[go: up one dir, main page]

CN112954388A - Data file acquisition method and device, terminal equipment and storage medium - Google Patents

Data file acquisition method and device, terminal equipment and storage medium Download PDF

Info

Publication number
CN112954388A
CN112954388A CN202110144167.5A CN202110144167A CN112954388A CN 112954388 A CN112954388 A CN 112954388A CN 202110144167 A CN202110144167 A CN 202110144167A CN 112954388 A CN112954388 A CN 112954388A
Authority
CN
China
Prior art keywords
file
demand file
encrypted
demand
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110144167.5A
Other languages
Chinese (zh)
Other versions
CN112954388B (en
Inventor
刘佳昌
祁孟飞
刘佳奇
杨春晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visionvera Information Technology Co Ltd
Original Assignee
Visionvera Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visionvera Information Technology Co Ltd filed Critical Visionvera Information Technology Co Ltd
Priority to CN202110144167.5A priority Critical patent/CN112954388B/en
Publication of CN112954388A publication Critical patent/CN112954388A/en
Application granted granted Critical
Publication of CN112954388B publication Critical patent/CN112954388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/231Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers, prioritizing data for deletion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/239Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests
    • H04N21/2393Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests involving handling client requests

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a method and a device for acquiring a data file, a terminal device and a storage medium, wherein the method comprises the following steps: sending an acquisition request of the on-demand file to a storage server, and receiving an encrypted on-demand file corresponding to an on-demand file identifier and a target video network number of a core server corresponding to the on-demand file identifier, which are returned by the storage server; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.

Description

Data file acquisition method and device, terminal equipment and storage medium
Technical Field
The present invention relates to the field of video networking technologies, and in particular, to a method and an apparatus for acquiring a data file, a terminal device, and a storage medium.
Background
When business data transmission is carried out in the video network, the business data can be stored in the storage server, if the hard disk of the storage server is maliciously removed, the content of the hard disk can be directly read, and therefore when the business data transmission is carried out, the problem of business data leakage can be caused, so that the safety of the business data is guaranteed, and the problem of urgent need for solving at present is not leaked.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a data file acquisition method, apparatus, terminal device and storage medium that overcome or at least partially solve the above problems.
In a first aspect, an embodiment of the present invention provides a method for acquiring a data file, where the method includes:
sending an acquisition request of an on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier;
receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server;
receiving a target video networking number of a core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;
acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;
and decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.
Optionally, before the sending the request for obtaining the on-demand file to the storage server, the method further includes:
encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;
and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.
Optionally, the method further comprises:
and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.
Optionally, before the encrypting the original on-demand file by using the symmetric key to obtain the first encrypted file, the method further includes:
determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;
sending a symmetric key request to the core server;
and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.
Optionally, the decrypting the encrypted on-demand file by using the decryption key to obtain an on-demand file includes:
acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;
decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;
and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.
Optionally, the method further comprises:
and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.
Optionally, after the decrypting the encrypted on-demand file by using the encryption key to obtain an original on-demand file, the method further includes:
carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;
comparing the first hash value with the second hash value;
and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.
In a second aspect, an embodiment of the present invention provides an apparatus for acquiring a data file, where the apparatus includes:
the request module is used for sending an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier;
the first receiving module is used for receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;
the acquisition module is used for receiving a target video networking number of the core server, corresponding to the on-demand file identifier, returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;
the second receiving module is used for acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;
and the decryption module is used for decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.
Optionally, the apparatus further comprises a first encryption module, the first encryption module is configured to:
encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;
and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.
Optionally, the first encryption module is further configured to:
and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.
Optionally, the apparatus further comprises a second encryption module, the second encryption module being configured to:
determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;
sending a symmetric key request to the core server;
and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.
Optionally, the decryption module is configured to:
acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;
decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;
and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.
Optionally, the apparatus further comprises a third encryption module, the third encryption module is configured to:
and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.
Optionally, the apparatus further comprises a verification module configured to:
carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;
comparing the first hash value with the second hash value;
and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file.
In a third aspect, an embodiment of the present invention provides a terminal device, including: at least one processor and memory;
the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for acquiring a data file provided in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed, the method for acquiring a data file provided in the first aspect is implemented.
The embodiment of the invention has the following advantages:
according to the method, the device, the terminal equipment and the storage medium for acquiring the data file, provided by the embodiment of the invention, the request for acquiring the on-demand file is sent to the storage server, wherein the request for acquiring the on-demand file comprises the on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
Drawings
FIG. 1 is a flowchart illustrating the steps of an embodiment of a method for obtaining a data file according to the present invention;
FIG. 2 is a flowchart illustrating steps of an embodiment of a method for saving a data file according to the present invention;
FIG. 3 is a flowchart illustrating the steps of another embodiment of a method for retrieving a data file;
FIG. 4 is a flowchart illustrating the steps of another embodiment of a method for retrieving a data file;
FIG. 5 is a block diagram of an embodiment of an apparatus for acquiring a data file according to the present invention;
fig. 6 is a schematic structural diagram of a terminal device of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.
The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like on a system platform on a network platform, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcast control, information distribution and the like, and realizes high-definition quality video broadcast through a television or a computer.
Based on the characteristics of the video network, one of the core concepts of the embodiment of the invention is provided, wherein the request for acquiring the on-demand file is sent to the storage server, and the request for acquiring the on-demand file comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
The nouns are explained as follows:
SM2 asymmetric encryption algorithm: namely an elliptic curve public key cryptographic algorithm; the SM2 algorithm is an ECC elliptic curve cryptography mechanism, but is different from international standards such as ECDSA, ECDH and the like in signature and key exchange, and adopts a more secure mechanism. In addition, the SM2 recommends a 256-bit curve as the standard curve. The SM2 standard includes four parts, a general rule, a digital signature algorithm, a key exchange protocol, and a public key encryption algorithm, and details and examples of implementation are described in the appendix of each part. The SM2 algorithm mainly considers elliptic curves on prime fields Fp and F2m, and introduces representation, operation, and point representation, operation, and multiple point calculation algorithms of the elliptic curves on the fields respectively. Then, data conversion in a programming language is introduced, including data conversion rules between integer and byte strings, byte strings and bit strings, field elements and integers, and dots and byte strings. The parameter generation and verification of the elliptic curve in the finite field are explained in detail, the parameter of the elliptic curve comprises the selection of the finite field, the parameter of an elliptic curve equation, the selection of a base point of an elliptic curve group and the like, and a selected standard is given for facilitating the verification. And finally, generating a key pair on the elliptic curve and verifying a public key, wherein the key pair of the user is (s, sP), s is a private key of the user, sP is a public key of the user, s is difficult to obtain from sP due to the discrete logarithm problem, and generating details and a verification mode of the key pair are provided aiming at a prime field and a binary expanded field. Digital signature algorithms (including digital signature generation algorithms and verification algorithms), key exchange protocols, and public key encryption algorithms (including encryption algorithms and decryption algorithms) are given on a general rule basis, and an algorithm description, an algorithm flow, and related examples are given in each section. The digital signature algorithm, the key exchange protocol, and the public key encryption algorithm all use the SM3 cryptographic hash algorithm and the random number generator approved by the national crypto authority. The digital signature algorithm, the key exchange protocol and the public key encryption algorithm select a finite field and an elliptic curve according to the general rule and generate a key pair.
SM3 algorithm: namely a cryptographic hash (hash ) algorithm, a computing method and computing steps of the hash function algorithm are given, and an operation example is given. The algorithm is suitable for digital signature and verification in commercial password application, generation and verification of message authentication codes and generation of random numbers, and can meet the safety requirements of various password applications. The algorithm generates a hash value with the length of 256 bits by filling and iterative compression on a 64 th power bit message with the input length less than 2, wherein the hash value uses exclusive or, module addition, shift and or, non-operation and is composed of filling, iterative process, message expansion and compression functions. See the SM3 standard for an example of specific algorithms and operations. In order to ensure the security of the hash algorithm, the length of the hash value generated by the hash algorithm should not be too short, for example, MD5 outputs a 128-bit hash value, the output length is too short, which affects the security of SHA-1 algorithm, the output length is 160 bits, and the output length of SM3 algorithm is 256 bits, so the security of SM3 algorithm is higher than that of MD5 algorithm and SHA-1 algorithm.
SM4 symmetric algorithm: is a grouping algorithm used for wireless local area network products. The packet length of the algorithm is 128 bits and the key length is 128 bits. Both the encryption algorithm and the key expansion algorithm adopt 32-round nonlinear iteration structures. The decryption algorithm has the same structure as the encryption algorithm, but the use sequence of the round keys is opposite, and the decryption round keys are the reverse sequence of the encryption round keys. The algorithm adopts a nonlinear iteration structure, each iteration is given by a round function, wherein the round function is formed by compounding a nonlinear transformation and a linear transformation, and the nonlinear transformation is given by an S box. Where rki is the round key, the composite permutation T constitutes a round function. The generation of round keys is similar to the above flow chart, and is generated by taking the encryption key as an input, and the linear transformation in the round function is different, and has some parameter differences. See the SM4 standard for a specific description and example of the SM4 algorithm.
An embodiment of the present invention provides a method for acquiring a data file, which is used for acquiring an encrypted on-demand file. The execution main body of the embodiment is an acquisition device of a data file, and is arranged on a terminal device, wherein the terminal device may be a video networking terminal or a monitoring access server, and the monitoring access server is connected with a monitoring device.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a method for acquiring a data file according to the present invention is shown, where the method specifically includes the following steps:
s101, sending an on-demand file acquisition request to a storage server, wherein the acquisition request comprises an on-demand file identifier;
specifically, the video network terminal or the monitoring access server is respectively connected with the storage server and simultaneously respectively connected with the core server, and the monitoring access server is connected with the monitoring equipment. In order to ensure the security of data transmission in a video conference or a monitoring scheduling service, encryption chips are installed on a video network terminal, a monitoring access server, a storage server and a core server, and the encryption chips are used for generating a secret key.
When the video data of a certain monitoring device or the video data of a video network terminal are required to be acquired during service, the terminal device sends an acquisition request of an on-demand file to a storage server, wherein the acquisition request comprises an on-demand file identifier.
S102, receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;
specifically, an encrypted on-demand file is stored in a storage server, the terminal device encrypts an original on-demand file in advance to obtain the encrypted on-demand file, then the encrypted on-demand file is sent to the storage server, the storage server stores an identifier of the on-demand file and the encrypted on-demand file corresponding to the identifier of the on-demand file in a database, and the storage server searches for the encrypted on-demand file corresponding to the identifier of the on-demand file in the database after receiving an acquisition request sent by the terminal device.
S103, receiving a target video networking number of a core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and a video networking number of the core server corresponding to the file identifier;
specifically, after receiving an encrypted on-demand file sent by a terminal device, a storage server generates a log file corresponding to the encrypted on-demand file according to the encrypted on-demand file, and stores a video networking number of a superior core server connected with the terminal device in the log file, that is, a position of a key required for decrypting the encrypted on-demand file;
and the storage server sends the target video network number of the core server corresponding to the on-demand file identifier to the terminal equipment, so that the terminal equipment can acquire the decryption key corresponding to the on-demand file identifier from the core server.
S104, acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol;
specifically, the terminal device sends a key acquisition request to a core server corresponding to the target video networking number, the key acquisition request includes the on-demand file identifier, and the core server sends a decryption key corresponding to the on-demand file identifier to the terminal device.
S105, decrypting the encrypted on-demand file by adopting the decryption key to obtain the on-demand file.
Specifically, after the terminal device obtains the decryption key and the encrypted on-demand file, the terminal device decrypts the encrypted on-demand file by using the decryption key to obtain the on-demand file.
The terminal equipment decrypts the encrypted on-demand file by using the public key, and then decrypts the encrypted on-demand file again by using the symmetric key to obtain the on-demand file.
The method for acquiring the data file, provided by the embodiment of the invention, transmits an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
The present invention further provides a supplementary description of the method for acquiring a data file provided in the above embodiment.
As shown in fig. 2, a flowchart illustrating steps of an embodiment of a data file saving method according to the present invention is shown, where the data file saving method includes:
s201, determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;
specifically, the video network terminal or the monitoring access server is respectively connected with the storage server and simultaneously respectively connected with the core server, and the monitoring access server is connected with the monitoring equipment. In order to ensure the security of data transmission in a video conference or a monitoring scheduling service, encryption chips are installed on a video network terminal, a monitoring access server, a storage server and a core server, and the encryption chips are used for generating a secret key.
An encryption chip installed on the terminal equipment generates a key pair comprising a private key and a public key by adopting an asymmetric encryption algorithm, namely an SM2 algorithm in advance, the public key is sent to a core server to be stored, and the private key is used for encrypting a file. The private key and the public key are generated in advance.
S202, sending a symmetric key request to the core server;
specifically, when performing a service, the terminal device sends a symmetric key request to the core server, and the encryption chip on the core server generates a symmetric key by using a symmetric encryption algorithm, i.e., SM4 algorithm.
In the service, there are several terminal devices, the core server will send the symmetric key to each terminal device, and the terminal device can encrypt with the symmetric key and can also decrypt with the symmetric key;
s203, receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.
S204, encrypting the original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm; and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.
Specifically, the terminal device encrypts the original on-demand file by using the symmetric key to obtain a first encrypted file, and then performs SM3 operation, that is, hash operation, on the original on-demand file and the symmetric key to obtain a first hash value, where the hash value is used to determine whether the content of the transmitted file is correct.
S205, encrypting the first encrypted file again by using a private key to obtain the encrypted on-demand file.
Specifically, in order to improve the data security, the terminal device may further encrypt the first encrypted file, for example, encrypt the first encrypted file with a private key, so as to obtain an encrypted on-demand file.
S206, sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.
Specifically, the log file includes an on-demand file identifier, an identifier of a terminal device corresponding to the on-demand file identifier, and a video networking number of a superior core server connected to the terminal device, where the video networking number is a location of a key required to decrypt and encrypt the on-demand file.
As shown in fig. 3, a flowchart illustrating steps of an embodiment of a data file obtaining method according to the present invention is shown, where the data file obtaining method includes:
s301, sending an on-demand file acquisition request to a storage server, wherein the acquisition request comprises an on-demand file identifier;
specifically, when a service is performed and video data of a certain monitoring device or video data of a video network terminal is to be acquired, the terminal device sends an acquisition request of an on-demand file to the storage server, where the acquisition request includes an on-demand file identifier.
S302, receiving an encrypted on-demand file which is returned by the storage server and corresponds to the on-demand file identifier, wherein the encrypted on-demand file is pre-stored on the storage server;
specifically, an encrypted on-demand file is stored in a storage server, the terminal device encrypts an original on-demand file in advance to obtain the encrypted on-demand file, then the encrypted on-demand file is sent to the storage server, the storage server stores an identifier of the on-demand file and the encrypted on-demand file corresponding to the identifier of the on-demand file in a database, and the storage server searches for the encrypted on-demand file corresponding to the identifier of the on-demand file in the database after receiving an acquisition request sent by the terminal device.
S303, receiving a target video networking number of the core server corresponding to the on-demand file identifier, which is returned by the storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises a file identifier and the video networking number of the core server corresponding to the file identifier;
specifically, after receiving an encrypted on-demand file sent by a terminal device, a storage server generates a log file corresponding to the encrypted on-demand file according to the encrypted on-demand file, and stores a video networking number of a superior core server connected with the terminal device in the log file, that is, a position of a key required for decrypting the encrypted on-demand file;
and the storage server sends the target video network number of the core server corresponding to the on-demand file identifier to the terminal equipment, so that the terminal equipment can acquire the decryption key corresponding to the on-demand file identifier from the core server.
S304, obtaining a public key and a symmetric key corresponding to the on-demand file identifier from the core server;
specifically, the terminal equipment acquires a public key and a symmetric key corresponding to the on-demand file identifier from a core server corresponding to the video networking number;
s305, decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;
s306, decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.
S307, carrying out hash operation on the on-demand file and the symmetric key to obtain a second hash value;
s308, comparing the first hash value with the second hash value;
s309, if the first hash value and the second hash value are the same, determining the on-demand file as the original on-demand file.
Specifically, in order to verify that the on-demand file decrypted by the terminal device is the original on-demand file and the content of the on-demand file is not tampered, the terminal device receives a first hash value sent by the storage server, wherein the first hash value is obtained by performing hash operation according to the original on-demand file and the symmetric key.
After the terminal equipment decrypts the on-demand file, performing SM3 operation again by using the on-demand file and the symmetric key to obtain a second hash value; and comparing the first hash value with the second hash value, if the first hash value and the second hash value are the same, indicating that the on-demand file obtained by decryption is the original on-demand file, and if the first hash value and the second hash value are different, indicating that the on-demand file obtained by decryption has been tampered.
Fig. 4 is a flowchart of steps of another embodiment of a method for acquiring a data file according to the present invention, as shown in fig. 4, in the embodiment of the present invention, the method includes a terminal device, a core server, and a storage server, where the terminal device includes a video network terminal and a monitoring access server, and the monitoring access server is further connected to a monitoring device; the method specifically comprises the following steps:
video networking terminal or monitoring access server: a random number generation function needs to be developed for generating a random SM3 key; the SM4 algorithm is implanted for encrypting and decrypting the video stream;
a core server: the development support stores the random key generated by the terminal; the secret key needs to be obtained by a terminal supported by a video networking protocol; the key adopts a hierarchical storage scheme, and the core server only stores the key of the video network terminal or the monitoring access server of the core server.
The video network core server cannot be directly read because the video network protocol is adopted, and the video network number cannot be addressed by the equipment outside the video network, so the key cannot be exposed.
A storage server: continuous storage of encrypted data packets is supported; generating a log file in a storage server, wherein the log file is used for recording a core server video network number corresponding to the encrypted video stream; when the terminal reads the video stream, the log file, namely the log file, needs to be read first, and the video stream file needs to be read after the key is obtained.
In the embodiment of the invention, the video network encryption video stream and the key are stored separately, each storage file corresponds to a random key, and the keys can be stored in different positions; the position of key storage can only be obtained by the video network terminal in the mode of video network number addressing, thus improving the security of data transmission in the process of data transmission.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
The method for acquiring the data file, provided by the embodiment of the invention, transmits an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
Another embodiment of the present invention provides an apparatus for acquiring a data file, which is used to execute the method for acquiring a data file provided in the foregoing embodiment.
Referring to fig. 5, a block diagram of an embodiment of an apparatus for acquiring a data file according to the present invention is shown, and the apparatus may specifically include the following modules: a request module 501, a first receiving module 502, an obtaining module 503, a second receiving module 504 and a decryption module 505, wherein:
the request module 501 is configured to send an on-demand file acquisition request to a storage server, where the acquisition request includes an on-demand file identifier;
the first receiving module 502 is configured to receive an encrypted on-demand file corresponding to the on-demand file identifier, where the encrypted on-demand file is stored in the storage server in advance;
the obtaining module 503 is configured to receive a target video networking number of the core server, which is returned by the storage server and corresponds to the on-demand file identifier, where the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file includes a file identifier and a video networking number of the core server corresponding to the file identifier;
the second receiving module 504 is configured to obtain, through an internet protocol, a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target internet protocol number;
the decryption module 505 is configured to decrypt the encrypted on-demand file using the decryption key to obtain the on-demand file.
The data file acquisition device provided by the embodiment of the invention sends an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
The present invention further provides a supplementary description of the apparatus for acquiring a data file provided in the above embodiment.
Optionally, the apparatus further comprises a first encryption module, the first encryption module is configured to:
encrypting an original on-demand file by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server by using a symmetric encryption algorithm;
and encrypting the first encrypted file again by adopting a private key to obtain the encrypted on-demand file.
Optionally, the first encryption module is further configured to:
and sending the encrypted on-demand file to the storage server so that the storage server stores the encrypted on-demand file, and generating a log file corresponding to an on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, wherein the log file comprises a video network number of a core server connected with the on-demand equipment.
Optionally, the apparatus further comprises a second encryption module, the second encryption module being configured to:
determining an asymmetric key corresponding to the on-demand file identifier according to an asymmetric encryption algorithm, wherein the asymmetric key comprises a private key and a public key, the private key is stored in a database of the on-demand equipment, and the public key is stored on the core server;
sending a symmetric key request to the core server;
and receiving a symmetric key returned by the core server, wherein the symmetric key is generated by the core server by adopting a symmetric encryption algorithm.
Optionally, the decryption module is configured to:
acquiring a public key and a symmetric key corresponding to the on-demand file identifier from the core server;
decrypting the encrypted on-demand file by using the public key to obtain a second encrypted file;
and decrypting the second encrypted file by adopting the symmetric key to obtain the on-demand file.
Optionally, the apparatus further comprises a third encryption module, the third encryption module is configured to:
and carrying out Hash operation on the original on-demand file and the symmetric key to obtain a first Hash value.
Optionally, the apparatus further comprises a verification module configured to:
carrying out Hash operation on the on-demand file and the symmetric key to obtain a second Hash value;
comparing the first hash value with the second hash value;
and if the first hash value is the same as the second hash value, determining the on-demand file as the original on-demand file. It should be noted that the respective implementable modes in the present embodiment may be implemented individually, or may be implemented in combination in any combination without conflict, and the present application is not limited thereto.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The data file acquisition device provided by the embodiment of the invention sends an acquisition request of the on-demand file to the storage server, wherein the acquisition request comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
Still another embodiment of the present invention provides a terminal device, configured to execute the method for acquiring a data file provided in the foregoing embodiment.
Fig. 6 is a schematic structural diagram of a terminal device of the present invention, and as shown in fig. 6, the terminal device includes: at least one processor 601 and memory 602;
the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for acquiring the data file provided by the above embodiment.
The terminal device provided in this embodiment sends an on-demand file acquisition request to the storage server, where the acquisition request includes an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
Yet another embodiment of the present application provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed, the method for acquiring a data file provided in any of the above embodiments is implemented.
According to the computer-readable storage medium of the embodiment, the request for acquiring the on-demand file is sent to the storage server, wherein the request for acquiring comprises an on-demand file identifier; receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server; receiving a target video networking number of a core server, corresponding to the on-demand file identifier, returned by a storage server, wherein the target video networking number is determined by the storage server according to the on-demand file identifier and a pre-stored log file, and the log file comprises the file identifier and the video networking number of the core server corresponding to the file identifier; acquiring a decryption key corresponding to the on-demand file identifier from a core server corresponding to the target video networking number through a video networking protocol; the encrypted on-demand file is decrypted by the decryption key to obtain the on-demand file, and the encrypted on-demand file and the decryption key are respectively stored in different devices, so that the encrypted on-demand file cannot be decrypted even if the encrypted on-demand file is obtained and the corresponding decryption key does not exist, and the original on-demand file is obtained, so that the safety of service data in the transmission process is improved.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, electronic devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing electronic device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing electronic device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing electronic devices to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing electronic device to cause a series of operational steps to be performed on the computer or other programmable electronic device to produce a computer implemented process such that the instructions which execute on the computer or other programmable electronic device provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or electronic device that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or electronic device. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or electronic device that comprises the element.
The above method and device for acquiring a data file provided by the present invention are described in detail, and a specific example is applied in the text to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1.一种数据文件的获取方法,其特征在于,所述方法包括:1. a method for obtaining a data file, wherein the method comprises: 向存储服务器发送点播文件的获取请求,其中,所述获取请求包括点播文件标识;sending an acquisition request of the on-demand file to the storage server, wherein the acquisition request includes an on-demand file identifier; 接收所述存储服务器返回的与所述点播文件标识对应的加密点播文件,其中,所述加密点播文件是预先存储在所述存储服务器上的;receiving an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server; 接收所述存储服务器返回的与所述点播文件标识对应的核心服务器的目标视联网号码,其中,所述目标视联网号码是所述存储服务器根据所述点播文件标识和预先存储的日志文件确定的,所述日志文件包括文件标识和与所述文件标识对应的核心服务器的视联网号码;Receive the target video network number of the core server corresponding to the on-demand file identifier returned by the storage server, wherein the target video network number is determined by the storage server according to the on-demand file identifier and a pre-stored log file , the log file includes a file identifier and a video network number of the core server corresponding to the file identifier; 通过视联网协议从与所述目标视联网号码对应的核心服务器上,获取与所述点播文件标识对应的解密密钥;Obtain the decryption key corresponding to the on-demand file identifier from the core server corresponding to the target video network number through the video network protocol; 采用所述解密密钥对所述加密点播文件进行解密,得到点播文件。The encrypted on-demand file is decrypted by using the decryption key to obtain the on-demand file. 2.根据权利要求1所述的方法,其特征在于,在所述向存储服务器发送点播文件的获取请求之前,所述方法还包括:2. The method according to claim 1, characterized in that, before said sending the request for obtaining the on-demand file to the storage server, the method further comprises: 采用对称密钥对原始点播文件进行加密,得到第一加密文件,其中,所述对称密钥是所述核心服务器采用对称加密算法生成的;The original VOD file is encrypted by using a symmetric key to obtain a first encrypted file, wherein the symmetric key is generated by the core server using a symmetric encryption algorithm; 采用私钥对第一加密文件再次进行加密,得到所述加密点播文件。The first encrypted file is encrypted again by using the private key to obtain the encrypted VOD file. 3.根据权利要求2所述的方法,其特征在于,所述方法还包括:3. The method according to claim 2, wherein the method further comprises: 将所述加密点播文件发送至所述存储服务器,以使所述存储服务器将所述加密点播文件进行存储,并根据所述加密点播文件生成与所述加密点播文件的点播文件标识对应日志文件,其中,所述日志文件中包括与所述点播设备相连的核心服务器的视联网号码。sending the encrypted on-demand file to the storage server, so that the storage server stores the encrypted on-demand file, and generates a log file corresponding to the on-demand file identifier of the encrypted on-demand file according to the encrypted on-demand file, Wherein, the log file includes the video network number of the core server connected to the on-demand device. 4.根据权利要求2所述的方法,其特征在于,在所述采用对称密钥对原始点播文件进行加密,得到第一加密文件之前,所述方法还包括:4. The method according to claim 2, characterized in that, before said adopting a symmetric key to encrypt the original VOD file to obtain the first encrypted file, the method further comprises: 根据非对称加密算法,确定与所述点播文件标识对应的非对称密钥,其中,所述非对称密钥包括私钥和公钥,所述私钥保存在所述点播设备的数据库中,所述公钥保存在所述核心服务器上;An asymmetric key corresponding to the on-demand file identifier is determined according to an asymmetric encryption algorithm, wherein the asymmetric key includes a private key and a public key, and the private key is stored in the database of the on-demand device. The public key is stored on the core server; 向所述核心服务器发送对称密钥请求;sending a symmetric key request to the core server; 接收所述核心服务器返回的对称密钥,其中,所述对称密钥是所述核心服务器采用对称加密算法生成的对称密钥。Receive a symmetric key returned by the core server, where the symmetric key is a symmetric key generated by the core server using a symmetric encryption algorithm. 5.根据权利要求4所述的方法,其特征在于,所述采用所述解密密钥对所述加密点播文件进行解密,得到点播文件,包括:5. The method according to claim 4, characterized in that, the encrypted on-demand file is decrypted using the decryption key to obtain the on-demand file, comprising: 从所述核心服务器上获取与所述点播文件标识对应的公钥和对称密钥;Obtain the public key and the symmetric key corresponding to the on-demand file identifier from the core server; 采用所述公钥对所述加密点播文件进行解密,得到第二加密文件;Using the public key to decrypt the encrypted VOD file to obtain a second encrypted file; 采用所述对称密钥对所述第二加密文件进行解密,得到所述点播文件。Decrypt the second encrypted file by using the symmetric key to obtain the on-demand file. 6.根据权利要求4所述的方法,其特征在于,所述方法还包括:6. The method according to claim 4, wherein the method further comprises: 对所述原始点播文件和所述对称密钥进行哈希运算,得到第一哈希值。Perform a hash operation on the original VOD file and the symmetric key to obtain a first hash value. 7.根据权利要求5所述的方法,其特征在于,在所述采用所述加密密钥对所述加密点播文件进行解密,得到原始点播文件之后,所述方法还包括:7. The method according to claim 5, characterized in that, after using the encryption key to decrypt the encrypted VOD file to obtain the original VOD file, the method further comprises: 对所述点播文件和所述对称密钥进行哈希运算,得到第二哈希值;performing a hash operation on the on-demand file and the symmetric key to obtain a second hash value; 对第一哈希值和第二哈希值进行比较;comparing the first hash value with the second hash value; 若所述第一哈希值和所述第二哈希值相同,则将所述点播文件确定为所述原始点播文件。If the first hash value and the second hash value are the same, the on-demand file is determined to be the original on-demand file. 8.一种数据文件的获取装置,其特征在于,所述装置包括:8. A device for acquiring a data file, wherein the device comprises: 请求模块,用于向存储服务器发送点播文件的获取请求,其中,所述获取请求包括点播文件标识;a request module, configured to send an acquisition request of the on-demand file to the storage server, wherein the acquisition request includes the on-demand file identifier; 第一接收模块,用于接收所述存储服务器返回的与所述点播文件标识对应的加密点播文件,其中,所述加密点播文件是预先存储在所述存储服务器上的;a first receiving module, configured to receive an encrypted on-demand file corresponding to the on-demand file identifier returned by the storage server, wherein the encrypted on-demand file is pre-stored on the storage server; 获取模块,用于接收所述存储服务器返回的与所述点播文件标识对应的核心服务器的目标视联网号码,其中,所述目标视联网号码是所述存储服务器根据所述点播文件标识和预先存储的日志文件确定的,所述日志文件包括文件标识和与所述文件标识对应的核心服务器的视联网号码;The acquiring module is configured to receive the target video network number of the core server corresponding to the on-demand file identifier returned by the storage server, wherein the target video network number is the data stored in advance by the storage server according to the on-demand file identifier and the The log file is determined, the log file includes a file identifier and the video network number of the core server corresponding to the file identifier; 第二接收模块,用于通过视联网协议从与所述目标视联网号码对应的核心服务器上,获取与所述点播文件标识对应的解密密钥;a second receiving module, configured to obtain a decryption key corresponding to the on-demand file identifier from the core server corresponding to the target video network number through a video network protocol; 解密模块,用于采用所述解密密钥对所述加密点播文件进行解密,得到点播文件。A decryption module, configured to decrypt the encrypted on-demand file by using the decryption key to obtain the on-demand file. 9.一种终端设备,其特征在于,包括:至少一个处理器和存储器;9. A terminal device, comprising: at least one processor and a memory; 所述存储器存储计算机程序;所述至少一个处理器执行所述存储器存储的计算机程序,以实现权利要求1-7中任一项所述的数据文件的获取方法。The memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the method for obtaining a data file according to any one of claims 1-7. 10.一种计算机可读存储介质,其特征在于,该计算机可读存储介质中存储有计算机程序,所述计算机程序被执行时实现权利要求1-7中任一项所述的数据文件的获取方法。10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, and when the computer program is executed, the acquisition of the data file according to any one of claims 1-7 is realized method.
CN202110144167.5A 2021-02-02 2021-02-02 A method, device, terminal device and storage medium for obtaining data files Active CN112954388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110144167.5A CN112954388B (en) 2021-02-02 2021-02-02 A method, device, terminal device and storage medium for obtaining data files

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110144167.5A CN112954388B (en) 2021-02-02 2021-02-02 A method, device, terminal device and storage medium for obtaining data files

Publications (2)

Publication Number Publication Date
CN112954388A true CN112954388A (en) 2021-06-11
CN112954388B CN112954388B (en) 2024-04-09

Family

ID=76241696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110144167.5A Active CN112954388B (en) 2021-02-02 2021-02-02 A method, device, terminal device and storage medium for obtaining data files

Country Status (1)

Country Link
CN (1) CN112954388B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113747243A (en) * 2021-08-04 2021-12-03 乐视新生代(北京)文化传媒有限公司 Video encryption method, video playing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462594A (en) * 2018-11-28 2019-03-12 视联动力信息技术股份有限公司 A kind of data processing method and system based on view networking
US20190253249A1 (en) * 2016-10-26 2019-08-15 Alibaba Group Holding Limited Data transmission method, apparatus and system
CN110493193A (en) * 2019-07-17 2019-11-22 视联动力信息技术股份有限公司 Data transmission method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190253249A1 (en) * 2016-10-26 2019-08-15 Alibaba Group Holding Limited Data transmission method, apparatus and system
CN109462594A (en) * 2018-11-28 2019-03-12 视联动力信息技术股份有限公司 A kind of data processing method and system based on view networking
CN110493193A (en) * 2019-07-17 2019-11-22 视联动力信息技术股份有限公司 Data transmission method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113747243A (en) * 2021-08-04 2021-12-03 乐视新生代(北京)文化传媒有限公司 Video encryption method, video playing method and device

Also Published As

Publication number Publication date
CN112954388B (en) 2024-04-09

Similar Documents

Publication Publication Date Title
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
CN109559122B (en) Block chain data transmission method and block chain data transmission system
US9800416B2 (en) Distributed validation of digitally signed electronic documents
JP4981072B2 (en) Method and system for decryptable and searchable encryption
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
CN107959566A (en) Quantal data key agreement system and quantal data cryptographic key negotiation method
US20180091301A1 (en) Method and system for switching public keys in ciphertexts
US20150043735A1 (en) Re-encrypted data verification program, re-encryption apparatus and re-encryption system
JP2025000864A (en) Computer-implemented system and method for sharing a common secret
JP4596256B2 (en) Transmission / reception system and method, transmission device and method, reception device and method, and program
JP6592851B2 (en) Anonymous broadcast method, key exchange method, anonymous broadcast system, key exchange system, communication device, program
Barreto et al. qSCMS: Post-quantum certificate provisioning process for V2X
CN111079178B (en) A method for desensitization and backtracking of trusted electronic medical records
JP2010124071A (en) Communication device, communication method, and program
KR101899130B1 (en) Methods for encrypting data, decrypting data and apparatus using the same
CN114244562B (en) Information transmission method, apparatus, computer device and storage medium
JP6368047B2 (en) Key exchange method, key exchange system, key distribution device, representative communication device, general communication device, and program
KR101533950B1 (en) Broadcast encryption method and system
CN112954388B (en) A method, device, terminal device and storage medium for obtaining data files
WO2018102382A1 (en) Method and system for switching public keys in ciphertexts
JP4843511B2 (en) Broadcast encryption method, information decryption method, apparatus thereof, program thereof, and recording medium thereof
JP5489115B2 (en) Originality assurance device, originality assurance program, and recording medium for recording the program
JP5367023B2 (en) Information encryption method, information encryption apparatus, program, and recording medium
RU2707398C1 (en) Method and system for secure storage of information in file storages of data
Chen et al. A hill cipher‐based remote data possession checking in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 33rd Floor, No.1 Huasheng Road, Yuzhong District, Chongqing 400013

Patentee after: VISIONVERA INFORMATION TECHNOLOGY Co.,Ltd.

Country or region after: China

Address before: 100000 Beijing Dongcheng District Qinglong Hutong 1 Song Hua Building A1103-1113

Patentee before: VISIONVERA INFORMATION TECHNOLOGY Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address