Disclosure of Invention
The embodiment of the disclosure provides a data transmission method and a data transmission system, which can solve the problems of data leakage and data falsification in the data transmission process. The technical scheme is as follows:
According to a first aspect of embodiments of the present disclosure, there is provided a data transmission system, the system comprising: a transmitting device and a receiving device, the transmitting device and the receiving device being connected,
The transmitting device is used for acquiring an original code stream, wherein the original code stream is generated after the original frame image is encoded, and comprises original header information and image information;
when the original code stream contains I frames, encrypting the original header information, and acquiring target abstract information according to the encrypted original header information;
generating a target code stream according to the target abstract information, the encrypted original header information and the image information, and sending the target code stream to receiving equipment;
The receiving device is used for receiving a target code stream sent by the sending device, wherein the target code stream is a code stream generated after the original frame image is coded;
when the original frame image is an I frame, acquiring encrypted original header information, target abstract information and image information in the target code stream, and acquiring preset abstract information corresponding to the target header information according to preset calculation rules, wherein the target abstract information is generated by transmitting equipment according to the encrypted original header information;
and when the target abstract information is consistent with the preset abstract information, acquiring an original frame image according to the encrypted original head information and the image information.
In one embodiment, the transmitting device in the system includes a first encryption module and the receiving device includes a second encryption module:
the first encryption module is configured to obtain a first encryption password and a public key sent by the receiving device, where the first encryption password is set at least according to the following information: machine code, address information, and time information;
According to the public key, carrying out encryption processing on the first encryption password, generating a second encryption password, and sending the second encryption password to receiving equipment;
The second encryption module is used for acquiring the public key and the private key and sending the public key to the sending equipment;
and when the second encryption password sent by the sending equipment is received, the second encryption password is decrypted through the private key, and the first encryption password is obtained.
In one embodiment, the receiving device in the system further comprises a computing module, a first encrypting module, a reorganizing module and a decrypting module, the reorganizing module is respectively connected with the first encrypting module and the decrypting module,
The computing module is used for acquiring preset abstract information according to the encrypted original head information;
the first encryption module is used for decrypting the encrypted original header information according to the first encryption password when the target abstract information is consistent with the preset abstract information, and obtaining the original header information;
the reorganization module is used for acquiring original header information and image information;
Arranging the original header information and the image information according to a preset arrangement combination to generate an original code stream;
The decoding module is used for decoding the original code stream according to a preset decoding rule to obtain an original frame image.
In one embodiment, the transmitting device in the system further comprises a first encryption module, a calculation module, a reorganization module and a transmitting module, the reorganization module is respectively connected with the first encryption module and the transmitting module,
The first encryption module is configured to obtain a first encryption algorithm and a first encryption password, where the first encryption algorithm includes an AES encryption algorithm, and the first encryption password is set at least according to the following information: machine code, MAC address information, and time information;
encrypting the original header information according to the first encryption algorithm and the first encryption password to generate the encrypted original header information;
acquiring the length corresponding to the encrypted original header information through calculation of a preset algorithm;
the computing module is used for acquiring target abstract information according to the encrypted original head information;
the reorganization module is used for acquiring the encrypted original header information, the target abstract information, the length and the image information;
According to a preset arrangement rule, combining the encrypted original header information, the target abstract information, the length and the image information to generate a target code stream, wherein the image information is not encrypted;
the sending module is used for sending the target code stream to receiving equipment.
According to a second aspect of the embodiments of the present disclosure, there is provided a data transmission method applied to a transmitting device, the method including:
acquiring an original code stream, wherein the original code stream is a code stream generated after original frame image coding processing, and the original code stream comprises original header information and image information;
when the original frame image is an I frame, encrypting the original header information, and acquiring target abstract information according to the encrypted original header information;
And generating a target code stream according to the target abstract information, the encrypted original header information and the image information, and sending the target code stream to receiving equipment.
According to a third aspect of embodiments of the present disclosure, there is provided a data transmission method applied to a receiving apparatus, the method including:
obtaining a target code stream, wherein the target code stream is a code stream generated after the original frame image is coded;
when the original frame image is an I frame, acquiring encrypted original header information, target abstract information and image information in the target code stream, and acquiring preset abstract information corresponding to the target header information according to preset calculation rules, wherein the target abstract information is generated by transmitting equipment according to the encrypted original header information;
and when the target abstract information is consistent with the preset abstract information, acquiring an original frame image according to the encrypted original head information and the image information.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
The embodiment of the disclosure provides a data transmission method, as shown in fig. 1, applied to a transmitting device, where the transmitting device may be a terminal device or a network server, and the method includes the following steps:
101. And obtaining a target code stream.
The original code stream is a code stream generated after the original frame image is encoded, and the original code stream comprises original header information and image information.
102. When the original code stream contains I frames, the original header information is encrypted, and target abstract information is obtained according to the encrypted original header information.
A first encryption algorithm including an AES (Advanced Encryption Standard ) encryption algorithm and a first encryption key are acquired, the first encryption key being set according to at least: machine code, MAC address information, and current time information;
and carrying out encryption processing on the original header information according to the first encryption algorithm and the first encryption password to generate the target header information.
In the method provided by the disclosure, when the original code stream does not contain an I frame, target encoded data is directly generated.
In the method provided by the disclosure, when the method is implemented, the data encryption processing can be performed through an AES module and an SHA128 module, the head data is encrypted through the AES module, and then the digest is calculated by using the SHA 128. Because the time consuming of the AES encryption algorithm increases with the increase of the encrypted data, the SHA128 (SHA 1 Secure Hash Algorithm 1, chinese name: secure hash algorithm) computes the digest mainly to be only 128 bits, and the encryption and decryption time consuming is small and fixed.
The method provided by the disclosure calculates the corresponding abstract of the encrypted header information, so that the receiving device can conveniently judge whether the encrypted header information is tampered or not during decryption, and if not, the decryption is performed.
103. And generating a target code stream according to the target abstract information, the encrypted original header information and the image information.
The method provided by the present disclosure generates a target code stream, including:
acquiring the length corresponding to the encrypted original header information through calculation of a preset algorithm;
And carrying out combination processing on the encrypted original header information, the abstract information, the length and the image information according to a preset arrangement rule to generate a target code stream, wherein the target image information is not subjected to encryption processing.
As shown in fig. 2, the format of reorganizing the original code stream data includes: the encrypted original header information and target digest information, length, and image information.
In the prior art, the security of the transmission process is improved through encryption processing of the code stream data, but because the code stream data is overlarge, a great amount of time is consumed if the code stream data is encrypted in the whole, so that the transmission delay is increased, and the display instantaneity is not facilitated. Therefore, in the encryption method provided by the present disclosure, by utilizing the characteristic that the reference frame must be acquired when the code stream is decoded, only the reference frame is processed, specifically: the header information of the reference frame is encrypted, and the actual encoded data is not processed. The encrypted data volume is greatly reduced, the encryption processing time is reduced, the encrypted data encoded by the transmitting equipment end can not be decoded and displayed even if the encrypted data is intercepted, and the data transmitted by the transmitting equipment end which is necessary for decoding the displayed data by the receiving equipment end is ensured.
The data transmission method provided by the embodiment of the disclosure is applied to a transmitting device, after the transmitting device obtains original code stream data generated according to an original frame image, the original code stream data is analyzed, when the original frame image in the original code stream is an I frame, encryption processing is performed on the original header information, target abstract information is obtained according to the encrypted original header information, and a target code stream is generated and transmitted to a receiving device according to the target abstract information, the encrypted original header information and the image information.
According to the data transmission method provided by the embodiment of the disclosure, through encryption processing of the original header information, the data which is decoded and displayed by the receiving equipment can only be the data code stream sent by the sending equipment, so that safe transmission of the data code stream is ensured; meanwhile, the uniqueness of code stream data can be ensured, so that the receiving equipment does not decode and display other H264 code streams, and the situation that after a transmission channel is intercepted, other H264-format image data code streams are decoded and displayed is avoided. Even if the code stream data is intercepted maliciously in the transmission process, other devices cannot encode and restore the encrypted header information, so that the information is ensured not to be leaked.
Implement two
Based on the data transmission method provided in the foregoing embodiment corresponding to fig. 1, another embodiment of the present disclosure provides a data transmission method, where the method may be applied to a decoding device, for example, a receiving device may also be a terminal device or a network server. Referring to fig. 3, the data transmission method provided in this embodiment includes the following steps:
301. And obtaining a target code stream.
The target code stream is a code stream generated after the original frame image is coded.
After the original code stream is acquired, judging whether the original frame image is an I frame or not according to a preset rule;
If the original frame image in the original code stream is not the I frame, directly calling a decoding module to decode the target code stream and displaying the decoded image.
302. When the original frame image is an I frame, the encrypted original header information, the target abstract information and the image information in the target code stream are obtained, and the preset abstract information corresponding to the target header information is obtained according to a preset calculation rule.
In the method provided by the disclosure, target abstract information is generated by a transmitting device according to the encrypted original head information;
when the original code stream includes an I frame, target digest information and the encrypted original header information in the original code stream are acquired.
The method provided by the disclosure can analyze the original code stream according to the I frame header format of the encrypted recombination, and intercept the target abstract information and the encrypted original header information in the original code stream.
And acquiring preset abstract information corresponding to the original head information according to a preset calculation rule.
The method provided by the disclosure can obtain preset abstract information corresponding to original head information through the SHA128 module; the SHA128 module is generated based on an encryption algorithm of SHA1 (SHA 1 Secure Hash Algorithm 1, chinese name: secure Hash algorithm).
By processing the preset summary information and then performing decryption processing, the waste of data calculation resources caused by decrypting the target code stream can be avoided, because the time consuming time of the AES encryption algorithm is increased along with the increase of encrypted data, and the time consuming for encrypting and decrypting the summary information is small and fixed because the data quantity of the summary information is only 128 bits.
303. And when the target abstract information is consistent with the preset abstract information, acquiring an original frame image according to the encrypted original head information and the image information.
The method provided by the present disclosure may decrypt the encrypted original header information first to obtain an original frame image, and then generate the original frame image according to the original header information and the image information, which specifically includes:
Acquiring an encrypted first encryption password sent by the sending equipment;
decrypting the first encrypted password by a second encryption algorithm, the second encryption algorithm comprising an AES encryption algorithm;
decrypting the encrypted original header information according to the first encryption password to obtain the original header information;
Arranging the original header information and the image information according to a preset arrangement combination to generate an original code stream;
and decoding the original code stream according to a preset decoding rule to obtain an original frame image.
The method provided by the present disclosure further comprises: when the target abstract information is inconsistent with the preset abstract information, determining that the target head information does not meet the preset requirement;
When the target header information does not meet the preset requirement, generating prompt information, and sending the prompt information to the sending equipment, wherein the prompt information is used for prompting that the target code stream does not meet the preset requirement.
The method provided by the disclosure can judge whether the encrypted header information is tampered in the transmission process by judging whether the target abstract information is consistent with the preset abstract information, and only if the header information is determined not to be tampered, the subsequent decryption processing and decoding processing can be performed, so that the safety of data transmission can be realized, the efficiency of data processing is improved, and the system performance waste caused by judging whether the data is tampered after decryption is avoided.
The data transmission method provided by the embodiment of the disclosure is applied to receiving equipment, when the receiving equipment acquires a target code stream, whether an image frame in the target code stream is an I frame is judged, if the image frame is the I frame, encrypted original header information and target abstract information in the target code stream are further acquired, preset abstract information corresponding to the encrypted original header information is calculated according to a preset calculation rule, when the target abstract information is consistent with the preset abstract information, it is determined that the target code stream is not subjected to attack tampering in the data transmission process, and decoding processing can be performed according to the target code stream to acquire the original image frame. The method provided by the disclosure is applied to receiving equipment, can detect the safety of the data after transmission, and can also improve the efficiency of data decoding.
Implementation three
Based on the data transmission methods described in the foregoing corresponding embodiments of fig. 1 and 3, the following are system embodiments of the present disclosure, which may be used to execute the method embodiments of the present disclosure.
The disclosed embodiment provides a data transmission system, as shown in fig. 4, the data transmission system 40 includes:
A transmitting device 401 and a receiving device 402, the transmitting device 401 and the receiving device 402 being connected,
A transmitting device 401, configured to obtain an original code stream, where the original code stream is a code stream generated after an original frame image encoding process, and the original code stream includes original header information and image information;
when the original code stream contains I frames, encrypting the original header information, and acquiring target abstract information according to the encrypted original header information;
Generating a target code stream from the target digest information, the encrypted original header information, and the image information, and transmitting the target code stream to the receiving device 402;
The receiving device 402 receives a target code stream sent by the sending device, where the target code stream is a code stream generated after the original frame image is encoded;
when the original frame image is an I frame, acquiring encrypted original header information, target abstract information and image information in the target code stream, and acquiring preset abstract information corresponding to the target header information according to preset calculation rules, wherein the target abstract information is generated by transmitting equipment according to the encrypted original header information;
and when the target abstract information is consistent with the preset abstract information, acquiring an original frame image according to the encrypted original head information and the image information.
In an alternative embodiment, the transmitting device 401 in the system 40 provided by the present disclosure includes a first encryption module 4011, and the receiving device 402 includes a second encryption module:
The first encryption module is configured to obtain a first encryption password and a public key sent by the receiving device 402, where the first encryption password is set at least according to the following information: machine code, address information, and time information;
Encrypting the first encryption password according to the public key, generating a second encryption password, and transmitting the second encryption password to the receiving device 402;
The second encryption module is used for acquiring the public key and the private key and sending the public key to the sending equipment;
and when the second encryption password sent by the sending equipment is received, the second encryption password is decrypted through the private key, and the first encryption password is obtained.
As shown in fig. 5, the data processing flow of the first encryption module and the second encryption module is further described:
After the data transmission system is started, the receiving device 402 and the transmitting device 401 establish a network connection; the method comprises the steps that a sending device generates a password required by encrypted data, wherein the password is a first encrypted password, the specific first encrypted password can be a dynamic password PW, and the password is formed by a machine code, an MAC address and the current time, so that the cracking difficulty is increased;
The receiving device 402 generates a set of encryption keys through the second encryption module: the public key and the private key, and the specific second encryption module can be an RSA encryption module; the receiving device 402 sends the public key to the sending device, RSA is asymmetrically encrypted, and after the receiving device 402 generates the private key and the public key, the private key of the receiving device 402 is saved properly, and the public key sent to the sending device is not affected even if the security of the whole process is lost.
After receiving the public key sent by the receiving device 402, the sending device 401 encrypts the generated password PW by using a first encryption module, to generate an encrypted password EPW, that is, a second encrypted password, where the specific first encryption module may be an AES encryption module, and the second encrypted password is sent to the receiving device 402;
The receiving device 402 receives the second encryption password sent by the sending device 401, decrypts the second encryption password through the RSA encryption module and the private key, restores the encrypted first encryption password, and saves the first encryption password for decryption of the code stream information.
As shown in fig. 4a, in an alternative embodiment, the transmission device 401 in the system 40 provided by the present disclosure further includes a first encryption module 4011, a calculation module 4012, a reorganization module 4013, and a transmission module 4014, where the reorganization module 4013 is connected to the first encryption module 4011 and the transmission module 4014,
The first encryption module 4011 is configured to obtain a first encryption algorithm and a first encryption password, where the first encryption algorithm includes an AES encryption algorithm, and the first encryption password is set according to at least the following information: machine code, MAC address information, and time information;
encrypting the original header information according to the first encryption algorithm and the first encryption password to generate the encrypted original header information;
Calculating through a preset algorithm to obtain the length corresponding to the encrypted original header information;
The computing module 4012 is configured to obtain target summary information according to the encrypted original header information, where a specific computing module may be a SHA128 module obtaining preset summary information corresponding to the original header information; the SHA128 module is generated based on an encryption algorithm of SHA1 (SHA 1 Secure Hash Algorithm 1, chinese name: secure hash algorithm);
The reorganization module 4013 is configured to obtain the encrypted original header information, the target digest information, the length, and the image information;
According to a preset arrangement rule, combining the encrypted original header information, the target abstract information, the length and the image information to generate a target code stream, wherein the image information is not encrypted;
the sending module 4014 is configured to send the target code stream to the receiving device 402.
As shown in fig. 4b, in an alternative embodiment, the receiving device 402 in the system 40 provided by the present disclosure further includes a computing module 4022, a first encrypting module 4023, a reorganizing module 4024, and a decrypting module 4025, the reorganizing module 4024 is connected to the first encrypting module 4023 and the decrypting module 4025 respectively,
The computing module 4022 is configured to obtain preset summary information according to the encrypted original header information, where a specific computing module may be the SHA128 module obtaining preset summary information corresponding to the original header information; the SHA128 module is generated based on an encryption algorithm of SHA1 (SHA 1 Secure Hash Algorithm 1, chinese name: secure hash algorithm);
The first encryption module 4023 is configured to decrypt the encrypted original header information according to the first encryption password when the target digest information is consistent with the preset digest information, to obtain the original header information;
The reorganization module 4024 is configured to obtain original header information and image information;
Arranging the original header information and the image information according to a preset arrangement combination to generate an original code stream;
The decoding module 4025 is configured to perform decoding processing on the original code stream according to a preset decoding rule, so as to obtain an original frame image.
The data transmission system provided by the embodiment of the disclosure comprises a sending device and a receiving device; after the transmitting device obtains the original code stream data generated according to the original frame image, the original code stream data is analyzed, when the original frame image in the original code stream is an I frame, the original header information is encrypted, target abstract information is obtained according to the encrypted original header information, a target code stream is generated according to the target abstract information, the encrypted original header information and the image information, and the target code stream is transmitted to the receiving device; when the receiving equipment acquires the target code stream, judging whether an image frame in the target code stream is an I frame or not, if so, further acquiring encrypted original header information and target abstract information in the target code stream, calculating preset abstract information corresponding to the encrypted original header information according to a preset calculation rule, and when the target abstract information is consistent with the preset abstract information, determining that the target code stream is not attacked and tampered in the data transmission process, and decoding according to the target code stream to acquire the original image frame.
The system provided by the disclosure can improve the reliability of data in code stream transmission, prevent the security of data transmission caused by malicious attack of a transmission process or equipment, and simultaneously ensure that the transmitted data is unique, namely the data decoded and displayed by a receiving device is the target code stream data encoded by a transmitting device, but not the data tampered in the middle.
Based on the data transmission method described in the above embodiments corresponding to fig. 1 and 3, the embodiments of the present disclosure further provide a computer readable storage medium, for example, a non-transitory computer readable storage medium may be a Read Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores computer instructions for executing the data transmission method described in the embodiments corresponding to fig. 1 and fig. 3, which are not described herein.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.