A video encryption transmission method and related device

By transmitting playback address information via encrypted messages between the playback device and the video network service platform, and transmitting video stream data via encrypted messages between the playback device and the streaming media server, the problem of low security in video data transmission is solved, achieving dual protection for both the playback address and the video stream data.

CN119094819BActive Publication Date: 2026-06-09E SURFING VISION TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
E SURFING VISION TECHNOLOGY CO LTD
Filing Date
2024-10-15
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

During video data transmission, there is a risk of low security due to data leakage, especially when uploading and reading videos in complex network environments. Existing technologies are insufficient to effectively protect the security of playback address information and video stream data.

Method used

By generating a plaintext key and encrypting it, an address retrieval request is generated to obtain encrypted playback address information, and the encrypted message is transmitted between the playback device and the video network service platform. At the same time, the plaintext key is used to encrypt the video stream data during transmission to ensure the security of the video stream data.

Benefits of technology

It achieves dual encryption transmission of playback address information and video stream data, reducing the risk of address leakage and video content theft, and improving the security of the video transmission process.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN119094819B_ABST
    Figure CN119094819B_ABST
Patent Text Reader

Abstract

The application provides a video encryption transmission method and related device. In the application, the encryption transmission of the play address information can be realized through the first encryption message between the play device and the video over internet protocol (VOIP) service platform, so as to reduce the risk of address leakage. Meanwhile, the encryption transmission of the video stream data can be realized through the second encryption message between the play device and the streaming media server, so as to reduce the risk of video stream data theft. In this way, by encrypting the transmission of the play address information and the video stream data, the address leakage risk can be reduced, the risk of video content theft can be reduced, and the security of the video transmission process can be improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of streaming media transmission technology, and in particular to a video encryption transmission method and related apparatus. Background Technology

[0002] With the development of security monitoring technology and the promotion of video networks, the scale of video surveillance systems is constantly increasing, and the amount of video stream data has seen a tremendous increase. Therefore, cloud-based video storage has become one of the main methods for storing video data. However, when using cloud servers to store video data, users need to upload and retrieve video data in complex network environments, which can easily lead to security risks due to data leaks during video transmission, resulting in low security. Summary of the Invention

[0003] The purpose of this application is to address at least one of the aforementioned technical deficiencies, particularly the low security of existing technologies.

[0004] In a first aspect, embodiments of this application provide a video encryption transmission method, applied to a playback device, the method comprising:

[0005] In response to a video playback command, a plaintext key is generated, and an address retrieval request is generated;

[0006] Send the address acquisition request to the video network service platform and receive the first encrypted message returned by the video network service platform in response to the address acquisition request; wherein, the first encrypted message includes first encrypted information and address encrypted data, and the address encrypted data is obtained by encrypting the playback address information according to the first encrypted information;

[0007] The address encryption data is decrypted based on the first encryption information to obtain the playback address information;

[0008] A playback request carrying a first ciphertext key is sent to the streaming media server according to the playback address information; wherein, the first ciphertext key is obtained by encrypting the plaintext key;

[0009] The system receives a second encrypted message returned by the streaming media server in response to the playback request; wherein the second encrypted message includes encrypted video data, which is obtained by encrypting video stream data according to the plaintext key;

[0010] The video encrypted data is decrypted based on the plaintext key to obtain the video stream data.

[0011] In one embodiment, the generation of the address acquisition request includes:

[0012] The plaintext key is encrypted to obtain the second ciphertext key;

[0013] Generate the address acquisition request carrying the second ciphertext key;

[0014] The address acquisition request is used to instruct the video network service platform to decrypt the second ciphertext key to obtain the plaintext key, and to re-encrypt the plaintext key to obtain the first ciphertext key. The first ciphertext key and the playback address information are then encrypted according to the first encryption information to obtain the first encrypted message.

[0015] In one embodiment, sending a playback request carrying a first encrypted key to the streaming media server based on the playback address information includes:

[0016] The playback address information is parsed to obtain streaming media connection verification information;

[0017] Based on the streaming media connection verification information, an SRT connection is established between the playback device and the streaming media server;

[0018] Generate the playback request carrying the first ciphertext key;

[0019] Based on the SRT connection, the playback request is sent to the streaming media server.

[0020] In one embodiment, the second encrypted message further includes second encrypted information, wherein the video encrypted data is obtained by encrypting video stream data according to the second encrypted information and the plaintext key;

[0021] The process of decrypting the encrypted video data based on the plaintext key to obtain the video stream data includes:

[0022] The encrypted video data is decrypted using the second encryption information and the plaintext key to obtain the video stream data.

[0023] Secondly, embodiments of this application provide a video encryption transmission method applied to a video network service platform, the method comprising:

[0024] In response to an address retrieval request sent by the playback device, a decryption key is generated;

[0025] Extract the second ciphertext key from the address retrieval request; wherein the second ciphertext key is obtained by encrypting the plaintext key by the playback device;

[0026] The second ciphertext key is decrypted using the decryption key to obtain the plaintext key;

[0027] The plaintext key is encrypted according to a preset key encryption algorithm to obtain the first ciphertext key;

[0028] The playback address information corresponding to the address acquisition request is determined respectively, and the playback address information is assembled and concatenated with the first ciphertext key to obtain concatenated data;

[0029] A first encryption algorithm is determined, and the concatenated data is encrypted using the first encryption algorithm to obtain encrypted address data;

[0030] Determine the first encryption information corresponding to the first encryption algorithm, and generate a first encrypted message based on the first encryption information and the address encryption data;

[0031] The first encrypted message is returned to the playback device.

[0032] In one embodiment, the method further includes:

[0033] Receive a key query request sent by the streaming media server in response to a playback request; wherein the playback request is sent by the playback device and carries a target first key;

[0034] Extract the target first key from the key query request;

[0035] A query is performed based on the target first key, and a target plaintext key corresponding to the target first key is determined;

[0036] Return the target plaintext key to the streaming media server.

[0037] Thirdly, embodiments of this application provide a video encryption transmission device applied to a playback device, the device comprising:

[0038] The address acquisition request generation module is used to generate a plaintext key and an address acquisition request in response to a video playback command.

[0039] The address acquisition module is used to send the address acquisition request to the video network service platform and receive the first encrypted message returned by the video network service platform in response to the address acquisition request; wherein, the first encrypted message includes first encrypted information and address encrypted data, and the address encrypted data is obtained by encrypting the playback address information according to the first encrypted information;

[0040] The first decryption module is used to decrypt the address encryption data according to the first encryption information to obtain the playback address information;

[0041] A playback request sending module is used to send a playback request carrying a first ciphertext key to a streaming media server based on the playback address information; wherein the first ciphertext key is obtained by encrypting the plaintext key;

[0042] The second encrypted message acquisition module is used to receive a second encrypted message returned by the streaming media server in response to the playback request; wherein the second encrypted message includes video encrypted data, and the video encrypted data is obtained by encrypting video stream data according to the plaintext key;

[0043] The video stream data acquisition module is used to decrypt the encrypted video data based on the plaintext key to obtain the video stream data.

[0044] Fourthly, embodiments of this application provide a video encryption transmission device applied to a video network service platform, the device comprising:

[0045] The decryption key generation module is used to generate a decryption key in response to an address acquisition request sent by the playback device.

[0046] The second ciphertext key extraction module is used to extract the second ciphertext key from the address acquisition request; wherein the second ciphertext key is obtained by the playback device encrypting the plaintext key;

[0047] The second decryption module is used to decrypt the second ciphertext key according to the decryption key to obtain the plaintext key;

[0048] The key encryption module is used to encrypt the plaintext key according to a preset key encryption algorithm to obtain a first ciphertext key;

[0049] An assembly and splicing module is used to determine the playback address information corresponding to the address acquisition request, and to assemble and splice the playback address information with the first ciphertext key to obtain spliced ​​data.

[0050] The address encryption module is used to determine a first encryption algorithm and use the first encryption algorithm to encrypt the concatenated data to obtain address encrypted data.

[0051] The first encrypted message generation module is used to determine the first encryption information corresponding to the first encryption algorithm, and generate the first encrypted message based on the first encryption information and the address encryption data.

[0052] The first encrypted message return module is used to return the first encrypted message to the playback device.

[0053] Fifthly, embodiments of this application provide a playback device, including: one or more processors, and a memory;

[0054] The memory stores computer-readable instructions, which, when executed by the one or more processors, perform the steps of the video encryption transmission method applied to a playback device as described in any of the above embodiments.

[0055] Sixthly, embodiments of this application provide a video network service platform, including: one or more processors, and a memory;

[0056] The memory stores computer-readable instructions, which, when executed by the one or more processors, perform the steps of the video encryption transmission method applied to the video network service platform as described in any of the above embodiments.

[0057] In some embodiments of the video encryption transmission method and related apparatus provided in this application, the playback device and the video network service platform can achieve encrypted transmission of playback address information through a first encrypted message to reduce the risk of leakage of playback address information. Simultaneously, the playback device and the streaming media server can achieve encrypted transmission of video stream data through a second encrypted message to reduce the risk of video stream data theft. Thus, by encrypting both playback address information and video stream data during transmission, both the risk of address leakage and the risk of video content theft can be reduced, thereby improving the security of the video transmission process. Attached Figure Description

[0058] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0059] Figure 1 This is a diagram illustrating the application environment of the video encryption transmission method in one embodiment;

[0060] Figure 2 This is one of the flowcharts illustrating a video encryption transmission method applied to a playback device in one embodiment;

[0061] Figure 3 This is a second flowchart illustrating a video encryption transmission method applied to a video network service platform in one embodiment.

[0062] Figure 4 This is the third flowchart of a video encryption transmission method in one embodiment;

[0063] Figure 5 This is a fourth flowchart illustrating a video encryption transmission method in one embodiment;

[0064] Figure 6 This is a schematic diagram of the structure of a video encryption transmission device applied to a playback device in one embodiment;

[0065] Figure 7 This is a schematic diagram of a video encryption transmission device applied to a video network service platform in one embodiment. Detailed Implementation

[0066] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0067] The following is an explanation of the terms used in this application.

[0068] SRT (Secure Reliable Transport) protocol: an open-source video transmission protocol designed to provide secure, reliable, low-latency, and high-bandwidth video streaming.

[0069] AES (Advanced Encryption Standard) algorithm: A symmetric encryption algorithm that uses the same key for both encryption and decryption.

[0070] SM4 Algorithm: The SM4 block cipher algorithm, which is a national standard, is a symmetric encryption algorithm.

[0071] CBC (Cipher-block chaining): A encryption mode. In CBC mode, each plaintext block is first XORed with the previous ciphertext block before being encrypted, thus ensuring the uniqueness of each message.

[0072] ECB (Electronic Codebook): A encryption mode. In ECB mode, the information to be processed is divided into appropriately sized blocks, and then each block is encrypted independently.

[0073] CFB (Cipher Feedback): An encryption mode. In CFB mode, the previous ciphertext block can be re-encrypted, and the re-encrypted ciphertext block is XORed with the plaintext block to obtain the current ciphertext block.

[0074] CTR (Counter): An encryption mode. In CTR mode, the input counter is first encrypted with a key, and then the encrypted counter data is XORed with the plaintext block to obtain the ciphertext block.

[0075] OFB (Output-FeedBack): An encryption mode.

[0076] NAL (Network Abstraction Layer): Part of the H.264 / AVC video coding standard.

[0077] In one embodiment, the video encryption transmission method provided in this application can be applied to... Figure 1 The application environment is shown. Playback device 102 refers to an electronic device used for playing video, which may be, but is not limited to, smartphones, tablets, desktop computers, laptops, wearable devices, IoT devices, home appliances, etc. In one example, playback device 102 may have a video network APP (application) and a player component installed; the video network APP can play video through the player component. Video network service platform 104 refers to a service platform used to manage streaming media server 106 (i.e., video source information). Streaming media server 106 refers to a device used to store video stream data.

[0078] Specifically, the streaming media server 106 may differ for different video stream data. When playing a video, the playback device 102 needs to initiate a playback request to the specified streaming media server to obtain the video stream data of the video to be played from the specified streaming media server. Based on this, before sending the playback request, the playback device 102 needs to first determine the aforementioned "specified streaming media server". Since the video network service platform 104 manages the information of each video source, the playback device 102 can obtain the playback address information corresponding to the video to be played from the video network service platform 104, and determine the specified streaming media server 106 based on the playback address information, thereby realizing the acquisition of video stream data.

[0079] In one embodiment, this application provides a video encryption transmission method, applied to... Figure 1 The playback device shown. For example... Figure 2 As shown, the video encryption transmission method provided in this application may include the following steps:

[0080] S202: In response to the video playback command, generate a plaintext key and generate an address retrieval request.

[0081] Among them, the video playback instruction refers to the instruction used to instruct the playback device to play the video stream to be played. The triggering conditions for this instruction can be determined according to the actual situation, and this article does not impose specific restrictions on it. The plaintext key refers to the unencrypted key data. The address acquisition request is used to obtain the playback address information of the video stream to be played.

[0082] In this step, upon receiving a video playback instruction, the playback device can generate a plaintext key and an address acquisition request corresponding to the video stream to be played. It is understood that the playback device can generate the plaintext key in any way, and this application does not impose any specific restrictions on this. For example, the plaintext key can be pre-set. Alternatively, the plaintext key can be generated according to a preset key generation algorithm.

[0083] In one example, to further enhance video data security, the plaintext keys corresponding to every two video streams to be played can be different. For instance, when the video stream to be played is the first video stream, the playback device can generate a first plaintext key, enabling the playback device, the video network service platform, and the streaming media server to achieve encrypted transmission of the first video stream based on the first plaintext key. When the video stream to be played is the second video stream, the playback device can generate a second plaintext key, enabling the playback device, the video network service platform, and the streaming media server to achieve encrypted transmission of the second video stream based on the second plaintext key. Thus, even if a plaintext key is stolen, the stolen plaintext key can only be used to obtain data from that specific video stream, and cannot be used to obtain data from other video streams.

[0084] S204: Send an address acquisition request to the video network service platform and receive the first encrypted message returned by the video network service platform in response to the address acquisition request.

[0085] The first encrypted message includes first encrypted information and address encrypted data, wherein the address encrypted data is obtained by encrypting the playback address information based on the first encrypted information.

[0086] In this step, the address acquisition request can be used to instruct the video network service platform to determine the playback address information corresponding to the video stream to be played, encrypt the playback address information according to the first encryption information to obtain address encrypted data, generate a first encrypted message based on the address encrypted data and the first encryption information, and return the first encrypted message to the playback device. The playback device can send an address acquisition request to the video network service platform to obtain the first encrypted message corresponding to the video stream to be played from the video network service platform.

[0087] S206: Decrypt the address encryption data according to the first encryption information to obtain the playback address information.

[0088] In this step, the playback device can extract the first encrypted information and the address encrypted data from the first encrypted message, and decrypt the address encrypted data according to the first encrypted information to obtain the playback address information corresponding to the video stream to be played. This playback address information is plaintext data.

[0089] S208: Send a playback request carrying the first encrypted key to the streaming media server based on the playback address information.

[0090] The first ciphertext key is obtained by encrypting the plaintext key. It should be noted that the encryption device corresponding to the first ciphertext key can be a playback device, or other platforms / devices besides a playback device. In other words, the first ciphertext key can be obtained by encrypting the plaintext key using a playback device. Alternatively, the first ciphertext key can be obtained by encrypting the plaintext key using other platforms / devices.

[0091] In this step, having obtained the playback address information, the playback device can determine the streaming media server corresponding to the video stream to be played. Therefore, the playback device can send a playback request to the streaming media server corresponding to the video stream to be played, and the playback request carries the first encrypted key.

[0092] S210: Receive the second encrypted message returned by the streaming media server in response to the playback request.

[0093] The second encrypted message includes encrypted video data, which is obtained by encrypting video stream data using a plaintext key.

[0094] In this step, the playback request instructs the streaming media server to encrypt the video stream data corresponding to the video stream to be played using the plaintext key, obtain encrypted video data, generate a second encrypted message based on the encrypted video data, and return the second encrypted message to the playback device. Therefore, after sending a playback request to the streaming media server, the playback device can receive the second encrypted message containing the encrypted video data returned by the streaming media server.

[0095] S212: Decrypt the encrypted video data based on the plaintext key to obtain the video stream data.

[0096] In this step, since the video encryption data is obtained by the streaming media server encrypting the video stream data using a plaintext key, the playback device can decrypt the obtained video encryption data based on the plaintext key, thereby obtaining the video stream data and playing the video based on the video stream data.

[0097] In this application, the playback device and the video network service platform can achieve encrypted transmission of playback address information through a first encrypted message to reduce the risk of playback address information leakage. Simultaneously, the playback device and the streaming media server can achieve encrypted transmission of video stream data through a second encrypted message to reduce the risk of video stream data theft. Thus, by encrypting both playback address information and video stream data during transmission, both the risk of address leakage and the risk of video content theft are reduced, thereby improving the security of the video transmission process.

[0098] In one embodiment, generating an address retrieval request includes:

[0099] The plaintext key is encrypted to obtain the second ciphertext key;

[0100] Generate an address retrieval request carrying a second ciphertext key.

[0101] The address acquisition request is used to instruct the video network service platform to decrypt the second ciphertext key to obtain the plaintext key, and then re-encrypt the plaintext key to obtain the first ciphertext key. The first ciphertext key and the playback address information are then encrypted according to the first encryption information to obtain the first encrypted message.

[0102] In this embodiment, considering that the video network service platform may use plaintext keys in scenarios such as address encryption and address query, the playback device can send the plaintext key to the video network service platform so that the video network service platform can perform subsequent processing.

[0103] To reduce the risk of plaintext key leakage and further improve the security of video transmission, the playback device can encrypt the plaintext key to obtain a second ciphertext key, and generate an address retrieval request based on the second ciphertext key, so that the address retrieval request carries the second ciphertext key.

[0104] When the video network service platform receives an address acquisition request, it can decrypt the second ciphertext key carried in the address acquisition request to obtain the plaintext key. Furthermore, the video network service platform can re-encrypt the plaintext key to obtain the first ciphertext key, and encrypt the first ciphertext key and the playback address information corresponding to the video stream to be played according to the first encryption information to obtain the first encrypted message, and return the first encrypted message to the playback device.

[0105] In this way, the video network service platform can obtain the correspondence between the first ciphertext key and the plaintext key. After the playback device transmits the first ciphertext key to the streaming media server, the streaming media server can determine the plaintext key corresponding to the first ciphertext key through data interaction with the video network service platform, and encrypt the video stream data accordingly. This avoids the playback device directly transmitting the plaintext key to the streaming media server, thereby further reducing the risk of plaintext key leakage and improving the security of the video stream data.

[0106] In one embodiment, sending a playback request carrying a first encrypted key to the streaming media server based on the playback address information includes:

[0107] Step A1: Parse the playback address information and obtain the streaming media connection verification information;

[0108] Step A2: Based on the streaming media connection verification information, establish an SRT connection between the playback device and the streaming media server;

[0109] Step A3: Generate a playback request carrying the first ciphertext key;

[0110] Step A4: Send a playback request to the streaming media server based on the SRT connection.

[0111] Among them, streaming media connection verification information refers to the client address used to determine the streaming media server and the information used for authentication, such as the streaming media server's IP (Internet Protocol) address, port information, and token information.

[0112] Furthermore, after obtaining the streaming media connection verification information, the playback device can check the set of version protocols that it supports and recombine the streaming media connection verification information to obtain the video playback address that the playback device supports.

[0113] In this embodiment, after obtaining the streaming media connection verification information, the playback device can initiate an SRT connect request to the streaming media server based on the streaming media connection verification information to establish an SRT connection between the playback device and the streaming media server, and then perform data interaction with the streaming media server based on the successfully established SRT connection.

[0114] In one example, the playback request may also carry encrypted playback address information and token information. Upon receiving the playback request, the streaming media server can decrypt the encrypted playback address information and verify it against the token information. If the verification passes, the video stream data is determined based on the playback address information. This further enhances security.

[0115] In one embodiment, the second encrypted message further includes second encrypted information, and the encrypted video data is obtained by encrypting the video stream data based on the second encrypted information and the plaintext key. It should be noted that the first encrypted information and the second encrypted information can be the same or different. In other words, the video network service platform and the streaming media server can use the same or different encryption algorithms to encrypt the playback address information and the video stream data respectively; this document does not impose specific restrictions on this.

[0116] Decrypting encrypted video data using a plaintext key to obtain video stream data includes: decrypting encrypted video data using a second encryption information and the plaintext key to obtain video stream data. This further enhances security.

[0117] In one embodiment, this application provides a video encryption transmission method, applied to... Figure 1 In the video network service platform shown. For example... Figure 3 As shown, the video encryption transmission method provided in this application may include the following steps:

[0118] S302: In response to the address acquisition request sent by the playback device, generate a decryption key.

[0119] In this step, the address acquisition request carries a second ciphertext key, which is obtained by encrypting the plaintext key by the playback device. For a description of the second ciphertext key, please refer to the above embodiments; it will not be repeated here.

[0120] After receiving an address retrieval request from a playback device, the video network service platform can generate a decryption key for decrypting the second ciphertext key. It is understood that the method for generating and obtaining the decryption key can be determined based on the actual situation, and this document does not impose specific restrictions on it.

[0121] S304: Extract the second ciphertext key from the address retrieval request; wherein the second ciphertext key is obtained by encrypting the plaintext key by the playback device.

[0122] S306: Decrypt the second ciphertext key using the decryption key to obtain the plaintext key.

[0123] In this step, the video network service platform can use a decryption key to decrypt the second ciphertext key carried in the address acquisition request to obtain the plaintext key generated by the playback device.

[0124] S308: Encrypt the plaintext key according to the preset key encryption algorithm to obtain the first ciphertext key.

[0125] In this step, the video network service platform can use a preset key encryption algorithm to re-encrypt the plaintext key and obtain the first ciphertext key.

[0126] S310: Determine the playback address information corresponding to the address acquisition request, and assemble and splice the playback address information with the first ciphertext key to obtain spliced ​​data.

[0127] In this step, the video network service platform can determine the playback address information corresponding to the video stream to be played based on the address acquisition request, and then assemble and concatenate the playback address information with the first encrypted key to obtain the concatenated data. It should be noted that in this application, the playback address information is unencrypted plaintext information.

[0128] S312: Determine the first encryption algorithm and use the first encryption algorithm to encrypt the concatenated data to obtain the address encrypted data.

[0129] In this step, the video network service platform can use the first encryption algorithm to encrypt the spliced ​​data to obtain encrypted address data. It can be understood that the encrypted address data includes data obtained by encrypting the plaintext key twice, and data obtained by encrypting the playback address information once.

[0130] In one example, the first encryption algorithm could be either AES or SM4.

[0131] S314: Determine the first encryption information corresponding to the first encryption algorithm, and generate the first encrypted message based on the first encryption information and the address encryption data.

[0132] In this step, the video network service platform can determine the first encryption information to represent the first encryption algorithm according to the first encryption algorithm, and generate the first encrypted message according to the first encryption information and address encryption data, so that the first encrypted message carries the first encryption information and address encryption data.

[0133] S316: Return the first encrypted message to the playback device.

[0134] In this step, the video network service platform returns a first encrypted message to the playback device, enabling the playback device to obtain the playback address information as described in the above embodiments.

[0135] In this embodiment, on the one hand, the video network service platform can obtain the plaintext key from the second ciphertext key, so as to execute subsequent steps based on the plaintext key and reduce the risk of plaintext key leakage, thereby improving the security of video transmission. On the other hand, when the video network service platform receives an address acquisition request, it can decrypt the second ciphertext key carried in the address acquisition request to obtain the plaintext key. Furthermore, the video network service platform can re-encrypt the plaintext key to obtain the first ciphertext key, and encrypt the first ciphertext key and the playback address information corresponding to the video stream to be played according to the first encryption information to obtain the first encrypted message, and return the first encrypted message to the playback device. In this way, the video network service platform and the playback device can realize encrypted transmission of playback address information through the first encrypted message to reduce the risk of playback address information leakage. At the same time, the video network service platform can know the correspondence between the first ciphertext key and the plaintext key, so as to execute subsequent steps more securely and reliably.

[0136] In one embodiment, the first encrypted message may be a binary message, and the message structure of the first encrypted message may be as shown in Table 1.

[0137] Table 1 Message Structure Table

[0138]

[0139] As shown in Table 1, the first encrypted message includes a start word, extension bits, type word, method word, data length, encryption flag word, reserved word, and data. The type word and method word can be used to describe the type of data. For example, as shown in Table 2, the type word may include instructions, real-time audio / video streams, and video playback streams, while the method word may include real-time streams and related extended definitions.

[0140] Table 2 Descriptions of Type and Method Words

[0141]

[0142] As shown in Table 3, different values ​​in the encryption token can represent different meanings. Since the SM4 algorithm only supports 128 encryption mode, the first 16 bytes of the key can be used for encryption. In the encryption token, the first 3 bits describe the encryption mode, the middle 2 bits describe the key length, and the last 3 bits describe the encryption length.

[0143] Table 3. Description of Encryption Mode and Encryption Length

[0144]

[0145] Reserved words are used to define extended encryption algorithm types and media formats, including audio and video encoding. Specifically, 2 bits of a reserved word represent the encryption algorithm type, 3 bits represent the video encoding type, and 3 bits represent the audio encoding type. Table 4 provides a detailed description of each type.

[0146] Table 4. Description of Reserved Words

[0147]

[0148] For example, when the encryption algorithm is AES, the video encoding is H.264, and the audio encoding is G711a, the reserved word binary value is 0x10100100.

[0149] Due to limited reserved word space, it is impossible to fill in information such as sampling rate. Therefore, the extension bits (Table 1) are used to extend the data by 8 bytes, with 1 byte describing audio information and the remaining bytes reserved. The extension bits and 8 bytes are only included in I-frames. In this embodiment, the data format of the real-time stream is as shown in Table 5.

[0150] Table 5 Data Format of Real-Time Streams

[0151]

[0152] In one embodiment, the video encrypted transmission method provided in this application may include the following steps:

[0153] Step B1: Receive a key query request sent by the streaming media server in response to the playback request; wherein the playback request is sent by the playback device and carries the target first key;

[0154] Step B2: Extract the target first key from the key query request;

[0155] Step B3: Query based on the target first key and determine the target plaintext key corresponding to the target first key;

[0156] Step B4: Return the target plaintext key to the streaming media server.

[0157] In this embodiment, after the playback device transmits a playback request to the streaming media server, the streaming media server can determine the plaintext key corresponding to the target first key carried in the playback request through data interaction with the video network service platform, and encrypt the video stream data accordingly. This avoids the playback device directly transmitting the plaintext key to the streaming media server, thereby further reducing the risk of plaintext key leakage and improving the security of the video stream data.

[0158] Specifically, when the streaming media server receives a playback request from the playback device, it can extract the target first key from the playback request and query the target plaintext key corresponding to the target first key by interacting with the video network service platform. This allows the video stream data to be encrypted using the target plaintext key to obtain the second encrypted message.

[0159] It is understood that the message structure of the second encrypted message can be the same as that of the first encrypted message. The message structure of the second encrypted message can be referred to the relevant descriptions in Tables 1-5, which will not be repeated here.

[0160] To facilitate understanding of the solution proposed in this application, specific examples will be provided below.

[0161] like Figure 4 As shown, in the video encryption transmission method provided in this example, it can be achieved through... Figure 4 The process shown obtains the playback address information and the first encrypted key, respectively. Specifically, it may include the following steps:

[0162] S402: The video network APP generates a plaintext key and encrypts the plaintext key to obtain a second ciphertext key;

[0163] S404: The VisionNet APP sends an address acquisition request to the VisionNet service platform. The address acquisition request carries a second encrypted key.

[0164] S406: The video network service platform generates a decryption key and decrypts the second ciphertext key based on the decryption key to obtain the plaintext key;

[0165] S408: The video network service platform uses a preset key encryption algorithm to re-encrypt the plaintext key to obtain the first ciphertext key;

[0166] S410: The video network service platform queries the playback address information, assembles and splices the playback address information with the first ciphertext key to obtain spliced ​​data;

[0167] S412: The video network service platform uses a first encryption algorithm to encrypt the spliced ​​data and generates a first encrypted message; the relevant description of the first encrypted message can be found in the above embodiments, and will not be repeated here;

[0168] S414: The video network service platform returns the first encrypted message to the video network APP;

[0169] S416: The video network APP decrypts the first encrypted message to obtain the playback address information and the first ciphertext key;

[0170] S418: The video network APP sends the playback address information and the first encrypted key to the player.

[0171] like Figure 5 As shown, in the video encryption transmission method provided in this example, it can be achieved through... Figure 5 The process shown involves video stream data. Specifically, it may include the following steps:

[0172] S502: The player parses the playback address information and obtains the streaming media connection verification information;

[0173] S504: The player sends an SRT connection request to the streaming media server;

[0174] S506: The streaming media server responds to the SRT connection request and returns the connection result to the player;

[0175] S508: If the SRT connection is successfully established, the player sends a playback request to the streaming media server, and the playback request carries the first ciphertext key.

[0176] S510: The streaming media server sends a key query request to the video network service platform based on the first encrypted key;

[0177] S512: The video network service platform returns the plaintext key corresponding to the first ciphertext key to the streaming media server;

[0178] S514: The streaming media server uses a second encryption algorithm and a plaintext key to encrypt and encapsulate the video stream data to obtain a second encrypted message;

[0179] S516: The streaming media server returns a second encrypted message to the player; the description of the second encrypted message can be found in the description of the first encrypted message in the above embodiments, and will not be repeated here.

[0180] S518: The player decrypts the second encrypted message using the plaintext key to obtain the video stream data;

[0181] S520: The player plays video based on the video stream data.

[0182] The following describes the video encryption transmission device for playback devices provided in the embodiments of this application. The video encryption transmission device for playback devices described below and the video encryption transmission method for playback devices described above can be referred to in correspondence with each other.

[0183] In one embodiment, such as Figure 6 As shown, this application provides a video encryption transmission device applied to a playback device 600, comprising:

[0184] Address acquisition request generation module 602 is used to generate a plaintext key and generate an address acquisition request in response to a video playback command;

[0185] Address acquisition module 604 is used to send the address acquisition request to the video network service platform and receive the first encrypted message returned by the video network service platform in response to the address acquisition request; wherein, the first encrypted message includes first encrypted information and address encrypted data, and the address encrypted data is obtained by encrypting the playback address information according to the first encrypted information;

[0186] The first decryption module 606 is used to decrypt the address encryption data according to the first encryption information to obtain the playback address information;

[0187] The playback request sending module 608 is used to send a playback request carrying a first ciphertext key to the streaming media server according to the playback address information; wherein, the first ciphertext key is obtained by encrypting the plaintext key;

[0188] The second encrypted message acquisition module 610 is used to receive a second encrypted message returned by the streaming media server in response to the playback request; wherein, the second encrypted message includes video encrypted data, and the video encrypted data is obtained by encrypting video stream data according to the plaintext key;

[0189] The video stream data acquisition module 612 is used to decrypt the encrypted video data based on the plaintext key to obtain the video stream data.

[0190] In one embodiment, the address acquisition request generation module 602 of this application includes:

[0191] The first key encryption unit is used to encrypt the plaintext key to obtain the second ciphertext key;

[0192] The address acquisition request generation unit is used to generate the address acquisition request carrying the second ciphertext key;

[0193] The address acquisition request is used to instruct the video network service platform to decrypt the second ciphertext key to obtain the plaintext key, and to re-encrypt the plaintext key to obtain the first ciphertext key. The first ciphertext key and the playback address information are then encrypted according to the first encryption information to obtain the first encrypted message.

[0194] In one embodiment, the playback request sending module 608 of this application includes:

[0195] The address parsing unit is used to parse the playback address information and obtain streaming media connection verification information;

[0196] The SRT connection unit is used to establish an SRT connection between the playback device and the streaming media server based on the streaming media connection verification information.

[0197] A playback request generation unit is used to generate a playback request carrying the first ciphertext key;

[0198] A playback request sending unit is used to send the playback request to the streaming media server based on the SRT connection.

[0199] In one embodiment, the second encrypted message further includes second encrypted information, and the video encrypted data is obtained by encrypting video stream data according to the second encrypted information and the plaintext key. The video stream data acquisition module 612 of this application includes:

[0200] The decryption unit is used to decrypt the encrypted video data according to the second encryption information and the plaintext key to obtain the video stream data.

[0201] The following describes the video encryption transmission device for a video network service platform provided in the embodiments of this application. The video encryption transmission device for a video network service platform described below can be referred to in correspondence with the video encryption transmission method for a video network service platform described above.

[0202] In one embodiment, such as Figure 7 As shown, this application provides a video encryption transmission device 700, applied to a video network service platform, comprising:

[0203] The decryption key generation module 702 is used to generate a decryption key in response to an address acquisition request sent by the playback device;

[0204] The second ciphertext key extraction module 704 is used to extract the second ciphertext key from the address acquisition request; wherein the second ciphertext key is obtained by the playback device encrypting the plaintext key;

[0205] The second decryption module 706 is used to decrypt the second ciphertext key according to the decryption key to obtain the plaintext key;

[0206] The key encryption module 708 is used to encrypt the plaintext key according to a preset key encryption algorithm to obtain a first ciphertext key;

[0207] The assembly and splicing module 710 is used to determine the playback address information corresponding to the address acquisition request, and to assemble and splice the playback address information with the first ciphertext key to obtain spliced ​​data.

[0208] Address encryption module 712 is used to determine a first encryption algorithm and use the first encryption algorithm to encrypt the concatenated data to obtain address encrypted data;

[0209] The first encrypted message generation module 714 is used to determine the first encryption information corresponding to the first encryption algorithm, and generate a first encrypted message based on the first encryption information and the address encryption data.

[0210] The first encrypted message return module 716 is used to return the first encrypted message to the playback device.

[0211] In one embodiment, the video encryption transmission device of this application further includes:

[0212] A key query request receiving module is used to receive a key query request sent by a streaming media server in response to a playback request; wherein the playback request is sent by the playback device and carries a target first key;

[0213] The key extraction module is used to extract the target first key from the key query request;

[0214] The key query module is used to query based on the target first key and determine the target plaintext key corresponding to the target first key;

[0215] The key return module is used to return the target plaintext key to the streaming media server.

[0216] In one embodiment, this application also provides a storage medium storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform steps of a video encryption transmission method applied to a playback device as described in any embodiment, and / or steps of a video encryption transmission method applied to a video network platform.

[0217] In one embodiment, this application also provides a playback device storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the video encryption transmission method applied to the playback device in any embodiment.

[0218] In one embodiment, this application also provides a video network service platform, which stores computer-readable instructions. When executed by one or more processors, the computer-readable instructions cause the one or more processors to perform the steps of the video encryption transmission method applied to the video network service platform in any embodiment.

[0219] Finally, it should be noted that in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element. In this document, "a," "an," "the," "the," and "its" may also include plural forms unless the context clearly indicates otherwise. "Multiple" refers to at least two, such as 2, 3, 5, or 8, etc. "And / or" includes any and all combinations of the related listed items.

[0220] The various embodiments in this specification are described in a progressive manner. Each embodiment focuses on the differences from other embodiments. The various embodiments can be combined as needed, and the same or similar parts can be referred to each other.

[0221] The above description of the disclosed embodiments enables those skilled in the art to make or use this application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of this application. Therefore, this application is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A method for encrypted video transmission, characterized in that, Applied to a playback device, the method includes: In response to a video playback command, a plaintext key is generated, and an address retrieval request is generated; Send the address acquisition request to the video network service platform and receive the first encrypted message returned by the video network service platform in response to the address acquisition request; wherein, the first encrypted message includes first encrypted information and address encrypted data, and the address encrypted data is obtained by encrypting the playback address information according to the first encrypted information; The address encryption data is decrypted based on the first encryption information to obtain the playback address information; A playback request carrying a first ciphertext key is sent to the streaming media server according to the playback address information; wherein, the first ciphertext key is obtained by encrypting the plaintext key; The system receives a second encrypted message returned by the streaming media server in response to the playback request; wherein the second encrypted message includes encrypted video data, which is obtained by encrypting video stream data according to the plaintext key; The video encrypted data is decrypted based on the plaintext key to obtain the video stream data.

2. The method according to claim 1, characterized in that, The generated address acquisition request includes: The plaintext key is encrypted to obtain the second ciphertext key; Generate the address acquisition request carrying the second ciphertext key; The address acquisition request is used to instruct the video network service platform to decrypt the second ciphertext key to obtain the plaintext key, and to re-encrypt the plaintext key to obtain the first ciphertext key. The first ciphertext key and the playback address information are then encrypted according to the first encryption information to obtain the first encrypted message.

3. The method according to claim 1, characterized in that, The step of sending a playback request carrying a first encrypted key to the streaming media server based on the playback address information includes: The playback address information is parsed to obtain streaming media connection verification information; Based on the streaming media connection verification information, an SRT connection is established between the playback device and the streaming media server; Generate the playback request carrying the first ciphertext key; Based on the SRT connection, the playback request is sent to the streaming media server.

4. The method according to any one of claims 1 to 3, characterized in that, The second encrypted message also includes second encrypted information, wherein the video encrypted data is obtained by encrypting video stream data according to the second encrypted information and the plaintext key; The process of decrypting the encrypted video data based on the plaintext key to obtain the video stream data includes: The encrypted video data is decrypted using the second encryption information and the plaintext key to obtain the video stream data.

5. A method for encrypted video transmission, characterized in that, Applied to a video network service platform, the method includes: In response to an address retrieval request sent by the playback device, a decryption key is generated; Extract the second ciphertext key from the address retrieval request; wherein the second ciphertext key is obtained by encrypting the plaintext key by the playback device; The second ciphertext key is decrypted using the decryption key to obtain the plaintext key; The plaintext key is encrypted according to a preset key encryption algorithm to obtain the first ciphertext key; The playback address information corresponding to the address acquisition request is determined respectively, and the playback address information is assembled and concatenated with the first ciphertext key to obtain concatenated data; A first encryption algorithm is determined, and the concatenated data is encrypted using the first encryption algorithm to obtain encrypted address data; Determine the first encryption information corresponding to the first encryption algorithm, and generate a first encrypted message based on the first encryption information and the address encryption data; The first encrypted message is returned to the playback device.

6. The method according to claim 5, characterized in that, The method further includes: Receive a key query request sent by the streaming media server in response to a playback request; wherein the playback request is sent by the playback device and carries the first ciphertext key; Extract the first ciphertext key from the key query request; A query is performed based on the first ciphertext key to determine the plaintext key corresponding to the first ciphertext key; Return the plaintext key to the streaming media server.

7. A video encryption transmission device, characterized in that, Applied to a playback device, the device includes: The address acquisition request generation module is used to generate a plaintext key and an address acquisition request in response to a video playback command. The address acquisition module is used to send the address acquisition request to the video network service platform and receive the first encrypted message returned by the video network service platform in response to the address acquisition request; wherein, the first encrypted message includes first encrypted information and address encrypted data, and the address encrypted data is obtained by encrypting the playback address information according to the first encrypted information; The first decryption module is used to decrypt the address encryption data according to the first encryption information to obtain the playback address information; A playback request sending module is used to send a playback request carrying a first ciphertext key to a streaming media server based on the playback address information; wherein the first ciphertext key is obtained by encrypting the plaintext key; The second encrypted message acquisition module is used to receive a second encrypted message returned by the streaming media server in response to the playback request; wherein the second encrypted message includes video encrypted data, and the video encrypted data is obtained by encrypting video stream data according to the plaintext key; The video stream data acquisition module is used to decrypt the encrypted video data based on the plaintext key to obtain the video stream data.

8. A video encryption transmission device, characterized in that, The device, applied to a video network service platform, includes: The decryption key generation module is used to generate a decryption key in response to an address acquisition request sent by the playback device. The second ciphertext key extraction module is used to extract the second ciphertext key from the address acquisition request; wherein the second ciphertext key is obtained by the playback device encrypting the plaintext key; The second decryption module is used to decrypt the second ciphertext key according to the decryption key to obtain the plaintext key; The key encryption module is used to encrypt the plaintext key according to a preset key encryption algorithm to obtain a first ciphertext key; An assembly and splicing module is used to determine the playback address information corresponding to the address acquisition request, and to assemble and splice the playback address information with the first ciphertext key to obtain spliced ​​data. The address encryption module is used to determine a first encryption algorithm and use the first encryption algorithm to encrypt the concatenated data to obtain address encrypted data. The first encrypted message generation module is used to determine the first encryption information corresponding to the first encryption algorithm, and generate the first encrypted message based on the first encryption information and the address encryption data. The first encrypted message return module is used to return the first encrypted message to the playback device.

9. A playback device, characterized in that, include: One or more processors, and memory; The memory stores computer-readable instructions, which, when executed by the one or more processors, perform the steps of the video encryption transmission method as described in any one of claims 1 to 4.

10. A video network service platform, characterized in that, include: One or more processors, and memory; The memory stores computer-readable instructions, which, when executed by the one or more processors, perform the steps of the video encryption transmission method as described in any one of claims 5 or 6.