CN114928756A - Video data protection, encryption and verification method, system and equipment - Google Patents
Video data protection, encryption and verification method, system and equipment Download PDFInfo
- Publication number
- CN114928756A CN114928756A CN202210589634.XA CN202210589634A CN114928756A CN 114928756 A CN114928756 A CN 114928756A CN 202210589634 A CN202210589634 A CN 202210589634A CN 114928756 A CN114928756 A CN 114928756A
- Authority
- CN
- China
- Prior art keywords
- key
- video frame
- authentication code
- message authentication
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 104
- 238000012795 verification Methods 0.000 title claims abstract description 44
- 230000004044 response Effects 0.000 claims abstract description 35
- 238000004422 calculation algorithm Methods 0.000 claims description 40
- 238000009795 derivation Methods 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 20
- 238000004458 analytical method Methods 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 abstract description 32
- 238000013524 data verification Methods 0.000 abstract description 9
- 230000009286 beneficial effect Effects 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 13
- 238000004364 calculation method Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a method, a system and equipment for protecting, encrypting and verifying video data. The video data protection method comprises the following steps: the method comprises the steps that acquisition equipment generates a first secret key, a plaintext video frame is encrypted by the first secret key to obtain a ciphertext video frame, a first message authentication code is generated based on the first secret key and the ciphertext video frame, and the ciphertext video frame and the first message authentication code are spliced to generate a first safe video frame; the receiving equipment receives the first key and the first safe video frame from the acquisition equipment, analyzes the first safe video frame, and generates a second message authentication code based on the ciphertext video frame and the first key; the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code. By the mode, the method and the device are beneficial to safe transmission of the video data, and can also improve the performance of video data verification, so that the integrity and the reliability of the video data are guaranteed.
Description
Technical Field
The present invention relates to the field of video data transmission technologies, and in particular, to a video data protection method, a video data encryption method, a video data verification method, a video data transmission system, an electronic device, and a computer-readable storage medium.
Background
With the rapid development of technologies such as mobile internet, 5G and the like, the occupation ratio of video transmission in network traffic is seven, and the occupation ratio has a trend of further improvement. Video data may contain a large amount of sensitive information belonging to organs, enterprises, public institutions, and the like, and thus, the need for preventing leakage and tampering of video data is increasing.
However, in the existing video data transmission method, due to the unreasonable design of the verification process, the confidentiality and integrity of the media stream of the video data are poor, the encryption and decryption performance of the verification process is poor, the overall performance of the video transmission system is affected, and high implementation cost is required.
Disclosure of Invention
In view of the above, the technical problem mainly solved by the present invention is to provide a video data protection method, a video data encryption method, a video data verification method, a video data transmission system, an electronic device, and a computer-readable storage medium, which can safely transmit video data and improve the video data verification performance, so as to be beneficial to ensuring the integrity and reliability of video data.
In order to solve the technical problems, the invention adopts a technical scheme that: there is provided a method of protecting video data, the method comprising: the acquisition equipment generates a first secret key; the acquisition equipment encrypts the plaintext video frame by using the first key to obtain a ciphertext video frame; the acquisition equipment generates a first message authentication code based on the first secret key and the ciphertext video frame, and splices the ciphertext video frame and the first message authentication code to generate a first safe video frame; the receiving equipment receives the first secret key and the first safe video frame from the acquisition equipment, and analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code; the receiving equipment generates a second message authentication code based on the ciphertext video frame and the first key; the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the match.
In an embodiment of the present invention, generating the first message authentication code based on the first key and the ciphertext video frame includes: acquiring an acquisition equipment identifier by acquisition equipment; and the acquisition equipment performs abstract algorithm processing on the first secret key, the acquisition equipment identifier and the ciphertext video frame to generate a first message authentication code.
In an embodiment of the present invention, generating the second message authentication code based on the ciphertext video frame and the first key comprises: the receiving equipment acquires an acquisition equipment identifier; the receiving equipment performs summary algorithm processing on the ciphertext video frame, the acquisition equipment identifier and the first secret key to generate a second message authentication code; wherein the digest algorithm utilized to generate the second message authentication code matches the digest algorithm utilized to generate the first message authentication code.
In an embodiment of the present invention, the acquiring, by the receiving device, the identifier of the collecting device includes: the acquisition equipment splices the acquisition equipment identification, the ciphertext video frame and the first message authentication code to generate a first safe video frame; and the receiving equipment receives and analyzes the first safe video frame to obtain the acquisition equipment identification.
In an embodiment of the invention, the receiving device receiving the first key and the first secure video frame from the capturing device comprises: the acquisition equipment transmits a first secret key to the receiving equipment; the capture device transmits a first secure video frame to the receiving device.
In an embodiment of the invention, the first key is a true random number.
In an embodiment of the present invention, determining that the verification passes includes: the receiving equipment encrypts the first key to obtain a key parameter combination; and the receiving equipment splices the key parameter combination with the first safe video frame to generate and store a second safe video frame.
In an embodiment of the present invention, the encrypting the first key to obtain the key parameter combination includes: the receiving equipment acquires a second key generated by the self storage or management equipment and a key identification of the second key; the key identification of the second key is used for identifying the second key; the receiving equipment encrypts the first key by using the second key to generate a first key ciphertext; and the receiving equipment splices the first key ciphertext and the key identifier of the second key to generate a key parameter combination.
In an embodiment of the present invention, the second secure video frame is formed by splicing a key parameter combination, a capture device identifier, a first message authentication code, and a ciphertext video frame; the method further comprises the following steps: the receiving device analyzes the second secure video frame; the receiving equipment acquires a second key based on the key identification of the second key obtained by analysis; the receiving equipment decrypts the first key ciphertext by using the second key to obtain a first key; the receiving equipment generates a third message authentication code by using the first key obtained by decryption and the acquisition equipment identifier and the ciphertext video frame obtained by analysis; the receiving equipment compares the third message authentication code with the first message authentication code obtained by analysis, and judges that the verification is passed in response to the matching of the third message authentication code and the first message authentication code.
In an embodiment of the present invention, the derivation device requests to acquire a third secure video frame, and the reception device encrypts the first key using the derivation key to generate a second key ciphertext; the receiving equipment replaces the key parameter combination in the second secure video frame with a second key ciphertext to generate a third secure video frame; the derivation equipment responds to the received derivation key and decrypts a second key ciphertext in the third secure video frame to obtain a first key; generating a fourth message authentication code based on the first key and the ciphertext video frame; the derivation device compares the fourth message authentication code with the first message authentication code, and judges that the verification is passed in response to a match between the fourth message authentication code and the first message authentication code.
In an embodiment of the present invention, in response to the verification passing, the ciphertext video frame is decrypted; wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided a method of protecting video data, the method comprising: the receiving device generates a third key; encrypting the plaintext video frame by using a third key to obtain a ciphertext video frame; the method comprises the following steps that a plaintext video frame is obtained from a collecting device; generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth safe video frame, acquiring a third key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
In an embodiment of the present invention, generating the fifth message authentication code based on the third key and the ciphertext video frame includes: the receiving equipment acquires an acquisition equipment identifier; and performing abstract algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a fifth message authentication code.
In an embodiment of the present invention, the generating the sixth message authentication code by using the ciphertext video frame and the third key includes: acquiring an acquisition equipment identifier; and performing digest algorithm processing on the third secret key, the acquisition equipment identifier and the ciphertext video frame to generate a sixth message authentication code.
In an embodiment of the present invention, the generating the fourth secure video frame by splicing the ciphertext video frame and the fifth message authentication code includes: the receiving equipment acquires an acquisition equipment identifier, and acquires a fourth key generated by the receiving equipment or the self storage or management equipment and a key identifier of the fourth key; the key identification of the fourth key is used for identifying the fourth key and the source of the fourth key; encrypting the third key by using the fourth key to generate a third key ciphertext; and splicing the key identification of the fourth key, the third key ciphertext, the acquisition equipment identification, the fifth message authentication code and the ciphertext video frame to generate a fourth safe video frame.
In an embodiment of the present invention, obtaining the third key generated by the receiving device itself includes: parsing the fourth secure video frame; acquiring a fourth key based on the key identification of the fourth key obtained by analysis; and decrypting the third key ciphertext by using the fourth key to obtain a third key.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided an encryption method of video data, the encryption method of video data comprising: generating a first key; encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame; generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame; the first key and the first secure video frame are transmitted to the receiving device.
In order to solve the technical problem, the invention adopts another technical scheme that: provided is a video data verification method, including: receiving a first key and a first safe video frame from the acquisition equipment, and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code; generating a second message authentication code by using the ciphertext video frame and the first key; and comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided a transmission system of video data, including: the device comprises acquisition equipment and receiving equipment; the acquisition equipment is used for generating a first key; encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame; generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame; transmitting a first key and a first secure video frame to a receiving device; the receiving equipment is in communication connection with the acquisition equipment and is used for receiving the first key and the first safe video frame from the acquisition equipment and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code; generating a second message authentication code by using the ciphertext video frame and the first key; comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code; or, generating a third key; encrypting the plaintext video frame by using a third key to obtain a ciphertext video frame; the method comprises the following steps that a plaintext video frame is obtained from a collecting device; generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth safe video frame, acquiring a third key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided an electronic device comprising a processor, the processor being configured to execute instructions to implement the method for protecting video data in any of the above embodiments, or the method for encrypting video data in any of the above embodiments, or the method for verifying video data in any of the above embodiments.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided a computer readable storage medium for storing instructions/program data executable to implement the method of protecting video data as in any one of the embodiments above, or the method of encrypting video data as in any one of the embodiments above, or the method of verifying video data as in any one of the embodiments above.
The beneficial effects of the invention are: the method is characterized in that the acquisition equipment and the receiving equipment verify the video data by using the message authentication code, the acquisition equipment generates a first message authentication code based on a ciphertext video frame and a first key, the receiving equipment generates a second message authentication code based on the ciphertext video frame and the first key acquired from the acquisition equipment, and the first message authentication code and the second message authentication code are compared to check whether the video data is falsified, namely, check the integrity and the reliability of the video data, so that the video data is transmitted safely, the video data checking performance is improved, and the integrity and the reliability of the video data are favorably realized. Meanwhile, the receiving device is used for generating a first key of the second message authentication code, and the first key is sent to the receiving device by the acquisition device, in other words, the first key is transmitted through communication between the acquisition device and the receiving device, so that the risk that the first key is decoded or tampered is reduced, and the reliability of the first key is improved, thereby being beneficial to safe transmission of video data, improving the performance of video data verification, and further being beneficial to ensuring the integrity and reliability of the video data.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. Moreover, the drawings and the description are not intended to limit the scope of the inventive concept in any way, but rather to illustrate it by those skilled in the art with reference to specific embodiments.
Fig. 1 is a flowchart illustrating a first embodiment of a method for protecting video data according to the present invention;
fig. 2 is a flowchart illustrating a second embodiment of the method for protecting video data according to the present invention;
FIG. 3 is a block diagram of a first embodiment of a secure video frame;
FIG. 4 is a block diagram of a second embodiment of a secure video frame;
FIG. 5 is a block diagram of a third embodiment of a secure video frame according to the present invention;
FIG. 6 is a flowchart illustrating an embodiment of a method for encrypting video data according to the present invention;
FIG. 7 is a flowchart illustrating a method for verifying video data according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating a video data protection method according to a third embodiment of the present invention;
FIG. 9 is a block diagram of a fourth embodiment of a secure video frame;
fig. 10 is a schematic structural diagram of a first embodiment of a video data transmission system according to the present invention;
fig. 11 is a schematic structural diagram of a second embodiment of the video data transmission system of the present invention;
FIG. 12 is a schematic diagram of an embodiment of an electronic device;
FIG. 13 is a schematic structural diagram of an embodiment of a computer-readable storage medium of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
In order to solve the technical problem of unreasonable design of the verification process during video data transmission in the prior art, the invention provides a video data protection method, which comprises the following steps: the acquisition equipment generates a first secret key; the acquisition equipment encrypts the plaintext video frame by using the first key to obtain a ciphertext video frame; the collecting equipment splices the ciphertext video frame and the first message authentication code to generate a first safe video frame for transmission; the first message authentication code is generated based on the first secret key and the ciphertext video frame; the receiving equipment receives and analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code, and requests acquisition of a first secret key from the acquisition equipment; the receiving device generates a second message authentication code based on the ciphertext video frame and the first key in response to receiving the first key; the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code. As will be described in detail below.
Referring to fig. 1, fig. 1 is a flowchart illustrating a video data protection method according to a first embodiment of the present invention. It should be noted that the method for protecting video data set forth in this embodiment is not limited to the following steps:
s101: the acquisition device generates a first key.
In this embodiment, after acquiring a plaintext video frame, the acquisition device generates the first key by itself, so that redundant steps of acquiring the first key from a third-party device are reduced, and meanwhile, the risk of tampering the acquired first key can be reduced.
S102: the acquisition equipment encrypts the plaintext video frame by using the first key to obtain the ciphertext video frame.
In this embodiment, the acquisition device encrypts the plaintext video frame by using the first key generated by the acquisition device to obtain the ciphertext video frame, so that the security of the video data is improved, and the decoding complexity of an attacker is increased.
S103: the acquisition equipment generates a first message authentication code based on the first secret key and the ciphertext video frame, and splices the ciphertext video frame and the first message authentication code to generate a first safe video frame.
In this embodiment, the acquisition device may obtain the first message authentication code using the first key and the ciphertext video frame as calculation parameters, that is, the first message authentication code is generated based on the first key and the ciphertext video frame, and the first message authentication code may be used to check integrity and reliability of the video data, in other words, to check whether the video data is tampered, and also to check whether the video data is a false message or a forged message.
After the acquisition equipment obtains the first message authentication code, the ciphertext video frame is spliced with the first message authentication code to generate a first safe video frame. The first secure video frame is used for transmission and is transmitted by the capture device to the receiving device.
S104: the receiving device receives the first key and the first safe video frame from the collecting device, and analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code.
In this embodiment, a receiving device receives a first key and a first secure video frame transmitted by a capturing device; the first key is used for generating the first message authentication code, and the receiving device acquires the first key by the collecting device alone. In other words, the transmission instant and/or transmission manner of the first key may be different from the transmission instant and/or transmission manner of the first secure video frame. And the receiving equipment analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code which are included in the first safe video frame.
S105: the receiving device generates a second message authentication code based on the ciphertext video frame and the first key.
In this embodiment, in response to acquiring the first key and the ciphertext video frame, the receiving device may be capable of generating a second message authentication code based on the ciphertext video frame and the first key; the ciphertext video frame is obtained by analyzing the first safety video frame, and the first key is obtained by the receiving equipment from the collecting equipment. Because the first secret key is generated by the acquisition equipment and transmitted to the receiving equipment by the acquisition equipment, the risk that the first secret key is tampered can be reduced, and the security of acquiring the first secret key is improved.
S106: the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
In this embodiment, after generating the second message authentication code, the receiving device may compare the second message authentication code with the parsed first message authentication code, determine whether the first message authentication code matches the second message authentication code, and when the first message authentication code does not match the second message authentication code, consider that the received first secure video frame is tampered or forged, and do not decrypt the parsed ciphertext video frame. And in response to the first message authentication code being matched with the second message authentication code, judging that the verification is passed and considering that the first safe video frame is sent by the acquisition equipment. Compared with the traditional signature mechanism based on the asymmetric algorithm, the time consumption for generating the first message authentication code and the second message authentication code for verification is less, and the video delay can be greatly reduced under the same hardware capability, so that the overall performance of the video data protection method is improved.
If the first message authentication code is generated by the capture device, the first secure video frame is considered to be forged or tampered when the first message authentication code is not matched with the second message authentication code and the ciphertext video frame generated by the second message authentication code is different from the ciphertext video frame generated by the first message authentication code. Similarly, when the first message authentication code is matched with the second message authentication code, the ciphertext video frame used for generating the second message authentication code is matched with the ciphertext video frame used for generating the first message authentication code, and the first security video frame is considered to be transmitted by the acquisition equipment, so that the integrity of the first security video frame is verified.
Therefore, the integrity and reliability of the first secure video frame can be verified based on the first message authentication code and the second message authentication code, the first key used by the second message authentication code generated by the receiving equipment is directly sent to the receiving equipment by the collecting equipment, the risk that the first key is forged or tampered can be further reduced, the secure transmission of video data is facilitated, the video data verification performance can be improved, and the integrity and reliability of the video data are further facilitated to be guaranteed.
Referring to fig. 2 to 5, fig. 2 is a flowchart illustrating a video data protection method according to a second embodiment of the present invention, fig. 3 is a schematic structural diagram illustrating a first secure video frame according to an embodiment of the present invention, fig. 4 is a schematic structural diagram illustrating a second secure video frame according to an embodiment of the present invention, and fig. 5 is a schematic structural diagram illustrating a third secure video frame according to an embodiment of the present invention. It should be noted that the method for protecting video data set forth in this embodiment is not limited to the following steps:
s201: the acquisition device generates a first key.
In this embodiment, the generation of the first key by the acquisition device is the same as that in step S101 in the foregoing embodiment, and is not described herein again. Further, the first key is a true random number, so that the first key is not guessable, to reduce the risk of the first key being forged.
S202: the acquisition equipment encrypts the plaintext video frame by using the first key to obtain the ciphertext video frame.
In this embodiment, the acquiring device encrypts the plaintext video frame by using the first key, and the obtained ciphertext video frame is the same as that in step S102 in the foregoing embodiment, which is not described herein again.
Furthermore, when the first key is a true random number, the first key is used for encrypting the plaintext video frame, so that the security of the encryption process of encrypting the plaintext video frame by the first key can be improved, the difficulty of decoding the ciphertext video frame is improved, the security of the ciphertext video frame is improved, and the confidentiality protection of the video is realized.
Optionally, when the first key encrypts the plaintext video frame generated by the acquisition device to obtain the ciphertext video frame, the plaintext video frame may be encrypted by using a symmetric algorithm, so as to reduce the cost of the algorithm. For example, the symmetric algorithm SM1, the symmetric algorithm SM4, the symmetric algorithm AES256, etc., are not limited herein.
S203: the capture device generates a first secure video frame.
In this embodiment, the step S103 of generating the first secure video frame by the capturing device is the same as that in the above embodiment, and is not repeated here.
Optionally, the capture device may stitch the ciphertext video frame with the first message authentication code to generate a first secure video frame, and transmit the first secure video frame and the first key to the receiving device.
For example, as shown in fig. 2, the acquiring device transmits the first key to the receiving device, and then the acquiring device transmits the first secure video frame to the receiving device, that is, the acquiring device transmits the first key to the receiving device before transmitting the first secure video frame to the receiving device, so that the receiving device can check the first key in time after receiving the first secure video frame, without further waiting for the acquiring device to send the first key, thereby facilitating to improve checking efficiency. It should be noted that, in this embodiment, it is only required to ensure that the acquiring device transmits the first key to the receiving device first, and then transmits the first secure video frame, and the transmission time of the first key is only illustrated in fig. 2. In an alternative embodiment, the capture device may transmit the first key to the receiving device after encrypting the plaintext video frames with the first key; or, the acquiring device generates the first key and then transmits the first key to the receiving device, which is not limited herein.
Furthermore, the acquisition device can also obtain an acquisition device identifier, and the acquisition device identifier is used for identifying the acquisition device so as to facilitate tracing the source of the video data. The acquisition device identifier may be acquired before step S201, between step S201 and step S202, or between step S202 and step S203, which is not limited herein.
The acquisition equipment splices the acquisition equipment identifier, the ciphertext video frame and the first message authentication code to obtain a first safety video frame (as shown in fig. 3), so that integrity and reliability of the video data can be verified based on the first message authentication code, the first safety video frame can be traced based on the acquisition equipment identifier, and confidentiality of the video data can be ensured based on the ciphertext video frame.
The first message authentication code may also include information related to the capturing device identifier, i.e., the first message authentication code may be generated based on the capturing device identifier, the first key and the ciphertext video frame, so as to further increase the complexity of the first message authentication code, thereby increasing the reliability of the verification result of the first security video frame. Optionally, the generating the first message authentication code may be a digest algorithm processing on the capture device identifier, the first key, and the ciphertext video frame, for example, the digest algorithm SM3 and the digest algorithm SHA256, which is not limited herein. And abstracting the first secret key, the acquisition equipment identifier and the ciphertext video frame by using an abstraction algorithm to generate a first message authentication code as integrity check data.
S204: the receiving device parses the first secure video frame.
In this embodiment, the receiving device receives and parses the first secure video frame, and the request for the first key from the collecting device is the same as step S104 in the above embodiment, which is not repeated herein.
Further, when the first secure video frame includes the acquisition device identifier, the ciphertext video frame, the first message authentication code and the acquisition device identifier can be obtained when the first secure video frame is analyzed.
S205: the receiving device generates a second message authentication code based on the ciphertext video frame and the first key.
In this embodiment, the step S205 of generating the second message authentication code by the receiving device in response to receiving the first key based on the ciphertext video frame and the first key is the same as that in the above embodiment, and is not repeated here.
Further, in response to the first message authentication code being generated based on the capture device identifier, the first key, and the ciphertext video frame, the receiving device may also be capable of obtaining the capture device identifier from the capture device; optionally, the capturing device may send the captured video frame to the receiving device, or the captured video frame may be obtained by parsing the first secure video frame in step S204, which is not limited herein, and the following description illustrates that the receiving device obtains the capturing device identifier by parsing the first secure video frame.
The receiving equipment can perform digest algorithm processing on the ciphertext video frame, the acquisition equipment identifier and the first key to generate a second message authentication code so as to verify the first safe video frame by using the second message authentication code; the ciphertext video frame and the acquisition equipment identifier are acquired by analyzing the first safe video frame by the receiving equipment, and the first key is transmitted to the receiving equipment by the acquisition equipment.
Wherein the manner in which the second message authentication code is generated should match the manner in which the first message authentication code is generated; for example, when the first message authentication code is generated by performing digest algorithm processing on the capture device identifier, the first key, and the ciphertext video frame, the second message authentication code should also be generated by performing digest algorithm processing on the capture device identifier, the first key, and the ciphertext video frame, and the digest algorithm used for generating the second message authentication code should match with the digest algorithm used for generating the first message authentication code, so as to ensure that the first message authentication code matches with the second message authentication code when the first secure video frame is authentic and has not been tampered with.
S206: the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
In this embodiment, the receiving device compares the first message authentication code with the second message authentication code, and determines that the verification is passed in response to a match between the first message authentication code and the second message authentication code, which is the same as step S106 in the above embodiment and is not described herein again.
Further, in response to determining that the check passes, the receiving device allows for receipt of the first secure video frame, and the ciphertext video frame may be decrypted using the first key to allow the receiving device to retrieve the plaintext video frame and play. Wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames. The receiving device can also trace the source of the video data according to the identification of the acquisition device.
The receiving device may further store the plaintext video frame, and in order to ensure the security, confidentiality and reliability of the plaintext video frame, the first secure video frame may be further processed before the reel is dropped, in other words, the plaintext video frame may be stored after being processed, so as to ensure the confidentiality of the video data, which is described in the following by way of example.
S207: and the receiving equipment encrypts the first key to obtain a key parameter combination.
In this embodiment, when the receiving device ensures the security of video data storage, the receiving device may further perform encryption processing on the first key to obtain a key parameter combination, thereby reducing the risk of acquiring and deciphering the first key and increasing the complexity of the first key.
Optionally, the receiving device obtains the second key and a key identifier of the second key, where the second key and the key identifier of the second key may be stored by the receiving device itself or generated by the management device. As the name implies, the key identification of the second key is used to identify the second key and the source of the second key in order to retrieve the second key again.
The key parameter combination may include a first key ciphertext and a key identification of a second key. Specifically, the receiving device encrypts the first key by using the second key to generate a first key ciphertext, and may splice the first key ciphertext and the key identifier of the second key to generate a key parameter combination, so as to improve the confidentiality of the first key.
S208: and the receiving equipment splices the key parameter combination with the first safe video frame to generate a second safe video frame for storage.
In this embodiment, after generating the key parameter combination, the receiving device may splice the key parameter combination with the first secure video frame to generate a second secure video frame for storage by the receiving device.
For example, the key parameter combination may be spliced to the header of the first secure video frame to generate a second secure video frame (as shown in fig. 4), which is not limited herein. Specifically, when the key parameter combination includes a first key ciphertext and a key identifier of a second key, the second secure video frame is obtained by splicing the first key ciphertext, the key identifier of the second key, the acquisition device identifier, the first message authentication code, and the ciphertext video frame.
For example, the second key is generated by the management device, in the process that the receiving device stores the second secure video frame, the management device may generate a new second key and a key identifier of the second key, encrypt the first key by using the second key to obtain a new key parameter combination, replace the key parameter combination existing in the second secure video frame with the newly generated key parameter combination, and store and record each second key and the key identifier thereof by using the management device, so that the second secure video frame can be continuously updated when the second secure video frame is stored for a long time, the difficulty of attacking the second secure video frame is further improved, and the confidentiality of the second secure video frame is improved.
When the receiving device needs to use the second secure video frame, the second secure video frame may be checked to identify whether the second secure video frame has been tampered with or forged. As exemplified below.
S209: the receiving device parses the second secure video frame.
In this embodiment, when the receiving device needs to invoke the second secure video frame, the receiving device may parse the second secure video frame to obtain a key parameter combination (a key identifier of the first key ciphertext and the second key), an acquisition device identifier, a first message authentication code, and a ciphertext video frame.
S210: and the receiving equipment acquires the second key based on the key identification of the second key obtained by analysis.
In this embodiment, the receiving device obtains the corresponding second key from the generator of the second key based on the key identifier of the second key obtained through analysis. For example, when the second key is generated by the management device, the receiving device sends a request to the management device to obtain a matching second key when the key identifier of the second key is obtained through parsing.
S211: and the receiving equipment decrypts the first key ciphertext by using the second key to obtain the first key.
In this embodiment, the receiving device, in response to receiving the second key sent by the management device, decrypts the first key ciphertext with the second key to restore to obtain the first key, and meanwhile, can check whether the key parameter combination is tampered or forged, and further check whether the second secure video frame is tampered or forged. If the management device does not find a matching second key or the sent second key cannot decrypt the first key ciphertext, it may be considered that the second secure video frame has been tampered or forged.
S212: the receiving device generates a third message authentication code.
In this embodiment, after obtaining the first key, the receiving device can generate the third message authentication code by using the first key, the collecting device identifier, and the ciphertext video frame. The first key is obtained by decrypting the first key ciphertext, and the acquisition device identifier and the ciphertext video frame may be obtained in step S209, so that the second secure video frame may be verified based on the confidentiality, reliability, integrity of the video data and the acquisition device.
S213: the receiving equipment compares the third message authentication code with the first message authentication code, and judges that the verification is passed in response to the match between the third message authentication code and the first message authentication code.
In this embodiment, after the receiving device generates the third message authentication code, the first message authentication code obtained by parsing is compared with the third message authentication code, and in response to the match between the first message authentication code and the third message authentication code, if it is determined that the second secure video frame is not tampered and is not forged, it is determined that the verification is passed, and the ciphertext video frame is allowed to be decrypted by using the first key to obtain the plaintext video frame. Wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
In this embodiment, the receiving device is also allowed to export the video data to a third-party device for use, and the video data can be further processed to ensure the security of the export process; the third-party device, i.e. the exporting device in this embodiment, will exemplify the process of exporting the video data.
S214: the exporting device requests to acquire a third secure video frame.
In this embodiment, the exporting device may request the receiving device to acquire a third secure video frame, where the third secure video frame is generated after the receiving device processes the video data, and the third secure video frame is used for exporting from the receiving device to the exporting device.
S215: the receiving device encrypts the first key by using the derived key to generate a second key ciphertext.
In this embodiment, before exporting the video data, the receiving device may encrypt the first key with the derived key to generate a second key ciphertext, so as to reduce the risk of acquiring and deciphering the first key, and increase the complexity of the first key. The derived key may be set by a user at the time of derivation, generated by a special secure derived storage device, and the like, and is not limited herein.
S216: and the receiving equipment replaces the key parameter combination in the second secure video frame with a second key ciphertext to generate a third secure video frame.
In this embodiment, after generating the second key ciphertext, the receiving device may replace the key parameter combination in the second secure video frame with the second key ciphertext to generate a third secure video frame (as shown in fig. 5), and may send the third secure video frame to the derivation device, so as to reduce processes of encryption, calculation, and the like when generating the third secure video frame, so that the fast and secure derivation of the video data may be implemented only by replacing the key parameter combination in the second secure video frame, and without re-decrypting and encrypting the entire video data.
S217: and the derivation equipment responds to the received derivation secret key, decrypts the second secret key cryptograph in the third safe video frame to obtain the first secret key, and generates a fourth message authentication code.
In this embodiment, after receiving the third secure video frame, the derivation device may parse the third secure video frame to obtain the second key ciphertext, the acquisition device identifier, the first message authentication code, and the ciphertext video frame.
The derivation device is further capable of receiving a derivation key input by a user, decrypting the second key ciphertext with the derivation key in response to receiving the derivation key to obtain the first key, and generating a third secure video frame based on the first key, the capture device identifier, and the ciphertext video frame so that the third secure video frame can be verified with the fourth message authentication code.
In an alternative embodiment, when the first message authentication code is generated based on the first key and the ciphertext video frame, the fourth message authentication code should be generated based on the first key and the ciphertext video frame as well, so that the fourth message authentication code can match the first message authentication code when the third secure video frame has not been tampered with.
S218: the derivation device compares the fourth message authentication code with the first message authentication code, and judges that the verification is passed in response to a match between the fourth message authentication code and the first message authentication code.
In an embodiment, after generating the fourth message authentication code, the derivation device compares the fourth message authentication code with the first message authentication code obtained by parsing the third secure video frame, and in response to that the fourth message authentication code matches with the first message authentication code, if it can be considered that the third secure video frame is not tampered and is not forged, it is determined that the verification is passed, and the ciphertext video frame is allowed to be decrypted by using the first key to obtain the plaintext video frame, so that the derivation device can use the plaintext video frame. Wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
Therefore, in the embodiment, the video data can be safely transmitted, safely stored, safely exported and traced without high implementation cost. It should be noted that the above embodiment is an example for fully explaining the video data protection method of the present invention, and in an alternative embodiment, steps S201 to S206 may be used as separate embodiments for implementing secure transmission of video data; in yet another alternative embodiment, the steps S201 to S213 may be used as separate embodiments to implement the secure transmission and the secure storage of the video data, and it can be seen that the secure transmission and the secure storage of the video data do not need to be completely bound, and the secure transmission of the video data may be enabled separately, and the secure storage of the video data may also be enabled separately (described later), so as to implement the weak binding of the secure transmission and the secure storage of the video data, and increase the flexibility of the use of the protection method for the video data of the present invention.
Referring to fig. 6, fig. 6 is a flowchart illustrating a video data encryption method according to an embodiment of the present invention. It should be noted that the encryption method for video data set forth in this embodiment is not limited to the following steps:
s301: a first key is generated.
S302: and encrypting the plaintext video frame by using the first key to obtain the ciphertext video frame.
S303: and generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame.
The execution main body of the embodiment is acquisition equipment; wherein, step S301 in this embodiment is the same as steps S101 and S201 in the above embodiment; step S302 in the present embodiment is the same as steps S102, S202 in the above embodiment; step S303 in this embodiment is the same as steps S103 and S203 in the above embodiments, and is not described herein again.
Referring to fig. 7, fig. 7 is a flowchart illustrating a video data verification method according to an embodiment of the invention. It should be noted that the method for verifying video data set forth in this embodiment is not limited to the following steps:
s401: and receiving a first key and a first safe video frame from the acquisition equipment, and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code.
S402: and generating a second message authentication code based on the ciphertext video frame and the first key.
S403: and comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
The execution subject of the embodiment is a receiving device; wherein, step S401 in this embodiment is the same as steps S104 and S204 in the above embodiment; step S302 in the present embodiment is the same as steps S105, S205 in the above embodiment; step S403 in this embodiment is the same as steps S106 and S206 in the above embodiments, and is not described herein again.
The following describes in detail embodiments of the present invention in which secure storage of video data is enabled solely. Referring to fig. 8, fig. 8 is a flowchart illustrating a video data protection method according to a third embodiment of the present invention. It should be noted that the protection method for video data set forth in this embodiment is not limited to the following steps:
s501: the receiving device generates a third key.
In this embodiment, in order to implement secure storage of video data, the receiving device generates the third key by itself before the video data is landed, so that a redundant step of acquiring the third key from a third-party device is reduced, and meanwhile, the risk of tampering the acquired third key can also be reduced.
S502: and encrypting the plaintext video frame by using the third key to obtain the ciphertext video frame.
In this embodiment, the receiving device encrypts the plaintext video frame by using the third key generated by the receiving device to obtain a ciphertext video frame; the plaintext video frame is acquired by the receiving device from the acquisition device. The third key is used for encryption processing, so that the complexity and the safety of video data can be improved, and the decoding complexity of an attacker can be increased.
S503: and generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame.
In this embodiment, the receiving device may obtain a fifth message authentication code using the third key and the ciphertext video frame as calculation parameters, that is, the fifth message authentication code is generated based on the third key and the ciphertext video frame, and the fifth message authentication code may be used to check confidentiality, integrity, and reliability of the video data, in other words, to check whether the video data is tampered, and also to check whether the video data is a false message or a forged message.
And after the receiving equipment obtains the fifth message authentication code, splicing the ciphertext video frame with the fifth message authentication code to generate a fourth safe video frame. The fourth secure video frame is for storage by the receiving device.
S504: and responding to the calling of the fourth safe video frame, acquiring a third secret key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code.
In this embodiment, after the receiving device calls the fourth secure video frame, the fourth secure video frame is analyzed to obtain a ciphertext video frame and a fifth message authentication code included in the fourth secure video frame. At the same time, the receiving device queries for a third key used in generating the fifth authenticator.
S505: and generating a sixth message authentication code by using the ciphertext video frame and the third key.
In this embodiment, in response to acquiring the third key and the ciphertext video frame, the receiving device may generate a sixth message authentication code based on the ciphertext video frame and the third key; and the ciphertext video frame is obtained by analyzing the fourth safety video frame. Because the third key is generated by the receiving device and acquired again, the risk of tampering the third key can be reduced, and the security of acquiring the third key is improved.
S506: and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
In this embodiment, after generating the sixth message authentication code, the receiving device may compare the sixth message authentication code with the parsed fifth message authentication code, determine whether the fifth message authentication code matches the sixth message authentication code, and when the fifth message authentication code does not match the sixth message authentication code, consider that the stored fourth secure video frame is tampered or forged, and do not decrypt the parsed ciphertext video frame. And in response to the fifth message authentication code being matched with the sixth message authentication code, judging that the verification is passed, and considering that the fourth secure video frame is generated and stored by the receiving equipment. Compared with the traditional signature mechanism based on the asymmetric algorithm, the time consumption for generating the fifth message authentication code and the sixth message authentication code for verification is less, and the video delay can be greatly reduced under the same hardware capability, so that the overall performance of the video data protection method is improved.
Furthermore, the fourth secure video frame of the present invention may incorporate the identifier of the capture device, so that it is possible to verify whether the capture devices for the plaintext video frames are consistent during the verification process, and further trace the source of the plaintext video frames protected in the fourth secure video frame. Referring to fig. 8 and 9 in combination, fig. 9 is a schematic structural diagram of a fourth secure video frame according to an embodiment of the present invention.
In this embodiment, the receiving device obtains the plaintext video frames from the capture device, and in order to improve the reliability of the storage process, the plaintext video frames may be encrypted and protected before the video data (the plaintext video frames) is landed.
Specifically, the receiving device generates a third key, and encrypts the plaintext video frame using the third key to obtain the ciphertext video frame.
The receiving device also obtains a capture device identification, wherein the capture device identification is used for identifying the capture device that captures the plaintext video frames. And performing abstract algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a fifth message authentication code, so that when the message authentication code is used for verifying the video data, the acquisition equipment information can be fused, and the video data verification performance can be improved.
The receiving equipment acquires a fourth key generated by the self storage or management equipment and a key identifier of the fourth key; the key identifier of the fourth key is used for identifying the fourth key and the source of the fourth key. And the fourth key is used for encrypting the third key to generate a third key ciphertext, so that the risk of acquiring and decoding the third key is reduced, and the complexity of the third key is increased.
And splicing the key identifier of the fourth key, the third key ciphertext, the acquisition device identifier, the fifth message authentication code and the ciphertext video frame to generate and store a fourth secure video frame (as shown in fig. 9), and tracing the plaintext video frame by splicing the acquisition device identifier of the fourth secure video frame. For example, the third key is generated by the management device, in the process that the receiving device stores the fourth secure video frame, the management device may generate a new fourth key and a key identifier of the fourth key, encrypt the third key with the fourth key to obtain a new third key ciphertext, replace the third key ciphertext existing in the fourth secure video frame with the newly generated third key ciphertext, and the management device may store and record each fourth key and the key identifier thereof, so that the fourth secure video frame may be continuously updated when the fourth secure video frame is stored for a long time, thereby further improving the difficulty of attacking the fourth secure video frame and improving the confidentiality of the fourth secure video frame.
And when the receiving equipment needs to call the stored fourth secure video frame and read the plaintext video frame in the fourth secure video frame, analyzing the fourth secure video frame to obtain the key identifier of the fourth key, the ciphertext of the third key, the identifier of the acquisition equipment, the authentication code of the fifth message and the ciphertext video frame.
And acquiring a fourth key based on the key identification of the fourth key, and decrypting the third key ciphertext by using the fourth key to obtain a third key. For example, when the fourth key is generated by the management device, the receiving device sends a request to the management device to obtain a matching fourth key when parsing the fourth secure video frame to obtain the key identifier of the fourth key.
Performing digest algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a sixth message authentication code; the third key may be obtained by decrypting a third key ciphertext, and the acquisition device identifier and the ciphertext video frame may be obtained by parsing the fourth secure video frame.
And comparing the fifth message authentication code obtained by analyzing the fourth secure video frame with the sixth message authentication code, and judging that the verification is passed if the fourth secure video frame is not falsified and not forged in response to the matching of the fifth message authentication code and the sixth message authentication code, and allowing the third key to be used for decrypting the ciphertext video frame to obtain the plaintext video frame.
Of course, when the video data security storage is separately enabled, a security video frame for derivation may also be generated based on the fourth security video frame, and the specific implementation is similar to the implementation that the second security video frame is used to generate the third security video frame, which is not described herein again.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a video data transmission system according to a first embodiment of the invention.
In one embodiment, the transmission system of video data includes a capture device 11 and a receiving device 12; the acquisition device 11 is configured to generate a first key, and encrypt the plaintext video frame using the first key to obtain a ciphertext video frame; splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame for transmission; wherein the first message authentication code is used for generating based on the first key and the ciphertext video frame.
The receiving device 12 is in communication connection with the acquiring device 11, and is configured to receive and analyze the first secure video frame to obtain a ciphertext video frame and a first message authentication code, request the acquiring device 11 to obtain a first key, and generate a second message authentication code based on the key video frame and the first key in response to receiving the first key; comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code; or, for generating a third key; encrypting the plaintext video frame by using a third key to obtain a ciphertext video frame; the method comprises the following steps that a plaintext video frame is obtained from a collecting device; generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth safe video frame, acquiring a third key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
Referring to fig. 11, fig. 11 is a schematic structural diagram of a video data transmission system according to a second embodiment of the present invention.
In one embodiment, the transmission system of the video data comprises an acquisition device 11, a receiving device 12 and a management device 13.
The acquisition device 11 comprises a first channel 111 and a second channel 112. The capturing device 11 transmits the first secure video frame to the receiving device 12 via the first channel 111 and the first key to the receiving device 12 via the second channel 112. The second channel 112 may be connected to a security module (not shown) of the acquisition device 11, and the security module may improve security of the generation of the first key and/or the second key and the cryptography calculation process, improve reliability of transmission of the first key, and transmit a control instruction through the second channel 112, which is not described herein again.
Optionally, the receiving device 12 may include a security module (not shown) for generating the third key and the fourth key in the above embodiments, so as to implement separate enablement of the video data secure storage.
The management device 13 may be an optional security device according to a specific scenario, and is configured to generate, query, and manage the first key and/or the second key, and when the management device 13 generates the second key, also generate, query, and manage a key identifier of the corresponding second key.
The specific operation of the video data transmission system is as described in the above embodiments, and will not be described herein.
Referring to fig. 12, fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
In an embodiment, the electronic device 20 comprises a processor 21, and the processor 21 may also be referred to as a Central Processing Unit (CPU). The processor 21 may be an integrated circuit chip having signal processing capabilities. The processor 21 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor 21 may be any conventional processor or the like.
The electronic device 20 may further include a memory (not shown) for storing instructions and data required for the processor 21 to operate.
The processor 21 is arranged to execute instructions to implement a method of protection of video data as set out in any one of the embodiments above, or a method of encryption of video data as set out in any one of the embodiments above, or a method of verification of video data as set out in any one of the embodiments above.
Referring to fig. 13, fig. 13 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the invention.
In an embodiment, the computer readable storage medium 30 is used for storing instructions/program data 31, and the instructions/program data 31 can be executed to implement the protection method for video data as set forth in any one of the above embodiments, or the encryption method for video data as set forth in any one of the above embodiments, or the verification method for video data as set forth in any one of the above embodiments, which will not be described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are illustrative, e.g., a division of modules or units into one type of logical functional division, and additional divisions may be implemented in practice, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, the technical solution of the present invention, which is substantially or partly contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a computer readable storage medium 30 and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method set forth in the embodiments of the present invention. And the aforementioned computer-readable storage medium 30 includes: a U-disk, a portable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, a server, and various media capable of storing program codes.
In addition, in the present invention, unless otherwise expressly specified or limited, the terms "connected," "stacked," and the like are to be construed broadly, e.g., as meaning permanently connected, detachably connected, or integrally formed; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (21)
1. A method for protecting video data, the method comprising:
the acquisition equipment generates a first secret key;
the acquisition equipment encrypts a plaintext video frame by using the first key to obtain a ciphertext video frame;
the acquisition equipment generates a first message authentication code based on the first secret key and the ciphertext video frame, and splices the ciphertext video frame and the first message authentication code to generate a first safety video frame;
receiving the first key and the first secure video frame from the acquisition device by receiving equipment, and analyzing the first secure video frame to obtain the ciphertext video frame and the first message authentication code;
the receiving equipment generates a second message authentication code based on the ciphertext video frame and the first secret key;
and the receiving equipment compares the first message authentication code with the second message authentication code, and judges that the verification is passed if the first message authentication code is matched with the second message authentication code.
2. The method of claim 1, wherein the generating a first message authentication code based on the first key and the ciphertext video frame comprises:
the acquisition equipment acquires an acquisition equipment identifier;
and the acquisition equipment performs abstract algorithm processing on the first secret key, the acquisition equipment identifier and the ciphertext video frame to generate the first message authentication code.
3. The method of claim 2, wherein the generating a second message authentication code based on the ciphertext video frame and the first key comprises:
the receiving equipment acquires the acquisition equipment identification;
the receiving device performs digest algorithm processing on the ciphertext video frame, the acquisition device identifier and the first key to generate the second message authentication code; wherein a digest algorithm utilized to generate the second message authentication code matches a digest algorithm utilized to generate the first message authentication code.
4. The method for protecting video data according to claim 2 or 3, wherein the receiving device obtaining the capture device identifier comprises:
the acquisition equipment splices the acquisition equipment identification, the ciphertext video frame and the first message authentication code to generate the first safe video frame;
and the receiving equipment receives and analyzes the first safe video frame to obtain the acquisition equipment identification.
5. The method for protecting video data according to claim 1, wherein the receiving device receiving the first key and the first secure video frame from the capturing device comprises:
the acquisition equipment transmits the first secret key to the receiving equipment;
the capture device transmits the first secure video frame to the receiving device.
6. The method of claim 1,
the first key is a true random number.
7. The method for protecting video data according to claim 1, wherein said determining that the check is passed comprises:
the receiving equipment encrypts the first key to obtain a key parameter combination;
and the receiving equipment splices the key parameter combination with the first safe video frame to generate and store a second safe video frame.
8. The method for protecting video data according to claim 7, wherein said encrypting the first key to obtain a key parameter combination comprises:
the receiving equipment acquires a second key generated by the storage or management equipment of the receiving equipment and a key identification of the second key; wherein the key identification of the second key is used for identifying the second key;
the receiving equipment encrypts the first key by using the second key to generate a first key ciphertext;
and the receiving equipment splices the first key ciphertext and the key identifier of the second key to generate the key parameter combination.
9. The method for protecting video data according to claim 8, wherein the second secure video frame is formed by splicing the key parameter combination, the capture device identifier, the first message authentication code, and the ciphertext video frame; the method further comprises the following steps:
the receiving device parses the second secure video frame;
the receiving equipment acquires the second key based on the key identification of the second key obtained by analysis;
the receiving equipment decrypts the first key ciphertext by using the second key to obtain the first key;
the receiving device generates a third message authentication code by using the first key obtained by decryption and the acquisition device identifier and the ciphertext video frame obtained by analysis;
and the receiving equipment compares the third message authentication code with the first message authentication code obtained by analysis, and judges that the verification is passed if the third message authentication code is matched with the first message authentication code obtained by analysis.
10. The method for protecting video data according to claim 7, further comprising:
the exporting equipment requests to acquire a third secure video frame;
the receiving equipment encrypts the first key by using the derived key to generate a second key ciphertext;
replacing the key parameter combination in the second secure video frame with the second key ciphertext by the receiving device to generate a third secure video frame;
the derivation device, in response to receiving the derived key, decrypts the second key ciphertext in the third secure video frame to obtain the first key; generating a fourth message authentication code based on the first key and the ciphertext video frame;
and the derivation equipment compares the fourth message authentication code with the first message authentication code, and judges that the verification is passed if the fourth message authentication code is matched with the first message authentication code.
11. The method for protecting video data according to any one of claims 1, 9 and 10, wherein the method further comprises:
responding to the verification passing, and performing decryption processing on the ciphertext video frame; wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
12. A method for protecting video data, the method comprising:
the receiving device generates a third key;
encrypting the plaintext video frame by using the third key to obtain a ciphertext video frame; the plaintext video frame is acquired from acquisition equipment;
generating a fifth message authentication code based on the third key and the ciphertext video frame, splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame;
responding to the calling of the fourth secure video frame, acquiring the third key generated by the receiving equipment, and analyzing the fourth secure video frame to obtain the ciphertext video frame and the fifth message authentication code;
generating a sixth message authentication code by using the ciphertext video frame and the third key;
and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed if the fifth message authentication code is matched with the sixth message authentication code.
13. The method for protecting video data according to claim 12, wherein said generating a fifth message authentication code based on the third key and the ciphertext video frame comprises:
the receiving equipment acquires an acquisition equipment identifier;
and performing abstract algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a fifth message authentication code.
14. The method for protecting video data according to claim 13, wherein said generating a sixth message authentication code using said ciphertext video frame and said third key comprises:
acquiring an acquisition equipment identifier;
and performing digest algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a sixth message authentication code.
15. The method for protecting video data according to claim 14, wherein said concatenating the ciphertext video frame with the fifth message authentication code to generate a fourth secure video frame comprises:
the receiving equipment acquires an acquisition equipment identifier, and acquires a fourth key generated by the receiving equipment or the self storage or management equipment and a key identifier of the fourth key; the key identification of the fourth key is used for identifying the fourth key and the source of the fourth key;
encrypting the third key by using the fourth key to generate a third key ciphertext;
and splicing the key identification of the fourth key, the third key ciphertext, the acquisition equipment identification, the fifth message authentication code and the ciphertext video frame to generate the fourth safe video frame.
16. The method for protecting video data according to claim 15, wherein said obtaining the third key generated by the receiving device itself comprises:
parsing the fourth secure video frame;
acquiring the fourth key based on the key identification of the fourth key obtained by analysis;
and decrypting the third key ciphertext by using the fourth key to obtain the third key.
17. A method for encrypting video data, the method comprising:
generating a first key;
encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame;
generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame;
transmitting the first key and the first secure video frame to a receiving device.
18. A method for verifying video data, the method comprising:
receiving a first key and a first safe video frame from acquisition equipment, and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code;
generating a second message authentication code by using the ciphertext video frame and the first key;
and comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
19. A system for transmitting video data, comprising:
the acquisition equipment is used for generating a first secret key; encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame; generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame; transmitting the first key and the first secure video frame to a receiving device;
the receiving equipment is in communication connection with the acquisition equipment and is used for receiving a first key and a first safe video frame from the acquisition equipment and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code; generating a second message authentication code by using the ciphertext video frame and the first key; comparing the first message authentication code with the second message authentication code, and judging that the verification is passed if the first message authentication code is matched with the second message authentication code; or, generating a third key; encrypting the plaintext video frame by using the third key to obtain a ciphertext video frame; the plaintext video frame is acquired from acquisition equipment; generating a fifth message authentication code based on the third key and the ciphertext video frame, splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth secure video frame, acquiring the third key generated by the receiving equipment, and analyzing the fourth secure video frame to obtain the ciphertext video frame and the fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed if the fifth message authentication code is matched with the sixth message authentication code.
20. An electronic device, comprising:
a processor for executing instructions to implement the method of protecting video data of any one of claims 1 to 11, or the method of protecting video data of any one of claims 12 to 16, or the method of encrypting video data of claim 17, or the method of verifying video data of claim 18.
21. A computer-readable storage medium for storing instructions/program data executable to implement a method of protecting video data according to any one of claims 1 to 11, or a method of protecting video data according to any one of claims 12 to 16, or a method of encrypting video data according to claim 17, or a method of verifying video data according to claim 18.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210589634.XA CN114928756B (en) | 2022-05-27 | 2022-05-27 | Video data protection, encryption and verification method, system and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210589634.XA CN114928756B (en) | 2022-05-27 | 2022-05-27 | Video data protection, encryption and verification method, system and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114928756A true CN114928756A (en) | 2022-08-19 |
| CN114928756B CN114928756B (en) | 2023-03-17 |
Family
ID=82810125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210589634.XA Active CN114928756B (en) | 2022-05-27 | 2022-05-27 | Video data protection, encryption and verification method, system and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114928756B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118410203A (en) * | 2024-06-26 | 2024-07-30 | 杭州海康威视系统技术有限公司 | Video data storage and video playback methods, devices and equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2005201982A1 (en) * | 1999-09-30 | 2005-06-02 | Qualcomm Incorporated | Method and apparatus for encrypting transmissions in a communication system |
| JP2009239846A (en) * | 2008-03-28 | 2009-10-15 | Dainippon Printing Co Ltd | Data encryption decoding method, data encryption decoding system, data encryption apparatus, and data decoding apparatus |
| CN102013975A (en) * | 2010-06-29 | 2011-04-13 | 北京飞天诚信科技有限公司 | Secret key management method and system |
| CN105791277A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication method |
| CN108615155A (en) * | 2018-05-02 | 2018-10-02 | 飞天诚信科技股份有限公司 | A method of differentiating Transaction Information integrality |
| CN109714291A (en) * | 2017-10-25 | 2019-05-03 | 普天信息技术有限公司 | A kind of data transmission method and device |
| CN110474908A (en) * | 2019-08-16 | 2019-11-19 | 微位(深圳)网络科技有限公司 | Transaction monitoring and managing method and device, storage medium and computer equipment |
| CN112202754A (en) * | 2020-09-25 | 2021-01-08 | 中国建设银行股份有限公司 | Data encryption method and device, electronic equipment and storage medium |
| WO2021114891A1 (en) * | 2019-12-11 | 2021-06-17 | 中兴通讯股份有限公司 | Key encryption method and decryption method, and, data encryption method and decryption method |
| CN114095259A (en) * | 2021-11-23 | 2022-02-25 | 中国银行股份有限公司 | Authentication encryption and decryption device and method |
-
2022
- 2022-05-27 CN CN202210589634.XA patent/CN114928756B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2005201982A1 (en) * | 1999-09-30 | 2005-06-02 | Qualcomm Incorporated | Method and apparatus for encrypting transmissions in a communication system |
| JP2009239846A (en) * | 2008-03-28 | 2009-10-15 | Dainippon Printing Co Ltd | Data encryption decoding method, data encryption decoding system, data encryption apparatus, and data decoding apparatus |
| CN102013975A (en) * | 2010-06-29 | 2011-04-13 | 北京飞天诚信科技有限公司 | Secret key management method and system |
| CN105791277A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication method |
| CN109714291A (en) * | 2017-10-25 | 2019-05-03 | 普天信息技术有限公司 | A kind of data transmission method and device |
| CN108615155A (en) * | 2018-05-02 | 2018-10-02 | 飞天诚信科技股份有限公司 | A method of differentiating Transaction Information integrality |
| CN110474908A (en) * | 2019-08-16 | 2019-11-19 | 微位(深圳)网络科技有限公司 | Transaction monitoring and managing method and device, storage medium and computer equipment |
| WO2021114891A1 (en) * | 2019-12-11 | 2021-06-17 | 中兴通讯股份有限公司 | Key encryption method and decryption method, and, data encryption method and decryption method |
| CN112202754A (en) * | 2020-09-25 | 2021-01-08 | 中国建设银行股份有限公司 | Data encryption method and device, electronic equipment and storage medium |
| CN114095259A (en) * | 2021-11-23 | 2022-02-25 | 中国银行股份有限公司 | Authentication encryption and decryption device and method |
Non-Patent Citations (1)
| Title |
|---|
| 牛少彰,童小海,韩藤跃: "《移动互联网安全》", 30 June 2020 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118410203A (en) * | 2024-06-26 | 2024-07-30 | 杭州海康威视系统技术有限公司 | Video data storage and video playback methods, devices and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114928756B (en) | 2023-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835511A (en) | Data security transmission method and device, computer equipment and storage medium | |
| CN113014539B (en) | Internet of things equipment safety protection system and method | |
| CN110891061B (en) | Data encryption and decryption method and device, storage medium and encrypted file | |
| US10341305B2 (en) | Encrypted communications method and communications terminal, and computer storage medium | |
| CN112823503B (en) | Data access method, data access device and mobile terminal | |
| CN112653556B (en) | TOKEN-based micro-service security authentication method, device and storage medium | |
| CN112055019B (en) | Method for establishing communication channel and user terminal | |
| CN111127014B (en) | Transaction information processing method, server, user terminal, system and storage medium | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| CN109831782B (en) | Safety transmission verification method for electronic card information | |
| WO2018227471A1 (en) | Secure processing method and apparatus for biometric feature data, sensor, and terminal device | |
| US11720693B2 (en) | System and method for securely transferring data | |
| CN106453430A (en) | Method and device for verifying encrypted data transmission paths | |
| CN112073418B (en) | Encrypted flow detection method and device and computer readable storage medium | |
| CN113660725A (en) | Positioning anti-cheating method, device and system, computer equipment and storage medium | |
| US9756044B2 (en) | Establishment of communication connection between mobile device and secure element | |
| CN113722741A (en) | Data encryption method and device and data decryption method and device | |
| CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
| CN116405734B (en) | Data transmission method and system for ensuring data security | |
| CN114928756B (en) | Video data protection, encryption and verification method, system and equipment | |
| US20220345292A1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| CN106411964A (en) | Traceable and encrypted data transmission method and device | |
| CN114374519B (en) | Data transmission method, system and equipment | |
| CN114826729B (en) | Data processing method, page updating method and related hardware | |
| CN111866554B (en) | Multimedia safe playing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |