CN118338045A - Video code stream encryption method, video code stream decryption method and related devices - Google Patents

Video code stream encryption method, video code stream decryption method and related devices Download PDF

Info

Publication number
CN118338045A
CN118338045A CN202410045712.9A CN202410045712A CN118338045A CN 118338045 A CN118338045 A CN 118338045A CN 202410045712 A CN202410045712 A CN 202410045712A CN 118338045 A CN118338045 A CN 118338045A
Authority
CN
China
Prior art keywords
encrypted
code stream
stream data
encryption
data units
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410045712.9A
Other languages
Chinese (zh)
Inventor
江东
林聚财
张雪
方诚
彭双
殷俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Publication of CN118338045A publication Critical patent/CN118338045A/en
Pending legal-status Critical Current

Links

Abstract

The application discloses a video code stream encryption method, a video code stream decryption method and related devices. The video code stream encryption method comprises the following steps: encoding the video to obtain video code stream data; and aggregating the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data, and then performing encryption processing to obtain an encrypted code stream. The application can reduce the time expenditure of encryption and decryption.

Description

Video code stream encryption method, video code stream decryption method and related devices
Technical Field
The present application relates to the field of video encoding and decoding technologies, and in particular, to a video code stream encryption method, a video code stream decryption method, and related devices.
Background
The video image data size is relatively large, and video pixel data (RGB, YUV, etc.) is usually required to be compressed, and the compressed data is called a video code stream, and the video code stream is transmitted to a user terminal through a wired or wireless network and then decoded and watched. The whole video coding flow comprises the processes of block division, prediction, transformation, quantization, coding and the like.
After video encoding, in order to improve the security of the video code stream, encryption and decryption processing can be performed on the code stream data. However, the existing code stream encryption and decryption methods have some defects, for example, the encryption and decryption time cost is high.
Disclosure of Invention
The application provides a video code stream encryption method, a video code stream decryption method and related devices, which can reduce encryption and decryption time expenditure.
In order to achieve the above object, the present application provides a video stream encryption method, which includes:
Encoding the video to obtain video code stream data;
And aggregating the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data, and then performing encryption processing to obtain an encrypted code stream.
In order to achieve the above objective, the present application further provides a video code stream decryption method, which includes:
Aggregating and decrypting the encrypted data of at least two encrypted code stream data units in the encrypted code stream to obtain an aggregate content original text;
Splitting the aggregate content original text to obtain encrypted content original text of the at least two encrypted code stream data units;
And merging the encrypted content original text and the non-encrypted content of each encrypted code stream data unit to obtain a decryption result of each encrypted code stream data unit.
To achieve the above object, the present application also provides an electronic device including a processor and a memory connected to each other, the memory being configured to store a program, the processor being configured to execute the program to implement the steps of the above-described method.
To achieve the above object, the present application also provides a computer-readable storage medium storing a program capable of being executed to implement the above method.
The application provides a code stream encryption method, which is used for carrying out encryption processing on the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data after video coding is carried out to obtain video code stream data so as to obtain an encryption code stream, and therefore, the at least two code stream data units only need to be called for one-time encryption and decryption module, the total time consumption of the encryption and decryption tool can be effectively saved, and the time cost of encrypting and decrypting the video code stream is reduced.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a flow chart of a related art code stream encryption and decryption method;
FIG. 2 is a schematic diagram of tree type digest in a related art code stream encryption method;
FIG. 3 is a flowchart illustrating an embodiment of a video bitstream encryption method according to the present application;
FIG. 4 is a flowchart illustrating an embodiment of a video bitstream encryption method according to the present application;
FIG. 5 is a schematic diagram illustrating an embodiment of a video bitstream encryption method according to the present application;
FIG. 6 is a schematic diagram of another embodiment of a video bitstream encryption method according to the present application;
FIG. 7 is a schematic diagram of a video bitstream encryption method according to another embodiment of the present application;
FIG. 8 is a schematic diagram of a video bitstream encryption method according to another embodiment of the present application;
FIG. 9 is a schematic diagram of another embodiment of a video bitstream encryption method according to the present application;
FIG. 10 is a flowchart illustrating an embodiment of a video bitstream decryption method according to the present application;
FIG. 11 is a schematic diagram of an embodiment of an electronic device of the present application;
fig. 12 is a schematic diagram of a computer-readable storage medium according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application. In addition, the term "or" as used herein refers to a non-exclusive "or" (i.e., "and/or") unless otherwise indicated (e.g., "or otherwise" or in the alternative "). Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments may be combined with one or more other embodiments to form new embodiments.
The main process of encrypting and decrypting the code stream in the related art is shown in fig. 1.
The encryption process comprises the following steps:
(1) The encoder periodically randomly generates 128bit VEK.
(2) And reading RBSP data of the coded slice NAL to be encrypted.
(3) And (3) when the following conditions are met, the current VEK is disabled, a new VEK is activated, and otherwise, the current VEK is continuously used.
The RBSP is the first slice data at the start of the GOP;
new VEKs are available.
(4) The encoder randomly generates a 128bit IV.
(5) The flow key is generated using the VEK and IV using the OFB mode of the agreed block encryption algorithm.
(6) And the encryption stream key and the code slice RBSP data to be encrypted are aligned according to the bit, and the exclusive OR operation is carried out to obtain the encrypted code slice RBSP data.
(7) VCL NAL encapsulating this encrypted RBSP, encryption_idc=1.
(8) If a new VEK is activated or a new IV is used, the security extension information NAL should be encapsulated and output prior to this VCL NAL.
The decryption process specifically comprises the following steps:
(1) Ciphertext of IV and VEK is obtained from the security parameter set NAL and is marked as E (VEK), and the E (VEK) is decrypted by VKEK to obtain VEK.
(2) And reading the code slice RBSP data to be decrypted.
(3) And (3) when the following conditions are met, the current VEK is disabled, a new VEK is activated, and otherwise, the current VEK is continuously used.
The RBSP is the first slice data at the start of the GOP;
new VEKs are available.
(4) The flow key is generated using the VEK and IV using the OFB mode of the agreed block encryption algorithm.
(5) And the decryption stream key and the code slice RBSP data to be decrypted are aligned according to the bit, and the exclusive OR operation is carried out to obtain the decrypted code slice RBSP data.
The related art security parameter set sentence method is specifically shown in table 1:
TABLE 1 schematic table of the definition of the security parameter set RBSP
Wherein the encryption_flag in table 1 is an encryption flag. The encryption flag may be a binary variable; a value of '1' indicates that encryption of the display image encoding slice, the display image sequence parameter set, the display image parameter set, the non-display knowledge image encoding slice, the knowledge image sequence parameter set, the knowledge image parameter set and/or the extension data unit is supported, i.e. RBSPs in the NAL unit may be encrypted; a value of '0' indicates that encryption of RBSPs in the NAL unit is not supported.
The authentication_flag in table 1 is an authentication flag. The authentication mark may be a binary variable; the value of '1' indicates that an access unit supporting authentication of an entire frame image, the NAL unit for authentication includes a coded slice displaying an image or a knowledge image, and a sequence parameter set, an image parameter set, a security parameter set, and an extension data unit transmitted at the frame. When authentication of the data content is supported, absolute time extension information must be carried in the encoded bit stream, and authentication data carried in the encoded bit stream should be Base64 encoded. Authentication data is transmitted through NAL units having nal_unit_type equal to 10. If there are NAL units with authentication_idc equal to 1 and nal_unit_type equal to 0-9, 12,14,17 and 18 in an access unit, hash calculation is performed once after NAL units with authentication_idc equal to 1 in the access unit are arranged in decoding order, and digest data of the access unit is generated. an authentication_flag equal to 0 indicates that authentication of the encoded video sequence is not supported, and NAL units having nal_unit_type equal to 10 should not be included in the encoded video sequence. If authentication_flag is 1 and encryption_flag is 1, that is, the current coded video sequence supports both encryption and authentication, it should be encrypted and then authenticated, that is, the data used for authentication should be an encrypted NAL unit.
The encryption_type in table 1 is an encryption type. The encryption type may be a 4-bit unsigned integer, which may be used to indicate the algorithm used for encryption, and the specific correspondence may be seen in table 2.
Table 2 correspondence between encryption type and specific encryption algorithm
Value of encryption_type Encryption algorithm
0 SM1
1 SM4
2~15 Reservation of
Vek _flag in table 1 is a video encryption key flag. The video encryption key flag may be a binary variable; a value of '1' indicates carry vek and a value of '0' indicates no carry vkek.
Iv_flag in table 1 is an initial vector flag. The initial vector indicator may be a binary variable; a value of '1' indicates carrying iv and a value of '0' indicates not carrying iv.
Vek _encryption_type in table 1 is a video encryption key encryption type. The video encryption key encryption type may be a 4-bit unsigned integer, which is used to indicate the encryption type of the video encryption key, and the specific correspondence may be the same as the correspondence in table 2.
Evek _length_minus1 in table 1 is the encrypted video encryption key length. The encrypted video encryption key length may be an 8-bit unsigned integer that indicates the encrypted video encryption key length in bytes.
Evek in table 1 is the encrypted video encryption key. The encrypted video encryption key may be an n-bit unsigned integer that is used to represent the encrypted video encryption key for encryption calculations and has a length evek length minus1 plus 1 byte.
Vkek _version length_minus1 in table 1 may be the video encryption key version number length. The video encryption key version number may be an 8-bit unsigned integer that indicates the video encryption key version number length in bytes.
Vkek _version in table 1 is the video encryption key version number. The video encryption key version number may be an n-bit unsigned integer that indicates the video encryption key version number, which is vkek _version_length_minus1 plus 1 byte in length.
Iv_length_minus1 in table 1 is the initial vector length. The initial vector length may be an 8-bit unsigned integer that is used to indicate the initial vector length in bytes.
Iv in table 1 is an initial vector (the initial vector is the second key described above), which may be an n-bit unsigned integer, which is used to indicate the initial vector, and is used for packet encryption, and the length is iv_length_minus1 plus 1 byte.
Hash_type in table 1 is a hash type. The hash type may be a 2-bit unsigned integer, which is used to indicate the algorithm used for authentication, and the specific correspondence is shown in table 3.
TABLE 3 correspondence of hash types to specific algorithms
Value of hash_type Authentication algorithm Summary data length (bytes)
0 SM3 32
1~3 Reservation of Reservation of
The hash_discard_non_output_library_pictures_flag in table 1 is a non-display knowledge image hash authentication flag. The non-display knowledge image hash authentication mark can be a binary variable, and a value of '1' indicates that the non-display knowledge image is not authenticated; equaling 0 means that the non-displayed knowledge image is authenticated. The authentication mode of the non-display knowledge image is that only the digest data of the image is digitally signed to obtain authentication data. If hash_discard_library_pictures are not in the bitstream, default its value is equal to 1. Authentication idc for each NAL unit in an image that is not authenticated should be equal to 0.
The hash_discard_pb_pictures_flag in table 1 is a P/B frame hash authentication flag. The P/B frame hash authentication flag may be a binary variable whose value of '1' indicates that no authentication is performed on other images than the random access point image and the knowledge image; equaling 0 means that other images than the random access point image and the knowledge image are authenticated. If hash_discard_pb_pictures are not in the stream, default its value is equal to 1. Authentication idc for each NAL unit in an image that is not authenticated should be equal to 0.
Successive _hash_pictures_minus1 in table 1 is the number of consecutive authentication image frames. The number of consecutive authentication image frames may be an 8-bit unsigned integer representing the number of consecutive display images or knowledge picture slices digitally signed in decoding order, and these consecutive display consecutive images or knowledge picture slices are limited to one random access image or RLI frame image interval. successive _hash_pictures_minus1 should have a value of 0 to 255.
Wherein SuccessiveHashPictures = successive _hash_pictures_minus1+1.
If successive _hash_pictures_minus1 is equal to 0, the digest data of each authenticated display image or knowledge-image slice is digitally signed.
If successive _hash_pictures_minus1 is larger than 0, tree digest data is first generated for digest data of SuccessiveHashPictures display images or knowledge picture slices that are consecutive in decoding order, and then digital signature is performed on the tree top digest data. As shown in fig. 2, the tree top digest data of n images is digest data generated by a method shown as hash_type after the tree top digest data of the first n-1 images and the digest data of the nth image are arranged.
Note that: the first authenticated image after activation of the security parameter set should be the first of SuccessiveHashPictures consecutive images. One random access image should be the first of SuccessiveHashPictures consecutive images. If the display image and the display knowledge image which are authenticated in one random access image or RLIDR image interval are insufficient SuccessiveHashPictures, the summary data corresponding to the signature data of the display image and the display knowledge image is summary data of all the display images and the display knowledge images contained in the random access image or RLIDR image interval.
The signature_type in table 1 is a digital signature type. The digital signature type may be a 2-bit unsigned integer that indicates an algorithm for digitally signing digest data of an image, as shown in table 4.
TABLE 4 correspondence of digital signature types to specific encryption algorithms
Value of signature_type Signature algorithm
0 SM2
1~3 Reservation of
Signature_fmt in table 1 is the signature data format. The signature data format may be a 2-bit unsigned integer indicating the signature data format, and a specific definition of the correspondence between the meaning of the signature_fmt value and the signature_type syntax is shown.
TABLE 5 correspondence of signature data formats to specific syntactic valuations
Note that: r|S represents the result of direct concatenation of ciphertext R and S output by the SM2 encryption algorithm, and the specific reference standard is part 1 of the GM/T0003.1-2012 SM2 elliptic curve public key cryptography algorithm: general rule 4.2.2 conversion of integers to byte strings, and GM/T0003.2-2012 SM2 elliptic curve public key cryptography algorithm part 2: digital signature algorithm 6.1 digital signature generation algorithm.
Asn.1der coding is a coding system for the tag, length and value of each element, specifically referring to the standard GM/T0009-2012 SM2 cryptographic algorithm using the specification, 7.3 signature data format.
Camera idc in table 1 is a camera certificate identification. The camera certificate identification may be a 152-bit string, which may indicate the certificate identification of the camera from which the image originated.
Camera_id in table 1 is a camera identification. The camera identification may be a 152 bit string that may be used to indicate the camera ID of the source of the image.
NAL syntax semantics in the related art are shown in Table 6.
Table 6 NAL syntax schematic table
Here, encryption_idc in table 6 is an encryption flag, which is a binary variable that may indicate whether a NAL unit is encrypted. A value of '0' indicates that the RBSP (Raw Byte Sequence Payload, original data byte sequence) in the NAL unit is not encrypted, a value of '1' indicates that the RBSP in the NAL unit is encrypted with the encryption method specified in the security parameter set, and the last byte of the RBSP is not encrypted.
Authentication idc in table 6 is an authentication flag, which may be a binary variable, which may represent whether a NAL unit is authenticated. A value of '0' indicates that the NAL unit is not authenticated, a value of '1' indicates that the NAL unit is authenticated with the authentication method specified in the security parameter set, and absolute time extension information must be carried in the encoded bitstream for identifying the authentication time.
In the related art, the encryption and decryption method encrypts RBSP in NAL at NAL level, so that each NAL unit marked as encrypted needs to be called with an encryption and decryption module once, and the time expenditure brought by calling the encryption and decryption tool is larger for the whole video code stream.
Based on the above, the application provides a code stream encryption method, after video is encoded to obtain video code stream data, the code stream encryption method aggregates the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data and then carries out encryption processing to obtain an encryption code stream, so that the at least two code stream data units only need to be called for one encryption and decryption module, the total call time of an encryption and decryption tool can be effectively saved, and the time cost of encrypting and decrypting the video code stream is reduced. Illustratively, the selected number of NAL units to be encrypted may be encrypted, the RBSPs thereof may be extracted and then encrypted together (referred to as aggregation encryption in this disclosure), and after encryption is completed, the encrypted data may be split according to the encryption length of each encrypted RBSP, and then the encrypted data may be re-spliced back into the respective NAL units to form respective final encrypted NAL units. Therefore, the encryption and decryption module only needs to be called once for a plurality of NAL units, and the calling time can be effectively saved.
Specifically, as shown in fig. 3, the above-described code stream encryption method may include the following steps. It should be noted that the following step numbers are only for simplifying the description, and are not intended to limit the execution order of the steps, and the steps of this embodiment may be arbitrarily replaced without departing from the technical idea of the present application.
S110: and encoding the video to obtain video code stream data.
S120: and aggregating the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data, and then performing encryption processing to obtain an encrypted code stream.
After video is encoded to obtain video code stream data, the content to be encrypted in at least two code stream data units to be encrypted in the video code stream data can be aggregated and then encrypted to obtain an encrypted code stream.
The code stream data unit of the present application may be a NAL (Network Abstract Layer, network abstraction layer) unit, or may be another kind of code stream data unit, which is not limited herein.
It will be appreciated that for a code stream data unit, encryption processing may or may not be performed, and the configuration may be specifically performed according to the actual situation, which is not limited herein. As for the code stream data unit that needs to be encrypted, since it needs to be encrypted, it can participate in the above-described process of aggregation and then encryption as the code stream data unit to be encrypted. In contrast, since the code stream data unit that does not need to be encrypted, the code stream data unit to be encrypted does not participate in the above-described process of performing encryption after aggregation.
In an implementation manner, as shown in fig. 4, the step of aggregating the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data to obtain the encrypted code stream may include: aggregating contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data to obtain aggregated contents; enabling an encryption and decryption module to encrypt the aggregated content to obtain encrypted content; splitting the encrypted content according to the data quantity of the to-be-encrypted content of at least two to-be-encrypted code stream data units to obtain the encrypted data of each to-be-encrypted code stream data unit in the at least two to-be-encrypted code stream data units; the encryption data and the non-encryption data of each code stream data unit to be encrypted are spliced to obtain the encryption code stream units of each code stream data unit to be encrypted, so that the encryption and decryption modules can be mobilized only once for a plurality of code stream data units, and the calling time can be effectively saved.
In an embodiment of this implementation manner, in the process of enabling the encryption and decryption module to encrypt the aggregated content, encryption processes of contents belonging to different code stream data units in the aggregated content are mutually independent, that is, in the process of enabling the encryption and decryption module to encrypt the aggregated content, when the content of one of the code stream data units in the aggregated content is encrypted, contents of other code stream data units in the aggregated content do not participate in calculation, so that contents corresponding to different code stream data units in the encrypted content are mutually independent, and can be decoded respectively in subsequent decoding. In this embodiment, splitting the encrypted content according to the data amount of the content to be encrypted of at least two code stream data units to be encrypted may refer to: and splitting the contents corresponding to different code stream data units in the encrypted contents subjected to encryption processing to obtain the encrypted data corresponding to each code stream data unit. In this embodiment, for the decoding end, the decoding end may decode the encrypted data corresponding to each code stream data unit separately, and the decoding end may also aggregate the encrypted data of at least two code stream data units encrypted by the encoding end and then decode the encrypted data.
Of course, in other embodiments of this implementation manner, in the process of enabling the encryption and decryption module to encrypt the aggregated content, encryption processes of contents belonging to different code stream data units in the aggregated content are not mutually independent, that is, when encrypting the content of one of the code stream data units in the aggregated content, the contents of other code stream data units in the aggregated content may participate in calculation; when decrypting, the encrypted data of at least two code stream data units which are encrypted by the encoding end can be aggregated and then decoded, so that the aggregated content original text of the encrypted content of the corresponding at least two code stream data units to be decrypted can be obtained, and then the aggregated content original text is split, so that the encrypted content original text of the corresponding at least two code stream data units to be decrypted can be obtained. Optionally, splitting the encrypted content according to the data size of the content to be encrypted of the at least two code stream data units to be encrypted according to the present application may refer to: taking the content of the data quantity of the to-be-encrypted content of each to-be-encrypted code stream data unit from the encrypted content as the encrypted data of each to-be-encrypted code stream data unit; or taking the content of the preset proportion of each code stream data unit to be encrypted from the encrypted content as the encrypted data of each code stream data unit to be encrypted, wherein the preset proportion of each code stream data unit to be encrypted is equal to the ratio of the data quantity of the content to be encrypted in each code stream data unit to be encrypted to the data quantity of the aggregated content.
In another implementation manner, the step of aggregating the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data and performing encryption processing to obtain an encrypted code stream may include: aggregating contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data to obtain aggregated contents; enabling an encryption and decryption module to encrypt the aggregated content to obtain encrypted content; splitting the encrypted content according to the data quantity of the to-be-encrypted content of at least two to-be-encrypted code stream data units to obtain at least one encrypted data; and splicing at least one piece of encrypted data with at least part of non-encrypted data of the code stream data unit to be encrypted in a one-to-one correspondence manner to obtain at least part of encrypted code stream data units of the code stream data unit to be encrypted, so that the encryption and decryption module can be mobilized only once for a plurality of code stream data units, and the calling time can be effectively saved. And when decrypting, at least one encrypted data is taken out from at least part of the code stream data units to be decrypted and is then decoded, so that the corresponding aggregated content originals of the encrypted contents of at least two code stream data units to be decrypted can be obtained, and then the aggregated content originals are split, so that the corresponding encrypted content originals of at least two code stream data units to be decrypted can be obtained.
The step of aggregating the content to be encrypted in the at least two code stream data units to be encrypted in the video code stream data may be: and splicing the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data. The splicing order of the content to be encrypted in the at least two code stream data units to be encrypted is not limited, for example, the content to be encrypted in the at least two code stream data units to be encrypted may be the arrangement order of the code stream data units to which the content to be encrypted belongs, or the content to be encrypted in the at least two code stream data units to be encrypted may not be the arrangement order of the code stream data units to which the content to be encrypted belongs.
Optionally, in an implementation method, in step S102, a plurality of code stream data units may be selected from the video code stream data, and then, after the contents to be encrypted of all the code stream data units to be encrypted in the plurality of code stream data units are directly aggregated, encryption processing is performed, so as to obtain encrypted code stream units of the selected plurality of code stream data units, so as to obtain an encrypted code stream.
In other implementations, a plurality of code stream data units may be selected from the video code stream data, and then all of the code stream data units to be encrypted in the plurality of code stream data units are classified to obtain at least one set; and (3) aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain an encrypted code stream unit of at least one code stream data unit in each set so as to obtain an encrypted code stream.
The selection range of the plurality of code stream data units is not limited.
In the related art, the smallest basic unit in the code stream is the NAL unit, and the related art also encrypts and decrypts according to a single NAL unit, but in order to reduce the calling times of an encryption and decryption module, the application selects at least 2 NAL units for aggregation encryption and decryption. Considering that aggregation encryption and decryption is equivalent to binding multiple NAL units together, the flexibility of partial encoding and decoding may be reduced, for example, two NAL units are aggregated together to generate a code stream, and then the decoding end cannot independently decrypt and decode one of the NAL units. Therefore, the relation between the flexibility of encoding and decoding and the calling times of the encryption and decryption module needs to be measured for selecting which NAL units are aggregated for encryption and decryption together.
In the first implementation manner, all code stream data units to be encrypted corresponding to one security parameter set are used as a plurality of selected code stream data units, and then aggregation encryption is performed on the plurality of selected code stream data units through the implementation method to obtain an encrypted code stream. In a specific example, the encryption processing may be performed after the content to be encrypted in all the code stream data units to be encrypted corresponding to one security parameter set is aggregated, so as to obtain the encrypted code stream. In another specific example, all code stream data units to be encrypted corresponding to one security parameter set may be classified to obtain at least one set; and (3) aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain an encrypted code stream unit of at least one code stream data unit in each set so as to obtain an encrypted code stream.
In a second implementation, the adjacent or non-adjacent first number of code stream data units may be used as the selected plurality of code stream data units, and then the selected plurality of code stream data units are aggregated and encrypted by the implementation method to obtain the encrypted code stream. In a specific example, the content to be encrypted in the adjacent first number of code stream data units may be aggregated and then encrypted to obtain an encrypted code stream. In another specific example, a first number of adjacent code stream data units may be selected, and then the selected first number of adjacent code stream data units are classified to obtain at least one set; and (3) aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain an encrypted code stream unit of at least one code stream data unit in each set so as to obtain an encrypted code stream. The first number may be set according to practical situations, and is not limited herein. The first number is greater than or equal to 2.
In a third implementation manner, the second number of code stream data units may be separated every second number, the third number of code stream data units may be selected until the fourth number of code stream data units is selected, so that the selected fourth number of code stream data units are used as the selected plurality of code stream data units, and then the selected plurality of code stream data units are aggregated and encrypted by the implementation method to obtain the encrypted code stream. In a specific example, the content to be encrypted in the selected fourth number of code stream data units may be aggregated and then encrypted to obtain an encrypted code stream. In another specific example, the second number of code stream data units may be spaced apart, the third number of code stream data units may be selected until the fourth number of code stream data units is selected, and then the selected fourth number of code stream data units may be classified to obtain at least one set; and (3) aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain an encrypted code stream unit of at least one code stream data unit in each set so as to obtain an encrypted code stream. The second number, the third number, and the fourth number may be set according to actual situations, and are not limited herein. The fourth number is greater than or equal to 2.
In a fourth implementation, at least part of the code stream data units of the adjacent or non-adjacent fifth number of AUs (access units) may be used as the selected plurality of code stream data units, and then the selected plurality of code stream data units are aggregated and encrypted by the implementation method to obtain the encrypted code stream. In a specific example, all the code stream data units to be encrypted of the adjacent fifth number of AUs may be aggregated and then subjected to encryption processing to obtain an encrypted code stream. In another specific example, all code stream data units to be encrypted of the adjacent fifth number of AUs may be classified to obtain at least one set; and (3) aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain an encrypted code stream unit of at least one code stream data unit in each set so as to obtain an encrypted code stream. The fifth number may be set according to practical situations, and is not limited herein, and for example, the fifth number may be 1,2, or 3.
Wherein an AU is a group of NAL units associated with each other according to a specified rule and is consecutive in decoding order. Generally speaking, AU refers to the aggregation of all NAL units closely related to a frame of image content, and may include SPS, PPS, and SEI related NAL related to the image itself, in addition to the frame of image content itself. In particular, for the case of knowledge image slice transmission, one knowledge image slice is also one AU.
Preferably, part or all of NAL units needing encryption and decryption inside one AU are selected for aggregation encryption and decryption. Because the AU generally mainly contains the information closely related to the content of a frame of image, in most applications, a frame of image is generally the smallest application unit, so that no influence is caused on the flexibility of encoding and decoding, and a plurality of NAL units in the AU are aggregated together for encryption and decryption, and the call times of an encryption and decryption module can be reduced. In a specific example, after aggregation, encryption is performed on some or all NAL units that need to be encrypted and decrypted inside an AU, and a total of 4 NAL units inside an AU are assumed, where two units of NAL0 and NAL3 need to be encrypted and decrypted, as shown in diagonal filling boxes in fig. 5, by using the method of this embodiment, encryption is performed after aggregation of information to be encrypted in NAL0 and NAL3, and accordingly, during decryption, aggregation decryption may be performed on information to be decrypted in NAL0 and NAL 3. In another specific example, part or all of the NAL units that need to be encrypted and decrypted inside an AU are selected for aggregation and encryption and decryption, and these polymerizable NAL units are divided into at least one class, where each class is aggregated, as shown in fig. 6, and all the NAL units that need to be encrypted and decrypted inside an AU are aggregated and encrypted together, but they need to be divided into two classes, where one class is a NAL unit that must be used for decoding the image (may also be referred to as a necessary NAL unit for decoding the image, i.e., one NAL unit is missing and cannot successfully decode the image), such as SPS, PPS, PH, a coded slice, etc., and another class is a NAL unit that is not necessary for decoding the image (may also be referred to as a non-necessary NAL unit for decoding the image), such as monitoring extension information, supplemental enhancement information, etc., assuming that the total number of NAL units inside the AU is 4, and encryption and decryption are all required, as shown by the diagonal filling boxes in fig. 6. NAL 0-NAL 2 represent PPS, PH and coded slice NAL units respectively, which are NAL units necessary for decoding images; NAL3 represents supplemental enhancement information related to the frame picture and is not a NAL unit necessary for decoding. Therefore, NAL 0-NAL 2 together aggregate encryption and decryption, as shown by the dotted line frame in FIG. 6, NAL3 is independently encrypted and decrypted.
Of course, in other embodiments, at least part of the code stream data units to be encrypted of at least two AUs may be aggregated, encrypted and decrypted. In a specific example, as shown in fig. 7, all NAL units that need to be encrypted and decrypted in two adjacent AUs may be aggregated together for encryption and decryption. As shown in the diagonal line filling box in fig. 7, NAL3 in AU0 needs to be encrypted and decrypted, and NAL0 and NAL1 in AU1 need to be encrypted and decrypted, so that NAL3 in AU0 and NAL1 and NAL2 in AU1 are aggregated together for encryption and decryption.
In a fifth implementation, at least part of the code stream data units of the sixth LU (layer unit) that are adjacent or non-adjacent may be used as the selected plurality of code stream data units, and then the selected plurality of code stream data units are aggregated and encrypted by the implementation method to obtain the encrypted code stream. In a specific example, all the code stream data units to be encrypted of the adjacent sixth LU may be aggregated and then subjected to encryption processing to obtain an encrypted code stream. In another specific example, all of the code stream data units to be encrypted of the adjacent sixth number of LU may be classified to obtain at least one set; and (3) aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain an encrypted code stream unit of at least one code stream data unit in each set so as to obtain an encrypted code stream. The sixth number may be set according to practical situations, and is not limited herein, and for example, the sixth number may be 1,2, or 3.
Preferably, part or all of the NAL units that need to be encrypted and decrypted inside one LU can be selected for aggregation encryption and decryption, and the polymerizable NAL units are divided into at least one class, and each class is aggregated. The LU is NAL unit with the same layer_id value associated with each other according to a specified rule, and is consecutive in decoding order. In some application scenarios, layered coding is performed, for example, to acquire different resolution code streams of the same image or different quality code streams at the same time, so that the coded code streams with different resolutions or different qualities are transmitted by multiple layers, and different layer_ids represent different layers. All LU's of the same image content belong to a part of the same AU. Thus, LU is a unit smaller than AU, and in case of layered coding, one AU will include at least 2 LU, but all correspond to the related content of the same image, except that different LU represents frames of different resolution, or frames of different quality, etc. generated after the same image is coded. Therefore, an LU also contains information about the content of a frame, and in most applications, a frame is generally the smallest application unit, so there is no impact on the codec flexibility.
In a specific example, after aggregation, encryption is performed on some or all of the NAL units that need to be encrypted and decrypted in an LU, and it is assumed that a total of 4 NAL units are in an LU, as shown in the diagonal line filling box in fig. 8, NAL1 and NAL2 in LU0 need to be encrypted and decrypted, and NAL0 and NAL1 in LU1 need to be encrypted and decrypted; therefore, NAL1 and NAL2 in LU0 are aggregated together for encryption and decryption; NAL0 and NAL1 in LU1 are aggregated together for encryption and decryption. Accordingly, during decryption, the information to be decrypted in NAL1 and NAL2 in LU0 may be subjected to aggregation decryption, and NAL0 in LU1 and the information to be decrypted in NAL1 may be subjected to aggregation decryption. In another specific example, part or all of the NAL units that need to be encrypted and decrypted inside one LU are selected for aggregation encryption and decryption, and the polymerizable NAL units are divided into at least one class, and each class is subjected to aggregation encryption.
Of course, in other embodiments, at least part of the code stream data units to be encrypted of at least two LU may be aggregated, encrypted and decrypted. In a specific example, NAL units that need to be encrypted and decrypted in LU0 are classified into one type for aggregation encryption and decryption, and NAL units that need to be encrypted and decrypted in other LU are classified into one type for encryption and decryption. Specifically, as shown in the diagonal line filling box in fig. 9, NAL0 and NAL1 in LU0 to LU2 need encryption and decryption, so NAL0 and NAL1 in LU0 are aggregated together for encryption and decryption; all NAL0 and NAL1 in LU1 and LU2 are aggregated together for encryption and decryption.
It will be appreciated that the manner of selection and the content of selection of the information to be encrypted is not limited for a unit of code stream data to be encrypted. For example, assuming that one code stream data unit to be encrypted is a NAL unit, all bytes except the last byte of the RBSP in the NAL unit may be taken as the information to be encrypted of the NAL unit, all bytes of the RBSP in the NAL unit may be taken as the information to be encrypted of the NAL unit, or a preset number of bytes starting from a starting position in the RBSP in the NAL unit may be taken as the information to be encrypted of the NAL unit, wherein the starting position and the preset number may be set according to the actual situation, no limitation is made herein, or at least part of even-bit bytes in the RBSP in the NAL unit may be taken as the information to be encrypted of the NAL unit, or at least part of odd-bit bytes in the RBSP in the NAL unit may be taken as the information to be encrypted of the NAL unit, or a preset proportion of contents in the RBSP in the NAL unit may be taken as the information to be encrypted of the NAL unit … …
It can be understood that when the video stream data is encrypted by the video stream encryption method (i.e., the aggregate encryption and decryption method) according to this embodiment, the relevant syntax of the encryption and decryption method may be transmitted, for example, the relevant scheme selection syntax is written into the security parameter set, so that the decoding end knows which encryption and decryption method is used by the encoding end to encrypt at least part of the stream data units in the video stream data.
Under the condition that only one encryption and decryption method can be used, the scheme selection syntax related to the encryption and decryption mode can not be transmitted, and the decoding end can only use the encryption and decryption method to encrypt and decrypt the video code stream data. Of course, in some embodiments, if only one encryption and decryption method is set, the scheme selection syntax related to the encryption and decryption method may be transmitted.
Under the condition that a plurality of encryption and decryption methods can be set to be used, a scheme selection syntax (for example, encryption_unit_mode syntax) related to the encryption and decryption methods can be transmitted so as to indicate which encryption and decryption method is used through the scheme selection syntax related to the encryption and decryption methods.
In one embodiment, assume a total of 3 encryption and decryption methods are optional: i. related encryption and decryption are carried out by a single NAL; ii. All NAL units needing to be encrypted and decrypted in the AU are aggregated together for encryption and decryption; and iii, all NAL units needing encryption and decryption in the LU are aggregated together for encryption and decryption.
In this embodiment, a syntax element encryption_unit_mode may be set, and the syntax element may be a 2-bit unsigned integer, and may be used to indicate encryption and decryption manners. Wherein, the value of encryption_unit_mode is 0, which represents an encryption and decryption mode i, wherein encryption and decryption are carried out by a single NAL; the value of encryption_unit_mode being 1 indicates an encryption and decryption mode ii, namely that all NAL units needing encryption and decryption in the AU are aggregated together for encryption and decryption; the value of encryption_unit_mode is 2, which indicates an aggregation encryption and decryption mode iii, that is, all NAL units needing encryption and decryption inside the LU are aggregated together for encryption and decryption; the value of encryption_unit_mode is 3 temporary reserved.
The location of this syntactical set-up may be as shown in Table 7:
TABLE 7 schematic table of security parameter set RBSP definitions
In another embodiment, assume that there are a total of 3 encryption and decryption modes selectable: i. encryption and decryption are carried out by a single NAL in the related technology; ii. All NAL units needing encryption and decryption in the AU are divided into two types, one type is NAL unit which is necessary for decoding the image, which is SPS, PPS, PH and a coded slice in the embodiment, and the other type is NAL unit which is not necessary for decoding the image, which is monitoring extension information and supplementary enhancement information in the embodiment; all NAL units inside the LU that need to be encrypted and decrypted are also classified into two types, one is NAL unit that must be used for decoding the image, SPS, PPS, PH in this embodiment, coded slice, and the other is NAL unit that is not necessary for decoding the image, in this embodiment, monitoring extension information and supplemental enhancement information.
In this embodiment, a syntax element encryption_unit_mode may be set, and the syntax element may be a 2-bit unsigned integer, which may be used to indicate encryption and decryption manners. encryption_unit_mode has a value of 0, which represents an encryption/decryption mode i, and encryption/decryption is performed by a single NAL; the value of encryption_unit_mode is 1, which means that the aggregation encryption and decryption mode ii-all NAL units needing encryption and decryption inside the AU are classified into two types for aggregation encryption and decryption, one type is the NAL unit which is necessary for decoding the image, and the other type is not the NAL unit which is necessary for decoding the image; the value of encryption_unit_mode is 2, which means an aggregation encryption and decryption mode iii, that is, all NAL units needing encryption and decryption in the LU are equally divided into two types for aggregation encryption and decryption, one type is the NAL unit which is necessary for decoding the image, and the other type is not the NAL unit which is necessary for decoding the image; the value of encryption_unit_mode is 3 temporary reserved.
The syntax transmission manner may be identical to the transmission manner of the above embodiment, and will not be described herein.
Accordingly, as shown in fig. 10, the video bitstream decryption method according to an embodiment of the present application may include the following steps. It should be noted that the following step numbers are only for simplifying the description, and are not intended to limit the execution order of the steps, and the steps of this embodiment may be arbitrarily replaced without departing from the technical idea of the present application.
S210: aggregating and decrypting the encrypted data of at least two encrypted code stream data units in the encrypted code stream to obtain an aggregate content original text;
s220: splitting the aggregate content original text to obtain encrypted content original text of the at least two encrypted code stream data units;
S230: and merging the encrypted content original text and the non-encrypted content of each encrypted code stream data unit to obtain a decryption result of each encrypted code stream data unit.
It can be understood that the video code stream decryption method and the video code stream encryption method are in a reciprocal relationship, and the details of the video code stream decryption method can be described in detail with reference to the video code stream encryption method, which is not described herein.
Referring to fig. 11, fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the application. The present electronic device 20 comprises a processor 22, the processor 22 being adapted to execute instructions to implement the above-described method. The specific implementation process is described in the above embodiments, and will not be described herein.
The processor 22 may also be referred to as a CPU (Central Processing Unit ). The processor 22 may be an integrated circuit chip having signal processing capabilities. Processor 22 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The general purpose processor may be a microprocessor or the processor 22 may be any conventional processor or the like.
The electronic device 20 may further comprise a memory 21 for storing instructions and data needed for the operation of the processor 22.
The processor 22 is operative to execute instructions to implement the methods provided in any of the embodiments of the methods of the present application and any non-conflicting combinations described above.
The electronic device of the present application may be an encoder or a decoder, which is not limited herein.
Referring to fig. 12, fig. 12 is a schematic structural diagram of a computer readable storage medium according to an embodiment of the application. The computer readable storage medium 30 of the embodiments of the present application stores a program 31, which when executed implements the method provided by any of the embodiments of the methods of the present application, as well as any non-conflicting combination. Wherein the program 31 may form a program file stored in the above-mentioned storage medium 30 in the form of a software product, so that a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) performs all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium 30 includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, an optical disk, or other various media capable of storing program codes, or a terminal device such as a computer, a server, a mobile phone, a tablet, or the like.
In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The foregoing is only the embodiments of the present application, and therefore, the patent scope of the application is not limited thereto, and all equivalent structures or equivalent processes using the descriptions of the present application and the accompanying drawings, or direct or indirect application in other related technical fields, are included in the scope of the application.

Claims (10)

1. A method for encrypting a video stream, the method comprising:
Encoding the video to obtain video code stream data;
And aggregating the contents to be encrypted in at least two code stream data units to be encrypted in the video code stream data, and then performing encryption processing to obtain an encrypted code stream.
2. The video bitstream encryption method according to claim 1, wherein the aggregating the content to be encrypted in at least two units of the video bitstream data to be encrypted and then performing encryption processing to obtain an encrypted bitstream includes:
aggregating the contents to be encrypted in the at least two code stream data units to be encrypted to obtain aggregated contents;
enabling an encryption and decryption module to encrypt the aggregated content to obtain encrypted content;
Splitting the encrypted content according to the data quantity of the to-be-encrypted content of the at least two to-be-encrypted code stream data units to obtain at least two encrypted data;
And splicing the at least two encrypted data and the non-encrypted data of the at least two code stream data units to be encrypted in a one-to-one correspondence manner to obtain the encrypted code stream units of the code stream data units to be encrypted.
3. The video bitstream encryption method according to claim 1, wherein the aggregating the content to be encrypted in at least two units of the video bitstream data to be encrypted and then performing encryption processing to obtain an encrypted bitstream includes:
Selecting a plurality of code stream data units from the video code stream data; aggregating the contents to be encrypted of all the code stream data units to be encrypted in the plurality of code stream data units, and then conducting encryption processing to obtain encrypted code streams; or alternatively, the first and second heat exchangers may be,
Selecting a plurality of code stream data units from the video code stream data; classifying all code stream data units to be encrypted in the plurality of code stream data units to obtain at least one set; and aggregating the contents to be encrypted in all code stream data units in each set, and then conducting encryption processing to obtain encrypted code streams.
4. A video stream encryption method according to claim 3, wherein said selecting a plurality of stream data units from said video stream data comprises:
Taking the first number of code stream data units as the selected plurality of code stream data units; or alternatively, the first and second heat exchangers may be,
Taking at least part of the code stream data units of the fifth number of access units as the selected plurality of code stream data units; or alternatively, the first and second heat exchangers may be,
At least part of the code stream data units of the sixth number of layer units is taken as the selected plurality of code stream data units.
5. A video stream encryption method according to claim 3, characterized in that the plurality of stream data units belong to one access unit or one layer unit.
6. The video stream encryption method according to claim 3, wherein said classifying all of the plurality of stream data units to be encrypted to obtain at least one set comprises:
dividing all code stream data units to be encrypted in the plurality of code stream data units into two types to obtain two sets;
The two sets include a set of necessary code stream data units for the decoded image and a set of unnecessary code stream data units for the decoded image.
7. The video bitstream encryption method of claim 1, further comprising:
and transmitting the related syntax of the encryption and decryption method to indicate which encryption and decryption method is used for encrypting and decrypting the code stream data unit.
8. A method for decrypting a video stream, the method comprising:
Aggregating and decrypting the encrypted data of at least two encrypted code stream data units in the encrypted code stream to obtain an aggregate content original text;
Splitting the aggregate content original text to obtain encrypted content original text of the at least two encrypted code stream data units;
And merging the encrypted content original text and the non-encrypted content of each encrypted code stream data unit to obtain a decryption result of each encrypted code stream data unit.
9. An electronic device comprising a transmitter and a memory connected to each other, the memory being for storing a program, the processor being for executing the program to carry out the steps of the method according to any one of claims 1-8.
10. A computer readable storage medium, on which a program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any of claims 1-8.
CN202410045712.9A 2024-01-11 Video code stream encryption method, video code stream decryption method and related devices Pending CN118338045A (en)

Publications (1)

Publication Number Publication Date
CN118338045A true CN118338045A (en) 2024-07-12

Family

ID=

Similar Documents

Publication Publication Date Title
Qian et al. New framework of reversible data hiding in encrypted JPEG bitstreams
Long et al. Separable reversible data hiding and encryption for HEVC video
Qian et al. Separable reversible data hiding in encrypted JPEG bitstreams
CN100576916C (en) Media data encoding device
US5907619A (en) Secure compressed imaging
US7680269B2 (en) Method for ciphering a compressed audio or video stream with error tolerance
CN100584014C (en) Media data transcoding devices
He et al. A novel high-capacity reversible data hiding scheme for encrypted JPEG bitstreams
AU2009265724B2 (en) Methods and apparatuses for selective data encryption
US7463736B2 (en) Data process apparatus and method therefor
US9491147B2 (en) DRM content stream transmission apparatus, method, and transmission and reception system
CN109889845B (en) Techniques for encoding, decoding, and representing high dynamic range images
CN100571388C (en) The scalable data sequence of encrypting is gradually carried out the method for stretching
US20130279690A1 (en) Preserving image privacy when manipulated by cloud services
CN103338385A (en) Video processing system and corresponding method
JP2017535123A (en) Encoder, decoder and method using partial data encryption
CN101352045B (en) Method and device for generating a marked data flow, method and device for inserting a watermark into a marked data flow, and marked data flow
CN102216921A (en) Method and system for encrypting and decrypting data streams
CN110881142A (en) Audio and video data encryption and decryption method and device based on rtmp and readable storage medium
CN105306986A (en) DVB condition receiving device integrating descrambling of basic data and normal data
CN101390332A (en) Method and apparatus for synchronous stream cipher encryption with reserved codes
CN118338045A (en) Video code stream encryption method, video code stream decryption method and related devices
JP4821200B2 (en) Data conversion apparatus, data conversion method, data conversion program, and computer-readable recording medium on which data conversion program is recorded
CN111064717B (en) Data encoding method, data decoding method, related terminal and device
US7787624B2 (en) Method for inserting synchronization markers into a video stream, compatible with a block cipher

Legal Events

Date Code Title Description
PB01 Publication