Nothing Special   »   [go: up one dir, main page]

WO2021184181A1 - Secure output method and electronic device - Google Patents

Secure output method and electronic device Download PDF

Info

Publication number
WO2021184181A1
WO2021184181A1 PCT/CN2020/079589 CN2020079589W WO2021184181A1 WO 2021184181 A1 WO2021184181 A1 WO 2021184181A1 CN 2020079589 W CN2020079589 W CN 2020079589W WO 2021184181 A1 WO2021184181 A1 WO 2021184181A1
Authority
WO
WIPO (PCT)
Prior art keywords
frame
video frame
protection information
level protection
resolution
Prior art date
Application number
PCT/CN2020/079589
Other languages
French (fr)
Chinese (zh)
Inventor
方中华
王玺林
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN202080098056.9A priority Critical patent/CN115211129A/en
Priority to PCT/CN2020/079589 priority patent/WO2021184181A1/en
Publication of WO2021184181A1 publication Critical patent/WO2021184181A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8355Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems

Definitions

  • This application relates to the field of multimedia technology, and in particular to a safe output method and electronic equipment.
  • the electronic device can process the transmission process according to the content usage rules (CUR) from decoding the code stream to transmitting the decoded video stream to the output port.
  • CUR content usage rules
  • Media content in. CUR can include protection strategies such as high-bandwidth digital content protection (HDCP) strategies, video watermark protection strategies, and so on.
  • HDCP high-bandwidth digital content protection
  • the existing safe output mechanism protects the media content from the code stream level, which may cause problems such as video error display, and the protection performance of the media content is poor.
  • This application provides a safe output method and electronic equipment to solve the problem of poor protection performance of existing media content protection mechanisms.
  • the present application provides a safe output method.
  • the method includes: in the stage of decoding a video code stream to obtain a first decoded video frame, generating according to the output control strategy and the resolution of the first decoded video frame Frame-level protection information of the first decoded video frame; determining whether to output the first display video frame according to the frame-level protection information, and the first display video frame is obtained according to the first decoded video frame.
  • the electronic equipment involved in the field can support a trusted execution environment (TEE) and a common execution environment (rich execution environment, REE).
  • TEE is used to provide a protected execution environment for protected application software
  • REE is used to provide an execution environment for unprotected application software.
  • the media content transmitted under the TEE may be processed in accordance with media content usage rules (content usage rules, CUR), for example, to realize the protection of the media content.
  • CUR can include protection strategies such as HDCP strategy, video watermark protection strategy, prohibition of transcoding and prohibition of recording.
  • the HDCP strategy and the video watermark protection strategy are collectively referred to as "output protection strategy" or "output control strategy”.
  • the electronic device decodes the video code stream to obtain the first decoded video frame, and generates the frame-level protection information of the first decoded video frame. Further, the electronic device may determine whether to output the first display video frame according to the frame-level protection information.
  • the protection information in the embodiments of this application is frame-level, and each video frame has its own corresponding frame-level protection information, and each video frame output can be based on the frame-level protection information corresponding to the video frame. For output protection, the safety is higher and the flexibility is better.
  • the method further includes: processing the first decoded video frame to obtain the first display video frame;
  • the resolution of the displayed video frame updates the frame-level protection information.
  • the electronic device may process the first decoded video frame to obtain the output first display video frame.
  • the resolution of the first decoded video frame may change accordingly, that is, the resolution of the first displayed video frame may be different from the resolution of the first decoded video frame .
  • the electronic device can update the frame-level protection information according to the resolution of the first display video frame. It can be seen that with this implementation, the electronic device can update the frame-level protection information of the video frame according to the change in the resolution of the video frame, so that each video frame corresponds to the protection information of the video frame.
  • the processing the first decoded video frame to obtain the first display video frame includes: enlarging the first decoded video frame to obtain the first display video frame; or reducing the first decoded video frame The video frame obtains the first display video frame.
  • the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
  • Updating the frame-level protection information with the resolution of the first display video frame includes: when the resolution of the first display video frame is less than the minimum resolution, modifying the minimum resolution in the frame-level protection information to the second One shows the resolution of the video frame.
  • the frame-level protection information includes the minimum resolution, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
  • the minimum resolution is usually set in the initial information of the frame-level protection information.
  • the frame-level protection information of the first decoded video frame if the resolution of the first decoded video frame is less than the initially set minimum resolution, modify the minimum resolution in the frame-level protection information to the resolution of the first decoded video frame .
  • the minimum resolution in the frame-level protection information is modified to the first display The resolution of the video frame.
  • the determining whether to output the first display video frame according to the frame-level protection information includes: obtaining an output protection state allowed by an output port; determining a target output control strategy that matches the output protection state; determining Whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy; when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the first display is output Video frame.
  • HDMI Digital high definition multimedia interface
  • the HDMI of the electronic device can determine the output protection status of the output video frame (also referred to as the HDCP protection status) according to the HDCP support status of the connected display device. For example, the HDMI of the electronic device supports HDCP2.2 and HDCP1.4, and the interface connected to the HDMI only supports HDCP1.4, then the HDCP protection state of the output video frame determined by HDMI is HDCP1.4.
  • the electronic device Before outputting the first display video, the electronic device may obtain the HDCP protection status of HDMI, and further, determine a target output control strategy matching the HDCP protection status from the frame-level protection information of the first display video frame. Then, when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the electronic device outputs the first display video frame. It can be seen that every time the electronic device outputs a video frame, the video frame can be output protected according to the frame-level protection information corresponding to the video frame, so that the security is higher. When the resolution of the video frame exceeds the resolution allowed by the output control strategy, the output of the video frame will be prohibited. It can be seen that this implementation can effectively protect the output of the high-definition video frame.
  • the protection information in the embodiments of this application is at the frame level.
  • Each video frame has its own corresponding frame-level protection information. Every time a video frame is output, the video frame can be output according to the frame-level protection information corresponding to the video frame. Protection, security, and flexibility are also better.
  • the method before decoding the video code stream to obtain the first decoded video frame, the method further includes: the trusted application TA configures the output control strategy for the video code stream.
  • the software system that performs output protection for video content includes a condition access system (CAS) or a digital rights management (digitial rights management, DRM) system.
  • CAS or DRM is expressed as "CAS/DRM”.
  • the TEE software application layer can include CAS/DRM trusted applications (CAS/DRM trusted application, CAS/DRM TA).
  • the TA decrypts the encrypted video code stream to obtain the video code stream and the protection requirements corresponding to the video code stream.
  • the TA can configure the output control strategy according to the protection requirements. With this implementation, it is possible to provide information for generating frame-level protection information.
  • the method further includes: determining whether the video bitstream and the first decoded video frame correspond to the same media channel; and determining whether the first decoded video frame and the first display video frame correspond to the same media channel .
  • the path for transmitting video content is the media path.
  • the media path includes a series of hardware modules and memory used for video processing.
  • it is the hardware decoding module (video decoder, VDEC) that decodes the video code stream to obtain the first decoded video frame.
  • VDEC video decoder
  • VPSS video processor
  • VDEC Before outputting the first decoded video frame, VDEC should determine whether the video bitstream and the first decoded video frame correspond to the same media channel. This can avoid the problem of accessing data of other media channels when VDEC outputs the first decoded video frame, thereby improving the security of video frame transmission.
  • the VPSS Before outputting the first display video frame, the VPSS should determine whether the first decoded video frame and the first display video frame correspond to the same media channel. This can avoid the problem of accessing data of other media channels when the VPSS outputs the first display video frame, thereby improving the security of video frame transmission.
  • the determining whether the video code stream and the first decoded video frame correspond to the same media path includes: obtaining the first path identifier corresponding to the video code stream and the frame-level protection of the first decoded video frame The second path identifier in the information; when the first path identifier and the second path identifier are the same, it is determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path; it is determined that the first Whether the decoded video frame and the first display video frame correspond to the same media path includes: obtaining the third path identifier in the frame-level protection information of the first decoded video frame, and the fourth path identifier in the updated frame-level protection information ; When the third channel identifier and the fourth channel identifier are the same, it is determined that the first decoded video frame and the first display video frame correspond to the same media channel.
  • the electronic device when the electronic device creates a media channel, the corresponding media channel is provided with a channel identifier, and the channel identifier is used to identify the media channel. After that, the electronic device can maintain the corresponding relationship between the path identifier and each data memory on the media path, and write the path identifier as initial information into the frame-level protection information. Furthermore, in this application, the electronic device can determine whether two video frames correspond to the same media channel by comparing whether the channel identifiers are the same, so as to avoid the problem of hardware modules accessing data of other media channels, thereby improving the security of video frame transmission .
  • the method before determining whether to output the first display video frame according to the frame-level protection information, and before updating the frame-level protection information according to the resolution of the first display video frame, the method further includes: detecting the Whether the frame-level protection information is valid.
  • any hardware module on the media channel needs to check the validity of the corresponding frame-level protection information before reading the frame-level protection information and before writing the relevant information of the frame-level protection information. For example, before writing the output control strategy and the resolution of the first decoded video frame, VDEC should check whether the corresponding initial information of the frame-level protection information is valid.
  • the VPSS Before the VPSS reads the frame-level protection information of the first decoded video frame, it needs to check whether the frame-level protection information of the first decoded video frame is valid. Before the VPSS updates the minimum resolution in the frame-level protection information, it needs to check whether the frame-level protection information to be updated is valid. Before reading the frame-level protection information of the first display video frame, the VDP needs to check whether the frame-level protection information of the first display video frame is valid. This can ensure that the corresponding video frame is output protected according to the correct protection information.
  • the detecting whether the frame-level protection information is valid includes: detecting at least one of the following: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate the frame-level protection Whether the information is bound to the video frame; determine whether the check value of the frame-level protection information is the same as the initial check value; or, detect the correspondence between the storage address of the first display video frame in the frame-level protection information and the length of the storage address is it right or not.
  • detecting whether the frame-level protection information is valid is essentially detecting at least one piece of initial protection information in the frame-level protection information, and determining the corresponding frame under the condition that the detected at least one piece of initial protection information is valid Level protection information is valid.
  • the VDP can detect whether the type (tag) of the frame-level protection information of the first displayed video frame matches the pre-configured tag. If the tag of the frame-level protection information of the first display video frame matches the pre-configured tag, the tag information is valid. Among them, the tag is used to indicate whether the frame-level protection information is bound to the video frame. If the frame-level protection information is bound to a video frame, then the VDP should perform an operation on the first display video frame according to the resolution of the video frame in the frame-level protection information. If the frame-level protection information is not bound to the video frame, then the frame-level protection information is global protection information, and the VDP should perform operations on the first display video frame according to the resolution in the extended output strategy. With this implementation, after determining the correctness of the frame-level protection information type, the VDP can process the first display video frame according to the frame-level protection information according to the matching processing logic.
  • the VDP can also detect whether the corresponding relationship between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct. If the corresponding relationship between the storage address of the first display video frame and the length of the storage address is correct, it indicates that the frame-level protection information is the frame-level protection information corresponding to the first display video frame. With this implementation method, VDP can ensure whether the frame-level protection information is associated with the video frame, thereby ensuring that the protection information of the corresponding video frame is read from the frame-level protection information, and further, realizing accurate output protection for the video frame.
  • VDP can also determine whether the check value of the frame-level protection information is the same as the initial check value. If the check value of the frame-level protection information is the same as the initial check value, it indicates that the frame-level protection information has not been tampered with. If the check value of the frame-level protection information is different from the initial check value, it indicates that the frame-level protection information has been tampered with.
  • VDP can perform output protection on the first display video frame according to the frame-level protection information while ensuring that the frame-level protection information is not damaged, forged or tampered, so as to implement the correct output protection for the first display video frame. Output protection, optimize the performance of output protection.
  • the detection sequence of the above three items of information can be arbitrary, which is not limited in this application.
  • the detection of the validity of the frame-level protection information by VDEC and the detection of the validity of the frame-level protection information by the VPSS are similar to the detection process of the above-mentioned VDP, and will not be described in detail here.
  • the judging whether the check value of the frame-level protection information is the same as the initial check value includes: performing an exclusive OR operation on all the information in the frame-level protection information to obtain the first result; The first result is XORed with the security random number to obtain the check value of the frame-level protection information; whether the check value of the frame-level protection information is the same as the initial check value is compared.
  • the electronic device is provided with a mask register, and the mask register is, for example, a 32-bit register.
  • the TEE side can read a 32-bit random number from the hardware random number module, write it into the mask register and latch it.
  • the REE side has no access rights to the mask register. Based on this, the 32-bit random number in the mask register is relatively safe and can be called a "secure random number".
  • Mask refers to a secure random number
  • refers to an exclusive OR operation.
  • the corresponding hardware module can calculate the check value of the current frame-level protection information according to the same algorithm. Since the secure random number cannot be tampered with, if the calculated check value is the same as the checksum, it indicates that the frame-level protection information has not been tampered with. If the calculated check value is different from the checksum, it indicates that the frame-level protection information has been tampered with by the REE side.
  • the method further includes: adding a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
  • the frame-level protection information includes the storage address of the watermark information.
  • the watermark information may include the content of the watermark information, the position added to the video frame, the relative size of the video frame, and so on.
  • the display position and size of the first display video frame are all controlled by the user through the REE side input control instructions. Therefore, if the first display video frame needs video watermark protection, the electronic device can also obtain the position and size of the first display video frame from the REE driver. Then, the watermark information is obtained from the storage address of the watermark information. After that, the electronic device can use the position and size of the first display video frame, the relative position of the watermark information and the first display video frame, and the relationship between the watermark information and the first display video frame.
  • Relative size determine the location and size of the watermark information to be added.
  • the electronic device can determine the position and size of the watermark to be added according to the position and size of the video frame when it is displayed, so as to ensure that the watermark is accurately added and displayed with the change of the video frame.
  • the electronic device directly corresponds the video frame to the watermark information of the video frame through the frame-level protection information, which can avoid the problem of failure to add watermark due to the display level of the video frame in a scene where multiple videos are displayed at the same time.
  • it further includes: if the frame-level protection information of the first display video frame is lost, determining whether to output the first display video frame according to the resolution in the global protection information, and the resolution in the global protection information
  • the rate is the minimum resolution in the output strategy corresponding to at least one bitstream.
  • the method before decoding the video code stream to obtain the first decoded video frame, the method further includes: obtaining a request to create a media path, which is used to transmit the video code stream; and generating a path of the media path Identification; configure the type of protection information in the frame-level protection information, the corresponding relationship between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value.
  • the electronic device can pre-configure and maintain the software, hardware, related information, and the corresponding relationship between the above factors involved in the video transmission process, so as to realize the function of safely outputting the video.
  • the present application provides a safety output device, which includes: a decoding module for generating frame-level protection information of the first decoded video frame according to the output control strategy and the resolution of the first decoded video frame,
  • the first decoded video frame is obtained by decoding the video code stream by the decoding module;
  • the display control module is configured to determine whether to output the first display video frame according to the frame-level protection information, and the first display video frame is based on the first display video frame. Obtained from a decoded video frame.
  • the device further includes: a processing module, configured to process the first decoded video frame to obtain the first display video frame; and an update module, configured to obtain the first display video frame according to the resolution of the first display video frame Update the frame-level protection information.
  • the processing module is specifically configured to enlarge the first decoded video frame to obtain the first display video frame; or, the processing module is specifically configured to reduce the first decoded video frame to obtain the first display video frame. Display video frames.
  • the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
  • the update The module is specifically configured to modify the minimum resolution in the frame-level protection information to the resolution of the first display video frame when the resolution of the first display video frame is less than the minimum resolution.
  • the display control module is specifically used to: obtain the output protection status allowed by the output port, determine the target output control strategy that matches the output protection status; determine the minimum resolution in the frame-level protection information Whether it is less than the resolution allowed by the target output control strategy; when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, output the first display video frame.
  • the device further includes a trusted application TA, which is used to configure the output control strategy for the video stream.
  • a trusted application TA which is used to configure the output control strategy for the video stream.
  • the decoding module is also used to determine whether the video bitstream and the first decoded video frame correspond to the same media path; and the processing module is also used to determine whether the first decoded video frame and the first decoded video frame correspond to the same media path. Whether the first display video frame corresponds to the same media channel.
  • the decoding module is specifically configured to: obtain the first path identifier corresponding to the video code stream and the second path identifier in the frame-level protection information of the first decoded video frame; When the channel identifier and the second channel identifier are the same, it is determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media channel; and the processing module is specifically used to: obtain the information of the first decoded video frame The third path identifier in the frame-level protection information and the fourth path identifier in the updated frame-level protection information; when the third path identifier and the fourth path identifier are the same, it is determined that the first decoded video frame is the same as the fourth path identifier.
  • the first display video frame corresponds to the same media channel.
  • the device further includes a detection module configured to detect whether the frame-level protection information is valid.
  • the detection module is specifically configured to perform at least one of the following detections: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate whether the frame-level protection information is bound Determine the video frame; determine whether the check value of the frame-level protection information is the same as the initial check value; or check whether the corresponding relationship between the storage address of the first display video frame in the frame-level protection information and the length of the storage address is correct.
  • the detection module is specifically used to: perform an exclusive OR operation on all information in the frame-level protection information to obtain a first result; perform an exclusive OR operation on the first result and a secure random number, Obtain the check value of the frame-level protection information; compare whether the check value of the frame-level protection information is the same as the initial check value.
  • the device further includes a watermark adding module, configured to add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
  • the display control module is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost, the The resolution in the global protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
  • the device further includes an acquisition module for acquiring a request to create a media channel, the media channel is used to transmit the video stream; a session management module, which is used to generate a channel identifier of the media channel; configuration The type of the protection information in the frame-level protection information, the correspondence between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value.
  • the technical effects produced by the second aspect and the implementation manners of the second aspect are the same as the technical effects produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.
  • the present application provides an electronic device including a processor and a transmission interface, wherein the processor is configured to call software instructions stored in a memory to realize: decoding a video stream; In the stage of decoding the video stream to obtain the first decoded video frame, according to the output control strategy and the resolution of the first decoded video frame, the frame-level protection information of the first decoded video frame is generated; The level protection information determines whether to output the first display video frame, and the first display video frame is obtained according to the first decoded video frame.
  • the processor is further configured to process the first decoded video frame to obtain the first display video frame; and update the frame-level protection information according to the resolution of the first display video frame.
  • the processor is specifically configured to enlarge the first decoded video frame to obtain the first display video frame; or reduce the first decoded video frame to obtain the first display video frame.
  • the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
  • the device is also used to modify the minimum resolution in the frame-level protection information to the resolution of the first display video frame when the resolution of the first display video frame is less than the minimum resolution.
  • the frame-level protection information includes the minimum resolution, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
  • the processor specifically obtains the output protection status allowed by the output port, determines a target output control strategy that matches the output protection status; determines whether the minimum resolution in the frame-level protection information is less than the target The resolution allowed by the output control strategy; when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the first display video frame is output.
  • the processor is further configured to configure the output control strategy for the video code stream.
  • the processor is further configured to determine whether the video bitstream and the first decoded video frame correspond to the same media path; the processor is also configured to determine whether the first decoded video frame and the first decoded video frame correspond to the same media path. One shows whether the video frame corresponds to the same media channel.
  • the processor is specifically configured to obtain the first path identifier corresponding to the video bitstream and the second path identifier in the frame-level protection information of the first decoded video frame; in the first path When the identifier and the second path identifier are the same, it is determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path; the processor is specifically configured to obtain the frame-level protection of the first decoded video frame The third path identifier in the information and the fourth path identifier in the updated frame-level protection information; when the third path identifier and the fourth path identifier are the same, it is determined that the first decoded video frame is the same as the first display The video frames correspond to the same media channel.
  • the processor is also used to detect whether the frame-level protection information is valid.
  • the processor is specifically configured to perform at least one of the following detections: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate whether the frame-level protection information is bound Determine the video frame; determine whether the check value of the frame-level protection information is the same as the initial check value; or check whether the corresponding relationship between the storage address of the first display video frame in the frame-level protection information and the length of the storage address is correct.
  • the processor is specifically configured to perform an exclusive OR operation on all information in the frame-level protection information to obtain a first result; perform an exclusive OR operation on the first result and a secure random number to obtain The check value of the frame-level protection information; compare whether the check value of the frame-level protection information is the same as the initial check value.
  • the processor is further configured to add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
  • the processor is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost.
  • the resolution in the protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
  • the processor is also used to obtain a request to create a media path, which is used to transmit the video code stream; generate the path identifier of the media path; configure the protection in the frame-level protection information The type of information, the corresponding relationship between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value.
  • the technical effects produced by the third aspect and the implementation manners of the third aspect are the same as the technical effects produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.
  • the present application provides an electronic device including a processor and a memory, where the memory is used to store programs, instructions or codes, and the processor is used to execute the programs, instructions or codes in the memory, Complete the first aspect, or any one of the possible design methods of the first aspect.
  • the electronic device may be a processor chip.
  • the processor in the electronic device is a processor core or a central processing unit in the processor chip.
  • the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when it runs on a computer or a processor, the computer or the processor executes the first aspect or the first aspect.
  • the computer or the processor executes the first aspect or the first aspect.
  • this application provides a computer program product containing instructions that, when the instructions run on a computer or processor, cause the computer or processor to execute any possible design as in the first aspect or any possible design in the first aspect. In the method.
  • the electronic device After the electronic device decodes the video code stream to obtain the video frame, it generates frame-level protection information corresponding to the video frame. After that, the electronic device updates the frame-level protection information of the video frame according to the change in the resolution of the video frame. Therefore, before outputting the to-be-displayed video frame, the electronic device can perform output protection on the to-be-displayed video frame according to the frame-level protection information corresponding to the to-be-displayed video frame. In this way, protection is performed at the level of the video frame.
  • the electronic device can update the output protection information corresponding to the video frame in time, so that the electronic device can provide more accurate output protection, and avoid the video frame and the output protection strategy from being out of synchronization.
  • the protection failure problem improve the performance of the protection.
  • FIG. 1A is a system architecture diagram of a typical electronic device provided by this application.
  • FIG. 1B is a schematic diagram of the first exemplary application scenario of output protection provided by this application.
  • FIG. 1C is a schematic diagram of a second exemplary application scenario of output protection provided by this application.
  • FIG. 2 is a schematic diagram of the system architecture of the electronic device 10 provided by the present application.
  • Fig. 3 is a schematic diagram of an exemplary structure of frame-level protection information provided by the present application.
  • FIG. 4 is an exemplary method flowchart of the safe output method 100 provided by the present application.
  • FIG. 5 is a schematic diagram of an exemplary application scenario of the safe output method 100 provided by the present application.
  • FIG. 6A is a schematic diagram of an exemplary system architecture of an electronic device 20 provided by the present application.
  • FIG. 6B is a schematic diagram of the transmission flow of frame-level protection information provided by this application.
  • FIG. 7A is a schematic diagram of an exemplary structure of a safety output device 70 provided by the present application.
  • FIG. 7B is a schematic diagram of an exemplary structure of the safety output device 71 provided by the present application.
  • This application can be applied to electronic devices that support audio and video input/output, such as smart phones, smart set-top boxes, smart TVs, surveillance, computers, tablet computers, etc.
  • Figure 1A shows the system architecture of a typical electronic device.
  • the system architecture includes: application layer, driver layer, operating system layer, hardware module and storage module.
  • the application layer is used to run application software, such as Tencent, Youku, etc.
  • the driver layer includes a driver program written for each hardware module, and the driver program is used to drive the corresponding hardware module to access the memory block.
  • the operating system layer is responsible for memory management, stack management, task scheduling management, etc. When the application software of the application layer is running, it can apply to the operating system layer to allocate a memory block and obtain the virtual address of the allocated memory block.
  • the allocated memory block is used to store data during the running of the application software, such as the following data such as video frames.
  • the driver layer can drive the hardware module to access the corresponding memory block according to the virtual address of the memory block.
  • the "access" involved in this application includes read operations and write operations.
  • the hardware module can process the data read from the input memory block in response to the instruction of the driver, and then write the processed data into the output memory block.
  • the application software Before the application software transmits the media content, it can create a media path based on the application software's intention and the processing process of the media content.
  • the media path is the path through which the application software processes the media content on the electronic device.
  • the processing process includes but is not limited to Play, record, transcode, and forward, etc.
  • the media path may include, for example, a recording path, a playback path, and a transcoding path.
  • the media path includes the resources used for audio and video processing, such as a series of hardware modules and memory.
  • the application software may apply to the operating system layer to occupy the hardware module 1, the hardware module 2 and the hardware module 3, and apply to the operating system layer to allocate the memory block 1 and the memory block 2.
  • Hardware module 1, hardware module 2, and hardware module 3, as well as memory block 1 and memory block 2, for example, can form a media channel, and the transmission process of the media stream on the media channel can be, for example: hardware module 1 to memory block 1, memory Block 1 to hardware module 2, hardware module 2 to memory block 2, and memory block 2 to hardware module 3.
  • the driver layer receives instructions from the application software, and then drives the corresponding hardware modules in the media path to perform access operations on the corresponding memory blocks and process the corresponding media data.
  • the electronic device shown in FIG. 1A may, for example, support a trusted execution environment (TEE) and a rich execution environment (REE).
  • TEE corresponds to REE.
  • TEE is used to provide a protected execution environment for protected application software
  • REE is used to provide an execution environment for unprotected application software.
  • the media content transmitted under the TEE may be processed in accordance with media content usage rules (content usage rules, CUR), for example, to realize the protection of the media content.
  • CUR media content usage rules
  • the hardware modules and memory blocks of the media channel under TEE should process and transmit relevant data in accordance with CUR.
  • CUR may include protection policies such as HDCP policy, video watermark protection policy, prohibition of transcoding, and prohibition of recording.
  • the HDCP strategy and the video watermark protection strategy act on the video output stage. Therefore, this application collectively refers to the HDCP strategy and the video watermark protection strategy as an "output protection strategy" or an "output control strategy".
  • the electronic device first decrypts the video source, that is, the encrypted video code stream, to obtain the video code stream to be decoded. Then, the electronic device decodes the video code stream to be decoded to obtain a video frame. After that, the electronic device can output the video frame through the hardware interface.
  • the electronic device can adopt the HDCP strategy to provide protection to the decoded video frame, and the electronic device can add a watermark to the video frame to realize the watermark protection of the video frame.
  • a software system that performs output protection on video content includes a condition access system (CAS) or a digital rights management (digitial rights management, DRM) system.
  • CAS condition access system
  • DRM digital rights management
  • the HDCP strategy is a technology to prevent the illegal recording of high-definition digital media content.
  • the HDCP policy can include HDCP1.4 protection level and HDCP2.2 protection level.
  • HDCP1.4 protection level and HDCP2.2 protection level allow different resolutions.
  • the resolution supported by HDCP1.4 protection level is usually 1080 Progressive scan (P), that is, 1080P, for example, indicates that the number of pixels per frame is 1920*1080
  • the resolution supported by HDCP2.2 protection level is usually 4K
  • 4K indicates that the number of pixels per frame is 4096*2160.
  • "K" is used to represent 2 to the 10*4 power.
  • the HDCP strategy is actually used for protection, it is required that the software and hardware for processing and displaying video frames support the HDCP strategy. Otherwise, the electronic device is prohibited from outputting the corresponding video frame or outputting the corresponding video frame at a reduced resolution.
  • HDMI digital high definition multimedia interface
  • HDMI commonly used by equipment includes HDMI1.0, HDMI1.3, HDMI1.4 and HDMI2.0, among which different versions of HDMI support different levels of HDCP.
  • HDMI1.3 supports HDCP1.4 Protection level
  • HDMI2.0 version supports HDCP2.2 protection level.
  • the HDMI of the electronic device can determine the HDCP protection status of the output video frame according to the HDCP support status of the connected interface.
  • the HDMI of the electronic device supports HDCP2.2 and HDCP1.4, and the interface to which the HDMI is connected only supports HDCP1.4, then the electronic device can output video frames at a resolution corresponding to the HDCP1.4 protection level.
  • the HDCP protection state of the output video frame determined by the HDMI of the electronic device is HDCP1.4.
  • the video watermark protection strategy refers to adding the required watermark information to the output video frame to identify the source of the video frame, etc.
  • the watermark information may include information such as the address, content identifier, and time stamp of the video source to which the video frame belongs.
  • the electronic device usually adds watermark information to the video frame according to the display position and size of the video frame.
  • the TEE application layer decrypts the encrypted video code stream, and then writes the decrypted video code stream into the memory block accessed by the decoding module in the corresponding media channel.
  • HDMI determines the supported HDCP protection status from the connected device and sends it to the TEE application layer. Then, the TEE application layer determines the HDCP protection status and Whether the HDCP protection level corresponding to the video stream matches. If the HDCP protection status does not match the HDCP protection level of the video stream, for example, the HDCP protection level of the video stream is HDCP2.2, and the HDCP protection status supports HDCP1.4 protection.
  • the TEE application layer will not decrypt the encrypted video stream, and then the electronic device outputs a mute signal.
  • output mute refers to outputting pure color video frames such as all black video frames or all blue video frames. If the HDCP protection status matches the HDCP protection level of the code stream, the TEE application layer will decrypt the encrypted code stream. Furthermore, the electronic device outputs a video frame corresponding to the video code stream. It can be seen that, in this solution, the electronic device has only two states of decryption and non-decryption for the encrypted video stream, and it will not adapt the output protection strategy of the video stream, and the applicability is poor.
  • the video display module in the corresponding media channel reads the to-be-displayed video frame from the memory block m, for example, and then configures the to-be-displayed video frame according to the output protection policy.
  • the output protection strategy includes, for example, the output resolution corresponding to the video frame to be displayed, the location of the watermark, and the size of the watermark.
  • the output protection policy in the video display module is configured by the TEE application layer, and after the output protection policy is configured in the video display module, the corresponding output protection policy is immediately configured for the read video frame to be displayed. Based on this, on the one hand, the memory block m can buffer part of the video frames to be displayed.
  • the video frames that have been cached in memory block m correspond to the output protection strategy before the change, but the video display module will configure the output protection strategy that has been cached in memory block m according to the changed output protection strategy.
  • the video frame to be displayed which causes the output protection to fail.
  • the to-be-displayed video frame stored in the memory block m may be a processed video frame, and the processing mechanism of the video frame is usually controlled by the REE application layer. Therefore, if the position and size of the video frame change, the TEE application layer cannot perceive it. Furthermore, the TEE application layer cannot update the output protection strategy in the video display module in time, which will also cause the output protection to fail. For example, it is not allowed in accordance with HDCP.
  • the present application provides a safe output method and electronic device, which generates frame-level protection information corresponding to video frames, so that before outputting the video frame to be displayed, the video frame to be displayed can be displayed according to the frame-level protection information corresponding to the video frame to be displayed.
  • Frame output protection In this way, protection at the level of the video frame can provide more accurate output protection, and when the video frame changes, the corresponding output protection information can be updated in time, thereby improving the performance of the protection.
  • FIG. 2 illustrates a schematic diagram of a system architecture of an exemplary application environment of the electronic device 10.
  • the electronic device 10 supports TEE.
  • the following describes the REE system architecture and TEE system architecture respectively in conjunction with Figure 2.
  • the REE system architecture includes REE software application layer, REE software interface adaptation layer, REE software driver layer, REE software operating system layer, REE hardware module and REE storage module.
  • the software application in the REE software application layer can control the REE hardware module through the REE software interface adaptation layer, the REE software driver layer and the REE software operating system layer, and access the memory blocks in the REE storage module.
  • the REE software operating system layer, the REE software driver layer, the REE software interface adaptation layer, and the REE software application layer are implemented by software codes. Illustratively, these software codes can be stored in the memory and run. On the processor.
  • the REE software application layer is used to provide the operating environment of the REE software application, and is also used to apply to the REE software operating system layer to allocate the REE hardware module and REE memory block when the REE software application is running, and to store the virtual address of the REE memory block.
  • the REE software interface adaptation layer is used to match the driver in the REE software driver layer according to the virtual address accessed by the REE software application layer.
  • the REE software driver layer includes a driver program written for each hardware module.
  • the driver program drives the corresponding hardware module to access the corresponding REE memory block according to the virtual address.
  • the REE software operating system layer is used to perform resource management of REE hardware modules, as well as stack management and task scheduling.
  • the REE software operating system layer can, for example, respond to instructions from the REE software application layer to configure the REE hardware module to create a media path, which is used to transmit media data without security requirements.
  • the REE software operating system layer is also used to maintain one or more computer programs and data. When the one or more computer programs are running, they can realize the functions of each software layer on the REE side.
  • the data is used to provide support for the operation of the one or more computer programs.
  • the REE storage module may include, but is not limited to, double data rate (DDR) memory, flash memory (Flash), static random access memory (static random access memory, SRAM), etc., which are not limited in this application.
  • DDR double data rate
  • flash flash
  • static random access memory static random access memory
  • SRAM static random access memory
  • the TEE system architecture includes TEE software application layer, TEE software interface adaptation layer, TEE software driver layer, TEE software operating system layer, TEE hardware module and TEE storage module.
  • TEE software operating system layer, the TEE software driver layer, the TEE software interface adaptation layer, and the TEE software application layer are implemented by software codes.
  • these software codes can be stored in the memory and run on the processor. superior.
  • the software application in the TEE software application layer can control the TEE hardware module through the TEE software interface adaptation layer, the TEE software driver layer and the TEE software operating system layer, and access the memory block in the TEE storage module. It should be understood that the basic interaction process between the software layers is similar to the REE side, and will not be detailed here.
  • the TEE software application layer may include the CAS/DRM trusted application (CAS/DRM trusted application, CAS/DRM TA), and the CAS/DRM TA may also be referred to as TA for short.
  • TA can be used to configure the output protection strategy of the video stream.
  • the TEE system architecture also includes a session management module, which is implemented by software code and runs on the processor.
  • the session management module runs on the TEE software driver layer, for example.
  • the session management module runs on the TEE software operating system layer, for example. There is no restriction here.
  • the session management module may be used to configure a protection information memory block in the process of creating a media channel in the TEE system architecture, and the protection information memory block is used to store the frame-level protection information corresponding to the video frame transmitted in the media channel.
  • the frame-level protection information includes output protection information corresponding to the video frame.
  • the session management module can also be used to configure the initial information of the frame-level protection information in each protection information memory block.
  • the initial information can include the type of the frame-level protection information, the virtual address of the memory block of the video frame corresponding to the frame-level protection information, and all the information. The corresponding relationship between the length of the virtual address and the initial check value of the frame-level protection information are described.
  • the frame-level protection information please refer to the following description, which will not be described in detail here.
  • the session management module can also be used to configure the channel identifier for the media channel created by the TEE system architecture, and store the correspondence between the virtual address of the memory block belonging to the media channel and the channel identifier.
  • the TEE storage module may include multiple secure memory blocks, where each secure memory block can be identified by a physical address.
  • part of the secure memory block may be configured as a memory block for storing video frames
  • another part of the secure memory block may be configured as a memory block for storing frame-level protection information. And is written into the initial information of the frame-level protection information.
  • the memory block used to store video frames may be referred to as a data memory block
  • the memory block used to store frame-level protection information is referred to as a protected information memory block.
  • the hardware module can respond to instructions from the TEE software driver layer or the TEE software operating system layer to detect the validity of the frame-level protection information in the protection information memory block before accessing the protection information memory block.
  • the hardware module may also detect whether the protected information memory block and the memory block corresponding to the read operation correspond to the same media path before performing the write operation on the protected information memory block.
  • the processor running each software layer of REE and the processor running each software layer of TEE may be physically the same processor.
  • the processor implements the functions of each software layer of the REE.
  • the processor runs in the TEE mode, the processor implements the functions of each software layer of the TEE.
  • the processor can be, for example, a system-level chip control logic unit, a microprocessor, a microcontroller (micro-controller unit, MCU), a central processing unit (CPU), a digital signal processing (digital signal processing, DSP) ), graphics processing unit (GPU), field programmable gate array (FPGA), application specific integrated circuit (ASIC), etc., which are not limited in this application.
  • the REE hardware module and the TEE hardware module shown in FIG. 2 may include, for example, a demux module (demux), a hardware decryption module, a hardware encryption module, a hardware decoding module (decoder), a video decoding module (video decoder, VDEC), and hardware Communication module, hardware video processing module (video processor, VPSS), hardware display module (video display, VDP), analog to digital converter (analog to digital converter, ADC), digital to analog converter (digital to analog converter, DAC),
  • the communication interface, radio frequency unit, and microelectronic mechanical module, etc. are not limited in this application.
  • the REE hardware module and the TEE hardware module can be implemented by two processing channels in the same hardware module.
  • Both the REE storage module and the TEE storage module may include, but are not limited to, DDR memory, flash memory (Flash), SRAM, etc., which are not limited in this application.
  • the REE storage module and the TEE storage module are isolated from each other, so that the ordinary memory block and the secure memory block are isolated from each other.
  • the physical address (physical address) described in the embodiment shown in FIG. 2 may be: storing information in a byte as a unit in the storage module. In order to store or obtain information correctly, each byte unit has a unique memory block address.
  • the physical address can also be called the actual address or the absolute address.
  • the physical address can be addressed in the storage module through the address bus, and is the address where the data is actually stored.
  • the virtual address described in the embodiment illustrated in FIG. 2 may be a logical address used by application software to access the memory block.
  • the virtual address does not actually store the data, but needs to be mapped to the actual physical address to obtain the data.
  • the software and hardware of the REE system architecture and the software and hardware of the TEE system architecture shown in FIG. 2 may be located in the same system on chip (SOC).
  • the TEE software driver layer, the TEE software operating system layer, and the TEE hardware module are located in the same SOC, and the REE storage module and TEE storage module can be independent of the SOC.
  • FIG. 2 is only a schematic description, and does not constitute a specific limitation on the electronic device 10.
  • the electronic device 10 may include more or fewer components than shown, or combine certain components, or split certain components, or arrange different components.
  • the illustrated components can be implemented in hardware, software, or a combination of software and hardware.
  • the safe output method described in this application is implemented in TEE.
  • the safe output method described in this application is executed by at least one of software, hardware, and a combination of software and hardware on the TEE side of the electronic device 10.
  • frame-level protection information may include tag information, frame buffer information of video frames, resolution information of video frames, HDCP protection policy (HDCP policy) information, watermark control information (watermark control), extended output policy (output control extend) information, and initial checksum (checksum).
  • HDCP policy HDCP protection policy
  • watermark control watermark control
  • extended output policy output control extend
  • initial checksum checksum
  • the memory block information of the video frame may specifically include, for example, the storage address of the video frame, the length information of the storage address, and the path identifier.
  • the resolution information of the video frame may specifically include the current resolution and the minimum resolution, for example.
  • the HDCP protection strategy may specifically include, for example, a protection strategy of No HDCP (NoHDCP), a protection strategy of HDCP1.4, and a protection strategy of HDCP2.2.
  • the watermark control information may specifically include watermark parameter information and memory block information of the watermark parameter, for example.
  • the frame-level protection information shown in FIG. 3 includes various types of information, specific information contained in various types of information, and information descriptions of each specific piece of information. See Table 1 for details.
  • the type of frame-level protection information is used to indicate whether the frame-level protection information is bound to a video frame.
  • the type of frame-level protection information in Table 1 is frame, it means that the frame-level protection information is bound to the video frame, and the frame-level protection information contains the memory block information and resolution information of the bound video frame .
  • the type of frame-level protection information in Table 1 is global, it means that the frame-level protection information is not bound to the video frame.
  • the memory block information and resolution information of the video frame in the frame-level protection information can be empty.
  • the type of frame-level protection information is global, the frame-level protection information can be applied to all video frames that have lost frame-level protection information. In order to facilitate the distinction, this application refers to this type of protection information as "global protection information". ".
  • the output resolution in the global protection information can be included in the extended output strategy information.
  • the TEE system architecture is configured with a data memory block and a protection information memory block when the media channel is created.
  • the memory block information of the video frame in Table 1 is used to establish the correspondence between the frame-level protection information and the video frame bound to the frame-level protection information.
  • the resolution information of the video frame in Table 1 can be updated with the update of the video frame. For details, refer to the description of the following embodiments, which will not be described in detail here.
  • the watermark control information in Table 1 is used to maintain information such as the watermark type and the storage address of the watermark when a watermark needs to be added to the bound video frame.
  • the storage address of the watermark is used to indicate the memory block where the watermark information is stored.
  • the watermark information includes, for example, the content of the watermark information, the position added to the video frame, the relative size of the video frame, and so on.
  • the content of the watermark information is, for example, the address of the video source, and the position added to the video frame is, for example, from the lower left direction to the upper right direction of the video frame.
  • the relative size of the video frame includes, for example, the watermark length is 80% of the longitudinal length of the video frame. , The width is 10% of the vertical length of the video frame.
  • the checksum in Table 1 is used to verify whether the frame-level protection information has been tampered with. For details, refer to the description of the following embodiments, which will not be described in detail here.
  • the corresponding relationship between the tag, the storage address of the video frame and the length of the storage address, the path identifier and the checksum in Table 1 can be the session management module added to the protection information memory when the protection information memory block is configured.
  • the tag, the storage address of the video frame, the length of the storage address, and the corresponding relationship and checksum are the initial information of the frame-level protection information.
  • Table 1 is only a schematic description, and does not limit the frame-level protection information involved in this application.
  • the frame-level protection information may also contain more or less information.
  • the method 100 includes the following steps:
  • Step S101 In a stage where the first decoded video frame is obtained by decoding the video bitstream, the frame-level protection information of the first decoded video frame is generated according to the output control strategy and the resolution of the first decoded video frame.
  • the output control strategy is a protection strategy that matches the protection requirements of the video stream.
  • the electronic device can learn the resolution of the first decoded video frame before decoding the video code stream. For example, the electronic device may learn the resolution of the first decoded video frame according to the video code stream.
  • the TEE software application layer of the electronic device decrypts the encrypted video code stream to obtain the video code stream and the protection requirements corresponding to the video code stream.
  • the protection requirements are, for example, 1080 progressive scan ( 1080progressive scan, 1080p), output the video corresponding to the video stream.
  • the TEE software application layer can configure the output control strategy according to the protection requirements.
  • the output control strategy includes the video width and height allowed when the NoHDCP protection level is adopted, the video width and height allowed when the HDCP1.4 protection level is adopted, and the video width and height allowed when the HDCP2.2 protection level is adopted.
  • the electronic device decodes the video code stream to obtain the first decoded video frame, and further, the electronic device writes the resolution of the first decoded video frame into the protection information memory block corresponding to the first decoded video frame to obtain the first decoded video Frame-level protection information of the frame.
  • the frame-level protection information of the first decoded video frame includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path. It should be understood that the minimum resolution is usually set in the initial information of the frame-level protection information.
  • the resolution of the first decoded video frame is the resolution of the currently decoded video frame. If the resolution of the current decoded video frame is less than the initially set minimum resolution , The minimum resolution in the frame-level protection information is modified to the resolution of the currently decoded video frame (that is, the resolution of the first decoded video frame).
  • Step S102 Determine whether to output the first display video frame according to the frame-level protection information.
  • the first display video frame is obtained according to the first decoded video frame.
  • the first decoded video frame obtained by decoding may be directly used as an output.
  • the first displayed video frame is the first decoded video frame.
  • the electronic device may process the first decoded video frame to obtain the output first display video frame.
  • the electronic device may amplify the first decoded video frame to obtain the first display video frame. In other embodiments, the electronic device may reduce the first decoded video frame to obtain the first display video frame.
  • the electronic device may update the frame-level protection information according to the resolution of the first display video frame.
  • the resolution of the first display video frame is less than the minimum resolution in the frame-level protection information
  • the minimum resolution in the frame-level protection information is modified to the resolution of the first display video frame to obtain the first display Frame-level protection information for video frames.
  • the electronic device may obtain the output protection state allowed by the output port, and then determine the target output control strategy that matches the output protection state from the frame-level protection information of the first displayed video frame. After that, the electronic device can determine whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy. When the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the electronic device outputs The first video frame is displayed. When the minimum resolution in the frame-level protection information is greater than the resolution allowed by the target output control strategy, the electronic device outputs mute.
  • the output protection state of the output port is, for example, the HDCP protection state.
  • the electronic device when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the electronic device can output the first display video frame according to the resolution allowed by the target output control strategy. It can be seen that every time the electronic device outputs a video frame, the video frame can be output protected according to the frame-level protection information corresponding to the video frame, so that the security is higher.
  • the minimum resolution in the frame-level protection information is greater than the resolution allowed by the target output control strategy, it means that the resolution of the first display video frame does not meet the output control strategy, and the electronic device outputs mute. That is, when the resolution of the video frame exceeds the resolution allowed by the output control strategy, the output of the video frame will be prohibited.
  • the protection information in the embodiments of this application is at the frame level, and each video frame has its own corresponding frame-level protection information.
  • Each output frame of video frame can be performed on the video frame according to the frame-level protection information corresponding to the video frame. Output protection, higher safety and flexibility.
  • the electronic device may determine whether to output the first display video frame according to the resolution in the global protection information.
  • the resolution in the global protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
  • the global protection information may be generated according to at least one code stream while the electronic device generates frame-level protection information, and the at least one code stream may include the video code stream.
  • the global protection information is described in the embodiment shown in FIG. 3, and will not be described in detail here.
  • the display position and size of the first display video frame are controlled by the user through the REE side. Based on this, in some other embodiments, if the first display video frame needs video watermark protection, before outputting the first display video frame, the electronic device may also obtain the position and size of the first display video frame from the REE driver. Then, the electronic device can determine the memory block storing the watermark information according to the storage address information of the watermark in the frame-level protection information, and then read the watermark information from the corresponding memory block. After that, the electronic device can determine the position and size of the watermark information to be added according to the position and size of the first display video frame, the relative position of the watermark information and the first display video frame, and the relative size of the watermark information and the first display video frame. .
  • the electronic device can determine the position and size of the watermark to be added according to the position and size of the video frame during display, so as to ensure that the watermark is accurately added and displayed with the change of the video frame.
  • the electronic device directly corresponds the video frame to the watermark information of the video frame through the frame-level protection information, which can avoid the problem of failure to add watermark due to the display level of the video frame in a scene where multiple videos are displayed at the same time.
  • the electronic device after the electronic device decodes the video code stream to obtain the video frame, it generates frame-level protection information corresponding to the video frame. After that, the electronic device updates the frame-level protection information of the video frame according to the change in the resolution of the video frame. Therefore, before outputting the to-be-displayed video frame, the electronic device can perform output protection on the to-be-displayed video frame according to the frame-level protection information corresponding to the to-be-displayed video frame. In this way, protection is performed at the level of the video frame.
  • the electronic device can update the output protection information corresponding to the video frame in time, so that the electronic device can provide more accurate output protection, and avoid the video frame and the output protection strategy from being out of synchronization.
  • the protection failure problem improve the performance of the protection.
  • the method 100 is exemplarily introduced below.
  • the TEE software application layer in FIG. 2 may request the TEE software operating system layer and the session management module to create a media path through the TEE software interface adaptation layer.
  • the created media path can be used to output protected video content.
  • the media path includes, for example, VDEC, VDP, and output port, etc., and also includes at least one data memory block and at least one protection information memory block. At least one data memory block is used to store video-related data transmitted by the media path, at least A protection information memory block is used to store the frame-level protection information corresponding to the video frame transmitted by the media channel.
  • the session management module sets a path identifier A for the media path, and the path identifier A is used to indicate the media path.
  • the session management module may also maintain the correspondence between at least one data memory block and the path identifier A.
  • the session management module may configure the initial information of the frame-level protection information in the at least one protection information memory block.
  • the initial information includes, for example, the type of the frame-level protection information is frame, the path identifier A, and the correspondence between the address and length of the data memory block of the video frame bound to the frame-level protection information.
  • the TA running on the application layer of the TEE software with CAS/DRM can receive the encrypted video stream, and then decrypt the encrypted video stream to obtain the video stream. Then, the TA can configure the output control strategy according to the protection requirements corresponding to the video code stream. After that, the TA can write the video code stream into the data memory block 01.
  • the TA can configure the output control strategy to VDEC. In other embodiments, the TA may configure the output control policy in a stream output control policy buffer. Among them, VDEC has read operation authority for the code stream output control strategy memory block.
  • VDEC can respond to the instruction of the TEE software driver layer to read the video code stream from the data memory block 01, and then decode the video code stream to obtain the first decoded video frame. After that, VDEC can write the first decoded video frame into the data memory block 02. VDEC can also read the output control strategy from the code stream output control strategy memory block, and then write the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01 to obtain the frame level of the first decoded video frame Protect information.
  • the frame-level protection information in the protection information memory block 01 includes the resolution and the minimum resolution of the first decoded video frame. VDEC knows the resolution of the first decoded video frame before performing the decoding operation.
  • the VDEC before the VDEC writes the first decoded video frame into the data memory block 02, it can detect whether the video code stream and the first decoded video frame correspond to the same media channel. After determining that the video code stream and the first decoded video frame correspond to the same media path, the first decoded video frame is written into the data memory block 02. This can avoid the problem of accessing data of other media channels when VDEC outputs the first decoded video frame, thereby improving the security of video frame transmission.
  • the VDEC may obtain the first path identifier corresponding to the data memory block 01 and the second path identifier in the frame-level protection information of the first decoded video frame.
  • the first path identifier and the second path identifier are the same, it can be determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path.
  • the data memory block 01 corresponds to the path identifier A
  • the path identifier in the frame-level protection information of the first decoded video frame is pre-configured by the session management module, that is, the second path identifier is the path identifier A.
  • the first path identifier should be the same as the second path identifier.
  • VDEC can detect whether the initial information in the protection information memory block 01 is valid before writing the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01. After determining that the initial information in the protection information memory block 01 is valid, VDEC writes the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01. For an embodiment of VDEC detecting whether the initial information is valid, see the following description, which will not be described in detail here.
  • the first decoded video frame is the first display video frame.
  • the VDP can respond to instructions from the TEE software driver layer to read frame-level protection information from the protection information memory block 01, and obtain the HDCP protection status from the output port. Then, VDP can determine the target output control strategy that matches the HDCP protection status from the frame-level protection information. In this embodiment, the target output control strategy is, for example, an HDCP1.4 output control strategy. Then, VDP judges whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the HDCP1.4 output control strategy. When the minimum resolution in the frame-level protection information is less than the resolution allowed by the HDCP1.4 output control strategy, the first display video frame is output through the output port.
  • the VDP before reading the frame-level protection information from the protection information memory block 01, the VDP needs to check whether the frame-level protection information in the protection information memory block 01 is valid, and then determine the frame-level protection information in the protection information memory block 01. After the protection information is valid, read the frame-level protection information from the protection information memory block 01.
  • the process by which the VDP detects whether the frame-level protection information in the protection information memory block 01 is valid is described in the following, and will not be described in detail here.
  • the media path may also include VPSS (not shown in FIG. 5).
  • VDEC writes the first decoded video frame into the data memory block 02, and writes the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01
  • the VPSS can respond to the instruction of the TEE software driver layer, from the data
  • the memory block 02 reads the first decoded video frame and processes the first decoded video frame.
  • the processing may be reduction processing or enlargement processing, for example, shrinking the first decoded video frame to obtain the first display video frame and the first display video frame Resolution.
  • the VPSS can write the first display video frame into the data memory block 03 (not shown in FIG.
  • the VDP reads the frame-level protection information of the first display video frame from the protection information memory block 02 to determine whether to output the first display video frame. No more details here.
  • the VPSS before the VPSS writes the first display video frame into the data memory block 03, it can detect whether the first decoded video frame and the first display video frame correspond to the same media channel. After determining that the first decoded video frame and the first display video frame correspond to the same media channel, the first display video frame is written into the data memory block 03. This can avoid the problem of accessing data of other media channels when the VPSS outputs the first display video frame, thereby improving the security of video frame transmission.
  • the VPSS may obtain the third path identifier in the level protection information in the protection information memory block 01 and the fourth path identifier in the level protection information in the protection information memory block 02.
  • the third channel identifier and the fourth channel identifier are the same, it is determined that the first decoded video frame and the first displayed video frame correspond to the same media channel.
  • the third path identifier is pre-configured by the session management module, that is, the third path identifier should be the path identifier A.
  • the fourth path identifier is pre-configured by the session management module, that is, the fourth path identifier should also be the path identifier A, so the third path identifier should be the same as the fourth path identifier.
  • the VPSS before the VPSS reads the frame-level protection information from the protection information memory block 01, it needs to check whether the frame-level protection information in the protection information memory block 01 is valid. After determining that the frame-level protection information in the protection information memory block 01 is valid, the VPSS reads the frame-level protection information from the protection information memory block 01. In addition, before updating the frame-level protection information in the protection information memory block 02, the VPSS needs to check whether the frame-level protection information in the protection information memory block 02 is valid. After determining that the frame-level protection information in the protection information memory block 02 is valid, the VPSS updates the frame-level protection information in the protection information memory block 02.
  • VDEC, VPSS, and VDP detect whether the frame-level protection information is valid. In essence, they all detect at least one piece of initial protection information in the frame-level protection information, and determine whether at least one of the detected frame-level protection information is valid. Under the condition that the initial protection information is valid, it is determined that the corresponding frame-level protection information is valid. In actual operation, for example, at least one item of information in the tag, the storage address of the video frame, and the length of the storage address in the frame-level protection information is detected, and at least one item of information in the checksum. In the following, combining the above three exemplary information, taking VDP as an example, the operation of detecting validity will be exemplarily introduced.
  • VDP can detect whether the tag of the frame-level protection information of the first displayed video frame matches the pre-configured tag. If the tag of the frame-level protection information of the first display video frame matches the pre-configured tag, the VDP can read the frame-level protection information according to the processing logic indicated by the instruction, and perform operations such as display processing.
  • the tag is used to indicate whether the frame-level protection information is bound to the video frame. If the frame-level protection information is bound to a video frame, then the VDP should perform an operation on the first display video frame according to the resolution of the video frame in the frame-level protection information. If the frame-level protection information is not bound to the video frame, then the frame-level protection information is global protection information, and the VDP should perform operations on the first display video frame according to the resolution in the extended output strategy. It can be seen that when corresponding to different types of frame-level protection information, the information read by the VDP and the operation logic are different.
  • VDP can process the first display video frame according to the frame-level protection information according to the matching processing logic.
  • VDP can detect whether the correspondence between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct. If the corresponding relationship between the storage address of the first display video frame and the length of the storage address is correct, it indicates that the frame-level protection information is the frame-level protection information corresponding to the first display video frame. If the corresponding relationship between the storage address of the first display video frame and the length of the storage address is incorrect, it indicates that the frame-level protection information is not the frame-level protection information corresponding to the first display video frame.
  • VDP can ensure whether the frame-level protection information is associated with the video frame, thereby ensuring that the protection information of the corresponding video frame is read from the frame-level protection information, and further, realizing accurate output protection for the video frame.
  • VDP can determine whether the check value of the frame-level protection information is the same as the initial check value. If the check value of the frame-level protection information is the same as the initial check value, it indicates that the frame-level protection information has not been tampered with. If the check value of the frame-level protection information is different from the initial check value, it indicates that the frame-level protection information has been tampered with.
  • the VDP may perform an exclusive OR operation on all information in the frame-level protection information to obtain the first result. Then, the VDP can XOR the first result with the secure random number to obtain the check value. After that, VDP compares whether the check value is the same as the initial check value.
  • both the REE driver and the TEE driver have a driving effect on the hardware module.
  • the REE driver can control the tampering and forgery of the frame-level protection information by hardware modules that have access rights to the secure memory block. Based on this, this application sets up a checksum detection mechanism.
  • the secure random number is a random number of the mask register of the electronic device.
  • the mask register is, for example, a 32-bit register.
  • the TEE side can read a 32-bit random number from the hardware random number module, write it into the mask register and latch it.
  • the REE side has no access rights to the mask register. Based on this, the 32-bit random number in the mask register is relatively safe and can be called a "secure random number”.
  • VDP detects checksum it can calculate the check value of the current frame-level protection information according to the same algorithm. Since the secure random number cannot be tampered with, if the calculated check value is the same as the checksum, it indicates that the frame-level protection information has not been tampered with. If the calculated checksum is different from the checksum, it means that the frame-level protection information has been tampered by the REE side, and the VDP can output mute.
  • VDP can perform output protection on the first display video frame according to the frame-level protection information while ensuring that the frame-level protection information is not damaged, forged or tampered, thereby realizing the realization of the first display video frame. Correct output protection, optimize the performance of output protection.
  • the above algorithm for calculating the check value is only a schematic description, and does not constitute a specific limitation on the determination of the check value.
  • the electronic device session management module and each hardware module may use other mechanisms and other algorithms to determine the check value of the frame-level protection information.
  • the VDP can only determine whether the frame-level protection information is valid through the above checksum. For example, when the checksum is the same as the check value, VDP determines that the frame-level protection information is valid. In other embodiments, the VDP can determine whether the frame-level protection information is valid through any two of the above three pieces of information. When the detected two pieces of information meet the conditions, VDP determines that the frame-level protection information is valid. In some other embodiments, for example, when the detection results of the above three items of information all meet the conditions, the VDP determines that the frame-level protection information is valid. In addition, the detection result of any of the above three pieces of information has no influence on the detection of other information. Correspondingly, the detection sequence of the above three items of information can be arbitrary, which is not limited in this application.
  • the detection of the validity of the frame-level protection information by VDEC and the detection of the validity of the frame-level protection information by VPSS are similar to the detection process of the above-mentioned VDP, except that the storage address of the video frame and the storage address are detected.
  • the involved video frame and the storage address of the video frame may be different from the VDP.
  • VDEC should detect whether the corresponding relationship between the storage address of the first decoded video frame and the length of the storage address is correct. No more details here.
  • FIG. 6A provides a structural diagram of an electronic device 20, and the electronic device 20 supports TEE.
  • the TEE side of the electronic device 20 includes a software part and a hardware part.
  • the software part includes TEE application, session management module (session manager) and TEE driver module.
  • TEE applications include TA.
  • the software part is a functional module implemented by software instructions or software codes, and these software instructions or software codes run on the processor to implement corresponding functions.
  • the hardware part includes VDEC, VPSS, VDP and HDMI.
  • the hardware part also includes TEE storage module.
  • the TEE application runs on the TEE software application layer in the electronic device 10.
  • the session management module and the TEE driver module run on the TEE software driver layer of the electronic device 10, for example.
  • FIG. 6A is only an exemplary description of the electronic device of the present application, and does not constitute any limitation to the electronic device involved in the present application.
  • the electronic device involved in this application may include more or fewer hardware modules. Accordingly, the electronic device involved in this application may include hardware modules with other functions.
  • the functional software of the electronic device can also adopt other forms of expression. No more details here.
  • FIG. 6A is only a schematic description, and does not constitute a specific limitation on the electronic device 20.
  • the electronic device 20 may include more or fewer components than shown, or combine certain components, or split certain components, or arrange different components.
  • the illustrated components can be implemented in hardware, software, or a combination of software and hardware.
  • the TEE application can send a request to create a target media path to the session management module.
  • the target media channel is used to transmit a video code stream, for example.
  • the session management module can create the target media channel according to the purpose of the target media channel, and configure the channel identifier Z for the target media channel.
  • the target media path includes VDEC, VPSS, VDP, and HDMI, as well as secure memory block A, secure memory block B1, secure memory block B2, secure memory block C1, and secure memory block C2.
  • secure memory block A, the secure memory block B1, and the secure memory block C1 are used to store video-related data.
  • the secure memory block B2 and the secure memory block C2 are used to store frame-level protection information.
  • the frame-level protection information in the secure memory block B2 corresponds to the video frame data in the secure memory block B1.
  • the frame-level protection information in the secure memory block C2 corresponds to the video frame data in the secure memory block C1.
  • the session management module can maintain the correspondence between the secure memory block A, the secure memory block B1, and the secure memory block C1 and the path identifier Z.
  • the session management module can also configure the initial information of the frame-level protection information in the secure memory block B2 and the initial information of the frame-level protection information in the secure memory block C2.
  • the initial information of the frame-level protection information in the secure memory block B2 includes the tag is frame, the virtual address of the secure memory block B1 and the corresponding relationship between the length of the virtual address, and the initial verification of the frame-level protection information in the secure memory block B2 value.
  • the initial information of the frame-level protection information in the secure memory block C2 includes the tag is frame, the virtual address of the secure memory block C1 and the corresponding relationship of the virtual address length, and the initial check value of the frame-level protection information in the secure memory block C2.
  • the secure memory block B2 is used to store the frame-level protection information 01
  • the secure memory block C2 is used to store the frame-level protection information 02.
  • FIG. 6B illustrates an exemplary transmission process of frame-level protection information.
  • the control flow on the TEE side is shown by the dotted arrow on the TEE side in Figure 6B
  • the data transmission flow on the TEE side is shown by the solid arrow on the TEE side in Figure 6B
  • the control flow on the REE side is shown by the solid line on the REE side in Figure 6B.
  • the arrow shows.
  • the REE application After the target media channel is created, the REE application obtains the video code stream source, and after determining that the video code stream source is a protected video code stream source, the REE application transmits the protected video code stream source to the TA.
  • the video stream source is the encrypted video stream.
  • TA decrypts the source of the video code stream, and obtains the video code stream and the corresponding protection requirements of the video code stream. After that, the TA configures the output control strategy corresponding to the video code stream according to the protection requirements.
  • the output control strategy is as described in the foregoing embodiment, and will not be described in detail here.
  • the display control driver on the TEE side configures the output control strategy configured by the TA to the VDEC, and the TA writes the video code stream into the secure memory block A.
  • the display control drive is a kind of TEE drive module.
  • VDEC responds to the instruction of the TEE driver module and reads the video stream from the secure memory block A. Then, VDEC decodes the video code stream to obtain decoded video frames. In addition, VDEC can obtain the resolution of the decoded video frame before decoding, and the resolution of the decoded video frame is, for example, resolution 01.
  • VDEC obtains the path identifier corresponding to the secure memory block A, and obtains the path identifier Z.
  • VDEC also obtains the path identifier in the initial information in the secure memory block B2, and also obtains the path identifier Z.
  • the VDEC writes the decoded video frame into the secure memory block B1.
  • the process of VDEC from reading the video code stream to writing the decoded video frame into the secure memory block B1 is not shown in FIG. 6B.
  • VDEC detects whether the initial information in the secure memory block B2 is valid.
  • VDEC detects whether the tag of the initial information in the secure memory block B2 is a frame, whether the correspondence between the virtual address of the secure memory block B1 and the length of the virtual address is correct, and the check value of the initial information in the secure memory block B2 Is it the same as the initial check value?
  • VDEC writes the resolution 01 to the "current" in the secure memory block B2.
  • the information bits corresponding to the “resolution” and the “minimum resolution” obtain the frame-level protection information 01 of the decoded video frame.
  • the user can input instructions for processing and decoding video frames through the REE application layer.
  • the REE application layer can call the VPSS driver to send specific processing instructions to the VPSS.
  • the VPSS reads the decoded video frame from the secure memory block B1, and then performs a shrinking operation on the decoded video frame to obtain a display video frame (not shown in FIG. 6B).
  • the VPSS also needs to detect whether the frame-level protection information 01 in the secure memory block B2 is valid. If the frame-level protection information 01 in the secure memory block B2 is valid, VPSS can obtain the resolution 01 from the frame-level protection information 01 in the secure memory block B2, and then, according to the resolution 01 and the display video frame is reduced relative to the decoded video frame The multiple of to determine the resolution of the displayed video frame 02. In this embodiment, the resolution 02 is smaller than the resolution 01, for example.
  • the operation process of VPSS detecting whether the frame-level protection information 01 in the secure memory block B2 is valid is similar to the operation process of VDEC detecting whether the initial information in the secure memory block B2 is valid, and will not be repeated here.
  • the VPSS can obtain the path identifier of the frame-level protection information 01 in the secure memory block B2 to obtain the path identifier Z.
  • the VPSS can also obtain the path identifier of the initial information in the secure memory block C2 to obtain the path identifier Z.
  • the channel identification of the frame-level protection information 01 in the secure memory block B2 and the initial information in the secure memory block C2 it is determined that both the decoded video frame and the displayed video frame correspond to the target media channel, and VPSS writes the displayed video frame into the secure memory Block C1.
  • VPSS detects whether the initial information in the secure memory block C2 is valid.
  • VPSS can detect whether the tag of the initial information in the secure memory block C2 is frame, whether the correspondence between the virtual address of the secure memory block C1 and the length of the virtual address is correct, and the frame-level protection information in the secure memory block C2 02 Whether the check value of is the same as the initial check value.
  • VPSS After determining that the initial information in the secure memory block C2 is valid, VPSS writes the resolution 02 into the information bit corresponding to the "current resolution" in the secure memory block C2. Since the resolution 02 is smaller than the resolution 01, the VPSS also needs to update the information bit corresponding to the "minimum resolution” in the secure memory block C2 to the resolution 02 to obtain the frame-level protection information 02 of the displayed video frame.
  • VDP reads the display video frame from the secure memory block C1.
  • the VDP also needs to check whether the frame-level protection information 02 in the secure memory block C2 is valid. If the frame-level protection information 02 in the secure memory block C2 is valid, VDP reads the frame-level protection information 02 from the secure memory block C2.
  • the HDCP monitor module (HDCP monitor) in the VDP may read the frame-level protection information 02.
  • the VDP also obtains the HDCP protection status supported by HDMI from HDMI.
  • the HDCP protection status includes the HDCP protection level allowed by HDMI.
  • the operation process of VDP detecting whether the frame-level protection information 02 in the secure memory block C2 is valid is similar to the operation process of VPSS detecting whether the initial information in the secure memory block C2 is valid, and will not be repeated here.
  • VDP determines a target output protection strategy that matches the HDCP protection status from the frame-level protection information 02.
  • the target output protection strategy is, for example, HDCP1.4. Then, VDP detects whether the resolution 02 in the frame-level protection information 02 is less than the resolution allowed by HDCP1.4. If the resolution 02 is less than the resolution allowed by HDCP1.4, VDP can output and display video frames through HDMI according to the resolution allowed by HDCP1.4. If the resolution 02 is greater than the resolution allowed by HDCP1.4, VDP outputs mute through HDMI.
  • the frame-level protection information 02 also includes watermark control information
  • VDP determines that the display video frame can be output
  • it can also obtain the position and position of the display video frame from the video output driver on the REE side. Then, read the watermark information from the watermark storage address in the frame-level protection information 02, and then add the watermark information to the display video frame according to the position and size of the display video frame.
  • the video output driver on the REE side is one of the software driver modules on the REE side.
  • the target media path may also include more or fewer hardware modules and memory blocks.
  • the operation process of each hardware module can also be different from the above description.
  • the protection information in each memory block can also be different from the above description. No more details here.
  • the electronic device after the electronic device decodes the video code stream to obtain the video frame, it generates frame-level protection information corresponding to the video frame. After that, the electronic device updates the frame-level protection information of the video frame according to the change in the resolution of the video frame. Therefore, before outputting the to-be-displayed video frame, the electronic device can perform output protection on the to-be-displayed video frame according to the frame-level protection information corresponding to the to-be-displayed video frame. In this way, protection is performed at the level of the video frame.
  • the electronic device can update the output protection information corresponding to the video frame in time, so that the electronic device can provide more accurate output protection, and avoid the video frame and the output protection strategy from being out of synchronization.
  • the protection failure problem improve the performance of the protection.
  • the solutions of the safe output method provided in the present application are introduced from the perspective of the physical structure of the electronic device hardware, the software architecture, and the actions performed by each software and hardware.
  • Those skilled in the art should easily realize that in combination with the establishment of the correspondence relationship described in the embodiments disclosed herein and the execution of the output processing steps according to the correspondence relationship, this application can not only be implemented in the form of hardware or a combination of hardware and computer software . Whether certain functions are executed by hardware or computer software-driven hardware depends on the specific application and design constraints of the technical solution. Professionals and technicians can use different methods to implement the described functions for each of the above specific applications, but such implementation should not be considered as going beyond the scope of the embodiments of the present application.
  • the above-mentioned electronic device 10 and the electronic device 20 may implement the above-mentioned part of the functions in the form of functional modules.
  • the safety output device 70 may include a decoding module 701 and a display control module 702.
  • the safety output device 70 can be used to implement some or all of the embodiments of the safety output method in any of the embodiments shown in FIG. 4.
  • the decoding module 701 is configured to generate frame-level protection information of the first decoded video frame according to the output control strategy and the resolution of the first decoded video frame, and the first decoded video frame is the video code of the decoding module.
  • the stream is decoded.
  • the display control module 702 is configured to determine whether to output a first display video frame according to the frame-level protection information, and the first display video frame is obtained according to the first decoded video frame.
  • the video frame can be output protected according to the frame-level protection information corresponding to the video frame, thereby achieving higher security.
  • the safety output device 70 may also include a processing module, an update module, a TA, a detection module, a watermark adding module, an acquisition module, and a session management module.
  • a processing module an update module, a TA, a detection module, a watermark adding module, an acquisition module, and a session management module.
  • the above-mentioned modules are used to implement different functions.
  • the processing module may be used to process the first decoded video frame to obtain the first display video frame.
  • the update module is configured to update the frame-level protection information according to the resolution of the first display video frame.
  • the processing module is specifically configured to enlarge the first decoded video frame to obtain the first display video frame; or, specifically, to reduce the first decoded video frame to obtain the first display video frame.
  • the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video code stream in the entire media path.
  • the update module is specifically configured to modify the minimum resolution in the frame-level protection information to the first display when the resolution of the first display video frame is less than the minimum resolution. The resolution of the video frame.
  • the display control module 702 is specifically configured to obtain the output protection status allowed by the output port, determine a target output control strategy that matches the output protection status; determine whether the minimum resolution in the frame-level protection information is less than The resolution allowed by the target output control strategy; and when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, output the first display video frame.
  • TA may be used to configure the output control strategy for the video code stream.
  • the decoding module 701 is further configured to determine whether the video bitstream and the first decoded video frame correspond to the same media path.
  • the decoding module 701 is specifically configured to obtain the first path identifier corresponding to the video code stream and the second path identifier in the frame-level protection information of the first decoded video frame.
  • the second channel identifiers are the same, it is determined that the video code stream and the frame-level protection information of the first decoded video frame correspond to the same media channel.
  • the processing module is also used to determine whether the first decoded video frame and the first display video frame correspond to the same media channel.
  • the processing module is used to obtain the third path identifier in the frame-level protection information of the first decoded video frame, and the fourth path identifier in the updated frame-level protection information, in the third path identifier and When the fourth channel identifiers are the same, it is determined that the first decoded video frame and the first display video frame correspond to the same media channel.
  • the detection module is used to detect whether the frame-level protection information is valid.
  • the detection module is specifically configured to perform at least one of the following detections: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate whether the frame-level protection information is bound to a video frame, and determining Whether the check value of the frame-level protection information is the same as the initial check value, and whether the correspondence between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct.
  • the detection module is specifically configured to perform an exclusive OR operation on all information in the frame-level protection information to obtain a first result, and perform an exclusive OR operation on the first result and a secure random number to obtain the frame The check value of the level protection information, and compare whether the check value of the frame level protection information is the same as the initial check value.
  • the watermark adding module is configured to add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
  • the display control module 702 is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost.
  • the resolution in the protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
  • the acquisition module is configured to acquire a request for creating a media path, and the media path is used to transmit the video code stream.
  • the session management module may be used to generate the path identifier of the media path.
  • the configuration module is also used to configure the type of protection information in the frame-level protection information, the correspondence between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value .
  • the decoding module 701 illustrated in FIG. 7A can implement the functions of the VDEC in FIG. 2, FIG. 5, and FIG. 6A.
  • the display control module 702 illustrated in FIG. 7A can implement the functions of the VDP in FIG. 2, FIG. 5, and FIG. 6A.
  • the display processing module illustrated in FIG. 7A can implement the functions of the VPSS in FIG. 2, FIG. 5, and FIG. 6A.
  • the other functional modules shown in FIG. 7A can realize the functions of the software layer in FIG. 2 and FIG. 6A.
  • the acquisition module can implement the functions of the operating system layer of the TEE software.
  • the electronic device 10 or the electronic device 20 in the foregoing embodiment which is not described in detail here.
  • the safety output device 71 includes a processor 711, a transmission interface 712, and a memory 713.
  • the transmission interface 712 may include an input interface and an output interface, or that the transmission interface 712 has functions of an input interface and an output interface at the same time, which is not limited in the embodiment of the present application.
  • the memory 713 may be used to store programs/codes pre-installed in the safety output device 71, and may also store codes used for execution by the processor 711, and the like.
  • the transmission interface 712 may perform operations of determining the HDCP state in the method 100 and outputting the first display video frame.
  • the processor 711 may perform operations in the method 100 except for determining the HDCP state and outputting the first display video frame.
  • the application also provides a computer storage medium corresponding to the electronic device.
  • the computer storage medium set in any device can store a program. When the program is executed, it can implement each of the safe output methods provided by the method 100. Part or all of the steps in the embodiment.
  • the storage medium in any device can be a magnetic disk, an optical disc, a read-only memory (ROM) or a random access memory (RAM), etc.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instruction may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instruction may be passed from a website, a computer, a server, or a message center.
  • Wired such as coaxial cable, optical fiber, digital subscriber line (DSL)
  • wireless such as infrared, wireless, microwave, etc.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a message storage device such as a server or a message center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the size of the sequence number of each process does not mean the order of execution.
  • the execution order of each process should be determined by its function and internal logic, rather than the implementation process of the embodiment. Constitute any limitation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The present application relates to the field of multimedia technologies, and discloses a secure output method and an electronic device. The secure output method comprises: in a stage in which an electronic device decodes a video code stream to obtain a first decoded video frame, the electronic device generating frame-level protection information of the first decoded video frame according to an output control policy and the resolution of the first decoded video frame; and then, the electronic device determining, according to the frame-level protection information, whether to output a first display video frame, the first display video frame being obtained according to the first decoded video frame. Hence, every time the electronic device outputs a video frame, the electronic device can perform output protection on the video frame according to frame-level protection information corresponding to the video frame, thereby providing more precise output protection and improving the protection performance.

Description

安全输出方法及电子设备Safe output method and electronic equipment 技术领域Technical field
本申请涉及多媒体技术领域,尤其涉及一种安全输出方法及电子设备。This application relates to the field of multimedia technology, and in particular to a safe output method and electronic equipment.
背景技术Background technique
为了保护有保护需求的媒体内容,电子设备从对码流进行解码,至将解码后得到的视频流传输到输出端口的过程中,可以根据媒体内容使用规则(content usage rules,CUR)处理传输过程中的媒体内容。CUR可以包括高清数字内容保护(high bandwidth digital content protection,HDCP)策略、视频水印保护策略等保护策略。In order to protect the media content with protection requirements, the electronic device can process the transmission process according to the content usage rules (CUR) from decoding the code stream to transmitting the decoded video stream to the output port. Media content in. CUR can include protection strategies such as high-bandwidth digital content protection (HDCP) strategies, video watermark protection strategies, and so on.
然而,现有的安全输出机制从码流层面对媒体内容进行保护,可能会导致视频错误显示等问题,对媒体内容的保护性能较差。However, the existing safe output mechanism protects the media content from the code stream level, which may cause problems such as video error display, and the protection performance of the media content is poor.
发明内容Summary of the invention
本申请提供了一种安全输出方法及电子设备,以解决现有媒体内容保护机制的保护性能差的问题。This application provides a safe output method and electronic equipment to solve the problem of poor protection performance of existing media content protection mechanisms.
第一方面,本申请提供了一种安全输出方法,该方法包括:在对视频码流进行解码得到第一解码视频帧的阶段,根据输出控制策略和该第一解码视频帧的分辨率,生成该第一解码视频帧的帧级保护信息;根据该帧级保护信息确定是否输出第一显示视频帧,该第一显示视频帧是根据该第一解码视频帧得到的。In the first aspect, the present application provides a safe output method. The method includes: in the stage of decoding a video code stream to obtain a first decoded video frame, generating according to the output control strategy and the resolution of the first decoded video frame Frame-level protection information of the first decoded video frame; determining whether to output the first display video frame according to the frame-level protection information, and the first display video frame is obtained according to the first decoded video frame.
其中,本领域涉及的电子设备可以支持可信执行环境(trusted execution environment,TEE)与普通执行环境(rich execution environment,REE)。TEE用于为受保护的应用软件提供受保护的执行环境,REE用于为不受保护的应用软件提供执行环境。TEE下传输的媒体内容例如可以按照媒体内容使用规则(content usage rules,CUR)处理,以实现对媒体内容的保护。CUR可以包括HDCP策略、视频水印保护策略、禁止转码和禁止录制等保护策略。本申请将HDCP策略和视频水印保护策略统称为“输出保护策略”或者“输出控制策略”。Among them, the electronic equipment involved in the field can support a trusted execution environment (TEE) and a common execution environment (rich execution environment, REE). TEE is used to provide a protected execution environment for protected application software, and REE is used to provide an execution environment for unprotected application software. The media content transmitted under the TEE may be processed in accordance with media content usage rules (content usage rules, CUR), for example, to realize the protection of the media content. CUR can include protection strategies such as HDCP strategy, video watermark protection strategy, prohibition of transcoding and prohibition of recording. In this application, the HDCP strategy and the video watermark protection strategy are collectively referred to as "output protection strategy" or "output control strategy".
本申请的技术方案,电子设备对视频码流解码得到第一解码视频帧的阶段,生成第一解码视频帧的帧级保护信息。进一步的,电子设备可以根据帧级保护信息确定是否输出第一显示视频帧。可见,本申请实施例中的保护信息是帧级的,每一个视频帧都有自己对应的帧级保护信息,每输出一帧视频帧都可以根据该视频帧对应的帧级保护信息对视频帧进行输出保护,安全性更高,灵活性也更好。In the technical solution of the present application, the electronic device decodes the video code stream to obtain the first decoded video frame, and generates the frame-level protection information of the first decoded video frame. Further, the electronic device may determine whether to output the first display video frame according to the frame-level protection information. It can be seen that the protection information in the embodiments of this application is frame-level, and each video frame has its own corresponding frame-level protection information, and each video frame output can be based on the frame-level protection information corresponding to the video frame. For output protection, the safety is higher and the flexibility is better.
一种可能的实现方式中,该在对视频码流进行解码得到第一解码视频帧之后,该方法还包括:对该第一解码视频帧进行处理得到该第一显示视频帧;根据该第一显示视频帧的分辨率更新该帧级保护信息。In a possible implementation manner, after the first decoded video frame is obtained by decoding the video bitstream, the method further includes: processing the first decoded video frame to obtain the first display video frame; The resolution of the displayed video frame updates the frame-level protection information.
一些实施例中,电子设备可以对第一解码视频帧进行处理,得到输出的第一显示视频帧。相应的,电子设备对第一解码视频帧处理之后,有可能使得第一解码视频帧的分辨率随之变化,即,第一显示视频帧的分辨率与第一解码视频帧的分辨率可能不 同。基于此,电子设备可以根据第一显示视频帧的分辨率更新帧级保护信息。可见,采用本实现方式,电子设备可以根据视频帧分辨率的变化,更新视频帧的帧级保护信息,使得每一个视频帧均对应该视频帧的保护信息。In some embodiments, the electronic device may process the first decoded video frame to obtain the output first display video frame. Correspondingly, after the electronic device processes the first decoded video frame, the resolution of the first decoded video frame may change accordingly, that is, the resolution of the first displayed video frame may be different from the resolution of the first decoded video frame . Based on this, the electronic device can update the frame-level protection information according to the resolution of the first display video frame. It can be seen that with this implementation, the electronic device can update the frame-level protection information of the video frame according to the change in the resolution of the video frame, so that each video frame corresponds to the protection information of the video frame.
一种可能的实现方式中,该对该第一解码视频帧进行处理得到该第一显示视频帧,包括:放大该第一解码视频帧得到该第一显示视频帧;或者,缩小该第一解码视频帧得到该第一显示视频帧。In a possible implementation manner, the processing the first decoded video frame to obtain the first display video frame includes: enlarging the first decoded video frame to obtain the first display video frame; or reducing the first decoded video frame The video frame obtains the first display video frame.
一种可能的实现方式中,该帧级保护信息包括该第一解码视频帧的分辨率和最小分辨率,该最小分辨率为该视频码流在整个媒体通路中对应的最小分辨率,该根据该第一显示视频帧的分辨率更新该帧级保护信息,包括:当该第一显示视频帧的分辨率小于该最小分辨率时,将该帧级保护信息中的最小分辨率修改为该第一显示视频帧的分辨率。其中,帧级保护信息包括最小分辨率,最小分辨率为视频码流在整个媒体通路中对应的最小分辨率。In a possible implementation manner, the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path. Updating the frame-level protection information with the resolution of the first display video frame includes: when the resolution of the first display video frame is less than the minimum resolution, modifying the minimum resolution in the frame-level protection information to the second One shows the resolution of the video frame. Among them, the frame-level protection information includes the minimum resolution, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
应当理解,最小分辨率通常设置在帧级保护信息的初始信息中。第一解码视频帧的帧级保护信息中,如果第一解码视频帧的分辨率小于初始设置的最小分辨率,则将帧级保护信息中的最小分辨率修改为第一解码视频帧的分辨率。同理,当第一显示视频帧的分辨率小于帧级保护信息中的最小分辨率(即第一解码视频帧的分辨率)时,将帧级保护信息中的最小分辨率修改为第一显示视频帧的分辨率。It should be understood that the minimum resolution is usually set in the initial information of the frame-level protection information. In the frame-level protection information of the first decoded video frame, if the resolution of the first decoded video frame is less than the initially set minimum resolution, modify the minimum resolution in the frame-level protection information to the resolution of the first decoded video frame . Similarly, when the resolution of the first display video frame is less than the minimum resolution in the frame-level protection information (that is, the resolution of the first decoded video frame), the minimum resolution in the frame-level protection information is modified to the first display The resolution of the video frame.
一种可能的实现方式中,该根据该帧级保护信息确定是否输出该第一显示视频帧,包括:获取输出端口允许的输出保护状态;确定与该输出保护状态匹配的目标输出控制策略;判断该帧级保护信息中的最小分辨率是否小于该目标输出控制策略允许的分辨率;当该帧级保护信息中的最小分辨率小于该目标输出控制策略允许的分辨率时,输出该第一显示视频帧。In a possible implementation manner, the determining whether to output the first display video frame according to the frame-level protection information includes: obtaining an output protection state allowed by an output port; determining a target output control strategy that matches the output protection state; determining Whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy; when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the first display is output Video frame.
数字高清多媒体接口(high definition multimedia interface,HDMI)是一种支持HDCP策略的硬件接口。电子设备的HDMI可以根据所连接的显示设备对HDCP的支持情况,确定对输出视频帧的输出保护状态(也称为HDCP保护状态)。例如,电子设备的HDMI支持HDCP2.2和HDCP1.4,而该HDMI所连接的接口仅支持HDCP1.4,那么,HDMI所确定的输出视频帧的HDCP保护状态即为HDCP1.4。Digital high definition multimedia interface (HDMI) is a hardware interface that supports HDCP strategy. The HDMI of the electronic device can determine the output protection status of the output video frame (also referred to as the HDCP protection status) according to the HDCP support status of the connected display device. For example, the HDMI of the electronic device supports HDCP2.2 and HDCP1.4, and the interface connected to the HDMI only supports HDCP1.4, then the HDCP protection state of the output video frame determined by HDMI is HDCP1.4.
电子设备在输出第一显示视频之前,可以获取HDMI的HDCP保护状态,进而,从第一显示视频帧的帧级保护信息中确定与HDCP保护状态匹配的目标输出控制策略。然后,当帧级保护信息中的最小分辨率小于目标输出控制策略允许的分辨率时,电子设备输出第一显示视频帧。可见,电子设备每输出一帧视频帧,都能够根据该视频帧对应的帧级保护信息对视频帧进行输出保护,从而安全性更高。而当视频帧的分辨率超过输出控制策略允许的分辨率时,将会禁止输出该视频帧,可见,本实现方式能够有效的对高清视频帧进行输出保护。本申请实施例中的保护信息是帧级的,每一个视频帧都有自己对应的帧级保护信息,每输出一帧视频帧都可以根据该视频帧对应的帧级保护信息对视频帧进行输出保护,安全性更高,灵活性也更好。Before outputting the first display video, the electronic device may obtain the HDCP protection status of HDMI, and further, determine a target output control strategy matching the HDCP protection status from the frame-level protection information of the first display video frame. Then, when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the electronic device outputs the first display video frame. It can be seen that every time the electronic device outputs a video frame, the video frame can be output protected according to the frame-level protection information corresponding to the video frame, so that the security is higher. When the resolution of the video frame exceeds the resolution allowed by the output control strategy, the output of the video frame will be prohibited. It can be seen that this implementation can effectively protect the output of the high-definition video frame. The protection information in the embodiments of this application is at the frame level. Each video frame has its own corresponding frame-level protection information. Every time a video frame is output, the video frame can be output according to the frame-level protection information corresponding to the video frame. Protection, security, and flexibility are also better.
一种可能的实现方式中,在对视频码流进行解码得到第一解码视频帧之前,还包括:可信应用TA为该视频码流配置该输出控制策略。对视频内容执行输出保护的软件系统包括条件接收系统(condition access system,CAS)或者数字版权管理(digitial rights management,DRM)系统。本申请中,将CAS或者DRM表达为“CAS/DRM”。TEE软件应用层 可以包含CAS/DRM的可信应用(CAS/DRM trusted application,CAS/DRM TA)。TA接收加密的视频码流之后,对加密的视频码流解密,得到视频码流以及视频码流对应的保护要求。之后,TA可以根据保护要求配置输出控制策略。采用本实现方式,能够提供生成帧级保护信息的信息。In a possible implementation manner, before decoding the video code stream to obtain the first decoded video frame, the method further includes: the trusted application TA configures the output control strategy for the video code stream. The software system that performs output protection for video content includes a condition access system (CAS) or a digital rights management (digitial rights management, DRM) system. In this application, CAS or DRM is expressed as "CAS/DRM". The TEE software application layer can include CAS/DRM trusted applications (CAS/DRM trusted application, CAS/DRM TA). After receiving the encrypted video code stream, the TA decrypts the encrypted video code stream to obtain the video code stream and the protection requirements corresponding to the video code stream. After that, the TA can configure the output control strategy according to the protection requirements. With this implementation, it is possible to provide information for generating frame-level protection information.
一种可能的实现方式中,该方法还包括:确定该视频码流和该第一解码视频帧是否对应同一媒体通路;确定该第一解码视频帧与该第一显示视频帧是否对应同一媒体通路。本技术领域中,传输视频内容的路径是媒体通路。媒体通路包括进行视频处理所用到一系列硬件模块和内存等。本申请中,对视频码流进行解码得到第一解码视频帧的是硬件解码模块(video decoder,VDEC)。处理第一解码视频帧得到第一显示视频帧的是视频处理器(video processor,VPSS)。VDEC在输出第一解码视频帧之前,应当确定视频码流和第一解码视频帧是否对应同一媒体通路。这样能够避免VDEC输出第一解码视频帧时,出现访问其他媒体通路的数据的问题,从而提高视频帧传输的安全性。同理,VPSS在输出第一显示视频帧之前,应当确定第一解码视频帧和第一显示视频帧是否对应同一媒体通路。这样能够避免VPSS输出第一显示视频帧时,出现访问其他媒体通路的数据的问题,从而提高视频帧传输的安全性。In a possible implementation manner, the method further includes: determining whether the video bitstream and the first decoded video frame correspond to the same media channel; and determining whether the first decoded video frame and the first display video frame correspond to the same media channel . In this technical field, the path for transmitting video content is the media path. The media path includes a series of hardware modules and memory used for video processing. In this application, it is the hardware decoding module (video decoder, VDEC) that decodes the video code stream to obtain the first decoded video frame. It is a video processor (VPSS) that processes the first decoded video frame to obtain the first display video frame. Before outputting the first decoded video frame, VDEC should determine whether the video bitstream and the first decoded video frame correspond to the same media channel. This can avoid the problem of accessing data of other media channels when VDEC outputs the first decoded video frame, thereby improving the security of video frame transmission. Similarly, before outputting the first display video frame, the VPSS should determine whether the first decoded video frame and the first display video frame correspond to the same media channel. This can avoid the problem of accessing data of other media channels when the VPSS outputs the first display video frame, thereby improving the security of video frame transmission.
一种可能的实现方式中,该确定该视频码流和该第一解码视频帧是否对应同一媒体通路包括:获取该视频码流对应的第一通路标识和该第一解码视频帧的帧级保护信息中的第二通路标识;在该第一通路标识和该第二通路标识相同时,确定该视频码流和该第一解码视频帧的帧级保护信息对应同一媒体通路;该确定该第一解码视频帧与该第一显示视频帧是否对应同一媒体通路包括:获取该第一解码视频帧的帧级保护信息中的第三通路标识,和更新后的帧级保护信息中的第四通路标识;在该第三通路标识和该第四通路标识相同时,确定该第一解码视频帧与该第一显示视频帧对应同一媒体通路。其中,电子设备在创建媒体通路时,对应媒体通路设置有通路标识,通路标识用于标识媒体通路。之后,电子设备可以维护通路标识与该媒体通路上各数据内存的对应关系,以及将通路标识作为初始信息写入帧级保护信息中。进一步的,本申请中,电子设备可以通过比对通路标识是否相同,确定两视频帧是否对应同一媒体通路,从而避免硬件模块出现访问其他媒体通路的数据的问题,从而提高视频帧传输的安全性。In a possible implementation manner, the determining whether the video code stream and the first decoded video frame correspond to the same media path includes: obtaining the first path identifier corresponding to the video code stream and the frame-level protection of the first decoded video frame The second path identifier in the information; when the first path identifier and the second path identifier are the same, it is determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path; it is determined that the first Whether the decoded video frame and the first display video frame correspond to the same media path includes: obtaining the third path identifier in the frame-level protection information of the first decoded video frame, and the fourth path identifier in the updated frame-level protection information ; When the third channel identifier and the fourth channel identifier are the same, it is determined that the first decoded video frame and the first display video frame correspond to the same media channel. Wherein, when the electronic device creates a media channel, the corresponding media channel is provided with a channel identifier, and the channel identifier is used to identify the media channel. After that, the electronic device can maintain the corresponding relationship between the path identifier and each data memory on the media path, and write the path identifier as initial information into the frame-level protection information. Furthermore, in this application, the electronic device can determine whether two video frames correspond to the same media channel by comparing whether the channel identifiers are the same, so as to avoid the problem of hardware modules accessing data of other media channels, thereby improving the security of video frame transmission .
一种可能的实现方式中,在根据该帧级保护信息确定是否输出第一显示视频帧之前,以及在根据该第一显示视频帧的分辨率更新该帧级保护信息之前,还包括:检测该帧级保护信息是否有效。其中,媒体通路上的任意硬件模块,在读取帧级保护信息之前,以及在写帧级保护信息的相关信息之前,均需要检测相应帧级保护信息的有效性。例如,VDEC在写输出控制策略和第一解码视频帧的分辨率之前,应当检测帧级保护信息的相应初始信息是否有效。VPSS读第一解码视频帧的帧级保护信息之前,需要检测第一解码视频帧的帧级保护信息是否有效。VPSS更新帧级保护信息中的最小分辨率之前,需要检测待更新的帧级保护信息是否有效。VDP在读第一显示视频帧的帧级保护信息之前,需要检测第一显示视频帧的帧级保护信息是否有效。这样能够确保按照正确的保护信息,对相应的视频帧进行输出保护。In a possible implementation manner, before determining whether to output the first display video frame according to the frame-level protection information, and before updating the frame-level protection information according to the resolution of the first display video frame, the method further includes: detecting the Whether the frame-level protection information is valid. Among them, any hardware module on the media channel needs to check the validity of the corresponding frame-level protection information before reading the frame-level protection information and before writing the relevant information of the frame-level protection information. For example, before writing the output control strategy and the resolution of the first decoded video frame, VDEC should check whether the corresponding initial information of the frame-level protection information is valid. Before the VPSS reads the frame-level protection information of the first decoded video frame, it needs to check whether the frame-level protection information of the first decoded video frame is valid. Before the VPSS updates the minimum resolution in the frame-level protection information, it needs to check whether the frame-level protection information to be updated is valid. Before reading the frame-level protection information of the first display video frame, the VDP needs to check whether the frame-level protection information of the first display video frame is valid. This can ensure that the corresponding video frame is output protected according to the correct protection information.
一种可能的实现方式中,该检测该帧级保护信息是否有效包括:检测以下至少一项:检测该帧级保护信息的类型与预配置的类型是否匹配,该类型用于指示该帧级保护信息是 否绑定视频帧;判断该帧级保护信息的校验值与初始校验值是否相同;或,检测该帧级保护信息中第一显示视频帧的存储地址和该存储地址长度的对应关系是否正确。其中,检测帧级保护信息是否有效,实质上均是对帧级保护信息中的至少一项初始保护信息进行检测,且在确定所检测的至少一项初始保护信息有效的条件下,确定相应帧级保护信息有效。In a possible implementation manner, the detecting whether the frame-level protection information is valid includes: detecting at least one of the following: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate the frame-level protection Whether the information is bound to the video frame; determine whether the check value of the frame-level protection information is the same as the initial check value; or, detect the correspondence between the storage address of the first display video frame in the frame-level protection information and the length of the storage address is it right or not. Among them, detecting whether the frame-level protection information is valid is essentially detecting at least one piece of initial protection information in the frame-level protection information, and determining the corresponding frame under the condition that the detected at least one piece of initial protection information is valid Level protection information is valid.
以VDP为例,VDP可以检测第一显示视频帧的帧级保护信息的类型(tag)与预配置的tag是否匹配。若第一显示视频帧的帧级保护信息的tag与预配置的tag相匹配,说明tag信息有效。其中,tag用于指示帧级保护信息是否绑定视频帧。若帧级保护信息绑定视频帧,那么,VDP应当根据帧级保护信息中视频帧的分辨率对第一显示视频帧执行操作。若帧级保护信息未绑定视频帧,那么,该帧级保护信息是全局保护信息,VDP应当根据扩展输出策略中的分辨率对第一显示视频帧执行操作。采用本实现方式,VDP能够在确定帧级保护信息类型的正确性之后,根据帧级保护信息按照相匹配的处理逻辑对处理第一显示视频帧。Taking VDP as an example, the VDP can detect whether the type (tag) of the frame-level protection information of the first displayed video frame matches the pre-configured tag. If the tag of the frame-level protection information of the first display video frame matches the pre-configured tag, the tag information is valid. Among them, the tag is used to indicate whether the frame-level protection information is bound to the video frame. If the frame-level protection information is bound to a video frame, then the VDP should perform an operation on the first display video frame according to the resolution of the video frame in the frame-level protection information. If the frame-level protection information is not bound to the video frame, then the frame-level protection information is global protection information, and the VDP should perform operations on the first display video frame according to the resolution in the extended output strategy. With this implementation, after determining the correctness of the frame-level protection information type, the VDP can process the first display video frame according to the frame-level protection information according to the matching processing logic.
VDP还可以检测帧级保护信息中第一显示视频帧的存储地址和该存储地址长度的对应关系是否正确。若第一显示视频帧的存储地址和该存储地址长度的对应关系正确,说明该帧级保护信息是第一显示视频帧对应的帧级保护信息。采用本实现方式,VDP能够确保帧级保护信息与视频帧是否是关联的,从而确保从帧级保护信息中读取到相应视频帧的保护信息,进而,对视频帧实现精准的输出保护。The VDP can also detect whether the corresponding relationship between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct. If the corresponding relationship between the storage address of the first display video frame and the length of the storage address is correct, it indicates that the frame-level protection information is the frame-level protection information corresponding to the first display video frame. With this implementation method, VDP can ensure whether the frame-level protection information is associated with the video frame, thereby ensuring that the protection information of the corresponding video frame is read from the frame-level protection information, and further, realizing accurate output protection for the video frame.
VDP还可以判断帧级保护信息的校验值与初始校验值是否相同。若帧级保护信息的校验值与初始校验值相同,说明帧级保护信息未被篡改。若帧级保护信息的校验值与初始校验值不同,说明帧级保护信息已经被篡改。采用本实现方式,VDP能够在确保帧级保护信息未被破坏、伪造或者篡改的情况下,根据帧级保护信息对第一显示视频帧进行执行输出保护,从而对第一显示视频帧实现正确的输出保护,优化输出保护的性能。VDP can also determine whether the check value of the frame-level protection information is the same as the initial check value. If the check value of the frame-level protection information is the same as the initial check value, it indicates that the frame-level protection information has not been tampered with. If the check value of the frame-level protection information is different from the initial check value, it indicates that the frame-level protection information has been tampered with. With this implementation method, VDP can perform output protection on the first display video frame according to the frame-level protection information while ensuring that the frame-level protection information is not damaged, forged or tampered, so as to implement the correct output protection for the first display video frame. Output protection, optimize the performance of output protection.
应理解,上述三项信息的检测顺序可以任意,本申请对此不限制。此外,VDEC对帧级保护信息有效性的检测,以及VPSS对帧级保护信息有效性的检测,与上述VDP的检测过程类似,此处不再详述。It should be understood that the detection sequence of the above three items of information can be arbitrary, which is not limited in this application. In addition, the detection of the validity of the frame-level protection information by VDEC and the detection of the validity of the frame-level protection information by the VPSS are similar to the detection process of the above-mentioned VDP, and will not be described in detail here.
一种可能的实现方式中,该判断该帧级保护信息的校验值与初始校验值是否相同,包括:将该帧级保护信息中的全部信息做异或运算,得到第一结果;将该第一结果与安全随机数做异或运算,得到该帧级保护信息的校验值;比较该帧级保护信息的校验值与该初始校验值是否相同。In a possible implementation manner, the judging whether the check value of the frame-level protection information is the same as the initial check value includes: performing an exclusive OR operation on all the information in the frame-level protection information to obtain the first result; The first result is XORed with the security random number to obtain the check value of the frame-level protection information; whether the check value of the frame-level protection information is the same as the initial check value is compared.
电子设备设置有mask寄存器,mask寄存器例如是一个32比特的寄存器。在电子设备上电时,TEE侧可以从硬件随机数模块读取32比特的随机数写入该mask寄存器并锁存。REE侧对mask寄存器无访问权限。基于此,mask寄存器中32比特的随机数相对安全,可以称为“安全随机数”。进一步的,电子设备例如可以根据算法checksum=(Word0^Word1^…Wordn)^Mask确定帧级保护信息中的初始校验值checksum,其中,n是大于等于1的整数,Word0至Wordn是指帧级保护信息中的每个信息,Mask是指安全随机数,^是指异或运算。在检测checksum时,相应硬件模块可以按照同样的算法计算当前的帧级保护信息的校验值。由于安全随机数不会被篡改,所以,若计算得到的校验值与checksum相同,说明帧级保护信息未被篡改。若计算得到的校验值与checksum不同,说明帧级保护信息被REE侧篡改。The electronic device is provided with a mask register, and the mask register is, for example, a 32-bit register. When the electronic device is powered on, the TEE side can read a 32-bit random number from the hardware random number module, write it into the mask register and latch it. The REE side has no access rights to the mask register. Based on this, the 32-bit random number in the mask register is relatively safe and can be called a "secure random number". Further, the electronic device may determine the initial checksum in the frame-level protection information according to the algorithm checksum=(Word0^Word1^...Wordn)^Mask, where n is an integer greater than or equal to 1, and Word0 to Wordn refer to frames For each information in the level protection information, Mask refers to a secure random number, and ^ refers to an exclusive OR operation. When checking checksum, the corresponding hardware module can calculate the check value of the current frame-level protection information according to the same algorithm. Since the secure random number cannot be tampered with, if the calculated check value is the same as the checksum, it indicates that the frame-level protection information has not been tampered with. If the calculated check value is different from the checksum, it indicates that the frame-level protection information has been tampered with by the REE side.
一种可能的实现方式中,该方法还包括:根据该帧级保护信息、该第一显示视频帧的位置和大小,为该第一显示视频帧添加水印。In a possible implementation manner, the method further includes: adding a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
其中,帧级保护信息中包括水印信息的存储地址。水印信息可以包括水印信息的内容、添加到视频帧的位置、与视频帧的相对大小等。第一显示视频帧的显示位置和大小,均由用户通过REE侧输入控制指令。所以,若第一显示视频帧需要视频水印保护,电子设备还可以从REE驱动中获取第一显示视频帧的位置和大小。然后,从水印信息的存储地址获取水印信息,之后,电子设备可以根据第一显示视频帧的位置和大小、水印信息与第一显示视频帧的相对位置、以及水印信息与第一显示视频帧的相对大小,确定待添加水印信息的位置和大小。采用本实现方式,电子设备能够根据视频帧显示时的位置和大小,确定待添加的水印的位置和大小,从而能够确保水印随视频帧的变化精确的添加和显示。此外,电子设备通过帧级保护信息将视频帧和该视频帧的水印信息直接对应,能够在多视频同时显示的场景下,避免由于视频帧的显示层级问题,导致添加水印失败的问题。Among them, the frame-level protection information includes the storage address of the watermark information. The watermark information may include the content of the watermark information, the position added to the video frame, the relative size of the video frame, and so on. The display position and size of the first display video frame are all controlled by the user through the REE side input control instructions. Therefore, if the first display video frame needs video watermark protection, the electronic device can also obtain the position and size of the first display video frame from the REE driver. Then, the watermark information is obtained from the storage address of the watermark information. After that, the electronic device can use the position and size of the first display video frame, the relative position of the watermark information and the first display video frame, and the relationship between the watermark information and the first display video frame. Relative size, determine the location and size of the watermark information to be added. With this implementation, the electronic device can determine the position and size of the watermark to be added according to the position and size of the video frame when it is displayed, so as to ensure that the watermark is accurately added and displayed with the change of the video frame. In addition, the electronic device directly corresponds the video frame to the watermark information of the video frame through the frame-level protection information, which can avoid the problem of failure to add watermark due to the display level of the video frame in a scene where multiple videos are displayed at the same time.
一种可能的实现方式中,还包括:若该第一显示视频帧的帧级保护信息丢失,根据全局保护信息中的分辨率确定是否输出该第一显示视频帧,该全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。In a possible implementation manner, it further includes: if the frame-level protection information of the first display video frame is lost, determining whether to output the first display video frame according to the resolution in the global protection information, and the resolution in the global protection information The rate is the minimum resolution in the output strategy corresponding to at least one bitstream.
一种可能的实现方式中,在对视频码流进行解码得到第一解码视频帧之前,还包括:获取创建媒体通路的请求,该媒体通路用于传输该视频码流;生成该媒体通路的通路标识;配置该帧级保护信息中的保护信息的类型、该帧级保护信息对应的视频帧的存储地址和该存储地址长度的对应关系、以及该初始校验值。采用本实现方式,电子设备能够将视频传输过程中涉及的软件、硬件、相关信息、以及上述各因素的对应关系等,预先配置并维护,以实现安全输出视频的功能。In a possible implementation manner, before decoding the video code stream to obtain the first decoded video frame, the method further includes: obtaining a request to create a media path, which is used to transmit the video code stream; and generating a path of the media path Identification; configure the type of protection information in the frame-level protection information, the corresponding relationship between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value. With this implementation, the electronic device can pre-configure and maintain the software, hardware, related information, and the corresponding relationship between the above factors involved in the video transmission process, so as to realize the function of safely outputting the video.
第二方面,本申请提供了一种安全输出装置,该装置包括:解码模块,用于根据输出控制策略和第一解码视频帧的分辨率,生成该第一解码视频帧的帧级保护信息,该第一解码视频帧为该解码模块对视频码流进行解码得到的;显示控制模块,用于根据该帧级保护信息确定是否输出第一显示视频帧,该第一显示视频帧是根据该第一解码视频帧得到的。In a second aspect, the present application provides a safety output device, which includes: a decoding module for generating frame-level protection information of the first decoded video frame according to the output control strategy and the resolution of the first decoded video frame, The first decoded video frame is obtained by decoding the video code stream by the decoding module; the display control module is configured to determine whether to output the first display video frame according to the frame-level protection information, and the first display video frame is based on the first display video frame. Obtained from a decoded video frame.
一种可能的实现方式中,该装置还包括:处理模块,用于对该第一解码视频帧进行处理得到该第一显示视频帧;更新模块,用于根据该第一显示视频帧的分辨率更新该帧级保护信息。In a possible implementation manner, the device further includes: a processing module, configured to process the first decoded video frame to obtain the first display video frame; and an update module, configured to obtain the first display video frame according to the resolution of the first display video frame Update the frame-level protection information.
一种可能的实现方式中,该处理模块,具体用于放大该第一解码视频帧得到该第一显示视频帧;或者,该处理模块,具体用于缩小该第一解码视频帧得到该第一显示视频帧。In a possible implementation manner, the processing module is specifically configured to enlarge the first decoded video frame to obtain the first display video frame; or, the processing module is specifically configured to reduce the first decoded video frame to obtain the first display video frame. Display video frames.
一种可能的实现方式中,该帧级保护信息包括该第一解码视频帧的分辨率和最小分辨率,该最小分辨率为该视频码流在整个媒体通路中对应的最小分辨率,该更新模块,具体用于当该第一显示视频帧的分辨率小于该最小分辨率时,将该帧级保护信息中的最小分辨率修改为该第一显示视频帧的分辨率。In a possible implementation manner, the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path. The update The module is specifically configured to modify the minimum resolution in the frame-level protection information to the resolution of the first display video frame when the resolution of the first display video frame is less than the minimum resolution.
一种可能的实现方式中,该显示控制模块,具体用于:获取输出端口允许的输出保护状态,确定与该输出保护状态匹配的目标输出控制策略;判断该帧级保护信息中的 最小分辨率是否小于该目标输出控制策略允许的分辨率;当该帧级保护信息中的最小分辨率小于该目标输出控制策略允许的分辨率时,输出该第一显示视频帧。In a possible implementation, the display control module is specifically used to: obtain the output protection status allowed by the output port, determine the target output control strategy that matches the output protection status; determine the minimum resolution in the frame-level protection information Whether it is less than the resolution allowed by the target output control strategy; when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, output the first display video frame.
一种可能的实现方式中,该装置还包括可信应用TA,用于为该视频码流配置该输出控制策略。In a possible implementation manner, the device further includes a trusted application TA, which is used to configure the output control strategy for the video stream.
一种可能的实现方式中,该解码模块,还用于确定该视频码流和该第一解码视频帧是否对应同一媒体通路;以及,该处理模块,还用于确定该第一解码视频帧与该第一显示视频帧是否对应同一媒体通路。In a possible implementation manner, the decoding module is also used to determine whether the video bitstream and the first decoded video frame correspond to the same media path; and the processing module is also used to determine whether the first decoded video frame and the first decoded video frame correspond to the same media path. Whether the first display video frame corresponds to the same media channel.
一种可能的实现方式中,该解码模块,具体用于:获取该视频码流对应的第一通路标识和该第一解码视频帧的帧级保护信息中的第二通路标识;在该第一通路标识和该第二通路标识相同时,确定该视频码流和该第一解码视频帧的帧级保护信息对应同一媒体通路;以及该处理模块,具体用于:获取该第一解码视频帧的帧级保护信息中的第三通路标识,和更新后的帧级保护信息中的第四通路标识;在该第三通路标识和该第四通路标识相同时,确定该第一解码视频帧与该第一显示视频帧对应同一媒体通路。In a possible implementation, the decoding module is specifically configured to: obtain the first path identifier corresponding to the video code stream and the second path identifier in the frame-level protection information of the first decoded video frame; When the channel identifier and the second channel identifier are the same, it is determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media channel; and the processing module is specifically used to: obtain the information of the first decoded video frame The third path identifier in the frame-level protection information and the fourth path identifier in the updated frame-level protection information; when the third path identifier and the fourth path identifier are the same, it is determined that the first decoded video frame is the same as the fourth path identifier. The first display video frame corresponds to the same media channel.
一种可能的实现方式中,该装置还包括检测模块,该检测模块,用于检测该帧级保护信息是否有效。In a possible implementation manner, the device further includes a detection module configured to detect whether the frame-level protection information is valid.
一种可能的实现方式中,该检测模块,具体用于进行以下至少一项检测:检测该帧级保护信息的类型与预配置的类型是否匹配,该类型用于指示该帧级保护信息是否绑定视频帧;判断该帧级保护信息的校验值与初始校验值是否相同;或检测该帧级保护信息中第一显示视频帧的存储地址和该存储地址长度的对应关系是否正确。In a possible implementation manner, the detection module is specifically configured to perform at least one of the following detections: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate whether the frame-level protection information is bound Determine the video frame; determine whether the check value of the frame-level protection information is the same as the initial check value; or check whether the corresponding relationship between the storage address of the first display video frame in the frame-level protection information and the length of the storage address is correct.
一种可能的实现方式中,该检测模块,具体用于:将该帧级保护信息中的全部信息做异或运算,得到第一结果;将该第一结果与安全随机数做异或运算,得到该帧级保护信息的校验值;比较该帧级保护信息的校验值与该初始校验值是否相同。In a possible implementation, the detection module is specifically used to: perform an exclusive OR operation on all information in the frame-level protection information to obtain a first result; perform an exclusive OR operation on the first result and a secure random number, Obtain the check value of the frame-level protection information; compare whether the check value of the frame-level protection information is the same as the initial check value.
一种可能的实现方式中,该装置还包括水印添加模块,用于根据该帧级保护信息、该第一显示视频帧的位置和大小,为该第一显示视频帧添加水印。In a possible implementation manner, the device further includes a watermark adding module, configured to add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
一种可能的实现方式中,该显示控制模块,还用于在该第一显示视频帧的帧级保护信息丢失时,根据全局保护信息中的分辨率确定是否输出该第一显示视频帧,该全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。In a possible implementation manner, the display control module is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost, the The resolution in the global protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
一种可能的实现方式中,该装置还包括获取模块,用于获取创建媒体通路的请求,该媒体通路用于传输该视频码流;会话管理模块,用于生成该媒体通路的通路标识;配置该帧级保护信息中的保护信息的类型、该帧级保护信息对应的视频帧的存储地址和该存储地址长度的对应关系、以及该初始校验值。In a possible implementation manner, the device further includes an acquisition module for acquiring a request to create a media channel, the media channel is used to transmit the video stream; a session management module, which is used to generate a channel identifier of the media channel; configuration The type of the protection information in the frame-level protection information, the correspondence between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value.
其中,第二方面及第二方面各实现方式产生的技术效果,与第一方面和第一方面各实现方式产生的技术效果相同,此处不再赘述。Among them, the technical effects produced by the second aspect and the implementation manners of the second aspect are the same as the technical effects produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.
第三方面,本申请提供了一种电子设备,该电子设备包括处理器和传输接口,其中,该处理器被配置为调用存储在存储器中的软件指令,以实现:对视频码流进行解码;在对视频码流进行解码得到第一解码视频帧的阶段,根据输出控制策略和该第一解码视频帧的分辨率,生成该第一解码视频帧的帧级保护信息;还用于根据该帧级保护信息确定是否输出第一显示视频帧,该第一显示视频帧是根据该第一解码视频帧得到的。In a third aspect, the present application provides an electronic device including a processor and a transmission interface, wherein the processor is configured to call software instructions stored in a memory to realize: decoding a video stream; In the stage of decoding the video stream to obtain the first decoded video frame, according to the output control strategy and the resolution of the first decoded video frame, the frame-level protection information of the first decoded video frame is generated; The level protection information determines whether to output the first display video frame, and the first display video frame is obtained according to the first decoded video frame.
一种可能的实现方式中,该处理器,还用于对该第一解码视频帧进行处理得到该第 一显示视频帧;根据该第一显示视频帧的分辨率更新该帧级保护信息。In a possible implementation manner, the processor is further configured to process the first decoded video frame to obtain the first display video frame; and update the frame-level protection information according to the resolution of the first display video frame.
一种可能的实现方式中,该处理器具体用于放大该第一解码视频帧得到该第一显示视频帧;或,缩小该第一解码视频帧得到该第一显示视频帧。In a possible implementation manner, the processor is specifically configured to enlarge the first decoded video frame to obtain the first display video frame; or reduce the first decoded video frame to obtain the first display video frame.
一种可能的实现方式中,该帧级保护信息包括该第一解码视频帧的分辨率和最小分辨率,该最小分辨率为该视频码流在整个媒体通路中对应的最小分辨率,该处理器,还用于当该第一显示视频帧的分辨率小于该最小分辨率时,将该帧级保护信息中的最小分辨率修改为该第一显示视频帧的分辨率。其中,帧级保护信息包括最小分辨率,最小分辨率为视频码流在整个媒体通路中对应的最小分辨率。In a possible implementation manner, the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path. The device is also used to modify the minimum resolution in the frame-level protection information to the resolution of the first display video frame when the resolution of the first display video frame is less than the minimum resolution. Among them, the frame-level protection information includes the minimum resolution, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path.
一种可能的实现方式中,该处理器,具体获取输出端口允许的输出保护状态,确定与该输出保护状态匹配的目标输出控制策略;判断该帧级保护信息中的最小分辨率是否小于该目标输出控制策略允许的分辨率;当该帧级保护信息中的最小分辨率小于该目标输出控制策略允许的分辨率时,输出该第一显示视频帧。In a possible implementation, the processor specifically obtains the output protection status allowed by the output port, determines a target output control strategy that matches the output protection status; determines whether the minimum resolution in the frame-level protection information is less than the target The resolution allowed by the output control strategy; when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the first display video frame is output.
一种可能的实现方式中,该处理器,还用于为该视频码流配置该输出控制策略。In a possible implementation manner, the processor is further configured to configure the output control strategy for the video code stream.
一种可能的实现方式中,该处理器,还用于确定该视频码流和该第一解码视频帧是否对应同一媒体通路;该处理器,还用于确定该第一解码视频帧与该第一显示视频帧是否对应同一媒体通路。In a possible implementation manner, the processor is further configured to determine whether the video bitstream and the first decoded video frame correspond to the same media path; the processor is also configured to determine whether the first decoded video frame and the first decoded video frame correspond to the same media path. One shows whether the video frame corresponds to the same media channel.
一种可能的实现方式中,该处理器,具体用于获取该视频码流对应的第一通路标识和该第一解码视频帧的帧级保护信息中的第二通路标识;在该第一通路标识和该第二通路标识相同时,确定该视频码流和该第一解码视频帧的帧级保护信息对应同一媒体通路;该处理器,具体用于获取该第一解码视频帧的帧级保护信息中的第三通路标识,和更新后的帧级保护信息中的第四通路标识;在该第三通路标识和该第四通路标识相同时,确定该第一解码视频帧与该第一显示视频帧对应同一媒体通路。In a possible implementation manner, the processor is specifically configured to obtain the first path identifier corresponding to the video bitstream and the second path identifier in the frame-level protection information of the first decoded video frame; in the first path When the identifier and the second path identifier are the same, it is determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path; the processor is specifically configured to obtain the frame-level protection of the first decoded video frame The third path identifier in the information and the fourth path identifier in the updated frame-level protection information; when the third path identifier and the fourth path identifier are the same, it is determined that the first decoded video frame is the same as the first display The video frames correspond to the same media channel.
一种可能的实现方式中,该处理器,还用于检测该帧级保护信息是否有效。In a possible implementation manner, the processor is also used to detect whether the frame-level protection information is valid.
一种可能的实现方式中,该处理器,具体用于进行以下至少一项检测:检测该帧级保护信息的类型与预配置的类型是否匹配,该类型用于指示该帧级保护信息是否绑定视频帧;判断该帧级保护信息的校验值与初始校验值是否相同;或检测该帧级保护信息中第一显示视频帧的存储地址和该存储地址长度的对应关系是否正确。In a possible implementation manner, the processor is specifically configured to perform at least one of the following detections: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate whether the frame-level protection information is bound Determine the video frame; determine whether the check value of the frame-level protection information is the same as the initial check value; or check whether the corresponding relationship between the storage address of the first display video frame in the frame-level protection information and the length of the storage address is correct.
一种可能的实现方式中,该处理器,具体用于将该帧级保护信息中的全部信息做异或运算,得到第一结果;将该第一结果与安全随机数做异或运算,得到该帧级保护信息的校验值;比较该帧级保护信息的校验值与该初始校验值是否相同。In a possible implementation manner, the processor is specifically configured to perform an exclusive OR operation on all information in the frame-level protection information to obtain a first result; perform an exclusive OR operation on the first result and a secure random number to obtain The check value of the frame-level protection information; compare whether the check value of the frame-level protection information is the same as the initial check value.
一种可能的实现方式中,该处理器,还用于根据该帧级保护信息、该第一显示视频帧的位置和大小,为该第一显示视频帧添加水印。In a possible implementation manner, the processor is further configured to add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
一种可能的实现方式中,该处理器,还用于在该第一显示视频帧的帧级保护信息丢失时,根据全局保护信息中的分辨率确定是否输出该第一显示视频帧,该全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。In a possible implementation manner, the processor is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost. The resolution in the protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
一种可能的实现方式中,该处理器,还用于获取创建媒体通路的请求,该媒体通路用于传输该视频码流;生成该媒体通路的通路标识;配置该帧级保护信息中的保护信息的类型、该帧级保护信息对应的视频帧的存储地址和该存储地址长度的对应关系、以及该初始校验值。In a possible implementation, the processor is also used to obtain a request to create a media path, which is used to transmit the video code stream; generate the path identifier of the media path; configure the protection in the frame-level protection information The type of information, the corresponding relationship between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value.
其中,第三方面及第三方面各实现方式产生的技术效果,与第一方面和第一方面各实现方式产生的技术效果相同,此处不再赘述。Among them, the technical effects produced by the third aspect and the implementation manners of the third aspect are the same as the technical effects produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.
第四方面,本申请提供了一种电子设备,该电子设备包括处理器和存储器,其中,该存储器用于存储程序、指令或代码,该处理器用于执行该存储器中的程序、指令或代码,完成第一方面,或第一方面的任意一种可能的设计中的方法。应当理解,该电子设备可以为一种处理器芯片,此时,该电子设备中的该处理器为处理器芯片中的一个处理器核或者中央处理单元。In a fourth aspect, the present application provides an electronic device including a processor and a memory, where the memory is used to store programs, instructions or codes, and the processor is used to execute the programs, instructions or codes in the memory, Complete the first aspect, or any one of the possible design methods of the first aspect. It should be understood that the electronic device may be a processor chip. In this case, the processor in the electronic device is a processor core or a central processing unit in the processor chip.
第五方面,本申请提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当其在计算机或处理器上运行时,使得计算机或处理器执行第一方面或第一方面任意可能的设计中的方法。In the fifth aspect, the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when it runs on a computer or a processor, the computer or the processor executes the first aspect or the first aspect. In terms of any possible design method.
第六方面,本申请提供了一种包含指令的计算机程序产品,当该指令在计算机或处理器上运行时,使得该计算机或处理器执行如上述第一方面或者及第一方面任意可能的设计中的方法。In the sixth aspect, this application provides a computer program product containing instructions that, when the instructions run on a computer or processor, cause the computer or processor to execute any possible design as in the first aspect or any possible design in the first aspect. In the method.
采用本申请的技术方案,电子设备对视频码流解码得到视频帧之后,即对应视频帧生成帧级保护信息。之后,电子设备根据视频帧分辨率的变化,更新视频帧的帧级保护信息。从而在输出待显示视频帧之前,电子设备能够按照待显示视频帧对应的帧级保护信息,对待显示视频帧进行输出保护。这样从视频帧的层面进行保护,在视频帧发生变更时,电子设备能够及时更新视频帧对应输出保护信息,使得电子设备能够提供更加精准的输出保护,避免视频帧与输出保护策略不同步等产生的保护失效问题,提高保护的性能。Using the technical solution of the present application, after the electronic device decodes the video code stream to obtain the video frame, it generates frame-level protection information corresponding to the video frame. After that, the electronic device updates the frame-level protection information of the video frame according to the change in the resolution of the video frame. Therefore, before outputting the to-be-displayed video frame, the electronic device can perform output protection on the to-be-displayed video frame according to the frame-level protection information corresponding to the to-be-displayed video frame. In this way, protection is performed at the level of the video frame. When the video frame changes, the electronic device can update the output protection information corresponding to the video frame in time, so that the electronic device can provide more accurate output protection, and avoid the video frame and the output protection strategy from being out of synchronization. The protection failure problem, improve the performance of the protection.
附图说明Description of the drawings
为了更清楚地说明本申请的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the present application more clearly, the following will briefly introduce the drawings needed in the embodiments. Obviously, for those of ordinary skill in the art, without paying creative labor, Other drawings can also be obtained from these drawings.
图1A是本申请提供的一种典型电子设备的系统架构图;FIG. 1A is a system architecture diagram of a typical electronic device provided by this application;
图1B是本申请提供的输出保护的第一种示例性应用场景示意图;FIG. 1B is a schematic diagram of the first exemplary application scenario of output protection provided by this application;
图1C是本申请提供的输出保护的第二种示例性应用场景示意图;FIG. 1C is a schematic diagram of a second exemplary application scenario of output protection provided by this application;
图2是本申请提供的电子设备10的系统架构示意图;FIG. 2 is a schematic diagram of the system architecture of the electronic device 10 provided by the present application;
图3是本申请提供的帧级保护信息的示例性结构示意图;Fig. 3 is a schematic diagram of an exemplary structure of frame-level protection information provided by the present application;
图4是本申请提供的安全输出方法100的示例性方法流程图;FIG. 4 is an exemplary method flowchart of the safe output method 100 provided by the present application;
图5是本申请提供的安全输出方法100的示例性应用场景示意图;FIG. 5 is a schematic diagram of an exemplary application scenario of the safe output method 100 provided by the present application;
图6A是本申请提供的电子设备20的示例性系统架构示意图;FIG. 6A is a schematic diagram of an exemplary system architecture of an electronic device 20 provided by the present application;
图6B是本申请提供的帧级保护信息的传输流程示意图;FIG. 6B is a schematic diagram of the transmission flow of frame-level protection information provided by this application;
图7A是本申请提供的安全输出装置70的示例性结构示意图;FIG. 7A is a schematic diagram of an exemplary structure of a safety output device 70 provided by the present application;
图7B是本申请提供的安全输出装置71的示例性结构示意图。FIG. 7B is a schematic diagram of an exemplary structure of the safety output device 71 provided by the present application.
具体实施方式Detailed ways
下面将结合本申请中的附图,对本申请中的技术方案进行清楚地描述。The technical solutions in this application will be clearly described below in conjunction with the drawings in this application.
本申请以下实施例中所使用的术语只是为了描述特定实施例的目的,而并非旨在作为对本申请的限制。如在本申请的说明书和所附权利要求书中所使用的那样,单数表达形式 “一个”、“一种”、“所述”、“上述”、“该”和“这一”旨在也包括复数表达形式,除非其上下文中明确地有相反指示。还应当理解,尽管在以下实施例中可能采用术语第一、第二等来描述某一类对象,但所述对象不应限于这些术语。这些术语仅用来将该类对象的具体对象进行区分。例如,以下实施例中可能采用术语第一、第二等来描述通路标识,但通路标识不应限于这些术语。这些术语仅用来将不同媒体通路的标识进行区分。以下实施例中可能采用术语第一、第二等来描述的其他类对象同理,此处不再赘述。The terms used in the following embodiments of the present application are only for the purpose of describing specific embodiments, and are not intended to limit the present application. As used in the specification and appended claims of this application, the singular expressions "a", "an", "said", "above", "the" and "this" are intended to also Including plural expressions, unless the context clearly indicates to the contrary. It should also be understood that although the terms first, second, etc. may be used in the following embodiments to describe a certain type of object, the object should not be limited to these terms. These terms are only used to distinguish specific objects of this class of objects. For example, in the following embodiments, the terms first, second, etc. may be used to describe the path identification, but the path identification should not be limited to these terms. These terms are only used to distinguish the identification of different media channels. In the following embodiments, the terms first, second, etc. may be used to describe other types of objects in the same way, which will not be repeated here.
本申请描述的架构以及业务场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请所提供的技术方案的限定,本领域普通技术人员可知,随着架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。The architecture and business scenarios described in this application are intended to more clearly illustrate the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in this application. Those of ordinary skill in the art will know that as the architecture evolves and new With the emergence of business scenarios, the technical solutions provided in the embodiments of this application are equally applicable to similar technical problems.
以下对本申请的实施场景进行介绍。The following describes the implementation scenarios of this application.
本申请可以应用于支持音频、视频输入/输出的电子设备,该电子设备例如是智能手机、智能机顶盒、智能电视、监控、计算机、平板电脑等。This application can be applied to electronic devices that support audio and video input/output, such as smart phones, smart set-top boxes, smart TVs, surveillance, computers, tablet computers, etc.
图1A示出了一种典型的电子设备的系统架构。该系统架构包括:应用层、驱动层、操作系统层、硬件模块和存储模块。应用层用于运行应用软件,例如腾讯、优酷等。驱动层包括针对各个硬件模块编写的驱动程序,该驱动程序用于驱动相对应的硬件模块访问内存块。操作系统层负责内存管理、堆栈管理、任务调度管理等。应用层的应用软件在运行时,可以向操作系统层申请分配内存块,并获取所分配的内存块的虚拟地址。所分配的内存块用于存储应用软件运行过程中的数据,例如下述的视频帧等数据。驱动层可以驱动硬件模块根据内存块的虚拟地址访问相应内存块。本申请涉及的“访问”包括读操作和写操作。例如,硬件模块可以响应驱动程序的指令,对从输入内存块中读取的数据进行处理,然后,将处理后的数据写入输出内存块中。Figure 1A shows the system architecture of a typical electronic device. The system architecture includes: application layer, driver layer, operating system layer, hardware module and storage module. The application layer is used to run application software, such as Tencent, Youku, etc. The driver layer includes a driver program written for each hardware module, and the driver program is used to drive the corresponding hardware module to access the memory block. The operating system layer is responsible for memory management, stack management, task scheduling management, etc. When the application software of the application layer is running, it can apply to the operating system layer to allocate a memory block and obtain the virtual address of the allocated memory block. The allocated memory block is used to store data during the running of the application software, such as the following data such as video frames. The driver layer can drive the hardware module to access the corresponding memory block according to the virtual address of the memory block. The "access" involved in this application includes read operations and write operations. For example, the hardware module can process the data read from the input memory block in response to the instruction of the driver, and then write the processed data into the output memory block.
应用软件在传输媒体内容之前,可以根据该应用软件的意图以及对媒体内容的处理过程,创建媒体通路,该媒体通路是应用软件在电子设备上处理媒体内容的路径,该处理过程包括但不限于播放、录制、转码和转发等,相应的,媒体通路例如可以包括录制通路,播放通路和转码通路。媒体通路包括进行音视频处理所用到的资源,例如一系列的硬件模块和内存等。Before the application software transmits the media content, it can create a media path based on the application software's intention and the processing process of the media content. The media path is the path through which the application software processes the media content on the electronic device. The processing process includes but is not limited to Play, record, transcode, and forward, etc. Correspondingly, the media path may include, for example, a recording path, a playback path, and a transcoding path. The media path includes the resources used for audio and video processing, such as a series of hardware modules and memory.
结合图1A,示例性的,应用软件可以向操作系统层申请占用硬件模块1、硬件模块2和硬件模块3,并向操作系统层申请分配内存块1和内存块2。硬件模块1、硬件模块2和硬件模块3,以及内存块1和内存块2例如可以组成一条媒体通路,媒体流在该媒体通路上的传输流程例如可以是:硬件模块1到内存块1,内存块1到硬件模块2,硬件模块2到内存块2,内存块2到硬件模块3。在实际操作中,驱动层接收该应用软件的指令,然后,驱动该媒体通路中相应的硬件模块对相应内存块执行访问操作,以及对相应的媒体数据进行处理。With reference to FIG. 1A, by way of example, the application software may apply to the operating system layer to occupy the hardware module 1, the hardware module 2 and the hardware module 3, and apply to the operating system layer to allocate the memory block 1 and the memory block 2. Hardware module 1, hardware module 2, and hardware module 3, as well as memory block 1 and memory block 2, for example, can form a media channel, and the transmission process of the media stream on the media channel can be, for example: hardware module 1 to memory block 1, memory Block 1 to hardware module 2, hardware module 2 to memory block 2, and memory block 2 to hardware module 3. In actual operation, the driver layer receives instructions from the application software, and then drives the corresponding hardware modules in the media path to perform access operations on the corresponding memory blocks and process the corresponding media data.
图1A所示的电子设备例如可以支持可信执行环境(trusted execution environment,TEE)与普通执行环境(rich execution environment,REE)。TEE与REE相对应,TEE用于为受保护的应用软件提供受保护的执行环境,REE用于为不受保护的应用软件提供执行环境。TEE下传输的媒体内容例如可以按照媒体内容使用规则(content usage rules,CUR)处理,以实现对媒体内容的保护。相应的,TEE下媒体通路的硬件模块和内存块应当按照 CUR处理并传输相关数据。示例性的,CUR可以包括HDCP策略、视频水印保护策略、禁止转码和禁止录制等保护策略。The electronic device shown in FIG. 1A may, for example, support a trusted execution environment (TEE) and a rich execution environment (REE). TEE corresponds to REE. TEE is used to provide a protected execution environment for protected application software, and REE is used to provide an execution environment for unprotected application software. The media content transmitted under the TEE may be processed in accordance with media content usage rules (content usage rules, CUR), for example, to realize the protection of the media content. Correspondingly, the hardware modules and memory blocks of the media channel under TEE should process and transmit relevant data in accordance with CUR. Exemplarily, CUR may include protection policies such as HDCP policy, video watermark protection policy, prohibition of transcoding, and prohibition of recording.
下面以HDCP策略和视频水印保护策略为例进行说明。其中,HDCP策略和视频水印保护策略作用于视频输出阶段,因此,本申请将HDCP策略和视频水印保护策略统称为“输出保护策略”或者“输出控制策略”。示例性的,以视频输出为例,电子设备首先对视频源,也即加密的视频码流进行解密,得到待解码的视频码流。然后,电子设备对待解码的视频码流进行解码,得到视频帧。之后,电子设备可以通过硬件接口输出视频帧。其中,电子设备可以采用HDCP策略对解码后的视频帧提供保护,且,电子设备可以为视频帧添加水印,以实现对视频帧的水印保护。The following takes HDCP strategy and video watermark protection strategy as examples. Among them, the HDCP strategy and the video watermark protection strategy act on the video output stage. Therefore, this application collectively refers to the HDCP strategy and the video watermark protection strategy as an "output protection strategy" or an "output control strategy". Exemplarily, taking video output as an example, the electronic device first decrypts the video source, that is, the encrypted video code stream, to obtain the video code stream to be decoded. Then, the electronic device decodes the video code stream to be decoded to obtain a video frame. After that, the electronic device can output the video frame through the hardware interface. Among them, the electronic device can adopt the HDCP strategy to provide protection to the decoded video frame, and the electronic device can add a watermark to the video frame to realize the watermark protection of the video frame.
实际实现中,对视频内容执行输出保护的软件系统包括条件接收系统(condition access system,CAS)或者数字版权管理(digitial rights management,DRM)系统。本申请中,将CAS或者DRM表达为“CAS/DRM”,其中的“/”在本申请中表示“或者”。本说明书中涉及的“CAS/DRM”均表示CAS或者DRM。In actual implementation, a software system that performs output protection on video content includes a condition access system (CAS) or a digital rights management (digitial rights management, DRM) system. In this application, CAS or DRM is expressed as "CAS/DRM", where "/" means "or" in this application. The "CAS/DRM" mentioned in this manual all mean CAS or DRM.
其中,HDCP策略是一种防止高清数字媒体内容被非法录制的技术。HDCP策略可以包括HDCP1.4保护级别和HDCP2.2保护级别,其中,HDCP1.4保护级别和HDCP2.2保护级别所允许的分辨率不同,例如,HDCP1.4保护级别支持的分辨率通常为1080逐行扫描(progressive scan,P),即,1080P例如指示每帧的像素数是1920*1080,HDCP2.2保护级别支持的分辨率通常为4K,4K例如指示每帧的像素数是4096*2160,“K”例如用于表示2的10*4次方。实际使用HDCP策略进行保护时,要求处理视频帧、显示视频帧等的软件和硬件均支持HDCP策略,否则,电子设备禁止输出相应视频帧,或者降分辨率输出相应视频帧。Among them, the HDCP strategy is a technology to prevent the illegal recording of high-definition digital media content. The HDCP policy can include HDCP1.4 protection level and HDCP2.2 protection level. Among them, HDCP1.4 protection level and HDCP2.2 protection level allow different resolutions. For example, the resolution supported by HDCP1.4 protection level is usually 1080 Progressive scan (P), that is, 1080P, for example, indicates that the number of pixels per frame is 1920*1080, and the resolution supported by HDCP2.2 protection level is usually 4K, and 4K, for example, indicates that the number of pixels per frame is 4096*2160. , "K", for example, is used to represent 2 to the 10*4 power. When the HDCP strategy is actually used for protection, it is required that the software and hardware for processing and displaying video frames support the HDCP strategy. Otherwise, the electronic device is prohibited from outputting the corresponding video frame or outputting the corresponding video frame at a reduced resolution.
数字高清多媒体接口(high definition multimedia interface,HDMI)是一种常用的支持HDCP策略的硬件接口。目前,设备常用的HDMI包括HDMI1.0版、HDMI1.3版、HDMI1.4版和HDMI2.0版等,其中,不同版本的HDMI支持的HDCP级别不同,例如,HDMI1.3版支持HDCP1.4保护级别,HDMI2.0版支持HDCP2.2保护级别。在输出视频帧之前,电子设备的HDMI可以根据所连接接口对HDCP的支持情况,确定对输出视频帧的HDCP保护状态。例如,电子设备的HDMI支持HDCP2.2和HDCP1.4,而该HDMI所连接的接口仅支持HDCP1.4,那么,电子设备可以按照HDCP1.4保护级别对应的分辨率输出视频帧。相应的,电子设备的HDMI所确定的输出视频帧的HDCP保护状态即为HDCP1.4。The digital high definition multimedia interface (HDMI) is a commonly used hardware interface that supports the HDCP strategy. At present, HDMI commonly used by equipment includes HDMI1.0, HDMI1.3, HDMI1.4 and HDMI2.0, among which different versions of HDMI support different levels of HDCP. For example, HDMI1.3 supports HDCP1.4 Protection level, HDMI2.0 version supports HDCP2.2 protection level. Before outputting the video frame, the HDMI of the electronic device can determine the HDCP protection status of the output video frame according to the HDCP support status of the connected interface. For example, the HDMI of the electronic device supports HDCP2.2 and HDCP1.4, and the interface to which the HDMI is connected only supports HDCP1.4, then the electronic device can output video frames at a resolution corresponding to the HDCP1.4 protection level. Correspondingly, the HDCP protection state of the output video frame determined by the HDMI of the electronic device is HDCP1.4.
视频水印保护策略是指将要求的水印信息添加到输出的视频帧,以标识视频帧的来源等。水印信息可以包括视频帧所属视频源的地址、内容标识、时间戳等信息。其中,电子设备通常根据视频帧的显示位置、大小等,为视频帧添加水印信息。The video watermark protection strategy refers to adding the required watermark information to the output video frame to identify the source of the video frame, etc. The watermark information may include information such as the address, content identifier, and time stamp of the video source to which the video frame belongs. Among them, the electronic device usually adds watermark information to the video frame according to the display position and size of the video frame.
如图1B所示,TEE应用层对加密的视频码流进行解密,然后,将解密后的视频码流写入相应媒体通路中解码模块访问的内存块中。基于此,一种现有的实现方式中,TEE应用层在解密之前,HDMI从根据连接的设备确定所支持的HDCP保护状态,并发送至TEE应用层,然后,TEE应用层判断HDCP保护状态与视频码流对应的HDCP保护级别是否匹配。若HDCP保护状态与视频码流的HDCP保护级别不匹配,例如,视频码流的HDCP保护级别是HDCP2.2,而HDCP保护状态是支持HDCP1.4级别的保护。那么,TEE应用层则不会对加密的视频码流进行解密,进而,电子设备输出静帧信号(mute)。其中,输出mute是指输出 全黑视频帧或全蓝视频帧等纯色视频帧。若HDCP保护状态与码流的HDCP保护级别匹配,TEE应用层才对加密的码流进行解密。进而,电子设备输出视频码流对应的视频帧。可见,本方案中,电子设备对加密的视频码流只有解密和不解密两种状态,并不会适应性调整视频码流的输出保护策略,适用性较差。As shown in Figure 1B, the TEE application layer decrypts the encrypted video code stream, and then writes the decrypted video code stream into the memory block accessed by the decoding module in the corresponding media channel. Based on this, in an existing implementation, before decrypting the TEE application layer, HDMI determines the supported HDCP protection status from the connected device and sends it to the TEE application layer. Then, the TEE application layer determines the HDCP protection status and Whether the HDCP protection level corresponding to the video stream matches. If the HDCP protection status does not match the HDCP protection level of the video stream, for example, the HDCP protection level of the video stream is HDCP2.2, and the HDCP protection status supports HDCP1.4 protection. Then, the TEE application layer will not decrypt the encrypted video stream, and then the electronic device outputs a mute signal. Among them, output mute refers to outputting pure color video frames such as all black video frames or all blue video frames. If the HDCP protection status matches the HDCP protection level of the code stream, the TEE application layer will decrypt the encrypted code stream. Furthermore, the electronic device outputs a video frame corresponding to the video code stream. It can be seen that, in this solution, the electronic device has only two states of decryption and non-decryption for the encrypted video stream, and it will not adapt the output protection strategy of the video stream, and the applicability is poor.
如图1C所示,电子设备输出视频帧之前,相应媒体通路中的视频显示模块例如从内存块m中读取待显示视频帧,然后,按照输出保护策略对待显示视频帧进行配置。输出保护策略例如包括待显示视频帧对应的输出分辨率、添加水印的位置和水印的大小。一些实施例中,视频显示模块中的输出保护策略由TEE应用层配置,并且,视频显示模块中配置输出保护策略之后,立即对所读取的待显示视频帧配置相应输出保护策略。基于此,一方面,内存块m可以缓存部分待显示视频帧。若视频显示模块中配置的输出保护策略产生变更,内存块m中已经缓存的视频帧对应变更前的输出保护策略,但是视频显示模块将按照变更后的输出保护策略配置内存块m中已经缓存的待显示视频帧,从而导致输出保护失效。另一方面,内存块m中存储的待显示视频帧可以是经处理得到的视频帧,而视频帧的处理机制通常由REE应用层控制。所以,若视频帧的位置、大小等发生变化,TEE应用层无法感知,进而,TEE应用层无法及时更新视频显示模块中的输出保护策略,从而也会造成输出保护失效,例如,未按照HDCP允许的分辨率输出视频帧,水印添加错误等。As shown in FIG. 1C, before the electronic device outputs the video frame, the video display module in the corresponding media channel reads the to-be-displayed video frame from the memory block m, for example, and then configures the to-be-displayed video frame according to the output protection policy. The output protection strategy includes, for example, the output resolution corresponding to the video frame to be displayed, the location of the watermark, and the size of the watermark. In some embodiments, the output protection policy in the video display module is configured by the TEE application layer, and after the output protection policy is configured in the video display module, the corresponding output protection policy is immediately configured for the read video frame to be displayed. Based on this, on the one hand, the memory block m can buffer part of the video frames to be displayed. If the output protection strategy configured in the video display module is changed, the video frames that have been cached in memory block m correspond to the output protection strategy before the change, but the video display module will configure the output protection strategy that has been cached in memory block m according to the changed output protection strategy. The video frame to be displayed, which causes the output protection to fail. On the other hand, the to-be-displayed video frame stored in the memory block m may be a processed video frame, and the processing mechanism of the video frame is usually controlled by the REE application layer. Therefore, if the position and size of the video frame change, the TEE application layer cannot perceive it. Furthermore, the TEE application layer cannot update the output protection strategy in the video display module in time, which will also cause the output protection to fail. For example, it is not allowed in accordance with HDCP. The resolution output video frame, watermark adding error, etc.
基于上述,本申请提供了一种安全输出方法及电子设备,对应视频帧生成帧级保护信息,从而在输出待显示视频帧之前,能够按照待显示视频帧对应的帧级保护信息,对待显示视频帧进行输出保护。这样从视频帧的层面进行保护,能够提供更加精准的输出保护,并且在视频帧发生变更时,能够及时更新相应输出保护信息,从而提高保护的性能。Based on the above, the present application provides a safe output method and electronic device, which generates frame-level protection information corresponding to video frames, so that before outputting the video frame to be displayed, the video frame to be displayed can be displayed according to the frame-level protection information corresponding to the video frame to be displayed. Frame output protection. In this way, protection at the level of the video frame can provide more accurate output protection, and when the video frame changes, the corresponding output protection information can be updated in time, thereby improving the performance of the protection.
以下对本申请涉及的电子设备的软硬件结构进行介绍。The software and hardware structure of the electronic equipment involved in this application is introduced below.
图2示意了电子设备10的一种示例性应用环境的系统架构示意图。电子设备10支持TEE。以下结合图2分别对REE系统架构和TEE系统架构进行介绍。FIG. 2 illustrates a schematic diagram of a system architecture of an exemplary application environment of the electronic device 10. The electronic device 10 supports TEE. The following describes the REE system architecture and TEE system architecture respectively in conjunction with Figure 2.
REE系统架构包括REE软件应用层、REE软件接口适配层、REE软件驱动层、REE软件操作系统层、REE硬件模块和REE存储模块。REE软件应用层中的软件应用可以通过REE软件接口适配层、REE软件驱动层和REE软件操作系统层控制REE硬件模块,对REE存储模块中的内存块进行访问操作。其中,应当理解,REE软件操作系统层、REE软件驱动层、REE软件接口适配层和REE软件应用层等是由软件代码实现的,示例性的,这些软件代码可以存储在存储器中,并运行在处理器上。The REE system architecture includes REE software application layer, REE software interface adaptation layer, REE software driver layer, REE software operating system layer, REE hardware module and REE storage module. The software application in the REE software application layer can control the REE hardware module through the REE software interface adaptation layer, the REE software driver layer and the REE software operating system layer, and access the memory blocks in the REE storage module. Among them, it should be understood that the REE software operating system layer, the REE software driver layer, the REE software interface adaptation layer, and the REE software application layer are implemented by software codes. Illustratively, these software codes can be stored in the memory and run. On the processor.
其中,REE软件应用层用于提供REE软件应用的运行环境,还用于当REE软件应用运行时向REE软件操作系统层申请分配REE硬件模块和REE内存块,并存储REE内存块的虚拟地址。Among them, the REE software application layer is used to provide the operating environment of the REE software application, and is also used to apply to the REE software operating system layer to allocate the REE hardware module and REE memory block when the REE software application is running, and to store the virtual address of the REE memory block.
REE软件接口适配层用于根据REE软件应用层访问的虚拟地址匹配REE软件驱动层中的驱动程序。The REE software interface adaptation layer is used to match the driver in the REE software driver layer according to the virtual address accessed by the REE software application layer.
REE软件驱动层中包括针对各个硬件模块编写的驱动程序,该驱动程序根据虚拟地址驱动相应的硬件模块访问相应REE内存块。The REE software driver layer includes a driver program written for each hardware module. The driver program drives the corresponding hardware module to access the corresponding REE memory block according to the virtual address.
REE软件操作系统层用于执行REE硬件模块资源管理,还用于堆栈管理和任务调度等。 REE软件操作系统层例如可以响应REE软件应用层指令配置REE硬件模块创建媒体通路,该媒体通路用于传输无安全要求的媒体数据。此外,REE软件操作系统层还用于维护一个或多个计算机程序以及数据,该一个或多个计算机程序运行时,能够实现REE侧各软件层的功能。该数据用于为该一个或多个计算机程序的运行提供支持。The REE software operating system layer is used to perform resource management of REE hardware modules, as well as stack management and task scheduling. The REE software operating system layer can, for example, respond to instructions from the REE software application layer to configure the REE hardware module to create a media path, which is used to transmit media data without security requirements. In addition, the REE software operating system layer is also used to maintain one or more computer programs and data. When the one or more computer programs are running, they can realize the functions of each software layer on the REE side. The data is used to provide support for the operation of the one or more computer programs.
REE存储模块可以包括但不限于双倍速率(double data rate,DDR)存储器、闪存(Flash)、静态随机存取存储器(static random access memory,SRAM)等,本申请不作限定。REE存储模块包括多个内存块,每个内存块具有不同的物理地址。The REE storage module may include, but is not limited to, double data rate (DDR) memory, flash memory (Flash), static random access memory (static random access memory, SRAM), etc., which are not limited in this application. The REE storage module includes multiple memory blocks, and each memory block has a different physical address.
TEE系统架构包括TEE软件应用层、TEE软件接口适配层、TEE软件驱动层、TEE软件操作系统层、TEE硬件模块和TEE存储模块。其中,TEE软件操作系统层、TEE软件驱动层、TEE软件接口适配层和TEE软件应用层等是由软件代码实现的,示例性的,这些软件代码可以存储在存储器中,并运行在处理器上。The TEE system architecture includes TEE software application layer, TEE software interface adaptation layer, TEE software driver layer, TEE software operating system layer, TEE hardware module and TEE storage module. Among them, the TEE software operating system layer, the TEE software driver layer, the TEE software interface adaptation layer, and the TEE software application layer are implemented by software codes. Illustratively, these software codes can be stored in the memory and run on the processor. superior.
其中,TEE软件应用层中的软件应用可以通过TEE软件接口适配层、TEE软件驱动层和TEE软件操作系统层控制TEE硬件模块,对TEE存储模块中的内存块进行访问操作。应理解,各软件层之间的基本交互过程与REE侧类似,此处不再详述。Among them, the software application in the TEE software application layer can control the TEE hardware module through the TEE software interface adaptation layer, the TEE software driver layer and the TEE software operating system layer, and access the memory block in the TEE storage module. It should be understood that the basic interaction process between the software layers is similar to the REE side, and will not be detailed here.
本申请中,TEE软件应用层可以包含CAS/DRM可信应用(CAS/DRM trusted application,CAS/DRM TA),CAS/DRM TA也可以简称为TA。TA可以用于配置视频码流的输出保护策略。In this application, the TEE software application layer may include the CAS/DRM trusted application (CAS/DRM trusted application, CAS/DRM TA), and the CAS/DRM TA may also be referred to as TA for short. TA can be used to configure the output protection strategy of the video stream.
此外,本申请中,TEE系统架构还包括会话管理模块,该会话管理模块由软件代码实现,并运行在处理器上。一些实施例中,该会话管理模块例如运行在TEE软件驱动层。另一些实施例中,该会话管理模块例如运行在TEE软件操作系统层。此处不限制。In addition, in this application, the TEE system architecture also includes a session management module, which is implemented by software code and runs on the processor. In some embodiments, the session management module runs on the TEE software driver layer, for example. In other embodiments, the session management module runs on the TEE software operating system layer, for example. There is no restriction here.
其中,该会话管理模块可以用于在该TEE系统架构创建媒体通路过程中,配置保护信息内存块,该保护信息内存块用于存储该媒体通路中传输的视频帧对应的帧级保护信息。帧级保护信息包括视频帧对应的输出保护信息。该会话管理模块还可以用于配置每个保护信息内存块中帧级保护信息的初始信息,初始信息可以包括帧级保护信息的类型、帧级保护信息对应的视频帧的内存块虚拟地址和所述虚拟地址长度的对应关系、以及帧级保护信息的初始校验值。关于帧级保护信息的实施例详见下文描述,此处不详述。Wherein, the session management module may be used to configure a protection information memory block in the process of creating a media channel in the TEE system architecture, and the protection information memory block is used to store the frame-level protection information corresponding to the video frame transmitted in the media channel. The frame-level protection information includes output protection information corresponding to the video frame. The session management module can also be used to configure the initial information of the frame-level protection information in each protection information memory block. The initial information can include the type of the frame-level protection information, the virtual address of the memory block of the video frame corresponding to the frame-level protection information, and all the information. The corresponding relationship between the length of the virtual address and the initial check value of the frame-level protection information are described. For the embodiments of the frame-level protection information, please refer to the following description, which will not be described in detail here.
此外,该会话管理模块还可以用于为该TEE系统架构创建的媒体通路配置通道标识,并存储属于该媒体通路的内存块的虚拟地址与该通道标识的对应关系。In addition, the session management module can also be used to configure the channel identifier for the media channel created by the TEE system architecture, and store the correspondence between the virtual address of the memory block belonging to the media channel and the channel identifier.
TEE存储模块可以包括多个安全内存块,其中每个安全内存块可以通过物理地址标识。示例性的,在创建用于视频输出的媒体通路过程中,其中部分安全内存块可以被配置为存储视频帧的内存块,另一部分安全内存块可以被配置为存储帧级保护信息的内存块,并被写入帧级保护信息的初始信息。本申请中,将用于存储视频帧的内存块可以称为数据内存块,将用于存储帧级保护信息的内存块称为保护信息内存块。The TEE storage module may include multiple secure memory blocks, where each secure memory block can be identified by a physical address. Exemplarily, in the process of creating a media path for video output, part of the secure memory block may be configured as a memory block for storing video frames, and another part of the secure memory block may be configured as a memory block for storing frame-level protection information. And is written into the initial information of the frame-level protection information. In this application, the memory block used to store video frames may be referred to as a data memory block, and the memory block used to store frame-level protection information is referred to as a protected information memory block.
本申请中,硬件模块可以响应TEE软件驱动层或者TEE软件操作系统层的指令,在访问保护信息内存块之前,检测保护信息内存块中帧级保护信息的有效性。硬件模块还可以在对保护信息内存块执行写操作之前,检测该保护信息内存块与读操作对应的内存块是否对应同一条媒体通路。In this application, the hardware module can respond to instructions from the TEE software driver layer or the TEE software operating system layer to detect the validity of the frame-level protection information in the protection information memory block before accessing the protection information memory block. The hardware module may also detect whether the protected information memory block and the memory block corresponding to the read operation correspond to the same media path before performing the write operation on the protected information memory block.
可以理解的是,一些实施例中,运行REE各软件层的处理器,和运行TEE各软件层的处理器,在物理上可以是同一个处理器,当该处理器运行在REE模式下时,该处理器实现 REE各软件层的功能,当该处理器运行在TEE模式下时,该处理器实现TEE各软件层的功能。该处理器可以为例如系统级芯片控制逻辑单元、微处理器、微控制器(micro-controller unit,MCU)、中央处理器(central process unit,CPU)、数字信号处理器(digital signal processing,DSP)、图形处理单元(graphics processing unit,GPU)、现场可编程门阵列(field programmable gate array,FPGA)、专用集成电路(application specific integrated circuit,ASIC)等,本申请不作限定。It is understandable that, in some embodiments, the processor running each software layer of REE and the processor running each software layer of TEE may be physically the same processor. When the processor is running in REE mode, The processor implements the functions of each software layer of the REE. When the processor runs in the TEE mode, the processor implements the functions of each software layer of the TEE. The processor can be, for example, a system-level chip control logic unit, a microprocessor, a microcontroller (micro-controller unit, MCU), a central processing unit (CPU), a digital signal processing (digital signal processing, DSP) ), graphics processing unit (GPU), field programmable gate array (FPGA), application specific integrated circuit (ASIC), etc., which are not limited in this application.
图2中示意的REE硬件模块和TEE硬件模块例如均可以包括多路分配模块(demux)、硬件解密模块、硬件加密模块、硬件解码模块(decoder)、视频解码模块(video decoder,VDEC)、硬件通信模块、硬件视频处理模块(video processor,VPSS)、硬件显示模块(video display,VDP)、模数转换器(analog to digital converter,ADC)、数模转换器(digital to analog converter,DAC)、通讯接口、射频单元以及微电子机械模块等,本申请不作限定。其中,REE硬件模块和TEE硬件模块可以由同一个硬件模块中的两条处理通道实现。The REE hardware module and the TEE hardware module shown in FIG. 2 may include, for example, a demux module (demux), a hardware decryption module, a hardware encryption module, a hardware decoding module (decoder), a video decoding module (video decoder, VDEC), and hardware Communication module, hardware video processing module (video processor, VPSS), hardware display module (video display, VDP), analog to digital converter (analog to digital converter, ADC), digital to analog converter (digital to analog converter, DAC), The communication interface, radio frequency unit, and microelectronic mechanical module, etc., are not limited in this application. Among them, the REE hardware module and the TEE hardware module can be implemented by two processing channels in the same hardware module.
REE存储模块和TEE存储模块均可以包括但不限于DDR存储器、闪存(Flash)、SRAM等,本申请不作限定。REE存储模块和TEE存储模块相互隔离,进行使得普通内存块和安全内存块相互隔离。Both the REE storage module and the TEE storage module may include, but are not limited to, DDR memory, flash memory (Flash), SRAM, etc., which are not limited in this application. The REE storage module and the TEE storage module are isolated from each other, so that the ordinary memory block and the secure memory block are isolated from each other.
图2示意的实施例中所述的物理地址(physical address)可以为:在存储模块里以字节为单位存储信息,为正确地存放或取得信息,每一个字节单元具有的唯一的内存块地址。物理地址也可称为实际地址或绝对地址。物理地址是可以通过地址总线在存储模块中寻址的,是数据实际存储的地址。The physical address (physical address) described in the embodiment shown in FIG. 2 may be: storing information in a byte as a unit in the storage module. In order to store or obtain information correctly, each byte unit has a unique memory block address. The physical address can also be called the actual address or the absolute address. The physical address can be addressed in the storage module through the address bus, and is the address where the data is actually stored.
图2示意的实施例中所述的虚拟地址可以为:应用软件访问内存块所使用的逻辑地址。虚拟地址并不实际存储数据,而是需要映射到实际的物理地址上来获取数据。The virtual address described in the embodiment illustrated in FIG. 2 may be a logical address used by application software to access the memory block. The virtual address does not actually store the data, but needs to be mapped to the actual physical address to obtain the data.
一些实施例中,图2示意的REE系统架构的软硬件和TEE系统架构的软硬件可以位于同一片上系统(system on chip,SOC)中。另一些实施例中,图2示意的REE软件应用层、REE软件接口适配层、REE软件驱动层、REE软件操作系统层、REE硬件模块、以及TEE软件应用层、TEE软件接口适配层、TEE软件驱动层、TEE软件操作系统层和TEE硬件模块,位于同一SOC中,REE存储模块和TEE存储模块可以独立于SOC之外。In some embodiments, the software and hardware of the REE system architecture and the software and hardware of the TEE system architecture shown in FIG. 2 may be located in the same system on chip (SOC). In other embodiments, the REE software application layer, REE software interface adaptation layer, REE software driver layer, REE software operating system layer, REE hardware module, and TEE software application layer, TEE software interface adaptation layer, The TEE software driver layer, the TEE software operating system layer, and the TEE hardware module are located in the same SOC, and the REE storage module and TEE storage module can be independent of the SOC.
可以理解的是,图2仅是一种示意性描述,并不构成对电子设备10的具体限定。在本申请另一些实施例中,电子设备10可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。It can be understood that FIG. 2 is only a schematic description, and does not constitute a specific limitation on the electronic device 10. In other embodiments of the present application, the electronic device 10 may include more or fewer components than shown, or combine certain components, or split certain components, or arrange different components. The illustrated components can be implemented in hardware, software, or a combination of software and hardware.
以下结合电子设备10,对本申请的安全输出方法进行介绍。The following describes the safe output method of the present application in conjunction with the electronic device 10.
可以理解的是,本申请所述的安全输出方法在TEE中实施。相应的,本申请所述的安全输出方法由电子设备10中TEE侧的软件,硬件,以及软硬件结合中至少一种执行。It is understandable that the safe output method described in this application is implemented in TEE. Correspondingly, the safe output method described in this application is executed by at least one of software, hardware, and a combination of software and hardware on the TEE side of the electronic device 10.
首先,对本申请实施例涉及的帧级保护信息进行介绍。图3示意了帧级保护信息的示例性结构,如图3所示,帧级保护信息可以包括类型(tag)信息、视频帧的内存块信息(frame buffer information)、视频帧的分辨率信息、HDCP保护策略(HDCP policy)信息、水印控制信息(watermark control)、扩展输出策略(output control extend)信息和初始校验值(checksum)。其中,视频帧的内存块信息例如具体可以包括视频帧的 存储地址以及该存储地址的长度信息和通路标识。视频帧的分辨率信息例如具体可以包括当前分辨率和最小分辨率。HDCP保护策略例如具体可以包括无HDCP保护(NoHDCP)的保护策略、HDCP1.4的保护策略和HDCP2.2的保护策略。水印控制信息例如具体可以包括水印参数信息以及水印参数的内存块信息。First, the frame-level protection information involved in the embodiments of the present application is introduced. Fig. 3 illustrates an exemplary structure of frame-level protection information. As shown in Fig. 3, frame-level protection information may include tag information, frame buffer information of video frames, resolution information of video frames, HDCP protection policy (HDCP policy) information, watermark control information (watermark control), extended output policy (output control extend) information, and initial checksum (checksum). Wherein, the memory block information of the video frame may specifically include, for example, the storage address of the video frame, the length information of the storage address, and the path identifier. The resolution information of the video frame may specifically include the current resolution and the minimum resolution, for example. The HDCP protection strategy may specifically include, for example, a protection strategy of No HDCP (NoHDCP), a protection strategy of HDCP1.4, and a protection strategy of HDCP2.2. The watermark control information may specifically include watermark parameter information and memory block information of the watermark parameter, for example.
图3示意的帧级保护信息所包含各类信息、各类信息所包含的具体信息、以及各每条具体信息的信息描述,详见表1所示。The frame-level protection information shown in FIG. 3 includes various types of information, specific information contained in various types of information, and information descriptions of each specific piece of information. See Table 1 for details.
表1Table 1
Figure PCTCN2020079589-appb-000001
Figure PCTCN2020079589-appb-000001
其中,帧级保护信息的类型用于指示该帧级保护信息是否绑定视频帧。示例性的,若表1中帧级保护信息的类型是frame,说明该帧级保护信息与视频帧绑定,并且该帧级 保护信息中包含所绑定视频帧的内存块信息和分辨率信息。若表1中帧级保护信息的类型是global,说明该帧级保护信息不与视频帧绑定,相应的,该帧级保护信息中视频帧的内存块信息和分辨率信息可以为空。此外,当帧级保护信息的类型是global时,该帧级保护信息可以应用于的所有丢失帧级保护信息的视频帧,为了便于区分,本申请将该类型的保护信息称为“全局保护信息”。全局保护信息中的输出分辨率可以包含在扩展输出策略信息中。Among them, the type of frame-level protection information is used to indicate whether the frame-level protection information is bound to a video frame. Exemplarily, if the type of frame-level protection information in Table 1 is frame, it means that the frame-level protection information is bound to the video frame, and the frame-level protection information contains the memory block information and resolution information of the bound video frame . If the type of frame-level protection information in Table 1 is global, it means that the frame-level protection information is not bound to the video frame. Correspondingly, the memory block information and resolution information of the video frame in the frame-level protection information can be empty. In addition, when the type of frame-level protection information is global, the frame-level protection information can be applied to all video frames that have lost frame-level protection information. In order to facilitate the distinction, this application refers to this type of protection information as "global protection information". ". The output resolution in the global protection information can be included in the extended output strategy information.
根据上述对安全内存块的描述可知,TEE系统架构在创建媒体通路时,配置有数据内存块和保护信息内存块。相应的,表1中视频帧的内存块信息用于建立该帧级保护信息与该帧级保护信息所绑定视频帧的对应关系。According to the above description of the secure memory block, the TEE system architecture is configured with a data memory block and a protection information memory block when the media channel is created. Correspondingly, the memory block information of the video frame in Table 1 is used to establish the correspondence between the frame-level protection information and the video frame bound to the frame-level protection information.
表1中视频帧的分辨率信息可以随视频帧的更新而更新。详见下述实施例的描述,此处不详述。The resolution information of the video frame in Table 1 can be updated with the update of the video frame. For details, refer to the description of the following embodiments, which will not be described in detail here.
表1中水印控制信息用于在所绑定的视频帧需要添加水印时,维护水印类型以及水印的存储地址等信息。其中,水印的存储地址用于指示存储水印信息的内存块。水印信息例如包括水印信息的内容、添加到视频帧的位置、与视频帧的相对大小等。例如,水印信息的内容例如是视频源的地址,添加到视频帧的位置例如是从视频帧的左下方向到右上方向,与视频帧的相对大小例如包括,水印长度是视频帧纵向长度的80%,宽度是视频帧纵向长度的10%。The watermark control information in Table 1 is used to maintain information such as the watermark type and the storage address of the watermark when a watermark needs to be added to the bound video frame. Among them, the storage address of the watermark is used to indicate the memory block where the watermark information is stored. The watermark information includes, for example, the content of the watermark information, the position added to the video frame, the relative size of the video frame, and so on. For example, the content of the watermark information is, for example, the address of the video source, and the position added to the video frame is, for example, from the lower left direction to the upper right direction of the video frame. The relative size of the video frame includes, for example, the watermark length is 80% of the longitudinal length of the video frame. , The width is 10% of the vertical length of the video frame.
表1中checksum用于校验帧级保护信息是否被篡改。详见下述实施例的描述,此处不详述。The checksum in Table 1 is used to verify whether the frame-level protection information has been tampered with. For details, refer to the description of the following embodiments, which will not be described in detail here.
根据上述实施例的描述可知,表1中tag、视频帧的存储地址以及该存储地址的长度的对应关系、通路标识和checksum,可以是配置保护信息内存块时,会话管理模块添加到保护信息内存块中的。tag、视频帧的存储地址以及该存储地址的长度的对应关系和checksum是帧级保护信息的初始信息。According to the description of the above embodiment, the corresponding relationship between the tag, the storage address of the video frame and the length of the storage address, the path identifier and the checksum in Table 1 can be the session management module added to the protection information memory when the protection information memory block is configured. In the block. The tag, the storage address of the video frame, the length of the storage address, and the corresponding relationship and checksum are the initial information of the frame-level protection information.
可以理解的是,表1仅是示意性描述,对本申请涉及的帧级保护信息不构成限制。在其他一些实施例中,帧级保护信息还可以包含更多或者更少的信息。It is understandable that Table 1 is only a schematic description, and does not limit the frame-level protection information involved in this application. In some other embodiments, the frame-level protection information may also contain more or less information.
参见图4,图4示意了一种安全输出方法100(以下简称方法100)。方法100包括以下步骤:Refer to Fig. 4, which illustrates a safe output method 100 (hereinafter referred to as the method 100). The method 100 includes the following steps:
步骤S101,在对视频码流进行解码得到第一解码视频帧的阶段,根据输出控制策略和第一解码视频帧的分辨率,生成第一解码视频帧的帧级保护信息。Step S101: In a stage where the first decoded video frame is obtained by decoding the video bitstream, the frame-level protection information of the first decoded video frame is generated according to the output control strategy and the resolution of the first decoded video frame.
其中,输出控制策略是与视频码流的保护要求相匹配的保护策略。电子设备在对视频码流解码之前,可以获知第一解码视频帧的分辨率。电子设备例如可以根据视频码流获知第一解码视频帧的分辨率。Among them, the output control strategy is a protection strategy that matches the protection requirements of the video stream. The electronic device can learn the resolution of the first decoded video frame before decoding the video code stream. For example, the electronic device may learn the resolution of the first decoded video frame according to the video code stream.
示例性的,电子设备的TEE软件应用层接收加密的视频码流之后,对加密的视频码流解密,得到视频码流以及视频码流对应的保护要求,保护要求例如是以1080逐行扫描(1080progressive scan,1080p),输出视频码流对应的视频。之后,TEE软件应用层可以根据保护要求配置输出控制策略。输出控制策略包括NoHDCP保护级别时允许的视频宽高,采用HDCP1.4保护级别时允许的视频宽高,以及采用HDCP2.2保护级别时允许的视频宽高。之后,电子设备对视频码流进行解码得到第一解码视频帧,进而,电子设备将第一解码视频帧的分辨率写入第一解码视频帧对应的保护信息内存块中,得到第一解码视频帧 的帧级保护信息。Exemplarily, after the TEE software application layer of the electronic device receives the encrypted video code stream, it decrypts the encrypted video code stream to obtain the video code stream and the protection requirements corresponding to the video code stream. The protection requirements are, for example, 1080 progressive scan ( 1080progressive scan, 1080p), output the video corresponding to the video stream. After that, the TEE software application layer can configure the output control strategy according to the protection requirements. The output control strategy includes the video width and height allowed when the NoHDCP protection level is adopted, the video width and height allowed when the HDCP1.4 protection level is adopted, and the video width and height allowed when the HDCP2.2 protection level is adopted. After that, the electronic device decodes the video code stream to obtain the first decoded video frame, and further, the electronic device writes the resolution of the first decoded video frame into the protection information memory block corresponding to the first decoded video frame to obtain the first decoded video Frame-level protection information of the frame.
其中,第一解码视频帧的帧级保护信息包括第一解码视频帧的分辨率和最小分辨率,最小分辨率为所述视频码流在整个媒体通路中对应的最小分辨率。应当理解,最小分辨率通常设置在帧级保护信息的初始信息中,第一解码视频帧的分辨率是当前解码视频帧的分辨率,如果当前解码视频帧的分辨率小于初始设置的最小分辨率,则将帧级保护信息中的最小分辨率修改为当前解码视频帧的分辨率(也即第一解码视频帧的分辨率)。Wherein, the frame-level protection information of the first decoded video frame includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video stream in the entire media path. It should be understood that the minimum resolution is usually set in the initial information of the frame-level protection information. The resolution of the first decoded video frame is the resolution of the currently decoded video frame. If the resolution of the current decoded video frame is less than the initially set minimum resolution , The minimum resolution in the frame-level protection information is modified to the resolution of the currently decoded video frame (that is, the resolution of the first decoded video frame).
步骤S102,根据帧级保护信息确定是否输出第一显示视频帧。Step S102: Determine whether to output the first display video frame according to the frame-level protection information.
其中,第一显示视频帧是根据第一解码视频帧得到的。一些实施例中,可以将解码得到的第一解码视频帧直接作为输出,此时第一显示视频帧即为第一解码视频帧。另一些实施例中,电子设备可以对第一解码视频帧进行处理再得到输出的第一显示视频帧。Wherein, the first display video frame is obtained according to the first decoded video frame. In some embodiments, the first decoded video frame obtained by decoding may be directly used as an output. In this case, the first displayed video frame is the first decoded video frame. In other embodiments, the electronic device may process the first decoded video frame to obtain the output first display video frame.
示例性的,一些实施例中,电子设备可以放大第一解码视频帧得到第一显示视频帧。另一些实施例中,电子设备可以缩小第一解码视频帧得到第一显示视频帧。Exemplarily, in some embodiments, the electronic device may amplify the first decoded video frame to obtain the first display video frame. In other embodiments, the electronic device may reduce the first decoded video frame to obtain the first display video frame.
需要指出的是,电子设备对第一解码视频帧进行放大或者缩小操作,第一解码视频帧的分辨率也会随之改变。基于此,第一显示视频帧的分辨率与第一解码视频帧的分辨率不同。进而,在得到第一显示视频帧之后,电子设备可以根据第一显示视频帧的分辨率更新帧级保护信息。示例性的,当第一显示视频帧的分辨率小于帧级保护信息中的最小分辨率时,将帧级保护信息中的最小分辨率修改为第一显示视频帧的分辨率,得到第一显示视频帧的帧级保护信息。It should be pointed out that if the electronic device performs an operation of zooming in or out on the first decoded video frame, the resolution of the first decoded video frame will also change accordingly. Based on this, the resolution of the first display video frame is different from the resolution of the first decoded video frame. Furthermore, after obtaining the first display video frame, the electronic device may update the frame-level protection information according to the resolution of the first display video frame. Exemplarily, when the resolution of the first display video frame is less than the minimum resolution in the frame-level protection information, the minimum resolution in the frame-level protection information is modified to the resolution of the first display video frame to obtain the first display Frame-level protection information for video frames.
进一步的,电子设备可以获取输出端口允许的输出保护状态,然后,从第一显示视频帧的帧级保护信息中确定与输出保护状态匹配的目标输出控制策略。之后,电子设备可以判断帧级保护信息中的最小分辨率是否小于目标输出控制策略允许的分辨率,当帧级保护信息中的最小分辨率小于目标输出控制策略允许的分辨率时,电子设备输出第一显示视频帧。当帧级保护信息中的最小分辨率大于目标输出控制策略允许的分辨率时,电子设备输出mute。其中,输出端口的输出保护状态例如是HDCP保护状态。输出端口的输出端口的输出保护状态相关的实施例,以及mute的实施例,详见上述实施例的描述,此处不再详述。Further, the electronic device may obtain the output protection state allowed by the output port, and then determine the target output control strategy that matches the output protection state from the frame-level protection information of the first displayed video frame. After that, the electronic device can determine whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy. When the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the electronic device outputs The first video frame is displayed. When the minimum resolution in the frame-level protection information is greater than the resolution allowed by the target output control strategy, the electronic device outputs mute. The output protection state of the output port is, for example, the HDCP protection state. For the embodiments related to the output protection state of the output port of the output port, and the embodiment of mute, refer to the description of the foregoing embodiment for details, and will not be described in detail here.
采用本实现方式,当帧级保护信息中的最小分辨率小于目标输出控制策略允许的分辨率时,电子设备可以按照目标输出控制策略允许的分辨率输出第一显示视频帧。可见,电子设备每输出一帧视频帧,都能够根据该视频帧对应的帧级保护信息对视频帧进行输出保护,从而安全性更高。而当帧级保护信息中的最小分辨率大于目标输出控制策略允许的分辨率时,说明第一显示视频帧的分辨率不符合输出控制策略,电子设备输出mute。也即当视频帧的分辨率超过输出控制策略允许的分辨率时,将会禁止输出该视频帧,可见,本实现方式能够有效的对高清视频帧进行输出保护。本申请实施例中的保护信息是帧级的,每一个视频帧都有自己对应的帧级保护下信息,每输出一帧视频帧都可以根据该视频帧对应的帧级保护信息对视频帧进行输出保护,安全性更高,灵活性也更好。With this implementation, when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, the electronic device can output the first display video frame according to the resolution allowed by the target output control strategy. It can be seen that every time the electronic device outputs a video frame, the video frame can be output protected according to the frame-level protection information corresponding to the video frame, so that the security is higher. When the minimum resolution in the frame-level protection information is greater than the resolution allowed by the target output control strategy, it means that the resolution of the first display video frame does not meet the output control strategy, and the electronic device outputs mute. That is, when the resolution of the video frame exceeds the resolution allowed by the output control strategy, the output of the video frame will be prohibited. It can be seen that this implementation can effectively protect the output of the high-definition video frame. The protection information in the embodiments of this application is at the frame level, and each video frame has its own corresponding frame-level protection information. Each output frame of video frame can be performed on the video frame according to the frame-level protection information corresponding to the video frame. Output protection, higher safety and flexibility.
以上对具有帧级保护信息的视频帧的实施例进行了描述。另一些实施例中,若第 一显示视频帧的帧级保护信息丢失,电子设备可以根据全局保护信息中的分辨率确定是否输出第一显示视频帧。其中,全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。全局保护信息可以是电子设备生成帧级保护信息的同时,根据至少一个码流生成,该至少一个码流可以包含所述视频码流。全局保护信息如图3示意的实施例所述,此处不再详述。The embodiments of the video frame with frame-level protection information have been described above. In other embodiments, if the frame-level protection information of the first display video frame is lost, the electronic device may determine whether to output the first display video frame according to the resolution in the global protection information. Wherein, the resolution in the global protection information is the minimum resolution in the output strategy corresponding to at least one code stream. The global protection information may be generated according to at least one code stream while the electronic device generates frame-level protection information, and the at least one code stream may include the video code stream. The global protection information is described in the embodiment shown in FIG. 3, and will not be described in detail here.
此外,第一显示视频帧的显示位置和大小,均由用户通过REE侧输入控制指令。基于此,其他一些实施例中,若第一显示视频帧需要视频水印保护,在输出第一显示视频帧之前,电子设备还可以从REE驱动中获取第一显示视频帧的位置和大小。然后,电子设备可以根据帧级保护信息中水印的存储地址信息确定存储水印信息的内存块,进而,从相应内存块中读取水印信息。之后,电子设备可以根据第一显示视频帧的位置和大小、水印信息与第一显示视频帧的相对位置、以及水印信息与第一显示视频帧的相对大小,确定待添加水印信息的位置和大小。In addition, the display position and size of the first display video frame are controlled by the user through the REE side. Based on this, in some other embodiments, if the first display video frame needs video watermark protection, before outputting the first display video frame, the electronic device may also obtain the position and size of the first display video frame from the REE driver. Then, the electronic device can determine the memory block storing the watermark information according to the storage address information of the watermark in the frame-level protection information, and then read the watermark information from the corresponding memory block. After that, the electronic device can determine the position and size of the watermark information to be added according to the position and size of the first display video frame, the relative position of the watermark information and the first display video frame, and the relative size of the watermark information and the first display video frame. .
可见,采用本实现方式,电子设备能够根据视频帧显示时的位置和大小,确定待添加的水印的位置和大小,从而能够确保水印随视频帧的变化精确的添加和显示。此外,电子设备通过帧级保护信息将视频帧和该视频帧的水印信息直接对应,能够在多视频同时显示的场景下,避免由于视频帧的显示层级问题,导致添加水印失败的问题。It can be seen that, with this implementation, the electronic device can determine the position and size of the watermark to be added according to the position and size of the video frame during display, so as to ensure that the watermark is accurately added and displayed with the change of the video frame. In addition, the electronic device directly corresponds the video frame to the watermark information of the video frame through the frame-level protection information, which can avoid the problem of failure to add watermark due to the display level of the video frame in a scene where multiple videos are displayed at the same time.
综上,本申请提供的安全输出方法,电子设备对视频码流解码得到视频帧之后,即对应视频帧生成帧级保护信息。之后,电子设备根据视频帧分辨率的变化,更新视频帧的帧级保护信息。从而在输出待显示视频帧之前,电子设备能够按照待显示视频帧对应的帧级保护信息,对待显示视频帧进行输出保护。这样从视频帧的层面进行保护,在视频帧发生变更时,电子设备能够及时更新视频帧对应输出保护信息,使得电子设备能够提供更加精准的输出保护,避免视频帧与输出保护策略不同步等产生的保护失效问题,提高保护的性能。In summary, in the safe output method provided by this application, after the electronic device decodes the video code stream to obtain the video frame, it generates frame-level protection information corresponding to the video frame. After that, the electronic device updates the frame-level protection information of the video frame according to the change in the resolution of the video frame. Therefore, before outputting the to-be-displayed video frame, the electronic device can perform output protection on the to-be-displayed video frame according to the frame-level protection information corresponding to the to-be-displayed video frame. In this way, protection is performed at the level of the video frame. When the video frame changes, the electronic device can update the output protection information corresponding to the video frame in time, so that the electronic device can provide more accurate output protection, and avoid the video frame and the output protection strategy from being out of synchronization. The protection failure problem, improve the performance of the protection.
以下对方法100进行示例性介绍。The method 100 is exemplarily introduced below.
其中,在执行上述步骤S101之前,图2中的TEE软件应用层可以通过TEE软件接口适配层请求TEE软件操作系统层和会话管理模块创建媒体通路。所创建的媒体通路可以用于输出受保护的视频内容。相应的,该媒体通路例如包括VDEC、VDP和输出端口等,还包括至少一个数据内存块和至少一个保护信息内存块,至少一个数据内存块用于存储该媒体通路所传输的视频相关数据,至少一个保护信息内存块用于存储该媒体通路所传输的视频帧对应的帧级保护信息。Wherein, before performing the above step S101, the TEE software application layer in FIG. 2 may request the TEE software operating system layer and the session management module to create a media path through the TEE software interface adaptation layer. The created media path can be used to output protected video content. Correspondingly, the media path includes, for example, VDEC, VDP, and output port, etc., and also includes at least one data memory block and at least one protection information memory block. At least one data memory block is used to store video-related data transmitted by the media path, at least A protection information memory block is used to store the frame-level protection information corresponding to the video frame transmitted by the media channel.
本实施例中,会话管理模块为该媒体通路设置有通路标识A,通路标识A用于指示该媒体通路。会话管理模块还可以维护至少一个数据内存块与通路标识A的对应关系。此外,会话管理模块可以配置所述至少一个保护信息内存块中的帧级保护信息的初始信息。本实施例中,初始信息例如包括帧级保护信息的类型是frame、通路标识A、以及该帧级保护信息所绑定视频帧的数据内存块的地址和长度的对应关系。In this embodiment, the session management module sets a path identifier A for the media path, and the path identifier A is used to indicate the media path. The session management module may also maintain the correspondence between at least one data memory block and the path identifier A. In addition, the session management module may configure the initial information of the frame-level protection information in the at least one protection information memory block. In this embodiment, the initial information includes, for example, the type of the frame-level protection information is frame, the path identifier A, and the correspondence between the address and length of the data memory block of the video frame bound to the frame-level protection information.
进一步的,如图5所示,CAS/DRM运行在TEE软件应用层的TA可以接收加密的视频码流,之后,对加密的视频码流解密得到视频码流。然后,TA可以根据视频码流对应的保护要求配置输出控制策略。之后,TA可以将视频码流写入数据内存块01中。另外,一些 实施例中,TA可以将输出控制策略配置到VDEC。另一些实施例中,TA可以将输出控制策略配置到码流输出控制策略内存块(stream output control policy buffer)中。其中,VDEC对码流输出控制策略内存块具备读操作权限。Further, as shown in Figure 5, the TA running on the application layer of the TEE software with CAS/DRM can receive the encrypted video stream, and then decrypt the encrypted video stream to obtain the video stream. Then, the TA can configure the output control strategy according to the protection requirements corresponding to the video code stream. After that, the TA can write the video code stream into the data memory block 01. In addition, in some embodiments, the TA can configure the output control strategy to VDEC. In other embodiments, the TA may configure the output control policy in a stream output control policy buffer. Among them, VDEC has read operation authority for the code stream output control strategy memory block.
进而,VDEC可以响应TEE软件驱动层的指令,从数据内存块01中读取视频码流,然后,对视频码流进行解码得到第一解码视频帧。之后,VDEC可以将第一解码视频帧写入数据内存块02。VDEC还可以从码流输出控制策略内存块中读取输出控制策略,然后,将输出控制策略和第一解码视频帧的分辨率写入保护信息内存块01,得到第一解码视频帧的帧级保护信息。保护信息内存块01中的帧级保护信息包括第一解码视频帧的分辨率和最小分辨率。VDEC在执行解码操作之前获知第一解码视频帧的分辨率。Furthermore, VDEC can respond to the instruction of the TEE software driver layer to read the video code stream from the data memory block 01, and then decode the video code stream to obtain the first decoded video frame. After that, VDEC can write the first decoded video frame into the data memory block 02. VDEC can also read the output control strategy from the code stream output control strategy memory block, and then write the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01 to obtain the frame level of the first decoded video frame Protect information. The frame-level protection information in the protection information memory block 01 includes the resolution and the minimum resolution of the first decoded video frame. VDEC knows the resolution of the first decoded video frame before performing the decoding operation.
本申请中,VDEC在将第一解码视频帧写入数据内存块02之前,可以检测视频码流和第一解码视频帧是否对应同一媒体通路。在确定视频码流和第一解码视频帧对应同一媒体通路之后,将第一解码视频帧写入数据内存块02。这样能够避免VDEC输出第一解码视频帧时,出现访问其他媒体通路的数据的问题,从而提高视频帧传输的安全性。In this application, before the VDEC writes the first decoded video frame into the data memory block 02, it can detect whether the video code stream and the first decoded video frame correspond to the same media channel. After determining that the video code stream and the first decoded video frame correspond to the same media path, the first decoded video frame is written into the data memory block 02. This can avoid the problem of accessing data of other media channels when VDEC outputs the first decoded video frame, thereby improving the security of video frame transmission.
示例性的,VDEC可以获取数据内存块01对应的第一通路标识和第一解码视频帧的帧级保护信息中的第二通路标识。在第一通路标识和第二通路标识相同时,可以确定视频码流和第一解码视频帧的帧级保护信息对应同一媒体通路。Exemplarily, the VDEC may obtain the first path identifier corresponding to the data memory block 01 and the second path identifier in the frame-level protection information of the first decoded video frame. When the first path identifier and the second path identifier are the same, it can be determined that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path.
例如,数据内存块01对应通路标识A,而第一解码视频帧的帧级保护信息中的通路标识由会话管理模块预先配置,即,第二通路标识是通路标识A。基于此,第一通路标识应当与第二通路标识相同。For example, the data memory block 01 corresponds to the path identifier A, and the path identifier in the frame-level protection information of the first decoded video frame is pre-configured by the session management module, that is, the second path identifier is the path identifier A. Based on this, the first path identifier should be the same as the second path identifier.
此外,VDEC在将输出控制策略和第一解码视频帧的分辨率写入保护信息内存块01之前,可以检测保护信息内存块01中的初始信息是否有效。在确定保护信息内存块01中的初始信息有效之后,VDEC将输出控制策略和第一解码视频帧的分辨率写入保护信息内存块01。VDEC检测初始信息是否有效的实施例,见下文描述,此处不详述。In addition, VDEC can detect whether the initial information in the protection information memory block 01 is valid before writing the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01. After determining that the initial information in the protection information memory block 01 is valid, VDEC writes the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01. For an embodiment of VDEC detecting whether the initial information is valid, see the following description, which will not be described in detail here.
一些实施例中,第一解码视频帧即为第一显示视频帧。进一步的,VDP可以响应TEE软件驱动层的指令,从保护信息内存块01读取帧级保护信息,以及从输出端口获取HDCP保护状态。然后,VDP可以从帧级保护信息中确定与HDCP保护状态相匹配的目标输出控制策略。本实施例中,目标输出控制策略例如是HDCP1.4输出控制策略。然后,VDP判断帧级保护信息中的最小分辨率是否小于HDCP1.4输出控制策略允许的分辨率。在帧级保护信息中的最小分辨率小于HDCP1.4输出控制策略允许的分辨率时,通过输出端口输出第一显示视频帧。In some embodiments, the first decoded video frame is the first display video frame. Further, the VDP can respond to instructions from the TEE software driver layer to read frame-level protection information from the protection information memory block 01, and obtain the HDCP protection status from the output port. Then, VDP can determine the target output control strategy that matches the HDCP protection status from the frame-level protection information. In this embodiment, the target output control strategy is, for example, an HDCP1.4 output control strategy. Then, VDP judges whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the HDCP1.4 output control strategy. When the minimum resolution in the frame-level protection information is less than the resolution allowed by the HDCP1.4 output control strategy, the first display video frame is output through the output port.
本实施例中,在从保护信息内存块01读取帧级保护信息之前,VDP需要检测保护信息内存块01中的帧级保护信息是否有效,然后,在确定保护信息内存块01中的帧级保护信息有效之后,从保护信息内存块01读取帧级保护信息。VDP检测保护信息内存块01中的帧级保护信息是否有效的过程,见下文描述,此处不详述。In this embodiment, before reading the frame-level protection information from the protection information memory block 01, the VDP needs to check whether the frame-level protection information in the protection information memory block 01 is valid, and then determine the frame-level protection information in the protection information memory block 01. After the protection information is valid, read the frame-level protection information from the protection information memory block 01. The process by which the VDP detects whether the frame-level protection information in the protection information memory block 01 is valid is described in the following, and will not be described in detail here.
另一些实施例中,媒体通路还可以包括VPSS(图5中未示出)。在VDEC将第一解码视频帧写入数据内存块02,以及将输出控制策略和第一解码视频帧的分辨率写入保护信息内存块01之后,VPSS可以响应TEE软件驱动层的指令,从数据内存块02读取第一解码视频帧并对第一解码视频帧进行处理,该处理例如可以是缩小处理或放大处理,例如缩小第一解码视频帧得到第一显示视频帧和第一显示视频帧的分辨率。之后,VPSS例如可以将 第一显示视频帧写入数据内存块03(图5中未示出),以及根据第一显示视频帧的分辨率更新保护信息内存块02(图5中未示出)中的帧级保护信息,得到第一显示视频帧的帧级保护信息。示例性的,第一显示视频帧的分辨率例如小于第一解码视频帧的分辨率,VPSS可以将第一显示视频帧的分辨率写入保护信息内存块02,并将保护信息内存块02中帧级保护信息的最小分辨率更新为第一显示视频帧的分辨率,得到第一显示视频帧的帧级保护信息。相应的,本实施例中,VDP从保护信息内存块02中读取第一显示视频帧的帧级保护信息,以确定是否输出第一显示视频帧。此处不再详述。In other embodiments, the media path may also include VPSS (not shown in FIG. 5). After VDEC writes the first decoded video frame into the data memory block 02, and writes the output control strategy and the resolution of the first decoded video frame into the protection information memory block 01, the VPSS can respond to the instruction of the TEE software driver layer, from the data The memory block 02 reads the first decoded video frame and processes the first decoded video frame. For example, the processing may be reduction processing or enlargement processing, for example, shrinking the first decoded video frame to obtain the first display video frame and the first display video frame Resolution. After that, the VPSS can write the first display video frame into the data memory block 03 (not shown in FIG. 5), and update the protection information memory block 02 (not shown in FIG. 5) according to the resolution of the first display video frame. The frame-level protection information in the first display video frame is obtained. Exemplarily, the resolution of the first display video frame is smaller than the resolution of the first decoded video frame, for example, the VPSS may write the resolution of the first display video frame into the protection information memory block 02, and store the protection information memory block 02 The minimum resolution of the frame-level protection information is updated to the resolution of the first display video frame, and the frame-level protection information of the first display video frame is obtained. Correspondingly, in this embodiment, the VDP reads the frame-level protection information of the first display video frame from the protection information memory block 02 to determine whether to output the first display video frame. No more details here.
本实施例中,VPSS在将第一显示视频帧写入数据内存块03之前,可以检测第一解码视频帧和第一显示视频帧是否对应同一媒体通路。在确定第一解码视频帧和第一显示视频帧对应同一媒体通路之后,将第一显示视频帧写入数据内存块03。这样能够避免VPSS输出第一显示视频帧时,出现访问其他媒体通路的数据的问题,从而提高视频帧传输的安全性。In this embodiment, before the VPSS writes the first display video frame into the data memory block 03, it can detect whether the first decoded video frame and the first display video frame correspond to the same media channel. After determining that the first decoded video frame and the first display video frame correspond to the same media channel, the first display video frame is written into the data memory block 03. This can avoid the problem of accessing data of other media channels when the VPSS outputs the first display video frame, thereby improving the security of video frame transmission.
示例性的,VPSS可以获取保护信息内存块01中的级保护信息中的第三通路标识,和保护信息内存块02中的级保护信息中的第四通路标识。在第三通路标识和第四通路标识相同时,确定第一解码视频帧与第一显示视频帧对应同一媒体通路。Exemplarily, the VPSS may obtain the third path identifier in the level protection information in the protection information memory block 01 and the fourth path identifier in the level protection information in the protection information memory block 02. When the third channel identifier and the fourth channel identifier are the same, it is determined that the first decoded video frame and the first displayed video frame correspond to the same media channel.
例如,第三通路标识是会话管理模块预先配置的,即第三通路标识应当是通路标识A。第四通路标识是会话管理模块预先配置的,即第四通路标识也应当是通路标识A,所以,第三通路标识应当与第四通路标识相同。For example, the third path identifier is pre-configured by the session management module, that is, the third path identifier should be the path identifier A. The fourth path identifier is pre-configured by the session management module, that is, the fourth path identifier should also be the path identifier A, so the third path identifier should be the same as the fourth path identifier.
另外,VPSS从保护信息内存块01读取帧级保护信息之前,需要检测保护信息内存块01中的帧级保护信息是否有效。在确定保护信息内存块01中的帧级保护信息有效之后,VPSS从保护信息内存块01读取帧级保护信息。另外,VPSS在更新保护信息内存块02中的帧级保护信息之前,需要检测保护信息内存块02中的帧级保护信息是否有效。在确定保护信息内存块02中的帧级保护信息有效之后,VPSS更新保护信息内存块02中的帧级保护信息。In addition, before the VPSS reads the frame-level protection information from the protection information memory block 01, it needs to check whether the frame-level protection information in the protection information memory block 01 is valid. After determining that the frame-level protection information in the protection information memory block 01 is valid, the VPSS reads the frame-level protection information from the protection information memory block 01. In addition, before updating the frame-level protection information in the protection information memory block 02, the VPSS needs to check whether the frame-level protection information in the protection information memory block 02 is valid. After determining that the frame-level protection information in the protection information memory block 02 is valid, the VPSS updates the frame-level protection information in the protection information memory block 02.
需要指出的是,本申请中,VDEC、VPSS和VDP检测帧级保护信息是否有效,实质上均是对帧级保护信息中的至少一项初始保护信息进行检测,且在确定所检测的至少一项初始保护信息有效的条件下,确定相应帧级保护信息有效。实际操作中,例如是对帧级保护信息中tag、视频帧的存储地址以及所述存储地址长度的对应关系和checksum中的至少一项信息进行检测。以下结合上述三项示例性信息,以VDP为例对检测有效性的操作进行示例性介绍。It should be pointed out that in this application, VDEC, VPSS, and VDP detect whether the frame-level protection information is valid. In essence, they all detect at least one piece of initial protection information in the frame-level protection information, and determine whether at least one of the detected frame-level protection information is valid. Under the condition that the initial protection information is valid, it is determined that the corresponding frame-level protection information is valid. In actual operation, for example, at least one item of information in the tag, the storage address of the video frame, and the length of the storage address in the frame-level protection information is detected, and at least one item of information in the checksum. In the following, combining the above three exemplary information, taking VDP as an example, the operation of detecting validity will be exemplarily introduced.
检测tag:VDP可以检测第一显示视频帧的帧级保护信息的tag与预配置的tag是否匹配。若第一显示视频帧的帧级保护信息的tag与预配置的tag相匹配,VDP可以按照指令指示的处理逻辑读取帧级保护信息,并执行显示处理等操作。Detection tag: VDP can detect whether the tag of the frame-level protection information of the first displayed video frame matches the pre-configured tag. If the tag of the frame-level protection information of the first display video frame matches the pre-configured tag, the VDP can read the frame-level protection information according to the processing logic indicated by the instruction, and perform operations such as display processing.
根据图3示意的实施例所述,tag用于指示帧级保护信息是否绑定视频帧。若帧级保护信息绑定视频帧,那么,VDP应当根据帧级保护信息中视频帧的分辨率对第一显示视频帧执行操作。若帧级保护信息未绑定视频帧,那么,该帧级保护信息是全局保护信息,VDP应当根据扩展输出策略中的分辨率对第一显示视频帧执行操作。可见,对应不同类型的帧级保护信息时,VDP读取的信息以及操作逻辑不同。According to the embodiment illustrated in FIG. 3, the tag is used to indicate whether the frame-level protection information is bound to the video frame. If the frame-level protection information is bound to a video frame, then the VDP should perform an operation on the first display video frame according to the resolution of the video frame in the frame-level protection information. If the frame-level protection information is not bound to the video frame, then the frame-level protection information is global protection information, and the VDP should perform operations on the first display video frame according to the resolution in the extended output strategy. It can be seen that when corresponding to different types of frame-level protection information, the information read by the VDP and the operation logic are different.
基于此,采用本实现方式,VDP能够在确定帧级保护信息类型的正确性之后,根据帧 级保护信息按照相匹配的处理逻辑对处理第一显示视频帧。Based on this, using this implementation method, after determining the correctness of the frame-level protection information type, VDP can process the first display video frame according to the frame-level protection information according to the matching processing logic.
检测视频帧的存储地址以及所述存储地址长度的对应关系:VDP可以检测帧级保护信息中第一显示视频帧的存储地址和所述存储地址长度的对应关系是否正确。若第一显示视频帧的存储地址和所述存储地址长度的对应关系正确,说明该帧级保护信息是第一显示视频帧对应的帧级保护信息。若第一显示视频帧的存储地址和所述存储地址长度的对应关系不正确,说明该帧级保护信息不是第一显示视频帧对应的帧级保护信息。Detecting the correspondence between the storage address of the video frame and the length of the storage address: VDP can detect whether the correspondence between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct. If the corresponding relationship between the storage address of the first display video frame and the length of the storage address is correct, it indicates that the frame-level protection information is the frame-level protection information corresponding to the first display video frame. If the corresponding relationship between the storage address of the first display video frame and the length of the storage address is incorrect, it indicates that the frame-level protection information is not the frame-level protection information corresponding to the first display video frame.
采用本实现方式,VDP能够确保帧级保护信息与视频帧是否是关联的,从而确保从帧级保护信息中读取到相应视频帧的保护信息,进而,对视频帧实现精准的输出保护。With this implementation method, VDP can ensure whether the frame-level protection information is associated with the video frame, thereby ensuring that the protection information of the corresponding video frame is read from the frame-level protection information, and further, realizing accurate output protection for the video frame.
检测checksum:VDP可以判断帧级保护信息的校验值与初始校验值是否相同。若帧级保护信息的校验值与初始校验值相同,说明帧级保护信息未被篡改。若帧级保护信息的校验值与初始校验值不同,说明帧级保护信息已经被篡改。Check checksum: VDP can determine whether the check value of the frame-level protection information is the same as the initial check value. If the check value of the frame-level protection information is the same as the initial check value, it indicates that the frame-level protection information has not been tampered with. If the check value of the frame-level protection information is different from the initial check value, it indicates that the frame-level protection information has been tampered with.
示例性的,VDP可以将帧级保护信息中的全部信息做异或运算,得到第一结果。然后,VDP可以将第一结果与安全随机数做异或运算,得到校验值。之后,VDP比较该校验值与初始校验值是否相同。Exemplarily, the VDP may perform an exclusive OR operation on all information in the frame-level protection information to obtain the first result. Then, the VDP can XOR the first result with the secure random number to obtain the check value. After that, VDP compares whether the check value is the same as the initial check value.
结合图2示意的电子设备的架构,REE驱动和TEE驱动对硬件模块均有驱动作用。虽然帧级保护信息存储在安全内存块中,但是REE驱动可以控制对安全内存块具备访问权限的硬件模块篡改和伪造帧级保护信息。基于此,本申请设置了checksum检测机制。Combined with the electronic device architecture shown in Figure 2, both the REE driver and the TEE driver have a driving effect on the hardware module. Although the frame-level protection information is stored in the secure memory block, the REE driver can control the tampering and forgery of the frame-level protection information by hardware modules that have access rights to the secure memory block. Based on this, this application sets up a checksum detection mechanism.
本实施例涉及“安全随机数”的特征,安全随机数是电子设备的mask寄存器的随机数。mask寄存器例如是一个32比特的寄存器。在电子设备上电时,TEE侧可以从硬件随机数模块读取32比特的随机数写入该mask寄存器并锁存。REE侧对mask寄存器无访问权限。基于此,mask寄存器中32比特的随机数相对安全,可以称为“安全随机数”。This embodiment relates to the feature of "secure random number", and the secure random number is a random number of the mask register of the electronic device. The mask register is, for example, a 32-bit register. When the electronic device is powered on, the TEE side can read a 32-bit random number from the hardware random number module, write it into the mask register and latch it. The REE side has no access rights to the mask register. Based on this, the 32-bit random number in the mask register is relatively safe and can be called a "secure random number".
进一步的,会话管理模块可以根据算法checksum=(Word0^Word1^…Wordn)^Mask确定帧级保护信息中的初始校验值checksum,其中,n是大于等于1的整数,Word0至Wordn是指帧级保护信息中的每个信息,Mask是指安全随机数。VDP在检测checksum时,可以按照同样的算法计算当前的帧级保护信息的校验值。由于安全随机数不会被篡改,所以,若计算得到的校验值与checksum相同,说明帧级保护信息未被篡改。若计算得到的校验值与checksum不同,说明帧级保护信息被REE侧篡改,VDP可以输出mute。Further, the session management module can determine the initial checksum value in the frame-level protection information according to the algorithm checksum=(Word0^Word1^...Wordn)^Mask, where n is an integer greater than or equal to 1, and Word0 to Wordn refer to frames Each information in the level protection information, Mask refers to a secure random number. When VDP detects checksum, it can calculate the check value of the current frame-level protection information according to the same algorithm. Since the secure random number cannot be tampered with, if the calculated check value is the same as the checksum, it indicates that the frame-level protection information has not been tampered with. If the calculated checksum is different from the checksum, it means that the frame-level protection information has been tampered by the REE side, and the VDP can output mute.
可见,采用本实现方式,VDP能够在确保帧级保护信息未被破坏、伪造或者篡改的情况下,根据帧级保护信息对第一显示视频帧进行执行输出保护,从而对第一显示视频帧实现正确的输出保护,优化输出保护的性能。It can be seen that with this implementation method, VDP can perform output protection on the first display video frame according to the frame-level protection information while ensuring that the frame-level protection information is not damaged, forged or tampered, thereby realizing the realization of the first display video frame. Correct output protection, optimize the performance of output protection.
可以理解的是,上述计算校验值的算法仅是一种示意性描述,并不构成对确定校验值的具体限定。在本申请另一些实施例中,电子设备会话管理模块和个硬件模块可以采用其他机制,以及其他算法确定帧级保护信息的校验值。It is understandable that the above algorithm for calculating the check value is only a schematic description, and does not constitute a specific limitation on the determination of the check value. In some other embodiments of the present application, the electronic device session management module and each hardware module may use other mechanisms and other algorithms to determine the check value of the frame-level protection information.
一些实施例中,VDP可以只通过上述checksum确定帧级保护信息是否有效。例如,在checksum与校验值相同时,VDP确定帧级保护信息有效。另一些实施例中,VDP可以通过上述三项信息中的任意两项信息,确定帧级保护信息是否有效。在所检测的两项信息均满足条件时,VDP确定帧级保护信息有效。其他一些实施例中,例如上述三项信息的检测结果均满足条件时,VDP确定帧级保护信息有效。另外,上述三项信息中任一信息的检测 结果,对其他信息的检测无任何影响。相应的,上述三项信息的检测顺序可以任意,本申请对此不限制。In some embodiments, the VDP can only determine whether the frame-level protection information is valid through the above checksum. For example, when the checksum is the same as the check value, VDP determines that the frame-level protection information is valid. In other embodiments, the VDP can determine whether the frame-level protection information is valid through any two of the above three pieces of information. When the detected two pieces of information meet the conditions, VDP determines that the frame-level protection information is valid. In some other embodiments, for example, when the detection results of the above three items of information all meet the conditions, the VDP determines that the frame-level protection information is valid. In addition, the detection result of any of the above three pieces of information has no influence on the detection of other information. Correspondingly, the detection sequence of the above three items of information can be arbitrary, which is not limited in this application.
此外,本申请中,VDEC对帧级保护信息有效性的检测,以及VPSS对帧级保护信息有效性的检测,与上述VDP的检测过程类似,仅在检测视频帧的存储地址以及所述存储地址长度的对应关系的场景中,涉及的视频帧和视频帧的存储地址可能与VDP不同。例如,VDEC应当检测第一解码视频帧的存储地址以及所述存储地址长度的对应关系是否正确。此处不再详述。In addition, in this application, the detection of the validity of the frame-level protection information by VDEC and the detection of the validity of the frame-level protection information by VPSS are similar to the detection process of the above-mentioned VDP, except that the storage address of the video frame and the storage address are detected. In the scene of the length correspondence, the involved video frame and the storage address of the video frame may be different from the VDP. For example, VDEC should detect whether the corresponding relationship between the storage address of the first decoded video frame and the length of the storage address is correct. No more details here.
可以理解的是,上述通过检测帧级保护信息有效性的操作,仅是示意性描述,不构成对本申请检测帧级保护信息有效性的限制。在本申请其他实施例中,涉及帧级保护信息有效性的信息还可以更多或者更少。此处不限制。It is understandable that the foregoing operation of detecting the validity of frame-level protection information is only a schematic description, and does not constitute a restriction on the validity of the detection of frame-level protection information in this application. In other embodiments of the present application, there may be more or less information related to the validity of frame-level protection information. There is no restriction here.
以下结合实例对本申请的技术方案进行介绍。The technical solution of the present application will be introduced below in conjunction with examples.
图6A提供了一种电子设备20的架构图,电子设备20支持TEE。电子设备20的TEE侧包括:软件部分和硬件部分。软件部分包括TEE应用、会话管理模块(session manager)和TEE驱动模块。TEE应用中包含TA。应当理解,软件部分为由软件指令或者软件代码实现的功能模块,这些软件指令或软件代码运行在处理器上以实现相应的功能。硬件部分包括VDEC、VPSS、VDP和HDMI。硬件部分还包括TEE存储模块。FIG. 6A provides a structural diagram of an electronic device 20, and the electronic device 20 supports TEE. The TEE side of the electronic device 20 includes a software part and a hardware part. The software part includes TEE application, session management module (session manager) and TEE driver module. TEE applications include TA. It should be understood that the software part is a functional module implemented by software instructions or software codes, and these software instructions or software codes run on the processor to implement corresponding functions. The hardware part includes VDEC, VPSS, VDP and HDMI. The hardware part also includes TEE storage module.
本实施例中,TEE应用运行在电子设备10中的TEE软件应用层。会话管理模块和TEE驱动模块例如运行在电子设备10的TEE软件驱动层。In this embodiment, the TEE application runs on the TEE software application layer in the electronic device 10. The session management module and the TEE driver module run on the TEE software driver layer of the electronic device 10, for example.
可以理解的是,图6A仅是对本申请电子设备的一种示例性描述,对本申请涉及的电子设备不构成任何限制。在其他一些实施例中,本申请涉及的电子设备可以包括更多或者更少的硬件模块,相应的,本申请涉及的电子设备可以包括其他功能的硬件模块。此外,电子设备的各功能软件也可以采用其他表现形式。此处不再详述。It can be understood that FIG. 6A is only an exemplary description of the electronic device of the present application, and does not constitute any limitation to the electronic device involved in the present application. In some other embodiments, the electronic device involved in this application may include more or fewer hardware modules. Accordingly, the electronic device involved in this application may include hardware modules with other functions. In addition, the functional software of the electronic device can also adopt other forms of expression. No more details here.
可以理解的是,图6A仅是一种示意性描述,并不构成对电子设备20的具体限定。在本申请另一些实施例中,电子设备20可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。It can be understood that FIG. 6A is only a schematic description, and does not constitute a specific limitation on the electronic device 20. In other embodiments of the present application, the electronic device 20 may include more or fewer components than shown, or combine certain components, or split certain components, or arrange different components. The illustrated components can be implemented in hardware, software, or a combination of software and hardware.
进一步的,结合图6A,对本申请的操作流程进行示例性介绍。Further, with reference to FIG. 6A, the operation process of the present application is exemplarily introduced.
创建目标媒体通路Create target media channels
TEE应用可以向会话管理模块发送创建目标媒体通路的请求。其中,该目标媒体通路例如用于传输视频码流。进而,会话管理模块可以根据目标媒体通路的用途创建该目标媒体通路,并为该目标媒体通路配置通路标识Z。The TEE application can send a request to create a target media path to the session management module. Wherein, the target media channel is used to transmit a video code stream, for example. Furthermore, the session management module can create the target media channel according to the purpose of the target media channel, and configure the channel identifier Z for the target media channel.
示例性的,该目标媒体通路包括VDEC、VPSS、VDP和HDMI,以及安全内存块A、安全内存块B1、安全内存块B2、安全内存块C1和安全内存块C2。其中,安全内存块A、安全内存块B1和安全内存块C1用于存储视频相关的数据。安全内存块B2和安全内存块C2用于存储帧级保护信息。安全内存块B2中的帧级保护信息与安全内存块B1中的视频帧数据对应。安全内存块C2中的帧级保护信息与安全内存块C1中的视频帧数据对应。Exemplarily, the target media path includes VDEC, VPSS, VDP, and HDMI, as well as secure memory block A, secure memory block B1, secure memory block B2, secure memory block C1, and secure memory block C2. Among them, the secure memory block A, the secure memory block B1, and the secure memory block C1 are used to store video-related data. The secure memory block B2 and the secure memory block C2 are used to store frame-level protection information. The frame-level protection information in the secure memory block B2 corresponds to the video frame data in the secure memory block B1. The frame-level protection information in the secure memory block C2 corresponds to the video frame data in the secure memory block C1.
本实施例中,会话管理模块可以维护安全内存块A、安全内存块B1和安全内存块 C1与通路标识Z的对应关系。另外,会话管理模块还可以配置安全内存块B2中帧级保护信息的初始信息,以及安全内存块C2中帧级保护信息的初始信息。示例性的,安全内存块B2中帧级保护信息的初始信息包括tag是frame、安全内存块B1的虚拟地址及该虚拟地址长度的对应关系和安全内存块B2中帧级保护信息的初始校验值。安全内存块C2中帧级保护信息的初始信息包括tag是frame、安全内存块C1的虚拟地址及该虚拟地址长度的对应关系和安全内存块C2中帧级保护信息的初始校验值。示例性的,安全内存块B2用于存储帧级保护信息01,安全内存块C2用于存储帧级保护信息02。In this embodiment, the session management module can maintain the correspondence between the secure memory block A, the secure memory block B1, and the secure memory block C1 and the path identifier Z. In addition, the session management module can also configure the initial information of the frame-level protection information in the secure memory block B2 and the initial information of the frame-level protection information in the secure memory block C2. Exemplarily, the initial information of the frame-level protection information in the secure memory block B2 includes the tag is frame, the virtual address of the secure memory block B1 and the corresponding relationship between the length of the virtual address, and the initial verification of the frame-level protection information in the secure memory block B2 value. The initial information of the frame-level protection information in the secure memory block C2 includes the tag is frame, the virtual address of the secure memory block C1 and the corresponding relationship of the virtual address length, and the initial check value of the frame-level protection information in the secure memory block C2. Exemplarily, the secure memory block B2 is used to store the frame-level protection information 01, and the secure memory block C2 is used to store the frame-level protection information 02.
结合图6A示意的媒体通路,图6B示意了一种帧级保护信息的示例性传输流程。其中,TEE侧的控制流程如图6B中TEE侧虚线箭头所示,TEE侧的数据传输流程如图6B中TEE侧实线箭头所示,REE侧的控制流程如图6B中REE侧的实线箭头所示。With reference to the media path illustrated in FIG. 6A, FIG. 6B illustrates an exemplary transmission process of frame-level protection information. Among them, the control flow on the TEE side is shown by the dotted arrow on the TEE side in Figure 6B, the data transmission flow on the TEE side is shown by the solid arrow on the TEE side in Figure 6B, and the control flow on the REE side is shown by the solid line on the REE side in Figure 6B. The arrow shows.
获取视频码流Get video stream
在创建目标媒体通路之后,REE应用获取视频码流源,在确定视频码流源是受保护的视频码流源之后,REE应用将该受保护的视频码流源传输到TA。视频码流源即为加密的视频码流。TA对视频码流源解密,得到视频码流以及视频码流对应的保护要求。之后,TA根据保护要求配置视频码流对应的输出控制策略。其中,输出控制策略如上述实施例所述,此处不详述。本实施例中,TEE侧的显示控制驱动将TA配置的输出控制策略配置到VDEC,并且TA将视频码流写入安全内存块A中。其中,显示控制驱动是TEE驱动模块的一种。After the target media channel is created, the REE application obtains the video code stream source, and after determining that the video code stream source is a protected video code stream source, the REE application transmits the protected video code stream source to the TA. The video stream source is the encrypted video stream. TA decrypts the source of the video code stream, and obtains the video code stream and the corresponding protection requirements of the video code stream. After that, the TA configures the output control strategy corresponding to the video code stream according to the protection requirements. Among them, the output control strategy is as described in the foregoing embodiment, and will not be described in detail here. In this embodiment, the display control driver on the TEE side configures the output control strategy configured by the TA to the VDEC, and the TA writes the video code stream into the secure memory block A. Among them, the display control drive is a kind of TEE drive module.
对视频码流解码得到解码视频帧Decode the video stream to get the decoded video frame
VDEC响应TEE驱动模块的指令,从安全内存块A中读取视频码流。然后,VDEC对视频码流解码得到解码视频帧。另外,VDEC可以在解码之前,获取到解码视频帧的分辨率,解码视频帧的分辨率例如是分辨率01。VDEC responds to the instruction of the TEE driver module and reads the video stream from the secure memory block A. Then, VDEC decodes the video code stream to obtain decoded video frames. In addition, VDEC can obtain the resolution of the decoded video frame before decoding, and the resolution of the decoded video frame is, for example, resolution 01.
之后,VDEC获取安全内存块A对应的通路标识,得到通路标识Z。VDEC还获取安全内存块B2中初始信息中的通路标识,同样得到通路标识Z。根据安全内存块A对应的通路标识与安全内存块B2中初始信息中的通路标识相同,确定视频码流与解码视频帧均对应目标媒体通路,VDEC将解码视频帧写入安全内存块B1。VDEC从读取视频码流到将解码视频帧写入安全内存块B1的过程,图6B中未示出。After that, VDEC obtains the path identifier corresponding to the secure memory block A, and obtains the path identifier Z. VDEC also obtains the path identifier in the initial information in the secure memory block B2, and also obtains the path identifier Z. According to the path identifier corresponding to the secure memory block A and the path identifier in the initial information in the secure memory block B2, it is determined that both the video code stream and the decoded video frame correspond to the target media path, and the VDEC writes the decoded video frame into the secure memory block B1. The process of VDEC from reading the video code stream to writing the decoded video frame into the secure memory block B1 is not shown in FIG. 6B.
另外,结合图6B,VDEC检测安全内存块B2中初始信息是否有效。示例性的,VDEC检测安全内存块B2中初始信息的tag是否是frame,安全内存块B1的虚拟地址及该虚拟地址长度的对应关系是否正确,以及安全内存块B2中的初始信息的校验值是否与初始校验值相同。在一种可选的情况中,在上述三项信息的检测结果均是为“是”时,指示安全内存块B2中初始信息有效,VDEC将分辨率01写入安全内存块B2中的“当前分辨率”和“最小分辨率”对应的信息位,得到解码视频帧的帧级保护信息01。In addition, in conjunction with Figure 6B, VDEC detects whether the initial information in the secure memory block B2 is valid. Exemplarily, VDEC detects whether the tag of the initial information in the secure memory block B2 is a frame, whether the correspondence between the virtual address of the secure memory block B1 and the length of the virtual address is correct, and the check value of the initial information in the secure memory block B2 Is it the same as the initial check value? In an optional case, when the detection results of the above three items of information are all "Yes", it indicates that the initial information in the secure memory block B2 is valid, and VDEC writes the resolution 01 to the "current" in the secure memory block B2. The information bits corresponding to the “resolution” and the “minimum resolution” obtain the frame-level protection information 01 of the decoded video frame.
处理解码视频帧得到显示视频帧Process decoded video frame to get display video frame
如图6B所示,用户可以通过REE应用层,输入处理解码视频帧的指令。该实施例中,REE应用层可以调用VPSS驱动向VPSS发送具体的处理指令。相应的,VPSS从安全内存块B1中读取解码视频帧,然后,对解码视频帧执行缩小操作,得到显示视频帧(图6B中未示出)。As shown in Figure 6B, the user can input instructions for processing and decoding video frames through the REE application layer. In this embodiment, the REE application layer can call the VPSS driver to send specific processing instructions to the VPSS. Correspondingly, the VPSS reads the decoded video frame from the secure memory block B1, and then performs a shrinking operation on the decoded video frame to obtain a display video frame (not shown in FIG. 6B).
本实施例中,结合图6B所示,VPSS还需要检测安全内存块B2中的帧级保护信息 01是否有效。若安全内存块B2中的帧级保护信息01有效,VPSS可以从安全内存块B2中的帧级保护信息01中获取分辨率01,进而,根据分辨率01和显示视频帧相对于解码视频帧缩小的倍数,确定显示视频帧的分辨率02。本实施例中,分辨率02例如小于分辨率01。VPSS检测安全内存块B2中的帧级保护信息01是否有效的操作过程,与VDEC检测安全内存块B2中初始信息是否有效的操作过程类似,此处不再赘述。In this embodiment, in conjunction with FIG. 6B, the VPSS also needs to detect whether the frame-level protection information 01 in the secure memory block B2 is valid. If the frame-level protection information 01 in the secure memory block B2 is valid, VPSS can obtain the resolution 01 from the frame-level protection information 01 in the secure memory block B2, and then, according to the resolution 01 and the display video frame is reduced relative to the decoded video frame The multiple of to determine the resolution of the displayed video frame 02. In this embodiment, the resolution 02 is smaller than the resolution 01, for example. The operation process of VPSS detecting whether the frame-level protection information 01 in the secure memory block B2 is valid is similar to the operation process of VDEC detecting whether the initial information in the secure memory block B2 is valid, and will not be repeated here.
之后,VPSS可以获取安全内存块B2中帧级保护信息01的通路标识,得到通路标识Z。且VPSS还可以获取安全内存块C2中初始信息的通路标识,得到通路标识Z。根据安全内存块B2中帧级保护信息01的通路标识与安全内存块C2中初始信息的通路标识相同,确定解码视频帧与显示视频帧均对应目标媒体通路,VPSS将显示视频帧写入安全内存块C1。After that, the VPSS can obtain the path identifier of the frame-level protection information 01 in the secure memory block B2 to obtain the path identifier Z. In addition, the VPSS can also obtain the path identifier of the initial information in the secure memory block C2 to obtain the path identifier Z. According to the channel identification of the frame-level protection information 01 in the secure memory block B2 and the initial information in the secure memory block C2, it is determined that both the decoded video frame and the displayed video frame correspond to the target media channel, and VPSS writes the displayed video frame into the secure memory Block C1.
另外,VPSS检测安全内存块C2中初始信息是否有效。示例性的,VPSS可以检测安全内存块C2中初始信息的tag是否是frame,安全内存块C1的虚拟地址及该虚拟地址长度的对应关系是否正确,以及安全内存块C2中的帧级保护信息02的校验值是否与初始校验值相同。在确定安全内存块C2中初始信息有效之后,VPSS将分辨率02写入安全内存块C2中的“当前分辨率”对应的信息位。由于分辨率02小于分辨率01,VPSS还需要将安全内存块C2中的“最小分辨率”对应的信息位更新为分辨率02,得到显示视频帧的帧级保护信息02。In addition, VPSS detects whether the initial information in the secure memory block C2 is valid. Exemplarily, VPSS can detect whether the tag of the initial information in the secure memory block C2 is frame, whether the correspondence between the virtual address of the secure memory block C1 and the length of the virtual address is correct, and the frame-level protection information in the secure memory block C2 02 Whether the check value of is the same as the initial check value. After determining that the initial information in the secure memory block C2 is valid, VPSS writes the resolution 02 into the information bit corresponding to the "current resolution" in the secure memory block C2. Since the resolution 02 is smaller than the resolution 01, the VPSS also needs to update the information bit corresponding to the "minimum resolution" in the secure memory block C2 to the resolution 02 to obtain the frame-level protection information 02 of the displayed video frame.
输出显示视频帧Output display video frame
VDP从安全内存块C1中读取显示视频帧。VDP reads the display video frame from the secure memory block C1.
VDP还需要检测安全内存块C2中的帧级保护信息02是否有效。若安全内存块C2中的帧级保护信息02有效,VDP从安全内存块C2中读取帧级保护信息02。示例性的,本实施例中,可以是VDP中的HDCP监测模块(HDCP monitor)读取帧级保护信息02。本实施例中,VDP还从HDMI获取HDMI支持的HDCP保护状态。该HDCP保护状态包括HDMI允许的HDCP保护级别。本实施例中,VDP检测安全内存块C2中的帧级保护信息02是否有效的操作过程,与VPSS检测安全内存块C2中初始信息是否有效的操作过程类似,此处不再赘述。The VDP also needs to check whether the frame-level protection information 02 in the secure memory block C2 is valid. If the frame-level protection information 02 in the secure memory block C2 is valid, VDP reads the frame-level protection information 02 from the secure memory block C2. Exemplarily, in this embodiment, the HDCP monitor module (HDCP monitor) in the VDP may read the frame-level protection information 02. In this embodiment, the VDP also obtains the HDCP protection status supported by HDMI from HDMI. The HDCP protection status includes the HDCP protection level allowed by HDMI. In this embodiment, the operation process of VDP detecting whether the frame-level protection information 02 in the secure memory block C2 is valid is similar to the operation process of VPSS detecting whether the initial information in the secure memory block C2 is valid, and will not be repeated here.
需要指出的是,VDP读取帧级保护信息02的操作,和VDP获取HDMI支持的HDCP保护状态的操作,是两个独立的操作过程。所以,两操作过程的执行顺序可以任意,本申请对此不限制。It should be pointed out that the operation of VDP to read the frame-level protection information 02 and the operation of VDP to obtain the HDCP protection status supported by HDMI are two separate operation processes. Therefore, the execution sequence of the two operation processes can be arbitrary, which is not limited in this application.
进而,VDP从帧级保护信息02中确定与HDCP保护状态匹配的目标输出保护策略。目标输出保护策略例如是HDCP1.4。然后,VDP检测帧级保护信息02中的分辨率02是否小于HDCP1.4允许的分辨率。若分辨率02小于HDCP1.4允许的分辨率,VDP可以按照HDCP1.4允许的分辨率通过HDMI输出显示视频帧。若分辨率02大于HDCP1.4允许的分辨率,VDP通过HDMI输出mute。Furthermore, VDP determines a target output protection strategy that matches the HDCP protection status from the frame-level protection information 02. The target output protection strategy is, for example, HDCP1.4. Then, VDP detects whether the resolution 02 in the frame-level protection information 02 is less than the resolution allowed by HDCP1.4. If the resolution 02 is less than the resolution allowed by HDCP1.4, VDP can output and display video frames through HDMI according to the resolution allowed by HDCP1.4. If the resolution 02 is greater than the resolution allowed by HDCP1.4, VDP outputs mute through HDMI.
结合图6B,另一些实施场景中,若帧级保护信息02中还包括水印控制信息,VDP在确定可以输出显示视频帧之后,还可以从REE侧的视频输出驱动中获取显示视频帧的位置和大小,然后,从帧级保护信息02中的水印存储地址读取水印信息,进而,根据显示视频帧的位置和大小,将水印信息添加到显示视频帧中。其中,REE侧的视频输出驱动是REE侧软件驱动模块之一。With reference to Figure 6B, in other implementation scenarios, if the frame-level protection information 02 also includes watermark control information, after VDP determines that the display video frame can be output, it can also obtain the position and position of the display video frame from the video output driver on the REE side. Then, read the watermark information from the watermark storage address in the frame-level protection information 02, and then add the watermark information to the display video frame according to the position and size of the display video frame. Among them, the video output driver on the REE side is one of the software driver modules on the REE side.
可以理解的是,图6A和图6B涉及的实施例仅是示意性描述,对本申请的技术方案不构成限制。在其他一些实施例中,目标媒体通路还可以包括更多或者更少的硬件模块和内存块。各硬件模块的操作过程也可以不同于上述描述。各内存块中的保护信息也可以不同于上述描述。此处不再详述。It can be understood that the embodiments involved in FIG. 6A and FIG. 6B are only schematic descriptions, and do not constitute a limitation to the technical solution of the present application. In some other embodiments, the target media path may also include more or fewer hardware modules and memory blocks. The operation process of each hardware module can also be different from the above description. The protection information in each memory block can also be different from the above description. No more details here.
另外,本说明书并未示出本申请适用的全部实施场景,在其他实施场景下,采用基于本申请技术思想的其他实施手段,同样属于本申请的保护范畴。In addition, this specification does not show all implementation scenarios applicable to this application. In other implementation scenarios, adopting other implementation methods based on the technical ideas of this application also belongs to the protection category of this application.
综上,本申请提供的技术方案,电子设备对视频码流解码得到视频帧之后,即对应视频帧生成帧级保护信息。之后,电子设备根据视频帧分辨率的变化,更新视频帧的帧级保护信息。从而在输出待显示视频帧之前,电子设备能够按照待显示视频帧对应的帧级保护信息,对待显示视频帧进行输出保护。这样从视频帧的层面进行保护,在视频帧发生变更时,电子设备能够及时更新视频帧对应输出保护信息,使得电子设备能够提供更加精准的输出保护,避免视频帧与输出保护策略不同步等产生的保护失效问题,提高保护的性能。In summary, in the technical solution provided by this application, after the electronic device decodes the video code stream to obtain the video frame, it generates frame-level protection information corresponding to the video frame. After that, the electronic device updates the frame-level protection information of the video frame according to the change in the resolution of the video frame. Therefore, before outputting the to-be-displayed video frame, the electronic device can perform output protection on the to-be-displayed video frame according to the frame-level protection information corresponding to the to-be-displayed video frame. In this way, protection is performed at the level of the video frame. When the video frame changes, the electronic device can update the output protection information corresponding to the video frame in time, so that the electronic device can provide more accurate output protection, and avoid the video frame and the output protection strategy from being out of synchronization. The protection failure problem, improve the performance of the protection.
上述实施例中从电子设备硬件实体结构,软件架构,以及各软、硬件所执行的动作的角度对本申请提供的安全输出方法的各方案进行了介绍。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的对应关系的建立以及根据对应关系执行输出的处理步骤,本申请不仅能够以硬件或硬件和计算机软件的结合形式来实现。某些功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对上述每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请实施例的范围。In the foregoing embodiment, the solutions of the safe output method provided in the present application are introduced from the perspective of the physical structure of the electronic device hardware, the software architecture, and the actions performed by each software and hardware. Those skilled in the art should easily realize that in combination with the establishment of the correspondence relationship described in the embodiments disclosed herein and the execution of the output processing steps according to the correspondence relationship, this application can not only be implemented in the form of hardware or a combination of hardware and computer software . Whether certain functions are executed by hardware or computer software-driven hardware depends on the specific application and design constraints of the technical solution. Professionals and technicians can use different methods to implement the described functions for each of the above specific applications, but such implementation should not be considered as going beyond the scope of the embodiments of the present application.
例如,上述电子设备10和电子设备20可以通过功能模块的形式来实现上述部分的功能。如图7A所示,安全输出装置70可以包括解码模块701和显示控制模块702。该安全输出装置70可用于执行上述图4示意的任意实施例中安全输出方法的部分或全部实施例。For example, the above-mentioned electronic device 10 and the electronic device 20 may implement the above-mentioned part of the functions in the form of functional modules. As shown in FIG. 7A, the safety output device 70 may include a decoding module 701 and a display control module 702. The safety output device 70 can be used to implement some or all of the embodiments of the safety output method in any of the embodiments shown in FIG. 4.
例如:解码模块701用于根据输出控制策略和第一解码视频帧的分辨率,生成所述第一解码视频帧的帧级保护信息,所述第一解码视频帧为所述解码模块对视频码流进行解码得到的。显示控制模块702用于根据所述帧级保护信息确定是否输出第一显示视频帧,所述第一显示视频帧是根据所述第一解码视频帧得到的。For example, the decoding module 701 is configured to generate frame-level protection information of the first decoded video frame according to the output control strategy and the resolution of the first decoded video frame, and the first decoded video frame is the video code of the decoding module. The stream is decoded. The display control module 702 is configured to determine whether to output a first display video frame according to the frame-level protection information, and the first display video frame is obtained according to the first decoded video frame.
由此可见,本申请提供的安全输出装置70每输出一帧视频帧,都能够根据该视频帧对应的帧级保护信息对视频帧进行输出保护,从而安全性更高。It can be seen that, every time a video frame is output by the safety output device 70 provided by the present application, the video frame can be output protected according to the frame-level protection information corresponding to the video frame, thereby achieving higher security.
可选的,该安全输出装置70还可以包括处理模块、更新模块、TA、检测模块,水印添加模块、获取模块和会话管理模块。在不同的实施例中,上述各模块用于实现不同的功能。Optionally, the safety output device 70 may also include a processing module, an update module, a TA, a detection module, a watermark adding module, an acquisition module, and a session management module. In different embodiments, the above-mentioned modules are used to implement different functions.
例如,一些实施例中,该处理模块可以用于对所述第一解码视频帧进行处理得到所述第一显示视频帧。该更新模块,用于根据所述第一显示视频帧的分辨率更新所述帧级保护信息。其中,该处理模块,具体用于放大所述第一解码视频帧得到所述第一显示视频帧;或者,具体用于缩小所述第一解码视频帧得到所述第一显示视频帧。其中,帧级保护信息包括所述第一解码视频帧的分辨率和最小分辨率,所述最小分辨率 为所述视频码流在整个媒体通路中对应的最小分辨率。本实施例中,该更新模块,具体用于当所述第一显示视频帧的分辨率小于所述最小分辨率时,将所述帧级保护信息中的最小分辨率修改为所述第一显示视频帧的分辨率。For example, in some embodiments, the processing module may be used to process the first decoded video frame to obtain the first display video frame. The update module is configured to update the frame-level protection information according to the resolution of the first display video frame. Wherein, the processing module is specifically configured to enlarge the first decoded video frame to obtain the first display video frame; or, specifically, to reduce the first decoded video frame to obtain the first display video frame. Wherein, the frame-level protection information includes the resolution and minimum resolution of the first decoded video frame, and the minimum resolution is the minimum resolution corresponding to the video code stream in the entire media path. In this embodiment, the update module is specifically configured to modify the minimum resolution in the frame-level protection information to the first display when the resolution of the first display video frame is less than the minimum resolution. The resolution of the video frame.
可选的,所述显示控制模块702具体用于获取输出端口允许的输出保护状态,确定与所述输出保护状态匹配的目标输出控制策略;判断所述帧级保护信息中的最小分辨率是否小于所述目标输出控制策略允许的分辨率;以及当所述帧级保护信息中的最小分辨率小于所述目标输出控制策略允许的分辨率时,输出所述第一显示视频帧。Optionally, the display control module 702 is specifically configured to obtain the output protection status allowed by the output port, determine a target output control strategy that matches the output protection status; determine whether the minimum resolution in the frame-level protection information is less than The resolution allowed by the target output control strategy; and when the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, output the first display video frame.
可选的,TA可以用于为所述视频码流配置所述输出控制策略。Optionally, TA may be used to configure the output control strategy for the video code stream.
可选的,该解码模块701还用于确定所述视频码流和所述第一解码视频帧是否对应同一媒体通路。其中,该解码模块701具体用于获取所述视频码流对应的第一通路标识和所述第一解码视频帧的帧级保护信息中的第二通路标识,在所述第一通路标识和所述第二通路标识相同时,确定所述视频码流和所述第一解码视频帧的帧级保护信息对应同一媒体通路。该处理模块还用于确定所述第一解码视频帧与所述第一显示视频帧是否对应同一媒体通路。其中,该处理模块用于获取所述第一解码视频帧的帧级保护信息中的第三通路标识,和更新后的帧级保护信息中的第四通路标识,在所述第三通路标识和所述第四通路标识相同时,确定所述第一解码视频帧与所述第一显示视频帧对应同一媒体通路。Optionally, the decoding module 701 is further configured to determine whether the video bitstream and the first decoded video frame correspond to the same media path. Wherein, the decoding module 701 is specifically configured to obtain the first path identifier corresponding to the video code stream and the second path identifier in the frame-level protection information of the first decoded video frame. When the second channel identifiers are the same, it is determined that the video code stream and the frame-level protection information of the first decoded video frame correspond to the same media channel. The processing module is also used to determine whether the first decoded video frame and the first display video frame correspond to the same media channel. Wherein, the processing module is used to obtain the third path identifier in the frame-level protection information of the first decoded video frame, and the fourth path identifier in the updated frame-level protection information, in the third path identifier and When the fourth channel identifiers are the same, it is determined that the first decoded video frame and the first display video frame correspond to the same media channel.
可选的,该检测模块用于检测所述帧级保护信息是否有效。其中,检测模块具体用于进行以下至少一项检测:检测所述帧级保护信息的类型与预配置的类型是否匹配,所述类型用于指示所述帧级保护信息是否绑定视频帧,判断所述帧级保护信息的校验值与初始校验值是否相同,以及检测所述帧级保护信息中第一显示视频帧的存储地址和所述存储地址长度的对应关系是否正确。Optionally, the detection module is used to detect whether the frame-level protection information is valid. The detection module is specifically configured to perform at least one of the following detections: detecting whether the type of the frame-level protection information matches a pre-configured type, and the type is used to indicate whether the frame-level protection information is bound to a video frame, and determining Whether the check value of the frame-level protection information is the same as the initial check value, and whether the correspondence between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct.
可选的,该检测模块具体用于将所述帧级保护信息中的全部信息做异或运算,得到第一结果,将所述第一结果与安全随机数做异或运算,得到所述帧级保护信息的校验值,以及比较所述帧级保护信息的校验值与所述初始校验值是否相同。Optionally, the detection module is specifically configured to perform an exclusive OR operation on all information in the frame-level protection information to obtain a first result, and perform an exclusive OR operation on the first result and a secure random number to obtain the frame The check value of the level protection information, and compare whether the check value of the frame level protection information is the same as the initial check value.
可选的,该水印添加模块用于根据所述帧级保护信息、所述第一显示视频帧的位置和大小,为所述第一显示视频帧添加水印。Optionally, the watermark adding module is configured to add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
可选的,该显示控制模块702还用于在所述第一显示视频帧的帧级保护信息丢失时,根据全局保护信息中的分辨率确定是否输出所述第一显示视频帧,所述全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。Optionally, the display control module 702 is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost. The resolution in the protection information is the minimum resolution in the output strategy corresponding to at least one code stream.
可选的,该获取模块用于获取创建媒体通路的请求,所述媒体通路用于传输所述视频码流。本实施例中,会话管理模块可以用于生成所述媒体通路的通路标识。配置模块,还用于配置所述帧级保护信息中的保护信息的类型、所述帧级保护信息对应的视频帧的存储地址和所述存储地址长度的对应关系、以及所述初始校验值。Optionally, the acquisition module is configured to acquire a request for creating a media path, and the media path is used to transmit the video code stream. In this embodiment, the session management module may be used to generate the path identifier of the media path. The configuration module is also used to configure the type of protection information in the frame-level protection information, the correspondence between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value .
具体内容可以参考方法100以及图6B对应的实施例中的相关描述,此处不再赘述。For specific content, reference may be made to the method 100 and related descriptions in the embodiment corresponding to FIG. 6B, which will not be repeated here.
可以理解的是,一些实施例中,图7A中示意的解码模块701可以实现图2、图5以及图6A中VDEC的功能。图7A中示意的显示控制模块702可以实现图2、图5以及图6A中VDP的功能。图7A中示意的显示处理模块可以实现图2、图5以及图6A中VPSS的功能。图7A中示意的其他功能模块,可以实现图2以及图6A中软件层的功能。例 如,获取模块可以实现TEE软件操作系统层的功能等。详见上述实施例中对电子设备10或者电子设备20的描述,此处不详述。It is understandable that, in some embodiments, the decoding module 701 illustrated in FIG. 7A can implement the functions of the VDEC in FIG. 2, FIG. 5, and FIG. 6A. The display control module 702 illustrated in FIG. 7A can implement the functions of the VDP in FIG. 2, FIG. 5, and FIG. 6A. The display processing module illustrated in FIG. 7A can implement the functions of the VPSS in FIG. 2, FIG. 5, and FIG. 6A. The other functional modules shown in FIG. 7A can realize the functions of the software layer in FIG. 2 and FIG. 6A. For example, the acquisition module can implement the functions of the operating system layer of the TEE software. For details, refer to the description of the electronic device 10 or the electronic device 20 in the foregoing embodiment, which is not described in detail here.
可以理解的是,以上各个模块的划分仅仅是一种逻辑功能的划分,实际实现时,该以上各模块的功能可以集成到处理器实现。如图7B所示,安全输出装置71包括处理器711、传输接口712和存储器713。应当理解,传输接口712可以包括输入接口和输出接口,或者说传输接口712同时具有输入接口和输出接口的功能,本申请实施例对此不做限定。其中,存储器713可以用于存储安全输出装置71预装的程序/代码,也可以存储用于处理器711执行时的代码等。传输接口712可以执行方法100中确定HDCP状态,以及输出第一显示视频帧的操作。处理器711可以执行方法100中除了确定HDCP状态和输出第一显示视频帧之外的操作。It can be understood that the division of the above modules is only a division of logic functions, and in actual implementation, the functions of the above modules can be integrated into the processor for implementation. As shown in FIG. 7B, the safety output device 71 includes a processor 711, a transmission interface 712, and a memory 713. It should be understood that the transmission interface 712 may include an input interface and an output interface, or that the transmission interface 712 has functions of an input interface and an output interface at the same time, which is not limited in the embodiment of the present application. Among them, the memory 713 may be used to store programs/codes pre-installed in the safety output device 71, and may also store codes used for execution by the processor 711, and the like. The transmission interface 712 may perform operations of determining the HDCP state in the method 100 and outputting the first display video frame. The processor 711 may perform operations in the method 100 except for determining the HDCP state and outputting the first display video frame.
具体内容可以参考方法100以及图6B对应的实施例中的相关描述,此处不再赘述。For specific content, reference may be made to the method 100 and related descriptions in the embodiment corresponding to FIG. 6B, which will not be repeated here.
具体实现中,对应电子设备本申请还提供一种计算机存储介质,其中,设置在任意设备中的计算机存储介质可存储有程序,该程序执行时,可实施包括方法100提供的安全输出方法的各实施例中的部分或全部步骤。任意设备中的存储介质均可为磁碟、光盘、只读存储记忆体(read-only memory,ROM)或随机存储记忆体(random access memory,RAM)等。In specific implementation, the application also provides a computer storage medium corresponding to the electronic device. The computer storage medium set in any device can store a program. When the program is executed, it can implement each of the safe output methods provided by the method 100. Part or all of the steps in the embodiment. The storage medium in any device can be a magnetic disk, an optical disc, a read-only memory (ROM) or a random access memory (RAM), etc.
本领域技术任何还可以了解到本申请实施例列出的各种说明性逻辑块(illustrative logical block)和步骤(step)可以通过电子硬件、电脑软件,或两者的结合进行实现。这样的功能是通过硬件还是软件来实现取决于特定的应用和整个系统的设计要求。本领域技术人员可以对于每种特定的应用,可以使用各种方法实现该的功能,但这种实现不应被理解为超出本申请实施例保护的范围。Anyone skilled in the art can also understand that the various illustrative logical blocks and steps listed in the embodiments of this application can be implemented by electronic hardware, computer software, or a combination of the two. Whether such a function is implemented by hardware or software depends on the specific application and the design requirements of the entire system. Those skilled in the art can use various methods to implement the function for each specific application, but such implementation should not be understood as going beyond the protection scope of the embodiments of the present application.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。该计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行该计算机程序指令时,全部或部分地产生按照本申请该的流程或功能。该计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。该计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,该计算机指令可以从一个网站站点、计算机、服务器或报文中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或报文中心进行传输。该计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、报文中心等报文存储设备。该可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the procedures or functions according to the application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instruction may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instruction may be passed from a website, a computer, a server, or a message center. Wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, server or message center for transmission. The computer-readable storage medium may be any available medium that can be accessed by a computer or a message storage device such as a server or a message center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
应理解,在本申请的各种实施例中,各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对实施例的实施过程构成任何限定。It should be understood that in the various embodiments of the present application, the size of the sequence number of each process does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, rather than the implementation process of the embodiment. Constitute any limitation.
本说明书的各个部分均采用递进的方式进行描述,各个实施例之间相同相似的部 分互相参见即可,每个实施例重点介绍的都是与其他实施例不同之处。尤其,对于装置和系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例部分的说明即可。Each part of this specification is described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the device and system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiments.
尽管已描述了本申请的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。Although the preferred embodiments of the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present application.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of this application fall within the scope of the claims of this application and their equivalent technologies, then this application is also intended to include these modifications and variations.

Claims (29)

  1. 一种安全输出方法,其特征在于,所述方法包括:A safe output method, characterized in that the method includes:
    在对视频码流进行解码得到第一解码视频帧的阶段,根据输出控制策略和所述第一解码视频帧的分辨率,生成所述第一解码视频帧的帧级保护信息;In the stage of decoding the video code stream to obtain the first decoded video frame, generating the frame-level protection information of the first decoded video frame according to the output control strategy and the resolution of the first decoded video frame;
    根据所述帧级保护信息确定是否输出第一显示视频帧,所述第一显示视频帧是根据所述第一解码视频帧得到的。Determine whether to output the first display video frame according to the frame-level protection information, the first display video frame being obtained according to the first decoded video frame.
  2. 如权利要求1所述的方法,其特征在于,所述在对视频码流进行解码得到第一解码视频帧之后,所述方法还包括:The method according to claim 1, wherein, after the first decoded video frame is obtained by decoding the video bitstream, the method further comprises:
    对所述第一解码视频帧进行处理得到所述第一显示视频帧;Processing the first decoded video frame to obtain the first display video frame;
    根据所述第一显示视频帧的分辨率更新所述帧级保护信息。The frame-level protection information is updated according to the resolution of the first display video frame.
  3. 如权利要求2所述的方法,其特征在于,所述对所述第一解码视频帧进行处理得到所述第一显示视频帧,包括:3. The method of claim 2, wherein said processing said first decoded video frame to obtain said first display video frame comprises:
    放大所述第一解码视频帧得到所述第一显示视频帧;或者,Amplify the first decoded video frame to obtain the first display video frame; or,
    缩小所述第一解码视频帧得到所述第一显示视频帧。The first decoded video frame is reduced to obtain the first display video frame.
  4. 如权利要求2或3所述的方法,其特征在于,所述帧级保护信息包括所述第一解码视频帧的分辨率和最小分辨率,所述最小分辨率为所述视频码流在整个媒体通路中对应的最小分辨率,所述根据所述第一显示视频帧的分辨率更新所述帧级保护信息,包括:The method according to claim 2 or 3, wherein the frame-level protection information includes the resolution and the minimum resolution of the first decoded video frame, and the minimum resolution is the entire video code stream The corresponding minimum resolution in the media path, the updating the frame-level protection information according to the resolution of the first display video frame includes:
    当所述第一显示视频帧的分辨率小于所述最小分辨率时,将所述帧级保护信息中的最小分辨率修改为所述第一显示视频帧的分辨率。When the resolution of the first display video frame is less than the minimum resolution, the minimum resolution in the frame-level protection information is modified to the resolution of the first display video frame.
  5. 如权利要求1至4中任一项所述的方法,其特征在于,所述根据所述帧级保护信息确定是否输出所述第一显示视频帧,包括:The method according to any one of claims 1 to 4, wherein the determining whether to output the first display video frame according to the frame-level protection information comprises:
    获取输出端口允许的输出保护状态;Obtain the output protection status allowed by the output port;
    确定与所述输出保护状态匹配的目标输出控制策略;Determining a target output control strategy that matches the output protection state;
    判断所述帧级保护信息中的最小分辨率是否小于所述目标输出控制策略允许的分辨率;Judging whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy;
    当所述帧级保护信息中的最小分辨率小于所述目标输出控制策略允许的分辨率时,输出所述第一显示视频帧。When the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, output the first display video frame.
  6. 如权利要求1至5中任一项所述的方法,其特征在于,在对视频码流进行解码得到第一解码视频帧之前,还包括:The method according to any one of claims 1 to 5, wherein before decoding the video bitstream to obtain the first decoded video frame, the method further comprises:
    可信应用TA为所述视频码流配置所述输出控制策略。The trusted application TA configures the output control strategy for the video code stream.
  7. 如权利要求2至6中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 2 to 6, wherein the method further comprises:
    确定所述视频码流和所述第一解码视频帧是否对应同一媒体通路;Determining whether the video code stream and the first decoded video frame correspond to the same media channel;
    确定所述第一解码视频帧与所述第一显示视频帧是否对应同一媒体通路。It is determined whether the first decoded video frame and the first display video frame correspond to the same media channel.
  8. 如权利要求7所述的方法,其特征在于,The method of claim 7, wherein:
    所述确定所述视频码流和所述第一解码视频帧是否对应同一媒体通路包括:The determining whether the video code stream and the first decoded video frame correspond to the same media path includes:
    获取所述视频码流对应的第一通路标识和所述第一解码视频帧的帧级保护信息中的第二通路标识;Acquiring the first path identifier corresponding to the video code stream and the second path identifier in the frame-level protection information of the first decoded video frame;
    在所述第一通路标识和所述第二通路标识相同时,确定所述视频码流和所述第一 解码视频帧的帧级保护信息对应同一媒体通路;When the first path identifier and the second path identifier are the same, determining that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path;
    所述确定所述第一解码视频帧与所述第一显示视频帧是否对应同一媒体通路包括:The determining whether the first decoded video frame and the first display video frame correspond to the same media path includes:
    获取所述第一解码视频帧的帧级保护信息中的第三通路标识,和更新后的帧级保护信息中的第四通路标识;Acquiring the third path identifier in the frame-level protection information of the first decoded video frame and the fourth path identifier in the updated frame-level protection information;
    在所述第三通路标识和所述第四通路标识相同时,确定所述第一解码视频帧与所述第一显示视频帧对应同一媒体通路。When the third channel identifier and the fourth channel identifier are the same, it is determined that the first decoded video frame and the first display video frame correspond to the same media channel.
  9. 如权利要求1至8中任一项所述的方法,其特征在于,在根据所述帧级保护信息确定是否输出第一显示视频帧之前,以及在根据所述第一显示视频帧的分辨率更新所述帧级保护信息之前,还包括:The method according to any one of claims 1 to 8, wherein before determining whether to output the first display video frame according to the frame-level protection information, and before determining whether to output the first display video frame according to the resolution of the first display video frame Before updating the frame-level protection information, it also includes:
    检测所述帧级保护信息是否有效。Detect whether the frame-level protection information is valid.
  10. 如权利要求9所述的方法,其特征在于,所述检测所述帧级保护信息是否有效包括:The method of claim 9, wherein the detecting whether the frame-level protection information is valid comprises:
    检测以下至少一项:Check at least one of the following:
    检测所述帧级保护信息的类型与预配置的类型是否匹配,所述类型用于指示所述帧级保护信息是否绑定视频帧;Detecting whether the type of the frame-level protection information matches a pre-configured type, where the type is used to indicate whether the frame-level protection information is bound to a video frame;
    判断所述帧级保护信息的校验值与初始校验值是否相同;或Determine whether the check value of the frame-level protection information is the same as the initial check value; or
    检测所述帧级保护信息中第一显示视频帧的存储地址和所述存储地址长度的对应关系是否正确。It is detected whether the corresponding relationship between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct.
  11. 如权利要求10所述的方法,其特征在于,所述判断所述帧级保护信息的校验值与初始校验值是否相同,包括:The method of claim 10, wherein the judging whether the check value of the frame-level protection information is the same as the initial check value comprises:
    将所述帧级保护信息中的全部信息做异或运算,得到第一结果;Performing an exclusive OR operation on all the information in the frame-level protection information to obtain the first result;
    将所述第一结果与安全随机数做异或运算,得到所述帧级保护信息的校验值;Performing an exclusive OR operation between the first result and a secure random number to obtain the check value of the frame-level protection information;
    比较所述帧级保护信息的校验值与所述初始校验值是否相同。Compare whether the check value of the frame-level protection information is the same as the initial check value.
  12. 如权利要求1至11任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 11, wherein the method further comprises:
    根据所述帧级保护信息、所述第一显示视频帧的位置和大小,为所述第一显示视频帧添加水印。Add a watermark to the first display video frame according to the frame-level protection information and the position and size of the first display video frame.
  13. 如权利要求1所述的方法,其特征在于,还包括:The method of claim 1, further comprising:
    若所述第一显示视频帧的帧级保护信息丢失,根据全局保护信息中的分辨率确定是否输出所述第一显示视频帧,所述全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。If the frame-level protection information of the first display video frame is lost, determine whether to output the first display video frame according to the resolution in the global protection information, where the resolution in the global protection information corresponds to at least one bit stream The minimum resolution in the output strategy.
  14. 如权利要求1至13中任一项所述的方法,其特征在于,在对视频码流进行解码得到第一解码视频帧之前,还包括:The method according to any one of claims 1 to 13, characterized in that, before decoding the video bitstream to obtain the first decoded video frame, the method further comprises:
    获取创建媒体通路的请求,所述媒体通路用于传输所述视频码流;Acquiring a request for creating a media path, where the media path is used to transmit the video code stream;
    生成所述媒体通路的通路标识;Generating a path identifier of the media path;
    配置所述帧级保护信息中的保护信息的类型、所述帧级保护信息对应的视频帧的存储地址和所述存储地址长度的对应关系、以及所述初始校验值。Configure the type of protection information in the frame-level protection information, the correspondence between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address, and the initial check value.
  15. 一种安全输出装置,其特征在于,所述装置包括:A safety output device, characterized in that the device comprises:
    解码模块,用于根据输出控制策略和第一解码视频帧的分辨率,生成所述第一解 码视频帧的帧级保护信息,所述第一解码视频帧为所述解码模块对视频码流进行解码得到的;The decoding module is used to generate the frame-level protection information of the first decoded video frame according to the output control strategy and the resolution of the first decoded video frame, and the first decoded video frame is used by the decoding module to perform Decoded
    确定模块显示控制模块,用于根据所述帧级保护信息确定是否输出第一显示视频帧,所述第一显示视频帧是根据所述第一解码视频帧得到的。The determining module and the display control module are configured to determine whether to output a first display video frame according to the frame-level protection information, and the first display video frame is obtained according to the first decoded video frame.
  16. 如权利要求15所述的装置,其特征在于,所述装置还包括:The device according to claim 15, wherein the device further comprises:
    处理模块,用于对所述第一解码视频帧进行处理得到所述第一显示视频帧;A processing module, configured to process the first decoded video frame to obtain the first display video frame;
    更新模块,用于根据所述第一显示视频帧的分辨率更新所述帧级保护信息。The update module is configured to update the frame-level protection information according to the resolution of the first display video frame.
  17. 如权利要求16所述的装置,其特征在于,The device of claim 16, wherein:
    所述处理模块,具体用于放大所述第一解码视频帧得到所述第一显示视频帧;或者,The processing module is specifically configured to amplify the first decoded video frame to obtain the first display video frame; or,
    所述处理模块,具体用于缩小所述第一解码视频帧得到所述第一显示视频帧。The processing module is specifically configured to shrink the first decoded video frame to obtain the first display video frame.
  18. 如权利要求16或17所述的装置,其特征在于,所述帧级保护信息包括所述第一解码视频帧的分辨率和最小分辨率,所述最小分辨率为所述视频码流在整个媒体通路中对应的最小分辨率,The device according to claim 16 or 17, wherein the frame-level protection information includes the resolution and the minimum resolution of the first decoded video frame, and the minimum resolution is the entire The corresponding minimum resolution in the media channel,
    所述更新模块,具体用于当所述第一显示视频帧的分辨率小于所述最小分辨率时,将所述帧级保护信息中的最小分辨率修改为所述第一显示视频帧的分辨率。The update module is specifically configured to modify the minimum resolution in the frame-level protection information to the resolution of the first display video frame when the resolution of the first display video frame is less than the minimum resolution Rate.
  19. 如权利要求15至18中任一项所述的装置,其特征在于,所述显示控制模块,具体用于:The device according to any one of claims 15 to 18, wherein the display control module is specifically configured to:
    获取输出端口允许的输出保护状态,确定与所述输出保护状态匹配的目标输出控制策略;Obtain the output protection state allowed by the output port, and determine a target output control strategy that matches the output protection state;
    判断所述帧级保护信息中的最小分辨率是否小于所述目标输出控制策略允许的分辨率;Judging whether the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy;
    当所述帧级保护信息中的最小分辨率小于所述目标输出控制策略允许的分辨率时,输出所述第一显示视频帧。When the minimum resolution in the frame-level protection information is less than the resolution allowed by the target output control strategy, output the first display video frame.
  20. 如权利要求15至19中任一项所述的装置,其特征在于,所述装置还包括可信应用TA,用于为所述视频码流配置所述输出控制策略。The device according to any one of claims 15 to 19, wherein the device further comprises a trusted application TA, which is used to configure the output control strategy for the video stream.
  21. 如权利要求16至20中任一项所述的装置,其特征在于,The device according to any one of claims 16 to 20, wherein:
    所述解码模块,还用于确定所述视频码流和所述第一解码视频帧是否对应同一媒体通路;以及,The decoding module is further configured to determine whether the video code stream and the first decoded video frame correspond to the same media channel; and,
    所述处理模块,还用于确定所述第一解码视频帧与所述第一显示视频帧是否对应同一媒体通路。The processing module is further configured to determine whether the first decoded video frame and the first display video frame correspond to the same media channel.
  22. 如权利要求21所述的方法,其特征在于,The method of claim 21, wherein:
    所述解码模块,具体用于:The decoding module is specifically used for:
    获取所述视频码流对应的第一通路标识和所述第一解码视频帧的帧级保护信息中的第二通路标识;Acquiring a first path identifier corresponding to the video code stream and a second path identifier in the frame-level protection information of the first decoded video frame;
    在所述第一通路标识和所述第二通路标识相同时,确定所述视频码流和所述第一解码视频帧的帧级保护信息对应同一媒体通路;以及When the first path identifier and the second path identifier are the same, determining that the video bitstream and the frame-level protection information of the first decoded video frame correspond to the same media path; and
    所述处理模块,具体还用于:The processing module is specifically also used for:
    获取所述第一解码视频帧的帧级保护信息中的第三通路标识,和更新后的帧级保 护信息中的第四通路标识;Acquiring the third path identifier in the frame-level protection information of the first decoded video frame and the fourth path identifier in the updated frame-level protection information;
    在所述第三通路标识和所述第四通路标识相同时,确定所述第一解码视频帧与所述第一显示视频帧对应同一媒体通路。When the third channel identifier and the fourth channel identifier are the same, it is determined that the first decoded video frame and the first display video frame correspond to the same media channel.
  23. 如权利要求15至22中任一项所述的装置,其特征在于,所述装置还包括检测模块,The device according to any one of claims 15 to 22, wherein the device further comprises a detection module,
    所述检测模块,用于检测所述帧级保护信息是否有效。The detection module is used to detect whether the frame-level protection information is valid.
  24. 如权利要求23所述的装置,其特征在于,The device of claim 23, wherein:
    所述检测模块,具体用于进行以下至少一项检测:The detection module is specifically configured to perform at least one of the following detections:
    检测所述帧级保护信息的类型与预配置的类型是否匹配,所述类型用于指示所述帧级保护信息是否绑定视频帧;Detecting whether the type of the frame-level protection information matches a pre-configured type, where the type is used to indicate whether the frame-level protection information is bound to a video frame;
    判断所述帧级保护信息的校验值与初始校验值是否相同;或Determine whether the check value of the frame-level protection information is the same as the initial check value; or
    检测所述帧级保护信息中第一显示视频帧的存储地址和所述存储地址长度的对应关系是否正确。It is detected whether the corresponding relationship between the storage address of the first display video frame and the length of the storage address in the frame-level protection information is correct.
  25. 如权利要求24所述的装置,其特征在于,The device of claim 24, wherein:
    所述检测模块,具体用于:The detection module is specifically used for:
    将所述帧级保护信息中的全部信息做异或运算,得到第一结果;Performing an exclusive OR operation on all the information in the frame-level protection information to obtain the first result;
    将所述第一结果与安全随机数做异或运算,得到所述帧级保护信息的校验值;Performing an exclusive OR operation between the first result and a secure random number to obtain the check value of the frame-level protection information;
    比较所述帧级保护信息的校验值与所述初始校验值是否相同。Compare whether the check value of the frame-level protection information is the same as the initial check value.
  26. 如权利要求15至25任一项所述的装置,其特征在于,所述装置还包括水印添加模块,用于根据所述帧级保护信息、所述第一显示视频帧的位置和大小,为所述第一显示视频帧添加水印。The device according to any one of claims 15 to 25, wherein the device further comprises a watermark adding module, configured to: A watermark is added to the first display video frame.
  27. 如权利要求15所述的装置,其特征在于,The device of claim 15, wherein:
    所述显示控制模块,还用于在所述第一显示视频帧的帧级保护信息丢失时,根据全局保护信息中的分辨率确定是否输出所述第一显示视频帧,所述全局保护信息中的分辨率是至少一个码流对应的输出策略中的最小分辨率。The display control module is further configured to determine whether to output the first display video frame according to the resolution in the global protection information when the frame-level protection information of the first display video frame is lost. The resolution of is the minimum resolution in the output strategy corresponding to at least one bitstream.
  28. 如权利要求15至27中任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 15 to 27, wherein the device further comprises:
    获取模块,用于获取创建媒体通路的请求,所述媒体通路用于传输所述视频码流;An obtaining module, configured to obtain a request for creating a media path, where the media path is used to transmit the video code stream;
    会话管理模块,用于生成所述媒体通路的通路标识;配置所述帧级保护信息中的保护信息的类型、所述帧级保护信息对应的视频帧的存储地址和所述存储地址长度的对应关系、以及所述初始校验值。The session management module is used to generate the path identifier of the media path; configure the type of protection information in the frame-level protection information, the correspondence between the storage address of the video frame corresponding to the frame-level protection information and the length of the storage address Relationship, and the initial check value.
  29. 一种安全输出的装置,其特征在于,所述装置包括处理器和传输接口,其中:A safe output device, characterized in that the device includes a processor and a transmission interface, wherein:
    所述处理器,被配置为调用存储在存储器中的程序指令,以执行权利要求1至14中任一项所述的安全输出方法。The processor is configured to call program instructions stored in the memory to execute the safe output method according to any one of claims 1 to 14.
PCT/CN2020/079589 2020-03-17 2020-03-17 Secure output method and electronic device WO2021184181A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202080098056.9A CN115211129A (en) 2020-03-17 2020-03-17 Secure output method and electronic device
PCT/CN2020/079589 WO2021184181A1 (en) 2020-03-17 2020-03-17 Secure output method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/079589 WO2021184181A1 (en) 2020-03-17 2020-03-17 Secure output method and electronic device

Publications (1)

Publication Number Publication Date
WO2021184181A1 true WO2021184181A1 (en) 2021-09-23

Family

ID=77772188

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/079589 WO2021184181A1 (en) 2020-03-17 2020-03-17 Secure output method and electronic device

Country Status (2)

Country Link
CN (1) CN115211129A (en)
WO (1) WO2021184181A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102244783A (en) * 2010-05-11 2011-11-16 美国博通公司 Method and system for data processing
US20120033727A1 (en) * 2010-08-09 2012-02-09 Wisair Ltd. Efficient video codec implementation
CN103581746A (en) * 2012-07-31 2014-02-12 三星电子株式会社 Image processing apparatus and image processing method thereof
WO2014133860A1 (en) * 2013-02-27 2014-09-04 Exaimage Systems and methods for protecting video content
CN109309846A (en) * 2017-07-26 2019-02-05 深圳市中兴微电子技术有限公司 A kind of Video security play system and method based on dependable environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8195031B2 (en) * 2004-01-30 2012-06-05 Panasonic Corporation Recording medium, reproduction device, program, and reproduction method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102244783A (en) * 2010-05-11 2011-11-16 美国博通公司 Method and system for data processing
US20120033727A1 (en) * 2010-08-09 2012-02-09 Wisair Ltd. Efficient video codec implementation
CN103581746A (en) * 2012-07-31 2014-02-12 三星电子株式会社 Image processing apparatus and image processing method thereof
WO2014133860A1 (en) * 2013-02-27 2014-09-04 Exaimage Systems and methods for protecting video content
CN109309846A (en) * 2017-07-26 2019-02-05 深圳市中兴微电子技术有限公司 A kind of Video security play system and method based on dependable environment

Also Published As

Publication number Publication date
CN115211129A (en) 2022-10-18

Similar Documents

Publication Publication Date Title
US11722712B2 (en) Source device, content providing method using the source device, sink device and controlling method of the sink device
EP3191994B1 (en) Media decoding control with hardware-protected digital rights management
EP1582962B1 (en) System and method for protecting media content
KR101735682B1 (en) Mechanism for partial encryption of data streams
TWI358932B (en) Packet based high definition high-bandwidth digita
US8132015B1 (en) Method and system for loading a secure firmware update on an adapter device of a computer system
CN110073357B (en) Decryption and variant handling
JP2005051558A (en) Transmission device, reception device, and transmission/reception system
US9823869B2 (en) System and method of protecting data in dynamically-allocated regions of memory
US8214654B1 (en) Method and system for loading a secure firmware update on an adapter device of a computer system
US9515834B2 (en) Content protection continuity through authorized chains of components
JP2009135905A (en) Secure information storage system and method
US9940265B2 (en) Computing system and method of operating computing system
WO2021184181A1 (en) Secure output method and electronic device
US20220246110A1 (en) Dpu enhancement for improved hdcp user experience
WO2020248088A1 (en) Secure access method and electronic device
US20100121966A1 (en) Repeater and repeating method thereof
US8605097B1 (en) Method and system for determining the compliance encrypted and non-encrypted display outputs
CN111723344B (en) Digital content protection method, device, electronic equipment and storage medium
JP4899370B2 (en) Content processing apparatus, content processing method, and content transfer system
KR102521652B1 (en) Interface module for transferring high definition video/audio data and display system including the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20926197

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20926197

Country of ref document: EP

Kind code of ref document: A1