CN107222759B

CN107222759B - Method, system, device and medium for encrypting and decrypting media file

Info

Publication number: CN107222759B
Application number: CN201710511827.2A
Authority: CN
Inventors: 郭再荣
Original assignee: Netease Hangzhou Network Co Ltd
Current assignee: Hangzhou Netease Zhiqi Technology Co Ltd
Priority date: 2017-06-28
Filing date: 2017-06-28
Publication date: 2021-02-02
Anticipated expiration: 2037-06-28
Also published as: CN107222759A

Abstract

The embodiment of the invention provides a media file encryption method, which comprises the following steps: and sequentially encrypting at least some data bits in the media data by using a key through a streaming encryption algorithm, wherein the encryption processing is performed on the bits of the media data frame packet sequentially from the first bit of the key every time a preset media data frame packet is encountered. Correspondingly, the embodiment of the invention also provides a media file decryption method. By encrypting the data frame packets from the head by using the key and encrypting the data frame packets by using the stream encryption algorithm, the method of the invention ensures that the structure of the media file is not damaged, can normally respond to the dragging operation of a user, and can decrypt the data frame packets from the corresponding data frame packets in the decryption process, thereby accelerating the decryption speed of the video and improving the user experience. In addition, the embodiment of the invention provides a media file encryption and decryption system.

Description

Method, system, device and medium for encrypting and decrypting media file

Technical Field

The embodiment of the invention relates to the field of data processing, in particular to a method, a system, a medium and a computing device for encrypting and decrypting a media file.

Background

This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.

In the whole media file transmission field, when a client requests a server to transmit a media file, the server generally needs to encrypt the transmitted media file in order to protect the copyright of the source media file, and the client receives the media file transmitted by the server, decrypts the media file and then plays the media file.

At present, some encryption methods for media files have appeared, mainly including the following:

the full Encryption Algorithm encrypts the Video data as ordinary binary data, regardless of the encoding format of the Video, such as VEA (Video Encryption Algorithm) and CSC (chaotic Encryption Algorithm).

The encryption algorithm of the part, namely choose the important part in the file to encrypt, the common encryption algorithm includes hierarchical encryption algorithm and encryption algorithm based on frame structure, etc.. The partial encryption algorithm encrypts only a significant portion of the media file.

The encryption algorithm related to encoding includes, for example, a DCT coefficient encryption algorithm, an entropy encoding process encryption algorithm, and the like.

Disclosure of Invention

However, in the above-mentioned various encryption algorithms, the format of the media file needs to be modified during the encryption process, or the size of the source media file is changed, or the sizes of the video data and the audio data therein are changed, so that the position offset of the key frames in the encrypted media file and the source media file is changed, and if corresponding processing is not performed, the client cannot perform operations such as video dragging.

Therefore, in the prior art, in order to support operations such as video dragging, the key frame position offset needs to be re-determined, and for the client, the encrypted media file needs to be processed according to the key frame position re-determined by the server, so as to correctly identify the video data and the audio data in the media file, thereby increasing the cost of processing resources of the client; in addition, for some video services, such as streaming media on-demand services, due to the change of the media file structure, a Content Delivery Network (CDN) cannot accurately locate each component in a media file, so that media file delivery cannot be performed.

Therefore, an improved media file encryption method is needed, so that the encrypted media file is suitable for distribution in a content distribution network, the cost of processing resources of the client is reduced, and the speed of playing the media file by the client is increased.

In this context, embodiments of the present invention are intended to provide a method and system for encrypting and decrypting a media file.

In a first aspect of embodiments of the present invention, there is provided a method for encrypting a media file, the media file including media data, the method comprising:

and sequentially encrypting at least some data bits in the media data by using a key through a streaming encryption algorithm, wherein the encryption processing is performed on the bits of the media data frame packet sequentially from the first bit of the key every time a preset media data frame packet is encountered.

In an embodiment of the present invention, the method further includes: and if the last bit of the encryption bit of the key is used up and the encryption of the media data frame packet is not finished, continuing to encrypt the media data frame packet from the first bit of the key.

In another embodiment of the present invention, the media data frame packet includes a packet made of a single key data frame or a packet made of a plurality of data frames.

In another embodiment of the present invention, the media data frame packets are multiple, and the multiple media data frame packets are consecutively connected or spaced.

In yet another embodiment of the present invention, the media data frame packet includes a P frame starting from a current I frame and ending before a next I frame.

In yet another embodiment of the present invention, the above-mentioned media data frame packet starts with a P frame, and the P frame is specially marked.

In yet another embodiment of the present invention, the media file includes a fragmented MP4 media file, the fragmented MP4 media file includes a plurality of file fragments, each file fragment includes at least a portion of the media data, the media file further includes at least one first metadata and a plurality of second metadata respectively corresponding to the plurality of file fragments, wherein the first metadata includes overall description information of the media file, and each second metadata includes detailed description information of the corresponding file fragment.

In a further embodiment of the present invention, the media data in each file segment includes at least one media data frame packet.

In a further embodiment of the present invention, the second metadata includes header information, and the method further includes: setting at least one field in header information of the second metadata to indicate whether the encryption processing is performed on the media data corresponding to the second metadata.

In another embodiment of the present invention, the sequentially encrypting at least a part of the data bits in the media data includes: the encryption process is not performed on the particular one or more data bits of the media data.

In yet another embodiment of the present invention, the specific one or more data bits comprise the first twelve bytes of the media data.

In a further embodiment of the present invention, the first metadata includes a user-defined field, and the method further includes: writing any one or more of the following items in the user-defined field: description information of at least one encryption algorithm, version number of at least one said encryption algorithm, description information of at least one key check algorithm, and/or description information of version number of at least one said key check algorithm.

In a second aspect of embodiments of the present invention, there is provided a method for decrypting a media file, the media file including metadata and media data, the metadata including description information of the media file, the method including: according to the received metadata of the encrypted media file, at least some data bits in the media data are sequentially decrypted by using a key by using a decryption algorithm corresponding to a streaming encryption algorithm used by the encrypted media file, wherein the decryption processing is performed on the bit bits of a media data frame packet in sequence from the first bit of the key every time a preset media data frame packet is encountered.

In an embodiment of the present invention, the method further includes: and if the last bit of the encryption bit of the key is used up and the decryption of the media data frame packet is not finished, continuing to decrypt the media data frame packet from the first bit of the key.

In yet another embodiment of the present invention, the media file includes a fragmented MP4 media file, the fragmented MP4 media file includes a plurality of file fragments, each file fragment includes at least a portion of the media data, the media file further includes at least one first metadata and a plurality of second metadata respectively corresponding to the plurality of file fragments, wherein the first metadata includes overall description information of the media file, and each second metadata includes specific description information of the corresponding file fragment.

In a further embodiment of the present invention, the second metadata includes header information, and the header information includes a set identifier of at least one field to indicate whether the media data corresponding to the second metadata is encrypted, and the method further includes: and reading the set identifier of at least one field in the header information of the second metadata, and judging whether the media data corresponding to the second metadata is encrypted media data or not according to the read set identifier.

In another embodiment of the present invention, the sequentially decrypting at least some of the data bits in the media data includes: the decryption process is not performed on the particular one or more data bits of the media data.

In a further embodiment of the present invention, the first metadata includes a user-defined field, and the user-defined field includes any one or more of the following items: description information of at least one encryption algorithm, a version number of at least one said encryption algorithm, description information of at least one key check algorithm, description information of a version number of at least one said key check algorithm, the method further comprising: reading the description information of at least one encryption algorithm used for encrypting the encrypted media file and/or the version number of at least one encryption algorithm and/or the description information of at least one key verification algorithm and/or the description information of the version number of at least one key verification algorithm which are set in the custom field, and determining a decryption algorithm and/or a key verification algorithm for decrypting the encrypted media file according to the read information.

In a third aspect of embodiments of the present invention, there is provided a system for encrypting a media file, the media file including media data, the system comprising: and the stream encryption module is used for sequentially encrypting at least some data bits in the media data by using a stream encryption algorithm through a key, and comprises the step of sequentially encrypting the bits of the media data frame packet from the first bit of the key every time a preset media data frame packet is encountered.

In an embodiment of the present invention, the streaming encryption module is further configured to: and if the last bit of the encryption bit of the key is used up and the encryption of the media data frame packet is not finished, continuing to encrypt the media data frame packet from the first bit of the key.

In a further embodiment of the present invention, the second metadata includes header information, and the system further includes: and the setting processing module is used for setting at least one field in the header information of the second metadata so as to indicate whether the encryption processing is carried out on the media data corresponding to the second metadata.

In a further embodiment of the present invention, the first metadata includes a user-defined field, and the system further includes: the user-defined module is used for writing any one or more of the following items in the user-defined field: description information of at least one encryption algorithm, version number of at least one said encryption algorithm, description information of at least one key check algorithm, and/or description information of version number of at least one said key check algorithm.

In a fourth aspect of embodiments of the present invention, there is provided a system for decrypting a media file, the media file including metadata and media data, the metadata including description information of the media file, the system including: the stream decryption module is used for sequentially decrypting at least some data bits in the media data by using a key according to a decryption algorithm corresponding to a stream encryption algorithm used by the encrypted media file according to the received metadata of the encrypted media file, and comprises the step of sequentially decrypting the bits of the media data frame packet from the first bit of the key when a preset media data frame packet is encountered.

In an embodiment of the present invention, the streaming decryption module is further configured to: and if the last bit of the encryption bit of the key is used up and the decryption of the media data frame packet is not finished, continuing to decrypt the media data frame packet from the first bit of the key.

In another embodiment of the present invention, the media data frame packets are divided into a plurality of media data frame packets, and the plurality of media data frame packets are continuously connected or spaced.

In yet another embodiment of the present invention, the second metadata includes header information, and the header information includes a set identifier of at least one field to indicate whether the media data corresponding to the second metadata is encrypted, and the system further includes a set identifier reading module, configured to read the set identifier of at least one field in the header information of the second metadata, and determine whether the media data corresponding to the second metadata is encrypted media data according to the read set identifier.

In a further embodiment of the present invention, the first metadata includes a user-defined field, and the user-defined field includes any one or more of the following items: description information of at least one encryption algorithm, a version number of at least one said encryption algorithm, description information of at least one key check algorithm, description information of a version number of at least one said key check algorithm, said system further comprising: and the information reading module is used for reading the description information of at least one encryption algorithm used for encrypting the encrypted media file and/or the version number of at least one encryption algorithm and/or the description information of at least one key verification algorithm and/or the description information of the version number of at least one key verification algorithm which are arranged in the custom field, and determining a decryption algorithm and/or a key verification algorithm for decrypting the encrypted media file according to the read information.

In a fifth aspect of embodiments of the present invention, there is provided a media file encryption device, comprising: one or more memories storing executable instructions; and one or more processors executing the executable instructions to implement the method for encrypting the media file of any of the above embodiments.

In a sixth aspect of embodiments of the present invention, there is provided a media file decryption apparatus comprising: one or more memories storing executable instructions; and one or more processors executing the executable instructions to implement the method for decrypting a media file as described in any of the above embodiments.

In a seventh aspect of embodiments of the present invention, there is provided a medium having stored thereon executable instructions that, when executed by a processor, implement a method of encrypting a media file as described in any of the above embodiments.

In an eighth aspect of embodiments of the present invention, there is provided a medium having stored thereon executable instructions that, when executed by a processor, implement a method of decrypting a media file as described in any one of the above embodiments.

According to the encryption and decryption method and the system of the media file, the size and the format of the source media file are not changed in the encryption process, so that the key frame position offset in the encrypted media file is the same as that of the source file, corresponding processing does not need to be carried out on the key frame position offset in the encrypted media file, the operation processing flow of decrypting the media file is simplified, the processing resources required by decrypting the media file are saved, and the speed of decrypting the media file by the decryption end is improved.

In addition, according to the encryption and decryption method and system for the media file in the embodiment of the invention, because the data frame packets are encrypted from the beginning in the encryption process, the decryption of the whole media file from the beginning is not needed in the decryption process, the decryption can be performed from a certain data frame packet according to the needs of a user, and the decryption speed is increased.

Drawings

The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:

FIG. 1 schematically illustrates an exemplary application scenario according to an embodiment of the present invention;

FIG. 2 schematically shows a flow chart of a method of encrypting a media file according to an embodiment of the invention;

fig. 3 schematically shows a structural diagram of an MP4 media file in a slice format according to an embodiment of the present invention;

fig. 4 schematically shows a flowchart of an encryption method of a slice-formatted MP4 media file according to an embodiment of the present invention;

FIG. 5 schematically shows a flow chart of a method of decrypting a media file according to an embodiment of the invention;

fig. 6 schematically shows a flowchart of a decryption method of a slice-formatted MP4 media file according to an embodiment of the present invention;

FIG. 7 schematically illustrates a block diagram of an encryption system for media files according to an embodiment of the present invention;

FIG. 8 schematically illustrates a block diagram of an encryption system for a slice-formatted MP4 media file, according to an embodiment of the present invention;

FIG. 9 schematically shows a block diagram of a decryption system for media files according to an embodiment of the present invention;

fig. 10 schematically shows a block diagram of a decryption system of a slice-formatted MP4 media file according to an embodiment of the present invention.

FIG. 11 schematically shows a schematic view of a computer-readable storage medium product according to an embodiment of the invention; and

FIG. 12 schematically shows a block diagram of a computing device according to an embodiment of the present invention.

In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.

Detailed Description

The principles and spirit of the present invention will be described with reference to a number of exemplary embodiments. It is understood that these embodiments are given solely for the purpose of enabling those skilled in the art to better understand and to practice the invention, and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.

According to the embodiment of the invention, a method, a system, equipment and a medium for encrypting and decrypting a media file are provided.

In this document, any number of elements in the drawings is by way of example and not by way of limitation, and any nomenclature is used solely for differentiation and not by way of limitation.

The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.

Summary of The Invention

In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: in the existing media file encryption method, the structure of a media file or the size of the media file is changed, so that the position offset of a key frame in a source media file is changed, and in order to support operations such as file dragging, the encryption end needs to re-determine the position offset of the key frame in the encrypted media file, so that the complexity of the encrypted media file processing operation of the encryption end is increased, the processing resources of the encryption end are wasted, and the encryption speed of the media file is reduced; accordingly, at the decryption end, corresponding processing needs to be performed on the key frame position offset in the encrypted media file to accurately identify the key frame position offset in the media file, which increases the complexity of the processing operation of decrypting the media file at the decryption end, wastes the processing resources at the decryption end on one hand, and affects the speed of decrypting the media file at the decryption end on the other hand.

In addition, the existing media file encryption method sequentially encrypts media data by using keys, and in the decryption process, if a certain frame in the middle is to be decrypted, the media data needs to be decrypted from the beginning, so that on one hand, processing resources at a decryption end are wasted, on the other hand, the decryption speed is reduced, and user experience is influenced.

Having described the general principles of the invention, various non-limiting embodiments of the invention are described in detail below.

Application scene overview

Referring first to fig. 1, fig. 1 schematically shows an exemplary application scenario in which the media data encryption and decryption method or system of the present invention may be applied, according to an embodiment of the present invention.

As shown in fig. 1, an application scenario may include

terminal devices

101, 102, 103, 104, a network 105 and a server 106. The network 104 is used to provide communication links between the

terminal devices

101, 102, 103, 104 and the server 106. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.

A user may use

terminal devices

101, 102, 103, 104 to interact with a server 106 via a network 105 to receive or transmit data or the like. Various applications such as a media file browser and a media file player may be installed on the

terminal devices

101, 102, 103, and 104.

The

terminal devices

101, 102, 103, 104 may be various electronic devices having a display screen and supporting playback of media files, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.

According to the embodiment of the present invention, the

terminal devices

101, 102, 103, and 104 are installed with media file playing clients, a user sends a media file acquisition request to the media file playing server 106 through the media file playing clients installed in the terminal devices, the media file playing server 106 encrypts the media file requested by the user and sends the encrypted media file to the terminal devices, and the media file playing clients installed in the terminal devices decrypt and play the received encrypted media file.

It should be noted that the encryption method for the media file provided by the embodiment of the present disclosure may be generally executed by the server 106. Accordingly, the encryption system for media files provided by embodiments of the present disclosure may be generally disposed in the server 106. The encryption method for the media file provided by the embodiment of the present disclosure may also be performed by a server or a server cluster different from the server 106 and capable of communicating with the

terminal devices

101, 102, 103, 104 and/or the server 106. Accordingly, the encryption system for media files provided by the embodiments of the present disclosure may also be disposed in a server or a server cluster different from the server 106 and capable of communicating with the

terminal devices

101, 102, 103, 104 and/or the server 106.

The decryption method of the media file provided by the embodiment of the disclosure can be generally executed by any one or more of the

terminal devices

101, 102, 103, 104. Accordingly, the decryption system for media files provided by the embodiments of the present disclosure may be generally disposed in one or more of the

terminal devices

101, 102, 103, and 104.

It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

Exemplary method

In connection with the application scenario of fig. 1, a method for encrypting a media file according to an exemplary embodiment of the present invention is described with reference to fig. 2. It should be noted that the above application scenarios are merely illustrated for the convenience of understanding the spirit and principles of the present invention, and the embodiments of the present invention are not limited in this respect. Rather, embodiments of the present invention may be applied to any scenario where applicable.

The embodiment of the invention provides a method for encrypting a media file.

Fig. 2 schematically shows a flow chart of a method of encrypting a media file according to an embodiment of the present invention.

As shown in fig. 2, the method may include the operations of:

in operation S201, a media file is acquired, the media file including media data. The step of acquiring the media file comprises acquiring a corresponding media file according to a user request.

According to an embodiment of the present disclosure, a media file includes metadata including macro description information for the media file and media data including audio data or video data to be actually played.

In operation S202, at least some data bits in the media data are sequentially encrypted by a streaming encryption algorithm using a key, including sequentially performing the encryption processing on bits of a media data frame packet starting from a first bit of the key each time a preset media data frame packet is encountered.

The stream encryption algorithm generates a random code stream by using the encryption algorithm and a secret key together, and then performs exclusive OR operation with the data stream to generate an encrypted data stream, so that the data length before and after encryption can be ensured not to change. The stream encryption algorithm encrypts in bytes without changing the structure of the source media file and the size of the audio/video data. For the video file, the position of each part of the video file is not changed by the streaming encryption algorithm, and only the numerical value of the same position is changed, so that the dragging operation of the video is facilitated.

When each bit of the media data is sequentially encrypted by a streaming encryption algorithm, each time a preset media data frame packet is encountered, the media data frame packet is encrypted from the first bit of the key. When the media data frame packet is encrypted, if the encryption bit of the key has used up the last bit and the media data frame packet has not been encrypted, the encryption processing of the media data frame packet is continued from the first bit of the key.

For example, the data frame packet a of the media data includes one frame data of 30 bits, the data frame packet B includes two frame data of 50 bits, the data frame packet B follows the data frame packet a, the key includes data of 20 bits, the first 20 bits of data of the data frame packet a are sequentially encrypted from the 1 st bit of the key, after the 20 bits of data of the key completes encryption on the first 20 bits of data of the data frame packet a, the key is continuously used, the 21 st bit data to the 30 th bit data of the data frame packet a are sequentially encrypted from the 1 st bit of the key, and after the 30 bits of data of the data frame packet a completes encryption calculation, the remaining 10 bits of key do not encrypt the data frame packet B, but encrypt the first 20 bits of data of the data frame packet B from the 1 st bit of the key.

It will be appreciated by those skilled in the art that the number of data bits of the data frame packet and the number of data bits of the key in the above examples are merely to aid understanding, and the present disclosure does not limit the size of the data frame packet nor the size of the key.

Each media data frame packet may comprise a packet of individual key data frames, e.g. data frame packet a comprises only one key data frame. Each media data frame group may also include a group of multiple data frames, for example, the data frame group B includes two data frames, where multiple data frames may all be key frames, none may be key frames, or a part may be a key frame and a part may not be a key frame.

As an alternative embodiment, the media data frame packet may include a start from the current key frame (I-frame) to the end of the previous non-key frame (P-frame) of the next key frame (I-frame). It may also include starting with a P frame, where the P frame is specially marked.

How many frames of data are included in a data frame packet, from which frame starts to which frame ends, may be grouped according to the content, format, or user request of the media file. The present disclosure is not limited thereto.

According to embodiments of the present disclosure, media data of a media file may be divided into a plurality of media data frame packets.

Wherein, the plurality of media data frame packets can be continuously connected. For example, the media data includes 50 data frames, and the 1 st frame to the 10 th frame may be composed as one media data frame packet, and the 11 th frame to the 20 th frame may be composed as one data frame packet.

There may also be a gap between multiple media data frame packets. For example, the media data includes 50 data frames, the 1 st frame to the 10 th frame may be composed into one media data frame packet, and the 15 th frame to the 25 th frame may be composed into one media data frame packet. In the embodiment of the present disclosure, in the case that there is an interval between two media data frame packets, a plurality of data frames (for example, 11 th frame to 14 th frame) of the interval may not be encrypted, the first bit of the key may be used to start encrypting the plurality of data frames of the interval, and the encryption may be started using the corresponding data bit of the key after the previous data frame packet is started.

By the embodiment of the disclosure, media data can be divided into a plurality of data frame packets, each data frame packet comprises at least one data frame, and for each data frame packet, encryption processing is sequentially performed by using a stream type encryption algorithm from the first bit of a key. The encryption method can not damage the size and the structure of the media file, can normally respond to the dragging operation of a user, and when the user performs the dragging operation, the decryption processing is not required to be sequentially performed by using the key from the first bit of the media data, but the decryption can be performed by using the data frame packet corresponding to the dragging position, so that the decryption speed of the video is increased, and the user experience is improved.

Based on the media file encryption method provided by the invention, the invention also provides a specific encryption method particularly for the media file in the fragment MP4 format.

Fig. 3 schematically shows a structural diagram of an MP4 media file 300 in a slice format according to an embodiment of the present invention.

As shown in fig. 3, the MP4 file 300 in a sliced format includes first metadata 310 and at least one file segment 320, and each file segment 320 includes second metadata 321 and media data 322.

The first metadata 310 includes overall description information of the media file. For example, the MP 39 4 file may be moov (movie Metadata box) which is used to represent the package of MP4 format when the file is stored, and also indicates whether the MP4 file has description information such as audio data or video data.

According to an embodiment of the present disclosure, the first metadata 310 further includes a user-defined field. For example, udta box in moov.

The file segment 320 includes at least a portion of the media data. For example, it may be a fragment box in an MP4 file.

The file segment 320 includes second metadata 321, including specific description information of the file segment, such as moof (movie fragment box) in MP4 file. Wherein the second metadata includes header information, such as mfhd (movie fragment header) in MP4 file.

The file fragment 320 further includes media data 322, which may be mdat (movie data box) in MP4 file, for example.

A file segment contains audio and video data and sufficient second metadata to ensure that the media data in the file segment can be decoded separately.

According to an embodiment of the present disclosure, the media data 322 in each file segment 320 includes at least one media data frame packet. That is, one file segment is one media data frame packet, or the media data in one file segment is divided into a plurality of media data frame packets.

Next, a media file encryption method according to another embodiment of the present disclosure will be described with reference to fig. 4 in conjunction with a fragmented MP4 media file.

Fig. 4 schematically shows a flowchart of an encryption method of a slice-formatted MP4 media file according to an embodiment of the present invention.

As shown in fig. 4, the method includes operations S401 to S403.

In operation S401, at least one field in header information of the second metadata is set to indicate whether the encryption process is performed on media data corresponding to the second metadata.

According to the embodiment of the present disclosure, the header information of the second metadata has a Flags field, which represents the characteristics of the current file segment, and one of the flag bits may be used to indicate whether the media data of the current file segment is encrypted. For example, the flag may be set to 1 to indicate that the media data in the current file segment is encrypted, and the flag may be set to 0 to indicate that the media data in the current file segment is not encrypted. Therefore, the decryption end can decrypt conveniently, when the decryption end reads that the identification position in the Flags is set to be 1, the decryption end decrypts the media data in the file segment, otherwise, the decryption end does not need to decrypt the media data in the file segment.

In operation S402, any one or more items are written in the user-defined field of the first metadata: description information of at least one encryption algorithm; a version number of at least one of the encryption algorithms; description information of at least one key verification algorithm; and/or description information of a version number of at least one of said key verification algorithms.

According to embodiments of the present disclosure, several possible types and/or version numbers of encryption algorithms, as well as types and/or version numbers of key verification algorithms, may be written in the user-defined fields. Therefore, the existing encryption algorithm is cracked in time, and the encryption algorithm can be seamlessly upgraded in the subsequent updating process.

Specifically, the encryption side needs to inform the decryption side of the streaming encryption algorithm and the key check algorithm used for encrypting the media file. After receiving the encrypted media file, the decryption end may first verify the key by using a key verification algorithm notified by the encryption end, and after the key is verified, the decryption end decrypts the media file by using a decryption algorithm corresponding to the streaming encryption algorithm used by the encryption end and the key that has been verified. The decryption end can request the encryption end for a key used for encrypting the media file after receiving the encrypted media file; or the encryption end may negotiate a key used by the decryption end in advance, if the key negotiated by the encryption end and the decryption end includes a plurality of keys, the encryption end may indicate a key identifier used by the decryption end in the encrypted media file, and the encryption end may negotiate a field indicating the key identifier with the decryption end, where the field may be a user-defined field in specific implementation.

In the embodiment of the invention, the encryption terminal can inform the decryption terminal of the streaming encryption algorithm used for encrypting the media file and the key verification algorithm required for verifying the key during decryption through the first metadata. In specific implementation, a field of description information of a streaming encryption algorithm used for encrypting the media file may be set in the first metadata, or a field of description information of a key verification algorithm required for verifying the key during decryption may be set in the first metadata, or a field of description information of a streaming encryption algorithm used for encrypting the media file and a field of description information of a key verification algorithm required for verifying the key during decryption may be set at the same time. If only the field of the description information of the streaming encryption algorithm or only the field of the description information of the key verification algorithm required for verifying the key during decryption is set in the first metadata, the encryption terminal may notify the decryption terminal of the streaming encryption algorithm used or the key verification algorithm required for verifying the key in other manners. The encryption end and the decryption end can negotiate fields carrying a streaming encryption algorithm and a key check algorithm in advance.

During specific implementation, the encryption terminal and the decryption terminal can negotiate multiple streaming encryption algorithms in advance, the encryption terminal can randomly use any one of the streaming encryption algorithms when encrypting the media file, the identifier of the used streaming encryption algorithm is indicated by using the custom field in the first metadata, and the decryption terminal determines the streaming encryption algorithm used by the encryption terminal according to the identifier so as to enhance the security of data encryption. Of course, the encryption side and the decryption side may also negotiate a plurality of keys in advance for encrypting different media files, the encryption side may randomly use any one of the keys when encrypting the media files, and indicate an identifier of a key verification algorithm corresponding to the used key by using a custom field in the first metadata, and the decryption side determines the key verification algorithm corresponding to the key used by the encryption side according to the identifier and verifies the key by using the determined key verification algorithm.

At least some data bits of the media data are sequentially encrypted by a streaming encryption algorithm using a key in operation S403.

According to the embodiment of the disclosure, when at least some data bits in at least one part of media data are sequentially encrypted, the encryption processing is not performed on one or more specific data bits of the media data. For example, the first twelve bytes of the media data.

Specifically, when the media data of each file segment is encrypted, the first 12 bytes are not encrypted. In a slice-formatted MP4 media file, the first four bytes of media data of each file segment represent the start offset of mdat, the middle four bytes represent the size of mdat, and the last four bytes represent the type of mdat. In the encryption process, the 12 bytes are avoided, so that important fields of media data of file fragments can be avoided, and a decryption end can accurately determine information such as the type of the current box.

According to the embodiment of the disclosure, when the media file is encrypted, the first metadata and the second metadata of the media file are not encrypted, only the media data part is encrypted, and the first 12 bytes of the media data are not encrypted.

Specifically, the media data of each file segment may be one data frame packet or a plurality of data frame packets, and the specific encryption method may refer to the method described above with reference to fig. 2, which is not described herein again.

The media file encryption method of the embodiment of the disclosure does not process the metadata, only encrypts the media data, reserves the important description information of the media file, and keeps the format of the MP4 unchanged. When the stream encryption algorithm is used for encryption, the file size before and after encryption can be kept unchanged. And the description information and/or the version number of the encryption algorithm selected from several possible encryption algorithms and the description information and/or the version number of the key verification algorithm are written in the custom field, so that the seamless upgrade of the encryption algorithm can be performed.

Corresponding to the media file encryption method, the embodiment of the invention also provides a media file decryption method.

Fig. 5 schematically shows a flow chart of a method of decrypting a media file according to an embodiment of the invention.

As shown in fig. 5, the method may include the operations of:

in operation S501, a media file is received, the media file including media data. The receiving the media file comprises receiving an encrypted media file requested by a user from a server side.

In operation S502, according to the received metadata of the encrypted media file, sequentially decrypting at least some data bits in the media data by using a key using a decryption algorithm corresponding to a streaming encryption algorithm used by the encrypted media file, including, when a preset media data frame packet is encountered, sequentially performing the decryption processing on bits of the media data frame packet from a first bit of the key.

When the decryption algorithm corresponding to the stream encryption algorithm is used for sequentially decrypting each bit of the media data by using the key, the media data frame packet is decrypted from the first bit of the key every time a preset media data frame packet is encountered. When the media data frame packet is decrypted, if the bits of the key have used up the last bit and the media data frame packet has not been decrypted, the decryption process of the media data frame packet is continued from the first bit of the key.

For example, the data frame packet a of the media data includes one frame data of 30 bits, the data frame packet B includes two frame data of 50 bits, the data frame packet B is concatenated after the data frame packet a, the key includes data of 20 bits, the first 20 bits of data of the data frame packet a are sequentially decrypted from the 1 st bit of the key, after the 20 bits of data of the key finish decrypting the first 20 bits of data of the data frame packet a, the key is continuously used, the decryption calculation is sequentially performed from the 1 st bit of the key to the 21 st bit of data to the 30 th bit of data of the data frame packet a, after the 30 bits of data of the data frame packet a finish decrypting calculation, the remaining 10 bits of key do not decrypt the data frame packet B, but decrypt the first 20 bits of data of the data frame packet B from the 1 st bit of the key.

According to the embodiment of the disclosure, the media data may be divided into a plurality of media data frame packets, and the plurality of media data frame packets are continuously connected or spaced. The media data frame packet may include a packet of a single key data frame or may include a packet of multiple data frames. As an alternative embodiment, the media data frame packet may include a start from the current key frame (I-frame) to the end of the previous non-key frame (P-frame) of the next key frame (I-frame). It may also include starting with a P frame, where the P frame is specially marked. Reference may be made to the above description of the data frame grouping with reference to fig. 2, and details are not repeated here.

By the embodiment of the disclosure, media data can be divided into a plurality of data frame packets, each data frame packet comprises at least one data frame, and for each data frame packet, encryption processing is sequentially performed by using a stream type encryption algorithm from the first bit of a secret key in an encryption process. Accordingly, in the decryption process, each data frame packet is also decrypted in turn using the streaming encryption algorithm starting from the first bit of the key. The encryption and decryption method can not damage the size and the structure of the media file, can normally respond to the dragging operation of a user, and when the user performs the dragging operation, the decryption processing is not required to be sequentially performed by using the key from the first bit of the media data, but the decryption can be performed by using the data frame packet corresponding to the dragging position, so that the decryption speed of the video is increased, and the user experience is improved.

Based on the media file decryption method provided by the invention, the invention also provides a specific decryption method particularly for the media file in the fragment MP4 format.

The structure diagram of the MP4 media file in the tile format can be referred to the description above with reference to fig. 3 and is not repeated herein.

Next, a media file decryption method according to another embodiment of the present disclosure is described with reference to fig. 6 in conjunction with a fragmented MP4 media file.

Fig. 6 schematically shows a flowchart of a decryption method of a slice-formatted MP4 media file according to an embodiment of the present invention.

As shown in fig. 6, the method includes operations S601 to S603.

In operation S601, reading the set identifier of at least one field in header information of the second metadata; and judging whether the media data corresponding to the second metadata is encrypted media data or not according to the read set identifier.

Reading description information of at least one encryption algorithm used for encrypting the encrypted media file and/or a version number of at least one encryption algorithm and/or description information of at least one key check algorithm and/or description information of a version number of at least one key check algorithm set in the custom field in operation S602; and determining a decryption algorithm and/or a key verification algorithm for decrypting the encrypted media file according to the read information.

According to the disclosed embodiments, several possible types and/or version numbers of encryption algorithms, as well as types and/or version numbers of key verification algorithms, may be written in the user-defined field during the encryption process. Specifically, the encryption end informs the decryption end of a streaming encryption algorithm and a key check algorithm used for encrypting the media file. After receiving the encrypted media file, the decryption end may first verify the key by using a key verification algorithm notified by the encryption end, and after the key is verified, the decryption end decrypts the media file by using a decryption algorithm corresponding to the streaming encryption algorithm used by the encryption end and the key that has been verified. The decryption end can request the encryption end for a key used for encrypting the media file after receiving the encrypted media file; or the encryption end may negotiate a key used by the decryption end in advance, if the key negotiated by the encryption end and the decryption end includes a plurality of keys, the encryption end may indicate a key identifier used by the decryption end in the encrypted media file, and the encryption end may negotiate a field indicating the key identifier with the decryption end, where the field may be a user-defined field in specific implementation.

In operation S603, at least some data bits of the media data are sequentially decrypted using the key using a decryption algorithm corresponding to a streaming encryption algorithm used to encrypt the media file.

According to the embodiment of the disclosure, when at least some data bits in at least one part of media data are decrypted in sequence, the decryption processing is not performed on one or more specific data bits of the media data. For example, the first twelve bytes of the media data.

Specifically, in the encryption process of the media data of each file segment, the first 12 bytes are not encrypted. In a slice-formatted MP4 media file, the first four bytes of media data of each file segment represent the start offset of mdat, the middle four bytes represent the size of mdat, and the last four bytes represent the type of mdat. In the encryption process, the 12 bytes are avoided, so that important fields of media data of file fragments can be avoided, and a decryption end can accurately determine information such as the type of the current box. Accordingly, in the decryption process, the first 12 bytes of the media data of each file segment are not decrypted.

According to the embodiment of the disclosure, when the media file is decrypted, the first metadata and the second metadata of the media file are not decrypted, only the media data part is decrypted, and the first 12 bytes of the media data are not decrypted.

Specifically, the media data of each file segment may be one data frame packet or a plurality of data frame packets, and the specific decryption method may refer to the method described above with reference to fig. 5, which is not described herein again.

Exemplary devices

Having described the media of an exemplary embodiment of the present invention, a cryptographic system for implementing media files of an exemplary embodiment of the present invention is described in detail below with reference to FIG. 7.

The embodiment of the invention provides an encryption system of a media file.

Fig. 7 schematically shows a block diagram of an encryption system 700 for media files according to an embodiment of the invention.

As shown in fig. 7, the encryption system 700 for a media file includes an acquisition module 710 and a streaming encryption module 720.

Specifically, the obtaining module 710 obtains a media file, where the media file includes media data. The step of acquiring the media file comprises acquiring a corresponding media file according to a user request. According to the embodiment of the present disclosure, the obtaining module 710 may, for example, perform the operation S201 described above with reference to fig. 2, which is not described herein again.

The streaming encryption module 720 sequentially encrypts at least some data bits in the media data by using a key through a streaming encryption algorithm, including sequentially encrypting bits of a media data frame packet from a first bit of the key whenever a preset media data frame packet is encountered.

According to the embodiment of the present disclosure, the streaming encryption module 720 is further configured to continue the encryption processing on the media data frame packet from the first bit of the key if the encryption bit of the key has used up the last bit and the encryption of the media data frame packet has not ended.

According to the embodiment of the present disclosure, the streaming encryption module 720 may, for example, perform operation S202 described above with reference to fig. 2, which is not described herein again.

By the embodiment of the disclosure, media data can be divided into a plurality of data frame packets, each data frame packet comprises at least one data frame, and for each data frame packet, encryption processing is sequentially performed by using a stream type encryption algorithm from the first bit of a key. The encryption system can not damage the size and the structure of the media file, can normally respond to the dragging operation of a user, and when the user performs the dragging operation, the decryption processing is not required to be sequentially performed by using the key from the first bit of the media data, but the decryption can be performed by using the data frame packet corresponding to the dragging position, so that the decryption speed of the video is increased, and the user experience is improved.

Although the media files in different formats are different in structure, the principle of encrypting the media files is the same. For convenience of description, in the embodiment of the present invention, a media file in a fragmented MP4 format is taken as an example to describe a specific system structure of the media file encryption system provided in the embodiment of the present invention. It should be understood that, in the embodiment of the present invention, the implementation flow of the media file encryption system is described by taking the fragmented MP4 file as an example, which is only for better understanding of the present invention and is not to be construed as limiting the present invention.

Fig. 8 schematically shows a block diagram of an encryption system 800 for a MP4 media file in a sliced format according to an embodiment of the present invention.

As shown in fig. 8, the encryption system 800 for MP4 media files in a fragmented format includes a set processing module 810, a custom module 820, and a streaming encryption module 830.

The setting processing module 810 performs setting processing on at least one field in the header information of the second metadata to indicate whether the encryption processing is performed on the media data corresponding to the second metadata. The setting processing module 810 may, for example, perform operation S401 described above with reference to fig. 4, which is not described herein again.

The custom module 820 writes any one or more of the following in the user-defined field of the first metadata: description information of at least one encryption algorithm; a version number of at least one of the encryption algorithms; description information of at least one key verification algorithm; and/or description information of a version number of at least one of said key verification algorithms. The customization module 820 may perform, for example, the operation S402 described above with reference to fig. 4, which is not described herein again.

And the streaming encryption module 830 sequentially encrypts at least some data bits in the media data by using a streaming encryption algorithm and using a key. The streaming encryption module 830 may perform operation S403 described above with reference to fig. 4, for example, and is not described in detail here.

The media file encryption system of the embodiment of the disclosure does not process the metadata, only encrypts the media data, retains the important description information of the media file, and keeps the format of the MP4 unchanged. When the stream encryption algorithm is used for encryption, the file size before and after encryption can be kept unchanged. And the description information and/or the version number of the encryption algorithm selected from several possible encryption algorithms and the description information and/or the version number of the key verification algorithm are written in the custom field, so that the seamless upgrade of the encryption algorithm can be performed.

Corresponding to the media file encryption system, the embodiment of the invention also provides a media file decryption system.

Fig. 9 schematically shows a block diagram of a decryption system 900 for media files according to an embodiment of the invention.

As shown in fig. 9, the decryption system 900 for media files includes a receiving module 910 and a streaming decryption module 920.

The receiving module 910 receives a media file, where the media file includes media data. The receiving the media file comprises receiving an encrypted media file requested by a user from a server side. According to the embodiment of the present disclosure, the receiving module 910 may perform, for example, the operation S501 described above with reference to fig. 5, which is not described herein again.

The stream decryption module 920, according to the received metadata of the encrypted media file, sequentially decrypts at least some data bits in the media data by using a key using a decryption algorithm corresponding to a stream encryption algorithm used by the encrypted media file, including sequentially decrypting bits of a media data frame packet from a first bit of the key whenever a preset media data frame packet is encountered.

According to the embodiment of the present disclosure, the streaming decryption module 920 is further configured to continue the decryption process on the media data frame packet from the first bit of the key if the bits of the key have used up the last bit and the decryption of the media data frame packet is not completed.

According to the embodiment of the present disclosure, the streaming decryption module 920 may perform, for example, the operation S502 described above with reference to fig. 5, which is not described herein again.

By the embodiment of the disclosure, media data can be divided into a plurality of data frame packets, each data frame packet comprises at least one data frame, and for each data frame packet, encryption processing is sequentially performed by using a stream type encryption algorithm from the first bit of a secret key in an encryption process. Accordingly, in the decryption process, each data frame packet is also decrypted in turn using the streaming encryption algorithm starting from the first bit of the key. The encryption and decryption system can not damage the size and the structure of the media file, can normally respond to the dragging operation of a user, and when the user drags the media file, the user does not need to use the keys to sequentially decrypt from the first bit of the media data, but can decrypt through the data frame packet corresponding to the dragging position, so that the decryption speed of the video is accelerated, and the user experience is improved.

Although the media files in different formats are different in structure, the principle of encrypting the media files is the same. For convenience of description, in the embodiment of the present invention, a specific implementation process of the media file decryption method provided in the embodiment of the present invention is described by taking a media file in a fragment MP4 format as an example. It should be understood that, in the embodiment of the present invention, the implementation flow of the media file decryption method is described by taking the fragmented MP4 file as an example, which is only for better understanding of the present invention and is not to be construed as limiting the present invention.

Next, a media file decryption system according to another embodiment of the present disclosure will be described with reference to fig. 10 in conjunction with a fragmented MP4 media file.

Fig. 10 schematically shows a block diagram of a decryption system 1000 of a MP4 media file in a sliced format according to an embodiment of the present invention.

As shown in fig. 10, the decryption system 1000 for MP4 media file in sliced format includes a set identifier reading module 1010, an information reading module 1020, and a streaming decryption module 1030.

The setting identifier reading module 1010 reads the setting identifier of at least one field in the header information of the second metadata, and determines whether the media data corresponding to the second metadata is encrypted media data according to the read setting identifier. According to the embodiment of the present disclosure, the set identifier reading module 1010 may, for example, perform the operation S601 described above with reference to fig. 6, which is not described herein again.

An information reading module 1020, configured to read description information of at least one encryption algorithm used for encrypting the encrypted media file and/or a version number of at least one encryption algorithm and/or description information of at least one key verification algorithm and/or description information of a version number of at least one key verification algorithm set in the custom field, and determine a decryption algorithm and/or a key verification algorithm for decrypting the encrypted media file according to the read information. According to the embodiment of the present disclosure, the information reading module 1020 may perform the operation S602 described above with reference to fig. 6, for example, which is not described herein again.

The stream decryption module 1030 is configured to sequentially decrypt at least some data bits of the media data using the key according to a decryption algorithm corresponding to a stream encryption algorithm used for encrypting the media file. According to the embodiment of the present disclosure, the streaming decryption module 1030 may perform, for example, operation S603 described above with reference to fig. 6, which is not described herein again.

Exemplary Medium

Having described the method of an exemplary embodiment of the present invention, next, a medium for implementing an encryption method of a media file of an exemplary embodiment of the present invention will be described in detail with reference to fig. 11.

An embodiment of the present invention provides a medium, which stores executable instructions, and the instructions are used to implement the encryption method and the decryption method of the media file in any one of the above method embodiments when being executed by a processing unit.

In some possible embodiments, aspects of the present invention may also be implemented in the form of a program product including program code for causing a terminal device to perform the steps in the data processing method for diagrams according to various exemplary embodiments of the present invention described in the section "exemplary method" above in this specification, when the program product is run on the terminal device, for example, the terminal device may perform the steps as shown in fig. 5 to 6. When the program product is run on a server, the program code is configured to cause the server to perform the steps in the data processing method for charts according to various exemplary embodiments of the present invention described in the above section "exemplary method" of this specification, for example, the server may perform the steps as shown in fig. 2 to 4.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

As shown in fig. 11, a program product 40 for data processing of charts according to an embodiment of the present invention is described, which can employ a portable compact disc read only memory (CD-ROM) and include program codes, and can be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

Exemplary computing device

Having described the methods, media and apparatus of the exemplary embodiments of the present invention, an encryption device and a decryption device for implementing media files of the exemplary embodiments of the present invention will now be described with reference to fig. 12.

The embodiment of the invention also provides a media file encryption device and a media file decryption device. As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

In some possible embodiments, the encryption device and the decryption device of a media file according to the invention may comprise at least one processing unit, and at least one storage unit. Wherein the storage unit stores program code which, when executed by the processing unit, causes the processing unit to perform the steps in the information presentation methods according to various exemplary embodiments of the present invention described in the above section "exemplary methods" of this specification. For example, the processing unit may perform the steps as shown in FIGS. 2-4 to effect encryption of a media file. As another example, the processing unit may also perform the steps shown in FIGS. 5-6 to effect decryption of a media file.

A computing device 50 of an encryption device or a decryption device of a media file according to this embodiment of the present invention is described below with reference to fig. 12. The computing device 50 shown in FIG. 12 is only one example and should not impose any limitations on the functionality or scope of use of embodiments of the present invention.

As shown in fig. 12, computing device 50 is embodied in the form of a general purpose computing device. Components of computing device 50 may include, but are not limited to: the at least one processing unit 501, the at least one memory unit 502, and a bus 503 connecting the various system components (including the memory unit 502 and the processing unit 501).

Bus 503 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures.

The storage unit 502 may include readable media in the form of volatile memory, such as Random Access Memory (RAM)5021 and/or cache memory 5022, and may further include Read Only Memory (ROM) 5023.

The storage unit 502 may also include a program/utility 5025 having a set (at least one) of program modules 5024, such program modules 5024 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Computing device 50 may also communicate with one or more external devices 504 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with computing device 50, and/or with any devices (e.g., router, modem, etc.) that enable computing device 50 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interfaces 505. Moreover, computing device 50 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via network adapter 506. As shown, network adapter 506 communicates with the other modules of computing device 50 over bus 503. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computing device 50, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

It should be noted that although in the above detailed description several units/modules or sub-units/modules of an encryption system of a media file or a decryption system of a media file are mentioned, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the units/modules described above may be embodied in one unit/module according to embodiments of the invention. Conversely, the features and functions of one unit/module described above may be further divided into embodiments by a plurality of units/modules.

Moreover, while the operations of the method of the invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.

While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims

1. A method of encrypting a media file, the media file comprising media data, the method comprising:

sequentially encrypting at least some data bits in the media data by using a key through a streaming encryption algorithm, wherein the encryption processing is performed on the bits of the media data frame packet sequentially from the first bit of the key every time a preset media data frame packet is encountered; and

if the last bit of the encryption key is used up and the encryption of the media data frame packet is not finished, continuing to encrypt the media data frame packet from the first bit of the encryption key, and if the encryption of the media data frame packet is finished and the encryption bit of the encryption key is not used up, performing the encryption processing on another media data frame packet subsequent to the media data frame packet from the first bit of the encryption key;

the media data frame groups are a plurality of media data frame groups, and the plurality of media data frame groups are continuously connected or have intervals; for the case of an interval between two media data frame packets, the data frame in the interval between two media data frame packets is not encrypted.

2. The method of claim 1, the media data frame grouping comprising a single key data frame grouping or a plurality of data frame grouping.

3. The method of claim 1, the media data frame grouping comprising starting from a current I-frame and ending with a previous P-frame of a next I-frame.

4. The method of claim 1, the packet of media data frames starting with a P-frame, and the P-frame being specially marked.

5. The method of claim 1, wherein:

the media files include MP4 media files in a sliced format,

the fragmented format MP4 media file includes a plurality of file fragments, each file fragment including at least a portion of the media data;

the media file further includes at least one first metadata and a plurality of second metadata respectively corresponding to the plurality of file segments,

wherein the first metadata includes overall description information of the media file, and each of the second metadata includes specific description information of a corresponding file segment.

6. The method of claim 5, wherein the media data in each file segment comprises at least one of the media data frame packets.

7. The method of claim 5, wherein the second metadata comprises header information, the method further comprising:

setting at least one field in header information of the second metadata to indicate whether the encryption processing is performed on the media data corresponding to the second metadata.

8. The method of claim 5, wherein said sequentially encrypting data bits in at least some of the media data comprises:

the encryption process is not performed on the particular one or more data bits of the media data.

9. The method of claim 8, wherein the particular one or more data bits comprise the first twelve bytes of the media data.

10. The method of claim 5, wherein the first metadata comprises a user-defined field, the method further comprising:

writing any one or more of the following items in the user-defined field:

description information of at least one encryption algorithm;

a version number of at least one of the encryption algorithms;

description information of at least one key verification algorithm; and/or

Description information of a version number of at least one of said key verification algorithms.

11. A method of decrypting a media file, the media file comprising metadata and media data, the metadata comprising descriptive information for the media file, the method comprising:

according to the received metadata of the encrypted media file, utilizing a decryption algorithm corresponding to a streaming encryption algorithm used by the encrypted media file to sequentially decrypt at least some data bits in the media data by using a key, wherein the decryption processing is performed on the bits of a media data frame packet in sequence from the first bit of the key every time a preset media data frame packet is encountered; and

if the last bit of the encryption key is used up and the decryption of the media data frame packet is not finished, continuing to perform the decryption processing on the media data frame packet from the first bit of the encryption key, and if the decryption of the media data frame packet is finished and the encryption bit of the encryption key is not used up, performing the decryption processing on another media data frame packet subsequent to the media data frame packet from the first bit of the encryption key;

the media data frame groups are a plurality of media data frame groups, and the plurality of media data frame groups are continuously connected or have intervals; in the case where there is an interval between two media data frame packets, the data frame in the interval between the two media data frame packets is not subjected to decryption processing.

12. The method of claim 11, the media data frame grouping comprising a single key data frame grouping or a plurality of data frame grouping.

13. The method of claim 11, the media data frame grouping comprising starting from a current I-frame and ending with a previous P-frame of a next I-frame.

14. The method of claim 11, the packet of media data frames starts with a P-frame, and the P-frame is specially marked.

15. The method of claim 11, wherein:

the media files include MP4 media files in a sliced format,

16. The method of claim 15, wherein the media data in each file segment comprises at least one of the media data frame packets.

17. The method of claim 15, wherein the second metadata includes header information including a set flag of at least one field to indicate whether media data corresponding to the second metadata is cryptographically processed,

the method further comprises the following steps:

reading the set identifier of at least one field in the header information of the second metadata;

and judging whether the media data corresponding to the second metadata is encrypted media data or not according to the read set identifier.

18. The method of claim 15, wherein the sequentially decrypting at least some of the bits of the media data comprises:

the decryption process is not performed on the particular one or more data bits of the media data.

19. The method of claim 18, wherein the particular one or more data bits comprise the first twelve bytes of the media data.

20. The method of claim 15, wherein the first metadata comprises a user-defined field, the defined field comprising any one or more of: description information of at least one encryption algorithm, a version number of at least one said encryption algorithm, description information of at least one key check algorithm, description information of a version number of at least one said key check algorithm,

the method further comprises the following steps:

reading the description information of at least one encryption algorithm used for encrypting the encrypted media file and/or the version number of at least one encryption algorithm, and/or the description information of at least one key verification algorithm and/or the description information of the version number of at least one key verification algorithm, which are set in the custom field;

and determining a decryption algorithm and/or a key verification algorithm for decrypting the encrypted media file according to the read information.

21. A system for encrypting a media file, the media file including media data, the system comprising:

the stream encryption module is used for sequentially encrypting at least some data bits in the media data by using a key through a stream encryption algorithm, and comprises the steps of sequentially encrypting the bits of a media data frame packet from the first bit of the key every time a preset media data frame packet is met; and

22. The system of claim 21, the media data frame grouping comprising a grouping of a single key data frame or a grouping of multiple data frames.

23. The system of claim 21, the media data frame grouping comprising starting from a current I-frame and ending with a previous P-frame of a next I-frame.

24. The system of claim 21, the packet of media data frames starts with a P-frame, and the P-frame is specially marked.

25. The system of claim 21, wherein:

the media files include MP4 media files in a sliced format,

26. The system of claim 25, wherein the media data in each file segment includes at least one of the media data frame packets.

27. The system of claim 25, wherein the second metadata includes header information, the system further comprising:

and the setting processing module is used for setting at least one field in the header information of the second metadata so as to indicate whether the encryption processing is carried out on the media data corresponding to the second metadata.

28. The system of claim 25, wherein said sequentially encrypting data bits in at least some of the media data comprises:

29. The system of claim 28, wherein the particular one or more data bits comprise the first twelve bytes of the media data.

30. The system of claim 25, wherein the first metadata includes user-defined fields, the system further comprising:

the user-defined module is used for writing any one or more of the following items in the user-defined field:

description information of at least one encryption algorithm;

a version number of at least one of the encryption algorithms;

description information of at least one key verification algorithm; and/or

31. A system for decrypting a media file, the media file including metadata and media data, the metadata including descriptive information for the media file, the system comprising:

the stream decryption module is used for sequentially decrypting at least some data bits in the media data by using a decryption algorithm corresponding to a stream encryption algorithm used by the encrypted media file and a key according to the received metadata of the encrypted media file, and comprises the step of sequentially decrypting the bits of a media data frame packet from the first bit of the key when a preset media data frame packet is encountered; and

32. The system of claim 31, the media data frame grouping comprising a single key data frame grouping or a plurality of data frame grouping.

33. The system of claim 31, the media data frame grouping comprising starting from a current I-frame and ending with a previous P-frame of a next I-frame.

34. The system of claim 31, the grouping of media data frames begins with a P-frame, and the P-frame is specially marked.

35. The system of claim 31, wherein:

the media files include MP4 media files in a sliced format,

36. The system of claim 35, wherein the media data in each file segment includes at least one of the media data frame packets.

37. The system of claim 35, wherein the second metadata includes header information including a set flag of at least one field to indicate whether media data corresponding to the second metadata is cryptographically processed,

the system further comprises a value bit identifier reading module, wherein the setting identifier reading module is configured to read the setting identifier of at least one field in the header information of the second metadata, and determine whether the media data corresponding to the second metadata is encrypted media data according to the read setting identifier.

38. The system of claim 35, wherein said decrypting at least some of the bits of the media data in sequence comprises:

39. The system of claim 38, wherein the particular one or more data bits comprise the first twelve bytes of the media data.

40. The system of claim 35, wherein the first metadata comprises a user-defined field, the defined field comprising any one or more of: description information of at least one encryption algorithm, a version number of at least one said encryption algorithm, description information of at least one key check algorithm, description information of a version number of at least one said key check algorithm,

the system further comprises an information reading module, wherein the information reading module is used for reading the description information of at least one encryption algorithm used for encrypting the encrypted media file and/or the version number of at least one encryption algorithm and/or the description information of at least one key verification algorithm and/or the description information of the version number of at least one key verification algorithm which are set in the custom field, and determining a decryption algorithm and/or a key verification algorithm used for decrypting the encrypted media file according to the read information.

41. A media file encryption device comprising:

one or more memories storing executable instructions; and

one or more processors executing the executable instructions to implement the method of any one of claims 1-10.

42. A media file decryption device comprising:

one or more memories storing executable instructions; and

one or more processors executing the executable instructions to implement the method of any one of claims 11-20.

43. A medium having stored thereon executable instructions which, when executed by a processor, implement a method according to any one of claims 1 to 10.

44. A medium having stored thereon executable instructions which, when executed by a processor, implement a method according to any one of claims 11 to 20.