CN120238676B - Video encryption method, video encryption device and computer storage medium - Google Patents
Video encryption method, video encryption device and computer storage mediumInfo
- Publication number
- CN120238676B CN120238676B CN202510708083.8A CN202510708083A CN120238676B CN 120238676 B CN120238676 B CN 120238676B CN 202510708083 A CN202510708083 A CN 202510708083A CN 120238676 B CN120238676 B CN 120238676B
- Authority
- CN
- China
- Prior art keywords
- video
- key
- encryption
- storage
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The application provides a video encryption method, a video encryption device and a computer storage medium. The video encryption method comprises the steps of obtaining a first encryption code stream from video acquisition equipment, wherein an identification number of a video encryption key is stored in a transmission auxiliary frame in the first encryption code stream, obtaining a storage key, encrypting the video encryption key of the transmission auxiliary frame by using the video encryption key in the storage key, generating a storage auxiliary frame according to the video encryption key identification number of the storage key and the encrypted video encryption key, inserting the storage auxiliary frame into the first encryption code stream, generating a second encryption code stream and storing the second encryption code stream into a storage medium. By the video encryption method, the transmission encryption frame and the storage encryption auxiliary frame are designed, so that efficient encryption transmission and storage of the video cloud storage data stream are realized.
Description
Technical Field
The present application relates to the field of video cloud storage technologies, and in particular, to a video encryption method, a video encryption device, and a computer storage medium.
Background
With the development of cloud computing technology, video cloud storage services are widely used. However, security problems of video data during transmission and storage are increasingly prominent. The traditional encryption method has the defects of low encryption efficiency on massive video data, large influence on cloud storage performance and the like. A
Disclosure of Invention
In order to solve the technical problems, the application provides a video encryption method, a video encryption device and a computer storage medium.
In order to solve the technical problems, the application provides a video encryption method, which is applied to a video encryption platform in a video encryption system, and comprises the following steps:
acquiring a first encryption code stream from video acquisition equipment, wherein an identification number of a video encryption key is stored in a transmission auxiliary frame in the first encryption code stream;
Acquiring a storage key, and encrypting a video encryption key of the transmission auxiliary frame by utilizing the video key encryption key in the storage key;
Generating a storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key;
and inserting the storage auxiliary frame into the first encrypted code stream, generating a second encrypted code stream and storing the second encrypted code stream into a storage medium.
The transmission auxiliary frame is generated by the video acquisition equipment writing the identification number of the video encryption key into a key frame expansion frame head of a video code stream.
Wherein the storage assistance frame includes an additional data field and an overall data field;
the generating a storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key comprises the following steps:
Writing a video key encryption key identification number of the storage key into an integral data field of the storage auxiliary frame;
writing the encrypted video encryption key into an additional data field of the storage auxiliary frame.
Wherein said inserting said storage auxiliary frame into said first encrypted stream comprises:
The storage auxiliary frame is inserted into a head position and/or a tail position of the first encrypted stream.
The video encryption method further comprises the following steps:
And generating a random symmetric key, and sending the encrypted random symmetric key to the video acquisition equipment so that the video acquisition equipment can generate a video encryption key by using the encrypted random symmetric key.
In order to solve the technical problem, the application also provides another video encryption method, which is characterized in that the video encryption method is applied to a video encryption system, wherein the video encryption system comprises video acquisition equipment, a video encryption platform and a storage medium, and the video encryption method comprises the following steps:
The video acquisition equipment encrypts a video code stream by using a video encryption key to obtain an encrypted code stream;
the video acquisition equipment generates a transmission auxiliary frame according to the identification number of the video encryption key;
the video encryption platform acquires the transmission auxiliary frame and the encryption code stream from the video acquisition equipment;
the video encryption platform acquires a storage key and encrypts a video encryption key of the transmission auxiliary frame by utilizing the video key encryption key in the storage key;
the video encryption platform generates a storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key;
the video encryption platform stores the storage assistance frame and the encrypted stream to the storage medium.
Wherein, the video encryption system also comprises a client;
the video encryption method further comprises the following steps:
Responding to a real-time video query instruction of the client, and sending the storage auxiliary frame and the encrypted code stream to the client by the video encryption platform;
The client acquires the storage key and the encrypted video encryption key based on the storage auxiliary frame;
The client decrypts the encrypted video encryption key by utilizing the video key encryption key in the storage key to obtain the video encryption key;
and the client decodes the encrypted code stream by using the video encryption key to acquire and play the decoded code stream.
Wherein, the video encryption system also comprises a client;
the video encryption method further comprises the following steps:
Responding to a historical video playback instruction of the client, and reading the storage auxiliary frame and the encrypted code stream from the storage medium by the video encryption platform;
The video encryption platform analyzes the video key encryption key identification number in the storage auxiliary frame, and queries a corresponding video key encryption key by utilizing the video key encryption key identification number;
The video encryption platform decrypts the encrypted video encryption key by utilizing the video key encryption key to obtain the video encryption key;
the video encryption platform sends the video encryption key and the encryption code stream to the client;
and the client decodes the encrypted code stream by using the video encryption key to acquire and play the decoded code stream.
In order to solve the technical problem, the application also provides a video encryption device, which comprises a memory and a processor coupled with the memory, wherein the memory is used for storing program data, and the processor is used for executing the program data to realize the video encryption method.
In order to solve the above technical problem, the present application further provides a computer storage medium for storing program data, which when executed by a computer, is configured to implement the video encryption method.
Compared with the prior art, the method has the beneficial effects that the video encryption platform acquires the first encryption code stream from the video acquisition equipment, wherein the identification number of the video encryption key is stored in the transmission auxiliary frame in the first encryption code stream, acquires the storage key, encrypts the video encryption key of the transmission auxiliary frame by utilizing the video key encryption key in the storage key, generates the storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key, inserts the storage auxiliary frame into the first encryption code stream, generates the second encryption code stream and stores the second encryption code stream into a storage medium. By the video encryption method, the transmission encryption frame and the storage encryption auxiliary frame are designed, so that efficient encryption transmission and storage of the video cloud storage data stream are realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
Fig. 1 is a schematic flow chart of a first embodiment of a video encryption method provided by the present application;
fig. 2 is a schematic overall flow chart of the video encryption method provided by the application;
FIG. 3 is a schematic diagram of a key frame hierarchy description provided by the present application;
FIG. 4 is a schematic diagram of a key frame header detailed definition provided in the present application;
FIG. 5 is a schematic diagram of a structure of an extended frame header detailed definition provided in the present application;
FIG. 6 is a schematic diagram of the overall frame format definition provided by the present application;
FIG. 7 is a schematic diagram of the structure of a single additional data format definition provided by the present application;
FIG. 8 is a schematic diagram of the structure of the data content definition of the VK information provided by the present application;
fig. 9 is a schematic flow chart of a second embodiment of a video encryption method provided by the present application;
Fig. 10 is a schematic flow chart of a third embodiment of a video encryption method provided by the present application;
fig. 11 is a schematic flow chart of a fourth embodiment of a video encryption method provided by the present application;
FIG. 12 is a schematic diagram of a video encryption system according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of an embodiment of a video encryption device provided by the present application;
Fig. 14 is a schematic structural diagram of an embodiment of a computer storage medium according to the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The application provides a transmission encryption and storage encryption method for video cloud storage data streams based on the national cipher 39786-2021 standard, which aims to realize a novel encryption method capable of guaranteeing video data security, encryption efficiency and cloud storage high-performance scenes.
The cloud storage system is a distributed data storage system, and consists of 1 to a plurality of metadata servers and data node servers, metadata and real data of storage files are separated, the real data are stored in a slicing mode, and redundancy and fault tolerance are achieved through Erasure codes. Technical terms specifically referred to and their meanings include, but are not limited to, the following:
ICC, intelligent Internet of things integrated management platform (INTELIGENT CONNECTION CENTER).
VEK video encryption key (Video EncryptionKey), the same as VK.
VK video encryption Key (GDPR is called transport encryption, and is the same as VEK).
VKEK video key encryption key (VideoKey Encryption Key).
EVEK VEK (Encrypted Video Encryption Key) encrypted using VKEK.
SVK VK/VEK (Encrypted Video Key) encrypted using VKEK.
VETK Video Export encryption Key (VEK to encrypt Export Video) (Video Export Key).
Initialization vector (Initialization Vector).
KMS, key management system (KEY MANAGER SYSTEM).
Based on the above technical principles, please continue to refer to fig. 1 and fig. 2, fig. 1 is a flow chart of a first embodiment of the video encryption method provided by the present application, and fig. 2 is an overall flow chart of the video encryption method provided by the present application.
As shown in fig. 2, the video encryption system of the present application includes, but is not limited to, IPC (IP CAMERA) network cameras representing front-end video capturing devices (i.e., video capturing devices), servers representing platforms and streaming media (i.e., video encryption platforms), disk representing physical disks (i.e., storage media) in cloud storage, KMSAgent representing KMS (KEY MANAGEMENT SERVICE ) proxy services, and Client representing video viewing clients.
The video encryption system of the present application generally follows the principle of who generates the video-audio code stream, who encrypts it, who uses the video-audio code stream, and who decrypts it. The front-end equipment encrypts and transmits the collected video and audio, namely the source end encrypts, the storage equipment or the platform stores the encrypted video and audio, and the storage equipment or the platform supports the user to play, play and download the encrypted video and audio in real time and export the encrypted video and audio within the authority range.
The video encryption platform supports user identity authentication based on a digital certificate stored in a USBKey (identity authentication), and can perform real-time encryption video and audio playing, encryption video playback, encryption video downloading and exporting on the user according to the authority after the authentication is passed. The exported encrypted video and audio file can be decrypted and played in the special player only by matching with the USBKey of the user.
The main innovation point of the video encryption method is the encryption operation of video data, and the encryption operation is divided into two stages of transmission encryption and storage encryption. And transmitting the audio and video in a transmission encryption frame format, and pushing the corresponding VK of the encrypted video through a digital envelope before transmission. When the audio and video are stored in an encrypted mode, the back-end storage is stored in a mode of inserting and storing an encrypted auxiliary frame in front of a transmission encrypted frame. And the software platform side stores the transmission encrypted frames in a cloud storage mode by storing equivalent storage encrypted auxiliary frames in a database and storing the transmission encrypted frames in a cloud storage mode.
The key management system KMS in fig. 2 is used for lifecycle management of VKEK, and is responsible for issuing VKEK in the system.
In order to solve the problems of network isolation among all subsystems in a video monitoring system and difference of docking modes with KMS of different manufacturers, KMS proxy service is introduced into storage equipment and a software platform. The KMS proxy service may directly interface with the KMS or may cascade with an upper KMS proxy. When each subsystem needs to acquire VKEK, the KMS proxy service accessible to the direct network is docked.
As shown in fig. 1, the specific steps are as follows:
Step S11, a first encryption code stream is obtained from the video acquisition equipment, wherein the identification number of the video encryption key is stored in a transmission auxiliary frame in the first encryption code stream.
In the embodiment of the present application, as shown in fig. 2, the video capture device generates a device signature certificate, a device signature private key, a device encryption certificate, a device encryption private key, a CA (CERTIFICATE AUTHORITY ) certificate, and the like.
And the video encryption platform generates a platform signature certificate, a platform signature private key ID (Identity document, identification number), a platform encryption certificate, a platform encryption private key, a CA certificate, a platform private key ID, a user certificate, and the like.
Before video data transmission and encryption, bidirectional authentication based on digital certificates is required to be completed between video acquisition equipment and a video encryption platform through a TLCP (Information security technology-Transport LAYER CRYP, information security technology Transport layer password protocol) protocol, so that certificate exchange is completed.
Then, in the digital envelope negotiation process, the video encryption platform generates a random symmetric key for the subsequent video stream encryption, and the video acquisition device can acquire the encrypted symmetric key through the digital envelope technology and the RTSP (REAL TIME STREAMING Protocol) Protocol. The video acquisition device generates a video encryption key VK by using the encrypted random symmetric key.
In the embodiment of the application, the video acquisition equipment transmits the video encryption key VK encrypted by the symmetric key to the video encryption platform, and encrypts the 2KB data of the key frame head of the video stream by using the video encryption key VK encrypted by the symmetric key to obtain the encrypted code stream, and simultaneously packages VKID (the identification number of the video encryption key) into the extended frame head of the key frame for transmission to the video encryption platform.
In particular, in order to realize transmission encryption between video acquisition equipment and a video encryption platform, the application provides a transmission encryption frame structure design.
The application designs a frame structure for transmitting encryption, which is used for encrypting an audio and video transmission process. The audio and video encryption transmission adopts a key frame encryption mode, only the 2KB of the head of key frame data is encrypted by default, compared with the encryption of the whole complete frame or the encryption of massive video streams, the key frame encryption can obviously reduce the calculation resources required by encryption and decryption, because the number of key frames is far less than that of P frames and B frames, and the small amount of 2KB data is also far less than that of general key frames, the key frame encryption transmission method is more suitable for scenes with balanced safety and performance, the transmission and playing efficiency of the video streams is improved, and is particularly important for real-time video streams and large-scale video distribution scenes.
The specific flow of the transmission encryption is as follows:
The user (video capture device in the present application) transmits an encrypted key (SM 4) based on the RTSP protocol, which is used for subsequent stream encryption.
The video capture device and the video encryption platform negotiate a symmetric key (SM 4) based on a simplified digital envelope (SM 2) interaction procedure. Through the step, the two parties can safely exchange the encryption key, thereby laying a foundation for the subsequent encryption operation.
The stream encryption defaults to an OFB (Output Feedback Mode ) mode, which is suitable for encryption of streaming media data, and can provide higher encryption speed and lower delay.
The stream cipher offset and stream cipher length (default key frame header 2 KB) are defined. The code stream encryption offset refers to the data length after being encrypted from the initial position of the original bare code stream data, and the code stream encryption length refers to the unit byte after being encrypted from the offset position. The setting of the two parameters can flexibly control the granularity and the range of encryption so as to adapt to different security requirements.
Further, please continue to refer to fig. 3 to 5 for the structural design of the transmission encrypted extended frame of the present application, fig. 3 is a structural diagram of the key frame hierarchy description provided by the present application, fig. 4 is a structural diagram of the detailed definition of the key frame header provided by the present application, and fig. 5 is a structural diagram of the detailed definition of the extended frame header provided by the present application.
As shown in fig. 3, the key frames are composed of a frame header with a length of 24 bytes, frame data with an indefinite length, and a frame end with a length of 8 bytes in order. Taking fig. 5 as an example, the transmission encrypted extension frame is extended backward at the standard frame head, and the length of the transmission encrypted extension frame is variable, so as to store key VKID and other information. The key frame header detailed definition of fig. 4 is represented by 24 bytes of content of the frame header and the location of the extension field, which starts from 24 bytes and has an indefinite length.
With continued reference to fig. 5, the extended frame is defined as follows:
(1) Extension frame header type 0xB5, used to mark and distinguish extension frames.
(2) Extended frame length: extended frame length for an indefinite period of time.
(3) Code stream encryption type-encryption type using OFB mode. The following configurations are supported:
0, reserved, no type.
AES256-OFB-NOPADDING, an AES encryption algorithm using 256-bit keys, encryption with output feedback mode, and no data filling. This type of encryption is typically used in scenes where high security and continuous encryption capability are required.
And 2, adopting an output feedback mode by using an SM4 algorithm and adopting an encryption mode without data filling by using an SM 4-OFB-NOPADDING. Suitable for scenes where a large amount of data or real-time data streams need to be encrypted continuously.
And 3, adopting an encryption mode of an electronic codebook mode by using an SM4 algorithm and not carrying out data filling by using the SM 4-ECB-NOPADDING. Is suitable for encrypting fixed-length data blocks.
And 4, adopting an output feedback mode by using an SM1 algorithm and adopting an encryption mode without data filling by using an SM 1-OFB-NOPADDING. Suitable for scenes where a large amount of data or real-time data streams need to be encrypted continuously.
5, SM1-ECB-NOPADDING, adopting an electronic codebook mode by using an SM1 algorithm, and not carrying out data filling encryption. Is suitable for encrypting fixed-length data blocks.
(4) The code stream encryption offset is that the initial position of the original bare code stream data is offset by a bit encryption.
(5) The encryption length of the code stream is that the length of the encrypted data from the offset position is equal to the unit byte, namely, the unit byte is that how much data needs to be decrypted before normal playing.
(6) VKID the ID of the video encryption key VK (i.e. VEK) through which the client can obtain the VK in the local cache, which is provided by the device, the negotiation transmission being done for the first time by RTSP protocol and digital envelope technology.
(7) CRC16, which is to make CRC16 checksum on the data before encryption for checking during decoding.
(8) Code stream encryption IV-initial vector of symmetric encryption when encrypting code stream.
Step S12, the storage key is obtained, and the video encryption key of the transmission auxiliary frame is encrypted by utilizing the video key encryption key in the storage key.
In the embodiment of the application, the video encryption platform obtains the storage keys VKEK and VKEKID through the KMS agent and encrypts the VK by using VKEK to obtain eVK.
And S13, generating a storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key.
In an embodiment of the present application, the video encryption platform generates a storage auxiliary frame using VKEKID, VKID, eVK generated in step S14.
In particular, in order to realize storage encryption between a storage medium and a video encryption platform, the application provides a storage encryption auxiliary frame structure design.
The audio and video encryption storage adopts a mode of encrypting and storing an encryption key to increase and store an encryption auxiliary frame, and the encryption key is managed by the KMS.
The application supports the storage of encrypted code stream through the structural design of the storage encryption auxiliary frame, and inserts a storage encryption auxiliary frame into the head and the tail of the video file respectively. These two auxiliary frames are used to hold the video encryption key VK (i.e., VEK) after being encrypted VKEK, and VKEKID. It is ensured that VKEK used for storing the encrypted auxiliary frames at the head and the tail of each video file are the same, and only the same VK and VKEK are used in each video file. The design can simplify key management, improve encryption efficiency and ensure consistency and security of data.
Specifically, referring to fig. 6 to 8, fig. 6 is a schematic structural diagram of an overall frame format definition provided by the present application, fig. 7 is a schematic structural diagram of a single additional data format definition provided by the present application, and fig. 8 is a schematic structural diagram of a data content definition of VK information provided by the present application.
As shown in fig. 6, the overall frame format is defined as follows:
VKEK types are 0x00-KMS distribution, 0x 01-user distribution and 0x02-USBKey distribution.
VKEKID the KMS distributes VKEK identifiers or key identifiers in the USBKey.
As shown in fig. 7, a single additional data format is defined as follows:
data type 0x01-VK information.
As shown in fig. 8, the data content of VK information is defined as follows:
VKID VK (i.e., VEK) identification.
The symmetric encrypted initial vector, ECB (Electronic Codebook Mode, codebook mode) mode is not required.
VK encrypted value-VK encrypted by VKEK (i.e., eVK).
Encryption type VKEK algorithm for encrypting VK and synchronous code stream encryption algorithm.
Step S14, inserting the storage auxiliary frame into the first encrypted code stream, generating a second encrypted code stream and storing the second encrypted code stream in a storage medium.
In the embodiment of the application, the video encryption platform stores the storage encryption auxiliary frame and the encryption code stream together on a cloud storage disk.
Specifically, the video encryption platform inserts a storage encryption auxiliary frame into the head and the tail of the video file of the encrypted code stream respectively to generate a new encrypted code stream.
The video encryption platform acquires a first encryption code stream from video acquisition equipment, wherein an identification number of a video encryption key is stored in a transmission auxiliary frame in the first encryption code stream, acquires a storage key, encrypts the video encryption key of the transmission auxiliary frame by utilizing the video encryption key in the storage key, generates a storage auxiliary frame according to the video encryption key identification number of the storage key and the encrypted video encryption key, inserts the storage auxiliary frame into the first encryption code stream, generates a second encryption code stream and stores the second encryption code stream into a storage medium. By the video encryption method, the transmission encryption frame and the storage encryption auxiliary frame are designed, so that efficient encryption transmission and storage of the video cloud storage data stream are realized.
Referring to fig. 9 in conjunction with fig. 2, fig. 9 is a flowchart illustrating a video encryption method according to a second embodiment of the present application.
As shown in fig. 9, the specific steps are as follows:
And S21, the video acquisition equipment encrypts the video code stream by using the video encryption key to acquire an encrypted code stream.
And S22, the video acquisition equipment generates a transmission auxiliary frame according to the identification number of the video encryption key.
Step S23, the video encryption platform acquires the transmission auxiliary frame and the encryption code stream from the video acquisition equipment.
Step S24, the video encryption platform acquires the storage key and encrypts the video encryption key of the transmission auxiliary frame by using the video key encryption key in the storage key.
And S25, the video encryption platform generates a storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key.
The video encryption platform stores the storage assistance frame and the encrypted code stream to the storage medium at step S26.
In the embodiment of the present application, the contents of the steps S21 to S26 are described in detail in the steps S11 to S14 of the video encryption method shown in fig. 1, and are not described herein again.
Further, as shown in fig. 2, the video encryption system of the present application further includes a Client to provide a user with a video data call review function.
Referring to fig. 10 specifically, fig. 10 is a flowchart of a third embodiment of a video encryption method according to the present application.
As shown in fig. 10, the specific steps are as follows:
And step S31, responding to the real-time video recording inquiry instruction of the client, and transmitting the storage auxiliary frame and the encryption code stream to the client by the video encryption platform.
Step S32, the client side obtains a storage key and an encrypted video encryption key based on the storage auxiliary frame.
And step S33, the client decrypts the encrypted video encryption key by using the video key encryption key in the storage key to obtain the video encryption key.
And step S34, the client decodes the encrypted code stream by using the video encryption key to acquire and play the decoded code stream.
In the embodiment of the application, when a user inputs a real-time video query instruction through the client, the client can directly acquire VKID and an encrypted code stream in a transmission encrypted frame from the video encryption platform. Therefore, the client can directly decrypt to obtain the VK, and the key frame head 2KB data can be played by using the VK to decrypt.
Specifically, when the client previews in real time, the client needs to decrypt the encrypted frame in the video stream to play normally, and at this time, only the key frame data is obtained VKID according to the expanded frame data in the key frame, the video encryption key VK (i.e. VEK) is obtained from the front end through VKID, and then the VK decryption code stream is used, so that the complex key synchronization policy process is reduced. The subsequent client can quickly finish decryption according to the code stream data and the client cache data.
Referring to fig. 11 specifically, fig. 11 is a flowchart of a fourth embodiment of a video encryption method according to the present application.
In step S41, in response to the historical video playback instruction of the client, the video encryption platform reads the storage auxiliary frame and the encryption code stream from the storage medium.
Step S42, the video encryption platform analyzes and stores the video key encryption key identification number in the auxiliary frame, and queries the corresponding video key encryption key by utilizing the video key encryption key identification number.
And S43, the video encryption platform decrypts the encrypted video encryption key by using the video key encryption key to obtain the video encryption key.
And S44, the video encryption platform sends the video encryption key and the encryption code stream to the client.
And step S45, the client decodes the encrypted code stream by using the video encryption key to acquire and play the decoded code stream.
In the embodiment of the application, when a user inputs a history video playback instruction through a client, the client needs to exchange certificates with a video encryption platform to finish two-way authentication, and then initiates an RTSP request. The video encryption platform generates a random symmetric key used in the interaction, encrypts an SM4 symmetric key through an SM2 private key and transmits the SM4 symmetric key to the client, and establishes secure connection.
And the video encryption platform reads the video file from the cloud storage to acquire the storage encryption auxiliary frame and the encryption code stream. The video encryption platform parses VKEKID of the encrypted auxiliary frame, queries VKEK through the KMS proxy, and decrypts eVk through VKEK to obtain the video encryption key VK.
The video encryption platform safely transmits the VK to the client through RTSP and the VK encrypted by the symmetric key, and the subsequent client can inquire and acquire the VK.
Specifically, when the client plays back video, the video encryption platform reads the video file data stored in an encrypted manner from the cloud storage, obtains VKEKID through reading the encrypted auxiliary frame of the header, and inquires VKEK through VKEKID to the KMS. And the video encryption platform decrypts eVK by using VKEK to obtain the VK, decrypts the video file data by using the VK to obtain the original video data, and the client finishes playback.
The method and the device directly store the encrypted VK in the video file, reduce the conventional complex key synchronization process, ensure the safety and facilitate the quick decryption of video playback.
The video encryption method realizes the end-to-end transmission encryption and storage encryption functions of the data stream by designing the transmission encryption extension frame and the storage encryption auxiliary frame.
The video encryption method designs a transmission encryption extension frame, improves encryption transmission efficiency and security by defining code stream encryption offset and code stream encryption length, simultaneously expands and records video encryption key ID (VKID) at a key frame head, can inquire an encryption key through VKID in a real-time code stream when a client previews, realizes quick decryption preview of the real-time code stream, and improves encryption and decryption efficiency on the basis of safe transmission.
The video encryption method of the application designs a storage encryption auxiliary frame which is used for storing the video encryption key VEK encrypted by VKEK and VKEKID, the VKEKID is recorded in the auxiliary frame, and the effect of quick decryption in the playback process is achieved by inserting a storage encryption auxiliary frame into the head and the tail of the video file.
The video encryption method of the application needs to ensure that VKEK used by the storage encryption auxiliary frame at the head and the tail of each video file is the same in the storage encryption auxiliary frame, and only the same VK and VKEK are used in each video file.
It will be appreciated by those skilled in the art that in the above-described method of the specific embodiments, the written order of steps is not meant to imply a strict order of execution but rather should be construed according to the function and possibly inherent logic of the steps.
In order to implement the video encryption method, the present application further provides a video encryption system, refer to fig. 12 specifically, fig. 12 is a schematic diagram of a frame of an embodiment of the video encryption system provided by the present application.
The video encryption system 500 of the present embodiment includes a video acquisition device 51, a video encryption platform 52, and a storage medium 53.
The video capturing device 51 is configured to encrypt a video code stream by using a video encryption key, and obtain an encrypted code stream.
The video capturing device 51 is configured to generate a transmission auxiliary frame according to the identification number of the video encryption key.
The video encryption platform 52 is configured to obtain the transmission auxiliary frame and the encrypted code stream from the video capture device.
The video encryption platform 52 is configured to obtain a storage key, and encrypt the video encryption key of the transmission auxiliary frame using the video key encryption key in the storage key.
The video encryption platform 52 is configured to generate a storage auxiliary frame according to the video key encryption key identification number of the storage key and the encrypted video encryption key.
The video encryption platform 52 is configured to store the storage assistance frames and the encrypted stream to the storage medium 53.
In order to implement the video encryption method, the present application further provides a video encryption device, and referring to fig. 13, fig. 13 is a schematic structural diagram of an embodiment of the video encryption device provided by the present application.
The video encryption apparatus 700 of the present embodiment includes a processor 71, a memory 72, an input-output device 73, and a bus 74.
The processor 71, the memory 72, and the input/output device 73 are respectively connected to the bus 74, and the memory 72 stores program data, and the processor 71 is configured to execute the program data to implement the video encryption method described in the above embodiment.
In an embodiment of the present application, the processor 71 may also be referred to as a CPU (Central Processing Unit ). The processor 71 may be an integrated circuit chip with signal processing capabilities. Processor 71 may also be a general purpose processor, a digital signal processor (DSP, digital Signal Process), an Application SPECIFIC INTEGRATED Circuit (ASIC), a field programmable gate array (FPGA, field Programmable GATE ARRAY) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The general purpose processor may be a microprocessor or the processor 71 may be any conventional processor or the like.
The present application further provides a computer storage medium, please continue to refer to fig. 14, fig. 14 is a schematic structural diagram of an embodiment of the computer storage medium provided by the present application, in which a computer program 61 is stored in the computer storage medium 600, and the computer program 61 is used to implement the video encryption method of the above embodiment when being executed by a processor.
Embodiments of the present application may be stored in a computer readable storage medium when implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. The storage medium includes a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, an optical disk, or other various media capable of storing program codes.
The foregoing description is only of embodiments of the present application, and is not intended to limit the scope of the application, and all equivalent structures or equivalent processes using the descriptions and the drawings of the present application or directly or indirectly applied to other related technical fields are included in the scope of the present application.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510708083.8A CN120238676B (en) | 2025-05-29 | 2025-05-29 | Video encryption method, video encryption device and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510708083.8A CN120238676B (en) | 2025-05-29 | 2025-05-29 | Video encryption method, video encryption device and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN120238676A CN120238676A (en) | 2025-07-01 |
| CN120238676B true CN120238676B (en) | 2025-09-05 |
Family
ID=96161896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510708083.8A Active CN120238676B (en) | 2025-05-29 | 2025-05-29 | Video encryption method, video encryption device and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120238676B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119788436A (en) * | 2025-03-11 | 2025-04-08 | 浙江大华技术股份有限公司 | Data protection method, device and storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3786014B2 (en) * | 1995-10-09 | 2006-06-14 | 松下電器産業株式会社 | Encryption recording apparatus and encryption recording method |
| US7215770B2 (en) * | 2002-01-02 | 2007-05-08 | Sony Corporation | System and method for partially encrypted multimedia stream |
| TWI592828B (en) * | 2013-01-22 | 2017-07-21 | 祥碩科技股份有限公司 | En/decryption device of portable storage device and en/decryption method of the same |
| CN113259718B (en) * | 2021-04-27 | 2023-06-09 | 深圳市锐明技术股份有限公司 | Video stream encryption method, device, communication equipment and storage medium |
| CN118118201A (en) * | 2022-11-29 | 2024-05-31 | 华为技术有限公司 | Secure transmission method and device for video stream |
| CN118828064B (en) * | 2024-01-24 | 2025-09-19 | 中移(杭州)信息技术有限公司 | Audio and video data playing method, device, equipment, storage medium and program product |
| CN119172569A (en) * | 2024-08-27 | 2024-12-20 | 武汉众智数字技术有限公司 | A video security download and playback method based on GB35114 protocol |
| CN119484898A (en) * | 2024-11-22 | 2025-02-18 | 天翼视联科技有限公司 | Encrypted video playback method, device, storage medium and computer equipment |
-
2025
- 2025-05-29 CN CN202510708083.8A patent/CN120238676B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119788436A (en) * | 2025-03-11 | 2025-04-08 | 浙江大华技术股份有限公司 | Data protection method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN120238676A (en) | 2025-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12244881B2 (en) | Method and system for secure over-the-top live video delivery | |
| JP7044881B2 (en) | Distributed storage methods and equipment, computer equipment and storage media | |
| US8243924B2 (en) | Progressive download or streaming of digital media securely through a localized container and communication protocol proxy | |
| Mahmoud et al. | An approach for big data security based on Hadoop distributed file system | |
| CN104113409B (en) | A key management method and system for a SIP video surveillance networking system | |
| WO2013069505A1 (en) | Re-encryption system, re-encryption device, and program | |
| CN101166180B (en) | Network security processing method and system based on multimedia session information | |
| CN108881205B (en) | HLS streaming media safe playing system and playing method | |
| CN116032613A (en) | Blockchain digital credential exchange method, file storage access method and system | |
| US7886160B2 (en) | Information processing apparatus and method, and computer program | |
| CN110719247B (en) | Terminal network access method and device | |
| CN120238676B (en) | Video encryption method, video encryption device and computer storage medium | |
| CN119484019A (en) | A method and device for recording audio and video based on quantum key | |
| CN102694819B (en) | Streaming media transmission method based on broadcast encryption | |
| US20090154704A1 (en) | Method and apparatus for securing content using encryption with embedded key in content | |
| CN101408922A (en) | Method and system for managing digital video copyright | |
| CN113014956B (en) | Video playing method and device | |
| US20220417313A1 (en) | Digital media data management system comprising software-defined data storage and an adaptive bitrate media streaming protocol | |
| KR102747334B1 (en) | Method for encrypting video captured from cctv, and system thereof | |
| CN118632051A (en) | Video stream transmission method, device, electronic device and storage medium | |
| US20250307437A1 (en) | System and method for scalable stream encryption and decryption | |
| CN118870059B (en) | Video stream encryption transmission method and system | |
| WO2024087208A1 (en) | Video playback method and system, and storage medium | |
| US12406075B1 (en) | System and method for scalable stream encryption and decryption | |
| CN115643459A (en) | Video processing method, system, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |