Video data security encryption transmission method and system

[0029] Embodiment 1: The present invention provides a method for securely encrypted transmission of video data, which is characterized in that it includes the steps:

[0030] S1. The streaming media server randomly generates a first password, and uses the first password to encrypt the key frame of the video data to obtain the first encrypted key frame;

[0031] Encrypting only the key frames reduces the workload of encryption. Without the key frames, the video cannot be played, and a good encryption effect can still be obtained.

[0032] S2. The streaming media server uses the hardware encryption lock to encrypt the first password to obtain the first password encrypted file, and uses the hardware encryption lock to encrypt the first encryption key frame to obtain the second encryption key frame. The transmission includes the second encryption key frame, The first password encrypts the file, and uses the first password to encrypt the key frame of the video data to obtain the video data of the encryption algorithm algorithm type information of the first encrypted key frame;

[0033] The use of hardware encryption for the first encryption key frame and the first password increases the security of the system. The random password is encrypted by hardware and the video data is encrypted once by software and once by hardware, which is more secure. The internal R&D personnel know the software encryption algorithm of the video data, but do not know the algorithm of the external hardware encryption lock, and cannot extract the random password. Even if you know the random password, you cannot decrypt the data without a hardware encryption lock. The user only needs to insert the paired hardware encryption lock to play the encrypted video when playing the video in the client software, without worrying about the password content, and the user experience is good

[0034] S3. The client obtains the video data including the second encrypted key frame, the first password encrypted file, and the first password to encrypt the key frame of the video data to obtain the encryption algorithm algorithm type information of the first encrypted key frame;

[0035] S4. The client decrypts the second encrypted key frame by the hardware decryption lock paired with the hardware encryption lock to obtain the first encryption key frame, and decrypts the first encryption key frame by the hardware decryption lock paired with the hardware encryption lock to obtain the first password. , Use the first password to decrypt the first encrypted key frame.

[0036] The user only needs to insert the paired hardware encryption lock to play the encrypted video when playing the video in the client software, without worrying about the password content, the user experience is good; after the playback is completed, the hardware encryption lock is removed, and the encrypted video cannot be played again. If the password is leaked, the encryption algorithm of the hardware dongle is irreversible, and the safety factor is high. Even if the content of the random password is known without a matching hardware dongle, it cannot be decrypted. Each frame of video data contains the encryption algorithm type and the encrypted random password. Updating the encryption algorithm does not affect the playback of historical videos.

[0037] Further, the first password randomly generated by the streaming media server in the step S2 is changed regularly.

[0038] Regular replacement of the first password increases the security of the system.

[0039] Further, in the step S2, the streaming media server uses the first password to encrypt the key frame of the video data to obtain the encryption algorithm of the first encrypted key frame to be periodically replaced.

[0040] The encryption algorithm is changed regularly to increase the security of the system.

[0041] Embodiment 2: The present invention also provides a video data secure encrypted transmission system, including the following units:

[0042] A first encryption unit 100 for randomly generating a first password on the streaming media server, and encrypting the key frame of the video data using the first password to obtain the first encrypted key frame;

[0043] Encrypting only the key frames reduces the workload of encryption. Without the key frames, the video cannot be played, and a good encryption effect can still be obtained.

[0044] The second encryption unit 200 used for the streaming media server to use the hardware dongle 600 to encrypt the first password to obtain the first password encrypted file, and to use the hardware dongle 600 to encrypt the first encryption key frame to obtain the second encryption key frame.

[0045] The use of hardware encryption for the first encryption key frame and the first password increases the security of the system. The random password is encrypted by hardware and the video data is encrypted once by software and once by hardware, which is more secure. The internal R&D personnel know the software encryption algorithm of the video data, but do not know the algorithm of the external hardware dongle 600, and cannot extract the random password. Even if the random password is known, the data cannot be decrypted without the hardware encryption lock 600. The user only needs to insert the paired hardware encryption lock to play the encrypted video when playing the video in the client software, without worrying about the password content, and the user experience is good.

[0046] A data transmission unit 300 for server-side transmission of video data including the second encrypted key frame, the first password encrypted file, and the first password to encrypt the key frame of the video data to obtain the encryption algorithm algorithm type information of the first encrypted key frame ,

[0047] A data receiving unit 400 for the client to obtain video data including the second encrypted key frame, the first password encrypted file, and the key frame of the video data using the first password to obtain the encryption algorithm algorithm type information of the first encrypted key frame ;

[0048] Used for the client to decrypt the second encrypted key frame by the hardware decryption lock 700 paired with the hardware encryption lock 600 to obtain the first encryption key frame, and decrypt the first encrypted file by the hardware decryption lock 700 paired with the hardware encryption lock 600 The decryption unit 500 that obtains the first password and uses the first password to decrypt the first encrypted key frame.

[0049] The user only needs to insert the paired hardware dongle 600 when playing the video in the client software to play the encrypted video, no need to care about the content of the password, the user experience is good; after the playback is completed, remove the hardware dongle 600 and the encrypted video can no longer be played. No password will be leaked. The encryption algorithm of the hardware dongle 600 is irreversible and has a high safety factor. Even if the content of the random password is known without the hardware dongle 600, it cannot be decrypted. Each frame of video data contains the encryption algorithm type and the encrypted random password. Updating the encryption algorithm does not affect the playback of historical videos.

[0050] Further, the first password randomly generated by the first encryption unit 100 is changed regularly.

[0051] Regular replacement of the first password increases the security of the system. Further, the encryption algorithm in the first encryption unit 100 is changed regularly.

[0052] The encryption algorithm is changed regularly to increase the security of the system.

[0053] The beneficial effect of the present invention is that the first password is randomly generated, and regular update ensures safety. The random password is encrypted by hardware and the video data is encrypted once by software and once by hardware, which is more secure. The internal R&D personnel know the software encryption algorithm of the video data, but do not know the algorithm of the external hardware encryption lock, and cannot extract the random password. Even if you know the random password, you cannot decrypt the data without a hardware encryption lock. No manual input and manual memorization of passwords are required, which eliminates the hidden danger of human leakage. The user only needs to insert the paired hardware encryption lock to play the encrypted video when playing the video in the client software, without worrying about the password content, the user experience is good; after the playback is completed, the hardware encryption lock is removed, and the encrypted video cannot be played again. If the password is leaked, the encryption algorithm of the hardware dongle is irreversible, and the safety factor is high. Even if the content of the random password is known without a matching hardware dongle, it cannot be decrypted. Each frame of video data contains the encryption algorithm type and the encrypted random password. Updating the encryption algorithm does not affect the playback of historical videos. Encryption does not depend on the front-end camera. Encryption is implemented on the streaming media server, regardless of whether the front-end camera supports encryption, as long as the streaming server receives the video data of the front-end camera, the encryption can be implemented. Only the key frames are encrypted, which reduces the workload of encryption, but still achieves better results.

[0054] Those of ordinary skill in the art can understand that all or part of the steps carried in the method of the foregoing embodiments can be implemented by a program instructing relevant hardware to complete. The program can be stored in a computer-readable storage medium. When the program is executed, it includes One of the steps of the method embodiment or a combination thereof.

[0055] In addition, the functional units in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be realized in the form of hardware or software functional unit. If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can also be stored in a computer readable storage medium.

[0056] Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may be in the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) containing computer-usable program codes.