WO2017113610A1 - Method, device, and system for streaming media encryption - Google Patents

Method, device, and system for streaming media encryption Download PDF

Info

Publication number
WO2017113610A1
WO2017113610A1 PCT/CN2016/084856 CN2016084856W WO2017113610A1 WO 2017113610 A1 WO2017113610 A1 WO 2017113610A1 CN 2016084856 W CN2016084856 W CN 2016084856W WO 2017113610 A1 WO2017113610 A1 WO 2017113610A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
streaming media
encrypted
data
server
Prior art date
Application number
PCT/CN2016/084856
Other languages
French (fr)
Chinese (zh)
Inventor
杨自清
周峰
Original Assignee
深圳Tcl数字技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳Tcl数字技术有限公司 filed Critical 深圳Tcl数字技术有限公司
Publication of WO2017113610A1 publication Critical patent/WO2017113610A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/70Media network packetisation

Definitions

  • the present invention relates to the field of digital rights management, and in particular, to a streaming media encryption method, apparatus and system.
  • Streaming media is also called streaming media.
  • Streaming media technology allows users to download and play while not having to wait for all media content to be downloaded. This saves users' waiting time and storage space.
  • users using streaming media technology to view media content has become an important multimedia viewing channel.
  • content providers or copyright owners usually encrypt streaming media, and users can obtain media content after authorization, thereby realizing copyright protection for streaming media.
  • DRM Digital Rights Management
  • the mainstream DRM solutions include Microsoft (Microsoft) PlayReady, Google (Google) Widevine, and Samsung, Philips, Panasonic and other companies to form Marlin.
  • Microsoft Microsoft
  • Google Google
  • Samsung Philips
  • Panasonic Samsung
  • other companies to form Marlin.
  • the specific implementation methods are different, the current DRM solution has a common feature, which is to change the multimedia container format and increase the burden on the client.
  • ASF Advanced Streaming Format
  • An ASF file is a container, usually composed of three parts: Header Object, Data Object (Data Object) and index object (Index Object), where the file header object and the index object are metadata, and the data object is media data.
  • PlayReady adds Protection System when encrypting ASF files Identifier Object to the ASF Header object, modifying the Stream in the metadata
  • the Properties object indicates that each stream is encrypted, and payload extensions are added to store Samle. ID (sampling ID), and finally ASF The size (data size) and offsets (compensation) of the object (ASF object).
  • This encryption method not only modifies the metadata of the ASF file, but also makes the original ASF file format unrecognizable. Also, since PlayReady encrypts each media in the media data Object (media object), that is, encrypting each video/audio samples, resulting in a large amount of encrypted data and a heavy workload.
  • the client When the client receives the modified file format (or container), on the one hand, in order to understand the reuse of the media content, it is necessary to modify the original demux (demultiplexing) module of the client to adapt to the new file format, which is greatly Added compatibility development work for the client demux module; on the other hand, the client must encrypt the video/audio one by one. The sample is decrypted, which seriously consumes the resources of the client and slows down the system process.
  • the original demux demultiplexing
  • the existing streaming media encryption technology not only has a large amount of data encryption workload, but also the modification of the original file format or the container format destroys the format of the original file, resulting in a load on the client.
  • the main object of the present invention is to provide a streaming media encryption method, device and system, which aim to solve the technical problem that the existing streaming media encryption technology destroys the original file format and the data encryption workload is large.
  • the present invention provides a streaming media encryption method, and the streaming media encryption method includes the following steps:
  • the server obtains metadata and media data according to the original media file
  • the server encrypts the media data to obtain an encryption box according to a preset encryption key and encryption information
  • the server creates a new encrypted streaming media file, writes the metadata to the encrypted streaming media file according to the format of the original media file, and writes the encrypted box as the media data into the encrypted streaming media file.
  • the encryption of the original file of the streaming media is completed.
  • the step of the server encrypting the media data to obtain an encryption box according to the preset encryption key and the encryption information includes:
  • the server divides the media data according to a preset data amount to obtain each data segment
  • the server obtains an encryption key and encryption information of each piece of data according to a preset encryption key and encryption information
  • the server separately encrypts the data segments to obtain each encryption box according to the encryption key and the encryption information of each data segment.
  • the method further includes:
  • the server determines whether the data segments have all been encrypted
  • the server obtains the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information;
  • the server creates an encrypted streaming media file according to the format of the original media file, the metadata, and the encryption box.
  • the step of the server determining whether the data segments have all been encrypted includes:
  • the server determines that the data segments have all been encrypted; if the remaining media data length is not zero, it is determined that the data segments are not all encrypted.
  • the server creates a new encrypted streaming media file, writes the metadata to the encrypted streaming media file according to the format of the original streaming media file, and writes the encrypted box as media data.
  • the method further includes:
  • the server issues the encrypted streaming media file to the client.
  • the present invention further provides a streaming media encryption device, where the streaming media encryption device includes:
  • An obtaining module configured to obtain metadata and media data according to the original media file
  • An encryption module configured to encrypt the media data according to a preset encryption key and encryption information to obtain an encryption box
  • a creating module configured to create a new encrypted streaming media file, write the metadata into the encrypted streaming media file according to a format of the original media file, and write the encrypted box as the media data into the encrypted streaming media File, completing the encryption of the original streaming media file.
  • the encryption module comprises:
  • a dividing unit configured to divide the media data by a preset amount of data, to obtain each data segment
  • a key unit configured to acquire an encryption key and encryption information of each data segment according to a preset encryption key and encryption information
  • an encryption unit configured to encrypt each of the data segments according to the encryption key and the encryption information of each data segment to obtain each encryption box.
  • the encryption module further includes:
  • the determining unit is configured to determine whether the data segments have all been encrypted.
  • the determining unit is further configured to:
  • the server determines that the data segments have all been encrypted; if the remaining media data length is not zero, it is determined that the data segments are not all encrypted.
  • the streaming media encryption device further includes:
  • a publishing module configured to publish the encrypted streaming media file to a client.
  • the present invention further provides a streaming media encryption system, where the streaming media encryption system includes a server and a client, where:
  • the server includes an obtaining module, an encryption module, a creating module, and a publishing module;
  • the client is configured to obtain an encrypted streaming media file from the server.
  • the server is pre-configured with a decryption key
  • the decryption key is corresponding to the preset encryption key and the encrypted information
  • the client is further configured to:
  • Parsing the data segment to obtain media content presenting the media content to a user.
  • a streaming media encryption method, device and system according to an embodiment of the present invention, the metadata of the original file of the streaming media is separated by the server, and the media data is encrypted to obtain the encryption box, and the metadata and the encryption box are The format of the original streaming file is written into the newly created encrypted streaming media file, and the encrypted streaming media file is consistent with the original streaming file format.
  • the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server.
  • the embodiment of the invention solves the technical problem that the streaming media encryption technology destroys the original file format and the data encryption workload is large, and realizes the successful encryption of the streaming media file without destroying the format of the original file of the streaming media, and reduces the workload of data encryption. The effect is remarkable, which effectively improves the efficiency of the server.
  • FIG. 1 is a schematic flowchart of a first embodiment of a streaming media encryption method according to the present invention
  • FIG. 2 is a schematic diagram of functional modules of a first embodiment of a streaming media encryption device according to the present invention
  • FIG. 3 is a schematic block diagram of a first embodiment and a second embodiment of a streaming media encryption system according to the present invention
  • FIG. 4 is a schematic diagram of an encryption application scenario of an ASF streaming media file according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a format of an ASF streaming media file according to an embodiment of the present invention.
  • the present invention provides a solution.
  • the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server.
  • the streaming media file is successfully encrypted without destroying the format of the original file of the streaming media, thereby avoiding the modification of the demultiplexing module by the client, and reducing the development cost of the client.
  • a first embodiment of a streaming media encryption method of the present invention provides a streaming media encryption method, where the streaming media encryption method includes:
  • Step S10 The server obtains metadata and media data according to the original media file.
  • the server separates the metadata of the original file of the streaming media from the media data, and only encrypts the media data, so that the obtained encrypted streaming media file format remains unchanged.
  • the server may also be another hardware device with an encryption function.
  • the server obtains the original media file from the streaming media source.
  • Streaming original files include metadata and media data.
  • the metadata is used to describe the original data of the streaming media, including the identification data, the file attribute data, the media attribute data, the index data, etc., and can be flexibly set according to actual needs;
  • the media data includes the media content carried by the current streaming media original file.
  • Data such as graphics, images, audio, video, and more.
  • the server parses the original media file to obtain metadata and media data.
  • Step S20 The server encrypts the media data to obtain an encryption box according to a preset encryption key and encryption information.
  • the server After obtaining the metadata and the media data, the server encrypts the media data according to the preset encryption key and the encrypted information to obtain an encryption box.
  • the server divides the media data to obtain a data segment of the media data.
  • the server can preset the amount of data, divide the media data according to the preset amount of data, and obtain a plurality of data segments with the same amount of data; the server can also preset the number of segments, and perform media data according to the preset number of segments.
  • the data segments of the preset number are obtained, and the obtained data segments have the same amount of data; of course, the server can also divide the media data according to other preset rules to obtain data segments, which can be flexibly set according to actual needs.
  • One data segment includes one or more media data samples, which can be set according to actual needs.
  • the server pre-sets the encryption key and encryption information of the data segment.
  • the preset encryption information is the identification information of the encryption key, and is unique, and the encrypted information can be used to identify the encryption key used by the current data segment to be encrypted into the encrypted data.
  • the server also pre-sets a decryption key corresponding to the encryption key, and the decryption key is used to decrypt the encrypted data of the encryption key.
  • the encryption key and the corresponding decryption key share the same encryption information, that is, the encryption key, the decryption key and the encryption information have a one-to-one mapping relationship, and the server can obtain the corresponding encryption secret according to the encrypted information. Key and decryption key.
  • the server allocates the encryption key and the encrypted information according to the obtained data segment. If all data segments are currently encrypted using the same encryption key, the server assigns the same encryption key and encryption information to all data segments; if the data segment is currently encrypted with a different encryption key, then The server allocates different encryption keys and encrypted information corresponding to the encryption key to different data segments.
  • the data segments are separately encrypted according to the encryption key of the data segment.
  • the data segment obtained by the current server includes data segment 1, data segment 2, data segment 3, data segment n, and a total of n data segments.
  • the server encrypts the data segment 1 according to the encryption key of the data segment 1, and obtains the encrypted data 1.
  • the server creates the encryption box 1, and fills the obtained encrypted data 1 and the encrypted information corresponding to the encryption key into the encryption box 1.
  • the server obtains the related information data of the encryption box 1, and fills the information data into the encryption box 1, and completes the filling of the encryption box 1.
  • the related information data of the encryption box 1 includes information such as the identification information of the encryption box 1, the data size of the encryption box 1, and the data size of the encrypted data 1, and can be flexibly set according to actual needs.
  • the server obtains the encryption box 1 carrying the media data.
  • the server encrypts the data segment 2, the data segment 3, and the data segment n, respectively, to obtain an encryption box 2, an encryption box 3, ... an encryption box n.
  • the server completes encryption of the media data to obtain an encryption box.
  • Step S30 The server creates an encrypted streaming media file according to the format of the original media file, the metadata, and the encryption box.
  • the server After the encryption of the media data is completed, the server creates an encrypted streaming media file according to the obtained metadata and the encryption box.
  • the server creates a new encrypted streaming media file, and the newly created encrypted streaming media file has no specific file content.
  • the server writes the obtained metadata to the encrypted streaming media file according to the format of the original file of the streaming media, so that the format of the metadata in the encrypted streaming media file and the format of the metadata in the original streaming file remain the same, for example, : Make the location of the metadata in the encrypted streaming file the same as the location of the metadata in the original streaming file.
  • the ordering of the metadata and the encryption box in the encrypted streaming media file, and the ordering of the metadata and the media data in the original streaming file are consistent.
  • the server writes the obtained encrypted box as the media data to the encrypted streaming media file according to the format of the original file of the streaming media, so that the format of the encrypted box in the encrypted streaming media file is the same as the format of the media data in the original file of the streaming media.
  • the ordering of the metadata and the encryption box in the encrypted streaming media file, and the ordering of the metadata and the media data in the original streaming file are consistent.
  • the encryption of the original stream file is completed, and the encrypted stream file is obtained.
  • the obtained encrypted streaming media file has the same format as the original streaming media file.
  • the server since the server encrypts the media data in segments, there is no need to encrypt each media data sample in the media data, which greatly reduces the encryption workload of the server on the media data.
  • the server may pre-create an encrypted streaming media file, firstly writing the acquired metadata to the encrypted streaming media file according to the format of the original streaming media file, and then encrypting the media data. After obtaining the encryption box, the server sequentially writes the obtained encryption box to the encrypted streaming media file until all the media data is encrypted.
  • the encryption of the original stream file is completed, and the encrypted stream file is obtained.
  • the obtained encrypted streaming media file has the same format as the original streaming media file.
  • the server since the server encrypts the media data in segments, there is no need to encrypt each sample in the media data, which greatly reduces the encryption workload of the server on the media data.
  • ASF Advanced Streaming Format
  • advanced streaming format Encryption of streaming media files, for example.
  • the server includes an encryption server, a streaming media content publishing server, and a license server.
  • the client includes a control management module, a network download module, a decryption data module, a file format demultiplexing module, and a decoding presentation module.
  • the encryption server obtains the ASF streaming media file from the streaming media source, and the ASF streaming media file includes: a file header object (Header) Object), data object (Data Object) and index object (Index) Object), where the file header object and the index object are metadata, and the data object is media data.
  • the encryption server parses the ASF streaming media file to obtain metadata and media data.
  • the encryption server divides the data objects into data segments of the same size according to the preset amount of data.
  • the encryption server acquires the preset encryption key and the encrypted information from the license server.
  • Each piece of data can be encrypted with the same encryption key or encrypted with a different encryption key, which can be flexibly set according to actual needs.
  • the encryption server encrypts the data segments according to the obtained encryption key to obtain a corresponding encryption box.
  • the encryption server creates an encrypted streaming media file.
  • the file header object in the metadata is first written into the encrypted streaming media file, and then the obtained encryption box is written into the encrypted streaming media file, and finally Write the index object in the metadata to the encrypted streaming file.
  • the encryption server completes the encryption of the ASF streaming media file, and obtains the encrypted streaming media file.
  • the encryption server then pushes the obtained encrypted streaming media file to the streaming media content publishing server.
  • the streaming media content publishing server After receiving the encrypted streaming media file, the streaming media content publishing server issues the encrypted streaming media file to the network downloading module of the client.
  • control management module coordinates the management network download module, the decryption data module, the file format demultiplexing module, and the decoding presentation module, obtains the encrypted streaming media file, decrypts it, and presents it to the user.
  • control network downloading module sends a request from the streaming media content publishing server to download the encrypted streaming media file.
  • decrypted data module parses the obtained encrypted streaming media file to obtain an encrypted box.
  • the decryption data module acquires the encrypted information in the encryption box from the obtained encryption box, and transmits a permission request to the license server according to the obtained encrypted information, the permission request carrying the encrypted information.
  • the license server After receiving the permission request sent by the decryption data module, the license server searches for the decryption key corresponding to the encrypted information according to the encrypted information carried by the permission request; then, the license server returns the decryption key to the decrypted data module.
  • the decryption data module After receiving the decryption key, the decryption data module decrypts the encrypted data in each encryption box according to the decryption key to obtain each piece of data of the media data.
  • the file format demultiplexing module parses the obtained media data segments to obtain information such as each media data sampling and display time stamp.
  • the decoding presentation module decodes the media data content according to the obtained media data sampling and display time stamp and the like, and presents the media content in the display screen of the client.
  • the present embodiment separates the metadata and media data of the original file of the streaming media by the server, encrypts only the media data to obtain an encryption box, and writes the metadata and the encryption box to the newly created encrypted streaming media file according to the format of the original file of the streaming media.
  • the encrypted streaming media file is consistent with the original streaming file format.
  • the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server.
  • the embodiment solves the technical problem that the streaming media encryption technology destroys the original file format and the data encryption workload is large, and realizes the successful encryption of the streaming media file without destroying the format of the original file of the streaming media, and reduces the workload of data encryption, and the effect Significantly, effectively improving the efficiency of the server.
  • the second embodiment of the streaming media encryption method of the present invention provides a streaming media encryption method. Based on the first embodiment of the streaming media encryption method of the present invention, the step S20 includes:
  • Step S21 The server divides the media data according to a preset data amount to obtain each data segment.
  • the server After obtaining the media data of the original file of the streaming media, first, the server divides the media data by the same amount of data.
  • the preset data amount is the byte size of the data, and can be flexibly set according to the application scenario and the customer needs. For example, in order to ensure that the obtained media data is parsed, a more precise combination is presented to the user for the media content, and the amount of data can be set small; in order to improve the smoothness of the playback of the media content, the user can download faster, and the data volume can be set. Big.
  • One data segment includes one or more media data samples, which can be set according to actual needs.
  • the server divides the media data into equal-sized segments to obtain each data segment. At the same time, the server records the starting position of each data segment in the original file of the streaming media.
  • Step S22 The server obtains an encryption key and encryption information of each data segment according to a preset encryption key and encryption information.
  • the server After obtaining each data segment, the server obtains the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information.
  • the server is pre-configured with an encryption key and encrypted information.
  • the preset encryption information is the identification information of the encryption key, and is unique, and the encrypted information can be used to identify the encryption key used by the current data segment to be encrypted into the encrypted data.
  • the server also pre-sets a decryption key corresponding to the encryption key, and the decryption key is used to decrypt the encrypted data of the encryption key.
  • the encryption key and the corresponding decryption key share the same encryption information, that is, the encryption key, the decryption key and the encryption information have a one-to-one mapping relationship, and the server can obtain the corresponding encryption secret according to the encrypted information. Key and decryption key.
  • the server allocates the encryption key and the encrypted information according to the obtained data segment. If all data segments are currently encrypted using the same encryption key, the server assigns the same encryption key and encryption information to all data segments; if the data segment is currently encrypted with a different encryption key, then The server allocates different encryption keys and encrypted information corresponding to the encryption key to different data segments.
  • the server obtains the encryption key and the encrypted information of each segment.
  • Step S23 The server end encrypts each data segment to obtain each encryption box according to the encryption key and the encryption information of each data segment.
  • the server After obtaining the encryption key and the encryption information of each data segment, the server encrypts each data segment to obtain each encryption box.
  • the server constructs an encryption box, and the data structure of the encryption box is as shown in Table 1 below.
  • Signature The ID is 32 bits, which is 4 bytes of fixed data, such as 0x05050303, used to identify the encryption box, and is the only indication of the entire encryption box.
  • Total size is 32 bits and is used to record the amount of data in the entire encryption box.
  • the file data volume is 32 bits, which is used to record the data offset of the encrypted data in the original file of the streaming media, that is, the starting position of the data segment carried by the current encryption box in the original file of the streaming media.
  • DRM Data is the encryption information corresponding to the encryption key used to encrypt the data in the current encryption box, and is used by the client to obtain the corresponding decryption key according to the information.
  • the length of the data is 32 bits, which is used to record the data length of the DRM data, that is, the amount of data of the DRM data.
  • Encrypted Data is the encrypted data carried in the current encryption box, that is, the encrypted data fragment. Each encryption box carries an encrypted piece of data. Encrypted data The length of the data is 32 bits, which is used to record the data length of Encrypted data, that is, the amount of data of Encrypted data.
  • the server can encrypt the data segments in sequence according to the playing time sequence of the data segments.
  • the server gets the first data fragment, and then writes 0x05050303 to Signature. ID, used to identify the existence of the encryption box.
  • the server writes the start position of the first data segment recorded in the original stream file to Offset to origin File.
  • the server writes the encrypted information of the first data segment into DRM data; and obtains the data amount of the encrypted information, and writes the DRM data Length.
  • the server encrypts the first data segment according to the encryption key of the first data segment to obtain encrypted data.
  • the server will write the encrypted data to Encrypted Data; and get the amount of information of the encrypted data, write Encrypted data length.
  • the server calculates the total amount of data of the current encryption box, and writes the obtained data amount to Total size.
  • the server completes the encryption of the first data segment to obtain the first encryption box.
  • the server continues to construct the encryption box, and then encrypts the data segments in turn to obtain the corresponding encryption box.
  • the third embodiment of the streaming media encryption method of the present invention further provides a streaming media encryption method. Based on the second embodiment of the streaming media encryption method of the present invention, after the step S23, the method further includes:
  • Step S24 the server determines whether the data segments have all been encrypted; if the data segments are not all encrypted, the process proceeds to: S22; if the data segments have all been encrypted, Go to the execution step: S30.
  • the server sequentially encrypts each data segment according to the encryption key and the encryption information of each data segment.
  • the length of the media data of the original file of the streaming media is m
  • the preset data amount of the divided data segment is k
  • the server sequentially intercepts the data segment of length k from the media data to obtain an encrypted box.
  • the server determines whether the current data segments have all been encrypted according to the remaining media data length; if the remaining media data length is zero, it determines that the current data segments have all been encrypted. If the remaining media data length is not zero, it is determined that the current data segments are not all encrypted.
  • the server continues to intercept the data segment of length k from the media data, obtains the encryption key and the encrypted information of the data segment, and encrypts the data segment. After the encryption box is obtained, it is judged again whether the current data segments have all been encrypted.
  • the server creates an encrypted streaming media file according to the format of the original media file, metadata, and each encryption box, and completes encryption of the original file of the streaming media.
  • the data segment is prevented from being missed in the encryption process, and the integrity of the media data in the encrypted streaming media file is ensured.
  • a fourth embodiment of the streaming media encryption method of the present invention provides a streaming media encryption method, a first embodiment, a second embodiment, or a third embodiment of the streaming media encryption method of the present invention. After the step, it also includes:
  • S40 The server issues the encrypted streaming media file to a client.
  • the server creates an encrypted streaming media file according to the format of the original media file, metadata, and each encryption box, and after encrypting the original file of the streaming media, the encrypted streaming media file is released to the client.
  • the server may obtain the obtained multiple encrypted streaming media files after all the original streaming media files are encrypted. Unified packaging, release to the client. The client can download all encrypted streaming media files at one time.
  • the server may immediately obtain the obtained encrypted streaming media file to the client after completing the encryption of one original streaming media file. The end is released until the encryption and distribution of all the original streaming media files are completed.
  • the client can download the encrypted streaming media file in sequence for decryption and playback, so that the user can view the media content online.
  • the server actively releases the encrypted streaming media file to the client, so that the client can obtain the encrypted streaming media file in time, and decrypts the acquired encrypted streaming media file while continuing to download the subsequent encrypted streaming media file, thereby implementing streaming media.
  • Online continuous playback of file content improves the user experience.
  • a first embodiment of a streaming media encryption device of the present invention provides a streaming media encryption device, where the streaming media encryption device includes:
  • the obtaining module 10 is configured to obtain metadata and media data according to the original media file.
  • the encryption module 20 is configured to encrypt the media data according to a preset encryption key and encryption information to obtain an encryption box.
  • the creating module 30 is configured to create an encrypted streaming media file according to the format of the original streaming file, the metadata, and the encryption box.
  • the present embodiment separates the metadata of the original file of the streaming media and the media data, encrypts only the media data to obtain an encryption box, and writes the metadata and the encryption box into the newly created encrypted streaming media file according to the format of the original media of the streaming media, thereby realizing
  • the encrypted streaming media file is consistent with the original streaming file format.
  • the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server.
  • the embodiment solves the technical problem that the streaming media encryption technology destroys the original file format and the data encryption workload is large, and realizes the successful encryption of the streaming media file without destroying the format of the original file of the streaming media, and reduces the workload of data encryption, and the effect Significantly, effectively improving the efficiency of the server.
  • the second embodiment of the streaming media encryption device of the present invention provides a streaming media encryption device.
  • the encryption module 20 includes:
  • a dividing unit configured to divide the media data by a preset amount of data to obtain each piece of data.
  • the secret key unit is configured to acquire the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information.
  • an encryption unit configured to encrypt each of the data segments according to the encryption key and the encryption information of each data segment to obtain each encryption box.
  • the media data is encrypted only, and the streaming media file is encrypted without changing the original file format of the streaming media.
  • the third embodiment of the streaming media encryption device of the present invention further provides a streaming media encryption device.
  • the encryption module 20 further includes:
  • the determining unit is configured to determine whether the data segments have all been encrypted.
  • the data segment is prevented from being missed in the encryption process, and the integrity of the media data in the encrypted streaming media file is ensured.
  • the fourth embodiment of the streaming media encryption device of the present invention provides a streaming media encryption device.
  • the streaming media encryption device is based on the first embodiment, the second embodiment or the third embodiment of the streaming media encryption device of the present invention. Also includes:
  • a publishing module configured to publish the encrypted streaming media file to a client.
  • the encrypted streaming media file is actively distributed to the client, so that the client can obtain the encrypted streaming media file in time, and decrypt the acquired encrypted streaming media file while continuing to download the subsequent encrypted streaming media file, thereby realizing the streaming media file content.
  • Online continuous playback enhances the user experience.
  • a first embodiment of a streaming media encryption system of the present invention provides a streaming media encryption system, where the streaming media encryption system includes a server A and a client B, where:
  • the server A includes an obtaining module 10, an encryption module 20, a creating module 30, and a publishing module;
  • the client B is configured to obtain an encrypted streaming media file from the server A.
  • the streaming media encryption system includes a server A and a client B.
  • the server A is used to encrypt the original stream file, and the obtained encrypted stream file is distributed to the client B.
  • the client B is used to obtain the encrypted stream from the server A.
  • the server A includes an obtaining module 10, an encryption module 20, a creating module 30, and a publishing module.
  • the server A obtains the original media file from the streaming media source. Then, server A obtains the metadata and media data from the original streaming file and keeps the metadata unchanged.
  • the server A divides the obtained media data into data segments of equal size according to the preset data amount, and encrypts the data segments respectively to obtain corresponding encryption boxes.
  • server A creates a new streaming media file as the encrypted streaming media file, and the newly created streaming media file format remains the same as the format of the original streaming media file.
  • the server A keeps the metadata unchanged, writes it into the encrypted streaming media file, and writes the encrypted box as the media data into the encrypted streaming media file to complete the encryption of the original streaming media file.
  • the server A releases the obtained encrypted streaming media file to the client B.
  • Client B downloads the encrypted streaming media file from server A according to the needs of the user.
  • client B parses the obtained encrypted streaming media file to obtain each encryption box.
  • Client B obtains the encrypted information of each encryption box, and sends a permission request to server A according to the encrypted information.
  • the client B obtains the decryption key returned by the server A, decrypts the encrypted box, and decodes the obtained media data to present the media content to the user.
  • server A obtains the original stream file from the streaming media source. Then, server A obtains the metadata and media data from the original streaming file and keeps the metadata unchanged.
  • Server A creates a new streaming file as an encrypted streaming file.
  • the resulting metadata is then written to the encrypted streaming media file, keeping the metadata content unchanged.
  • the server A keeps the format of the metadata in the encrypted streaming media file unchanged in the original file of the streaming media.
  • the metadata is located in the file header in the original file of the streaming media, and the server writes the metadata to the encrypted stream.
  • the metadata remains in the header of the encrypted streaming file.
  • the server A divides the obtained media data into data segments of equal size, and encrypts the data segments respectively to obtain corresponding encryption boxes.
  • the server A sequentially writes the obtained encryption box into the encrypted streaming media file, and keeps the format of the encrypted box in the encrypted streaming media file in the same format as the media data in the original streaming file.
  • the server A After the server A completes the encryption of all the data segments, and the obtained encryption boxes are all written into the encrypted streaming media file, the server completes the encryption of the original file of the streaming media.
  • the server A releases the obtained encrypted streaming media file to the client B.
  • Client B downloads the encrypted streaming media file from server A according to the needs of the user.
  • client B parses the obtained encrypted streaming media file to obtain each encryption box.
  • Client B obtains the encrypted information of each encryption box, and sends a permission request to server A according to the encrypted information.
  • the client B obtains the decryption key returned by the server A, decrypts the encrypted box, and decodes the obtained media data to present the media content to the user.
  • the encrypted original stream file and the original format of the streamed media are kept unchanged by the server, so that the format of the obtained media data is unchanged after the client obtains the encrypted streaming media file, and only needs to be obtained.
  • the media data can be obtained by decrypting the encryption box, and the demultiplexing of the client data can be realized without adjusting the demultiplexing module of the client, thereby reducing the compatibility development workload of the client, and realizing the encryption security of the streaming media file. The cost of encryption system development is reduced.
  • the second embodiment of the streaming media encryption system of the present invention provides a streaming media encryption system.
  • the server A presets.
  • the decryption key corresponds to the preset encryption key and the encrypted information
  • the client B is further used,
  • the server A pre-sets the decryption key of the original file of the streaming media, and the decryption key preset by the server A corresponds to the encryption key and the encrypted information of the preset original file of the streaming media. It can be understood that the server A pre-sets the encryption key, the decryption key and the encryption information of the original file of the streaming media, and the three correspond to each other.
  • the encrypted information is the identification information of the encryption key and the decryption key, and the server A can obtain the corresponding encryption key and the decryption key according to the encrypted information.
  • the data encrypted by the server A using the encryption key can be decrypted using the corresponding decryption key to obtain the original data.
  • client B After obtaining the encrypted streaming media file, client B parses the obtained encrypted streaming media file to obtain metadata and an encryption box.
  • the metadata is used to obtain various information of the current streaming media original file.
  • the client B sequentially reads each encryption box in the encrypted streaming media file to obtain the encrypted information in the encryption and the encryption. Then, the client B will send a permission request to the server A according to the encrypted information, and obtain the decryption key corresponding to the encrypted information.
  • the server A After receiving the permission request of the client B, the server A searches for the decryption key corresponding to the encrypted information, and returns the decryption key to the client B.
  • the preset client B has obtained the authorization of the server A, and can obtain the streaming media file issued by the server A.
  • the client B receives the decryption key returned by the server A, and decrypts the encrypted box carrying the current decrypted information, that is, decrypts the encrypted data carried in the encrypted box to obtain a data segment.
  • Client B decrypts each encryption box carried in the encrypted streaming media file to obtain each data segment.
  • client B parses each data segment of the media data to obtain information of each media data sample and associated display time stamp in each data segment.
  • Client B then decodes each media data sample to obtain media content.
  • the client B presents the obtained media content to the client according to the information such as the display time stamp, for example, displaying the video on the display screen of the client B, controlling the output of the audio output module of the client B, and the like.
  • the streaming media encryption system implements encryption and decryption of streaming media files.
  • the media data decrypted by the client B is a data segment, and a plurality of media data samples may be sampled in one data segment, thereby avoiding decryption of each media data sample, thereby reducing the decryption workload of the client B.
  • the client B can directly decrypt the encrypted box to obtain the media data.
  • the streaming media file is encrypted, the format remains unchanged, and the encryption workload of the server and the decryption workload of the client are alleviated, and the efficiency of encryption and decryption of the streaming media file is improved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed in the present invention is a streaming media encryption method. The method comprises: a service terminal obtaining, according to an original streaming media file, metadata and media data; the service terminal encrypting, according to a preset encryption key and encryption information, the media data to obtain an encryption box; and the service terminal creating an encrypted streaming media file according to the format of the original streaming media file, the metadata and the encryption box. A device and a system for streaming media encryption are further disclosed in the present invention. The present invention reduces the encryption workload of the service terminal, improves the efficiency of the service terminal, and meanwhile realizes the successful encryption of the streaming media file without damaging the format of the original streaming media file, reducing the development cost of the client.

Description

流媒体加密方法、装置和系统  Streaming media encryption method, device and system
技术领域Technical field
本发明涉及数字版权管理领域,尤其涉及一种流媒体加密方法、装置和系统。 The present invention relates to the field of digital rights management, and in particular, to a streaming media encryption method, apparatus and system.
背景技术Background technique
流媒体又叫流式媒体,采用流媒体技术,用户无需等待媒体内容全部下载完成,可以一边下载一边播放,节省了用户的等待时间和存储空间。基于当前计算机技术和网络技术的快速发展,用户使用流媒体技术收看媒体内容已成为了当前重要的一种多媒体观看途径。内容提供商或者版权所有者为了保障自己的利益,防止媒体内容被非法复制、肆意传播,通常会对流媒体进行加密,用户得到授权后才能获取媒体内容,从而实现对流媒体的版权保护。Streaming media is also called streaming media. Streaming media technology allows users to download and play while not having to wait for all media content to be downloaded. This saves users' waiting time and storage space. Based on the rapid development of current computer technology and network technology, users using streaming media technology to view media content has become an important multimedia viewing channel. In order to protect their own interests and prevent illegal copying and dissemination of media content, content providers or copyright owners usually encrypt streaming media, and users can obtain media content after authorization, thereby realizing copyright protection for streaming media.
当前,对流媒体的加密主要采用DRM(Digital Rights Management,数字版权管理),用于控制和限制流媒体的使用权。主流的DRM方案包括Microsoft(微软)的PlayReady,Google(谷歌)的Widevine,以及三星、飞利浦、松下等公司共同组建的Marlin等。虽然具体的实现方式有差异,但是目前的DRM方案具有一个共同的特点,就是对多媒体的容器格式进行了更改,增加了客户端的负担。Currently, the encryption of streaming media mainly uses DRM (Digital Rights). Management, Digital Rights Management), used to control and restrict the use of streaming media. The mainstream DRM solutions include Microsoft (Microsoft) PlayReady, Google (Google) Widevine, and Samsung, Philips, Panasonic and other companies to form Marlin. Although the specific implementation methods are different, the current DRM solution has a common feature, which is to change the multimedia container format and increase the burden on the client.
例如,Microsoft(微软)使用ASF(Advanced Streaming Format,高级串流格式)输出流媒体文件。ASF文件是一个容器,通常由3部分组成:文件头对象(Header Object)、数据对象(Data Object)和索引对象(Index Object),其中文件头对象和索引对象均为元数据,数据对象为媒体数据。PlayReady在对ASF文件进行加密时,增加Protection System Identifier Object(保护系统标识符对象)到ASF Header object(ASF文件头对象)中,修改了元数据中的the Stream Properties object(流属性对象)表明每一路流是加密的,还会增加payload extensions(有效载荷扩展)用于存储Samle ID(采样ID),最后再加上ASF object(ASF对象)的size(数据大小)和offsets(补偿)。这种加密方式不仅修改了ASF文件的元数据,还使得原有的ASF文件格式变得面貌全非。另外,由于PlayReady加密媒体数据中的每个media object(媒体对象),也即加密每一个video/audio samples(音视频采样),导致加密数据量大,工作负担重。For example, Microsoft uses ASF (Advanced Streaming) Format, advanced streaming format) Output streaming media files. An ASF file is a container, usually composed of three parts: Header Object, Data Object (Data Object) and index object (Index Object), where the file header object and the index object are metadata, and the data object is media data. PlayReady adds Protection System when encrypting ASF files Identifier Object to the ASF Header object, modifying the Stream in the metadata The Properties object indicates that each stream is encrypted, and payload extensions are added to store Samle. ID (sampling ID), and finally ASF The size (data size) and offsets (compensation) of the object (ASF object). This encryption method not only modifies the metadata of the ASF file, but also makes the original ASF file format unrecognizable. Also, since PlayReady encrypts each media in the media data Object (media object), that is, encrypting each video/audio samples, resulting in a large amount of encrypted data and a heavy workload.
当客户端收到被修改后的文件格式(或者容器)时,一方面,为了解复用媒体内容,需要修改客户端原有的demux(解复用)模块来适应新的文件格式,这大大增加了客户端demux模块的兼容性开发工作;另一方面,客户端必须逐个对加密的video/audio sample进行解密,严重耗费了客户端的资源,减慢了系统进程。When the client receives the modified file format (or container), on the one hand, in order to understand the reuse of the media content, it is necessary to modify the original demux (demultiplexing) module of the client to adapt to the new file format, which is greatly Added compatibility development work for the client demux module; on the other hand, the client must encrypt the video/audio one by one. The sample is decrypted, which seriously consumes the resources of the client and slows down the system process.
由此可见,现有的流媒体加密技术不仅数据加密工作量大,而且对原文件格式或容器格式的修改,破坏了原文件的格式,导致客户端的负荷加重。It can be seen that the existing streaming media encryption technology not only has a large amount of data encryption workload, but also the modification of the original file format or the container format destroys the format of the original file, resulting in a load on the client.
发明内容Summary of the invention
本发明的主要目的在于提供一种流媒体加密方法、装置和系统,旨在解决现有流媒体加密技术破坏原有文件格式、数据加密工作量大的技术问题。The main object of the present invention is to provide a streaming media encryption method, device and system, which aim to solve the technical problem that the existing streaming media encryption technology destroys the original file format and the data encryption workload is large.
为实现上述目的,本发明提供一种流媒体加密方法,所述流媒体加密方法包括以下步骤:To achieve the above objective, the present invention provides a streaming media encryption method, and the streaming media encryption method includes the following steps:
服务端根据流媒体原文件,得到元数据和媒体数据;The server obtains metadata and media data according to the original media file;
根据预设的加密秘钥和加密信息,所述服务端加密所述媒体数据得到加密盒;The server encrypts the media data to obtain an encryption box according to a preset encryption key and encryption information;
所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密。The server creates a new encrypted streaming media file, writes the metadata to the encrypted streaming media file according to the format of the original media file, and writes the encrypted box as the media data into the encrypted streaming media file. The encryption of the original file of the streaming media is completed.
在一个实施例中,所述根据预设的加密秘钥和加密信息,所述服务端加密所述媒体数据得到加密盒的步骤包括:In an embodiment, the step of the server encrypting the media data to obtain an encryption box according to the preset encryption key and the encryption information includes:
所述服务端按预设的数据量划分所述媒体数据,得到各数据片段;The server divides the media data according to a preset data amount to obtain each data segment;
根据预设的加密秘钥和加密信息,所述服务端获取所述各数据片段的加密秘钥和加密信息;The server obtains an encryption key and encryption information of each piece of data according to a preset encryption key and encryption information;
根据所述各数据片段的加密秘钥和加密信息,所述服务端分别加密所述各数据片段得到各加密盒。And the server separately encrypts the data segments to obtain each encryption box according to the encryption key and the encryption information of each data segment.
在一个实施例中,所述根据所述各数据片段的加密秘钥和加密信息,所述服务端分别加密所述各数据片段得到各加密盒的步骤之后,还包括:In an embodiment, after the step of encrypting the data segments to obtain each encryption box according to the encryption key and the encryption information of each data segment, the method further includes:
所述服务端判断所述各数据片段是否已全部完成加密;The server determines whether the data segments have all been encrypted;
若所述各数据片段未全部完成加密,则转入执行步骤:根据预设的加密秘钥和加密信息,所述服务端获取所述各数据片段的加密秘钥和加密信息;If the data segments are not all encrypted, proceed to the execution step: the server obtains the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information;
若所述各数据片段已全部完成加密,则转入执行步骤:所述服务端根据所述流媒体原文件的格式、所述元数据和所述加密盒,创建加密流媒体文件。If the data segments have all been encrypted, proceed to the execution step: the server creates an encrypted streaming media file according to the format of the original media file, the metadata, and the encryption box.
在一个实施例中,所述服务端判断所述各数据片段是否已全部完成加密的步骤包括:In an embodiment, the step of the server determining whether the data segments have all been encrypted includes:
根据剩余的媒体数据长度判断所述各数据片段是否已全部完成加密;Determining, according to the remaining media data length, whether each of the data segments has been completely encrypted;
若剩余的媒体数据长度为零,则所述服务端判定所述各数据片段已全部完成加密;若剩余的媒体数据长度不为零,则判定所述各数据片段未全部完成加密。If the length of the remaining media data is zero, the server determines that the data segments have all been encrypted; if the remaining media data length is not zero, it is determined that the data segments are not all encrypted.
在一个实施例中,所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密的步骤之后,还包括:In an embodiment, the server creates a new encrypted streaming media file, writes the metadata to the encrypted streaming media file according to the format of the original streaming media file, and writes the encrypted box as media data. After the step of encrypting the streaming media file and completing the encryption of the original streaming media file, the method further includes:
所述服务端向客户端发布所述加密流媒体文件。The server issues the encrypted streaming media file to the client.
此外,为实现上述目的,本发明还提供一种流媒体加密装置,所述流媒体加密装置包括:In addition, in order to achieve the above object, the present invention further provides a streaming media encryption device, where the streaming media encryption device includes:
获取模块,用于根据流媒体原文件,得到元数据和媒体数据;An obtaining module, configured to obtain metadata and media data according to the original media file;
加密模块,用于根据预设的加密秘钥和加密信息,加密所述媒体数据得到加密盒;An encryption module, configured to encrypt the media data according to a preset encryption key and encryption information to obtain an encryption box;
创建模块,用于新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密。a creating module, configured to create a new encrypted streaming media file, write the metadata into the encrypted streaming media file according to a format of the original media file, and write the encrypted box as the media data into the encrypted streaming media File, completing the encryption of the original streaming media file.
在一个实施例中,所述加密模块包括:In an embodiment, the encryption module comprises:
划分单元,用于按预设的数据量划分所述媒体数据,得到各数据片段;a dividing unit, configured to divide the media data by a preset amount of data, to obtain each data segment;
秘钥单元,用于根据预设的加密秘钥和加密信息,获取所述各数据片段的加密秘钥和加密信息;a key unit, configured to acquire an encryption key and encryption information of each data segment according to a preset encryption key and encryption information;
加密单元,用于根据所述各数据片段的加密秘钥和加密信息,分别加密所述各数据片段得到各加密盒。And an encryption unit, configured to encrypt each of the data segments according to the encryption key and the encryption information of each data segment to obtain each encryption box.
在一个实施例中,所述加密模块还包括:In an embodiment, the encryption module further includes:
判断单元,用于判断所述各数据片段是否已全部完成加密。The determining unit is configured to determine whether the data segments have all been encrypted.
在一个实施例中,所述判断单元还用于,In an embodiment, the determining unit is further configured to:
根据剩余的媒体数据长度判断所述各数据片段是否已全部完成加密;Determining, according to the remaining media data length, whether each of the data segments has been completely encrypted;
若剩余的媒体数据长度为零,则所述服务端判定所述各数据片段已全部完成加密;若剩余的媒体数据长度不为零,则判定所述各数据片段未全部完成加密。If the length of the remaining media data is zero, the server determines that the data segments have all been encrypted; if the remaining media data length is not zero, it is determined that the data segments are not all encrypted.
在一个实施例中,所述流媒体加密装置还包括:In an embodiment, the streaming media encryption device further includes:
发布模块,用于向客户端发布所述加密流媒体文件。a publishing module, configured to publish the encrypted streaming media file to a client.
此外,为实现上述目的,本发明还提供一种流媒体加密系统,所述流媒体加密系统包括服务端和客户端,其中:In addition, to achieve the above object, the present invention further provides a streaming media encryption system, where the streaming media encryption system includes a server and a client, where:
所述服务端包括获取模块、加密模块、创建模块和发布模块;The server includes an obtaining module, an encryption module, a creating module, and a publishing module;
所述客户端,用于从所述服务端获取加密流媒体文件。The client is configured to obtain an encrypted streaming media file from the server.
在一个实施例中,所述服务端预设有解密秘钥,所述解密秘钥与所述预设的加密秘钥、加密信息对应,所述客户端还用于,In an embodiment, the server is pre-configured with a decryption key, the decryption key is corresponding to the preset encryption key and the encrypted information, and the client is further configured to:
获取所述加密流媒体文件中加密盒的加密信息,根据所述加密信息从所述服务端获取所述加密盒的解密秘钥;Acquiring the encrypted information of the encrypted box in the encrypted streaming media file, and acquiring the decryption key of the encrypted box from the server according to the encrypted information;
根据所述解密秘钥,解密所述加密盒得到数据片段;Decrypting the encryption box to obtain a data segment according to the decryption key;
解析所述数据片段得到媒体内容,将所述媒体内容呈现给用户。Parsing the data segment to obtain media content, presenting the media content to a user.
本发明实施例提出的一种流媒体加密方法、装置和系统,通过服务端分离流媒体原文件的元数据和媒体数据,仅对媒体数据进行加密得到加密盒,并将元数据与加密盒根据流媒体原文件的格式写入新创建的加密流媒体文件,实现了加密流媒体文件与流媒体原文件格式保持一致。同时,在对媒体数据进行加密时,服务端无需对每一个媒体数据采样进行加密,大大减轻了服务端的加密工作量,提高了服务端的效率。本发明实施例解决了流媒体加密技术破坏原有文件格式、数据加密工作量大的技术问题,实现了不破坏流媒体原文件的格式成功加密流媒体文件,并减少了数据加密的工作量,效果显著,有效提升了服务端的效率。A streaming media encryption method, device and system according to an embodiment of the present invention, the metadata of the original file of the streaming media is separated by the server, and the media data is encrypted to obtain the encryption box, and the metadata and the encryption box are The format of the original streaming file is written into the newly created encrypted streaming media file, and the encrypted streaming media file is consistent with the original streaming file format. At the same time, when encrypting the media data, the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server. The embodiment of the invention solves the technical problem that the streaming media encryption technology destroys the original file format and the data encryption workload is large, and realizes the successful encryption of the streaming media file without destroying the format of the original file of the streaming media, and reduces the workload of data encryption. The effect is remarkable, which effectively improves the efficiency of the server.
附图说明DRAWINGS
图1为本发明流媒体加密方法第一实施例的流程示意图;1 is a schematic flowchart of a first embodiment of a streaming media encryption method according to the present invention;
图2为本发明流媒体加密装置第一实施例的功能模块示意图;2 is a schematic diagram of functional modules of a first embodiment of a streaming media encryption device according to the present invention;
图3为本发明流媒体加密系统第一实施例、第二实施例的模块示意图;3 is a schematic block diagram of a first embodiment and a second embodiment of a streaming media encryption system according to the present invention;
图4为本发明实施例中一种ASF流媒体文件的加密应用场景示意图;4 is a schematic diagram of an encryption application scenario of an ASF streaming media file according to an embodiment of the present invention;
图5为本发明实施例中一种ASF流媒体文件格式示意图。FIG. 5 is a schematic diagram of a format of an ASF streaming media file according to an embodiment of the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
本发明提供一种解决方案,在对媒体数据进行加密时,服务端无需对每一个媒体数据采样进行加密,大大减轻了服务端的加密工作量,提高了服务端的效率。同时,实现了不破坏流媒体原文件的格式成功加密流媒体文件,避免可客户端对解复用模块的修改,降低了客户端的开发成本。The present invention provides a solution. When encrypting media data, the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server. At the same time, the streaming media file is successfully encrypted without destroying the format of the original file of the streaming media, thereby avoiding the modification of the demultiplexing module by the client, and reducing the development cost of the client.
参照图1,本发明流媒体加密方法第一实施例提供一种流媒体加密方法,所述流媒体加密方法包括:Referring to FIG. 1 , a first embodiment of a streaming media encryption method of the present invention provides a streaming media encryption method, where the streaming media encryption method includes:
步骤S10、服务端根据流媒体原文件,得到元数据和媒体数据。Step S10: The server obtains metadata and media data according to the original media file.
本发明实施例中,服务端通过将流媒体原文件的元数据和媒体数据分开,仅加密媒体数据,从而实现得到的加密流媒体文件格式保持不变。当然,本实施例中,服务端也可以为其他具有加密功能的硬件设备。In the embodiment of the present invention, the server separates the metadata of the original file of the streaming media from the media data, and only encrypts the media data, so that the obtained encrypted streaming media file format remains unchanged. Of course, in this embodiment, the server may also be another hardware device with an encryption function.
具体的,作为一种实施方式,首先,服务端从流媒体源获取流媒体原文件。流媒体原文件包括元数据和媒体数据。Specifically, as an implementation manner, first, the server obtains the original media file from the streaming media source. Streaming original files include metadata and media data.
其中,元数据是用于描述流媒体原文件的数据,包括识别数据、文件属性数据、媒体属性数据、索引数据等,可根据实际需要灵活设置;媒体数据包括当前流媒体原文件携带的媒体内容数据,例如图形、图像、音频、视频等。The metadata is used to describe the original data of the streaming media, including the identification data, the file attribute data, the media attribute data, the index data, etc., and can be flexibly set according to actual needs; the media data includes the media content carried by the current streaming media original file. Data, such as graphics, images, audio, video, and more.
然后,服务端解析流媒体原文件,得到元数据和媒体数据。Then, the server parses the original media file to obtain metadata and media data.
步骤S20、根据预设的加密秘钥和加密信息,所述服务端加密所述媒体数据得到加密盒。Step S20: The server encrypts the media data to obtain an encryption box according to a preset encryption key and encryption information.
在得到元数据和媒体数据后,服务端根据预设的加密秘钥和加密信息,加密媒体数据得到加密盒。After obtaining the metadata and the media data, the server encrypts the media data according to the preset encryption key and the encrypted information to obtain an encryption box.
具体的,作为一种实施方式,首先,服务端将媒体数据进行划分,得到媒体数据的数据片段。服务端可以预设数据量,按照预设的数据量对媒体数据进行划分,得到数据量相同的多个数据片段;服务端也可以预设片段数量,根据预设的片段数量对媒体数据进行等分,得到预设数量的数据片段,得到的数据片段数据量相同;当然,服务端也可以根据其他预设规则,划分媒体数据得到数据片段,可根据实际需要灵活设置。一个数据片段中包括一个或多个媒体数据采样,可根据实际需要设置。Specifically, as an implementation manner, first, the server divides the media data to obtain a data segment of the media data. The server can preset the amount of data, divide the media data according to the preset amount of data, and obtain a plurality of data segments with the same amount of data; the server can also preset the number of segments, and perform media data according to the preset number of segments. The data segments of the preset number are obtained, and the obtained data segments have the same amount of data; of course, the server can also divide the media data according to other preset rules to obtain data segments, which can be flexibly set according to actual needs. One data segment includes one or more media data samples, which can be set according to actual needs.
服务端预设有数据片段的加密秘钥和加密信息。预设的加密信息为加密秘钥的识别信息,具有唯一性,可以使用加密信息标识当前数据片段被加密为加密数据所使用的加密秘钥。服务器还预设有加密秘钥对应的解密秘钥,解密秘钥用于解密加密秘钥加密后的数据。需要说明的是,加密秘钥和对应的解密秘钥共用同一加密信息,也即加密秘钥、解密秘钥和加密信息为一一对应的映射关系,服务器根据加密信息即可获取对应的加密秘钥和解密秘钥。The server pre-sets the encryption key and encryption information of the data segment. The preset encryption information is the identification information of the encryption key, and is unique, and the encrypted information can be used to identify the encryption key used by the current data segment to be encrypted into the encrypted data. The server also pre-sets a decryption key corresponding to the encryption key, and the decryption key is used to decrypt the encrypted data of the encryption key. It should be noted that the encryption key and the corresponding decryption key share the same encryption information, that is, the encryption key, the decryption key and the encryption information have a one-to-one mapping relationship, and the server can obtain the corresponding encryption secret according to the encrypted information. Key and decryption key.
然后,服务端根据得到的数据片段,分配加密秘钥和加密信息。若当前要对所有的数据片段使用相同的加密秘钥进行加密,则服务器向所有的数据片段分配相同的加密秘钥和加密信息;若当前要对数据片段使用不同的加密秘钥进行加密,则服务器向不同的数据片段分配不同的加密秘钥和加密秘钥对应的加密信息。Then, the server allocates the encryption key and the encrypted information according to the obtained data segment. If all data segments are currently encrypted using the same encryption key, the server assigns the same encryption key and encryption information to all data segments; if the data segment is currently encrypted with a different encryption key, then The server allocates different encryption keys and encrypted information corresponding to the encryption key to different data segments.
然后,根据数据片段的加密秘钥,分别对数据片段进行加密。Then, the data segments are separately encrypted according to the encryption key of the data segment.
例如,根据播放时间的先后顺序,当前服务端得到的数据片段包括数据片段1、数据片段2、数据片段3……数据片段n,共n个数据片段。For example, according to the sequence of playing time, the data segment obtained by the current server includes data segment 1, data segment 2, data segment 3, data segment n, and a total of n data segments.
服务端根据数据片段1的加密秘钥对数据片段1进行加密,得到加密数据1。The server encrypts the data segment 1 according to the encryption key of the data segment 1, and obtains the encrypted data 1.
然后,服务端创建加密盒1,将得到的加密数据1和加密秘钥对应的加密信息填充到加密盒1中。Then, the server creates the encryption box 1, and fills the obtained encrypted data 1 and the encrypted information corresponding to the encryption key into the encryption box 1.
然后,服务端获取加密盒1的相关信息数据,并将信息数据填充到加密盒1中,完成加密盒1的填充。加密盒1的相关信息数据包括加密盒1的标识信息、加密盒1的数据大小、加密数据1的数据大小等信息,可根据实际需要灵活设置。Then, the server obtains the related information data of the encryption box 1, and fills the information data into the encryption box 1, and completes the filling of the encryption box 1. The related information data of the encryption box 1 includes information such as the identification information of the encryption box 1, the data size of the encryption box 1, and the data size of the encrypted data 1, and can be flexibly set according to actual needs.
由此,服务端得到携带媒体数据的加密盒1。Thereby, the server obtains the encryption box 1 carrying the media data.
然后,服务端对数据片段2、数据片段3……数据片段n分别进行加密,得到加密盒2、加密盒3……加密盒n。Then, the server encrypts the data segment 2, the data segment 3, and the data segment n, respectively, to obtain an encryption box 2, an encryption box 3, ... an encryption box n.
由此,服务端完成对媒体数据的加密,得到加密盒。Thus, the server completes encryption of the media data to obtain an encryption box.
步骤S30、所述服务端根据所述流媒体原文件的格式、所述元数据和所述加密盒,创建加密流媒体文件。Step S30: The server creates an encrypted streaming media file according to the format of the original media file, the metadata, and the encryption box.
在完成对媒体数据的加密后,服务端根据得到的元数据和加密盒创建加密流媒体文件。After the encryption of the media data is completed, the server creates an encrypted streaming media file according to the obtained metadata and the encryption box.
具体的,作为一种实施方式,首先,服务端新建加密流媒体文件,新建的加密流媒体文件无具体的文件内容。Specifically, as an implementation manner, first, the server creates a new encrypted streaming media file, and the newly created encrypted streaming media file has no specific file content.
然后,服务端根据流媒体原文件的格式,将获取的元数据写入加密流媒体文件,使元数据在加密流媒体文件中的格式与元数据在流媒体原文件中的格式保持相同,例如:使元数据在加密流媒体文件的位置与元数据在流媒体原文件中的位置相同。使元数据与加密盒在加密流媒体文件的排序,和元数据与媒体数据在流媒体原文件中的排序保持一致。Then, the server writes the obtained metadata to the encrypted streaming media file according to the format of the original file of the streaming media, so that the format of the metadata in the encrypted streaming media file and the format of the metadata in the original streaming file remain the same, for example, : Make the location of the metadata in the encrypted streaming file the same as the location of the metadata in the original streaming file. The ordering of the metadata and the encryption box in the encrypted streaming media file, and the ordering of the metadata and the media data in the original streaming file are consistent.
服务端根据流媒体原文件的格式,将获取的加密盒作为媒体数据写入加密流媒体文件,使加密盒在加密流媒体文件中的格式与媒体数据在流媒体原文件中的格式保持相同。例如,使元数据与加密盒在加密流媒体文件的排序,和元数据与媒体数据在流媒体原文件中的排序保持一致。The server writes the obtained encrypted box as the media data to the encrypted streaming media file according to the format of the original file of the streaming media, so that the format of the encrypted box in the encrypted streaming media file is the same as the format of the media data in the original file of the streaming media. For example, the ordering of the metadata and the encryption box in the encrypted streaming media file, and the ordering of the metadata and the media data in the original streaming file are consistent.
由此,完成流媒体原文件的加密,得到加密流媒体文件。得到的加密流媒体文件与流媒体原文件的格式相同。同时,由于服务端将媒体数据进行分段加密,无需对媒体数据中的每一个媒体数据采样进行加密,大大减轻了服务端对媒体数据的加密工作量。Thereby, the encryption of the original stream file is completed, and the encrypted stream file is obtained. The obtained encrypted streaming media file has the same format as the original streaming media file. At the same time, since the server encrypts the media data in segments, there is no need to encrypt each media data sample in the media data, which greatly reduces the encryption workload of the server on the media data.
作为另一种实施方式,服务端可以预先创建加密流媒体文件,首先将获取的元数据根据流媒体原文件的格式写入加密流媒体文件,然后再对媒体数据进行加密。服务端在得到加密盒后,依次将得到的加密盒写入加密流媒体文件,直至完成所有媒体数据的加密。As another implementation manner, the server may pre-create an encrypted streaming media file, firstly writing the acquired metadata to the encrypted streaming media file according to the format of the original streaming media file, and then encrypting the media data. After obtaining the encryption box, the server sequentially writes the obtained encryption box to the encrypted streaming media file until all the media data is encrypted.
由此,完成流媒体原文件的加密,得到加密流媒体文件。得到的加密流媒体文件与流媒体原文件的格式相同。同时,由于服务端将媒体数据进行分段加密,无需对媒体数据中的每一个采样进行加密,大大减轻了服务端对媒体数据的加密工作量。Thereby, the encryption of the original stream file is completed, and the encrypted stream file is obtained. The obtained encrypted streaming media file has the same format as the original streaming media file. At the same time, since the server encrypts the media data in segments, there is no need to encrypt each sample in the media data, which greatly reduces the encryption workload of the server on the media data.
以当前应用场景为ASF(Advanced Streaming Format,高级串流格式)流媒体文件的加密,进行举例说明。Use the current application scenario as ASF (Advanced Streaming) Format, advanced streaming format) Encryption of streaming media files, for example.
参照图4,服务端包括加密服务器、流媒体内容发布服务器和许可服务器;客户端包括控制管理模块、网络下载模块、解密数据模块、文件格式解复用模块和解码呈现模块。Referring to FIG. 4, the server includes an encryption server, a streaming media content publishing server, and a license server. The client includes a control management module, a network download module, a decryption data module, a file format demultiplexing module, and a decoding presentation module.
首先,加密服务器从流媒体源获取ASF流媒体文件,ASF流媒体文件包括:文件头对象(Header Object)、数据对象(Data Object)和索引对象(Index Object),其中文件头对象和索引对象均为元数据,数据对象为媒体数据。加密服务器解析ASF流媒体文件,得到元数据和媒体数据。First, the encryption server obtains the ASF streaming media file from the streaming media source, and the ASF streaming media file includes: a file header object (Header) Object), data object (Data Object) and index object (Index) Object), where the file header object and the index object are metadata, and the data object is media data. The encryption server parses the ASF streaming media file to obtain metadata and media data.
然后,加密服务器根据预设的数据量,将数据对象分为大小相同的数据片段。Then, the encryption server divides the data objects into data segments of the same size according to the preset amount of data.
然后,加密服务器从许可服务器获取预设的加密秘钥和加密信息。各数据片段可使用相同的加密秘钥加密,也可使用不同的加密秘钥加密,可根据实际需要灵活设置。加密服务器根据得到的加密秘钥分别对数据片段进行加密,得到对应的加密盒。Then, the encryption server acquires the preset encryption key and the encrypted information from the license server. Each piece of data can be encrypted with the same encryption key or encrypted with a different encryption key, which can be flexibly set according to actual needs. The encryption server encrypts the data segments according to the obtained encryption key to obtain a corresponding encryption box.
加密服务器创建加密流媒体文件,参照图5,根据ASF流媒体文件的格式,首先将元数据中的文件头对象写入加密流媒体文件,然后将得到的加密盒写入加密流媒体文件,最后将元数据中的索引对象写入加密流媒体文件。The encryption server creates an encrypted streaming media file. Referring to FIG. 5, according to the format of the ASF streaming media file, the file header object in the metadata is first written into the encrypted streaming media file, and then the obtained encryption box is written into the encrypted streaming media file, and finally Write the index object in the metadata to the encrypted streaming file.
由此,加密服务器完成对ASF流媒体文件的加密,得到加密流媒体文件。然后,加密服务器将得到的加密流媒体文件推送给流媒体内容发布服务器。Thereby, the encryption server completes the encryption of the ASF streaming media file, and obtains the encrypted streaming media file. The encryption server then pushes the obtained encrypted streaming media file to the streaming media content publishing server.
流媒体内容发布服务器在收到加密流媒体文件后,将加密流媒体文件发布给客户端的网络下载模块。After receiving the encrypted streaming media file, the streaming media content publishing server issues the encrypted streaming media file to the network downloading module of the client.
当用户需要获取此加密流媒体文件时,控制管理模块协调管理网络下载模块、解密数据模块、文件格式解复用模块和解码呈现模块,获取加密流媒体文件并进行解密,呈现给用户。When the user needs to obtain the encrypted streaming media file, the control management module coordinates the management network download module, the decryption data module, the file format demultiplexing module, and the decoding presentation module, obtains the encrypted streaming media file, decrypts it, and presents it to the user.
具体的,首先,控制网络下载模块从流媒体内容发布服务器发出请求,下载加密流媒体文件。然后,解密数据模块解析得到的加密流媒体文件,得到加密盒。Specifically, first, the control network downloading module sends a request from the streaming media content publishing server to download the encrypted streaming media file. Then, the decrypted data module parses the obtained encrypted streaming media file to obtain an encrypted box.
解密数据模块从得到的加密盒获取加密盒中的加密信息,并根据得到的加密信息向许可服务器发送许可请求,许可请求携带有加密信息。The decryption data module acquires the encrypted information in the encryption box from the obtained encryption box, and transmits a permission request to the license server according to the obtained encrypted information, the permission request carrying the encrypted information.
许可服务器收到解密数据模块发送的许可请求后,根据许可请求携带的加密信息,查找加密信息对应的解密秘钥;然后,许可服务器将解密秘钥返回给解密数据模块。After receiving the permission request sent by the decryption data module, the license server searches for the decryption key corresponding to the encrypted information according to the encrypted information carried by the permission request; then, the license server returns the decryption key to the decrypted data module.
解密数据模块收到解密秘钥后,根据解密秘钥对各加密盒中的加密数据进行解密,得到媒体数据的每一个数据片段。After receiving the decryption key, the decryption data module decrypts the encrypted data in each encryption box according to the decryption key to obtain each piece of data of the media data.
然后,文件格式解复用模块对得到的媒体数据片段进行解析,得到每一个媒体数据采样和显示时间戳等信息。Then, the file format demultiplexing module parses the obtained media data segments to obtain information such as each media data sampling and display time stamp.
然后,解码呈现模块根据得到的媒体数据采样和显示时间戳等信息解码媒体数据内容,并在客户端的显示屏中呈现媒体内容。Then, the decoding presentation module decodes the media data content according to the obtained media data sampling and display time stamp and the like, and presents the media content in the display screen of the client.
由此,实现了流媒体原文件的加密和解密。Thereby, encryption and decryption of the original streaming media file are realized.
本实施通过服务端分离流媒体原文件的元数据和媒体数据,仅对媒体数据进行加密得到加密盒,并将元数据与加密盒根据流媒体原文件的格式写入新创建的加密流媒体文件,实现了加密流媒体文件与流媒体原文件格式保持一致。同时,在对媒体数据进行加密时,服务端无需对每一个媒体数据采样进行加密,大大减轻了服务端的加密工作量,提高了服务端的效率。本实施例解决了流媒体加密技术破坏原有文件格式、数据加密工作量大的技术问题,实现了不破坏流媒体原文件的格式成功加密流媒体文件,并减少了数据加密的工作量,效果显著,有效提升了服务端的效率。The present embodiment separates the metadata and media data of the original file of the streaming media by the server, encrypts only the media data to obtain an encryption box, and writes the metadata and the encryption box to the newly created encrypted streaming media file according to the format of the original file of the streaming media. The encrypted streaming media file is consistent with the original streaming file format. At the same time, when encrypting the media data, the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server. The embodiment solves the technical problem that the streaming media encryption technology destroys the original file format and the data encryption workload is large, and realizes the successful encryption of the streaming media file without destroying the format of the original file of the streaming media, and reduces the workload of data encryption, and the effect Significantly, effectively improving the efficiency of the server.
进一步的,本发明流媒体加密方法第二实施例提供一种流媒体加密方法,基于上述本发明流媒体加密方法第一实施例,所述步骤S20包括:Further, the second embodiment of the streaming media encryption method of the present invention provides a streaming media encryption method. Based on the first embodiment of the streaming media encryption method of the present invention, the step S20 includes:
步骤S21、所述服务端按预设的数据量划分所述媒体数据,得到各数据片段。Step S21: The server divides the media data according to a preset data amount to obtain each data segment.
在得到流媒体原文件的媒体数据后,首先,服务端按预设的数据量等量划分媒体数据。After obtaining the media data of the original file of the streaming media, first, the server divides the media data by the same amount of data.
其中,预设的数据量为数据的字节大小,可根据应用场景和客户需要灵活设置。例如,为保障得到的媒体数据在解析后,更精确的组合为媒体内容呈现给用户,可以设置数据量较小;为提高媒体内容播放的流畅度,使用户下载更快,可以设置数据量较大。一个数据片段中包括一个或多个媒体数据采样,可根据实际需要设置。The preset data amount is the byte size of the data, and can be flexibly set according to the application scenario and the customer needs. For example, in order to ensure that the obtained media data is parsed, a more precise combination is presented to the user for the media content, and the amount of data can be set small; in order to improve the smoothness of the playback of the media content, the user can download faster, and the data volume can be set. Big. One data segment includes one or more media data samples, which can be set according to actual needs.
服务端将媒体数据划分为等量大小的片段,得到各数据片段。同时,服务端记载各数据片段在流媒体原文件中的起始位置。The server divides the media data into equal-sized segments to obtain each data segment. At the same time, the server records the starting position of each data segment in the original file of the streaming media.
步骤S22、根据预设的加密秘钥和加密信息,所述服务端获取所述各数据片段的加密秘钥和加密信息。Step S22: The server obtains an encryption key and encryption information of each data segment according to a preset encryption key and encryption information.
在得到各数据片段后,服务端根据预设的加密秘钥和加密信息,获取各数据片段的加密秘钥和加密信息。After obtaining each data segment, the server obtains the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information.
具体的,作为一种实施方式,服务端预设有加密秘钥和加密信息。预设的加密信息为加密秘钥的识别信息,具有唯一性,可以使用加密信息标识当前数据片段被加密为加密数据所使用的加密秘钥。服务器还预设有加密秘钥对应的解密秘钥,解密秘钥用于解密加密秘钥加密后的数据。需要说明的是,加密秘钥和对应的解密秘钥共用同一加密信息,也即加密秘钥、解密秘钥和加密信息为一一对应的映射关系,服务器根据加密信息即可获取对应的加密秘钥和解密秘钥。Specifically, as an implementation manner, the server is pre-configured with an encryption key and encrypted information. The preset encryption information is the identification information of the encryption key, and is unique, and the encrypted information can be used to identify the encryption key used by the current data segment to be encrypted into the encrypted data. The server also pre-sets a decryption key corresponding to the encryption key, and the decryption key is used to decrypt the encrypted data of the encryption key. It should be noted that the encryption key and the corresponding decryption key share the same encryption information, that is, the encryption key, the decryption key and the encryption information have a one-to-one mapping relationship, and the server can obtain the corresponding encryption secret according to the encrypted information. Key and decryption key.
然后,服务端根据得到的数据片段,分配加密秘钥和加密信息。若当前要对所有的数据片段使用相同的加密秘钥进行加密,则服务器向所有的数据片段分配相同的加密秘钥和加密信息;若当前要对数据片段使用不同的加密秘钥进行加密,则服务器向不同的数据片段分配不同的加密秘钥和加密秘钥对应的加密信息。Then, the server allocates the encryption key and the encrypted information according to the obtained data segment. If all data segments are currently encrypted using the same encryption key, the server assigns the same encryption key and encryption information to all data segments; if the data segment is currently encrypted with a different encryption key, then The server allocates different encryption keys and encrypted information corresponding to the encryption key to different data segments.
由此,服务端得到各片段的加密秘钥和加密信息。Thus, the server obtains the encryption key and the encrypted information of each segment.
步骤S23、根据所述各数据片段的加密秘钥和加密信息,所述服务端分别加密所述各数据片段得到各加密盒。Step S23: The server end encrypts each data segment to obtain each encryption box according to the encryption key and the encryption information of each data segment.
在得到各数据片段的加密秘钥和加密信息后,服务端分别加密各数据片段得到各加密盒。After obtaining the encryption key and the encryption information of each data segment, the server encrypts each data segment to obtain each encryption box.
具体的,作为一种实施方式,服务端构建一个加密盒,加密盒的数据结构如下表1所示。Specifically, as an implementation manner, the server constructs an encryption box, and the data structure of the encryption box is as shown in Table 1 below.
名称name 数据量The amount of data
Signature ID(签名标识)Signature ID 32bits(比特)32bits (bits)
Total size(总数据量)Total size 32bits32bits
Offset to origin file(对源文件的补偿)Offset to origin file (compensation for source files) 32bits32bits
DRM data length(DRM数据长度)DRM data length (DRM data length) 32bits32bits
DRM data(DRM数据)DRM data (DRM data) --
Encrypted data length(加密数据长度)Encrypted data length 32bits32bits
Encrypted data(加密数据)Encrypted data --
表 1Table 1
其中,Signature ID为32bits,也即4bytes大小的固定数据,例如0x05050303,用于标识加密盒,并且是整个加密盒的唯一标示。Among them, Signature The ID is 32 bits, which is 4 bytes of fixed data, such as 0x05050303, used to identify the encryption box, and is the only indication of the entire encryption box.
Total size数据量为32bits,用于记载整个加密盒的数据量大小。Total size is 32 bits and is used to record the amount of data in the entire encryption box.
Offset to origin file数据量为32bits,用于记载加密数据在流媒体原文件中的数据偏移量,也即当前加密盒携带的数据片段在在流媒体原文件中的起始位置。Offset to origin The file data volume is 32 bits, which is used to record the data offset of the encrypted data in the original file of the streaming media, that is, the starting position of the data segment carried by the current encryption box in the original file of the streaming media.
DRM data为当前加密盒中,加密数据所使用的加密秘钥对应的加密信息,用于客户端根据此信息获取对应的解密秘钥。DRM data length数据量为32bits,用于记录DRM data的数据长度,也即记录DRM data的数据量。DRM Data is the encryption information corresponding to the encryption key used to encrypt the data in the current encryption box, and is used by the client to obtain the corresponding decryption key according to the information. DRM data The length of the data is 32 bits, which is used to record the data length of the DRM data, that is, the amount of data of the DRM data.
Encrypted data为当前加密盒中携带的加密数据,也即加密后的数据片段。每个加密盒携带一个加密后的数据片段。Encrypted data length数据量为32bits,用于记录Encrypted data的数据长度,也即记录Encrypted data的数据量。Encrypted Data is the encrypted data carried in the current encryption box, that is, the encrypted data fragment. Each encryption box carries an encrypted piece of data. Encrypted data The length of the data is 32 bits, which is used to record the data length of Encrypted data, that is, the amount of data of Encrypted data.
然后,服务端可以根据数据片段的播放时间先后顺序,依次对数据片段进行加密。服务端获取第一个数据片段,然后,将0x05050303写入Signature ID,用于标识加密盒的存在。Then, the server can encrypt the data segments in sequence according to the playing time sequence of the data segments. The server gets the first data fragment, and then writes 0x05050303 to Signature. ID, used to identify the existence of the encryption box.
然后,服务端将记录的第一个数据片段在流媒体原文件中的起始位置,写入Offset to origin file。Then, the server writes the start position of the first data segment recorded in the original stream file to Offset to origin File.
然后,服务端将第一个数据片段的加密信息写入DRM data;并获取加密信息的数据量,写入DRM data length。Then, the server writes the encrypted information of the first data segment into DRM data; and obtains the data amount of the encrypted information, and writes the DRM data Length.
然后,服务端根据第一个数据片段的加密秘钥,对第一个数据片段进行加密,得到加密数据。服务端将得到的加密数据写入Encrypted data;并获取加密数据的信息量,写入Encrypted data length。Then, the server encrypts the first data segment according to the encryption key of the first data segment to obtain encrypted data. The server will write the encrypted data to Encrypted Data; and get the amount of information of the encrypted data, write Encrypted data length.
然后,服务端计算得到当前加密盒的总计数据量,并将得到的数据量写入Total size。Then, the server calculates the total amount of data of the current encryption box, and writes the obtained data amount to Total size.
由此,服务端完成第一个数据片段的加密,得到第一个加密盒。Thus, the server completes the encryption of the first data segment to obtain the first encryption box.
然后,服务端继续构建加密盒,依次对数据片段进行加密,得到对应的加密盒。Then, the server continues to construct the encryption box, and then encrypts the data segments in turn to obtain the corresponding encryption box.
本实施例通过将媒体数据进行分段加密,无需对媒体数据中的每一个采样进行加密,大大减轻了服务端对媒体数据的加密工作量;并且,服务端保持流媒体原文件的元数据保持不变,仅加密媒体数据,实现了在不改变流媒体原文件格式的条件下对流媒体文件的加密。In this embodiment, by encrypting the media data in segments, it is not necessary to encrypt each sample in the media data, which greatly reduces the encryption workload of the media data on the server side; and the server maintains the metadata retention of the original file of the streaming media. The same, only encrypts the media data, and realizes the encryption of the streaming media file without changing the original file format of the streaming media.
进一步的,本发明流媒体加密方法第三实施例还提供一种流媒体加密方法,基于上述本发明流媒体加密方法第二实施例,所述步骤S23之后,还包括:Further, the third embodiment of the streaming media encryption method of the present invention further provides a streaming media encryption method. Based on the second embodiment of the streaming media encryption method of the present invention, after the step S23, the method further includes:
步骤S24、所述服务端判断所述各数据片段是否已全部完成加密;若所述各数据片段未全部完成加密,则转入执行步骤:S22;若所述各数据片段已全部完成加密,则转入执行步骤:S30。Step S24, the server determines whether the data segments have all been encrypted; if the data segments are not all encrypted, the process proceeds to: S22; if the data segments have all been encrypted, Go to the execution step: S30.
在本实施例中,服务端根据各数据片段的加密秘钥和加密信息,依次加密各数据片段。取流媒体原文件的媒体数据长度为m,划分数据片段的预设数据量为k,则服务端依次从媒体数据中截取长度为k的数据片段进行加密得到加密盒。In this embodiment, the server sequentially encrypts each data segment according to the encryption key and the encryption information of each data segment. The length of the media data of the original file of the streaming media is m, and the preset data amount of the divided data segment is k, and the server sequentially intercepts the data segment of length k from the media data to obtain an encrypted box.
作为一种实施方式,在得到加密盒后,服务端根据剩余的媒体数据长度判断当前各数据片段是否已全部完成加密;若剩余的媒体数据长度为零,则判定当前各数据片段已全部完成加密;若剩余的媒体数据长度不为零,则判定当前各数据片段未全部完成加密。As an implementation manner, after obtaining the encryption box, the server determines whether the current data segments have all been encrypted according to the remaining media data length; if the remaining media data length is zero, it determines that the current data segments have all been encrypted. If the remaining media data length is not zero, it is determined that the current data segments are not all encrypted.
若当前各数据片段未全部完成加密,则服务端继续从媒体数据中截取长度为k的数据片段,获取此数据片段的加密秘钥和加密信息,对此数据片段进行加密。得到加密盒后,再次判断当前各数据片段是否已全部完成加密。If the current data segments are not all encrypted, the server continues to intercept the data segment of length k from the media data, obtains the encryption key and the encrypted information of the data segment, and encrypts the data segment. After the encryption box is obtained, it is judged again whether the current data segments have all been encrypted.
若当前各数据片段已全部完成加密,则服务端根据流媒体原文件的格式、元数据和各加密盒,创建加密流媒体文件,完成对流媒体原文件的加密。If all the current data segments have been completely encrypted, the server creates an encrypted streaming media file according to the format of the original media file, metadata, and each encryption box, and completes encryption of the original file of the streaming media.
本实施例通过判断各数据片段是否已全部完成加密,避免数据片段在加密过程中被遗漏,保证了加密流媒体文件中媒体数据的完整性。In this embodiment, by determining whether each data segment has been completely encrypted, the data segment is prevented from being missed in the encryption process, and the integrity of the media data in the encrypted streaming media file is ensured.
进一步的,参照图4,本发明流媒体加密方法第四实施例提供一种流媒体加密方法,本发明流媒体加密方法第一实施例、第二实施例或第三实施例,所述S30的步骤之后,还包括:Further, referring to FIG. 4, a fourth embodiment of the streaming media encryption method of the present invention provides a streaming media encryption method, a first embodiment, a second embodiment, or a third embodiment of the streaming media encryption method of the present invention. After the step, it also includes:
所述S40、所述服务端向客户端发布所述加密流媒体文件。S40: The server issues the encrypted streaming media file to a client.
服务端在根据流媒体原文件的格式、元数据和各加密盒,创建加密流媒体文件,完成对流媒体原文件的加密后,向客户端发布得到的加密流媒体文件。The server creates an encrypted streaming media file according to the format of the original media file, metadata, and each encryption box, and after encrypting the original file of the streaming media, the encrypted streaming media file is released to the client.
具体的,作为一种实施方式,若当前服务端从流媒体源获取的流媒体原文件有多个,则服务端可以在流媒体原文件全部完成加密后,将得到的多个加密流媒体文件统一打包,向客户端发布。客户端可以一次性的下载得到全部的加密流媒体文件。Specifically, as an implementation manner, if the current server obtains a plurality of original streaming media files from the streaming media source, the server may obtain the obtained multiple encrypted streaming media files after all the original streaming media files are encrypted. Unified packaging, release to the client. The client can download all encrypted streaming media files at one time.
作为另一种实施方式,若当前服务端从流媒体源获取的流媒体原文件有多个,服务端可以在每完成一个流媒体原文件的加密后,立即将得到的加密流媒体文件向客户端发布,直至完成全部流媒体原文件的加密和发布。客户端可以依次下载加密流媒体文件进行解密、播放,实现用户在线观看媒体内容。As another implementation manner, if the current server obtains a plurality of original streaming media files from the streaming media source, the server may immediately obtain the obtained encrypted streaming media file to the client after completing the encryption of one original streaming media file. The end is released until the encryption and distribution of all the original streaming media files are completed. The client can download the encrypted streaming media file in sequence for decryption and playback, so that the user can view the media content online.
本实施例通过服务端主动向客户端发布加密流媒体文件,使客户端可以及时获取加密流媒体文件,一边解密已获取的加密流媒体文件一边继续下载后续的加密流媒体文件,实现了流媒体文件内容的在线连续播放,提高了用户体验。In this embodiment, the server actively releases the encrypted streaming media file to the client, so that the client can obtain the encrypted streaming media file in time, and decrypts the acquired encrypted streaming media file while continuing to download the subsequent encrypted streaming media file, thereby implementing streaming media. Online continuous playback of file content improves the user experience.
参照图2,本发明流媒体加密装置第一实施例提供一种流媒体加密装置,所述流媒体加密装置包括:Referring to FIG. 2, a first embodiment of a streaming media encryption device of the present invention provides a streaming media encryption device, where the streaming media encryption device includes:
获取模块10,用于根据流媒体原文件,得到元数据和媒体数据。The obtaining module 10 is configured to obtain metadata and media data according to the original media file.
加密模块20,用于根据预设的加密秘钥和加密信息,加密所述媒体数据得到加密盒。The encryption module 20 is configured to encrypt the media data according to a preset encryption key and encryption information to obtain an encryption box.
创建模块30,用于根据所述流媒体原文件的格式、所述元数据和所述加密盒,创建加密流媒体文件。The creating module 30 is configured to create an encrypted streaming media file according to the format of the original streaming file, the metadata, and the encryption box.
具体实施方式可参照上述本发明流媒体加密方法第一实施例。DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference may be made to the first embodiment of the streaming media encryption method of the present invention described above.
本实施通过分离流媒体原文件的元数据和媒体数据,仅对媒体数据进行加密得到加密盒,并将元数据与加密盒根据流媒体原文件的格式写入新创建的加密流媒体文件,实现了加密流媒体文件与流媒体原文件格式保持一致。同时,在对媒体数据进行加密时,服务端无需对每一个媒体数据采样进行加密,大大减轻了服务端的加密工作量,提高了服务端的效率。本实施例解决了流媒体加密技术破坏原有文件格式、数据加密工作量大的技术问题,实现了不破坏流媒体原文件的格式成功加密流媒体文件,并减少了数据加密的工作量,效果显著,有效提升了服务端的效率。The present embodiment separates the metadata of the original file of the streaming media and the media data, encrypts only the media data to obtain an encryption box, and writes the metadata and the encryption box into the newly created encrypted streaming media file according to the format of the original media of the streaming media, thereby realizing The encrypted streaming media file is consistent with the original streaming file format. At the same time, when encrypting the media data, the server does not need to encrypt each media data sample, which greatly reduces the encryption workload of the server and improves the efficiency of the server. The embodiment solves the technical problem that the streaming media encryption technology destroys the original file format and the data encryption workload is large, and realizes the successful encryption of the streaming media file without destroying the format of the original file of the streaming media, and reduces the workload of data encryption, and the effect Significantly, effectively improving the efficiency of the server.
进一步的,本发明流媒体加密装置第二实施例提供一种流媒体加密装置,基于上述本发明流媒体加密装置第一实施例,所述加密模20包括:Further, the second embodiment of the streaming media encryption device of the present invention provides a streaming media encryption device. Based on the first embodiment of the streaming media encryption device of the present invention, the encryption module 20 includes:
划分单元,用于按预设的数据量划分所述媒体数据,得到各数据片段。a dividing unit, configured to divide the media data by a preset amount of data to obtain each piece of data.
秘钥单元,用于根据预设的加密秘钥和加密信息,获取所述各数据片段的加密秘钥和加密信息。The secret key unit is configured to acquire the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information.
加密单元,用于根据所述各数据片段的加密秘钥和加密信息,分别加密所述各数据片段得到各加密盒。And an encryption unit, configured to encrypt each of the data segments according to the encryption key and the encryption information of each data segment to obtain each encryption box.
具体实施方式可参照上述本发明流媒体加密方法第二实施例。DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to the second embodiment of the streaming media encryption method of the present invention described above.
本实施例通过将媒体数据进行分段加密,无需对媒体数据中的每一个采样进行加密,大大减轻了服务端对媒体数据的加密工作量;并且,保持流媒体原文件的元数据保持不变,仅加密媒体数据,实现了在不改变流媒体原文件格式的条件下对流媒体文件的加密。In this embodiment, by encrypting the media data in segments, it is not necessary to encrypt each sample in the media data, thereby greatly reducing the encryption workload of the media data by the server; and maintaining the metadata of the original file of the streaming media remains unchanged. The media data is encrypted only, and the streaming media file is encrypted without changing the original file format of the streaming media.
进一步的,本发明流媒体加密装置第三实施例还提供一种流媒体加密装置,基于上述本发明流媒体加密装置第二实施例,所述加密模块20还包括:Further, the third embodiment of the streaming media encryption device of the present invention further provides a streaming media encryption device. The encryption module 20 further includes:
判断单元,用于判断所述各数据片段是否已全部完成加密。The determining unit is configured to determine whether the data segments have all been encrypted.
具体实施方式可参照上述本发明流媒体加密方法第三实施例。DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to the third embodiment of the streaming media encryption method of the present invention described above.
本实施例通过判断各数据片段是否已全部完成加密,避免数据片段在加密过程中被遗漏,保证了加密流媒体文件中媒体数据的完整性。In this embodiment, by determining whether each data segment has been completely encrypted, the data segment is prevented from being missed in the encryption process, and the integrity of the media data in the encrypted streaming media file is ensured.
进一步的,本发明流媒体加密装置第四实施例提供一种流媒体加密装置,基于上述本发明流媒体加密装置第一实施例、第二实施例或第三实施例,所述流媒体加密装置还包括:Further, the fourth embodiment of the streaming media encryption device of the present invention provides a streaming media encryption device. The streaming media encryption device is based on the first embodiment, the second embodiment or the third embodiment of the streaming media encryption device of the present invention. Also includes:
发布模块,用于向客户端发布所述加密流媒体文件。a publishing module, configured to publish the encrypted streaming media file to a client.
具体实施方式可参照上述本发明流媒体加密方法第四实施例。DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to the fourth embodiment of the streaming media encryption method of the present invention described above.
本实施例通过主动向客户端发布加密流媒体文件,使客户端可以及时获取加密流媒体文件,一边解密已获取的加密流媒体文件一边继续下载后续的加密流媒体文件,实现了流媒体文件内容的在线连续播放,提高了用户体验。In this embodiment, the encrypted streaming media file is actively distributed to the client, so that the client can obtain the encrypted streaming media file in time, and decrypt the acquired encrypted streaming media file while continuing to download the subsequent encrypted streaming media file, thereby realizing the streaming media file content. Online continuous playback enhances the user experience.
参照图3,本发明流媒体加密系统第一实施例提供一种流媒体加密系统,所述流媒体加密系统包括服务端A和客户端B,其中:Referring to FIG. 3, a first embodiment of a streaming media encryption system of the present invention provides a streaming media encryption system, where the streaming media encryption system includes a server A and a client B, where:
所述服务端A包括获取模块10、加密模块20、创建模块30和发布模块;The server A includes an obtaining module 10, an encryption module 20, a creating module 30, and a publishing module;
所述客户端B,用于从所述服务端A获取加密流媒体文件。The client B is configured to obtain an encrypted streaming media file from the server A.
流媒体加密系统包括服务端A和客户端B,服务端A用于加密流媒体原文件,并将得到的加密流媒体文件向客户端B发布;客户端B用于从服务端A获取加密流媒体文件,并将流媒体内容呈现给用户。The streaming media encryption system includes a server A and a client B. The server A is used to encrypt the original stream file, and the obtained encrypted stream file is distributed to the client B. The client B is used to obtain the encrypted stream from the server A. Media files and present streaming content to users.
其中,服务端A包括:获取模块10、加密模块20、创建模块30和发布模块。The server A includes an obtaining module 10, an encryption module 20, a creating module 30, and a publishing module.
具体的,作为一种实施方式,首先,服务端A从流媒体源获取流媒体原文件。然后,服务端A从流媒体原文件中获取元数据和媒体数据,并保持元数据不变。Specifically, as an implementation manner, first, the server A obtains the original media file from the streaming media source. Then, server A obtains the metadata and media data from the original streaming file and keeps the metadata unchanged.
然后,服务端A将得到的媒体数据根据预设的数据量划分为等量大小的数据片段,分别对数据片段进行加密,得到对应的各加密盒。Then, the server A divides the obtained media data into data segments of equal size according to the preset data amount, and encrypts the data segments respectively to obtain corresponding encryption boxes.
然后,服务端A创建新的流媒体文件,作为加密流媒体文件,新创建的流媒体文件格式与流媒体原文件的格式保持相同。服务端A将元数据保持不变,写入加密流媒体文件中,将加密盒作为媒体数据写入加密流媒体文件,完成流媒体原文件的加密。Then, server A creates a new streaming media file as the encrypted streaming media file, and the newly created streaming media file format remains the same as the format of the original streaming media file. The server A keeps the metadata unchanged, writes it into the encrypted streaming media file, and writes the encrypted box as the media data into the encrypted streaming media file to complete the encryption of the original streaming media file.
然后,服务端A将得到的加密流媒体文件向客户端B发布。Then, the server A releases the obtained encrypted streaming media file to the client B.
客户端B根据用户的需要,从服务端A下载加密流媒体文件。Client B downloads the encrypted streaming media file from server A according to the needs of the user.
然后,客户端B解析得到的加密流媒体文件,得到各加密盒。客户端B获取各加密盒的加密信息,并根据加密信息向服务端A发送许可请求。Then, client B parses the obtained encrypted streaming media file to obtain each encryption box. Client B obtains the encrypted information of each encryption box, and sends a permission request to server A according to the encrypted information.
在许可请求通过后,客户端B获取服务端A返回的解密秘钥,对加密盒进行解密后,将得到的媒体数据进行解码,呈现媒体内容给用户。After the permission request is passed, the client B obtains the decryption key returned by the server A, decrypts the encrypted box, and decodes the obtained media data to present the media content to the user.
作为另一种实施方式,服务端A从流媒体源获取流媒体原文件。然后,服务端A从流媒体原文件中获取元数据和媒体数据,并保持元数据不变。As another implementation manner, the server A obtains the original stream file from the streaming media source. Then, server A obtains the metadata and media data from the original streaming file and keeps the metadata unchanged.
服务端A创建新的流媒体文件,作为加密流媒体文件。然后,将得到的元数据写入加密流媒体文件,保持元数据内容不变。并且,服务端A保持元数据在加密流媒体文件中的格式与在流媒体原文件中的不变,例如元数据在流媒体原文件中位于文件头,则服务端将元数据写入加密流媒体文件中时,仍然保持元数据在加密流媒体文件的文件头。Server A creates a new streaming file as an encrypted streaming file. The resulting metadata is then written to the encrypted streaming media file, keeping the metadata content unchanged. Moreover, the server A keeps the format of the metadata in the encrypted streaming media file unchanged in the original file of the streaming media. For example, the metadata is located in the file header in the original file of the streaming media, and the server writes the metadata to the encrypted stream. When the media file is in, the metadata remains in the header of the encrypted streaming file.
然后,服务端A将得到的媒体数据划分为等量大小的数据片段,分别对数据片段进行加密,得到对应的各加密盒。服务端A依次将得到的加密盒写入加密流媒体文件,保持加密盒在加密流媒体文件中的格式与媒体数据在流媒体原文件中的格式一致。Then, the server A divides the obtained media data into data segments of equal size, and encrypts the data segments respectively to obtain corresponding encryption boxes. The server A sequentially writes the obtained encryption box into the encrypted streaming media file, and keeps the format of the encrypted box in the encrypted streaming media file in the same format as the media data in the original streaming file.
在服务端A完成全部数据片段的加密,并将得到的加密盒全部写入加密流媒体文件中后,服务端完成对流媒体原文件的加密。After the server A completes the encryption of all the data segments, and the obtained encryption boxes are all written into the encrypted streaming media file, the server completes the encryption of the original file of the streaming media.
然后,服务端A将得到的加密流媒体文件向客户端B发布。Then, the server A releases the obtained encrypted streaming media file to the client B.
客户端B根据用户的需要,从服务端A下载加密流媒体文件。Client B downloads the encrypted streaming media file from server A according to the needs of the user.
然后,客户端B解析得到的加密流媒体文件,得到各加密盒。客户端B获取各加密盒的加密信息,并根据加密信息向服务端A发送许可请求。Then, client B parses the obtained encrypted streaming media file to obtain each encryption box. Client B obtains the encrypted information of each encryption box, and sends a permission request to server A according to the encrypted information.
在许可请求通过后,客户端B获取服务端A返回的解密秘钥,对加密盒进行解密后,将得到的媒体数据进行解码,呈现媒体内容给用户。After the permission request is passed, the client B obtains the decryption key returned by the server A, decrypts the encrypted box, and decodes the obtained media data to present the media content to the user.
本实施例通过服务端加密流媒体原文件,得到的加密流媒体文件与流媒体原文件格式保持不变,使得客户端在下载得到加密流媒体文件后,得到的媒体数据格式不变,仅需要对加密盒进行解密即可得到媒体数据,不需要调整客户端的解复用模块即可实现媒体数据的解复用,减轻了客户端的兼容开发工作量,在保证流媒体文件加密安全性的同时实现了加密系统开发成本的降低。In this embodiment, the encrypted original stream file and the original format of the streamed media are kept unchanged by the server, so that the format of the obtained media data is unchanged after the client obtains the encrypted streaming media file, and only needs to be obtained. The media data can be obtained by decrypting the encryption box, and the demultiplexing of the client data can be realized without adjusting the demultiplexing module of the client, thereby reducing the compatibility development workload of the client, and realizing the encryption security of the streaming media file. The cost of encryption system development is reduced.
进一步的,参照图3,本发明流媒体加密系统第二实施例提供一种流媒体加密系统,基于上述图3所示的本发明流媒体加密系统第一实施例,所述服务端A预设有解密秘钥,所述解密秘钥与所述预设的加密秘钥、加密信息对应,所述客户端B还用于,Further, referring to FIG. 3, the second embodiment of the streaming media encryption system of the present invention provides a streaming media encryption system. Based on the first embodiment of the streaming media encryption system of the present invention shown in FIG. 3, the server A presets. There is a decryption key, the decryption key corresponds to the preset encryption key and the encrypted information, and the client B is further used,
获取所述加密流媒体文件中加密盒的加密信息,根据所述加密信息从所述服务端获取所述加密盒的解密秘钥;根据所述解密秘钥,解密所述加密盒得到数据片段;解析所述数据片段得到媒体内容,将所述媒体内容呈现给用户。Acquiring the encryption information of the encryption box in the encrypted streaming media file, acquiring the decryption key of the encryption box from the server according to the encryption information; and decrypting the encryption box according to the decryption key to obtain a data segment; Parsing the data segment to obtain media content, presenting the media content to a user.
具体的,作为一种实施方式,服务端A预设有流媒体原文件的解密秘钥,服务端A预设的解密秘钥与预设的流媒体原文件的加密秘钥、加密信息对应。可以理解为,服务端A预设有流媒体原文件的加密秘钥、解密秘钥和加密信息,三者互相对应。其中,加密信息为加密秘钥和解密秘钥的标识信息,服务端A可以根据加密信息得到对应的加密秘钥和解密秘钥。服务端A使用加密秘钥加密的数据,可以使用对应的解密秘钥进行解密,得到原数据。Specifically, as an implementation manner, the server A pre-sets the decryption key of the original file of the streaming media, and the decryption key preset by the server A corresponds to the encryption key and the encrypted information of the preset original file of the streaming media. It can be understood that the server A pre-sets the encryption key, the decryption key and the encryption information of the original file of the streaming media, and the three correspond to each other. The encrypted information is the identification information of the encryption key and the decryption key, and the server A can obtain the corresponding encryption key and the decryption key according to the encrypted information. The data encrypted by the server A using the encryption key can be decrypted using the corresponding decryption key to obtain the original data.
客户端B在得到加密流媒体文件后,解析得到的加密流媒体文件,得到元数据和加密盒。元数据用于获取当前流媒体原文件的各项信息。After obtaining the encrypted streaming media file, client B parses the obtained encrypted streaming media file to obtain metadata and an encryption box. The metadata is used to obtain various information of the current streaming media original file.
客户端B依次读取加密流媒体文件中的各加密盒,获取加密和中的加密信息。然后,客户端B将根据加密信息向服务端A发送许可请求,获取加密信息对应的解密秘钥。The client B sequentially reads each encryption box in the encrypted streaming media file to obtain the encrypted information in the encryption and the encryption. Then, the client B will send a permission request to the server A according to the encrypted information, and obtain the decryption key corresponding to the encrypted information.
服务端A收到客户端B的许可请求后,查找加密信息对应的解密秘钥,将解密秘钥返回给客户端B。在本实施例中,预设客户端B已得到服务端A的授权,可以获取服务端A发布的流媒体文件。After receiving the permission request of the client B, the server A searches for the decryption key corresponding to the encrypted information, and returns the decryption key to the client B. In this embodiment, the preset client B has obtained the authorization of the server A, and can obtain the streaming media file issued by the server A.
客户端B接收服务端A返回的解密秘钥,对携带当前解密信息的加密盒进行解密,也即解密加密盒中携带的加密数据,得到数据片段。客户端B分别解密加密流媒体文件中携带的各加密盒,得到各数据片段。The client B receives the decryption key returned by the server A, and decrypts the encrypted box carrying the current decrypted information, that is, decrypts the encrypted data carried in the encrypted box to obtain a data segment. Client B decrypts each encryption box carried in the encrypted streaming media file to obtain each data segment.
然后,客户端B解析媒体数据的各数据片段,得到各数据片段中的每一个媒体数据采样和相关的显示时间戳的信息。Then, client B parses each data segment of the media data to obtain information of each media data sample and associated display time stamp in each data segment.
然后,客户端B对每一个媒体数据采样进行解码,得到媒体内容。客户端B根据显示时间戳等信息,将得到的媒体内容呈现给客户,例如,在客户端B的显示屏上显示视频,控制客户端B的音频输出模块输出音频等。Client B then decodes each media data sample to obtain media content. The client B presents the obtained media content to the client according to the information such as the display time stamp, for example, displaying the video on the display screen of the client B, controlling the output of the audio output module of the client B, and the like.
由此,流媒体加密系统实现了流媒体文件的加密和解密。Thus, the streaming media encryption system implements encryption and decryption of streaming media files.
本实施例中,客户端B解密得到的媒体数据为数据片段,一个数据片段中可能多个媒体数据采样,避免了对每一个媒体数据采样进行解密,减轻了客户端B的解密工作量。同时,由于加密流媒体文件格式与流媒体原文件格式相同,客户端B可以直接解密加密盒得到媒体数据。本实施例实现了流媒体文件加密时,格式保持不变,并且减轻了服务端的加密工作量和客户端的解密工作量,提升了流媒体文件加密和解密的效率。In this embodiment, the media data decrypted by the client B is a data segment, and a plurality of media data samples may be sampled in one data segment, thereby avoiding decryption of each media data sample, thereby reducing the decryption workload of the client B. At the same time, since the encrypted streaming media file format is the same as the original streaming file format, the client B can directly decrypt the encrypted box to obtain the media data. In this embodiment, when the streaming media file is encrypted, the format remains unchanged, and the encryption workload of the server and the decryption workload of the client are alleviated, and the efficiency of encryption and decryption of the streaming media file is improved.
以上仅为本发明的可选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only an alternative embodiment of the present invention, and thus does not limit the scope of the invention, and the equivalent structure or equivalent process transformation made by using the specification and the drawings of the present invention, or directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.

Claims (18)

  1. 一种流媒体加密方法,其特征在于,所述流媒体加密方法包括以下步骤: A streaming media encryption method, characterized in that the streaming media encryption method comprises the following steps:
    服务端根据流媒体原文件,得到元数据和媒体数据;The server obtains metadata and media data according to the original media file;
    根据预设的加密秘钥和加密信息,所述服务端加密所述媒体数据得到加密盒;The server encrypts the media data to obtain an encryption box according to a preset encryption key and encryption information;
    所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密。The server creates a new encrypted streaming media file, writes the metadata to the encrypted streaming media file according to the format of the original media file, and writes the encrypted box as the media data into the encrypted streaming media file. The encryption of the original file of the streaming media is completed.
  2. 如权利要求1所述的流媒体加密方法,其特征在于,所述根据预设的加密秘钥和加密信息,所述服务端加密所述媒体数据得到加密盒的步骤包括:The streaming media encryption method according to claim 1, wherein the step of the server encrypting the media data to obtain an encryption box according to the preset encryption key and the encryption information comprises:
    所述服务端按预设的数据量划分所述媒体数据,得到各数据片段;The server divides the media data according to a preset data amount to obtain each data segment;
    根据预设的加密秘钥和加密信息,所述服务端获取所述各数据片段的加密秘钥和加密信息;The server obtains an encryption key and encryption information of each piece of data according to a preset encryption key and encryption information;
    根据所述各数据片段的加密秘钥和加密信息,所述服务端分别加密所述各数据片段得到各加密盒。And the server separately encrypts the data segments to obtain each encryption box according to the encryption key and the encryption information of each data segment.
  3. 如权利要求2所述的流媒体加密方法,其特征在于,所述根据所述各数据片段的加密秘钥和加密信息,所述服务端分别加密所述各数据片段得到各加密盒的步骤之后,还包括:The streaming media encryption method according to claim 2, wherein said step of encrypting said each data segment to obtain each encryption box according to said encryption key and encryption information of said each data segment ,Also includes:
    所述服务端判断所述各数据片段是否已全部完成加密;The server determines whether the data segments have all been encrypted;
    若所述各数据片段未全部完成加密,则转入执行步骤:根据预设的加密秘钥和加密信息,所述服务端获取所述各数据片段的加密秘钥和加密信息;If the data segments are not all encrypted, proceed to the execution step: the server obtains the encryption key and the encryption information of each data segment according to the preset encryption key and the encryption information;
    若所述各数据片段已全部完成加密,则转入执行步骤:所述服务端根据所述流媒体原文件的格式、所述元数据和所述加密盒,创建加密流媒体文件。If the data segments have all been encrypted, proceed to the execution step: the server creates an encrypted streaming media file according to the format of the original media file, the metadata, and the encryption box.
  4. 如权利要求3所述的流媒体加密方法,其特征在于,所述服务端判断所述各数据片段是否已全部完成加密的步骤包括:The streaming media encryption method according to claim 3, wherein the step of the server determining whether the data segments have all been encrypted comprises:
    根据剩余的媒体数据长度判断所述各数据片段是否已全部完成加密;Determining, according to the remaining media data length, whether each of the data segments has been completely encrypted;
    若剩余的媒体数据长度为零,则所述服务端判定所述各数据片段已全部完成加密;若剩余的媒体数据长度不为零,则判定所述各数据片段未全部完成加密。If the length of the remaining media data is zero, the server determines that the data segments have all been encrypted; if the remaining media data length is not zero, it is determined that the data segments are not all encrypted.
  5. 如权利要求1所述的流媒体加密方法,其特征在于,所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密的步骤之后,还包括:The streaming media encryption method according to claim 1, wherein the server creates a new encrypted streaming media file, and writes the metadata to the encrypted streaming media file according to the format of the original streaming media file. After the step of writing the encrypted data box as the media data to the encrypted streaming media file to complete the encryption of the original streaming media file, the method further includes:
    所述服务端向客户端发布所述加密流媒体文件。The server issues the encrypted streaming media file to the client.
  6. 如权利要求2所述的流媒体加密方法,其特征在于,所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密的步骤之后,还包括:The streaming media encryption method according to claim 2, wherein the server creates a new encrypted streaming media file, and writes the metadata to the encrypted streaming media file according to the format of the original streaming media file. After the step of writing the encrypted data box as the media data to the encrypted streaming media file to complete the encryption of the original streaming media file, the method further includes:
    所述服务端向客户端发布所述加密流媒体文件。The server issues the encrypted streaming media file to the client.
  7. 如权利要求3所述的流媒体加密方法,其特征在于,所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密的步骤之后,还包括:The streaming media encryption method according to claim 3, wherein the server creates a new encrypted streaming media file, and writes the metadata to the encrypted streaming media file according to the format of the original streaming media file. After the step of writing the encrypted data box as the media data to the encrypted streaming media file to complete the encryption of the original streaming media file, the method further includes:
    所述服务端向客户端发布所述加密流媒体文件。The server issues the encrypted streaming media file to the client.
  8. 如权利要求4所述的流媒体加密方法,其特征在于,所述服务端新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密的步骤之后,还包括:The streaming media encryption method according to claim 4, wherein the server creates a new encrypted streaming media file, and writes the metadata to the encrypted streaming media file according to the format of the original streaming media file. After the step of writing the encrypted data box as the media data to the encrypted streaming media file to complete the encryption of the original streaming media file, the method further includes:
    所述服务端向客户端发布所述加密流媒体文件。The server issues the encrypted streaming media file to the client.
  9. 一种流媒体加密装置,其特征在于,所述流媒体加密装置包括:A streaming media encryption device, characterized in that the streaming media encryption device comprises:
    获取模块,用于根据流媒体原文件,得到元数据和媒体数据;An obtaining module, configured to obtain metadata and media data according to the original media file;
    加密模块,用于根据预设的加密秘钥和加密信息,加密所述媒体数据得到加密盒;An encryption module, configured to encrypt the media data according to a preset encryption key and encryption information to obtain an encryption box;
    创建模块,用于新建加密流媒体文件,根据所述流媒体原文件的格式,将所述元数据写入所述加密流媒体文件,将所述加密盒作为媒体数据写入所述加密流媒体文件,完成所述流媒体原文件的加密。a creating module, configured to create a new encrypted streaming media file, write the metadata into the encrypted streaming media file according to a format of the original media file, and write the encrypted box as the media data into the encrypted streaming media File, completing the encryption of the original streaming media file.
  10. 如权利要求9所述的流媒体加密装置,其特征在于,所述加密模块包括:The streaming media encryption device of claim 9, wherein the encryption module comprises:
    划分单元,用于按预设的数据量划分所述媒体数据,得到各数据片段;a dividing unit, configured to divide the media data by a preset amount of data, to obtain each data segment;
    秘钥单元,用于根据预设的加密秘钥和加密信息,获取所述各数据片段的加密秘钥和加密信息;a key unit, configured to acquire an encryption key and encryption information of each data segment according to a preset encryption key and encryption information;
    加密单元,用于根据所述各数据片段的加密秘钥和加密信息,分别加密所述各数据片段得到各加密盒。And an encryption unit, configured to encrypt each of the data segments according to the encryption key and the encryption information of each data segment to obtain each encryption box.
  11. 如权利要求10所述的流媒体加密装置,其特征在于,所述加密模块还包括:The streaming media encryption device of claim 10, wherein the encryption module further comprises:
    判断单元,用于判断所述各数据片段是否已全部完成加密。The determining unit is configured to determine whether the data segments have all been encrypted.
  12. 如权利要求11所述的流媒体加密装置,其特征在于,所述判断单元还用于,The streaming media encryption device according to claim 11, wherein the determining unit is further configured to:
    根据剩余的媒体数据长度判断所述各数据片段是否已全部完成加密;Determining, according to the remaining media data length, whether each of the data segments has been completely encrypted;
    若剩余的媒体数据长度为零,则所述服务端判定所述各数据片段已全部完成加密;若剩余的媒体数据长度不为零,则判定所述各数据片段未全部完成加密。If the length of the remaining media data is zero, the server determines that the data segments have all been encrypted; if the remaining media data length is not zero, it is determined that the data segments are not all encrypted.
  13. 如权利要求9所述的流媒体加密装置,其特征在于,所述流媒体加密装置还包括:The streaming media encryption device of claim 9, wherein the streaming media encryption device further comprises:
    发布模块,用于向客户端发布所述加密流媒体文件。a publishing module, configured to publish the encrypted streaming media file to a client.
  14. 如权利要求10所述的流媒体加密装置,其特征在于,所述流媒体加密装置还包括:The streaming media encryption device of claim 10, wherein the streaming media encryption device further comprises:
    发布模块,用于向客户端发布所述加密流媒体文件。a publishing module, configured to publish the encrypted streaming media file to a client.
  15. 如权利要求11所述的流媒体加密装置,其特征在于,所述流媒体加密装置还包括:The streaming media encryption device of claim 11, wherein the streaming media encryption device further comprises:
    发布模块,用于向客户端发布所述加密流媒体文件。a publishing module, configured to publish the encrypted streaming media file to a client.
  16. 如权利要求12所述的流媒体加密装置,其特征在于,所述流媒体加密装置还包括:The streaming media encryption device of claim 12, wherein the streaming media encryption device further comprises:
    发布模块,用于向客户端发布所述加密流媒体文件。a publishing module, configured to publish the encrypted streaming media file to a client.
  17. 一种流媒体加密系统,其特征在于,所述流媒体加密系统包括服务端和客户端,其中:A streaming media encryption system, characterized in that the streaming media encryption system comprises a server and a client, wherein:
    所述服务端包括如权利要求9-16所述的任一项装置;The server includes any of the devices of claims 9-16;
    所述客户端,用于从所述服务端获取加密流媒体文件。The client is configured to obtain an encrypted streaming media file from the server.
  18. 如权利要求17所述的流媒体加密系统,其特征在于,所述服务端预设有解密秘钥,所述解密秘钥与所述预设的加密秘钥、加密信息对应,所述客户端还用于,The streaming media encryption system according to claim 17, wherein the server is pre-configured with a decryption key, the decryption key corresponding to the preset encryption key and the encrypted information, the client Also used,
    获取所述加密流媒体文件中加密盒的加密信息,根据所述加密信息从所述服务端获取所述加密盒的解密秘钥;Acquiring the encrypted information of the encrypted box in the encrypted streaming media file, and acquiring the decryption key of the encrypted box from the server according to the encrypted information;
    根据所述解密秘钥,解密所述加密盒得到数据片段;Decrypting the encryption box to obtain a data segment according to the decryption key;
    解析所述数据片段得到媒体内容,将所述媒体内容呈现给用户。Parsing the data segment to obtain media content, presenting the media content to a user.
PCT/CN2016/084856 2015-12-30 2016-06-04 Method, device, and system for streaming media encryption WO2017113610A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201511026456.6 2015-12-30
CN201511026456.6A CN105635149A (en) 2015-12-30 2015-12-30 Streaming media encryption method, device and system

Publications (1)

Publication Number Publication Date
WO2017113610A1 true WO2017113610A1 (en) 2017-07-06

Family

ID=56049639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/084856 WO2017113610A1 (en) 2015-12-30 2016-06-04 Method, device, and system for streaming media encryption

Country Status (2)

Country Link
CN (1) CN105635149A (en)
WO (1) WO2017113610A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242498A (en) * 2022-07-21 2022-10-25 平安国际融资租赁有限公司 Method and device for downloading attachment of application program, electronic equipment and medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635149A (en) * 2015-12-30 2016-06-01 深圳Tcl数字技术有限公司 Streaming media encryption method, device and system
CN106096334B (en) * 2016-06-02 2021-11-19 中国传媒大学 Method and device for encrypting hypermedia data, method and device for decrypting hypermedia data
CN108718312B (en) * 2018-05-22 2020-08-14 朱小军 File online encryption method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155296A (en) * 2006-09-29 2008-04-02 中国科学技术大学 Method for transmitting data
CN101980238A (en) * 2010-11-12 2011-02-23 四川长虹电器股份有限公司 Method for encrypting RM/RMVB file
WO2011066531A2 (en) * 2009-11-30 2011-06-03 General Instrument Corporation System and method for encrypting and decrypting data
CN104639943A (en) * 2015-01-30 2015-05-20 中国科学院信息工程研究所 H.264 coding standard-based general video encryption method and system
CN105162588A (en) * 2015-09-14 2015-12-16 网易(杭州)网络有限公司 Media file encryption/decryption methods and device
CN105635149A (en) * 2015-12-30 2016-06-01 深圳Tcl数字技术有限公司 Streaming media encryption method, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155296A (en) * 2006-09-29 2008-04-02 中国科学技术大学 Method for transmitting data
WO2011066531A2 (en) * 2009-11-30 2011-06-03 General Instrument Corporation System and method for encrypting and decrypting data
CN101980238A (en) * 2010-11-12 2011-02-23 四川长虹电器股份有限公司 Method for encrypting RM/RMVB file
CN104639943A (en) * 2015-01-30 2015-05-20 中国科学院信息工程研究所 H.264 coding standard-based general video encryption method and system
CN105162588A (en) * 2015-09-14 2015-12-16 网易(杭州)网络有限公司 Media file encryption/decryption methods and device
CN105635149A (en) * 2015-12-30 2016-06-01 深圳Tcl数字技术有限公司 Streaming media encryption method, device and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242498A (en) * 2022-07-21 2022-10-25 平安国际融资租赁有限公司 Method and device for downloading attachment of application program, electronic equipment and medium

Also Published As

Publication number Publication date
CN105635149A (en) 2016-06-01

Similar Documents

Publication Publication Date Title
WO2016192270A1 (en) Method and device for rapid opencast of media file
WO2016108468A1 (en) User terminal, service providing apparatus, driving method of user terminal, driving method of service providing apparatus, and encryption indexing-based search system
WO2016175467A1 (en) Source device and control method thereof, and sink device and image quality improvement processing method thereof
WO2012112011A2 (en) Method and apparatus for the seamless playback of content
EP2499780A2 (en) Method and apparatus for providing and receiving data
EP2761880A2 (en) Method and apparatus for transmitting and receiving content
WO2012033319A2 (en) Apparatus and method for providing streaming content
WO2010021493A2 (en) Method and apparatus for transmitting broadcast data, and method and apparatus for receiving broadcast data
WO2009131391A1 (en) Method for generating and playing object-based audio contents and computer readable recording medium for recoding data having file format structure for object-based audio service
WO2019037395A1 (en) Key management method, device and readable storage medium
WO2016186241A1 (en) Data encryption apparatus and method, and data decryption apparatus and method
WO2014069949A1 (en) Method and device for playing content
WO2019196213A1 (en) Interface test method, apparatus and device, and computer-readable storage medium
WO2015012605A1 (en) Method and apparatus for encoding three-dimensional content
WO2015126057A1 (en) Method and apparatus for converting and reproducing contents in storage medium
WO2018023924A1 (en) Television playback control method and system
WO2019083258A1 (en) Data encryption method and electronic apparatus performing data encryption method
WO2017113610A1 (en) Method, device, and system for streaming media encryption
WO2017107378A1 (en) Accelerated video data downloading method and device based on hls stream media
WO2015005708A1 (en) Content reproduction method and device
WO2013065930A1 (en) Media apparatus, content server and method for operating the same
WO2018038579A1 (en) Apparatus and method for providing security service in communication system
WO2018076875A1 (en) Backup data synchronisation method, apparatus, storage medium, electronic device, and server
WO2018034491A1 (en) A primary device, an accessory device, and methods for processing operations on the primary device and the accessory device
WO2016065705A1 (en) Channel list updating method and apparatus, and terminal device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16880418

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 14/11/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16880418

Country of ref document: EP

Kind code of ref document: A1