CN112104874A

Movatterモバイル変換

Info

Publication number: CN112104874A
Application number: CN202010873438.6A
Authority: CN
Inventors: 邵望权
Original assignee: Xian Wanxiang Electronics Technology Co Ltd
Current assignee: Xian Wanxiang Electronics Technology Co Ltd
Priority date: 2020-08-26
Filing date: 2020-08-26
Publication date: 2020-12-18
Anticipated expiration: 2040-08-26
Also published as: CN112104874B

Abstract

The disclosure provides a data transmission method and a data transmission system, relates to the technical field of electronic information, and can solve the problems of leakage and tampering of code stream data in the transmission process. The specific technical scheme is as follows: the method comprises the steps that after an original code stream is generated according to an original frame image, a sending device analyzes the original code stream, when the original frame image in the original code stream is an I frame, encryption processing is carried out on original header information, target abstract information is obtained according to the encrypted original header information, finally, a target code stream is generated according to the target abstract information, the encrypted original header information and the image information, and the target code stream is sent to a receiving device. The present disclosure is for data transmission.

Description

Translated fromChinese

数据传输方法及系统Data transmission method and system

技术领域technical field

本公开涉及电子信息技术领域，尤其涉及数据传输方法及系统。The present disclosure relates to the field of electronic information technology, and in particular, to a data transmission method and system.

背景技术Background technique

随着科技的进步,可以通过网络传来实现输视频数据的拉远，其原理是：将发送设备采集的图像数据编码后，传送到接收设备进行解码显示。在编解码过程中我们使用的是。现有技术中上述数据传输时是基于H264编码协议，此协议是一个开源的编解码协议；发送设备采集一帧数据后进行H264编码，发送到接收设备进行解码显示。在传输过程中如果数据的传输通道被他人非法截取，数据被恶意截获后会造成信息泄露，即使使用vgtp方式也存在这种问题。或者对截取的传输通道TCP/IP数据进行破解，然后将其他图像数据的H264码流，发送至接收设备，那么接收设备同样也会对其进行解码显示，因为都是H264编码格式的码流。接收设备不仅无法获取正确的图像，还会因为图像数据存在的恶意性，影响接收设备的安全性能。With the advancement of science and technology, the transmission of video data can be achieved through the network to achieve remote transmission. The principle is: after encoding the image data collected by the sending device, it is transmitted to the receiving device for decoding and display. In the encoding and decoding process we use is. In the prior art, the above data transmission is based on the H264 encoding protocol, which is an open source encoding and decoding protocol; the sending device collects a frame of data, performs H264 encoding, and sends it to the receiving device for decoding and display. During the transmission process, if the transmission channel of the data is illegally intercepted by others, the malicious interception of the data will cause information leakage, even if the vgtp method is used, there is such a problem. Or crack the intercepted transmission channel TCP/IP data, and then send the H264 code stream of other image data to the receiving device, then the receiving device will also decode and display it, because they are all code streams in H264 encoding format. The receiving device not only cannot obtain the correct image, but also affects the security performance of the receiving device due to the maliciousness of the image data.

发明内容SUMMARY OF THE INVENTION

本公开实施例提供一种数据传输方法及系统，能够解决数据传输过程中数据泄露、篡改的问题。所述技术方案如下：Embodiments of the present disclosure provide a data transmission method and system, which can solve the problems of data leakage and tampering during data transmission. The technical solution is as follows:

根据本公开实施例的第一方面，提供一种数据传输系统，该系统包括：发送设备和接收设备，该发送设备和该接收设备相连接，According to a first aspect of the embodiments of the present disclosure, a data transmission system is provided, the system includes: a sending device and a receiving device, the sending device and the receiving device are connected,

发送设备，用于获取原始码流，该原始码流为原始帧图像编码处理后生成的码流，该原始码流包括原始头部信息和图像信息；a sending device, used to obtain an original code stream, the original code stream is a code stream generated after the original frame image encoding process, and the original code stream includes original header information and image information;

当该原始码流包含I帧时，对该原始头部信息进行加密处理，并根据该已加密的原始头部信息，获取目标摘要信息；When the original code stream contains an I frame, the original header information is encrypted, and the target digest information is obtained according to the encrypted original header information;

根据该目标摘要信息、该已加密的原始头部信息和该图像信息，生成目标码流，并向接收设备发送；According to the target digest information, the encrypted original header information and the image information, generate a target code stream and send it to the receiving device;

该接收设备，用于接收该发送设备发送的目标码流，该目标码流为原始帧图像编码处理后生成的码流；The receiving device is configured to receive a target code stream sent by the sending device, where the target code stream is a code stream generated after the original frame image is encoded and processed;

当该原始帧图像为I帧时，获取该目标码流中已加密的原始头部信息和目标摘要信息、图像信息，并根据预设计算规则，获取该目标头部信息对应的预设摘要信息，该目标摘要信息是发送设备根据该已加密的原始头部信息生成的；When the original frame image is an I frame, obtain the encrypted original header information, target digest information, and image information in the target code stream, and obtain preset digest information corresponding to the target header information according to a preset calculation rule , the target digest information is generated by the sending device according to the encrypted original header information;

当该目标摘要信息和预设摘要信息一致时，根据该已加密的原始头部信息和该图像信息，获取原始帧图像。When the target abstract information is consistent with the preset abstract information, the original frame image is acquired according to the encrypted original header information and the image information.

在一个实施例中，该系统中的该发送设备包括第一加密模块，该接收设备包括第二加密模块：In one embodiment, the sending device in the system includes a first encryption module, and the receiving device includes a second encryption module:

该第一加密模块，用于获取第一加密密码和该接收设备发送的公钥，该第一加密密码至少根据以下信息进行设置：机器码、地址信息和时间信息；The first encryption module is used to obtain a first encryption password and a public key sent by the receiving device, where the first encryption password is set at least according to the following information: machine code, address information and time information;

根据该公钥，对该第一加密密码进行加密处理，生成第二加密密码，并将第二加密密码向接收设备发送；performing encryption processing on the first encrypted password according to the public key, generating a second encrypted password, and sending the second encrypted password to the receiving device;

该第二加密模块，用于获取公钥和私钥，并向发送设备发送该公钥；The second encryption module is used to obtain the public key and the private key, and send the public key to the sending device;

并且，当接收到该发送设备发送的该第二加密密码时，通过该私钥对该第二加密密码进行解密处理，获取该第一加密密码。And, when the second encrypted password sent by the sending device is received, the second encrypted password is decrypted by using the private key to obtain the first encrypted password.

在一个实施例中，该系统中的接收设备还包括计算模块、第一加密模块、重组模块和解密模块，该重组模块分别与该第一加密模块和该解密模块相连接，In one embodiment, the receiving device in the system further includes a computing module, a first encryption module, a reorganization module and a decryption module, and the reassembly module is respectively connected with the first encryption module and the decryption module,

该计算模块，用于根据该已加密的原始头部信息，获取预设摘要信息；The computing module is used to obtain preset digest information according to the encrypted original header information;

该第一加密模块，用于当该目标摘要信息和预设摘要信息一致时，根据该第一加密密码对该已加密的原始头部信息进行解密处理，获取该原始头部信息；The first encryption module is configured to decrypt the encrypted original header information according to the first encryption password when the target digest information is consistent with the preset digest information, and obtain the original header information;

该重组模块，用于获取原始头部信息和图像信息；The reorganization module is used to obtain the original header information and image information;

根据预设排列组合对该原始头部信息和图像信息进行排列，生成原始码流；Arrange the original header information and image information according to a preset arrangement and combination to generate an original code stream;

该解码模块，用于根据预设解码规则对该原始码流进行解码处理，获取原始帧图像。The decoding module is used for decoding the original code stream according to a preset decoding rule to obtain the original frame image.

在一个实施例中，该系统中的发送设备还包括第一加密模块、计算模块、重组模块和发送模块，该重组模块分别与该第一加密模块和该发送模块相连接，In one embodiment, the sending device in the system further includes a first encryption module, a calculation module, a reorganization module and a sending module, and the reorganization module is respectively connected with the first encryption module and the sending module,

该第一加密模块，用于获取第一加密算法和第一加密密码，该第一加密算法包括AES加密算法，该第一加密密码至少根据以下信息进行设置：机器码、MAC地址信息和时间信息；The first encryption module is used to obtain a first encryption algorithm and a first encryption password, the first encryption algorithm includes an AES encryption algorithm, and the first encryption password is set according to at least the following information: machine code, MAC address information and time information ;

根据该第一加密算法和该第一加密密码，对该原始头部信息进行加密处理，生成该已加密的原始头部信息；According to the first encryption algorithm and the first encryption password, encrypt the original header information to generate the encrypted original header information;

通过预设算法计算，获取该已加密的原始头部信息对应的长度；Obtain the length corresponding to the encrypted original header information by calculating by a preset algorithm;

该计算模块，用于根据该已加密的原始头部信息，获取目标摘要信息；The computing module is used to obtain target digest information according to the encrypted original header information;

该重组模块，用于获取该已加密的原始头部信息、该目标摘要信息、长度和该图像信息；The reassembly module is used to obtain the encrypted original header information, the target digest information, the length and the image information;

根据预设排列规则，对该已加密的原始头部信息、该目标摘要信息、长度和该图像信息进行组合处理，生成目标码流，其中该图像信息不进行加密处理；According to the preset arrangement rule, the encrypted original header information, the target digest information, the length and the image information are combined and processed to generate a target code stream, wherein the image information is not encrypted;

该发送模块，用于向接收设备发送该目标码流。The sending module is used for sending the target code stream to the receiving device.

根据本公开实施例的第二方面，提供一种数据传输方法，应用于发送设备，该方法包括：According to a second aspect of the embodiments of the present disclosure, there is provided a data transmission method, which is applied to a sending device, and the method includes:

获取原始码流，该原始码流为原始帧图像编码处理后生成的码流，该原始码流包括原始头部信息和图像信息；Obtain an original code stream, the original code stream is a code stream generated after the original frame image encoding process, and the original code stream includes original header information and image information;

当该原始帧图像为I帧时，对该原始头部信息进行加密处理，并根据该已加密的原始头部信息，获取目标摘要信息；When the original frame image is an I frame, the original header information is encrypted, and the target digest information is obtained according to the encrypted original header information;

根据该目标摘要信息、该已加密的原始头部信息和该图像信息，生成目标码流，并向接收设备发送。According to the target digest information, the encrypted original header information and the image information, a target code stream is generated and sent to the receiving device.

根据本公开实施例的第三方面，提供一种数据传输方法，应用于接收设备，该方法包括：According to a third aspect of the embodiments of the present disclosure, there is provided a data transmission method applied to a receiving device, the method comprising:

获取目标码流，该目标码流为原始帧图像编码处理后生成的码流；Obtain the target code stream, which is the code stream generated after the original frame image encoding process;

应当理解的是，以上的一般描述和后文的细节描述仅是示例性和解释性的，并不能限制本公开。It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分，示出了符合本公开的实施例，并与说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

图1是本公开实施例提供的一种数据传输方法的流程图；1 is a flowchart of a data transmission method provided by an embodiment of the present disclosure;

图2是本公开实施例提供的一种数据传输方法中的重组格式示意图；2 is a schematic diagram of a reorganization format in a data transmission method provided by an embodiment of the present disclosure;

图3是本公开实施例提供的一种数据传输方法的流程图2；3 is a flowchart 2 of a data transmission method provided by an embodiment of the present disclosure;

图4是本公开实施例提供的一种数据传输系统的结构图；4 is a structural diagram of a data transmission system provided by an embodiment of the present disclosure;

图4a是本公开实施例提供的一种数据传输系统中发送设备的结构图；4a is a structural diagram of a sending device in a data transmission system provided by an embodiment of the present disclosure;

图4b是本公开实施例提供的一种数据传输系统中接收设备的结构图；4b is a structural diagram of a receiving device in a data transmission system provided by an embodiment of the present disclosure;

图5是本公开实施例提供的一种数据传输系统的逻辑示意图。FIG. 5 is a schematic logical diagram of a data transmission system provided by an embodiment of the present disclosure.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明，其示例表示在附图中。下面的描述涉及附图时，除非另有表示，不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本公开相一致的所有实施方式。相反，它们仅是与如所附权利要求书中所详述的、本公开的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as recited in the appended claims.

本公开实施例提供一种数据传输方法，如图1所示，该数据传输方法，应用于发送设备，该发送设备可以是终端设备或网络服务器等，该方法包括以下步骤：An embodiment of the present disclosure provides a data transmission method. As shown in FIG. 1 , the data transmission method is applied to a sending device, and the sending device may be a terminal device or a network server. The method includes the following steps:

101、获取目标码流。101. Obtain a target code stream.

该原始码流为原始帧图像编码处理后生成的码流，该原始码流包括原始头部信息和图像信息。The original code stream is a code stream generated after the original frame image encoding process, and the original code stream includes original header information and image information.

102、当该原始码流包含I帧时，对该原始头部信息进行加密处理，并根据该已加密的原始头部信息，获取目标摘要信息。102. When the original code stream contains an I frame, perform encryption processing on the original header information, and obtain target digest information according to the encrypted original header information.

获取第一加密算法和第一加密密码，该第一加密算法包括AES(AdvancedEncryption Standard，高级加密标准)加密算法，该第一加密密码至少根据以下信息进行设置：机器码、MAC地址信息和当前时间信息；Obtain a first encryption algorithm and a first encryption password, where the first encryption algorithm includes an AES (Advanced Encryption Standard, Advanced Encryption Standard) encryption algorithm, and the first encryption password is set at least according to the following information: machine code, MAC address information, and current time information;

根据该第一加密算法和该第一加密密码，对该原始头部信息进行加密处理，生成该目标头部信息。According to the first encryption algorithm and the first encryption password, the original header information is encrypted to generate the target header information.

本公开所提供的方法中当该原始码流不包含I帧时，则直接生成目标编码数据。In the method provided by the present disclosure, when the original code stream does not contain an I frame, target encoded data is directly generated.

本公开所提供的方法中在具体实施时，对数据加密处理可以通过AES模块和SHA128模块进行，先通过AES模块对头部数据进行加密，然后在使用SHA128计算其摘要。因为AES加密算法的耗时时间随加密数据的增加而增加，SHA128(SHA1 Secure HashAlgorithm 1，中文名：安全散列算法)计算摘要主要是摘要只有128bit，加解密耗时小，并且固定。In the specific implementation of the method provided by the present disclosure, the data encryption process can be performed by the AES module and the SHA128 module, the header data is encrypted by the AES module first, and then the digest is calculated by using SHA128. Because the time-consuming time of AES encryption algorithm increases with the increase of encrypted data, SHA128 (SHA1 Secure HashAlgorithm 1, Chinese name: Secure Hash Algorithm) calculation digest is mainly that the digest has only 128 bits, and the encryption and decryption time is small and fixed.

本公开所提供的方法对加密后的头部信息计算其对应的摘要是为了在解密时便于接收设备判断加密的头部信息有没有被篡改，如果没有被篡改再进行解密。The method provided by the present disclosure calculates the corresponding digest of the encrypted header information in order to facilitate the receiving device to determine whether the encrypted header information has been tampered with during decryption, and decrypt it if it has not been tampered with.

103、根据该目标摘要信息、该已加密的原始头部信息和该图像信息，生成目标码流。103. Generate a target code stream according to the target digest information, the encrypted original header information, and the image information.

本公开所提供的方法生成目标码流，包括：The method provided by the present disclosure generates a target code stream, including:

根据预设排列规则，对该已加密的原始头部信息和该摘要信息、长度和该图像信息进行组合处理，生成目标码流，其中该目标图像信息不进行加密处理。According to a preset arrangement rule, the encrypted original header information, the digest information, the length and the image information are combined to generate a target code stream, wherein the target image information is not encrypted.

如图2所示，对原始码流数据进行重组的格式包括：已加密的原始头部信息和目标摘要信息、长度和图像信息。As shown in Fig. 2, the format for recombining the original code stream data includes: encrypted original header information and target digest information, length and image information.

现有技术中，通过对码流数据的加密处理来提高传输过程的安全性，但是由于码流数据过大，如果对码流数据整体进行加密将会消耗大量的时间，从而导致加大传输延时不利于显示的实时性。因此，本公开所提供的加密方法中利用码流解码时必须获取参考帧的特点，只对参考帧进行处理，具体是：加密处理参考帧的头部信息，而对实际的编码数据不做处理。这样加密的数据量将会减少很多，降低加密处理时间，同时也保证了发送设备端编码加密后的数据即使被截获也无法解码显示，同时保证接收设备端解码显示的数据必须的发送设备端发送的数据。In the prior art, the security of the transmission process is improved by encrypting the code stream data, but since the code stream data is too large, if the code stream data is encrypted as a whole, it will consume a lot of time, thereby increasing the transmission delay. It is not conducive to the real-time performance of the display. Therefore, in the encryption method provided by the present disclosure, the feature of the reference frame must be obtained when the code stream is decoded, and only the reference frame is processed. Specifically, the header information of the reference frame is encrypted and processed, and the actual encoded data is not processed. . In this way, the amount of encrypted data will be greatly reduced, and the encryption processing time will be reduced. At the same time, it also ensures that the data encoded and encrypted by the sending device cannot be decoded and displayed even if it is intercepted. At the same time, it is guaranteed that the data decoded and displayed by the receiving device must be sent by the sending device. The data.

本公开实施例提供的数据传输方法，应用于发送设备，发送设备获取根据原始帧图像生成原始码流数据后，分析该原始码流数据，当该原始码流中的原始帧图像是I帧时，则对该原始头部信息进行加密处理，并根据该已加密的原始头部信息，获取目标摘要信息，根据该目标摘要信息、该已加密的原始头部信息和该图像信息，生成目标码流并向接收设备发送该目标码流。The data transmission method provided by the embodiment of the present disclosure is applied to a sending device. After acquiring the original code stream data generated according to the original frame image, the sending device analyzes the original code stream data. When the original frame image in the original code stream is an I frame , the original header information is encrypted, and the target digest information is obtained according to the encrypted original header information, and the target code is generated according to the target digest information, the encrypted original header information and the image information. stream and send the target stream to the receiving device.

本公开实施例提供的数据传输方法，通过对原始头部信息的加密处理，确保接收设备进行解码显示的数据只能是发送设备发送的数据码流，从而保障数据码流的安全传输；同时，也能够保证码流数据的唯一性，使得接收设备对其他的H264码流均不进行解码显示，避免传输通道被截取后，其他H264格式的图像数据码流被解码显示。进一步的即使码流数据在传输过程被恶意截获后，其他设备也无法对加密的头部信息进行编码还原，保证信息不被泄露。The data transmission method provided by the embodiment of the present disclosure ensures that the data decoded and displayed by the receiving device can only be the data stream sent by the sending device by encrypting the original header information, thereby ensuring the safe transmission of the data stream; at the same time, It can also ensure the uniqueness of the code stream data, so that the receiving device does not decode and display other H264 code streams, so as to prevent other H264 format image data streams from being decoded and displayed after the transmission channel is intercepted. Further, even after the code stream data is maliciously intercepted during the transmission process, other devices cannot encode and restore the encrypted header information to ensure that the information is not leaked.

实施二Implementation two

基于上述图1对应的实施例提供的数据传输方法，本公开另一实施例提供一种数据传输方法，该方法可以应用于解码设备，例如，接收设备也可以是终端设备或网络服务器等。参照图3所示，本实施例提供的数据传输方法包括以下步骤：Based on the data transmission method provided by the embodiment corresponding to FIG. 1 , another embodiment of the present disclosure provides a data transmission method, which can be applied to a decoding device, for example, a receiving device can also be a terminal device or a network server. Referring to FIG. 3 , the data transmission method provided by this embodiment includes the following steps:

301、获取目标码流。301. Obtain a target code stream.

该目标码流为原始帧图像编码处理后生成的码流。The target code stream is the code stream generated after the original frame image encoding process.

本公开所提供的方法在获取原始码流之后，会根据预设规则判断原始帧图像是否为I帧；After obtaining the original code stream, the method provided by the present disclosure will determine whether the original frame image is an I frame according to a preset rule;

如果原始码流中的原始帧图像不是I帧，则直接调用解码模块对该目标码流进行解码处理，并对解码后的图像显示。If the original frame image in the original code stream is not an I frame, directly call the decoding module to decode the target code stream, and display the decoded image.

302、当该原始帧图像为I帧时，获取该目标码流中已加密的原始头部信息和目标摘要信息、图像信息，并根据预设计算规则，获取该目标头部信息对应的预设摘要信息。302. When the original frame image is an I frame, obtain the encrypted original header information, target digest information, and image information in the target code stream, and obtain a preset corresponding to the target header information according to a preset calculation rule. Summary information.

本公开所提供的方法中目标摘要信息是发送设备根据该已加密的原始头部信息生成的；In the method provided by the present disclosure, the target digest information is generated by the sending device according to the encrypted original header information;

当该原始码流包括I帧时，获取该原始码流中的目标摘要信息和该已加密的原始头部信息。When the original code stream includes an I frame, obtain the target digest information and the encrypted original header information in the original code stream.

本公开所提供的方法可以根据加密后重组的I帧头部格式，分析该原始码流，截取原始码流中的目标摘要信息和该已加密的原始头部信息。The method provided by the present disclosure can analyze the original code stream according to the encrypted and reassembled I-frame header format, and intercept the target digest information and the encrypted original header information in the original code stream.

根据预设计算规则，获取该原始头部信息对应的预设摘要信息。According to the preset calculation rule, the preset summary information corresponding to the original header information is obtained.

本公开所提供的方法可以通过SHA128模块获取原始头部信息对应的预设摘要信息；该SHA128模块是基于SHA1(SHA1 Secure Hash Algorithm 1，中文名：安全散列算法)加密算法生成的。The method provided by the present disclosure can obtain the preset digest information corresponding to the original header information through the SHA128 module; the SHA128 module is generated based on the SHA1 (SHA1 Secure Hash Algorithm 1, Chinese name: Secure Hash Algorithm) encryption algorithm.

通过先处理该预设摘要信息再进行解密处理，能够避免因为解密目标码流造成的数据计算资源浪费，因为AES加密算法的耗时时间随加密数据的增加而增加，而计算摘要信息因为其数据量只有128bit，加解密耗时小，并且固定。By first processing the preset digest information and then performing the decryption processing, it is possible to avoid the waste of data computing resources caused by decrypting the target code stream, because the time-consuming time of the AES encryption algorithm increases with the increase of encrypted data, and the calculation of digest information is due to its data. The amount is only 128bit, and the encryption and decryption time is small and fixed.

303、当该目标摘要信息和预设摘要信息一致时，根据该已加密的原始头部信息和该图像信息，获取原始帧图像。303. When the target digest information is consistent with the preset digest information, obtain an original frame image according to the encrypted original header information and the image information.

本公开所提供的方法中获取原始帧图像会先对该已加密的原始头部信息解密，再根据该原始头部信息和图像信息，生成原始帧图像，具体包括：In the method provided by the present disclosure to obtain the original frame image, the encrypted original header information is decrypted first, and then the original frame image is generated according to the original header information and image information, which specifically includes:

获取该发送设备发送的已加密的第一加密密码；Obtain the encrypted first encrypted password sent by the sending device;

通过第二加密算法，解密处理该第一加密密码，该第二加密算法包括AES加密算法；Decrypt the first encrypted password through a second encryption algorithm, and the second encryption algorithm includes an AES encryption algorithm;

根据该第一加密密码，对该已加密的原始头部信息进行解密处理，获取该原始头部信息；According to the first encrypted password, decrypt the encrypted original header information to obtain the original header information;

根据预设解码规则对该原始码流进行解码处理，获取原始帧图像。The original code stream is decoded according to the preset decoding rule to obtain the original frame image.

本公开所提供的方法还包括：当该目标摘要信息和预设摘要信息不一致时，则确定该目标头部信息不符合预设要求；The method provided by the present disclosure further includes: when the target abstract information is inconsistent with the preset abstract information, determining that the target header information does not meet the preset requirements;

当该目标头部信息不符合预设要求，生成提示信息，向该发送设备发送，该提醒信息用于提醒该目标码流不符合预设要求。When the target header information does not meet the preset requirements, prompt information is generated and sent to the sending device, where the prompt information is used to remind that the target code stream does not meet the preset requirements.

本公开所提供的方法通过判断目标摘要信息和预设摘要信息是否一致，能够判断加密的头部信息在传输过程中有没有被篡改，只有在确定了该头部信息没有被篡改，才会进行后续的解密处理、解码处理，从而不仅仅能够实现数据传输的安全性，而且提高了数据处理的效率，避免了解密后再进行判断数据是否被篡改造成的系统性能浪费。The method provided by the present disclosure can determine whether the encrypted header information has been tampered with during the transmission process by judging whether the target abstract information is consistent with the preset abstract information, and only when it is determined that the header information has not been tampered, will the header information be tampered with. The subsequent decryption processing and decoding processing can not only realize the security of data transmission, but also improve the efficiency of data processing, and avoid the waste of system performance caused by judging whether the data has been tampered after decryption.

本公开实施例提供的数据传输方法，应用于接收设备，当接收设备获取目标码流时，先判断该目标码流中的图像帧是否为I帧，若为I帧则进一步获取该目标码流中的已加密的原始头部信息和目标摘要信息，根据预设计算规则，计算该已加密的原始头部信息对应的预设摘要信息，当目标摘要信息和预设摘要信息一致时，则确定该目标码流在数据传输的过程中没有遭遇攻击篡改，可以根据该目标码流进行解码处理获取原始图像帧。本公开所提供的方法应用在接收设备上，可以检测数据传输后的安全性，也可以提高数据解码的效率。The data transmission method provided by the embodiment of the present disclosure is applied to a receiving device. When the receiving device obtains a target code stream, it first determines whether the image frame in the target code stream is an I frame, and if it is an I frame, the target code stream is further obtained. The encrypted original header information and the target digest information in , calculate the preset digest information corresponding to the encrypted original header information according to the preset calculation rule, when the target digest information and the preset digest information are consistent, determine the The target code stream is not attacked and tampered in the process of data transmission, and the original image frame can be obtained by decoding processing according to the target code stream. The method provided by the present disclosure is applied to a receiving device, can detect the security of data after transmission, and can also improve the efficiency of data decoding.

实施三Implementation three

基于上述图1和图3对应的实施例中所描述的数据传输方法，下述为本公开系统实施例，可以用于执行本公开方法实施例。Based on the data transmission methods described in the embodiments corresponding to FIG. 1 and FIG. 3 , the following system embodiments of the present disclosure can be used to execute the method embodiments of the present disclosure.

本公开实施例提供一种数据传输系统，如图4所示，该数据传输系统40包括：An embodiment of the present disclosure provides a data transmission system. As shown in FIG. 4 , thedata transmission system 40 includes:

发送设备401和接收设备402，该发送设备401和该接收设备402相连接，A sendingdevice 401 and areceiving device 402, the sendingdevice 401 and the receivingdevice 402 are connected,

发送设备401，用于获取原始码流，该原始码流为原始帧图像编码处理后生成的码流，该原始码流包括原始头部信息和图像信息；The sendingdevice 401 is used to obtain an original code stream, the original code stream is a code stream generated after the original frame image encoding process, and the original code stream includes original header information and image information;

根据该目标摘要信息、该已加密的原始头部信息和该图像信息，生成目标码流，并向接收设备402发送；According to the target digest information, the encrypted original header information and the image information, a target code stream is generated and sent to the receivingdevice 402;

该接收设备402，接收该发送设备发送的目标码流，该目标码流为原始帧图像编码处理后生成的码流；The receivingdevice 402 receives a target code stream sent by the sending device, where the target code stream is a code stream generated after the original frame image encoding process;

在可选实施例中，本公开所提供系统40中发送设备401包括第一加密模块4011，该接收设备402包括第二加密模块：In an optional embodiment, the sendingdevice 401 in thesystem 40 provided by the present disclosure includes afirst encryption module 4011, and the receivingdevice 402 includes a second encryption module:

该第一加密模块，用于获取第一加密密码和该接收设备402发送的公钥，该第一加密密码至少根据以下信息进行设置：机器码、地址信息和时间信息；The first encryption module is used to obtain a first encryption password and a public key sent by the receivingdevice 402, and the first encryption password is set at least according to the following information: machine code, address information and time information;

根据该公钥，对该第一加密密码进行加密处理，生成第二加密密码，并将第二加密密码向接收设备402发送；According to the public key, encryption processing is performed on the first encrypted password to generate a second encrypted password, and the second encrypted password is sent to the receivingdevice 402;

如图5所示，进一步的阐述上述第一加密模块和第二加密模块的数据处理流程：As shown in Figure 5, the data processing flow of the above-mentioned first encryption module and the second encryption module is further elaborated:

当数据传输系统启动后，接收设备402与发送设备401建立完成网络连接；发送设备生成加密数据所需要的密码，该密码为第一加密密码，具体的第一加密密码可以是动态密码PW，通过机器码、MAC地址和当前时间构成，从而增加破解难度；After the data transmission system is started, the receivingdevice 402 establishes a complete network connection with the sendingdevice 401; the sending device generates a password required for encrypting data, which is the first encrypted password. Machine code, MAC address and current time, thus increasing the difficulty of cracking;

接收设备402通过第二加密模块生成一组加密密钥：公钥和私钥，具体的第二加密模块可以是RSA加密模块；接收设备402将公钥发送到发送设备，RSA是非对称加密，在接收设备402生成私钥和公钥后，只要对接收设备402的私钥进行妥善保存即可，而发送给发送设备的公钥即使丢失对整个流程的安全性也不受影响。The receivingdevice 402 generates a set of encryption keys through the second encryption module: a public key and a private key, and the specific second encryption module can be an RSA encryption module; the receivingdevice 402 sends the public key to the sending device, and RSA is asymmetric encryption. After thereceiving device 402 generates the private key and the public key, it only needs to store the private key of the receivingdevice 402 properly, and even if the public key sent to the sending device is lost, the security of the entire process will not be affected.

发送设备401接收到接收设备402发送的公钥后，通过第一加密模块对生成的密码PW进行加密，生成加密后的密码EPW即第二加密密码，具体的第一加密模块可以是AES加密模块，并第二加密密码发送到接收设备402；After receiving the public key sent by the receivingdevice 402, the sendingdevice 401 encrypts the generated password PW through the first encryption module, and generates an encrypted password EPW, that is, the second encryption password. The specific first encryption module may be an AES encryption module. , and send the second encrypted password to the receivingdevice 402;

接收设备402接收发送设备401发送的第二加密密码，通过RSA加密模块和私钥对第二加密密码进行解密，还原加密的第一加密密码，并将第一加密密码保存用于码流信息的解密。The receivingdevice 402 receives the second encrypted password sent by the sendingdevice 401, decrypts the second encrypted password through the RSA encryption module and the private key, restores the encrypted first encrypted password, and saves the first encrypted password for use in the code stream information. decrypt.

如图4a所示，在可选实施例中，本公开所提供系统40中该发送设备401还包括第一加密模块4011、计算模块4012、重组模块4013和发送模块4014，该重组模块4013分别与该第一加密模块4011和该发送模块4014相连接，As shown in FIG. 4a, in an optional embodiment, the sendingdevice 401 in thesystem 40 provided by the present disclosure further includes afirst encryption module 4011, acalculation module 4012, areorganization module 4013 and asending module 4014, and thereassembly module 4013 is respectively connected with Thefirst encryption module 4011 is connected to thesending module 4014,

该第一加密模块4011，用于获取第一加密算法和第一加密密码，该第一加密算法包括AES加密算法，该第一加密密码至少根据以下信息进行设置：机器码、MAC地址信息和时间信息；Thefirst encryption module 4011 is used to obtain a first encryption algorithm and a first encryption password, the first encryption algorithm includes an AES encryption algorithm, and the first encryption password is set according to at least the following information: machine code, MAC address information and time information;

并通过预设算法计算，获取该已加密的原始头部信息对应的长度；And calculate through a preset algorithm to obtain the length corresponding to the encrypted original header information;

该计算模块4012，用于根据该已加密的原始头部信息，获取目标摘要信息，具体的计算模块可以是SHA128模块获取原始头部信息对应的预设摘要信息；该SHA128模块是基于SHA1(SHA1 Secure Hash Algorithm 1，中文名：安全散列算法)加密算法生成的；Thecalculation module 4012 is used to obtain the target digest information according to the encrypted original header information, and the specific calculation module may be a SHA128 module to obtain preset digest information corresponding to the original header information; the SHA128 module is based on SHA1 (SHA1 Secure Hash Algorithm 1, Chinese name: Secure Hash Algorithm) encryption algorithm;

该重组模块4013，用于获取该已加密的原始头部信息、该目标摘要信息、长度和该图像信息；Thereorganization module 4013 is used to obtain the encrypted original header information, the target digest information, the length and the image information;

该发送模块4014，用于向接收设备402发送该目标码流。The sendingmodule 4014 is configured to send the target code stream to the receivingdevice 402 .

如图4b所示，在可选实施例中，本公开所提供系统40中的接收设备402还包括计算模块4022、第一加密模块4023、重组模块4024和解密模块4025，该重组模块4024分别与该第一加密模块4023和该解密模块4025相连接，As shown in FIG. 4b, in an optional embodiment, the receivingdevice 402 in thesystem 40 provided by the present disclosure further includes acalculation module 4022, afirst encryption module 4023, areassembly module 4024, and adecryption module 4025, and thereassembly module 4024 is respectively associated with Thefirst encryption module 4023 is connected to thedecryption module 4025,

该计算模块4022，用于根据该已加密的原始头部信息，获取预设摘要信息，具体的计算模块可以是SHA128模块获取原始头部信息对应的预设摘要信息；该SHA128模块是基于SHA1(SHA1 Secure Hash Algorithm 1，中文名：安全散列算法)加密算法生成的；Thecalculation module 4022 is used to obtain preset digest information according to the encrypted original header information, and a specific calculation module may be a SHA128 module to obtain preset digest information corresponding to the original header information; the SHA128 module is based on SHA1 ( SHA1 Secure Hash Algorithm 1, Chinese name: Secure Hash Algorithm) encryption algorithm;

该第一加密模块4023，用于当该目标摘要信息和预设摘要信息一致时，根据该第一加密密码对该已加密的原始头部信息进行解密处理，获取该原始头部信息；Thefirst encryption module 4023 is configured to decrypt the encrypted original header information according to the first encryption password when the target digest information is consistent with the preset digest information, and obtain the original header information;

该重组模块4024，用于获取原始头部信息和图像信息；Thereorganization module 4024 is used to obtain original header information and image information;

该解码模块4025，用于根据预设解码规则对该原始码流进行解码处理，获取原始帧图像。Thedecoding module 4025 is configured to perform decoding processing on the original code stream according to a preset decoding rule to obtain an original frame image.

本公开实施例提供的数据传输系统，该系统包括发送设备和接收设备；发送设备获取根据原始帧图像生成原始码流数据后，分析该原始码流数据，当该原始码流中的原始帧图像是I帧时，则对该原始头部信息进行加密处理，并根据该已加密的原始头部信息，获取目标摘要信息，根据该目标摘要信息、该已加密的原始头部信息和该图像信息，生成目标码流并向接收设备发送该目标码流；当接收设备获取目标码流时，先判断该目标码流中的图像帧是否为I帧，若为I帧则进一步获取该目标码流中的已加密的原始头部信息和目标摘要信息，根据预设计算规则，计算该已加密的原始头部信息对应的预设摘要信息，当目标摘要信息和预设摘要信息一致时，则确定该目标码流在数据传输的过程中没有遭遇攻击篡改，可以根据该目标码流进行解码处理获取原始图像帧。In the data transmission system provided by the embodiments of the present disclosure, the system includes a sending device and a receiving device; after acquiring the original code stream data generated according to the original frame image, the sending device analyzes the original code stream data, when the original frame image in the original code stream is When it is an I frame, the original header information is encrypted, and the target digest information is obtained according to the encrypted original header information. According to the target digest information, the encrypted original header information and the image information , generate the target code stream and send the target code stream to the receiving device; when the receiving device obtains the target code stream, first determine whether the image frame in the target code stream is an I frame, and if it is an I frame, then further obtain the target code stream The encrypted original header information and the target digest information in , calculate the preset digest information corresponding to the encrypted original header information according to the preset calculation rule, when the target digest information and the preset digest information are consistent, determine the The target code stream is not attacked and tampered in the process of data transmission, and the original image frame can be obtained by decoding processing according to the target code stream.

本公开所提供的系统，能够提高码流传输中的数据的可靠性，防止传输过程或者设备在遭受恶意攻击后，造成的数据传输的安全，同时也保证传输的数据是唯一的，即接收设备解码显示的数据是发送设备编码后的目标码流数据，而不是被中间篡改后的数据。The system provided by the present disclosure can improve the reliability of data in code stream transmission, prevent the security of data transmission caused by malicious attacks in the transmission process or equipment, and also ensure that the transmitted data is unique, that is, the receiving device The data displayed by decoding is the target stream data encoded by the sending device, not the data tampered with in the middle.

基于上述图1和图3对应的实施例中所描述的数据传输方法，本公开实施例还提供一种计算机可读存储介质，例如，非临时性计算机可读存储介质可以是只读存储器(英文：Read Only Memory，ROM)、随机存取存储器(英文：Random Access Memory，RAM)、CD-ROM、磁带、软盘和光数据存储装置等。该存储介质上存储有计算机指令，用于执行上述图1和图3对应的实施例中所描述的数据传输方法，此处不再赘述。Based on the data transmission methods described in the above embodiments corresponding to FIG. 1 and FIG. 3 , an embodiment of the present disclosure further provides a computer-readable storage medium, for example, a non-transitory computer-readable storage medium may be a read-only memory (English) : Read Only Memory, ROM), random access memory (English: Random Access Memory, RAM), CD-ROM, magnetic tape, floppy disk and optical data storage devices, etc. The storage medium stores computer instructions for executing the data transmission method described in the embodiments corresponding to FIG. 1 and FIG. 3 , and details are not repeated here.

本领域技术人员在考虑说明书及实践这里公开的公开后，将容易想到本公开的其它实施方案。本申请旨在涵盖本公开的任何变型、用途或者适应性变化，这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的，本公开的真正范围和精神由下面的权利要求指出。Other embodiments of the present disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the present disclosure that follow the general principles of the present disclosure and include common knowledge or techniques in the technical field not disclosed by the present disclosure . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the disclosure being indicated by the following claims.