CN114928756B - Video data protection, encryption and verification method, system and equipment - Google Patents
Video data protection, encryption and verification method, system and equipment Download PDFInfo
- Publication number
- CN114928756B CN114928756B CN202210589634.XA CN202210589634A CN114928756B CN 114928756 B CN114928756 B CN 114928756B CN 202210589634 A CN202210589634 A CN 202210589634A CN 114928756 B CN114928756 B CN 114928756B
- Authority
- CN
- China
- Prior art keywords
- key
- video frame
- authentication code
- message authentication
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
Abstract
The invention discloses a method, a system and equipment for protecting, encrypting and verifying video data. The video data protection method comprises the following steps: the method comprises the steps that acquisition equipment generates a first secret key, a plaintext video frame is encrypted by the first secret key to obtain a ciphertext video frame, a first message authentication code is generated based on the first secret key and the ciphertext video frame, and the ciphertext video frame and the first message authentication code are spliced to generate a first safe video frame; the receiving equipment receives the first key and the first safe video frame from the acquisition equipment, analyzes the first safe video frame, and generates a second message authentication code based on the ciphertext video frame and the first key; the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code. By the mode, the method and the device are beneficial to safe transmission of the video data, and can also improve the performance of video data verification, so that the integrity and the reliability of the video data are guaranteed.
Description
Technical Field
The present invention relates to the field of video data transmission technologies, and in particular, to a video data protection method, a video data encryption method, a video data verification method, a video data transmission system, an electronic device, and a computer-readable storage medium.
Background
With the rapid development of technologies such as mobile internet, 5G and the like, the proportion of video transmission in network traffic is over seven, and the proportion tends to be further improved. Video data may contain a large amount of sensitive information belonging to organs, enterprises, public institutions, and the like, and thus, the need for preventing leakage and tampering of video data is increasing.
However, in the existing video data transmission method, due to the unreasonable design of the verification process, the confidentiality and integrity of the media stream of the video data are poor, the encryption and decryption performance of the verification process is poor, the overall performance of the video transmission system is affected, and high implementation cost is required.
Disclosure of Invention
In view of the above, the technical problem mainly solved by the present invention is to provide a video data protection method, a video data encryption method, a video data verification method, a video data transmission system, an electronic device, and a computer-readable storage medium, which can safely transmit video data and improve the video data verification performance, so as to be beneficial to ensuring the integrity and reliability of video data.
In order to solve the technical problems, the invention adopts a technical scheme that: there is provided a method of protecting video data, the method comprising: the acquisition equipment generates a first key; the acquisition equipment encrypts the plaintext video frame by using the first key to obtain a ciphertext video frame; the acquisition equipment generates a first message authentication code based on the first secret key and the ciphertext video frame, and splices the ciphertext video frame and the first message authentication code to generate a first safe video frame; the receiving equipment receives the first key and the first safe video frame from the acquisition equipment, and analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code; the receiving equipment generates a second message authentication code based on the ciphertext video frame and the first secret key; the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the match.
In an embodiment of the present invention, generating the first message authentication code based on the first key and the ciphertext video frame includes: acquiring an acquisition equipment identifier by acquisition equipment; and the acquisition equipment performs abstract algorithm processing on the first secret key, the acquisition equipment identifier and the ciphertext video frame to generate a first message authentication code.
In an embodiment of the present invention, generating the second message authentication code based on the ciphertext video frame and the first key comprises: the receiving equipment acquires an acquisition equipment identifier; the receiving equipment performs digest algorithm processing on the ciphertext video frame, the acquisition equipment identifier and the first key to generate a second message authentication code; wherein the digest algorithm utilized to generate the second message authentication code matches the digest algorithm utilized to generate the first message authentication code.
In an embodiment of the present invention, the acquiring, by the receiving device, the identifier of the acquisition device includes: the acquisition equipment splices the acquisition equipment identification, the ciphertext video frame and the first message authentication code to generate a first safe video frame; and the receiving equipment receives and analyzes the first safe video frame to obtain the acquisition equipment identification.
In an embodiment of the invention, the receiving device receiving the first key and the first secure video frame from the capturing device comprises: the acquisition equipment transmits a first secret key to the receiving equipment; the capture device transmits a first secure video frame to the receiving device.
In an embodiment of the invention, the first key is a true random number.
In an embodiment of the present invention, determining that the verification passes comprises: the receiving equipment encrypts the first key to obtain a key parameter combination; and the receiving equipment splices the key parameter combination with the first safe video frame to generate and store a second safe video frame.
In an embodiment of the present invention, the encrypting the first key to obtain the key parameter combination includes: the receiving equipment acquires a second key generated by the self storage or management equipment and a key identification of the second key; the key identification of the second key is used for identifying the second key; the receiving equipment encrypts the first key by using the second key to generate a first key ciphertext; and the receiving equipment splices the first key ciphertext and the key identifier of the second key to generate a key parameter combination.
In an embodiment of the present invention, the second secure video frame is formed by splicing a key parameter combination, a capture device identifier, a first message authentication code, and a ciphertext video frame; the method further comprises the following steps: the receiving equipment analyzes the second safe video frame; the receiving equipment acquires a second key based on the key identification of the second key obtained by analysis; the receiving equipment decrypts the first key ciphertext by using the second key to obtain a first key; the receiving equipment generates a third message authentication code by using the first secret key obtained by decryption and the acquisition equipment identifier and the ciphertext video frame obtained by analysis; the receiving equipment compares the third message authentication code with the first message authentication code obtained by analysis, and judges that the verification is passed in response to the matching of the third message authentication code and the first message authentication code.
In an embodiment of the present invention, the derivation device requests to obtain a third secure video frame, and the reception device encrypts the first key using the derivation key to generate a second key ciphertext; the receiving equipment replaces the key parameter combination in the second secure video frame with a second key ciphertext to generate a third secure video frame; the derivation equipment responds to the received derivation key and decrypts a second key ciphertext in the third secure video frame to obtain a first key; generating a fourth message authentication code based on the first key and the ciphertext video frame; the derivation device compares the fourth message authentication code with the first message authentication code, and judges that the verification is passed in response to a match between the fourth message authentication code and the first message authentication code.
In an embodiment of the present invention, in response to the verification passing, the ciphertext video frame is decrypted; wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided a method of protecting video data, the method comprising: the receiving device generates a third key; encrypting the plaintext video frame by using a third key to obtain a ciphertext video frame; the method comprises the following steps that a plaintext video frame is obtained from a collecting device; generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth safe video frame, acquiring a third key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
In an embodiment of the present invention, generating the fifth message authentication code based on the third key and the ciphertext video frame includes: the receiving equipment acquires an acquisition equipment identifier; and performing digest algorithm processing on the third secret key, the acquisition equipment identifier and the ciphertext video frame to generate a fifth message authentication code.
In an embodiment of the present invention, generating the sixth message authentication code by using the ciphertext video frame and the third key includes: acquiring an acquisition equipment identifier; and performing abstract algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a sixth message authentication code.
In an embodiment of the present invention, the generating the fourth secure video frame by splicing the ciphertext video frame and the fifth message authentication code includes: the receiving equipment acquires an acquisition equipment identifier, and acquires a fourth key generated by the receiving equipment or the storage or management equipment and a key identifier of the fourth key; the key identification of the fourth key is used for identifying the fourth key and the source of the fourth key; encrypting the third key by using the fourth key to generate a third key ciphertext; and splicing the key identification of the fourth key, the third key ciphertext, the acquisition equipment identification, the fifth message authentication code and the ciphertext video frame to generate a fourth safe video frame.
In an embodiment of the present invention, obtaining the third key generated by the receiving device itself includes: parsing the fourth secure video frame; acquiring a fourth key based on the key identification of the fourth key obtained by analysis; and decrypting the third key ciphertext by using the fourth key to obtain a third key.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided an encryption method of video data, the encryption method of video data comprising: generating a first key; encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame; generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame; the first key and the first secure video frame are transmitted to the receiving device.
In order to solve the technical problem, the invention adopts another technical scheme that: a method for verifying video data is provided, which comprises: receiving a first key and a first safe video frame from the acquisition equipment, and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code; generating a second message authentication code by using the ciphertext video frame and the first key; and comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided a transmission system of video data, the transmission system of video data comprising: the device comprises acquisition equipment and receiving equipment; the acquisition equipment is used for generating a first key; encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame; generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame; transmitting a first key and a first secure video frame to a receiving device; the receiving equipment is in communication connection with the acquisition equipment and is used for receiving the first key and the first safe video frame from the acquisition equipment and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code; generating a second message authentication code by using the ciphertext video frame and the first key; comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code; or, generating a third key; encrypting the plaintext video frame by using a third key to obtain a ciphertext video frame; the method comprises the following steps that a plaintext video frame is obtained from a collecting device; generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth safe video frame, acquiring a third key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided an electronic device comprising a processor, the processor being configured to execute instructions to implement the method for protecting video data in any of the above embodiments, or the method for encrypting video data in any of the above embodiments, or the method for verifying video data in any of the above embodiments.
In order to solve the technical problem, the invention adopts another technical scheme that: there is provided a computer readable storage medium for storing instructions/program data executable to implement a method of protecting video data as in any one of the above embodiments, or a method of encrypting video data as in any one of the above embodiments, or a method of verifying video data as in any one of the above embodiments.
The invention has the beneficial effects that: different from the prior art, the video data are verified by the acquisition equipment and the receiving equipment by using the message authentication code, the acquisition equipment generates the first message authentication code based on the ciphertext video frame and the first key, the receiving equipment generates the second message authentication code based on the ciphertext video frame and the first key acquired from the acquisition equipment, and the first message authentication code and the second message authentication code are compared to check whether the video data are falsified, namely, the integrity and the reliability of the video data are checked, so that the video data are transmitted safely, the video data checking performance is improved, and the integrity and the reliability of the video data are favorably realized. Meanwhile, the receiving device is used for generating a first key of the second message authentication code, and the first key is sent to the receiving device by the acquisition device, in other words, the first key is transmitted through communication between the acquisition device and the receiving device, so that the risk that the first key is decoded or tampered is reduced, and the reliability of the first key is improved, thereby being beneficial to safe transmission of video data, improving the performance of video data verification, and further being beneficial to ensuring the integrity and reliability of the video data.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. Moreover, the drawings and the description are not intended to limit the scope of the inventive concept in any way, but rather to illustrate it by those skilled in the art with reference to specific embodiments.
Fig. 1 is a flowchart illustrating a first embodiment of a method for protecting video data according to the present invention;
fig. 2 is a flowchart illustrating a second embodiment of the method for protecting video data according to the present invention;
FIG. 3 is a block diagram of a first embodiment of a secure video frame;
FIG. 4 is a block diagram of a second embodiment of a secure video frame;
FIG. 5 is a block diagram of a third embodiment of a secure video frame according to the present invention;
FIG. 6 is a flowchart illustrating an embodiment of a method for encrypting video data according to the present invention;
FIG. 7 is a flowchart illustrating a method for verifying video data according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating a video data protection method according to a third embodiment of the present invention;
FIG. 9 is a block diagram of a fourth embodiment of a secure video frame;
fig. 10 is a schematic structural diagram of a first embodiment of a video data transmission system according to the present invention;
fig. 11 is a schematic structural diagram of a second embodiment of the video data transmission system of the present invention;
FIG. 12 is a schematic diagram of an embodiment of an electronic device;
FIG. 13 is a schematic structural diagram of an embodiment of a computer-readable storage medium of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The embodiments and features of the embodiments described below can be combined with each other without conflict.
In order to solve the technical problem of unreasonable design of a verification process during video data transmission in the prior art, the invention provides a video data protection method, which comprises the following steps: the acquisition equipment generates a first secret key; the acquisition equipment encrypts the plaintext video frame by using the first key to obtain a ciphertext video frame; the collecting equipment splices the ciphertext video frame and the first message authentication code to generate a first safe video frame for transmission; the first message authentication code is generated based on the first secret key and the ciphertext video frame; the receiving equipment receives and analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code, and requests acquisition of a first secret key from the acquisition equipment; the receiving device generates a second message authentication code based on the ciphertext video frame and the first key in response to receiving the first key; the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code. As will be described in detail below.
Referring to fig. 1, fig. 1 is a flowchart illustrating a video data protection method according to a first embodiment of the present invention. It should be noted that the protection method for video data set forth in this embodiment is not limited to the following steps:
s101: the acquisition device generates a first key.
In this embodiment, after acquiring a plaintext video frame, the acquisition device generates the first key by itself, so that redundant steps of acquiring the first key from a third-party device are reduced, and meanwhile, the risk of tampering the acquired first key can be reduced.
S102: the acquisition equipment encrypts the plaintext video frame by using the first key to obtain the ciphertext video frame.
In the embodiment, the acquisition device encrypts the plaintext video frame by using the first key generated by the acquisition device to obtain the ciphertext video frame, so that the security of the video data is improved, and the decoding complexity of an attacker is increased.
S103: the acquisition equipment generates a first message authentication code based on the first secret key and the ciphertext video frame, and splices the ciphertext video frame and the first message authentication code to generate a first safe video frame.
In this embodiment, the acquisition device may obtain the first message authentication code using the first key and the ciphertext video frame as calculation parameters, that is, the first message authentication code is generated based on the first key and the ciphertext video frame, and the first message authentication code may be used to check integrity and reliability of the video data, in other words, to check whether the video data is falsified, and also to check whether the video data is a false message or a forged message.
After the acquisition equipment obtains the first message authentication code, the ciphertext video frame is spliced with the first message authentication code to generate a first safe video frame. The first secure video frame is used for transmission and is transmitted by the capture device to the receiving device.
S104: the receiving device receives the first key and the first safe video frame from the collecting device, and analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code.
In this embodiment, a receiving device receives a first key and a first secure video frame transmitted by a capturing device; the first key is used for generating the first message authentication code, and the receiving device acquires the first key by the collecting device alone. In other words, the transmission instant and/or transmission mode of the first key may be different from the transmission instant and/or transmission mode of the first secure video frame. And the receiving equipment analyzes the first safe video frame to obtain a ciphertext video frame and a first message authentication code which are included in the first safe video frame.
S105: the receiving device generates a second message authentication code based on the ciphertext video frame and the first key.
In this embodiment, in response to acquiring the first key and the ciphertext video frame, the receiving device may be capable of generating a second message authentication code based on the ciphertext video frame and the first key; the ciphertext video frame is obtained by analyzing the first safety video frame, and the first key is obtained by the receiving equipment from the collecting equipment. Because the first secret key is generated by the acquisition equipment and is transmitted to the receiving equipment by the acquisition equipment, the risk that the first secret key is tampered can be reduced, and the security of acquiring the first secret key is improved.
S106: the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
In this embodiment, after generating the second message authentication code, the receiving device may compare the second message authentication code with the parsed first message authentication code, determine whether the first message authentication code matches the second message authentication code, and when the first message authentication code does not match the second message authentication code, consider that the received first secure video frame is tampered or forged, and do not decrypt the parsed ciphertext video frame. And in response to the first message authentication code being matched with the second message authentication code, judging that the verification is passed and considering that the first safe video frame is sent by the acquisition equipment. Compared with the traditional signature mechanism based on the asymmetric algorithm, the time consumption for generating the first message authentication code and the second message authentication code for verification is less, and the video delay can be greatly reduced under the same hardware capability, so that the overall performance of the video data protection method is improved.
If the first message authentication code is not matched with the second message authentication code, the ciphertext video frame used for generating the second message authentication code is different from the ciphertext video frame used for generating the first message authentication code, and the first secure video frame is considered to be forged or tampered. Similarly, when the first message authentication code is matched with the second message authentication code, the ciphertext video frame used for generating the second message authentication code is matched with the ciphertext video frame used for generating the first message authentication code, and the first security video frame is considered to be transmitted by the acquisition equipment, so that the integrity of the first security video frame is checked.
Therefore, the integrity and reliability of the first secure video frame can be verified based on the first message authentication code and the second message authentication code, the first key used by the second message authentication code generated by the receiving equipment is directly sent to the receiving equipment by the collecting equipment, the risk that the first key is forged or tampered can be further reduced, the secure transmission of video data is facilitated, the video data verification performance can be improved, and the integrity and reliability of the video data are further facilitated to be guaranteed.
Referring to fig. 2 to 5, fig. 2 is a flowchart illustrating a video data protection method according to a second embodiment of the present invention, fig. 3 is a schematic structural diagram illustrating a first secure video frame according to an embodiment of the present invention, fig. 4 is a schematic structural diagram illustrating a second secure video frame according to an embodiment of the present invention, and fig. 5 is a schematic structural diagram illustrating a third secure video frame according to an embodiment of the present invention. It should be noted that the protection method for video data set forth in this embodiment is not limited to the following steps:
s201: the acquisition device generates a first key.
In this embodiment, the generation of the first key by the acquisition device is the same as that in step S101 in the foregoing embodiment, and is not described herein again. Further, the first key is a true random number, so that the first key is not guessable, to reduce the risk of the first key being forged.
S202: the acquisition equipment encrypts the plaintext video frame by using the first key to obtain the ciphertext video frame.
In this embodiment, the acquiring device encrypts the plaintext video frame by using the first key, and the obtained ciphertext video frame is the same as that in step S102 in the foregoing embodiment, which is not described herein again.
Furthermore, when the first key is a true random number, the plaintext video frame is encrypted by the first key, so that the security of the encryption process of encrypting the plaintext video frame by the first key can be improved, the difficulty of decoding the ciphertext video frame is improved, the security of the ciphertext video frame is improved, and the confidentiality protection of the video is realized.
Optionally, when the first key encrypts the plaintext video frame generated by the acquisition device to obtain the ciphertext video frame, the plaintext video frame may be encrypted by using a symmetric algorithm, so as to reduce the cost of the algorithm. For example, the symmetric algorithm SM1, the symmetric algorithm SM4, the symmetric algorithm AES256, etc., are not limited herein.
S203: the capture device generates a first secure video frame.
In this embodiment, the generation of the first secure video frame by the capturing device is the same as step S103 in the above embodiment, and is not repeated herein.
Optionally, the capture device may stitch the ciphertext video frame with the first message authentication code to generate a first secure video frame, and transmit the first secure video frame and the first key to the receiving device.
For example, as shown in fig. 2, the acquiring device transmits the first key to the receiving device, and then the acquiring device transmits the first secure video frame to the receiving device, that is, the acquiring device transmits the first key to the receiving device before transmitting the first secure video frame to the receiving device, so that the receiving device can check the first key in time after receiving the first secure video frame, without further waiting for the acquiring device to send the first key, thereby facilitating to improve checking efficiency. It should be noted that, in this embodiment, it is only required to ensure that the acquiring device transmits the first key to the receiving device first, and then transmits the first secure video frame, and the transmission time of the first key is only illustrated in fig. 2. In an alternative embodiment, the capture device may transmit the first key to the receiving device after encrypting the plaintext video frames with the first key; or, the acquiring device generates the first key and then transmits the first key to the receiving device, which is not limited herein.
Furthermore, the acquisition device can also obtain an acquisition device identifier, and the acquisition device identifier is used for identifying the acquisition device so as to facilitate tracing the source of the video data. The acquisition device identifier may be acquired before step S201, between step S201 and step S202, or between step S202 and step S203, which is not limited herein.
The collecting device splices the collecting device identification, the ciphertext video frame and the first message authentication code to obtain a first safe video frame (as shown in fig. 3), so that integrity and reliability of the video data can be verified based on the first message authentication code, the first safe video frame can be traced based on the collecting device identification, and confidentiality of the video data can be ensured based on the ciphertext video frame.
The first message authentication code may also include information related to the capturing device identifier, that is, the first message authentication code may be generated based on the capturing device identifier, the first secret key, and the ciphertext video frame, so as to further increase the complexity of the first message authentication code, and thus increase the reliability of the verification result of the first security video frame. Optionally, the generating of the first message authentication code may be a digest algorithm processing performed on the capture device identifier, the first key, and the ciphertext video frame, for example, the digest algorithm SM3 and the digest algorithm SHA256, which is not limited herein. And abstracting the first key, the acquisition equipment identifier and the ciphertext video frame by using an abstraction algorithm to generate a first message authentication code as integrity check data.
S204: the receiving device parses the first secure video frame.
In this embodiment, the receiving device receives and parses the first secure video frame, and the step of requesting the first key from the acquiring device is the same as step S104 in the above embodiment, which is not described herein again.
Further, when the first secure video frame includes the acquisition device identifier, the ciphertext video frame, the first message authentication code and the acquisition device identifier can be obtained when the first secure video frame is analyzed.
S205: the receiving device generates a second message authentication code based on the ciphertext video frame and the first key.
In this embodiment, the receiving device, in response to receiving the first key, generates the second message authentication code based on the ciphertext video frame and the first key, which is the same as step S205 in the above embodiment, and is not repeated here.
Further, in response to the first message authentication code being generated based on the acquisition device identifier, the first key, and the ciphertext video frame, the receiving device may also be capable of obtaining the acquisition device identifier from the acquisition device; optionally, the first secure video frame may be sent to the receiving device by the capturing device, or the first secure video frame may be obtained by parsing the first secure video frame in step S204, which is not limited herein, and the following description illustrates an example where the receiving device obtains the capturing device identifier by parsing the first secure video frame.
The receiving equipment can perform digest algorithm processing on the ciphertext video frame, the acquisition equipment identifier and the first key to generate a second message authentication code so as to verify the first safe video frame by using the second message authentication code; the ciphertext video frame and the acquisition equipment identifier are acquired by analyzing the first safe video frame by the receiving equipment, and the first key is transmitted to the receiving equipment by the acquisition equipment.
Wherein the manner in which the second message authentication code is generated should match the manner in which the first message authentication code is generated; for example, when the first message authentication code is generated by performing digest algorithm processing on the capture device identifier, the first key, and the ciphertext video frame, the second message authentication code should also be generated by performing digest algorithm processing on the capture device identifier, the first key, and the ciphertext video frame, and the digest algorithm used for generating the second message authentication code should match with the digest algorithm used for generating the first message authentication code, so as to ensure that the first message authentication code matches with the second message authentication code when the first secure video frame is authentic and has not been tampered with.
S206: the receiving device compares the first message authentication code with the second message authentication code, and judges that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
In this embodiment, the receiving device compares the first message authentication code with the second message authentication code, and determines that the verification is passed in response to a match between the first message authentication code and the second message authentication code, which is the same as step S106 in the above embodiment and is not described herein again.
Further, in response to determining that the check passes, the receiving device allows for receipt of the first secure video frame, and the ciphertext video frame may be decrypted using the first key to allow the receiving device to retrieve the plaintext video frame and play. Wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames. The receiving device can also trace the source of the video data according to the identification of the acquisition device.
The receiving device may further store the plaintext video frame, and in order to ensure the security, confidentiality and reliability of the plaintext video frame, the first secure video frame may be further processed before the reel is dropped, in other words, the plaintext video frame may be stored after being processed, so as to ensure the confidentiality of the video data, which is described in the following by way of example.
S207: and the receiving equipment encrypts the first key to obtain a key parameter combination.
In this embodiment, when the receiving device ensures the security of video data storage, the receiving device may further perform encryption processing on the first key to obtain a key parameter combination, thereby reducing the risk of acquiring and deciphering the first key and increasing the complexity of the first key.
Optionally, the receiving device obtains the second key and a key identifier of the second key, where the second key and the key identifier of the second key may be stored by the receiving device itself or generated by the management device. As the name implies, the key identification of the second key is used to identify the second key and the source of the second key in order to retrieve the second key again.
The key parameter combination may include a first key ciphertext and a key identification of a second key. Specifically, the receiving device encrypts the first key by using the second key to generate a first key ciphertext, and may splice the first key ciphertext and the key identifier of the second key to generate a key parameter combination, so as to improve the confidentiality of the first key.
S208: and the receiving equipment splices the key parameter combination with the first safe video frame to generate a second safe video frame for storage.
In this embodiment, after generating the key parameter combination, the receiving device may splice the key parameter combination with the first secure video frame to generate a second secure video frame for storage by the receiving device.
For example, the key parameter combination may be spliced to the header of the first secure video frame to generate a second secure video frame (as shown in fig. 4), which is not limited herein. Specifically, when the key parameter combination includes a first key ciphertext and a key identifier of a second key, the second secure video frame is obtained by splicing the first key ciphertext, the key identifier of the second key, the acquisition device identifier, the first message authentication code, and the ciphertext video frame.
For example, the second key is generated by the management device, in the process that the receiving device stores the second secure video frame, the management device may generate a new second key and a key identifier of the second key, encrypt the first key by using the second key to obtain a new key parameter combination, replace the key parameter combination existing in the second secure video frame with the newly generated key parameter combination, and store and record each second key and the key identifier thereof by using the management device, so that the second secure video frame can be continuously updated when the second secure video frame is stored for a long time, the difficulty of attacking the second secure video frame is further improved, and the confidentiality of the second secure video frame is improved.
When the receiving device needs to use the second secure video frame, the second secure video frame may be checked to identify whether the second secure video frame has been tampered with or forged. As exemplified below.
S209: the receiving device parses the second secure video frame.
In this embodiment, when the receiving device needs to invoke the second secure video frame, the receiving device may parse the second secure video frame to obtain a key parameter combination (a key identifier of the first key ciphertext and the second key), a capture device identifier, a first message authentication code, and a ciphertext video frame.
S210: and the receiving equipment acquires the second key based on the key identification of the second key obtained by analysis.
In this embodiment, the receiving device obtains a corresponding second key from a generator of the second key based on the key identifier of the second key obtained through analysis. For example, when the second key is generated by the management device, the receiving device sends a request to the management device to obtain a matching second key when analyzing the key identifier of the second key.
S211: and the receiving equipment decrypts the first key ciphertext by using the second key to obtain the first key.
In this embodiment, the receiving device, in response to receiving the second key sent by the management device, decrypts the first key ciphertext with the second key to restore to obtain the first key, and meanwhile, can check whether the key parameter combination is tampered or forged, and further check whether the second secure video frame is tampered or forged. If the management device does not find a matching second key or the sent second key cannot decrypt the first key ciphertext, it may be considered that the second secure video frame has been tampered or forged.
S212: the receiving device generates a third message authentication code.
In this embodiment, after the receiving device obtains the first key, the device can generate the third message authentication code by using the first key, the collecting device identifier, and the ciphertext video frame. The first key is obtained by decrypting the first key ciphertext, and the acquisition device identifier and the ciphertext video frame may be obtained in step S209, so that the second secure video frame may be verified based on the confidentiality, reliability, integrity of the video data and the acquisition device.
S213: the receiving equipment compares the third message authentication code with the first message authentication code, and judges that the verification is passed in response to the matching of the third message authentication code and the first message authentication code.
In this embodiment, after the receiving device generates the third message authentication code, the first message authentication code obtained by parsing is compared with the third message authentication code, and in response to the match between the first message authentication code and the third message authentication code, if it is determined that the second secure video frame is not tampered and is not forged, it is determined that the verification is passed, and the ciphertext video frame is allowed to be decrypted by using the first key to obtain the plaintext video frame. Wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
In this embodiment, the receiving device is also allowed to export the video data to a third-party device for use, and the video data can be further processed to ensure the security of the export process; the third-party device, i.e. the exporting device in this embodiment, will exemplify the process of exporting the video data.
S214: the exporting device requests to acquire a third secure video frame.
In this embodiment, the exporting device may request the receiving device to obtain a third secure video frame, where the third secure video frame is generated after the receiving device processes the video data, and the third secure video frame is used for exporting from the receiving device to the exporting device.
S215: the receiving device encrypts the first key by using the derived key to generate a second key ciphertext.
In this embodiment, before exporting the video data, the receiving device may encrypt the first key with the derived key to generate a second key ciphertext, so as to reduce the risk of acquiring and deciphering the first key, and increase the complexity of the first key. The derived key may be set by a user at the time of derivation, generated by a special secure derivation storage device, and the like, and is not limited herein.
S216: and the receiving equipment replaces the key parameter combination in the second secure video frame with a second key ciphertext to generate a third secure video frame.
In this embodiment, after generating the second key ciphertext, the receiving device may replace the key parameter combination in the second secure video frame with the second key ciphertext to generate a third secure video frame (as shown in fig. 5), and may send the third secure video frame to the derivation device, so as to reduce processes of encryption, calculation, and the like when generating the third secure video frame, so that the fast and secure derivation of the video data may be implemented only by replacing the key parameter combination in the second secure video frame, and without re-decrypting and encrypting the entire video data.
S217: and the derivation equipment responds to the received derivation secret key, decrypts the second secret key cryptograph in the third safe video frame to obtain the first secret key, and generates a fourth message authentication code.
In this embodiment, after receiving the third secure video frame, the derivation device may analyze the third secure video frame to obtain a second key ciphertext, an acquisition device identifier, a first message authentication code, and a ciphertext video frame.
The derivation device is further capable of receiving a derivation key input by a user, decrypting the second key ciphertext with the derivation key in response to receiving the derivation key to obtain the first key, and generating a third secure video frame based on the first key, the capture device identifier, and the ciphertext video frame to enable verification of the third secure video frame with the fourth message authentication code.
In an alternative embodiment, when the first message authentication code is generated based on the first key and the ciphertext video frame, the fourth message authentication code should be generated based on the first key and the ciphertext video frame as well, so that the fourth message authentication code can match the first message authentication code when the third secure video frame has not been tampered with.
S218: the derivation device compares the fourth message authentication code with the first message authentication code, and judges that the verification is passed in response to a match between the fourth message authentication code and the first message authentication code.
In an embodiment, after generating the fourth message authentication code, the derivation device compares the fourth message authentication code with the first message authentication code obtained by parsing the third secure video frame, and in response to that the fourth message authentication code matches the first message authentication code, if it can be considered that the third secure video frame is not tampered and is not forged, it is determined that the verification is passed, and the ciphertext video frame is allowed to be decrypted by using the first key to obtain the plaintext video frame, so that the derivation device can use the plaintext video frame. Wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
Therefore, in the embodiment, the video data can be safely transmitted, safely stored, safely exported and traced without high implementation cost. It should be noted that the above embodiment is an example embodiment for completely explaining the protection method of video data of the present invention, and in an alternative embodiment, steps S201 to S206 may be used as separate embodiments for implementing secure transmission of video data; in yet another alternative embodiment, the steps S201 to S213 may be used as separate embodiments to implement secure transmission and secure storage of video data, and it can be seen that, in the present invention, the secure transmission and the secure storage of video data do not need to be completely bound, and may be individually enabled for the secure transmission of video data, and may also be individually enabled for the secure storage of video data (described later), so as to implement weak binding between the secure transmission and the secure storage of video data, and increase the flexibility of use of the video data protection method of the present invention.
Referring to fig. 6, fig. 6 is a flowchart illustrating an embodiment of a video data encryption method according to the present invention. It should be noted that the encryption method for video data set forth in this embodiment is not limited to the following steps:
s301: a first key is generated.
S302: and encrypting the plaintext video frame by using the first key to obtain the ciphertext video frame.
S303: and generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame.
The execution main body of the embodiment is acquisition equipment; wherein, step S301 in this embodiment is the same as steps S101 and S201 in the above embodiment; step S302 in the present embodiment is the same as steps S102, S202 in the above-described embodiment; step S303 in this embodiment is the same as steps S103 and S203 in the above embodiments, and is not described herein again.
Referring to fig. 7, fig. 7 is a flowchart illustrating a video data verification method according to an embodiment of the invention. It should be noted that the method for verifying video data set forth in this embodiment is not limited to the following steps:
s401: and receiving a first key and a first safe video frame from the acquisition equipment, and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code.
S402: and generating a second message authentication code based on the ciphertext video frame and the first key.
S403: and comparing the first message authentication code with the second message authentication code, and judging that the verification is passed in response to the matching of the first message authentication code and the second message authentication code.
The execution subject of the embodiment is a receiving device; wherein, step S401 in this embodiment is the same as steps S104 and S204 in the above embodiment; step S302 in the present embodiment is the same as steps S105, S205 in the above-described embodiment; step S403 in this embodiment is the same as steps S106 and S206 in the above embodiments, and is not described herein again.
The secure storage of video data individually enabled embodiments of the present invention are described in detail below. Referring to fig. 8, fig. 8 is a flowchart illustrating a video data protection method according to a third embodiment of the present invention. It should be noted that the protection method for video data set forth in this embodiment is not limited to the following steps:
s501: the receiving device generates a third key.
In this embodiment, in order to implement secure storage of video data, the receiving device generates the third key by itself before the video data is landed, so as to reduce a redundant step of acquiring the third key from a third-party device, and at the same time, it is possible to reduce a risk that the acquired third key is tampered.
S502: and encrypting the plaintext video frame by using the third key to obtain the ciphertext video frame.
In this embodiment, the receiving device encrypts the plaintext video frame by using the third key generated by the receiving device, to obtain a ciphertext video frame; the plaintext video frame is acquired by the receiving device from the acquisition device. The third key is used for encryption processing, so that the complexity and the safety of video data can be improved, and the decoding complexity of an attacker is increased.
S503: and generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame.
In this embodiment, the receiving device may obtain a fifth message authentication code using the third key and the ciphertext video frame as calculation parameters, that is, the fifth message authentication code is generated based on the third key and the ciphertext video frame, and the fifth message authentication code may be used to check confidentiality, integrity, and reliability of the video data, in other words, to check whether the video data is tampered, and also to check whether the video data is a false message or a forged message.
And after the receiving equipment obtains the fifth message authentication code, splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame. The fourth secure video frame is for storage by the receiving device.
S504: and responding to the calling of the fourth safe video frame, acquiring a third secret key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code.
In this embodiment, after the receiving device invokes the fourth secure video frame, the fourth secure video frame is parsed to obtain a ciphertext video frame and a fifth message authentication code included in the fourth secure video frame. At the same time, the receiving device queries for a third key used in generating the fifth authenticator.
S505: and generating a sixth message authentication code by using the ciphertext video frame and the third key.
In this embodiment, in response to acquiring the third key and the ciphertext video frame, the receiving device may generate a sixth message authentication code based on the ciphertext video frame and the third key; and the ciphertext video frame is obtained by analyzing the fourth safety video frame. Because the third key is generated by the receiving device and acquired again, the risk of tampering the third key can be reduced, and the security of acquiring the third key is improved.
S506: and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
In this embodiment, after the sixth message authentication code is generated, the receiving device may compare the sixth message authentication code with the fifth message authentication code obtained through parsing, determine whether the fifth message authentication code matches the sixth message authentication code, and when the fifth message authentication code does not match the sixth message authentication code, consider that the stored fourth secure video frame is tampered or forged, and do not decrypt the ciphertext video frame obtained through parsing. And in response to the fifth message authentication code being matched with the sixth message authentication code, judging that the verification is passed, and considering that the fourth secure video frame is generated and stored by the receiving equipment. Compared with the traditional signature mechanism based on the asymmetric algorithm, the time consumption for generating the fifth message authentication code and the sixth message authentication code for verification is less, and the video delay can be greatly reduced under the same hardware capability, so that the overall performance of the video data protection method is improved.
Furthermore, the fourth secure video frame of the present invention may incorporate the identifier of the capture device, so that it is possible to verify whether the capture devices for the plaintext video frames are consistent during the verification process, and further trace the source of the plaintext video frames protected in the fourth secure video frame. Referring to fig. 8 and 9 in combination, fig. 9 is a schematic structural diagram of a fourth secure video frame according to an embodiment of the present invention.
In this embodiment, the receiving device obtains the plaintext video frames from the capture device, and in order to improve the reliability of the storage process, the plaintext video frames may be encrypted and protected before the video data (the plaintext video frames) is landed.
Specifically, the receiving device generates a third key, and encrypts the plaintext video frame by using the third key to obtain the ciphertext video frame.
The receiving device also obtains a capture device identification, wherein the capture device identification is used for identifying the capture device that captures the plaintext video frames. And performing digest algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a fifth message authentication code, so that when the message authentication code is used for verifying the video data, the acquisition equipment information can be fused, and the performance of video data verification can be improved.
The receiving equipment acquires a fourth key generated by the self storage or management equipment and a key identifier of the fourth key; the key identifier of the fourth key is used for identifying the fourth key and the source of the fourth key. And the fourth key is used for encrypting the third key to generate a third key ciphertext, so that the risk of acquiring and decoding the third key is reduced, and the complexity of the third key is increased.
And splicing the key identifier of the fourth key, the third key ciphertext, the acquisition device identifier, the fifth message authentication code and the ciphertext video frame to generate and store a fourth secure video frame (as shown in fig. 9), and tracing the plaintext video frame by splicing the acquisition device identifier of the fourth secure video frame. For example, the third key is generated by the management device, in the process that the receiving device stores the fourth secure video frame, the management device may generate a new fourth key and a key identifier of the fourth key, encrypt the third key by using the fourth key to obtain a new third key ciphertext, replace the third key ciphertext existing in the fourth secure video frame with the newly generated third key ciphertext, and the management device may store and record each fourth key and the key identifier thereof, so that the fourth secure video frame may be continuously updated when the fourth secure video frame is stored for a long time, thereby further improving the difficulty of attacking the fourth secure video frame and improving the confidentiality of the fourth secure video frame.
And when the receiving equipment needs to call the stored fourth secure video frame and read the plaintext video frame in the fourth secure video frame, analyzing the fourth secure video frame to obtain a key identifier of a fourth key, a third key ciphertext, an acquisition equipment identifier, a fifth message authentication code and a ciphertext video frame.
And acquiring a fourth key based on the key identification of the fourth key, and decrypting the third key ciphertext by using the fourth key to obtain a third key. For example, when the fourth key is generated by the management device, the receiving device sends a request to the management device to obtain a matching fourth key when parsing the fourth secure video frame to obtain the key identifier of the fourth key.
Performing abstract algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a sixth message authentication code; the third key may be obtained by decrypting a third key ciphertext, and the acquisition device identifier and the ciphertext video frame may be obtained by parsing the fourth secure video frame.
And comparing the fifth message authentication code obtained by analyzing the fourth secure video frame with the sixth message authentication code, and judging that the verification is passed if the fourth secure video frame is not falsified and not forged in response to the matching of the fifth message authentication code and the sixth message authentication code, and allowing the third key to be used for decrypting the ciphertext video frame to obtain the plaintext video frame.
Of course, when the video data security storage is separately enabled, the security video frame for derivation may also be generated based on the fourth security video frame, and the specific embodiment is similar to the embodiment that generates the third security video frame using the second security video frame, and is not described herein again.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a video data transmission system according to a first embodiment of the invention.
In one embodiment, the transmission system of video data includes an acquisition device 11 and a receiving device 12; the acquisition device 11 is configured to generate a first key, and encrypt the plaintext video frame using the first key to obtain a ciphertext video frame; splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame for transmission; wherein the first message authentication code is for generating based on the first key and the ciphertext video frame.
The receiving device 12 is in communication connection with the acquiring device 11, and is configured to receive and analyze the first secure video frame to obtain a ciphertext video frame and a first message authentication code, request the acquiring device 11 to obtain a first key, and generate a second message authentication code based on the key video frame and the first key in response to receiving the first key; comparing the first message authentication code with the second message authentication code, and judging that the verification is passed if the first message authentication code is matched with the second message authentication code; or, for generating a third key; encrypting the plaintext video frame by using a third key to obtain a ciphertext video frame; the method comprises the following steps that a plaintext video frame is obtained from a collecting device; generating a fifth message authentication code based on the third key and the ciphertext video frame, and splicing the ciphertext video frame and the fifth message authentication code to generate a fourth safe video frame and storing the fourth safe video frame; responding to the calling of the fourth safe video frame, acquiring a third key generated by the receiving equipment, and analyzing the fourth safe video frame to obtain a ciphertext video frame and a fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed in response to the matching of the fifth message authentication code and the sixth message authentication code.
Referring to fig. 11, fig. 11 is a schematic structural diagram of a video data transmission system according to a second embodiment of the present invention.
In one embodiment, the transmission system of video data includes a capture device 11, a receiving device 12, and a management device 13.
The acquisition device 11 comprises a first channel 111 and a second channel 112. The capturing device 11 transmits the first secure video frame to the receiving device 12 via the first channel 111 and the first key to the receiving device 12 via the second channel 112. The second channel 112 may be connected to a security module (not shown) of the acquisition device 11, and the security module may improve security of the generation of the first key and/or the second key and the cryptography calculation process, improve reliability of transmission of the first key, and transmit a control instruction through the second channel 112, which is not described herein again.
Optionally, the receiving device 12 may include a security module (not shown) for generating the third key and the fourth key in the above embodiments, so as to implement separate enablement of the video data secure storage.
The management device 13 may be an optional security device according to a specific scenario, and is configured to generate, query, and manage the first key and/or the second key, and when the management device 13 generates the second key, generate, query, and manage a key identifier of the corresponding second key.
The specific operation of the video data transmission system is as described in the above embodiments, and will not be described herein again.
Referring to fig. 12, fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
In an embodiment, the electronic device 20 comprises a processor 21, and the processor 21 may also be referred to as a Central Processing Unit (CPU). The processor 21 may be an integrated circuit chip having signal processing capabilities. The processor 21 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor 21 may be any conventional processor or the like.
The electronic device 20 may further include a memory (not shown) for storing instructions and data required for the processor 21 to operate.
The processor 21 is arranged to execute instructions to implement a method of protection of video data as set out in any one of the embodiments above, or a method of encryption of video data as set out in any one of the embodiments above, or a method of verification of video data as set out in any one of the embodiments above.
Referring to fig. 13, fig. 13 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the invention.
In an embodiment, the computer readable storage medium 30 is used for storing instructions/program data 31, and the instructions/program data 31 can be executed to implement the protection method for video data as set forth in any one of the above embodiments, or the encryption method for video data as set forth in any one of the above embodiments, or the verification method for video data as set forth in any one of the above embodiments, which will not be described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are illustrative, e.g., a division of modules or units into one logical division, and an actual implementation may have another division, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product stored in a computer-readable storage medium 30, which includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method set forth in the embodiments of the present invention. And the aforementioned computer-readable storage medium 30 includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, a server, and other various media capable of storing program codes.
In addition, in the present invention, unless otherwise explicitly specified or limited, the terms "connected," "stacked," and the like are to be construed broadly, e.g., as being fixedly connected, detachably connected, or integrated; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (15)
1. A method for protecting video data, the method comprising:
the acquisition equipment generates a first secret key;
the acquisition equipment encrypts a plaintext video frame by using the first key to obtain a ciphertext video frame;
the acquisition equipment generates a first message authentication code based on the first secret key and the ciphertext video frame, and splices the ciphertext video frame and the first message authentication code to generate a first safe video frame;
receiving the first key and the first secure video frame from the acquisition device by receiving equipment, and analyzing the first secure video frame to obtain the ciphertext video frame and the first message authentication code;
the receiving device generates a second message authentication code based on the ciphertext video frame and the first key;
the receiving equipment compares the first message authentication code with the second message authentication code, and judges that the verification is passed if the first message authentication code is matched with the second message authentication code;
the receiving equipment encrypts the first key to obtain a key parameter combination; the key parameter combination is formed by splicing the key identifications of the first key ciphertext and the second key;
the receiving equipment splices the key parameter combination with the first secure video frame to generate and store a second secure video frame; the second secure video frame is formed by splicing the key parameter combination, the acquisition equipment identifier, the first message authentication code and the ciphertext video frame;
the receiving device parses the second secure video frame;
the receiving equipment acquires the second key based on the key identification of the second key obtained by analysis;
the receiving equipment decrypts the first key ciphertext by using the second key to obtain the first key;
the receiving device generates a third message authentication code by using the first key obtained by decryption, the acquisition device identifier obtained by analysis and the ciphertext video frame;
and the receiving equipment compares the third message authentication code with the first message authentication code obtained by analysis, and judges that the verification is passed if the third message authentication code is matched with the first message authentication code obtained by analysis.
2. The method of claim 1, wherein the generating a first message authentication code based on the first key and the ciphertext video frame comprises:
the acquisition equipment acquires an acquisition equipment identifier;
and the acquisition equipment performs abstract algorithm processing on the first secret key, the acquisition equipment identifier and the ciphertext video frame to generate the first message authentication code.
3. The method for protecting video data according to claim 2, wherein the generating a second message authentication code based on the ciphertext video frame and the first key comprises:
the receiving equipment acquires the acquisition equipment identification;
the receiving device performs digest algorithm processing on the ciphertext video frame, the acquisition device identifier and the first key to generate the second message authentication code; wherein a digest algorithm utilized to generate the second message authentication code matches a digest algorithm utilized to generate the first message authentication code.
4. The method for protecting video data according to claim 2 or 3, wherein the receiving device obtaining the capture device identifier comprises:
the acquisition equipment splices the acquisition equipment identification, the ciphertext video frame and the first message authentication code to generate the first safe video frame;
and the receiving equipment receives and analyzes the first safe video frame to obtain the acquisition equipment identification.
5. The method of claim 1, wherein the receiving device receiving the first key and the first secure video frame from the capture device comprises:
the acquisition equipment transmits the first secret key to the receiving equipment;
the capture device transmits the first secure video frame to the receiving device.
6. The method of claim 1,
the first key is a true random number.
7. The method for protecting video data according to claim 1, wherein said encrypting the first key to obtain a key parameter combination comprises:
the receiving device acquires the second key and the key identification of the second key generated by the self storage or management device; wherein the key identification of the second key is used for identifying the second key;
the receiving device encrypts the first key by using the second key to generate a first key ciphertext;
and the receiving equipment splices the first key ciphertext and the key identifier of the second key to generate the key parameter combination.
8. The method of claim 1, wherein the method further comprises:
the exporting equipment requests to acquire a third secure video frame;
the receiving equipment encrypts the first key by using the derived key to generate a second key ciphertext;
replacing the key parameter combination in the second secure video frame with the second key ciphertext by the receiving device to generate a third secure video frame;
the derivation device, in response to receiving the derived key, decrypts the second key ciphertext in the third secure video frame to obtain the first key; generating a fourth message authentication code based on the first key and the ciphertext video frame;
and the derivation equipment compares the fourth message authentication code with the first message authentication code, and judges that the verification is passed if the fourth message authentication code is matched with the first message authentication code.
9. The method for protecting video data according to any one of claims 1 or 8, wherein the method further comprises:
responding to the verification passing, and performing decryption processing on the ciphertext video frame; wherein the algorithm used to decrypt the ciphertext video frames matches the algorithm used to encrypt the plaintext video frames.
10. A method for protecting video data, the method comprising:
the receiving device generates a third key;
encrypting the plaintext video frame by using the third key to obtain a ciphertext video frame; the plaintext video frame is acquired from acquisition equipment;
generating a fifth message authentication code based on the third key and the ciphertext video frame;
the receiving equipment acquires an acquisition equipment identifier, and acquires a fourth key generated by the receiving equipment or the storage or management equipment and a key identifier of the fourth key; wherein the key identifier of the fourth key is used for identifying the fourth key and the source of the fourth key;
encrypting the third key by using the fourth key to generate a third key ciphertext;
splicing the key identification of the fourth key, the third key ciphertext, the acquisition equipment identification, the fifth message authentication code and the ciphertext video frame to generate a fourth safe video frame, and storing the fourth safe video frame;
parsing the fourth secure video frame in response to invoking the fourth secure video frame;
acquiring the fourth key based on the key identification of the fourth key obtained by analysis;
decrypting the third key ciphertext by using the fourth key to obtain a third key;
analyzing the fourth secure video frame to obtain the ciphertext video frame and the fifth message authentication code;
generating a sixth message authentication code by using the ciphertext video frame and the third key;
and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed if the fifth message authentication code is matched with the sixth message authentication code.
11. The method for protecting video data according to claim 10, wherein said generating a fifth message authentication code based on the third key and the ciphertext video frame comprises:
the receiving equipment acquires an acquisition equipment identifier;
and performing abstract algorithm processing on the third key, the acquisition equipment identifier and the ciphertext video frame to generate a fifth message authentication code.
12. The method for protecting video data according to claim 11, wherein said generating a sixth message authentication code using said ciphertext video frame and said third key comprises:
acquiring an acquisition equipment identifier;
and performing digest algorithm processing on the third secret key, the acquisition equipment identifier and the ciphertext video frame to generate a sixth message authentication code.
13. A system for transmitting video data, comprising:
the acquisition equipment is used for generating a first secret key; encrypting the plaintext video frame by using the first key to obtain a ciphertext video frame; generating a first message authentication code based on the first key and the ciphertext video frame, and splicing the ciphertext video frame and the first message authentication code to generate a first safe video frame; transmitting the first key and the first secure video frame to a receiving device;
the receiving equipment is in communication connection with the acquisition equipment and is used for receiving a first key and a first safe video frame from the acquisition equipment and analyzing the first safe video frame to obtain a ciphertext video frame and a first message authentication code; generating a second message authentication code by using the ciphertext video frame and the first key; comparing the first message authentication code with the second message authentication code, and judging that the verification is passed if the first message authentication code is matched with the second message authentication code; encrypting the first key to obtain a key parameter combination; the key parameter combination is formed by splicing the key identifications of the first key ciphertext and the second key; splicing the key parameter combination with the first safe video frame to generate a second safe video frame and storing the second safe video frame; the second secure video frame is formed by splicing the key parameter combination, the acquisition equipment identifier, the first message authentication code and the ciphertext video frame; parsing the second secure video frame; acquiring the second key based on the key identification of the second key obtained by analysis; decrypting the first key ciphertext by using the second key to obtain the first key; generating a third message authentication code by using the first key obtained by decryption, the acquisition equipment identifier obtained by analysis and the ciphertext video frame; comparing the third message authentication code with the first message authentication code obtained by analysis, and judging that the verification is passed if the third message authentication code is matched with the first message authentication code obtained by analysis;
or, generating a third key; encrypting the plaintext video frame by using the third key to obtain a ciphertext video frame; the plaintext video frame is acquired from acquisition equipment; generating a fifth message authentication code based on the third key and the ciphertext video frame, acquiring an acquisition device identifier, and acquiring key identifiers of a fourth key and a fourth key generated by a self storage or management device; wherein the key identifier of the fourth key is used for identifying the fourth key and the source of the fourth key; encrypting the third key by using the fourth key to generate a third key ciphertext; splicing the key identification of the fourth key, the third key ciphertext, the acquisition equipment identification, the fifth message authentication code and the ciphertext video frame to generate a fourth safe video frame, and storing the fourth safe video frame; parsing the fourth secure video frame in response to invoking the fourth secure video frame; acquiring the fourth key based on the key identification of the fourth key obtained by analysis; decrypting the third key ciphertext by using the fourth key to obtain a third key; analyzing the fourth secure video frame to obtain the ciphertext video frame and the fifth message authentication code; generating a sixth message authentication code by using the ciphertext video frame and the third key; and comparing the fifth message authentication code with the sixth message authentication code, and judging that the verification is passed if the fifth message authentication code is matched with the sixth message authentication code.
14. An electronic device, comprising:
a processor for executing instructions to implement the method of protecting video data of any of claims 1 to 9 or the method of protecting video data of any of claims 10 to 12.
15. A computer-readable storage medium for storing instructions/program data executable to implement the method of protecting video data of any one of claims 1-9, or the method of protecting video data of any one of claims 10-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210589634.XA CN114928756B (en) | 2022-05-27 | 2022-05-27 | Video data protection, encryption and verification method, system and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210589634.XA CN114928756B (en) | 2022-05-27 | 2022-05-27 | Video data protection, encryption and verification method, system and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114928756A CN114928756A (en) | 2022-08-19 |
| CN114928756B true CN114928756B (en) | 2023-03-17 |
Family
ID=82810125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210589634.XA Active CN114928756B (en) | 2022-05-27 | 2022-05-27 | Video data protection, encryption and verification method, system and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114928756B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2005201982A1 (en) * | 1999-09-30 | 2005-06-02 | Qualcomm Incorporated | Method and apparatus for encrypting transmissions in a communication system |
| JP2009239846A (en) * | 2008-03-28 | 2009-10-15 | Dainippon Printing Co Ltd | Data encryption decoding method, data encryption decoding system, data encryption apparatus, and data decoding apparatus |
| CN102013975A (en) * | 2010-06-29 | 2011-04-13 | 北京飞天诚信科技有限公司 | Secret key management method and system |
| CN105791277A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication method |
| CN108615155A (en) * | 2018-05-02 | 2018-10-02 | 飞天诚信科技股份有限公司 | A method of differentiating Transaction Information integrality |
| CN109714291A (en) * | 2017-10-25 | 2019-05-03 | 普天信息技术有限公司 | A kind of data transmission method and device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474908B (en) * | 2019-08-16 | 2022-04-05 | 广东省微位数字身份科技有限公司 | Transaction supervision method and device, storage medium and computer equipment |
| CN112953707A (en) * | 2019-12-11 | 2021-06-11 | 中兴通讯股份有限公司 | Key encryption method, decryption method, data encryption method and decryption method |
| CN112202754B (en) * | 2020-09-25 | 2022-11-15 | 中国建设银行股份有限公司 | Data encryption method and device, electronic equipment and storage medium |
| CN114095259B (en) * | 2021-11-23 | 2024-04-16 | 中国银行股份有限公司 | Authentication encryption and decryption device and method |
-
2022
- 2022-05-27 CN CN202210589634.XA patent/CN114928756B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2005201982A1 (en) * | 1999-09-30 | 2005-06-02 | Qualcomm Incorporated | Method and apparatus for encrypting transmissions in a communication system |
| JP2009239846A (en) * | 2008-03-28 | 2009-10-15 | Dainippon Printing Co Ltd | Data encryption decoding method, data encryption decoding system, data encryption apparatus, and data decoding apparatus |
| CN102013975A (en) * | 2010-06-29 | 2011-04-13 | 北京飞天诚信科技有限公司 | Secret key management method and system |
| CN105791277A (en) * | 2016-02-26 | 2016-07-20 | 浙江维尔科技股份有限公司 | Identity authentication method |
| CN109714291A (en) * | 2017-10-25 | 2019-05-03 | 普天信息技术有限公司 | A kind of data transmission method and device |
| CN108615155A (en) * | 2018-05-02 | 2018-10-02 | 飞天诚信科技股份有限公司 | A method of differentiating Transaction Information integrality |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114928756A (en) | 2022-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11743726B2 (en) | Access method and system of internet of things equipment based on 5G, and storage medium | |
| CN111835511A (en) | Data security transmission method and device, computer equipment and storage medium | |
| CN109067814B (en) | Media data encryption method, system, device and storage medium | |
| CN113014539B (en) | Internet of things equipment safety protection system and method | |
| US10341305B2 (en) | Encrypted communications method and communications terminal, and computer storage medium | |
| JP2005012732A (en) | Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium | |
| CN110891061B (en) | Data encryption and decryption method and device, storage medium and encrypted file | |
| CN112823503B (en) | Data access method, data access device and mobile terminal | |
| CN109274644A (en) | A kind of data processing method, terminal and watermark server | |
| CN112653556B (en) | TOKEN-based micro-service security authentication method, device and storage medium | |
| CN108848413B (en) | System, method and device for preventing video from replay attack and storage medium | |
| CN111741268B (en) | Video transmission method, device, server, equipment and medium | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| WO2018227471A1 (en) | Secure processing method and apparatus for biometric feature data, sensor, and terminal device | |
| CN113722741A (en) | Data encryption method and device and data decryption method and device | |
| US9756044B2 (en) | Establishment of communication connection between mobile device and secure element | |
| CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN114928756B (en) | Video data protection, encryption and verification method, system and equipment | |
| CN109218009B (en) | Method, client and server for improving equipment ID security | |
| US20220345292A1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| CN114915503A (en) | Data stream splitting processing encryption method based on security chip and security chip device | |
| US20220284112A1 (en) | System and method for securely transferring data | |
| CN111127014B (en) | Transaction information processing method, server, user terminal, system and storage medium | |
| JP2003348069A (en) | Method and device for distributing contents, storage medium and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |