that, in the embodiment of the present disclosure, the division of each functional unit is schematic, and is only one logical functional division, and there may be another division manner in actual implementation. Each functional unit in the embodiments of the present disclosure may be integrated into one processing unit, each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method provided by the embodiments of the present disclosure. And the aforementioned storage medium includes: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, etc. for storing program codes.
Fig. 11 is a block diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 11, the electronic apparatus includes: a memory 1110 and a processor 1120, the memory 1110 having stored therein computer programs that are executable on the processor 1120. The number of the memory 1110 and the processor 1120 may be one or more. The memory 1110 may store one or more computer programs that, when executed by the electronic device, cause the electronic device to perform the methods provided by the above-described method embodiments.
The electronic device further includes:
the communication interface 1130 is used for communicating with an external device to perform data interactive transmission.
If the memory 1110, the processor 1120, and the communication interface 1130 are implemented independently, the memory 1110, the processor 1120, and the communication interface 1130 may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 11, but this is not intended to represent only one bus or type of bus.
Optionally, in an implementation, if the memory 1110, the processor 1120, and the communication interface 1130 are integrated on a chip, the memory 1110, the processor 1120, and the communication interface 1130 may complete communication with each other through an internal interface.
The embodiment of the present disclosure also provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are run on a computer, the computer is caused to execute the method provided by the above method embodiment.
The embodiment of the present disclosure further provides a computer program product, where the computer program product is used to store a computer program, and when the computer program is executed by a computer, the computer may implement the method provided by the above method embodiment.
The embodiment of the disclosure also provides a chip, which is coupled with the memory, and is used for implementing the method provided by the embodiment of the method.
It should be understood that the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be a processor supporting an Advanced reduced instruction set machine (ARM) architecture.
Further, optionally, the memory may include a read-only memory and a random access memory, and may further include a nonvolatile random access memory. The memory may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may include a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can include Random Access Memory (RAM), which acts as external cache Memory. By way of example, and not limitation, many forms of RAM are available. For example, Static Random Access Memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data rate Synchronous Dynamic Random Access Memory (DDR SDRAM), Enhanced SDRAM (ESDRAM), SLDRAM (SLDRAM), and Direct RAMBUS RAM (DR RAM).
In the above embodiments, the implementation may be wholly or partly realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the disclosure to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, bluetooth, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., Digital Versatile Disk (DVD)), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others. Notably, the computer-readable storage media referred to in this disclosure may be non-volatile storage media, in other words, non-transitory storage media.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
In the description of the embodiments of the present disclosure, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present disclosure. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
In the description of the embodiments of the present disclosure, "/" indicates an OR meaning, for example, A/B may indicate A or B; "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone.
In the description of the embodiments of the present disclosure, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the embodiments of the present disclosure, "a plurality" means two or more unless otherwise specified.
The above description is only exemplary of the present disclosure and is not intended to limit the present disclosure, and any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (36)

1. A video file encryption method is applied to a camera device, and is characterized by comprising the following steps:
receiving a first public key for multiple times, wherein the first public key is a public key in a first key pair distributed by a server for the camera device for multiple times at regular intervals;
generating a second key pair a plurality of times, the second key pair comprising a second public key and a second private key;
generating an encryption key by using the newly received first public key and the newly generated second private key;
and encrypting the video file by using the encryption key.
2. The method of claim 1, wherein receiving the first public key further comprises:
and sending the equipment identifier of the camera device to a server so that the server records a first key pair distributed for the camera device, wherein the first key pair comprises the first public key and a first private key.
3. The method of claim 1 or 2, further comprising:
and writing the second public key into a file header of the encrypted video file.
4. The method of claim 3, further comprising:
and under the condition that the camera device receives a file reading request of the terminal equipment, sending the encrypted video file to the terminal equipment.
5. The method according to claim 3, wherein at least one of a timestamp, version information, and product information of the camera device is also carried in a header of the encrypted video file;
wherein the timestamp records at least one of a transmission time, a reception time, and a generation time of the first public key.
6. The method of claim 1 or 2, wherein the receiving the first public key a plurality of times comprises: receiving and storing a first public key sent by a server for multiple times at regular intervals; when a new first public key is received from the server, the new first public key is adopted to cover an old first public key received from the server last time;
the generating a second key pair a plurality of times comprises: generating and storing a second key pair a plurality of times; when a new second key pair is generated, the new second key pair is adopted to cover the old second key pair generated last time.
7. Method according to claim 1 or 2, characterized in that the first public key received from the server is generated by the server by:
randomly generating a first private key with the length of 32 bytes;
and calculating the public parameter and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes.
8. The method of claim 7, wherein generating the second key pair comprises:
randomly generating a second private key with the length of 32 bytes;
calculating the public parameter and the second private key by using the public function to obtain a second public key with the length of 32 bytes; the second public key and the second private key form the second key pair.
9. The method of claim 8, wherein generating an encryption key using the most recently received first public key and the most recently generated second private key comprises:
calculating the latest received first public key and the latest generated second private key by adopting the public function to obtain a shared key;
and using the shared key as the encryption key.
10. The method according to claim 1 or 2, wherein said encrypting the video file using the encryption key comprises:
searching a video frame containing privacy information from the video file; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
encrypting the privacy information in the video frames containing the privacy information to obtain encrypted video frames, and replacing the video frames containing the privacy information in the video file with the encrypted video frames to obtain a replaced video file;
and encrypting the video file after the replacement processing by using the encryption key.
11. The method according to claim 10, wherein the encrypting the privacy information in the video frame containing the privacy information comprises:
sequentially extracting each pixel point in the privacy information from the video frame containing the privacy information;
encrypting each pixel point to obtain an encrypted pixel point;
and sequentially replacing each pixel point in the privacy information by each encrypted pixel point.
12. The method of claim 11, wherein the cryptographic processing of the pixel points comprises:
negating the pixel points;
and encrypting the pixel points after the negation by using the encryption key.
13. The method according to claim 1 or 2, wherein the camera device is a compound-eye camera device comprising a plurality of camera modules, each camera module generating a corresponding video file;
the receiving the first public key a plurality of times includes: receiving a plurality of first public keys for a plurality of times, wherein each received first public key corresponds to one video file;
the generating a second key pair a plurality of times comprises: generating a plurality of second key pairs for a plurality of times, wherein each generated second key pair corresponds to one video file;
the generating an encryption key using the newly received first public key and the newly generated second private key includes: generating a corresponding encryption key by adopting a corresponding newly received first public key and a second private key in a newly generated second key pair aiming at each video file;
the encrypting the video file by using the encryption key comprises: and for each video file, encrypting by adopting a corresponding encryption key.
14. A video file decryption method is applied to terminal equipment, and is characterized by comprising the following steps:
reading the encrypted video file from the camera device;
reading a second public key generated by the camera device from a file header of the encrypted video file;
sending the second public key and the equipment identifier of the camera device to a server, so that the server searches a first private key in a first key pair distributed for the camera device in advance by using the equipment identifier of the camera device and generates a decryption key by using the first private key and the second public key;
receiving the decryption key from the server;
and decrypting the encrypted video file by using the decryption key.
15. The method of claim 14, further comprising:
reading a timestamp from a file header of the encrypted video file, wherein the timestamp records at least one of sending time, receiving time and generating time of a first public key, and the first public key is a public key in a first key pair which is distributed by the server for the camera in advance;
and sending the timestamp to the server so that the server searches a first private key in a first key pair distributed for the camera in advance by using the equipment identifier of the camera and the timestamp.
16. The method of claim 15, further comprising:
calculating the time interval between the generation time of the encrypted video file and the current time according to the timestamp;
and under the condition that the time interval is greater than or equal to a preset threshold value, ending the decryption process of the encrypted video file and prompting that the encrypted video file is expired.
17. The method of any of claims 14 to 16, further comprising:
receiving login information of a user;
verifying the login information, and displaying at least one camera bound by the user under the condition that the login information passes the verification;
receiving a file reading request for at least one camera device bound by the user;
correspondingly, the reading of the encrypted video file from the camera device includes:
and reading the video file encrypted by the target camera device from the target camera device based on the file reading request, wherein the target camera device is the camera device bound by the user.
18. The method according to any one of claims 14 to 16, wherein after decrypting the encrypted video file with the decryption key, further comprising:
under the condition that the video file obtained after decryption contains the video frames subjected to encryption processing, sequentially extracting all pixels subjected to encryption processing from the video frames containing the video frames subjected to encryption processing;
decrypting each encrypted pixel point to obtain privacy information; the privacy information comprises at least one of a face key area image, a number plate image and a license plate image;
sequentially replacing each pixel point after encryption processing by each pixel point in the privacy information to obtain a restored video frame;
and replacing the encrypted video frame with the restored video frame.
19. The method of claim 18, wherein decrypting the encrypted pixels comprises:
decrypting the encrypted pixel points by adopting the decryption key;
and negating the decrypted pixel points.
20. The method according to any one of claims 14 to 16,
the reading of the encrypted video file from the image pickup apparatus includes: reading a plurality of encrypted video files corresponding to a plurality of camera modules included in a compound eye camera device from the compound eye camera device;
the reading of the second public key generated by the camera device from the file header of the encrypted video file includes: respectively reading corresponding second public keys from file headers of the encrypted video files;
the receiving the decryption key from the server comprises: receiving a decryption key for each of the encrypted video files;
the decrypting the encrypted video file by using the decryption key includes: and respectively decrypting each encrypted video file by using the decryption key aiming at each encrypted video file, and combining each decrypted video file.
21. A key management method is applied to a server, and is characterized in that the method comprises the following steps:
the method comprises the steps that a server distributes and stores a first key pair for a camera device for multiple times at regular intervals, wherein the first key pair comprises a first public key and a first private key;
and respectively sending each first public key distributed for multiple times at regular intervals to an image pickup device so that the image pickup device generates an encryption key by using the first public key and a second private key in a second key pair generated by the image pickup device.
22. The method of claim 21, further comprising:
receiving the equipment identification of the camera device and a second public key in a second key pair generated by the camera device from the terminal equipment;
searching for a first key pair distributed and stored for the camera device by using the equipment identifier of the camera device;
generating a decryption key by using the second public key and a first private key in the first key pair;
and sending the decryption key to the terminal equipment.
23. The method of claim 22, wherein the server periodically assigns and stores the first key pair for the camera a plurality of times, comprising: the server allocates and stores the first key pair to the image pickup apparatus a plurality of times at regular intervals, and records the time of allocating the first key pair each time.
24. The method of claim 23, further comprising: receiving a timestamp from the terminal device, the timestamp recording at least one of a transmission time, a reception time, and a generation time of the first public key;
the searching for the first key pair allocated and stored for the camera device by using the device identifier of the camera device includes: and searching for the first key pair which is distributed and stored for the camera device and corresponds to the timestamp by utilizing the equipment identification of the camera device, the timestamp and the time of distributing the first key pair each time.
25. The method of claim 24, further comprising:
calculating the time interval between the generation time of the encrypted video file and the current time according to the timestamp;
and prompting the terminal equipment that the encrypted video file is expired when the time interval is greater than or equal to a preset threshold value.
26. The method according to any one of claims 22 to 25, wherein the server assigns a first key pair to the camera device, comprising:
randomly generating a first private key with the length of 32 bytes;
calculating public parameters and the first private key by adopting a public function to obtain a first public key with the length of 32 bytes; the first public key and the first private key constitute the first key pair.
27. The method of claim 26, wherein generating a decryption key using the second public key and a first private key of the first key pair comprises:
calculating the second public key and the first private key by adopting the public function to obtain a shared key;
using the shared key as the decryption key.
28. The method according to any one of claims 22 to 25,
the server distributing and storing a first key pair for the camera device includes: under the condition that the camera device is a compound eye camera device, the server respectively distributes and stores corresponding first key pairs for all camera modules of the compound eye camera device;
the second public key of the second key pair generated by the camera device received from the terminal equipment comprises: a second public key in a second key pair corresponding to each camera module of the compound eye camera device;
the generating a decryption key using the second public key and the first private key of the first key pair comprises: and generating a corresponding decryption key by adopting the corresponding second public key and the corresponding first private key in the first key pair aiming at each camera module of the compound eye camera device.
29. An image pickup apparatus that encrypts a video file, comprising:
the first receiving module is used for receiving a first public key for multiple times, wherein the first public key is a public key in a first key pair distributed by the server for the camera device for multiple times at regular intervals;
the generation module is used for generating a second key pair for multiple times, wherein the second key pair comprises a second public key and a second private key;
the encryption module is used for generating an encryption key by utilizing the newly received first public key and the newly generated second private key; and encrypting the video file by using the encryption key.
30. The image pickup apparatus according to claim 29, further comprising:
and the identification sending module is used for sending the equipment identification of the camera device to a server so as to record a first key pair distributed for the camera device by the server, wherein the first key pair comprises the first public key and a first private key.
31. A terminal device for implementing decryption of a video file, comprising:
the first reading module is used for reading the encrypted video file from the camera device;
the second reading module is used for reading a second public key generated by the camera device from the file header of the encrypted video file;
the first sending module is used for sending the second public key and the equipment identifier of the camera device to a server so that the server can search a first private key in a first key pair distributed for the camera device in advance by using the equipment identifier of the camera device and generate a decryption key by using the first private key and the second public key;
a second receiving module, configured to receive the decryption key from the server;
and the decryption module is used for decrypting the encrypted video file by using the decryption key.
32. The terminal device of claim 31,
the second reading module is further configured to read a timestamp from a file header of the encrypted video file, where the timestamp records at least one of sending time, receiving time, and generating time of a first public key, where the first public key is a public key in a first key pair that is previously allocated by the server to the image capture device;
the first sending module is further configured to send the timestamp to the server, so that the server searches for a first private key in a first key pair allocated to the image capturing apparatus in advance by using the device identifier of the image capturing apparatus and the timestamp.
33. A server for implementing key management, the server comprising:
the distribution module is used for distributing and storing a first key pair for the camera device for multiple times at regular intervals, wherein the first key pair comprises a first public key and a first private key;
and the second sending module is used for respectively sending each first public key distributed for multiple times at regular intervals to the camera device so that the camera device generates an encryption key by adopting the first public key and a second private key in a second key pair generated by the camera device.
34. A system for implementing encryption of video files, the system comprising: the camera of claim 29 or 30, the terminal device of claim 31 or 32, and the server of claim 33.
35. An electronic device, comprising:
one or more processors;
a memory communicatively coupled to the one or more processors;
one or more computer programs, wherein the one or more computer programs are stored in the memory, which when executed by the electronic device, cause the electronic device to perform the method of any of claims 1-28.
36. A computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 28.
CN202111178714.8A 2021-10-11 2021-10-11 Video file encryption method, decryption method and key management method Pending CN113613040A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111178714.8A CN113613040A (en) 2021-10-11 2021-10-11 Video file encryption method, decryption method and key management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111178714.8A CN113613040A (en) 2021-10-11 2021-10-11 Video file encryption method, decryption method and key management method

Publications (1)

Publication Number Publication Date
CN113613040A true CN113613040A (en) 2021-11-05

Family

ID=78343447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111178714.8A Pending CN113613040A (en) 2021-10-11 2021-10-11 Video file encryption method, decryption method and key management method

Country Status (1)

Country Link
CN (1) CN113613040A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070083473A1 (en) * 2005-10-11 2007-04-12 Farrugia Augustin J Use of media storage structure with multiple pieces of content in a content-distribution system
CN105491051A (en) * 2015-12-14 2016-04-13 讯美电子科技有限公司 Method for preventing video stream data from being illegally accessed
CN108768920A (en) * 2018-03-26 2018-11-06 苏州科达科技股份有限公司 A kind of recorded broadcast data processing method and device
CN109413449A (en) * 2018-11-08 2019-03-01 高斯贝尔数码科技股份有限公司 A kind of video-encryption decryption method and system
CN110446105A (en) * 2019-09-20 2019-11-12 网易(杭州)网络有限公司 Video-encryption, decryption method and device
CN110557591A (en) * 2018-05-31 2019-12-10 杭州海康威视数字技术股份有限公司 Network camera, video encryption transmission system and video encryption method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070083473A1 (en) * 2005-10-11 2007-04-12 Farrugia Augustin J Use of media storage structure with multiple pieces of content in a content-distribution system
CN105491051A (en) * 2015-12-14 2016-04-13 讯美电子科技有限公司 Method for preventing video stream data from being illegally accessed
CN108768920A (en) * 2018-03-26 2018-11-06 苏州科达科技股份有限公司 A kind of recorded broadcast data processing method and device
CN110557591A (en) * 2018-05-31 2019-12-10 杭州海康威视数字技术股份有限公司 Network camera, video encryption transmission system and video encryption method
CN109413449A (en) * 2018-11-08 2019-03-01 高斯贝尔数码科技股份有限公司 A kind of video-encryption decryption method and system
CN110446105A (en) * 2019-09-20 2019-11-12 网易(杭州)网络有限公司 Video-encryption, decryption method and device

Similar Documents

Publication Publication Date Title
CN109471844B (en) File sharing method and device, computer equipment and storage medium
CN106452775B (en) Method and device for realizing electronic signature and signature server
TWI354898B (en)
US20160164849A1 (en) Technologies For Synchronizing And Restoring Reference Templates
WO2020186827A1 (en) User authentication method and apparatus, computer device and computer-readable storage medium
CN110380864B (en) Method, device and system for acquiring and verifying face data
US10659226B2 (en) Data encryption method, decryption method, apparatus, and system
US9769654B2 (en) Method of implementing a right over a content
CN104735484B (en) A kind of method and device for playing video
WO2020186823A1 (en) Blockchain-based data querying method, device, system and apparatus, and storage medium
KR102024339B1 (en) Memory system and binding method between the same and host
CN108809655B (en) Data processing method, device, equipment and storage medium
CN109768979B (en) Data encryption transmission method and device, computer equipment and storage medium
US20150304321A1 (en) An image management system and an image management method based on fingerprint authentication
CN105656893B (en) The method for realizing hospital's film-free by directly acquiring medical imaging data
WO2016045189A1 (en) Data reading/writing method of dual-system terminal and dual-system terminal
KR100826522B1 (en) Apparatus and method for dynamic ciphering in mobile communication system
EP2475194A1 (en) Service access method, system and device based on wlan access authentication
KR100947119B1 (en) Verification method, method and terminal for certificate management
CN112202779A (en) Block chain based information encryption method, device, equipment and medium
CA3002735C (en) Secure transmission
CN113918970A (en) Data processing method, communication device and storage medium
WO2020255575A1 (en) Encryption key generation device and encryption key generation method
CN110955909B (en) Personal data protection method and block link point
CN113613040A (en) Video file encryption method, decryption method and key management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211105

RJ01 Rejection of invention patent application after publication