WO2024032289A1 - Procédé et système de lecture vidéo, plateforme de sécurité vidéo, et dispositif de communication - Google Patents

Procédé et système de lecture vidéo, plateforme de sécurité vidéo, et dispositif de communication Download PDF

Info

Publication number
WO2024032289A1
WO2024032289A1 PCT/CN2023/106411 CN2023106411W WO2024032289A1 WO 2024032289 A1 WO2024032289 A1 WO 2024032289A1 CN 2023106411 W CN2023106411 W CN 2023106411W WO 2024032289 A1 WO2024032289 A1 WO 2024032289A1
Authority
WO
WIPO (PCT)
Prior art keywords
video
information
pipeline
platform
pipe
Prior art date
Application number
PCT/CN2023/106411
Other languages
English (en)
Chinese (zh)
Inventor
梁洁
陈戈
庄一嵘
卢泉
曾其妙
Original Assignee
中国电信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国电信股份有限公司 filed Critical 中国电信股份有限公司
Publication of WO2024032289A1 publication Critical patent/WO2024032289A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8358Generation of protective data, e.g. certificates involving watermark
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Definitions

  • the present disclosure relates to the field of video surveillance technology, specifically, to a video playback method and system, a video security platform, and communication equipment.
  • a video playback method includes: in response to receiving the first video playback request sent by the client, querying the client host for the target service permissions of the corresponding SIM card user, so as to When the SIM card user has the target service authority, an IP pipe is established between the client host and the video platform.
  • the IP pipe is a communication channel established in the IP network; in response to the client passing the IP
  • the second video playback request sent by the pipeline to the video platform determines the target video playback permission of the SIM card user corresponding to the pipeline information of the IP pipeline according to the pipeline information of the IP pipeline; when the SIM card user has the target video Play permission, generate digital watermark information according to the pipeline information of the IP pipeline; send the digital watermark information to the video platform, so that the video platform adds the digital watermark information to the target video and encodes and encrypts it to pass the client Decrypt and play the encoded and encrypted video.
  • the pipeline information of the IP pipeline is IP pipeline identification information
  • generating digital watermark information according to the pipeline information of the IP pipeline includes: generating a corresponding random number according to the IP pipeline identification information; Random numbers serve as the digital watermark information.
  • the sending the digital watermark information to the video platform so that the video platform adds the digital watermark information to the target video includes: sending the random number to the video platform so that the video platform uses the random number as an image.
  • the layer is superimposed on the target video, and the target video is the decoded video to be played.
  • the method further includes: receiving an IP pipeline establishment notification message sent by the broadband access management system, where the IP pipeline establishment notification message is used to indicate that the IP pipeline establishment is completed, so Said IP The pipeline establishment notification message includes pipeline information of the IP pipeline.
  • the client host has a SIMKey; the method further includes: determining the SIMKey card user information and the digital certificate information; and binding the association between the SIMKey card user information and the digital certificate information.
  • the method further includes: determining the corresponding SIMKey card user information based on the pipeline information of the IP pipeline; determining the digital certificate information corresponding to the SIMKey card user information based on the association relationship; and sending the corresponding SIMKey card user information to the video platform.
  • the digital certificate information is provided so that the video platform encrypts the encoded video based on the digital certificate information.
  • the method further includes: receiving an IP pipe removal notification message sent by the broadband access management system, where the IP pipe removal notification message is used to indicate that the IP The pipeline removal is completed, and the IP pipeline removal notification message includes the pipeline information of the IP pipeline.
  • a video security platform including: a first authentication module, a second authentication module, a generating module and a sending module; a first authentication module configured to respond to After receiving the first video playback request sent by the client, query the target service permissions of the client host corresponding to the SIM card user, so that when the SIM card user has the target service permissions, between the client host and the video platform An IP pipe is established between; the IP pipe is a communication channel established in the IP network; the second authentication module is configured to respond to the second video playback request sent by the client to the video platform through the IP pipe, according to the The pipeline information of the IP pipeline determines the target video playback permission of the SIM card user corresponding to the pipeline information of the IP pipeline; the generation module is configured to when the SIM card user has the target video playback permission, according to the IP pipeline The pipeline information generates digital watermark information; the sending module is configured to send the digital watermark information to the video platform, so that the video platform adds the digital watermark information to
  • a video playback system includes a client, a broadband access management system, a video platform and a video security platform, wherein: the client is used to send messages to the video platform. A first video playback request; the video platform is used to forward the first video playback request to the video security platform; the video security platform is used to respond to receiving the first video playback request sent by the client.
  • the broadband access management system is used to provide the target service permissions when the SIM card user has the target service permissions
  • an IP pipe is established between the client host and the video platform, and pipe information related to the IP pipe is sent to the client; the client is also used to send the second step to the video platform through the IP pipe.
  • a video playback request; the video platform is further configured to forward the second video playback request to the video security platform; the video security platform is further configured to determine, based on the pipeline information of the IP pipeline, the The target video playback permission of the SIM card user corresponding to the pipeline information of the IP pipeline; when the SIM card user has the target video playback permission, generate digital watermark information based on the pipeline information of the IP pipeline; and send the said video to the video platform Digital watermark information; the video platform is also used to add the digital watermark information to the target video, encode and encrypt it, and send the encoded and encrypted video to the client; the client is also used to The encoded and encrypted video is decrypted and played.
  • the client host has a SIMKey; the video security platform is also used to: determine the SIMKey card user information and digital certificate information; bind the SIMKey card user information and the digital certificate information. Association relationship; the client is also configured to use the digital certificate information to decrypt and play the encoded and encrypted video.
  • a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed by a processor, the method of any of the above embodiments is implemented.
  • a communication device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform any of the above embodiments via executing the executable instructions Methods.
  • Figure 1 schematically shows one of the schematic flow charts of a video playback method according to an embodiment of the present disclosure.
  • FIG. 2 schematically shows a flowchart of a digital certificate transmission process in SIMKey according to an embodiment of the present disclosure.
  • Figure 3 schematically shows the second schematic flowchart of a video playback method according to an embodiment of the present disclosure.
  • Figure 4 schematically shows a resulting block diagram of a video playback platform according to one embodiment of the present disclosure.
  • Figure 5 schematically shows a system architecture diagram of a video playback system according to an embodiment of the present disclosure.
  • Figure 6 schematically illustrates an exemplary communications device block diagram according to one embodiment of the present disclosure.
  • Example embodiments will now be described more fully with reference to the accompanying drawings.
  • Example embodiments may, however, be embodied in various forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concepts of the example embodiments.
  • the described features, structures or characteristics may be combined in any suitable manner in one or more embodiments.
  • numerous specific details are provided to provide a thorough understanding of embodiments of the disclosure.
  • those skilled in the art will appreciate that the technical solutions of the present disclosure may be practiced without one or more of the specific details being omitted, or other methods, components, devices, steps, etc. may be adopted.
  • well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the disclosure.
  • a video playback method may include the following steps S110-S140.
  • Step S110 in response to receiving the first video playback request sent by the client, query the target service permissions of the client host corresponding to the SIM card user, so that if the SIM card user has the target service permissions, the client host and the video platform Establish IP pipes between them.
  • the first video play request may be generated by the user's operation on the front-end page, for example, the user clicks to play the video, etc.
  • the first video playback request may include identification information of the video to be played, industry Service type information (such as video service, voice service, ring back tone service, etc.), service number information, etc., may also include request time, requesting user information (such as user identification information, user account information, user name information, etc.), this example No restrictions.
  • the user information corresponding to the SIM card of the client host can be queried in the information database through the requesting user information carried in the first video playback request.
  • the SIM card user information may include the user type of the SIM card, user identification, Information such as services activated by the user determines whether the SIM card user has activated the video service (target service). When the SIM card user activates the video service (target service), an IP pipeline is established between the client host and the video platform.
  • the IP (Internet Protocol) pipeline refers to a communication channel established in the IP network.
  • an IP pipe can be formed by establishing a VXLAN (Virtual eXtensible Local Area Network) tunnel in the IP network.
  • VXLAN is one of the NVO3 (Network Virtualization over Layer 3) standard technologies defined by IETF (The Internet Engineering Task Force, International Internet Engineering Task Force). It uses the L2over L4 (MAC-in-UDP) message encapsulation mode to combine the two Layer 2 packets are encapsulated using Layer 3 protocols, which enables the Layer 2 network to be expanded within the Layer 3 range, while meeting the needs of large Layer 2 virtual migration and multi-tenancy in the data center.
  • L2over L4 MAC-in-UDP
  • the VXLAN tunnel is used to transmit VXLAN encapsulated packets. It is a virtual channel established between two VTEPs (VXLAN Tunnel Endpoints, VXLAN tunnel endpoints).
  • VTEP is the edge device of the VXLAN network and is the starting point and the starting point of the VXLAN tunnel. end.
  • the starting point and end point of the VXLAN tunnel are the client host and video platform.
  • other methods can also be used to establish IP pipes, and this example does not limit this.
  • Step S120 In response to the second video playback request sent by the client to the video platform through the IP pipe, determine the target video playback permission of the SIM card user corresponding to the pipe information of the IP pipe according to the pipe information of the IP pipe.
  • the broadband access management system will allocate an IP address for the client to access the video platform.
  • the client is triggered to send a second video playback request to the video platform.
  • the second video playback request is a video playback request initiated after the IP pipe is established.
  • it may also include pipe information of the IP pipe (such as IP pipe ID).
  • it may also include the first All or part of the information contained in the video request, such as identification information of the video to be played, requesting user information, etc. This example does not limit this.
  • the SIM card user information can be determined based on the pipe information of the IP pipe, and then whether the SIM card user has the playback permission for the requested target video is queried in the information database.
  • the user's target video playback permission is determined.
  • Step S130 When the SIM card user has the target video playback permission, digital watermark information is generated based on the pipeline information of the IP pipeline.
  • the pipeline information of the IP pipeline may include IP pipeline identification information, IP pipeline number, two endpoint information of the IP pipeline, IP pipeline establishment time, end time and other information, and may also include other information related to the IP pipeline. information, this example does not limit this.
  • digital watermark information can be generated for the SIM card user's current video playback request.
  • the digital watermark information can be generated based on the pipeline information of the IP pipeline.
  • a series of numbers or serial numbers For example, a random number or a random serial number can be generated based on the IP pipeline ID, or certain rules can be used to generate digital watermark information.
  • the IP pipeline ID can be hashed to generate digital watermark information, or it can be It is other custom or existing mapping rules, which are not limited in this example.
  • Step S140 Send digital watermark information to the video platform, so that the video platform adds digital watermark information to the target video, encodes and encrypts it, and decrypts and plays the encoded and encrypted video through the client.
  • the digital watermark information can be added to the target video in a customized manner or in an existing way of adding digital watermarks.
  • the digital watermark information can be added to the target video in a layer manner.
  • the video data is encoded and encrypted, and then decrypted and played through the client.
  • the played video has digital watermark information to facilitate tracking of video remakes.
  • an IP pipeline is established between the client host and the video platform, and in response to the client sending to the video platform through the IP pipeline
  • the second video playback request determines the target video playback permission of the SIM card user corresponding to the pipeline information of the IP pipeline; when the SIM card user has the target video playback permission, generates digital watermark information based on the pipeline information of the IP pipeline; and adds it to the target video Digital watermark information.
  • the pipeline information of the IP pipeline is added to the target video through digital watermarks, so that the reproduced video has a digital watermark, so that video tracking can be realized based on the digital watermark information, and the remake user information can be determined, thereby reducing the causes of such incidents to a certain extent.
  • the video acquisition process in the IP network is realized by establishing IP pipelines, allowing network operators to track the actual geographical location of the target video player through the access gateway and achieve precise positioning of the target video player.
  • the pipeline information of the IP pipeline is IP pipeline identification information
  • generating digital watermark information based on the pipeline information of the IP pipeline includes the following steps:
  • the first step is to generate the corresponding random number based on the IP pipeline identification information.
  • a random number with a fixed number of bits (such as 16 or 32) can be generated according to the IP pipe ID.
  • the corresponding relationship between the IP pipe ID and the random number can be recorded so that the video remake player can be located during the subsequent video tracking process.
  • the second step is to use random numbers as digital watermark information.
  • the random number can be sent to the video platform as digital watermark information, and the video platform can superimpose the random number as a layer in the decoded video to be played (target video).
  • the digital watermark information is presented as part of the target video during playback.
  • the method further includes: receiving an IP pipeline establishment notification message sent by the broadband access management system.
  • the IP pipeline establishment notification message is used to indicate that the IP pipeline establishment is completed.
  • the IP pipeline establishment notification message includes IP Pipeline information for the pipe.
  • the broadband access management system can send the IP pipeline related information to the video security platform for storage.
  • the IP pipeline establishment notification message can include the IP pipeline related information.
  • the IP pipeline related information can Including pipeline information of the IP pipeline, such as IP pipeline identification information, IP pipeline establishment time, etc., and may also include target video identification information, user ID, user IP address, user access gateway information (such as the actual geographical location of the access gateway or/and Access gateway identification information), etc., may also include other information, such as IP pipeline status information (such as existence or removal), which is not limited in this example.
  • IP pipeline related information can be recorded as video CDR (Call Detail Record (Call Detail Record).
  • the client host has a SIMKey; the method also includes the following steps S210-S250.
  • Step S210 determine the SIMKey card user information and digital certificate information.
  • the user can be a SIMKey user
  • the video security platform can determine the SIMKey card user information and digital certificate information by querying SIMKey.
  • Step S220 Bind the association between the SIMKey card user information and the digital certificate information.
  • the user information associated with the SIMKey and the digital certificate information can be bound in advance on the video security platform, so that the SIMKey card user information can determine the corresponding digital certificate information.
  • Step S230 Determine corresponding SIMKey card user information based on the pipe information of the IP pipe.
  • the IP pipeline is established based on the SIMKey card user's first video playback request, and the two are in one-to-one correspondence. Therefore, the SIMKey card user information can be determined through the pipeline information of the IP pipeline.
  • Step S240 Determine the digital certificate information corresponding to the SIMKey card user information based on the association relationship.
  • the digital certificate information corresponding to the SIMKey card user information can be determined based on the bound association relationship.
  • Step S250 Send the digital certificate information to the video platform, so that the video platform generates a symmetric key based on the digital certificate information to encrypt the encoded video.
  • the digital certificate information can be used as a video key to encrypt the encoded video, and then the encrypted video stream is returned to the client through the IP pipe.
  • the client uses the digital certificate in the SIMKey as the user's private key to encrypt the video. Decrypted playback can prevent the video from being maliciously attacked or intercepted, ensuring the security of the online video playback process.
  • the method further includes: receiving an IP pipe removal notification message sent by the broadband access management system, where the IP pipe removal notification message is used to indicate that the IP pipe removal is completed,
  • the IP pipe removal notification message includes pipe information of the IP pipe.
  • the broadband access management system dismantles the IP pipeline established for the target video and notifies the video security platform.
  • the IP pipe removal notification message may include IP pipe identification information and may also include other IP pipe related information, such as removal time, etc. This example does not limit this.
  • the video security platform receives the IP pipe removal notification message, it can update the information in the video CDR, for example, update the status of the IP pipe from the existing status to the demolition status.
  • This disclosure establishes an IP pipeline according to the first video playback request, and immediately dismantles the IP pipeline after the video playback is completed, realizing the construction and disassembly of IP pipelines. Every time the user accesses a video content, a new pipeline is created, and after the video is played, a new pipeline is created. The removal of IP pipelines will not affect the IP network.
  • the specific video playback process of the present disclosure may include the following steps S301-S318.
  • Step S301 The client triggers a video playback operation, and the client sends a first video playback request to the broadband access management system.
  • Step S302 The broadband access management system forwards the first video playback request to the video security platform.
  • Step S303 The video security platform performs an authentication on the first video playback request.
  • the primary authentication may be to query the video service permissions of the SIMKey card user to determine whether the SIM card user has the video service permissions. If so, go to step S303, otherwise a no permission reminder will be returned.
  • Step S304 The video security platform returns an authentication result to the broadband access management system.
  • Step S305 When the authentication is passed, the broadband access management system establishes an IP pipe based on the first video playback request.
  • Step S306 The broadband access management system notifies the video security platform of the IP pipe-related information, so that the video security platform stores the IP pipe-related information to facilitate subsequent tracking of video playback.
  • Step S307 The broadband access management system allocates an IP address to the client according to the IP pipe and sends pipe information of the IP pipe.
  • Step S308 The client sends a second video playback request to the video platform through the IP pipe.
  • Step S309 The video platform forwards the second video playback request to the video security platform for secondary authentication.
  • secondary authentication refers to determining whether the SIMKey card user corresponding to the pipe information of the IP pipe has the target video playback permission.
  • the corresponding SIMKey card user information can be determined based on the pipeline information of the IP pipeline, and then the target video playback permission can be determined based on the SIMKey card user information.
  • Step S310 The video security platform generates digital watermark information based on the pipeline information of the IP pipeline for the request that the secondary authentication passes.
  • Step S311 the video security platform returns the digital watermark information and secondary authentication results to the video platform.
  • Step S312 The video security platform determines the digital certificate information corresponding to the current second video playback request based on the association between the bound SIMKey card user information and the digital certificate information, and returns the digital certificate information to the video platform.
  • the association in this example is bound in advance on the video security platform.
  • Step S313 The video platform adds digital watermark information to the target video and encodes it.
  • Step S314 The video platform uses the digital certificate information and symmetric key to encrypt the encoded video.
  • Step S315 the video platform reports the symmetric key to the key management system.
  • Step S316 The video platform sends the encrypted video to the client through the IP pipe.
  • Step S317 The client obtains the symmetric key from the key management system.
  • the symmetric key is obtained through the user's private key and key exchange algorithm. Existing key exchange algorithms can be used and will not be described again here.
  • Step S318 The client uses the digital certificate information and symmetric key in SIMKey to decrypt and play the encrypted video.
  • This disclosure establishes an IP pipeline between the client host and the video platform when the SIMkey card user has the target business permissions; determines the target video playback permissions of the corresponding SIM card user based on the pipeline information of the IP pipeline; when the SIMkey card user It has the permission to play the target video and generates digital watermark information based on the pipeline information of the IP pipeline; adds digital watermark information to the target video, encodes and encrypts it, and transmits the encrypted video to the client through the IP pipeline, and the client further obtains the video through the digital certificate of SIMkey.
  • Video key for decryption and playback This disclosure can conduct subsequent tracing after the network surveillance video is reproduced during playback, thereby improving the security of the network surveillance video.
  • this disclosure is aimed at the situation where USBkey is used as the user's private key and a communication tunnel is established through VPN (virtual private networks, virtual private network) in related technologies. Since the VPN uses a private network address, it is difficult for the video platform to track the video player's identity. A matter of actual geographical location. On the other hand, for related technologies, although generally Video encryption protects the security of the video during transmission and storage, but there is still a risk of the video being copied and spread during playback.
  • this disclosure uses SIMKey-based IP pipelines to realize the creation of new IP pipelines on fixed broadband and mobile broadband through the broadband access management system of telecom operators (i.e., IP core network). Since the IP pipeline is located in IP network, allowing telecom operators to record the actual geographical location of both ends of the pipeline in real time. For example, the location of the video player can be determined by determining the actual geographical location of the access gateway.
  • This disclosure aims at another aspect of the above problems, generating digital watermark information through IP pipeline information, and adding digital watermark information to the target video, so that the played video contains digital watermark information, that is, superimposing the user information of the video player onto the video , so that the reproduced video can be tracked.
  • this disclosure can, on the one hand, correspond to IP pipelines, SIMKey card users and digital certificates, thereby achieving accurate tracking of video players.
  • digital certificates can be used to encrypt and decrypt videos, and the security of the video playback process can be improved through digital certificates.
  • the present disclosure can be applied to scenarios such as video surveillance, video networking, or video cloud.
  • the present disclosure can provide users with highly secure and traceable video services through the IP pipeline of telecom operators; it can further enhance the value of the IP service network through the binding of IP services and video services.
  • this example embodiment also provides a video security platform 400;
  • the video security platform 400 may include: a first authentication module 410, a second authentication module 420, a generating module 430 and a sending module 440;
  • the authentication module 410 is configured to, in response to receiving the first video playback request sent by the client, query the target service permissions of the client host corresponding to the SIM card user, so that if the SIM card user has the target service permissions, the client An IP pipe is established between the end host and the video platform;
  • the IP pipe is a communication channel established in the IP network;
  • the second authentication module 420 is configured to respond to the second video playback request sent by the client to the video platform through the IP pipe , according to the pipeline information of the IP pipeline, determine the target video playback permission of the SIM card user corresponding to the target IP address;
  • the generation module 430 is configured to generate a digital watermark based on the pipeline information of the IP pipeline when the SIM card user has the target video playback permission.
  • Information sending module 440 is
  • the pipeline information of the IP pipeline is IP pipeline identification information
  • the generation module 430 is also configured to: generate corresponding random numbers according to the IP pipeline identification information; and use the random numbers as digital watermark information.
  • the sending module 440 is also configured to: send the random number to the video platform, so that the video platform superimposes the random number as a layer on the target video, and the target video is the decoded video to be played.
  • the video security platform 400 further includes: a receiving module.
  • the receiving module is configured to receive an IP pipeline establishment notification message sent by the broadband access management system after the IP pipeline is established.
  • the IP pipeline establishment notification message is To indicate completion of IP pipe establishment, the IP pipe establishment notification message includes pipe information of the IP pipe.
  • the client host has SIMKey;
  • the video security platform 400 also includes: a first determination module and a binding module, the first determination module is configured to determine SIMKey card user information and digital certificate information; binding The module is configured to bind the association between SIMKey card user information and digital certificate information.
  • the video security platform 400 further includes: a second determination module and a third determination module.
  • the second determination module is configured to determine the corresponding SIMKey card user information according to the pipeline information of the IP pipeline; the third determination module The determination module is configured to determine the digital certificate information corresponding to the SIMKey card user information based on the association relationship;
  • the sending module 440 is also configured to send digital certificate information to the video platform, so that the video platform encrypts the encoded video according to the digital certificate information.
  • the receiving module is further configured to: after the client decrypts and plays the encoded and encrypted video, receive an IP pipeline removal notification message sent by the broadband access management system, and the IP pipeline removal notification message is used to Indicates that the IP pipe removal is completed, and the IP pipe removal notification message includes the pipe information of the IP pipe.
  • this example embodiment also provides a video playback system 500.
  • the system 500 includes a client 510, a broadband access management system 520, a video platform 530 and a video security platform 540, where:
  • the client 510 is used to send the first video playback request to the video platform; the video platform 530 is used to forward the first video playback request to the video security platform; the video security platform 540 is used to respond to receiving the first video playback request sent by the client.
  • Video playback request query the client host corresponding to the target service permissions of the SIM card user, and send the query results to the broadband access management system; the broadband access management system 520 is used to perform the video playback when the SIM card user has the target service permissions.
  • the client 510 is also used to send a second video playback request to the video platform through the IP pipe; the video platform 530 is also used to Forward the second video playback request to the video security platform; the video security platform 540 is also used to determine the target video playback permission of the SIM card user corresponding to the pipe information of the IP pipe according to the pipe information of the IP pipe; when the SIM card user has The target video playback permission generates digital watermark information based on the pipeline information of the IP pipeline; sends the digital watermark information to the video platform; the video platform 530 is also used to add digital watermark information to the target video, encode and encrypt it, and encode and encrypt the video Sent to the client; the client 510 is also used to decrypt and play the encoded and encrypted video.
  • the system 500 also includes a key management system 550.
  • the key management system 550 is configured to receive the symmetric key reported by the video platform; and respond to the key acquisition request sent by the client. , sending the requested symmetric key to the client so that the client can decrypt the encoded and encrypted video.
  • the client host has a SIMKey; the video security platform is also used to: determine the SIMKey card user information and digital certificate information; bind the SIMKey card user information and the digital certificate information. The association between certificate information; the client is also configured to use the digital certificate information to decrypt and play the encoded and encrypted video.
  • the client can be installed on a user terminal with SIMKey.
  • the terminal includes but is not limited to mobile phones, computers, intelligent voice interaction devices, smart home appliances, vehicle-mounted terminals, etc., such as smart phones, tablets, and laptops. , computers and other electronic devices that can realize video playback, this example is not limited to this.
  • the broadband access management system, video platform, video security platform, and key management system can be physical servers, cloud servers, virtual servers, etc. respectively. This example does not limit this.
  • the present disclosure also provides a computer-readable medium.
  • the computer-readable medium may be included in the device described in the above embodiments; it may also exist separately without being assembled into the device.
  • the above computer-readable medium carries one or more programs. When the above one or more programs are executed by a device, the device implements the method in the following embodiments. For example, the device can implement the various steps shown in Figures 1 to 3, etc.
  • the computer-readable medium shown in the present disclosure may be a computer-readable signal medium or a computer-readable medium. machine-readable storage medium or any combination of the above two.
  • the computer-readable storage medium may be, for example, but is not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or any combination thereof. More specific examples of computer readable storage media may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard drive, random access memory (RAM), read only memory (ROM), removable Programmd read-only memory (EPROM or flash memory), fiber optics, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
  • a computer-readable storage medium may be any tangible medium that contains or stores a program for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code therein. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above.
  • a computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium that can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device .
  • Program code embodied on a computer-readable medium may be transmitted using any suitable medium, including but not limited to: wireless, wire, optical cable, RF, etc., or any suitable combination of the foregoing.
  • a device capable of implementing the above method is also provided.
  • a device capable of implementing the above method.
  • aspects of the present disclosure may be implemented as systems, methods, or program products. Therefore, various aspects of the present disclosure may be embodied in the following forms, namely: a complete hardware embodiment, a complete software embodiment (including firmware, microcode, etc.), or an embodiment combining hardware and software aspects, which may be collectively referred to herein as "Circuit", "Module” or "System”.
  • FIG. 6 is a schematic structural diagram of a communication device provided by an embodiment of the present disclosure.
  • the communication device 600 includes a processor 610 , a memory 620 , a transceiver 630 and a communication bus 640 .
  • the processor 610 is connected to the memory 620 and the transceiver 630.
  • the processor 610 may be connected to the memory 620 and the transceiver 630 through a communication bus 640.
  • the processor 610 is configured to support the communication device to perform corresponding functions in the video playback methods in Figures 1-3.
  • the processor 610 can be a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), a hardware chip, or any combination thereof.
  • CPU Central Processing Unit
  • NP Network Processor
  • the above-mentioned hardware chip can be an application-specific integrated circuit (Application-Specific Integrated Circuit, ASIC), a programmable logic device (Programmable Logic Device, PLD) or a combination thereof.
  • ASIC Application-Specific Integrated Circuit
  • PLD programmable logic device
  • the above-mentioned PLD can be a complex programmable logic device (Complex Programmable Logic Device, CPLD), a field-programmable gate array (Field-Programmable Gate Array, FPGA), a general array logic (Generic Array Logic, GAL) or any combination thereof.
  • the memory 620 is used to store program codes and the like.
  • the memory 620 may include volatile memory (VolatileMemory, VM), such as random access memory (Random Access Memory, RAM); the memory 620 may also include non-volatile memory (Non-Volatile Memory, NVM), such as read-only memory. (Read-Only Memory, ROM), flash memory (flash memory), hard disk (Hard Disk Drive, HDD) or solid-state drive (Solid-State Drive, SSD); the memory 620 may also include a combination of the above types of memory.
  • volatile memory VolatileMemory, VM
  • RAM random access memory
  • NVM non-volatile Memory
  • NVM non-volatile Memory
  • read-only memory Read-Only Memory
  • flash memory flash memory
  • HDD Hard Disk Drive
  • SSD solid-state drive
  • the transceiver 630 is used to receive or transmit data.
  • the processor 610 can call the above program code to perform the following operations:
  • IP pipeline is established between the IP pipeline and the IP pipeline.
  • the IP pipeline is a communication channel established in the IP network; in response to the second video playback request sent by the client to the video platform through the IP pipeline, the IP pipeline is determined according to the pipeline information of the IP pipeline.
  • the digital watermark information is encoded and encrypted to decrypt and play the encoded and encrypted video through the client.
  • the pipeline information of the IP pipeline is IP pipeline identification information.
  • the above-mentioned processor 610 can also generate digital watermark information based on the pipeline information of the IP pipeline and perform the following operations:
  • processor 610 can also perform the following operations:
  • IP pipeline establishment notification message sent by the broadband access management system is received.
  • the IP pipeline establishment notification message is used to indicate that the IP pipeline establishment is completed.
  • the IP pipeline establishment notification message includes pipeline information of the IP pipeline.
  • processor 610 can also perform the following operations:
  • processor 610 can also perform the following operations:
  • the above-mentioned processor 610 can also perform the following operations: after the client decrypts and plays the encoded and encrypted video, receive an IP pipe removal notification message sent by the broadband access management system.
  • the IP pipe removal notification message is used to indicate the IP
  • the pipeline removal is completed, and the IP pipeline removal notification message includes the pipeline information of the IP pipeline.
  • each operation may also correspond to the corresponding description with reference to the method embodiments shown in FIGS. 1-3; the above-mentioned processor 610 may also cooperate with the transceiver 630 to perform other operations in the above-mentioned method embodiments.
  • the example embodiments described here can be implemented by software, or can be implemented by software combined with necessary hardware. Therefore, the technical solution according to the embodiment of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , including a number of instructions to cause a device to perform a method according to an embodiment of the present disclosure.
  • a non-volatile storage medium which can be a CD-ROM, U disk, mobile hard disk, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un procédé de lecture vidéo comprenant les étapes suivantes : lorsqu'un abonné à carte SIMKey dispose d'une autorisation de service cible, établissement d'un pipeline IP entre un hôte client et une plateforme vidéo (S110) ; selon des informations de pipeline du pipeline IP, détermination d'une autorisation de lecture vidéo cible de l'abonné de carte SIMKey correspondant (S120) ; lorsque l'abonné de carte SIMKey dispose de l'autorisation de lecture vidéo cible, génération d'informations de filigrane numérique selon les informations de pipeline du pipeline IP (S130) ; et ajout des informations de filigrane numérique à une vidéo cible, codage et chiffrement de la vidéo cible, et transmission de la vidéo chiffrée au client au moyen du pipeline IP, de sorte que le client acquiert également une clé vidéo au moyen d'un certificat numérique de SIMkey, et déchiffre la vidéo chiffrée et la lise (S140). Selon la présente divulgation, après qu'une vidéo de surveillance de réseau est copiée pendant la lecture, un traçage de suivi peut être réalisé, ce qui permet d'améliorer la sécurité de la vidéo de surveillance de réseau.
PCT/CN2023/106411 2022-08-12 2023-07-07 Procédé et système de lecture vidéo, plateforme de sécurité vidéo, et dispositif de communication WO2024032289A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210970479.6 2022-08-12
CN202210970479.6A CN115334356B (zh) 2022-08-12 2022-08-12 视频播放方法和系统、视频安全平台、通信设备

Publications (1)

Publication Number Publication Date
WO2024032289A1 true WO2024032289A1 (fr) 2024-02-15

Family

ID=83922955

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/106411 WO2024032289A1 (fr) 2022-08-12 2023-07-07 Procédé et système de lecture vidéo, plateforme de sécurité vidéo, et dispositif de communication

Country Status (2)

Country Link
CN (1) CN115334356B (fr)
WO (1) WO2024032289A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115334356B (zh) * 2022-08-12 2024-02-23 中国电信股份有限公司 视频播放方法和系统、视频安全平台、通信设备
CN117221482A (zh) * 2023-07-05 2023-12-12 中瑞科技术有限公司 一种视频监控调度方法和视频监控调度设备

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080276309A1 (en) * 2006-07-06 2008-11-06 Edelman Lance F System and Method for Securing Software Applications
US20130219166A1 (en) * 2012-02-20 2013-08-22 Motorola Mobility, Inc. Hardware based identity manager
CN107734584A (zh) * 2017-09-30 2018-02-23 广东欧珀移动通信有限公司 网络连接切换的方法和装置、计算机设备、可读存储介质
CN108322469A (zh) * 2018-02-05 2018-07-24 北京百度网讯科技有限公司 信息处理系统、方法和装置
CN109657429A (zh) * 2018-09-27 2019-04-19 深圳壹账通智能科技有限公司 视频资源管理方法、设备、系统及计算机可读存储介质
CN110996137A (zh) * 2019-12-05 2020-04-10 浙江大华技术股份有限公司 一种视频处理方法及装置
CN111083530A (zh) * 2019-12-30 2020-04-28 广东南方新媒体股份有限公司 一种互联网播控平台的drm集成方法、系统、装置和存储介质
CN115334356A (zh) * 2022-08-12 2022-11-11 中国电信股份有限公司 视频播放方法和系统、视频安全平台、通信设备

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9654360B1 (en) * 2016-02-29 2017-05-16 Wowza Media Systems, LLC Coordinating analytics between media player and server
CN106961614B (zh) * 2017-02-22 2020-04-21 北京奇艺世纪科技有限公司 一种加密视频网络播放的方法和系统
CN110197241A (zh) * 2018-02-24 2019-09-03 南京百利通信息技术有限责任公司 基于4g/5g网络和二维码扫描识别的记录系统及方法
CN110267115B (zh) * 2019-06-17 2022-04-01 东软集团股份有限公司 一种视频安全控制方法、装置、设备及介质
CN112333559A (zh) * 2020-10-29 2021-02-05 重庆紫光华山智安科技有限公司 数据处理方法和装置、服务器及存储介质

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080276309A1 (en) * 2006-07-06 2008-11-06 Edelman Lance F System and Method for Securing Software Applications
US20130219166A1 (en) * 2012-02-20 2013-08-22 Motorola Mobility, Inc. Hardware based identity manager
CN107734584A (zh) * 2017-09-30 2018-02-23 广东欧珀移动通信有限公司 网络连接切换的方法和装置、计算机设备、可读存储介质
CN108322469A (zh) * 2018-02-05 2018-07-24 北京百度网讯科技有限公司 信息处理系统、方法和装置
CN109657429A (zh) * 2018-09-27 2019-04-19 深圳壹账通智能科技有限公司 视频资源管理方法、设备、系统及计算机可读存储介质
CN110996137A (zh) * 2019-12-05 2020-04-10 浙江大华技术股份有限公司 一种视频处理方法及装置
CN111083530A (zh) * 2019-12-30 2020-04-28 广东南方新媒体股份有限公司 一种互联网播控平台的drm集成方法、系统、装置和存储介质
CN115334356A (zh) * 2022-08-12 2022-11-11 中国电信股份有限公司 视频播放方法和系统、视频安全平台、通信设备

Also Published As

Publication number Publication date
CN115334356B (zh) 2024-02-23
CN115334356A (zh) 2022-11-11

Similar Documents

Publication Publication Date Title
CN110971415B (zh) 一种天地一体化空间信息网络匿名接入认证方法及系统
WO2024032289A1 (fr) Procédé et système de lecture vidéo, plateforme de sécurité vidéo, et dispositif de communication
US20200076606A1 (en) Blockchain key storage on sim devices
RU2344554C2 (ru) Способ межобъектного соединения, устройство и система для защиты содержимого
CN101268651B (zh) 用于流式多媒体内容的权限管理系统
WO2017114123A1 (fr) Procédé de configuration de clé et centre de gestion de clé, et élément de réseau
US20150264724A1 (en) Method and system of establishing wireless communication connection
CN109981633B (zh) 访问服务器的方法、设备及计算机可读存储介质
CN101496327A (zh) 用于流式多媒体内容的权限管理系统
CN110177099B (zh) 基于非对称加密技术的数据交换方法、发送终端和介质
EP3479540A1 (fr) Acheminement de contenu sécurisé à sauts multiples sur la base de signatures aveugles partielles cryptographiques et de termes intégrés
JP2019514314A (ja) 暗号化メッセージを送受信するために動的公開鍵インフラストラクチャを用いる方法、システム、及び媒体
CN114866964B (zh) 基于邻近服务的消息传输方法、装置、电子设备及介质
WO2023241176A1 (fr) Procédé et appareil de communication, dispositif, support de stockage et produit de programme
CN111193755B (zh) 数据访问、数据加密方法及数据加密与访问系统
CN111181944B (zh) 通信系统及信息发布方法、装置、介质、设备
CN112866981B (zh) 一种签约数据的管理方法、装置
KR20080080152A (ko) 이동 유닛 인증 방법
CN115022850A (zh) 一种d2d通信的认证方法、装置、系统、电子设备及介质
CN114417309A (zh) 一种双向身份验证方法、装置、设备及存储介质
CN114095277A (zh) 配电网安全通信方法、安全接入设备及可读存储介质
CN111901335B (zh) 基于中台的区块链数据传输管理方法及系统
WO2022041151A1 (fr) Procédé de vérification de dispositif, dispositif et nuage
CN113535852A (zh) 基于区块链的文件处理方法、文件访问方法、装置及系统
CN115801252B (zh) 一种结合量子加密技术的安全云桌面系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23851514

Country of ref document: EP

Kind code of ref document: A1