CN109309846A - A kind of Video security play system and method based on dependable environment - Google Patents
A kind of Video security play system and method based on dependable environment Download PDFInfo
- Publication number
- CN109309846A CN109309846A CN201710617297.XA CN201710617297A CN109309846A CN 109309846 A CN109309846 A CN 109309846A CN 201710617297 A CN201710617297 A CN 201710617297A CN 109309846 A CN109309846 A CN 109309846A
- Authority
- CN
- China
- Prior art keywords
- module
- secure memory
- data
- video
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012545 processing Methods 0.000 claims description 29
- 238000012805 post-processing Methods 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 9
- 239000000284 extract Substances 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 230000003139 buffering effect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
A kind of Video security play system and method based on dependable environment, comprising the following steps: obtain decruption key, decryption and the secure storage key data of encrypted video;Initial media loads packet secure memory, carries out cutting to it, and save address handle;Medium load packet is obtained, video current load is extracted and saves the frame data of encryption;The frame data of encryption is decrypted, and decrypted result is saved in secure memory module;Initialization display secure memory, carries out cutting to it, and save address handle;The header information of frame is extracted, and is parsed;It accesses to secure memory module and decoding operate, acquisition video data pushes and refresh display data.System and method of the invention, it is combined based on digital media rights encryption and dependable environment safe practice, secure memory is configured, adjustment terminal media handles engine, realizes the safety and confidentiality of the entire link data played from media content transmission to terminal device.
Description
Technical field
The present invention relates to Video security technical fields more particularly to a kind of Video security under dependable environment to play system
System and method.
Background technique
With the development of the expansion type of the resources of movie & TV, more and more films enter the visual field of people.Traditional movie theatre
Formula video playing form can no longer meet Present S & T Development and the demand that diversification is shown, therefore more and more videos
Content resource is placed on network, carries out charge broadcasting online by mobile terminal.But how video content to be protected not to be stolen
It takes, the safety of mobile device itself is particularly important.Therefore, there is a kind of isolated execution technology using hardware supported, it can
Trusted environment (Trusted Execution Environment;It TEE), is global platform International Standards Organization (Global
Platform) a kind of technological frame of tissue definition, to support the software and hardware of untrusted environment and trusted context to be isolated.Fig. 1
For the design framework schematic diagram of existing dependable environment, as shown in Figure 1, the design framework of existing dependable environment, including it is common
Environment 110 and dependable environment 120 the two independent environment.Wherein, conventional environment 110 has client application (Client
Application;CA) 111, TEE client end AP I (Application Programming Interface, application program volume
Journey interface) 112 and TEE driving 113;Dependable environment 120 has trusted application (Trusted Application;TA)
121, trusted application manager 122, TEE inside API123 and safety driving 124.Client application under conventional environment 110
111 initiate to request as client, and the trusted application 121 under security context 120 receives as respective end and responds request, thus
Tissue forms a set of interactive process.
Fig. 2 is the schematic diagram that existing Video security plays general frame, as shown in Fig. 2, media content passes through media solution
Module 201, media decryption module 202, media decoder module 203, media post-processing module 204 and media display module 205 are analysed,
Realize the broadcasting of video content.The encipherment protection mode of above-mentioned Digital Media, using current encipherment protection side of Digital Media
Formula digital copyright management (Digital Rights Management;DRM), the matchmaker after only defining about compressed encoding
Body protected mode, but for the implementation of terminal data decryption process, the requirement of definition is not done.Based on general terminal matchmaker
The safety of the data after decryption compression coding and decoded data can not be completely secured in body treatment process.Therefore, it is necessary to
Certain protection is done on terminal device to the safety of data, so that data will not be intercepted and captured in processing stage by attack.
Summary of the invention
In order to solve the shortcomings of the prior art, the purpose of the present invention is to provide a kind of views based on dependable environment
Frequency safety broadcasting system and method, by independently of intelligent mobile terminal operating system, isolation, expansible performing environment,
And adjusted by the safety to terminal plays engine, safety of the video content in playing process can be effectively protected.
To achieve the above object, the Video security play system provided by the invention based on dependable environment, including, client
Application end, trusted application end, dependable environment processing module, secure memory module and security drive module, wherein
The client application end, for the encrypted video of user's access, to certificate server application decruption key;
The trusted application end, the instruction of dependable environment processing module carries out secure decryption to encryption data, safety solves
Code and safe post-processing operation;
The secure memory module, is used for the secure storage of data;
The security drive module carries out initial configuration to hardware decoder under dependable environment.
Further, the secure memory module establishes ES type according to the dependable environment processing module application
Memory, and cutting is carried out, it is cached to the initial address of the memory of ES type after cutting as the secure memory handle of ES type
In the data buffer storage pond of ES type.
Further, the secure memory module establishes YUV type according to the dependable environment processing module application
Memory, and carry out cutting, and using the initial address of the memory of YUV type after cutting as the secure memory handle of YUV type
It is cached in the data buffer storage pond of YUV type.
Further, the trusted application end further comprises secure decryption module, safe decoder module, and safety
Post-processing module, wherein
The frame data of encryption form is decrypted in the secure decryption module, and by the frame data after decryption
It is deposited into secure memory module;
The safe decoder module, extracts the header information of frame from the frame data after decryption, and is parsed;
The safe post-processing module, under dependable environment, registration security memory and display driving are in the same behaviour
Make in domain.
Further, the secure decryption module carries out virtual map to the secure memory handle of ES type, obtains
Readable write address under dependable environment, saves the frame data of decryption.
Further, the safe decoder module maps the secure memory handle of YUV type, obtains
The header information of the frame of parsing is sent to the security drive module by readable write address under dependable environment.
To achieve the above object, the Video security playback method provided by the invention based on dependable environment, including it is following
Step:
Obtain decruption key, decryption and the secure storage key data of encrypted video;
Initial media loads packet secure memory, carries out cutting to it, and save address handle;
Medium load packet is obtained, video current load is extracted and saves the frame data of encryption;
The frame data of encryption is decrypted, and decrypted result is saved in secure memory module;
Initialization display secure memory, carries out cutting to it, and save address handle;
The header information of frame is extracted, and is parsed;
It accesses to secure memory module and decoding operate, acquisition video data pushes and refresh display data.
Further, the initial media loads packet secure memory, carries out cutting to it, and save the step of address handle
Suddenly, further comprise:
Memory from dependable environment processing module to secure memory module application ES type and to being deposited into the ES type
Row cutting;
Using the initial address of the memory of the ES type of cutting as the secure memory handle of ES type, it is buffered to ES type
In Data buffer.
Further, the step of decruption key for obtaining encrypted video is that client application end is accessed for user
Encrypted video, to certificate server application decruption key.
Further, the initial media loads packet secure memory, carries out cutting to it, and save the step of address handle
Suddenly, further comprise:
Secure memory module establishes the memory of ES type according to dependable environment processing module application, and carries out cutting,
The data buffering of ES type is buffered to using the initial address of the memory of the ES type of cutting as the secure memory handle of ES type
In pond.
Further, the frame data of described pair of encryption is decrypted, and decrypted result is saved in secure memory module
The step of, further comprise:
The frame data of encryption form is decrypted in secure decryption module;
Virtual map is carried out to the secure memory handle of ES type, the readable write address under dependable environment is obtained, will solve
Close frame data is saved in secure memory mould.
Further, the initialization shows secure memory, carries out cutting to it, and the step of saving address handle, into
One step includes:
Secure memory module establishes the memory of YUV type according to dependable environment processing module application, and carries out cutting,
The data that the initial address of the memory of the YUV type of cutting is buffered to YUV type as the secure memory handle of YUV type are delayed
It rushes in pond.
Further, the header information for extracting frame, and the step of being parsed further comprise:
Safe decoder module extracts the header information of frame from the frame data after decryption;
The secure memory handle of YUV type is mapped, the readable write address under dependable environment is obtained, by parsing
The header information of frame is sent to security drive module.
Further, described to access to secure memory module and decoding operate, it obtains video data and pushes and brush
The step of new display data, further comprise:
Security drive module carries out initial configuration to hardware decoder;
Secure memory module and display driving are registered in the same operation domain by safe post-processing module;
Video data is pushed to hardware display unit and refreshes display data.
The Video security playback method that the present invention mentions is based on digital media rights encryption and the safe skill of dependable environment
Art combines, and configures for from the secure memory of master chip, and adjustment terminal media handles engine, finally realizes out of media
Hold transmission, the entire link played to terminal device, initial data, the safety of decoding data and intermediate treatment link data
And confidentiality.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, and with it is of the invention
Embodiment together, is used to explain the present invention, and is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the design framework schematic diagram of existing dependable environment;
Fig. 2 is the schematic diagram that existing Video security plays general frame;
Fig. 3 is the Video security play system block schematic illustration according to the present invention based on dependable environment;
Fig. 4 is the Video security playback method flow chart according to the present invention based on dependable environment.
Specific embodiment
Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings, it should be understood that preferred reality described herein
Apply example only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
Fig. 3 is the Video security play system block schematic illustration according to the present invention based on dependable environment, such as Fig. 3 institute
Show, the Video security play system of the invention based on dependable environment, including, media parsing module 201, media decryption module
202, media decoder module 203, media post-processing module 204, media display module 205, trusted application end 31, dependable environment
Processing module 32, secure memory module 33, security drive module 34 and client application end 35, wherein
Trusted application end 31 is instructed according to dependable environment processing module 32, carries out secure decryption, the peace of encryption data
Full decoder and safe post-processing operation.
Dependable environment processing module 32 receives client application end 35 and requests, and under dependable environment, controls credible answer
Secure decryption, decoding and the post-processing operation of encryption data are carried out with end 31.
Secure memory module 33 is used for the secure storage of data, comprising: after encrypting the frame data of form, decryption
The secure memory handle of frame data, the secure memory handle of ES type and YUV type.
Security drive module 34 carries out initial configuration to hardware decoder, decodes hardware under dependable environment
Device directly can access and operate to secure memory module, video data is obtained after decoding after initial configuration.
Client application end 35, for the encrypted video of user's access, to certificate server application decruption key;To credible
Ambient process module 32 is appointed to send request, the safety that video is carried out under dependable environment plays.
Trusted application end 31 of the invention further comprises secure decryption module 306, safe decoder module 307 and safety
Post-processing module 308.
Secure decryption module 306 is decrypted the frame data of encryption form, and the frame data after decryption is deposited
Enter to secure memory module 33.
Safe decoder module 307 extracts frame from the frame data after the decryption that secure memory module 33 saves
Header information maps the read-write virtual address of secure memory handle acquiring of YUV type, parses to the header information of frame.
Safe post-processing module 308, under dependable environment, using by ARM TrustZone technology, registration security
Memory and display driving meet the read-write operation permission that hardware is shown in the same operation domain.
Fig. 4 is the Video security playback method flow chart according to the present invention based on dependable environment, below with reference to figure
4, the Video security playback method of the invention based on dependable environment is described in detail:
Firstly, obtaining the decruption key of encryption from certificate server in step 401, it is decrypted and secure storage is close
Key data, in the step, client application end 35 is directed to the encrypted video of user's access, simultaneously to certificate server request decruption key
It is stored in the form of safety by dependable environment processing module 32.In this step,
Firstly, client application end 35 extracts certificate request information from enciphered video data, and requested to certificate server
Decruption key, certificate server receive request after to client application end 35 transmit decruption key, wherein the decruption key be with
What encrypted form was transmitted in plain text;
Secondly, client application end 35 is carried out after the decruption key for obtaining encryption by dependable environment processing module 32
Decryption oprerations obtain key data, and by dependable environment processing module 32, key data is saved in replay protection storage
Block (Replay Protect Memory Block;RPMB memory space).
In step 402,32 initial media of dependable environment processing module loads packet secure memory, carries out cutting to it,
And save the address handle after cutting.Slit mode can require to be configured according to the load buffer of itself.In this step,
Firstly, dependable environment processing module 32 applies for ES (elasticsearch) type to secure memory unit 33
Memory, wherein the memory of the ES type is the monolith memory disposably applied;
Secondly, the monolith memory to ES type carries out preparatory cutting, wherein the memory after every piece of cutting can be according to video
Resolution ratio, the suitable cutting size of the Attributions selections such as code rate, under normal conditions buffering can reserve eight frame data;
Again, by the memory of the ES type after cutting using the physical address of respective starting as the secure memory of ES type
Handle is buffered in the Data buffer of ES type.
In step 403, medium load packet is obtained from media server, and media groups packet, media parsing are carried out to it, is extracted
Video current load packet and encrypting storing frame data out.In the step,
Firstly, carrying out media groups packet, media parsing operation to medium load packet;
Secondly, extracting video current load packet, and frame data is cached in the form of encrypting, to guarantee the safety of data itself
Property.
In step 404, the secure decryption module 306 at trusted application end 31 is according to the address handle after cutting to frame data
It is decrypted, decrypted result is stored in secure memory unit 33.After media decryption module 202 extracts frame data, single frames
The secure memory handle of data and ES type is transferred to secure decryption module 306, and according to dependable environment processing module 32
Instruction, operation is decrypted, and the data after decryption are saved in secure memory unit 33.In this step,
Firstly, the frame data of encryption form caching is transferred to secure decryption module 306 by shared drive mode;
Secondly, while the frame data for encrypting form caching is transferred to secure decryption module 306, the peace of ES type
Full memory handle is also directed to secure decryption module 306, and carries out virtual map to secure memory handle, obtains in trusted
The address that can be read and write under environment;
Again, the frame data of 306 pairs of secure decryption module encryption form cachings carries out general decryption oprerations, solves according to adding
Ciphertext data type is adapted to different decryption interfaces.By the readable write address of virtual map, the frame data after decryption is directly protected
It is stored to the memory of ES type.
In step 405, the initialization display secure memory of dependable environment processing module 32 carries out cutting to it.Cutting side
Formula can require to be configured according to the decoding buffer of itself.In this step,
Firstly, the memory of YUV type is applied in 32 active of dependable environment processing module to secure memory unit 33, wherein
The memory of the YUV type is the monolith memory disposably applied;
Secondly, the YUV type memory of 32 pairs of dependable environment processing module applications carries out cutting, wherein the YUV class of application
Type memory can confirm cutting quantity according to the encoding and decoding attribute of current video;
Again, after the memory cutting of YUV type is completed, using respective start physical address as the peace of YUV type
Full memory handle, is buffered in the Data buffer of YUV type.
In addition, cutting quantity is the memory of 16 pieces of YUV types in the present embodiment.
In step 406, dependable environment processing module 32 is extracted from the frame data of the secure memory saved after decryption
The header information of frame is simultaneously parsed.In this step,
Firstly, being stored in the frame data of the memory of ES type after decryption, pass through being total to for dependable environment processing module 32
Enjoy the safe decoder module 307 that memory mode is input into trusted application end 31;
Secondly, safe decoder module 307 maps the secure memory handle of YUV type, the void that can be read and write is obtained
Quasi- address, parses the header information of frame;
Again, the header information of parsing is sent to safety by the shared drive mode of dependable environment processing module 32
34 initial configuration hardware decoder of drive module.
In step 407, hardware decoder passes through and directly visits secure memory module 33 after initial configuration
It asks and operates to be decoded, obtain video data.In this step,
Firstly, security drive module 34, by ARM trust region (Trust Zone) technology, by registration security memory and
Hardware decoding configuration is in the same operation domain, to meet the decoded read-write operation permission of hardware;
Secondly, with the hardware decoder postponed after obtaining the data handle of data handle and YUV type of ES type,
It is decoded and is saved in decoding data the memory of YUV type;
Again, the reference frame in decoding process, needs the data buffering of a certain number of YUV types, and the buffered data is logical
Yuv data slice is crossed to obtain.
In step 408, hardware is shown in receive video data after, push and refresh display data.In this step,
Firstly, under dependable environment, safe post-processing module 308 passes through ARM trust region (Trust Zone) skill
Art, by registration security memory and display driving in the same operation domain, to meet the read-write operation permission that hardware is shown;
Secondly, after the data handle for obtaining YUV type, carrying out frame data reading with the hardware display unit postponed
And refresh operation, finally it is shown to terminal device screen pond.
In addition, data flow, which is constantly transferred under dependable environment, carries out safe solution in above-mentioned steps 403 into step 408
Analysis, secure decryption, safety decoding and display operation.In step behaviour 405, if the case where encountering the resolution ratio of variation, it can discharge
And apply for the memory of YUV type again, data cutting is then carried out, and be assigned to Data buffer.
Entire step to the protection of encryption data, then arrives the safe handling of ciphertext data from the secure storage of decruption key,
The safe handling of decoding data is arrived again, finally arrives the Refresh Data of display equipment, each link has carried out protection operation, from one
Determine to say in meaning, be in the data of the video playing of the terminal it is safe, have very high anti-theft protection mechanism.
Playback method through the invention can be based on data medium encrypted copyright and dependable environment safe practice
On, guarantee media content from server to terminal and the safety and confidentiality of the media data of terminal processes playing process.?
Terminal security processing links can prevent Data acquisition and the attack of illegal application, prevent the devious conduct of illegal application.Together
When, the present invention does not limit the Resource Properties of hardware, including secure memory, and secure storage can flexibly be realized according to equipment of itself
And configuration.In addition, secure memory must satisfy continuous physical memory distribution, to support the data of subsequent hardware driving to visit
It asks.
Those of ordinary skill in the art will appreciate that: the foregoing is only a preferred embodiment of the present invention, and does not have to
In the limitation present invention, although the present invention is described in detail referring to the foregoing embodiments, for those skilled in the art
For, still can to foregoing embodiments record technical solution modify, or to part of technical characteristic into
Row equivalent replacement.All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should all include
Within protection scope of the present invention.
Claims (13)
1. a kind of Video security play system based on dependable environment, including, client application end, trusted application end, trusted
Ambient process module, secure memory module and security drive module, which is characterized in that
The client application end, for the encrypted video of user's access, to certificate server application decruption key;
The trusted application end receives the instruction of dependable environment processing module, carries out secure decryption to encryption data, safety solves
Code and safe post-processing operation;
The secure memory module, is used for the secure storage of data;
The security drive module carries out initial configuration to hardware decoder under dependable environment.
2. the Video security play system according to claim 1 based on dependable environment, which is characterized in that the safety
Memory modules establish the memory of ES type according to the dependable environment processing module application, and carry out cutting, after cutting
The initial address of the memory of ES type is cached in the data buffer storage pond of ES type as the secure memory handle of ES type.
3. the Video security play system according to claim 1 based on dependable environment, which is characterized in that the safety
Memory modules establish the memory of YUV type according to the dependable environment processing module application, and carry out cutting, and by cutting
The initial address of the memory of YUV type is cached to the data buffer storage pond of YUV type as the secure memory handle of YUV type afterwards
It is interior.
4. the Video security play system according to claim 1 based on dependable environment, which is characterized in that described credible
Application end further comprises secure decryption module, safe decoder module and safe post-processing module, wherein
The secure decryption module is decrypted the frame data of encryption form, and the frame data after decryption is stored in
To secure memory module;
The safe decoder module, extracts the header information of frame from the frame data after decryption, and is parsed;
The safe post-processing module, under dependable environment, registration security memory and display driving are in the same operation domain
It is interior.
5. the Video security play system according to claim 4 based on dependable environment, which is characterized in that the safety
Deciphering module carries out virtual map to the secure memory handle of ES type, obtains the readable write address under dependable environment, protect
Deposit the frame data of decryption.
6. the Video security play system according to claim 4 based on dependable environment, which is characterized in that the safety
Decoder module maps the secure memory handle of YUV type, obtains the readable write address under dependable environment, will solve
The header information of the frame of analysis is sent to the security drive module.
7. a kind of Video security playback method based on dependable environment, which comprises the following steps:
Obtain decruption key, decryption and the secure storage key data of encrypted video;
Initial media loads packet secure memory, carries out cutting to it, and save address handle;
Medium load packet is obtained, video current load is extracted and saves the frame data of encryption;
The frame data of encryption is decrypted, and decrypted result is saved in secure memory module;
Initialization display secure memory, carries out cutting to it, and save address handle;
The header information of frame is extracted, and is parsed;
It accesses to secure memory module and decoding operate, acquisition video data pushes and refresh display data.
8. the Video security playback method according to claim 7 based on dependable environment, which is characterized in that the acquisition
The step of decruption key of encrypted video is the encrypted video that client application end is directed to user's access, to certificate server application
Decruption key.
9. the Video security playback method according to claim 7 based on dependable environment, which is characterized in that described initial
Change medium load packet secure memory, cutting carried out to it, and the step of saving address handle, further comprise:
Secure memory module establishes the memory of ES type according to dependable environment processing module application, and carries out cutting, will cut
The initial address of the memory for the ES type divided is buffered in the Data buffer of ES type as the secure memory handle of ES type.
10. the Video security playback method according to claim 7 based on dependable environment, which is characterized in that described right
The frame data of encryption is decrypted, and the step of decrypted result is saved in secure memory module, further comprises:
The frame data of encryption form is decrypted in secure decryption module;
Virtual map is carried out to the secure memory handle of ES type, the readable write address under dependable environment is obtained, by decryption
Frame data is saved in secure memory mould.
11. the Video security playback method according to claim 7 based on dependable environment, which is characterized in that described first
Beginningization shows secure memory, carries out cutting to it, and the step of saving address handle, further comprises:
Secure memory module establishes the memory of YUV type according to dependable environment processing module application, and carries out cutting, will cut
The initial address of the memory for the YUV type divided is buffered to the Data buffer of YUV type as the secure memory handle of YUV type
It is interior.
12. the Video security playback method according to claim 7 based on dependable environment, which is characterized in that described to mention
The header information of frame, and the step of being parsed are taken, further comprises:
Safe decoder module extracts the header information of frame from the frame data after decryption;
The secure memory handle of YUV type is mapped, the readable write address under dependable environment is obtained, by the frame of parsing
Header information is sent to security drive module.
13. the Video security playback method according to claim 7 based on dependable environment, which is characterized in that described right
Secure memory module accesses and decoding operate, obtains the step of video data pushes and refreshes display data, further wraps
It includes:
Security drive module carries out initial configuration to hardware decoder;
Secure memory module and display driving are registered in the same operation domain by safe post-processing module;
Video data is pushed to hardware display unit and refreshes display data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710617297.XA CN109309846A (en) | 2017-07-26 | 2017-07-26 | A kind of Video security play system and method based on dependable environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710617297.XA CN109309846A (en) | 2017-07-26 | 2017-07-26 | A kind of Video security play system and method based on dependable environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109309846A true CN109309846A (en) | 2019-02-05 |
Family
ID=65202386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710617297.XA Pending CN109309846A (en) | 2017-07-26 | 2017-07-26 | A kind of Video security play system and method based on dependable environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109309846A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111757176A (en) * | 2020-06-11 | 2020-10-09 | 青岛海信传媒网络技术有限公司 | Streaming media file safe playing method and display equipment |
| WO2021184181A1 (en) * | 2020-03-17 | 2021-09-23 | 华为技术有限公司 | Secure output method and electronic device |
| CN113783900A (en) * | 2021-11-15 | 2021-12-10 | 四川格锐乾图科技有限公司 | Encryption and multi-stage calibration method for stream media of unmanned aerial vehicle |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101448018A (en) * | 2008-12-26 | 2009-06-03 | 中兴通讯股份有限公司 | Interprocess communication method and device thereof |
| CN101499034A (en) * | 2009-03-05 | 2009-08-05 | 北京中星微电子有限公司 | Internal memory management method |
| CN103650513A (en) * | 2011-07-07 | 2014-03-19 | 索尼公司 | Image processing device and method |
| CN104581214A (en) * | 2015-01-28 | 2015-04-29 | 三星电子(中国)研发中心 | Multimedia content protecting method and device based on ARM TrustZone system |
| CN104918116A (en) * | 2015-05-28 | 2015-09-16 | 北京视博数字电视科技有限公司 | Resource play method and system for intelligent terminal |
| US20170109503A1 (en) * | 2015-10-14 | 2017-04-20 | Arris Enterprises Llc | High definition secure playback with downloadable drm for android platforms |
| CN106845160A (en) * | 2015-12-03 | 2017-06-13 | 国家新闻出版广电总局广播科学研究院 | A kind of digital copyright management for intelligent operating system(DRM)Method and system |
-
2017
- 2017-07-26 CN CN201710617297.XA patent/CN109309846A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101448018A (en) * | 2008-12-26 | 2009-06-03 | 中兴通讯股份有限公司 | Interprocess communication method and device thereof |
| CN101499034A (en) * | 2009-03-05 | 2009-08-05 | 北京中星微电子有限公司 | Internal memory management method |
| CN103650513A (en) * | 2011-07-07 | 2014-03-19 | 索尼公司 | Image processing device and method |
| CN104581214A (en) * | 2015-01-28 | 2015-04-29 | 三星电子(中国)研发中心 | Multimedia content protecting method and device based on ARM TrustZone system |
| CN104918116A (en) * | 2015-05-28 | 2015-09-16 | 北京视博数字电视科技有限公司 | Resource play method and system for intelligent terminal |
| US20170109503A1 (en) * | 2015-10-14 | 2017-04-20 | Arris Enterprises Llc | High definition secure playback with downloadable drm for android platforms |
| CN106845160A (en) * | 2015-12-03 | 2017-06-13 | 国家新闻出版广电总局广播科学研究院 | A kind of digital copyright management for intelligent operating system(DRM)Method and system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021184181A1 (en) * | 2020-03-17 | 2021-09-23 | 华为技术有限公司 | Secure output method and electronic device |
| CN111757176A (en) * | 2020-06-11 | 2020-10-09 | 青岛海信传媒网络技术有限公司 | Streaming media file safe playing method and display equipment |
| CN113783900A (en) * | 2021-11-15 | 2021-12-10 | 四川格锐乾图科技有限公司 | Encryption and multi-stage calibration method for stream media of unmanned aerial vehicle |
| CN113783900B (en) * | 2021-11-15 | 2022-01-11 | 四川格锐乾图科技有限公司 | Encryption and multi-stage calibration method for stream media of unmanned aerial vehicle |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11580570B2 (en) | Method and apparatus for dynamic, real-time ad insertion based on meta-data within a hardware based root of trust | |
| TWI406569B (en) | Unit for managing audio/video data and access control method for said data | |
| KR100859612B1 (en) | Method, apparatus and system for remote real-time access of multimedia content | |
| CN104581214B (en) | Multimedia content guard method based on ARM TrustZone systems and device | |
| CN105075172B (en) | Video distribution and playback | |
| US8325916B2 (en) | Encryption scheme for streamed multimedia content protected by rights management system | |
| US20040022391A1 (en) | Digital content security system and method | |
| CN102184351B (en) | Content reading system and content reading method | |
| US20030236978A1 (en) | Secure media path methods, systems, and architectures | |
| US20140245400A1 (en) | Progressive download or streaming of digital media securely through a localized container and communication protocol proxy | |
| KR20050119122A (en) | System, method and apparatus for securely providing content viewable on a secure device | |
| WO2004012378A2 (en) | Digital content security system and method | |
| US20130275755A1 (en) | Systems, methods and apparatuses for the secure transmission of media content | |
| AU2012275667A1 (en) | Method and apparatus for dynamic, real-time ad insertion based on meta-data within a hardware based root of trust | |
| NO327641B1 (en) | Method and system for authenticating components of a graphics system | |
| CN103493497A (en) | Ethernet decoder device and method to access protected content | |
| WO2011011444A1 (en) | Off-line content delivery system with layered encryption | |
| CN108432178A (en) | Method for protecting multimedia content record security in storage medium | |
| CN109309846A (en) | A kind of Video security play system and method based on dependable environment | |
| US12095910B2 (en) | System for thin client devices in hybrid edge cloud systems | |
| CN102984557A (en) | DRM-based streaming media playing system | |
| JP2016531474A (en) | Method for protecting the decryption key of a decoder and decoder implementing said method | |
| CN102196304A (en) | Method, system and equipment for generating secrete key in video monitoring | |
| CN106257858A (en) | The data ciphering method of a kind of remote storage device, Apparatus and system | |
| US20080037782A1 (en) | Reduction of channel change time for digital media devices using key management and virtual smart cards |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190205 |
|
| RJ01 | Rejection of invention patent application after publication |