TW202220449A - Method and system of video encryption - Google Patents

Method and system of video encryption Download PDF

Info

Publication number
TW202220449A
TW202220449A TW109138047A TW109138047A TW202220449A TW 202220449 A TW202220449 A TW 202220449A TW 109138047 A TW109138047 A TW 109138047A TW 109138047 A TW109138047 A TW 109138047A TW 202220449 A TW202220449 A TW 202220449A
Authority
TW
Taiwan
Prior art keywords
video
license
electronic device
license key
encrypted
Prior art date
Application number
TW109138047A
Other languages
Chinese (zh)
Inventor
楊淳凱
Original Assignee
宏碁股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宏碁股份有限公司 filed Critical 宏碁股份有限公司
Priority to TW109138047A priority Critical patent/TW202220449A/en
Publication of TW202220449A publication Critical patent/TW202220449A/en

Links

Images

Abstract

The present invention discloses a method of video encryption, including: obtaining an original video and encrypting the original video, to generate an encrypted video and a license key corresponding to the encrypted video, on the first electronic device; sending the encrypted video and the license key to the first video streaming application and a license client respectively; sending the encrypted video to the second video streaming application on the second electronic device via a video streaming server through the first video streaming application, and sending the license key to a license plugin on the second electronic device via a license server through the license client.

Description

視訊加密的方法及系統Video encryption method and system

本發明涉及一種加密方法及系統,特別涉及一種對視訊進行加密處理的方法及系統。The present invention relates to an encryption method and system, in particular to a method and system for encrypting video information.

近年來,視訊攝影機(video camera)被惡意人士從遠端監看,或者是視訊在網路封包傳送的過程中被惡意擷取的案例層出不窮。尤其在2019年的嚴重特殊傳染性肺炎疫情之期間,許多人在商務與日常生活中使用視訊會議應用程式Zoom的免費版本。於是,惡意人士便廣泛利用該應用程式的安全漏洞,透過網際網路共享密碼。這種被稱為「Zoom轟炸(Zoombombing)」的惡意侵入行為,會導致在視訊會議的過程中,可能出現無關的陌生用戶進入會議,干擾會議進行,而使正在進行中的會議需被迫中斷。In recent years, there have been numerous cases of video cameras being monitored by malicious persons from remote locations, or video being maliciously captured during network packet transmission. Especially during the severe special infectious pneumonia epidemic in 2019, many people use the free version of the video conferencing application Zoom in business and daily life. As a result, malicious actors have widely exploited the app's security holes to share passwords over the Internet. This malicious intrusion, known as "Zoom bombing", may lead to unrelated and unfamiliar users entering the conference during the video conference, interfering with the conference, and forcing the ongoing conference to be interrupted .

當視訊會議應用程式傳送視訊影像時,會採用一些基本的加密機制。通常係由視訊會議應用程式的生產廠商或者其他第三方廠商,作為服務提供者(service providers)。影像封包在傳送時,會經過這些服務提供者所提供位於雲端的視訊串流(video streaming)平台或伺服器。由於這些服務提供者掌握這些加密機制的原始碼,故仍難以保證影像封包在上述的傳送過程中,被惡意人士擷取與解碼。When videoconferencing applications transmit video images, some basic encryption mechanisms are used. Usually, the manufacturer of the video conferencing application or other third-party manufacturer acts as a service provider. When the image packets are transmitted, they will pass through a video streaming platform or server located in the cloud provided by these service providers. Since these service providers master the source codes of these encryption mechanisms, it is still difficult to ensure that the image packets are captured and decoded by malicious persons during the above-mentioned transmission process.

有鑑於此,需要一種對視訊進行加密處理的方法,能夠克服上述先前技術的加密機制容易被破解的疑慮。In view of this, there is a need for a method for encrypting video, which can overcome the concern that the encryption mechanism of the prior art is easy to be cracked.

本發明之實施例提供一種視訊加密的方法,包含:在第一電子裝置上,取得原始視訊,並對原始視訊進行加密,以產生加密視訊及對應於加密視訊的許可證金鑰(license key);將加密視訊與許可證金鑰分別發送給第一視訊串流應用程式與許可證客戶端(license client);透過第一視訊串流應用程式,將加密視訊經由一視訊串流伺服器發送給第二電子裝置上的第二視訊串流應用程式,以及透過許可證客戶端,將許可證金鑰經由許可證伺服器(license server)發送給第二電子裝置上的許可證外掛程式(license plugin)。An embodiment of the present invention provides a method for encrypting video, including: obtaining, on a first electronic device, original video, and encrypting the original video to generate encrypted video and a license key corresponding to the encrypted video ; Send the encrypted video and the license key to the first video streaming application and the license client respectively; through the first video streaming application, send the encrypted video through a video streaming server to The second video streaming application on the second electronic device, and through the license client, send the license key to the license plugin on the second electronic device through the license server (license server) ).

在某些實施例中,上述視訊加密的方法更包含:每隔一段時間區間,透過加密模組更換許可證金鑰,其中更換後的許可證金鑰對應於該段時間區間內的該加密視訊;響應於許可證金鑰被更換,透過第一視訊串流應用程式,將該段時間區間內的加密視訊經由視訊串流伺服器發送給第二電子裝置上的第二視訊串流應用程式,以及透過許可證客戶端,將更換後的許可證金鑰經由許可證伺服器發送給第二電子裝置上的許可證外掛程式。In some embodiments, the above-mentioned video encryption method further includes: replacing a license key through an encryption module at regular intervals, wherein the replaced license key corresponds to the encrypted video in the time interval ; in response to the license key being replaced, through the first video streaming application, the encrypted video in the period of time is sent to the second video streaming application on the second electronic device via the video streaming server, And through the license client, the replaced license key is sent to the license plug-in program on the second electronic device through the license server.

在某些實施例中,上述視訊加密的方法更包含:響應於第二視訊串流應用程式接收到來自第三電子裝置的加入會議請求,透過許可證外掛程式確認是否有接收到來自第三電子裝置的許可證金鑰;若有接收到來自第三電子裝置的許可證金鑰,接受加入會議請求;若沒有接收到來自第三電子裝置的許可證金鑰,拒絕加入會議請求。In some embodiments, the above-mentioned video encryption method further includes: in response to the second video streaming application receiving a request to join the conference from the third electronic device, confirming through a license plug-in whether it has received the request from the third electronic device The license key of the device; if the license key from the third electronic device is received, the request to join the conference is accepted; if the license key from the third electronic device is not received, the request to join the conference is rejected.

本發明之實施例提供一種視訊加密的系統,包含:加密模組,設置於第一電子裝置上;許可證客戶端(license client),設置於第一電子裝置上;許可證外掛程式(license plugin),設置於第二電子裝置上;其中,加密模組取得一原始視訊,並對原始視訊進行加密,以產生加密視訊及對應於加密視訊的許可證金鑰(license key);加密模組將加密視訊與許可證金鑰分別發送給第一視訊串流應用程式與許可證客戶端;第一視訊串流應用程式將該加密視訊經由視訊串流伺服器發送給第二電子裝置上的第二視訊串流應用程式;及許可證客戶端將許可證金鑰經由許可證伺服器(license server)發送給第二電子裝置上的許可證外掛程式(license plugin)。An embodiment of the present invention provides a system for video encryption, including: an encryption module installed on a first electronic device; a license client installed on the first electronic device; a license plugin ), set on the second electronic device; wherein, the encryption module obtains an original video, and encrypts the original video to generate encrypted video and a license key corresponding to the encrypted video; the encryption module will The encrypted video and the license key are respectively sent to the first video streaming application and the license client; the first video streaming application sends the encrypted video to the second electronic device on the second electronic device via the video streaming server The video streaming application; and the license client send the license key to the license plugin on the second electronic device via the license server.

在某些實施例中,上述視訊加密的系統中的加密模組每隔一段時間更換許可證金鑰,其中更換後的許可證金鑰對應於該段時間區間內的加密視訊;響應於許可證金鑰被更換,第一視訊串流應用程式將該段時間區間內的加密視訊經由視訊串流伺服器發送給第二電子裝置上的第二視訊串流應用程式,以及許可證客戶端將更換後的許可證金鑰經由許可證伺服器發送給第二電子裝置上的許可證外掛程式。In some embodiments, the encryption module in the above-mentioned video encryption system replaces the license key at intervals, wherein the replaced license key corresponds to the encrypted video in the time interval; in response to the license key The key is replaced, the first video streaming application sends the encrypted video within the time interval to the second video streaming application on the second electronic device via the video streaming server, and the license client will be replaced The latter license key is sent to the license plug-in program on the second electronic device via the license server.

在某些實施例中,響應於第二視訊串流應用程式接收到來自第三電子裝置的一加入會議請求,上述視訊加密的系統中的許可證外掛程式確認是否有接收到來自第三電子裝置的許可證金鑰;若有接收到來自第三電子裝置的許可證金鑰,許可證外掛程式接受加入會議請求;若沒有接收到來自第三電子裝置的許可證金鑰,許可證外掛程式拒絕加入會議請求。In some embodiments, in response to the second video streaming application receiving a request to join the meeting from the third electronic device, the license plug-in in the above-mentioned video encryption system confirms whether a request from the third electronic device is received the license key from the third electronic device; if the license key is received from the third electronic device, the license plug-in accepts the request to join the meeting; if the license key is not received from the third electronic device, the license plug-in rejects Join meeting request.

第1圖係一種視訊會議應用情境100之示意圖。如第1圖所示,在視訊會議應用情境100中,第一電子裝置101與第二電子裝置102代表兩個會議參與者所分別使用的電子裝置。攝影模組103及第一視訊串流應用程式104設置於第一電子裝置101上,第二視訊串流應用程式105設置於第二電子裝置102上。一個視訊串流伺服器106與第一電子裝置101及第二電子裝置102藉由網際網路而通訊地連接。FIG. 1 is a schematic diagram of a video conference application scenario 100 . As shown in FIG. 1 , in the video conference application scenario 100 , the first electronic device 101 and the second electronic device 102 represent electronic devices respectively used by two conference participants. The camera module 103 and the first video streaming application 104 are installed on the first electronic device 101 , and the second video streaming application 105 is installed on the second electronic device 102 . A video streaming server 106 is communicatively connected to the first electronic device 101 and the second electronic device 102 via the Internet.

攝影模組103可例如係任何一種具有攝影功能的攝影機(video camera)或網路攝影機(webcam),本發明並非以此為限。在視訊會議的應用情境中,攝影模組103係用於捕捉會議參與者的影像及聲音。應注意,雖然在第1圖所繪示的實施例中,攝影模組103係設置於第一電子裝置101內(例如一筆記型電腦上的內建的攝影鏡頭),但在其他實施例中,攝影模組103可以不設置於第一電子裝置內,而係透過有線或無線的方式與第一電子裝置連接,以將捕捉到的影像及聲音發送給第一電子裝置。The camera module 103 can be, for example, any video camera or webcam with a camera function, but the present invention is not limited thereto. In a video conference application scenario, the camera module 103 is used to capture images and voices of conference participants. It should be noted that although in the embodiment shown in FIG. 1, the camera module 103 is disposed in the first electronic device 101 (eg, a built-in camera lens on a notebook computer), in other embodiments , the photographing module 103 may not be disposed in the first electronic device, but be connected to the first electronic device through a wired or wireless manner, so as to send the captured image and sound to the first electronic device.

第一視訊串流應用程式104及第二視訊串流應用程式105可例如係任何一種設置於作業系統中,以雲端運算為基礎的遠端視訊會議應用程式,例如Zoom、Skype、TeamViewer等,本發明並非以此為限。這種遠端視訊會議應用程式,係藉由視訊串流(video streaming)的技術,將視訊資料以封包的形式,經由網際網路即時地傳輸至遠端的裝置。The first video streaming application 104 and the second video streaming application 105 can be, for example, any remote video conferencing applications based on cloud computing, such as Zoom, Skype, TeamViewer, etc., which are installed in the operating system. Inventions are not limited to this. This remote video conferencing application uses video streaming technology to transmit video data in the form of packets to a remote device in real time via the Internet.

視訊串流伺服器106可例如係任何一種具有運算能力,並以網路作為媒介提供服務的伺服器,本發明並非以此為限。視訊串流伺服器106在視訊會議的應用情境中的作用,主要包含作為一路由伺服器(route server),將來自來源端的視訊封包,正確地分派及傳輸至目的端。視訊串流伺服器106可由服務提供者,例如視訊會議應用程式的生產廠商,或者其他第三方廠商所提供。The video streaming server 106 can be, for example, any server that has computing capability and provides services by using the network as a medium, but the present invention is not limited thereto. The role of the video streaming server 106 in the application situation of the video conference mainly includes serving as a route server to correctly distribute and transmit the video packets from the source end to the destination end. The video streaming server 106 may be provided by a service provider, such as a manufacturer of video conferencing applications, or other third-party vendors.

如第1圖所示,在視訊會議應用情境100中,作為來源端的第一電子裝置101透過攝影模組103捕捉會議參與者的影像及聲音,然後將包含上述影像及聲音的視訊發送給第一視訊串流應用程式104。第一視訊串流應用程式104再將該視訊以封包的形式,經由視訊串流伺服器106,發送給第二電子裝置上的第二視訊串流應用程式105。As shown in FIG. 1, in the video conference application scenario 100, the first electronic device 101 as the source captures the video and audio of the conference participants through the camera module 103, and then sends the video including the above video and audio to the first electronic device 101. Video streaming application 104 . The first video streaming application 104 then sends the video to the second video streaming application 105 on the second electronic device via the video streaming server 106 in the form of packets.

如第1圖所示,在第一視訊串流應用程式104至第二視訊串流應用程式105之間的整個封包傳送的路徑上的任意點,皆有可能被惡意人士所入侵,導致封包被惡意人士所盜取。即使服務提供者有提供基本的加密機制,由於服務提供者掌握這些加密機制的原始碼,故仍難以保證影像封包在經過視訊串流伺服器106時,被惡意人士所擷取與解碼。As shown in FIG. 1, any point on the path of the entire packet transmission between the first video streaming application 104 and the second video streaming application 105 may be invaded by malicious persons, causing the packets to be compromised. stolen by malicious people. Even if the service provider provides basic encryption mechanisms, since the service provider has the source codes of these encryption mechanisms, it is still difficult to ensure that the image packets are captured and decoded by malicious persons when passing through the video streaming server 106 .

第2A圖係根據本發明之實施例所繪示,一種改良後的視訊會議應用情境200之示意圖。第2B圖係根據本發明之實施例所繪示,於改良後的視訊會議應用情境200中運用的一種視訊加密的方法M10之流程圖。請互相搭配地參閱第2A圖與第2B圖,以更佳地理解本發明之實施例。如第2A圖所示,相較於第1圖中的視訊會議應用情境100,在改良後的視訊會議應用情境200中,新增了設置於第一電子裝置101上的加密模組201及許可證客戶端202,及設置於第二電子裝置102上的許可證外掛程式204,以及許可證伺服器203。如第2B圖所示,方法M10包含步驟S11-S13。FIG. 2A is a schematic diagram of an improved video conference application scenario 200 according to an embodiment of the present invention. FIG. 2B is a flowchart of a video encryption method M10 used in the improved video conference application scenario 200 according to an embodiment of the present invention. Please refer to FIG. 2A and FIG. 2B in conjunction with each other for better understanding of the embodiments of the present invention. As shown in FIG. 2A , compared with the video conference application scenario 100 in FIG. 1 , in the improved video conference application scenario 200 , an encryption module 201 and a license set on the first electronic device 101 are added. The license client 202 , the license plug-in program 204 and the license server 203 are provided on the second electronic device 102 . As shown in FIG. 2B, the method M10 includes steps S11-S13.

加密模組201可例如係實作於一韌體或一驅動程式中,本發明並非以此為限。加密模組201在視訊會議的應用情境中的作用,主要包含對一視訊進行硬體層的加密,使得加密後的加密視訊必須要透過其相對應的許可證金鑰(license Key)進行解碼,否則無法被解讀。舉例來說,對於沒有對應的許可證金鑰來對加密視訊進行解碼者,加密視訊僅會係一串無意義的亂碼。加密模組201所運用的演算法可以係任何一種習知的加密演算法,例如AES 128、AES 256、DRM等,本發明並非以此為限。The encryption module 201 may be implemented in a firmware or a driver, for example, but the present invention is not limited thereto. The role of the encryption module 201 in the application situation of the video conference mainly includes the hardware layer encryption of a video, so that the encrypted encrypted video must be decoded through its corresponding license key (license Key), otherwise cannot be interpreted. For example, if there is no corresponding license key to decode the encrypted video, the encrypted video will just be a string of meaningless garbled characters. The algorithm used by the encryption module 201 can be any conventional encryption algorithm, such as AES 128, AES 256, DRM, etc., and the present invention is not limited thereto.

許可證客戶端202可以係設置於第一電子裝置100所運行的作業系統中的軟體。許可證客戶端202在視訊會議的應用情境中的作用,主要包含作為傳遞許可證金鑰的窗口,發送對應於加密視訊的許可證金鑰給遠端裝置。The license client 202 may be software installed in the operating system on which the first electronic device 100 runs. The role of the license client 202 in the application scenario of the video conference mainly includes serving as a window for transmitting the license key, and sending the license key corresponding to the encrypted video to the remote device.

許可證外掛程式204可以係設置於第二電子裝置200所運行的作業系統中,並且關聯於第二視訊串流應用程式105的一種外掛程式(plugin)。其在視訊會議的應用情境中的作用,主要包含接收來自第一電子裝置101的許可證金鑰,以及使用接收到的許可證金鑰來對加密視訊進行解碼。The license plug-in 204 may be installed in the operating system of the second electronic device 200 and associated with a plug-in of the second video streaming application 105 . Its role in the application context of the video conference mainly includes receiving the license key from the first electronic device 101 and decoding the encrypted video using the received license key.

許可證伺服器203可例如係任何一種具有運算能力,並以網路作為媒介提供服務的伺服器,本發明並非以此為限。許可證伺服器203在視訊會議的應用情境中的作用,主要包含作為一路由伺服器,將來自來源端的許可證金鑰,正確地分派及傳輸至目的端。The license server 203 can be, for example, any server that has computing capability and provides services by using the network as a medium, and the present invention is not limited thereto. The role of the license server 203 in the application scenario of the video conference mainly includes acting as a routing server to correctly distribute and transmit the license key from the source end to the destination end.

根據本發明之實施例,於第2B圖中的步驟S11,加密模組201取得攝影模組103所捕捉到的原始視訊205(如第2A圖所示),並對原始視訊205進行加密,以產生加密視訊206及對應於加密視訊206的許可證金鑰207。然後,進入步驟S12。According to an embodiment of the present invention, in step S11 in FIG. 2B, the encryption module 201 obtains the original video 205 captured by the camera module 103 (as shown in FIG. 2A ), and encrypts the original video 205 to An encrypted video 206 and a license key 207 corresponding to the encrypted video 206 are generated. Then, it progresses to step S12.

於步驟S12,加密模組201將加密視訊206與許可證金鑰207分別發送給第一視訊串流應用程式104與許可證客戶端202(如第2A圖所示)。然後,進入步驟S13。In step S12, the encryption module 201 sends the encrypted video 206 and the license key 207 to the first video streaming application 104 and the license client 202 respectively (as shown in FIG. 2A). Then, it progresses to step S13.

於步驟S13,第一訊串流應用程式104將加密視訊206經由視訊串流伺服器106發送給第二視訊串流應用程式105(如第2A圖所示);許可證客戶端202將許可證金鑰207經由許可證伺服器203發送給許可證外掛程式204(如第2A圖所示)。之後,許可證外掛程式204便可使用接收到許可證金鑰207,來對加密視訊206進行解碼。In step S13, the first video streaming application 104 sends the encrypted video 206 to the second video streaming application 105 via the video streaming server 106 (as shown in FIG. 2A ); the license client 202 sends the license The key 207 is sent to the license plug-in 204 via the license server 203 (as shown in FIG. 2A). Afterwards, the license plug-in 204 can use the received license key 207 to decode the encrypted video 206 .

在以上所述改良後的視訊會議應用情境200中,來自第一電子裝置101的加密視訊206與許可證金鑰207,係透過不同的路徑,傳輸至第二電子裝置102。具體而言,加密視訊206係透過第一視訊串流應用程式104,經由視訊串流伺服器106,而傳輸至第二視訊應用程式105;許可證金鑰207則係透過許可證客戶端202,經由許可證伺服器203,而傳輸至許可證外掛程式204。如此一來,便分散了加密視訊與許可證金鑰同時被惡意人士所盜取的風險,因而降低了視訊被惡意人士所取得與監看的可能性。舉例來說,即使加密視訊206在第一視訊串流應用程式104與第二視訊串流應用程式105之間的傳輸過程中被惡意人士所盜取,若該名惡意人士沒有取得許可證金鑰207,則加密視訊206對該名惡意人士而言,僅會係一串無法解讀的亂碼。In the improved video conferencing application scenario 200 described above, the encrypted video 206 and the license key 207 from the first electronic device 101 are transmitted to the second electronic device 102 through different paths. Specifically, the encrypted video 206 is transmitted to the second video application 105 through the first video streaming application 104 through the video streaming server 106; the license key 207 is transmitted through the license client 202, Via the license server 203, it is transmitted to the license plug-in 204. In this way, the risk of both the encrypted video and the license key being stolen by a malicious person at the same time is dispersed, thereby reducing the possibility of the video being obtained and monitored by a malicious person. For example, even if the encrypted video 206 is stolen by a malicious person during transmission between the first video streaming application 104 and the second video streaming application 105, if the malicious person does not obtain the license key 207, the encrypted video 206 will only be a string of unreadable garbled characters for the malicious person.

第3圖係根據本發明之較佳實施例所繪示,另一種視訊加密的方法M20之流程圖。如第3圖所示,相較於第2B圖中的方法M10,方法M20於步驟S13之後更新增了步驟S14及S15。FIG. 3 is a flowchart of another video encryption method M20 according to a preferred embodiment of the present invention. As shown in FIG. 3 , compared with the method M10 in FIG. 2B , the method M20 includes steps S14 and S15 after the step S13 .

根據此較佳實施例,於步驟S14,加密模組201每隔一段時間區間更換許可證金鑰,其中更換後的許可證金鑰對應於該段時間區間內的該加密視訊。舉例來說,如以下表一所示,假設加密模組201每隔10秒鐘更換許可證金鑰,則加密模組201所產生的第一許可證金鑰、第二許可證金鑰、第三許可證金鑰…,分別對應於從視訊開始時間起算的第0-10秒之間的加密視訊、第10-20秒之間的加密視訊、第20-30之間的加密視訊…依此類推。然後,進入步驟S15。 [表一] 第一許可證金鑰 第0-10秒之間的加密視訊 第二許可證金鑰 第10-20秒之間的加密視訊 第三許可證金鑰 第20-30秒之間的加密視訊 …(依此類推) …(依此類推) According to this preferred embodiment, in step S14, the encryption module 201 replaces the license key at intervals, wherein the replaced license key corresponds to the encrypted video in the time interval. For example, as shown in Table 1 below, assuming that the encryption module 201 changes the license key every 10 seconds, the first license key, the second Three license keys..., corresponding to the encrypted video between 0-10 seconds from the start time of the video, the encrypted video between the 10-20 second, the encrypted video between the 20-30... analogy. Then, it progresses to step S15. [Table I] first license key Encrypted video between seconds 0-10 second license key Encrypted video between 10-20 seconds third license key Encrypted video between 20-30 seconds …(So on and so forth) …(So on and so forth)

於步驟S15,響應於許可證金鑰被更換,第一視訊串流應用程式104將該段時間區間內的加密視訊經由視訊串流伺服器106發送給第二視訊串流應用程式105,許可證客戶端202將更換後的許可證金鑰經由許可證伺服器203發送給許可證外掛程式204。舉例來說,許可證外掛程式204首先會使用第一許可證金鑰, 來對第0-10秒之間的加密視訊進行解碼,然後使用第二許可證金鑰對第10-20秒之間的加密視訊進行解碼、使用第三許可證金鑰對第20-30秒之間的加密視訊進行解碼…依此類推。 In step S15, in response to the license key being replaced, the first video streaming application 104 sends the encrypted video within the time interval to the second video streaming application 105 via the video streaming server 106, and the license The client 202 sends the replaced license key to the license plug-in 204 via the license server 203 . For example, the license plug-in 204 will first use the first license key, to decode the encrypted video between seconds 0-10, then use the second license key to decode the encrypted video between seconds 10-20, use the third license key to decode the encrypted video between seconds 20-30 Encrypted video between is decoded...and so on.

在上述較佳實施例的應用情境中,由於許可證金鑰不斷地被更換,即使惡意人士盜取了其中一把許可證金鑰,也必須要有該把許可證金鑰所對應之特定時間區間內的視訊,才能進行解碼。舉例來說,惡意人士需皆取得第二許可證金鑰與第10-20秒之間的加密視訊,才能對第10-20秒之間的加密視訊進行解碼。若僅取得第二許可證金鑰與第0-10秒之間的加密視訊,則無法進行解碼。如此一來,便可更進一步降低視訊被完全破解的可能性。In the application scenario of the above preferred embodiment, since the license keys are constantly replaced, even if a malicious person steals one of the license keys, there must be a specific time corresponding to the license key. Only the video in the interval can be decoded. For example, a malicious person needs to obtain the second license key and the encrypted video between the 10th and 20th second in order to decode the encrypted video between the 10th and 20th second. If you only get the second license key and the encrypted video between seconds 0-10, it cannot be decoded. This further reduces the likelihood of the video being completely compromised.

第4圖係根據本發明之另一較佳實施例所繪示,一種視訊加密的方法M30之流程圖。如第4圖所示,方法M30包含步驟S21-S23。於步驟S21,響應於第二視訊串流應用程式105接收到來自第三電子裝置的加入會議請求,透過許可證外掛程式204確認是否有接收到來自第三電子裝置的許可證金鑰207。如果許可證外掛程式204有接收到來自該第三電子裝置的許可證金鑰207,則執行步驟S22,即接受來自第三電子裝置的加入會議請求;如果許可證外掛程式204沒有接收到來自該第三電子裝置的許可證金鑰207,則執行步驟S23,即拒絕來自第三電子裝置的加入會議請求。FIG. 4 is a flowchart of a video encryption method M30 according to another preferred embodiment of the present invention. As shown in FIG. 4, the method M30 includes steps S21-S23. In step S21, in response to the second video streaming application 105 receiving the request to join the conference from the third electronic device, the license plug-in 204 confirms whether the license key 207 is received from the third electronic device. If the license plug-in 204 has received the license key 207 from the third electronic device, step S22 is executed, that is, the request to join the meeting from the third electronic device is accepted; if the license plug-in 204 has not received the request from the third electronic device If the license key 207 of the third electronic device is used, step S23 is executed, that is, the request to join the conference from the third electronic device is rejected.

在上述另一較佳實施例的應用情境中,若第三電子裝置的使用者為正常的與會者,則第三電子裝置產生及發送許可證金鑰207的方式與第2圖中所示第一電子裝置101產生及發送許可證金鑰207的方式,基本會係相同的,於此便不再重複贅述。In the application scenario of the above-mentioned another preferred embodiment, if the user of the third electronic device is a normal participant, the manner in which the third electronic device generates and sends the license key 207 is the same as that shown in FIG. 2 . The manner in which an electronic device 101 generates and transmits the license key 207 is basically the same, and will not be repeated here.

在上述另一較佳實施例的應用情境中,由於許可證外掛程式204僅允許擁有許可證金鑰的使用者所發出的加入會議請求,故當有惡意人士入侵第一電子裝置101與第二電子裝置102之間的通訊、試圖竊取視訊封包甚至干擾會議進行時,若該名惡意人士並未擁有正確的許可證金鑰(即許可證金鑰207),就會被許可證外掛程式204所阻擋,因而不得其門而入。如此一來,便也更進一步提高了視訊會議的資訊安全性。In the application scenario of the above-mentioned another preferred embodiment, since the license plug-in 204 only allows the request to join the conference sent by the user who has the license key, when a malicious person invades the first electronic device 101 and the second electronic device 101 If the malicious person does not possess the correct license key (ie the license key 207 ), the license plug-in 204 will be used for communication between the electronic devices 102 , trying to steal video packets or even interfering with the conference. block, so that they cannot enter. In this way, the information security of the video conference is further improved.

在本說明書中以及申請專利範圍中的序號,例如「第一」、「第二」等等,僅係為了方便說明,彼此之間並沒有順序上的先後關係。The serial numbers in this specification and the scope of the patent application, such as "first", "second", etc., are only for convenience of description, and there is no sequential relationship between them.

以上段落使用多種層面描述。顯然的,本文的教示可以多種方式實現,而在範例中揭露之任何特定架構或功能僅為一代表性之狀況。根據本文之教示,任何熟知此技藝之人士應理解在本文揭露之各層面可獨立實作或兩種以上之層面可以合併實作。The above paragraphs use multiple levels of description. Obviously, the teachings herein can be implemented in a variety of ways, and any particular architecture or functionality disclosed in the examples is merely a representative case. Based on the teachings herein, anyone skilled in the art should understand that each aspect disclosed herein may be implemented independently or two or more aspects may be implemented in combination.

雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何熟習此技藝者,在不脫離本揭露之精神和範圍內,當可作些許之更動與潤飾,因此發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the present disclosure has been disclosed above with examples, it is not intended to limit the present disclosure. Anyone who is familiar with the art can make some changes and modifications without departing from the spirit and scope of the present disclosure. Therefore, the protection scope of the invention is The scope of the patent application attached herewith shall prevail.

100:傳統視訊會議應用情境 101:第一電子裝置 102:第二電子裝置 103:攝影模組 104:第一視訊串流應用程式 105:第二視訊串流應用程式 106:視訊串流伺服器 200:改良後的視訊會議應用情境 201:加密模組 202:許可證客戶端 203:許可證伺服器 204:許可證外掛程式 205:原始視訊 206:加密視訊 207:許可證金鑰 M10:方法 S11-S13:步驟 M20:方法 S14-S15:步驟 M30:方法 S21-S23:步驟 100: Traditional video conference application scenarios 101: The first electronic device 102: Second electronic device 103: Photography Module 104: First Video Streaming App 105: Second Video Streaming App 106: Video Streaming Server 200: Improved video conferencing application scenarios 201: Encryption Module 202: License Client 203: License Server 204: License Plugin 205: Raw Video 206: Encrypted Video 207: License key M10: Methods S11-S13: Steps M20: Methods S14-S15: Steps M30: Method S21-S23: Steps

本揭露將可從以下示範的實施例之敘述搭配附帶的圖式更佳地理解。此外,應被理解的係,在本揭露之流程圖中,各區塊的執行順序可被改變,且/或某些區塊可被改變、刪減或合併。 第1圖係一種視訊會議應用情境100之示意圖。 第2A圖係根據本發明之實施例所繪示,一種改良後的視訊會議應用情境200之示意圖。 第2B圖係根據本發明之實施例所繪示,於改良後的視訊會議應用情境200中運用的一種視訊加密的方法M10之流程圖。 第3圖係根據本發明之較佳實施例所繪示,另一種視訊加密的方法M20之流程圖。 第4圖係根據本發明之另一較佳實施例所繪示,一種視訊加密的方法M30之流程圖。 The present disclosure will be better understood from the following description of exemplary embodiments in conjunction with the accompanying drawings. In addition, it should be understood that, in the flowcharts of the present disclosure, the order of execution of various blocks may be changed, and/or certain blocks may be changed, omitted, or combined. FIG. 1 is a schematic diagram of a video conference application scenario 100 . FIG. 2A is a schematic diagram of an improved video conference application scenario 200 according to an embodiment of the present invention. FIG. 2B is a flowchart of a video encryption method M10 used in the improved video conference application scenario 200 according to an embodiment of the present invention. FIG. 3 is a flowchart of another video encryption method M20 according to a preferred embodiment of the present invention. FIG. 4 is a flowchart of a video encryption method M30 according to another preferred embodiment of the present invention.

101:第一電子裝置 101: The first electronic device

102:第二電子裝置 102: Second electronic device

103:攝影模組 103: Photography Module

104:第一視訊串流應用程式 104: First Video Streaming App

105:第二視訊串流應用程式 105: Second Video Streaming App

106:視訊串流伺服器 106: Video Streaming Server

200:改良後的視訊會議應用情境 200: Improved video conferencing application scenarios

201:加密模組 201: Encryption Module

202:許可證客戶端 202: License Client

203:許可證伺服器 203: License Server

204:許可證外掛程式 204: License Plugin

205:原始視訊 205: Raw Video

206:加密視訊 206: Encrypted Video

207:許可證金鑰 207: License key

Claims (6)

一種視訊加密的方法,包括: 在第一電子裝置上,取得一原始視訊,並對該原始視訊進行加密,以產生一加密視訊及對應於該加密視訊的一許可證金鑰(license key); 將該加密視訊與該許可證金鑰分別發送給第一視訊串流應用程式與一許可證客戶端(license client); 透過該第一視訊串流應用程式,將該加密視訊經由一視訊串流伺服器發送給第二電子裝置上的第二視訊串流應用程式,以及透過該許可證客戶端,將該許可證金鑰經由一許可證伺服器(license server)發送給該第二電子裝置上的一許可證外掛程式(license plugin)。 A method of video encryption, comprising: obtaining an original video on the first electronic device, and encrypting the original video to generate an encrypted video and a license key corresponding to the encrypted video; sending the encrypted video and the license key to the first video streaming application and a license client, respectively; through the first video streaming application, send the encrypted video to a second video streaming application on the second electronic device through a video streaming server, and through the license client, send the license fee The key is sent to a license plugin on the second electronic device via a license server. 如請求項1之視訊加密的方法,更包括: 每隔一段時間區間,透過該加密模組更換該許可證金鑰,其中更換後的該許可證金鑰對應於該段時間區間內的該加密視訊; 響應於該許可證金鑰被更換,透過該第一視訊串流應用程式,將該段時間區間內的該加密視訊經由該視訊串流伺服器發送給該第二電子裝置上的該第二視訊串流應用程式,以及透過該許可證客戶端,將更換後的該許可證金鑰經由該許可證伺服器發送給該第二電子裝置上的該許可證外掛程式。 If the method for video encryption of claim 1, it further includes: At intervals, the license key is replaced by the encryption module, wherein the replaced license key corresponds to the encrypted video in the time interval; In response to the license key being replaced, through the first video streaming application, the encrypted video within the time interval is sent to the second video on the second electronic device via the video streaming server The streaming application, and through the license client, send the replaced license key to the license plug-in on the second electronic device via the license server. 如請求項1之視訊加密的方法,更包括: 響應於第二視訊串流應用程式接收到來自第三電子裝置的一加入會議請求,透過該許可證外掛程式確認是否有接收到來自該第三電子裝置的該許可證金鑰; 若有接收到來自該第三電子裝置的該許可證金鑰,接受該加入會議請求; 若沒有接收到來自該第三電子裝置的該許可證金鑰,拒絕該加入會議請求。 If the method for video encryption of claim 1, it further includes: In response to the second video streaming application receiving a request to join the conference from the third electronic device, confirming through the license plug-in whether the license key from the third electronic device has been received; If the license key is received from the third electronic device, accept the request to join the conference; If the license key from the third electronic device is not received, the request to join the conference is rejected. 一種視訊加密的系統,包括: 加密模組,設置於第一電子裝置上; 許可證客戶端(license client),設置於第一電子裝置上; 許可證外掛程式(license plugin),設置於第二電子裝置上; 其中,該加密模組取得一原始視訊,並對該原始視訊進行加密,以產生一加密視訊及對應於該加密視訊的一許可證金鑰(license key); 該加密模組將該加密視訊與該許可證金鑰分別發送給第一視訊串流應用程式與該許可證客戶端; 該第一視訊串流應用程式將該加密視訊經由一視訊串流伺服器發送給該第二電子裝置上的第二視訊串流應用程式;及 該許可證客戶端將該許可證金鑰經由一許可證伺服器(license server)發送給該第二電子裝置上的一許可證外掛程式(license plugin)。 A system for video encryption, including: an encryption module, disposed on the first electronic device; a license client (license client), set on the first electronic device; a license plugin, installed on the second electronic device; Wherein, the encryption module obtains an original video, and encrypts the original video to generate an encrypted video and a license key corresponding to the encrypted video; The encryption module sends the encrypted video and the license key to the first video streaming application and the license client, respectively; the first video streaming application sends the encrypted video to the second video streaming application on the second electronic device via a video streaming server; and The license client sends the license key to a license plugin on the second electronic device via a license server. 如請求項4之視訊加密的系統,其中該加密模組每隔一段時間更換該許可證金鑰,其中更換後的該許可證金鑰對應於該段時間區間內的該加密視訊; 響應於該許可證金鑰被更換,該第一視訊串流應用程式將該段時間區間內的該加密視訊經由該視訊串流伺服器發送給該第二電子裝置上的該第二視訊串流應用程式,以及該許可證客戶端將更換後的該許可證金鑰經由該許可證伺服器發送給該第二電子裝置上的該許可證外掛程式。 The video encryption system of claim 4, wherein the encryption module replaces the license key at intervals, wherein the replaced license key corresponds to the encrypted video within the time interval; In response to the license key being replaced, the first video streaming application sends the encrypted video within the time interval to the second video stream on the second electronic device via the video streaming server The application and the license client send the replaced license key to the license plug-in on the second electronic device via the license server. 如請求項5之視訊加密的系統,其中響應於第二視訊串流應用程式接收到來自第三電子裝置的一加入會議請求,該許可證外掛程式確認是否有接收到來自該第三電子裝置的該許可證金鑰; 若有接收到來自該第三電子裝置的該許可證金鑰,該許可證外掛程式接受該加入會議請求; 若沒有接收到來自該第三電子裝置的該許可證金鑰,該許可證外掛程式拒絕該加入會議請求。 The system for video encryption of claim 5, wherein in response to the second video streaming application receiving a request to join a conference from the third electronic device, the license plug-in confirms whether a request from the third electronic device is received the license key; If the license key is received from the third electronic device, the license plug-in accepts the request to join the conference; If the license key is not received from the third electronic device, the license plug-in rejects the request to join the conference.
TW109138047A 2020-11-02 2020-11-02 Method and system of video encryption TW202220449A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109138047A TW202220449A (en) 2020-11-02 2020-11-02 Method and system of video encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109138047A TW202220449A (en) 2020-11-02 2020-11-02 Method and system of video encryption

Publications (1)

Publication Number Publication Date
TW202220449A true TW202220449A (en) 2022-05-16

Family

ID=82558728

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109138047A TW202220449A (en) 2020-11-02 2020-11-02 Method and system of video encryption

Country Status (1)

Country Link
TW (1) TW202220449A (en)

Similar Documents

Publication Publication Date Title
US11822626B2 (en) Secure web RTC real time communications service for audio and video streaming communications
JP7042875B2 (en) Secure dynamic communication networks and protocols
JP6921075B2 (en) Secure hierarchical encryption of data streams
US20230216947A1 (en) Method and System to Implement Secure Real Time Communications (SRTC) Between WebRTC and the Internet of Things (IoT)
CN112235608B (en) Data encryption transmission method, device and medium based on video network
US20100017599A1 (en) Secure digital content management using mutating identifiers
US20150222601A1 (en) Systems for Securing Control and Data Transfer of Smart Camera
JP2015133130A (en) Safe and secure instant messaging
CN109743170B (en) Method and device for logging in streaming media and encrypting data transmission
GB2533279B (en) Secure media player
US10164958B2 (en) Open access network secure authentication systems and methods
US11736492B2 (en) Signed contact lists for user authentication in video conferences
KR101837188B1 (en) Video protection system
US20220078169A1 (en) Methods, systems, and media for providing secure network communications
US20240106981A1 (en) Hiding private user data in public signature chains for user authentication in video conferences
Chu et al. Secure multicast protocol with copyright protection
CN110535856B (en) User authentication method, device and storage medium
TW202220449A (en) Method and system of video encryption
WO2022135308A1 (en) Method and apparatus for detecting media data
US20220247796A1 (en) Electronic conferencing
US20220407689A1 (en) Key sharing for media frames using blockchain
US20220376895A1 (en) Handling joining and leaving of participants in videoconferencing with end-to-end encryption
WO2022245592A1 (en) Signed contact lists for user authentication in video conferences
CN109698966B (en) Method and device for logging in streaming media and interactively encrypting data
CN110049007B (en) Video networking transmission method and device