CN120358091B - Video signal dynamic encryption authentication method and system - Google Patents

Abstract

The present invention relates to the field of video signal processing technology, and discloses a method and system for dynamic encryption authentication of video signals. The method comprises: performing two-way challenge-response authentication on a video signal transmitting device and a video signal receiving device to obtain a two-way identity authentication result; performing session key calculation to obtain a session key; performing EDID verification on the video signal receiving device to obtain encrypted EDID verification pass information; performing encrypted transmission of an HDCP key and encryption processing of a video signal to obtain an encrypted video signal; performing device heartbeat response detection to obtain a connection status confirmation result; and controlling the video signal transmission status of the video signal transmitting device and the HDMI receiving channel of the video signal receiving device to obtain a video signal transmission link reconstruction instruction. The present invention implements real-time monitoring of the device connection status, and can quickly cut off video transmission and automatically reestablish a secure link when a security threat is detected.

Description

Video signal dynamic encryption authentication method and system

Technical Field

The present invention relates to the technical field of video signal processing, and in particular to a video signal dynamic encryption authentication method and system.

Background Art

With the rapid development of video signal transmission technology, the security of video content has become an increasingly prominent issue. Traditional HDMI video transmission systems lack comprehensive authentication mechanisms, making it easy for unauthorized devices to intercept and copy high-definition video content. While HDCP encryption technology provides some protection, a single encryption scheme cannot address increasingly complex security threats.

Currently, most connections between HDMI devices lack dynamic authentication mechanisms. Once a connection is established, identity verification is no longer performed. This allows attackers to compromise the security of video transmission through man-in-the-middle or replay attacks. Furthermore, existing EDID authentication schemes are overly simplistic, failing to effectively prevent counterfeit devices from connecting, posing serious security risks.

Summary of the Invention

The present invention provides a method and system for dynamic encryption authentication of video signals, which realizes real-time monitoring of the device connection status, can quickly cut off video transmission when a security threat is detected, and automatically rebuild a secure link.

In a first aspect, the present invention provides a method for dynamic encryption authentication of a video signal, the method comprising:

Performing bidirectional challenge-response authentication on the video signal sending device and the video signal receiving device to obtain a bidirectional identity authentication result;

Based on the two-way identity authentication result, calculating a session key for the video signal sending device and the video signal receiving device to obtain a session key;

Performing EDID verification on the video signal receiving device to obtain encrypted EDID verification pass information;

According to the encrypted EDID verification pass information, encrypting and transmitting the HDCP key and encrypting the video signal to obtain an encrypted video signal;

Performing device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result;

According to the connection status confirmation result, the video signal transmission status of the video signal sending device and the HDMI receiving channel of the video signal receiving device are controlled to obtain a reconstruction instruction of the video signal transmission link.

In a second aspect, the present invention provides a video signal dynamic encryption authentication system, the video signal dynamic encryption authentication system comprising:

An authentication module is used to perform a two-way challenge-response authentication on the video signal sending device and the video signal receiving device to obtain a two-way identity authentication result;

a key calculation module, configured to calculate a session key for the video signal sending device and the video signal receiving device based on the two-way identity authentication result to obtain a session key;

A verification module, configured to perform EDID verification on the video signal receiving device and obtain encrypted EDID verification pass information;

An encryption transmission module is used to encrypt and transmit the HDCP key and encrypt the video signal according to the encrypted EDID verification pass information to obtain an encrypted video signal;

a response detection module, configured to perform device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result;

A reconstruction module is used to control the video signal transmission state of the video signal sending device and the HDMI receiving channel of the video signal receiving device according to the connection status confirmation result, and obtain a reconstruction instruction for the video signal transmission link.

In the technical solution provided by the present invention, by establishing a two-way challenge-response authentication mechanism, two-way identity authentication of the video signal sending device and the receiving device is achieved, effectively preventing the access of illegal devices and man-in-the-middle attacks. The Diffie-Hellman key exchange algorithm is used to dynamically generate session keys, which improves the security of the keys and ensures the encryption strength of subsequent communication processes. Combined with EDID verification and HDCP encryption, a multi-level security protection system is constructed, which effectively prevents the video signal from being illegally intercepted and copied. Through the heartbeat detection mechanism, real-time monitoring of the device connection status is achieved, and abnormal situations can be discovered and handled in time. A complete exception handling and link reconstruction mechanism is designed, which can quickly cut off video transmission when a security threat is detected and automatically rebuild a secure link. The use of a segmented data processing and verification scheme improves the fault tolerance and reliability of the system and ensures the continuity and stability of video signal transmission.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following briefly introduces the drawings required for use in the description of the embodiments. Obviously, the drawings described below are some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without creative work.

FIG1 is a flow chart of a method for dynamic encryption authentication of a video signal provided in an embodiment of the present application;

FIG2 is a schematic block diagram of the structure of a video signal dynamic encryption authentication system provided in an embodiment of the present application.

DETAILED DESCRIPTION

The following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the accompanying drawings. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of them. All other embodiments obtained by ordinary technicians in this field based on the embodiments of the present invention without making any creative efforts shall fall within the scope of protection of the present invention.

The flowcharts shown in the accompanying drawings are for illustrative purposes only and do not necessarily include all contents and operations/steps, nor must they be executed in the order described. For example, some operations/steps may be decomposed, combined, or partially merged, so the actual execution order may change based on actual circumstances.

It should also be understood that the terms used in this specification are for the purpose of describing specific embodiments only and are not intended to limit the present application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms unless the context clearly indicates otherwise.

It should be further understood that the term "and/or" used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.

The following describes some embodiments of the present application in detail with reference to the accompanying drawings. In the absence of conflict, the following embodiments and features in the embodiments may be combined with each other.

Please refer to Figure 1, which is a flow chart of the video signal dynamic encryption authentication method provided in an embodiment of the present application. As shown in Figure 1, the video signal dynamic encryption authentication method provided in an embodiment of the present application includes steps S100 to S600.

Step S100: Perform bidirectional challenge-response authentication on the video signal sending device and the video signal receiving device to obtain a bidirectional identity authentication result;

It is understandable that the execution subject of the present invention can be a video signal dynamic encryption authentication system, or a terminal or a server, which is not limited here. The embodiment of the present invention is described by taking the server as the execution subject as an example.

Specifically, the public key and private key pair pre-installed in the video signal transmitting device and the public key and private key pair pre-installed in the video signal receiving device are initialized to obtain two independent asymmetric key pairs. The video signal transmitting device generates a first random number, which serves as the core content of the authentication challenge message and is used to test the authenticity of the receiving device. To enhance security, the transmitting device encapsulates the first random number and converts it into a first authentication challenge message through encryption or specific formatting. The first authentication challenge message is then sent to the video signal receiving device. After receiving the first authentication challenge message, the video signal receiving device digitally signs the message using its pre-installed private key. The digital signature process encrypts the content of the first authentication challenge message using the receiving device's private key to generate a first signature message. The video signal receiving device transmits the first signature message back to the video signal transmitting device, which verifies the first signature message using the receiving device's public key pre-installed in the transmitting device. The core of the verification process is to decrypt the signature message using the receiving device's public key, extract the original first authentication challenge message, and compare it with the sent random number. If the decryption result matches the original information, the receiving device confirms that it possesses the corresponding private key, completing the first stage of verification and obtaining the first verification result. Simultaneously, to achieve bidirectional authentication, the video signal receiving device generates an independent second random number. This second random number also serves as the core content of the authentication challenge message. The receiving device encapsulates the second authentication challenge message and sends it to the video signal transmitting device. After receiving this message, the video signal transmitting device digitally signs the second authentication challenge message using its pre-set private key, generating a second signature message. The transmitting device transmits the generated second signature message back to the receiving device, which verifies the signature message using the transmitting device's public key. The receiving device decrypts the second signature message using the transmitting device's public key and compares the decrypted content with the previously generated second random number. If the decryption result matches the original content, the transmitting device confirms that it possesses the corresponding private key, and verification succeeds, resulting in the second verification result. The video signal transmitting and receiving devices perform a logical AND operation based on the first and second verification results, respectively. In this way, both devices confirm each other's identity, ensuring that both devices are legitimate and trusted, and obtaining a bidirectional identity authentication result.

Step S200: Based on the result of the two-way identity authentication, a session key is calculated for the video signal sending device and the video signal receiving device to obtain a session key;

Specifically, after completing the two-way identity authentication, a conditional judgment is performed based on the authentication result. When the two-way identity authentication result is true, the key exchange start instruction is triggered. If the authentication result is false, the subsequent steps are terminated, thereby preventing unauthenticated devices from participating in the key exchange process and improving overall security. After the key exchange is started, the preset large prime number and the original root These two parameters are the basis of the entire key exchange process, is a public large prime number, and is the primitive root of the large prime number, which satisfies the specific mathematical properties under modular operation. and The video signal sending device and the receiving device are sent to the video signal sending device and the receiving device respectively as the public parameters for the key exchange between the two parties. The video signal sending device generates an integer , the integer is used as the first private key of the sending device. The sending device uses the received primitive root And the generated first private key Perform modular exponentiation, i.e. calculate mod , generates a first random key parameter. At the same time, the video signal receiving device generates another integer As the second private key, and in the same way and Perform modular exponentiation to calculate mod , obtain the second random key parameter. These two random key parameters are the core of the information shared by the sending device and the receiving device during the key exchange process. The video signal sending device sends the generated first random key parameter to the receiving device through a secure channel. After receiving the parameter, the receiving device uses its second private key to Perform modular exponentiation on the received first random key parameter, i.e. calculate mod Through the mathematical properties of exponential operation, it is proved that this calculation result is actually equivalent to mod , generating a first session key. Similarly, the video signal receiving device sends the second random key parameter it generates to the sending device through a secure channel. After receiving the parameter, the sending device uses its first private key to Perform modular exponentiation on the received second random key parameter to calculate mod , and we also get mod . This process ensures that the sending device and the receiving device can generate the same session key without directly transmitting the private key. In order to ensure the security and accuracy of the key exchange process, the generated first session key and the second session key are verified for consistency. The two session keys are compared. If the two are consistent, the verification is passed, indicating that the key exchange process is successful and undisturbed. If the consistency verification fails, it means that there is a security problem or calculation error in the key exchange process. At this time, the operation is terminated to prevent potential security threats. On the premise that the consistency verification is passed, the first session key or the second session key is selected as the final session key according to the preset rules to complete the entire key calculation process.

Step S300: Perform EDID verification on the video signal receiving device to obtain encrypted EDID verification pass information;

Specifically, to access the EDID data of the video signal receiving device, the HDMI DDC (Display Data Channel) is initialized. The HDMI DDC channel is a standardized data exchange interface based on the I2C communication protocol, used to transmit display device configuration information. Initializing the DDC channel establishes a stable I2C communication link between the video signal transmitting and receiving devices, generating a DDC channel read command for reading EDID data. After the communication link is established, the video signal transmitting device sends the DDC channel read command to read the complete raw EDID data from the EDID register of the video signal receiving device. This data contains the display parameters supported by the receiving device, including key information such as resolution, refresh rate, manufacturer identification, and product identification. The read raw EDID data is parsed to extract key fields, resulting in standardized EDID information. To more efficiently verify the EDID information, the video signal transmitting device segments the parsed EDID information into a resolution information segment, a manufacturer identification segment, and a product identification segment. Through structured processing, the key characteristic data of the receiving device is identified. At the same time, the video signal transmitting device reads pre-stored device characteristic information from its memory. This information serves as reference data stored during the system's initial configuration for verification. Similar to the processing of the receiving device's EDID information, the video signal transmitting device also segments the pre-stored device characteristic information, extracting the expected resolution information segment, the expected manufacturer identification information segment, and the expected product identification information segment to form the expected characteristic data. The characteristic data comparison phase then begins. The video signal transmitting device compares the resolution information segment extracted from the receiving device with the pre-stored expected resolution information segment. If the two information segments are identical, the receiving device is deemed to support a resolution that meets the system's expected requirements, and a resolution match result is generated. The video signal transmitting device compares the manufacturer identification information segment and the product identification information segment with the expected manufacturer identification information segment and expected product identification information segment, respectively, to verify that the receiving device's brand and model match the system's expectations. If the comparison results match, a device identification match result is generated. After completing all comparison operations, the video signal transmitting device performs a logical AND operation based on the resolution match and device identification match results. Only when both matching results are true is an EDID verification message generated, indicating that the receiving device meets system requirements and enabling secure subsequent signal transmission. To protect the integrity and tamper-proof nature of the verification message, the video signal transmitting device encrypts the EDID verification message using a previously generated session key. This encryption process uses a symmetric encryption algorithm, such as AES, to convert the verification message into an encrypted EDID verification message, ensuring that only the receiving device holding the correct session key can decrypt and use it.

Step S400: encrypting and transmitting the HDCP key and encrypting the video signal according to the encrypted EDID verification pass information to obtain an encrypted video signal;

Specifically, the video signal receiving device decrypts the received encrypted EDID verification pass message using the previously negotiated session key. After decryption, the receiving device extracts the original EDID verification pass message and verifies the integrity and correctness of the decrypted result to ensure it has not been tampered with during transmission. If verification is successful, the receiving device generates an HDCP enable command, instructing both devices to enter HDCP protection mode. Based on the HDCP enable command, an HDMI connection is established between the video signal transmitting and receiving devices. After the connection is established, the transmitting device enables HDCP on the HDMI link to ensure HDCP protection during data transmission, thereby establishing an HDCP physical link. This physical link serves as the basis for subsequent signal encryption and key negotiation, ensuring the integrity and security of data transmission. After the HDCP physical link is established, the video signal transmitting device proactively sends an HDCP capability negotiation request to the receiving device over the link to obtain the receiving device's HDCP version information. The transmitting device compares its own HDCP version with the version information returned by the receiving device to complete the HDCP version matching process and obtain the HDCP version negotiation result. If the versions match, both parties continue key negotiation; otherwise, the connection is terminated to ensure compatibility and security. The video signal transmitter generates an HDCP key for data encryption based on the HDCP version negotiation results. To facilitate transmission and processing, the transmitter segments the generated HDCP key into multiple key data segments. To ensure secure key transmission, the transmitter encrypts each key data segment using the session key, generating encrypted key data segments. After encryption, these encrypted key data segments are transmitted over the HDCP physical link to the video signal receiver. Upon receiving the encrypted key data segments, the receiver decrypts each segment using the session key to recover the original HDCP key data segments. The receiver reassembles the decrypted data segments to fully recover the HDCP key. To verify the correctness of the HDCP key transmission and reassembly process, the video signal transmitter generates an HDCP key verification code. This verification code is calculated by the transmitter using a specific algorithm based on the generated HDCP key. The verification code is encrypted using the session key and transmitted to the receiver. Upon receiving the encrypted HDCP key verification code, the receiver decrypts it using the session key and calculates its own HDCP key verification code using the same algorithm. The receiving device compares the locally calculated verification code with the verification code transmitted by the sending device. If they match, verification succeeds, indicating that both HDCP key transmission and reassembly were successful. An HDCP key verification result is generated. If the HDCP key verification result is true, the video signal sending device enables its video data input channel, allowing subsequent video data to enter the encryption process. The sending device uses the generated HDCP key to encrypt the input video signal, ensuring that the video content remains encrypted during transmission. The encrypted video signal is transmitted to the receiving device over the HDCP-protected physical link.

Step S500: Perform device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result;

Specifically, the preset heartbeat detection interval is read. This serves as the trigger condition for heartbeat detection and is used to periodically initiate a connection status confirmation mechanism between devices. Based on the read heartbeat detection interval, the video signal transmitting device generates a heartbeat detection trigger instruction, instructing it to begin constructing heartbeat detection information. After issuing the heartbeat detection trigger instruction, the video signal transmitting device generates a random sequence as the core content of the heartbeat detection information. The randomness and unpredictability of this random sequence are important factors in ensuring the security of heartbeat detection, effectively resisting replay attacks and forgery. The generated random sequence is encapsulated and converted into complete heartbeat detection information for subsequent encryption and transmission. After the heartbeat detection information is prepared, the video signal transmitting device encrypts it using the previously negotiated session key to obtain encrypted heartbeat detection information. This encryption process ensures that the heartbeat detection information is protected from eavesdropping or tampering during transmission. The video signal transmitting device transmits the encrypted heartbeat detection information to the video signal receiving device via a secure communication channel. Upon receiving the encrypted information, the receiving device decrypts it using the session key to restore the decrypted heartbeat detection information. The decrypted message contains a random sequence generated by the sending device, which is used in the receiving device's response generation process. After decryption, the receiving device digitally signs the decrypted heartbeat detection message. This digital signature encrypts the heartbeat detection message using the receiving device's pre-set private key, generating a unique heartbeat response message. The digital signature confirms the source of the heartbeat detection message and prevents tampering with the response message. To ensure transmission security, the receiving device encrypts the generated heartbeat response message again using the session key to obtain an encrypted heartbeat response message. The receiving device then sends the encrypted response message back to the video signal sending device via a secure communication channel. After receiving the encrypted heartbeat response message, the sending device also decrypts it using the session key to restore the decrypted heartbeat response message. The sending device then verifies the digital signature in the decrypted message. The core of this verification process involves decrypting the signature using the receiving device's public key and comparing it with the original heartbeat detection message. If the signature verification is successful, it indicates that the receiving device's response is authentic and the connection between the devices is normal, thus generating a connection status confirmation result of true.

Step S600: According to the connection status confirmation result, the video signal transmission status of the video signal sending device and the HDMI receiving channel of the video signal receiving device are controlled to obtain a video signal transmission link reconstruction instruction.

Specifically, based on the connection status confirmation results, the video signal transmitting device performs abnormality checks on multiple core verification information, including the first signature information, the second signature information, the EDID verification pass information, the HDCP key verification result, and the heartbeat response information. By checking this data, the transmitting device can identify any abnormalities such as transmission interruption, verification failure, or data tampering, and generates transmitting-end abnormality information. This information serves as the primary indicator of the transmitting device's current status and indicates whether the transmission channel needs to be reconfigured. Simultaneously, the video signal receiving device checks the associated core verification information, including the first signature information, the second signature information, the EDID verification pass information, the HDCP key verification code, and the heartbeat detection information. By analyzing this data, the receiving device can determine whether it is experiencing abnormalities, such as incomplete data reception, key verification failure, or link mismatch. After the detection is complete, the receiving device generates receiving-end abnormality information, which, together with the transmitting-end abnormality information, forms a complete abnormality feedback loop. Based on the transmitting-end abnormality information and the receiving-end abnormality information, these data are comprehensively analyzed to generate an abnormality flag. The abnormality flag is generated through logical operations to determine the health of the current video signal transmission link. If the flag indicates an abnormal state, the system further executes the state judgment logic and generates an exception handling trigger. This trigger is the core of the entire exception handling process, coordinating the state adjustments of the transmitting and receiving devices. Once the exception handling trigger is generated, the video signal transmission channel of the video signal transmitting device is controlled to ensure that data does not continue to be transmitted during the abnormal state. Specifically, the trigger shuts down the video signal transmission channel of the transmitting device and generates a video signal transmission interrupt command, thereby halting any potentially unsafe signal transmission. Simultaneously, the trigger controls the HDMI receiving channel of the video signal receiving device to prevent the receiving device from further processing the abnormal signal. The receiving channel is shut down by generating an HDMI reception interrupt command, ensuring that the signal link of the receiving device remains safe. After the channels of the transmitting and receiving devices are closed, the channel status is verified by checking the execution status of the video signal transmission interrupt command and the HDMI reception interrupt command to generate channel closure status information. This status information confirms whether the transmitting and receiving channels have been successfully closed. If the closure status information indicates that the channels have been properly closed, the system concludes that the current abnormal state has been preliminarily isolated. Based on the channel closure status information, an instruction to re-establish the video signal transmission link is generated. This command reinitializes the connection between the transmitting and receiving devices and re-performs authentication, key negotiation, and link configuration during the reestablishment process to ensure the security and stability of the new link. This allows the system to quickly disconnect the existing link if an abnormality is detected and restore normal video signal transmission by re-establishing the transmission link.

In an embodiment of the present invention, by establishing a two-way challenge-response authentication mechanism, two-way identity authentication of the video signal sending device and the receiving device is achieved, effectively preventing the access of illegal devices and man-in-the-middle attacks. The Diffie-Hellman key exchange algorithm is used to dynamically generate session keys, which improves the security of the keys and ensures the encryption strength of subsequent communication processes. Combined with EDID verification and HDCP encryption, a multi-level security protection system is constructed, which effectively prevents the video signal from being illegally intercepted and copied. Through the heartbeat detection mechanism, real-time monitoring of the device connection status is achieved, and abnormal situations can be discovered and handled in a timely manner. A complete exception handling and link reconstruction mechanism is designed, which can quickly cut off video transmission and automatically rebuild a secure link when a security threat is detected. The use of a segmented data processing and verification scheme improves the fault tolerance and reliability of the system and ensures the continuity and stability of video signal transmission.

In a specific embodiment, the process of executing step S100 may specifically include the following steps:

Initializing a public key and a private key pair preset in a video signal transmitting device and a public key and a private key pair preset in a video signal receiving device to obtain two independent asymmetric key pairs;

The video signal sending device generates a first random number, encapsulates the first random number, and obtains first authentication challenge information;

The first authentication challenge information is sent, and the video signal receiving device receives the first authentication challenge information and digitally signs the first authentication challenge information using a private key preset in the video signal receiving device to obtain first signature information;

The first signature information is transmitted, and the video signal sending device verifies the first signature information using a public key preset in the video signal receiving device to obtain a first verification result;

The video signal receiving device generates a second random number, encapsulates the second random number, and obtains second authentication challenge information;

The second authentication challenge information is sent, and the video signal sending device receives the second authentication challenge information and digitally signs the second authentication challenge information using a private key preset in the video signal sending device to obtain second signature information;

The second signature information is transmitted, and the video signal receiving device verifies the second signature information using the public key preset in the video signal sending device to obtain a second verification result;

A logical AND operation is performed based on the first verification result and the second verification result to obtain a two-way identity authentication result.

Specifically, the asymmetric key pair in the video signal sending device and the receiving device is initialized. The asymmetric key pair consists of a public key and a private key. The public key is used to encrypt or verify the signature, while the private key is used to decrypt or generate the signature. Assume that the public key and private key of the sending device are respectively and , the public key and private key of the receiving device are respectively recorded as and The two pairs of keys are generated independently and satisfy the mathematical properties of asymmetric encryption algorithms, such as those in RSA or ECC, that is, for any plaintext , there are the following relations:

;

in, Indicates the use of public key Plaintext Encryption, Indicates the use of the corresponding private key Decrypt the encrypted ciphertext. After completing the key initialization, the authentication process is carried out. The video signal sending device generates a random number , as the core of the first authentication challenge information. Random number Is an unpredictable integer used to ensure the uniqueness of each authentication. The sending device will Encapsulate to form the first authentication challenge information . Assume that the encapsulation function is , then:

;

The video signal sending device will Sent to the receiving device through a secure channel. Then, use your own private key right Perform digital signature and generate the first signature information The purpose of a digital signature is to prove that the receiving device's response to the authentication challenge is unique and cannot be forged. The signing process is represented as follows:

;

The receiving device will Transmitted back to the sending device. The sending device receives Then, use the preset receiving device public key Signature Verification is carried out to ensure the legitimacy of its source. The verification process is:

;

If the verification result is true, the first verification result is obtained True. After completing the first phase of authentication, the receiving device generates another random number , as the core of the second authentication challenge information. Similar to the operation of the sending device, the receiving device will Encapsulate to form the second authentication challenge information :

;

The receiving device will Send to the sending device. Then, use your own private key right Perform digital signature and generate second signature information :

;

The sending device will Returned to the receiving device, the receiving device uses the preset sending device public key Signature Verify, the verification process is:

;

If the verification result is true, the second verification result is obtained True. The video signal sending device and the receiving device are respectively based on the first verification result and the second verification result Perform a logical AND operation to ensure that both parties have successfully authenticated. The logical operation result is expressed as:

;

if If True, it means that the two-way authentication is successful and the sending device and the receiving device have securely established a trusted connection.

In a specific embodiment, the process of executing step S200 may specifically include the following steps:

Perform conditional judgment based on the result of two-way identity authentication, and execute the key exchange start instruction when the result of two-way identity authentication is true;

Based on the key exchange start instruction, the preset large prime number p and primitive root g are initialized, and the large prime number p and primitive root g are sent to the video signal sending device and the video signal receiving device respectively to obtain the key exchange parameters;

The video signal sending device generates an integer e as a first private key, performs a modular exponentiation operation on the primitive root g and the first private key a, and obtains a first random key parameter;

The video signal receiving device generates an integer f as a second private key, performs a modular exponentiation operation on the primitive root g and the second private key b, and obtains a second random key parameter;

The first random key parameter is sent, and the video signal receiving device receives the first random key parameter and performs a modular exponentiation operation on the first random key parameter and the second private key b to obtain a first session key;

The second random key parameter is sent, and the video signal sending device receives the second random key parameter and performs a modular exponentiation operation on the second random key parameter and the first private key to obtain a second session key;

The first session key and the second session key are consistency verified to obtain a consistency verification result, and the first session key or the second session key is selected based on the consistency verification result to obtain a session key.

Specifically, after completing the two-way identity authentication, the authentication result is conditionally judged. If the two-way identity authentication result is true, that is, the identities of both parties are verified, the key exchange start instruction is triggered. The core function of this instruction is to initialize the public parameters required for the key exchange between the two parties, that is, a preset large prime number and its original roots .in, is a prime number large enough to define the range of modular operations in a finite field; yes A primitive root that satisfies the model In the sense, The power of can generate different values. After initialization is completed, and Sent to the video signal sending device and receiving device respectively to provide public parameter support for subsequent key exchange. After receiving the key exchange parameters, the video signal sending device randomly generates an integer As the first private key, this integer needs to be in the range The sending device uses the primitive root and private key Perform modular exponentiation to calculate the first random key parameter , the formula is:

;

in, Is the sending device based on the private key The intermediate value calculated from the public parameters is used for subsequent key exchange. At the same time, the video signal receiving device also randomly generates an integer As the second private key, similar to the sending device, the receiving device uses and Perform modular exponentiation to calculate the second random key parameter :

;

At this point, the sending device and the receiving device each hold their own private key and random key parameters. To complete the key exchange, the sending device will Send to the receiving device, and the receiving device will Send to the sending device. The receiving device receives Then, use its private key right Perform modular exponentiation to calculate the first session key :

;

Combine mod We can get:

;

Similarly, the sending device receives Then, use its private key right Perform modular exponentiation to calculate the second session key :

;

Combine mod We can get:

;

Since the exponential operation satisfies the commutative law, that is, ,therefore and are equal, that is This indicates that both parties have successfully generated a consistent session key. In order to ensure the reliability of key generation and transmission, the consistency of the first session key and the second session key is verified. The verification process is carried out by comparing and If the verification passes, the consistency verification result is true, indicating that the key exchange process is successful. Based on the consistency verification result, either the first session key or the second session key is selected as the final session key.

In a specific embodiment, the process of executing step S300 may specifically include the following steps:

Initialize the HDMI DDC channel, establish an I2C communication link between the video signal sending device and the video signal receiving device, and obtain a DDC channel read instruction;

Read the EDID raw data from the EDID register of the video signal receiving device based on the DDC channel read instruction, and parse the EDID raw data to obtain EDID information;

Segmenting the EDID information, extracting the resolution information segment, the manufacturer identification information segment, and the product identification information segment from the EDID information, and obtaining characteristic data of the video signal receiving device;

Reading pre-stored device characteristic information from the memory, and segmenting the pre-stored device characteristic information to extract the expected resolution information segment, the expected manufacturer identification information segment, and the expected product identification information segment to obtain expected characteristic data;

Comparing the resolution information segment in the feature data with the expected resolution information segment in the expected feature data to obtain a resolution matching result;

Comparing the manufacturer identification information segment and the product identification information segment in the feature data with the expected manufacturer identification information segment and the expected product identification information segment in the expected feature data to obtain a device identification matching result;

A logical AND operation is performed based on the resolution matching result and the device identification matching result to generate EDID verification pass information, and the EDID verification pass information is encrypted using the session key to obtain encrypted EDID verification pass information.

Specifically, by initializing the DDC (Display Data Channel) in the HDMI interface, an I2C communication link is established between the video signal transmitting device and the receiving device. I2C is a bidirectional serial communication protocol. The DDC channel connects the transmitting device and the receiving device via the SCL (clock line) and SDA (data line) to transmit device information. After initialization is completed, the transmitting device generates a DDC channel read instruction. , which is used to extract the display capability data of the device from the EDID register of the receiving device. Based on the read instruction , the sending device reads the EDID raw data of the receiving device through the DDC channel. EDID (Extended Display Identification Data) is the configuration information of the display device, which is stored in a specific register by the receiving device and represented in a 128-byte or 256-byte data format. The read EDID raw data is recorded as The content includes key fields such as resolution support information, manufacturer identification, product identification, etc. Perform parsing operations, extract structured information, and generate EDID information , expressed as:

;

in, Represents a parsing function that converts raw byte data into recognizable device information. To further verify the authenticity and capabilities of the receiving device, the sending device will Perform segmentation processing to extract resolution information segments , Manufacturer identification information segment and product identification information segment This segmentation operation is expressed as:

;

in, It is a piecewise function that extracts the resolution information, manufacturer identification and product identification supported by the device. These segmented information constitute the characteristic data of the receiving device. :

;

At the same time, the sending device reads the pre-stored device feature information from its memory This information is the expected value stored by the system during initial configuration and also needs to be segmented to extract the expected resolution information segment. , Expected Manufacturer Identification Information Segment and the expected product identification information segment :

;

These segmented information constitute the expected feature data :

;

After the feature data is extracted, the feature data of the receiving device is and expected characteristic data Perform item-by-item comparison. Resolution information segment of the sending device to the receiving device Expected resolution information segment Perform comparison and generate resolution matching results :

;

in, Represents the comparison function, if the two are consistent ,otherwise . Send the device to the manufacturer identification information segment and product identification information segment As expected and Perform comparison and generate device identification matching results :

;

The system matches the results based on the resolution and device identification matching results Perform logical AND operation to generate EDID verification pass information :

;

if True, it means that the EDID information of the receiving device meets the expectations. To ensure the security of the verification information, the session key is used right Encrypt and generate encrypted EDID verification information :

;

in, Represents an encryption function to ensure It is not tampered with during transmission.

In a specific embodiment, the process of executing step S400 may specifically include the following steps:

The video signal receiving device decrypts the encrypted EDID verification pass information using the session key to obtain the decrypted EDID verification pass information, and verifies the decrypted EDID verification pass information to obtain an HDCP startup instruction;

Establishing an HDMI connection between the video signal transmitting device and the video signal receiving device based on the HDCP startup instruction, and enabling HDCP on the HDMI connection to obtain an HDCP physical link;

The video signal sending device sends an HDCP capability negotiation request through the HDCP physical link, obtains the HDCP version information of the video signal receiving device and performs version matching to obtain the HDCP version negotiation result;

generating an HDCP key based on the HDCP version negotiation result, segmenting the HDCP key to obtain a key data segment, and encrypting the key data segment using the session key to obtain an encrypted key data segment;

The encrypted key data segment is transmitted, and the video signal receiving device receives the encrypted key data segment and decrypts it using the session key to reconstruct the HDCP key;

The video signal sending device generates an HDCP key verification code, encrypts the HDCP key verification code for transmission, and verifies the HDCP key verification code by the video signal receiving device to obtain an HDCP key verification result;

The video data input channel of the video signal sending device is enabled based on the HDCP key verification result, and the input video signal is encrypted using the HDCP key to obtain an encrypted video signal.

Specifically, the video signal receiving device uses the previously negotiated session key Verify the encrypted EDID received from the sending device Perform decryption operation to obtain the decrypted EDID verification pass information The decryption process is expressed as:

;

in, Indicates the use of session keys Decryption operation to ensure that the decrypted information is consistent with the original verification information. Perform integrity verification to confirm whether the EDID verification information has not been tampered with. If the verification is successful, an HDCP startup command is generated. , instructing the receiving device to enter HDCP protection mode. Based on HDCP startup instruction , an HDMI connection is established between the sending device and the receiving device. After the connection is established, the sending device performs HDCP enable operation on the HDMI link, activates the content protection mechanism to generate an HDCP physical link The establishment of the HDCP physical link is the basis of the entire video signal encryption process, which is used to ensure the secure transmission of video content. After the HDCP physical link is established, the video signal sending device sends an HDCP capability negotiation request through the link. To obtain the HDCP version information of the receiving device The receiving device returns the HDCP version information it supports. The sending device will set its own HDCP version and Perform version matching and negotiation results Determined by the following formula:

;

If the version matches successfully, True, the two parties enter the key negotiation phase. The sending device generates the HDCP key based on the negotiation results. , and the key is segmented for transmission. Divided into data segments , the generation of each data segment is expressed as:

;

in, Represents the key segmentation function. The sending device uses the session key For each key data segment Encrypt to obtain the encrypted key data segment :

;

These encrypted key data segments are transmitted over the HDCP physical link The receiving device receives the data and uses the session key to For each Decrypt and restore the original key data segment :

;

The receiving device reassembles the decrypted key data segment to recover the complete HDCP key The recombination process is expressed as:

;

in, Indicates the key reassembly function. To verify the integrity of the key transmission, the sending device generates an HDCP key verification code , the calculation method is:

;

in, is a predefined hash function. The sending device will By session key Encrypted and sent to the receiving device:

;

The receiving device decrypts it and obtains , and based on the received Independently calculate the local key verification code .if:

;

Then generate HDCP key verification result True. At this point, the sending device enables its video data input channel and uses For input video signal Encrypt to obtain encrypted video signal :

;

The encrypted video signal is transmitted to the receiving device via the HDCP physical link, ensuring data security during transmission.

Before generating the HDCP key based on the HDCP version negotiation result, the method further includes: collecting historical HDCP key usage data and verification results, extracting characteristic parameters such as key length, update frequency, and encryption algorithm type from them, and obtaining encryption feature training data; constructing a first deep neural network comprising an input layer, a first hidden layer, a second hidden layer, and an output layer, and performing model training on the encryption feature training data to obtain an encryption parameter optimization model; constructing a second deep neural network comprising an input layer, a first convolutional layer, a second convolutional layer, and an output layer, and performing model training on the security level assessment result of the encrypted data to obtain a security strength assessment model; inputting the current HDCP version negotiation result to be processed into the encryption parameter optimization model, and dynamically optimizing the generation parameters of the HDCP key. Obtain optimized key generation parameters; generate candidate HDCP keys based on the optimized key generation parameters, input the candidate HDCP keys into a security strength assessment model for security assessment, and obtain a security strength assessment result; compare the security strength assessment result with a preset security threshold, and when the security strength assessment result is greater than the preset security threshold, use the candidate HDCP key as the final HDCP key; when the security strength assessment result is less than or equal to the preset security threshold, re-execute the calculation process of the encryption parameter optimization model until an HDCP key that meets security requirements is obtained; record usage data and verification results of the finalized HDCP key, and add the recorded results to the encryption feature training data for online incremental learning of the first deep neural network and the second deep neural network.

In a specific embodiment, the process of executing step S500 may specifically include the following steps:

Reading a preset heartbeat detection time interval, and generating a heartbeat detection trigger instruction based on the heartbeat detection time interval;

Based on the heartbeat detection trigger instruction, the video signal sending device generates a random sequence, encapsulates the random sequence, and obtains heartbeat detection information;

Encrypting the heartbeat detection information using the session key to obtain encrypted heartbeat detection information;

The encrypted heartbeat detection information is transmitted, and the video signal receiving device decrypts the encrypted heartbeat detection information using the session key to obtain the decrypted heartbeat detection information;

The video signal receiving device digitally signs the decrypted heartbeat detection information to obtain heartbeat response information, and encrypts the heartbeat response information using the session key to obtain encrypted heartbeat response information;

The encrypted heartbeat response information is transmitted, and the video signal sending device decrypts the encrypted heartbeat response information using the session key to obtain the decrypted heartbeat response information;

The digital signature in the decrypted heartbeat response information is verified to obtain the connection status confirmation result.

Specifically, from the preset heartbeat detection time interval Read the time parameter in the , which defines the periodic time interval for the sending device to send heartbeat detection information to the receiving device. , generate heartbeat detection trigger instruction , used to notify the sending device to start the heartbeat detection process at each time interval. The generation of the trigger instruction is expressed as:

;

in, It is a trigger instruction generation function that ensures that the heartbeat detection is triggered periodically according to the preset time interval. After the video signal is sent, the sending device generates a random sequence , the sequence is a high entropy, unpredictable value used to uniquely identify this heartbeat detection. Random sequence The generation of is represented as:

;

in, is a random number generator function, ensuring The sending device is random and unique. Perform encapsulation processing to generate complete heartbeat detection information :

;

in, It is an encapsulation function used to add necessary identification information to the random sequence, such as timestamp and device ID, to prevent the information from being forged. In order to ensure that the heartbeat detection information is not tampered with or eavesdropped during transmission, the sending device uses the session key right Perform encryption operations to generate encrypted heartbeat detection information :

;

in, Is an encryption function, based on a symmetric encryption algorithm (such as AES). Then it is transmitted to the video signal receiving device through a secure communication channel. Then, using the same session key Decrypt it and restore the original heartbeat detection information :

;

in, is the decryption function, and After decryption is completed, the receiving device Extract random sequence , and perform digital signature operation on it to generate heartbeat response information :

;

in, Is the receiving device private key The signature function implemented is used to prove the authenticity and integrity of the response information. To ensure that the heartbeat response information is not tampered with during the return process, the receiving device also uses the session key right Encrypt and generate encrypted heartbeat response information :

;

Encrypted heartbeat response information The video signal is transmitted back to the sending device through the communication channel. Then, use the session key Decrypt it and get the decrypted heartbeat response information :

;

The sending device uses the receiving device's public key Verify the digital signature in the heartbeat response information to ensure The source and integrity of the verification process is expressed as:

;

in, Is the verification function, if the verification passes, it means The signature is legal and the heartbeat detection response information has not been tampered with. The sending device generates a connection status confirmation result based on the verification result. :

;

if True indicates that the connection status is normal; otherwise, it is considered that the connection is abnormal.

In a specific embodiment, the process of executing step S600 may specifically include the following steps:

According to the connection status confirmation result, the video signal sending device performs abnormal status detection on the first signature information, the second signature information, the EDID verification pass information, the HDCP key verification result and the heartbeat response information to obtain the sending end abnormal status information;

The video signal receiving device performs abnormal state detection on the first signature information, the second signature information, the EDID verification pass information, the HDCP key verification code and the heartbeat detection information to obtain receiving end abnormal state information;

Generate an abnormal state flag based on the abnormal state information of the sending end and the abnormal state information of the receiving end, perform state judgment on the abnormal state flag, and obtain an abnormal processing trigger instruction;

Closing the video signal transmission channel of the video signal transmitting device based on the exception handling trigger instruction to obtain a video signal transmission interrupt instruction, and closing the HDMI receiving channel of the video signal receiving device based on the exception handling trigger instruction to obtain an HDMI receiving interrupt instruction;

The status of the video signal sending interruption instruction and the HDMI receiving interruption instruction are confirmed to obtain channel closing status information, and a video signal transmission link reconstruction instruction is generated based on the channel closing status information.

Specifically, confirm the result based on the connection status The video signal sending device performs abnormal state detection on multiple key verification information. The input of the detection includes the first signature information , Second signature information , EDID verification passed information , HDCP key verification results and heartbeat response information The sending device generates the sending end abnormal status information by detecting whether the information meets the expectations. The detection rule is expressed as:

;

in, is the anomaly detection function of the sending device. If all inputs pass the verification, then Normal; otherwise Indicates the specific abnormality type, such as signature failure, EDID verification failure or heartbeat response mismatch. At the same time, the video signal receiving device performs abnormal status detection on the verification information related to it. The input includes the first signature information , Second signature information , EDID verification passed information , HDCP key verification code and heartbeat detection information The receiving device generates abnormal status information of the receiving end by detecting the integrity and consistency of this information. :

;

in, It is the anomaly detection function of the receiving device, similar to the sending device, and its output is the normal state or the specific anomaly type. and Generate abnormal status flag The abnormal status flag is a set of binary bits used to indicate the combined abnormal status of the sender and receiver. The generation rules are as follows:

;

in, is the flag bit generation function. For example, if both the sender and the receiver are normal, then If the sending end is abnormal, If the receiving end is abnormal, If both parties are abnormal, then .based on , judge the abnormal state and generate the exception handling trigger instruction The state judgment rule is expressed as:

;

if Trigger indicates that an abnormal state exists and the system needs further processing. Once the exception handling instruction is triggered , the system first closes the video signal sending channel of the video signal sending device and generates a video signal sending interrupt instruction :

;

At the same time, the HDMI receiving channel of the receiving device will be closed, generating an HDMI receiving interrupt instruction :

;

The purpose of the shutdown operation is to isolate the transmission link and prevent the abnormal state from spreading further. and Confirm the execution status and generate channel closing status information :

;

in, Is the status confirmation function. If both channels are closed successfully, then Closed; otherwise, the system will try to close the channel again. Generate reconstruction instructions for video signal transmission link :

;

if Rebuild: The system will reinitialize the authentication and connection operations between the sending device and the receiving device.

Please refer to FIG2 , which is a schematic block diagram of the structure of a video signal dynamic encryption authentication system 200 provided in an embodiment of the present application. As shown in FIG2 , the video signal dynamic encryption authentication system 200 includes:

An authentication module 210 is configured to perform a two-way challenge-response authentication on the video signal transmitting device and the video signal receiving device to obtain a two-way identity authentication result;

The key calculation module 220 is used to calculate the session key for the video signal sending device and the video signal receiving device based on the two-way identity authentication result to obtain the session key;

The verification module 230 is used to perform EDID verification on the video signal receiving device and obtain encrypted EDID verification pass information;

The encryption transmission module 240 is used to encrypt and transmit the HDCP key and encrypt the video signal according to the encrypted EDID verification pass information to obtain an encrypted video signal;

A response detection module 250 is used to perform device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result;

The reconstruction module 260 is used to control the video signal transmission status of the video signal sending device and the HDMI receiving channel of the video signal receiving device according to the connection status confirmation result, and obtain a reconstruction instruction for the video signal transmission link.

Through the collaborative efforts of all the aforementioned components and the establishment of a two-way challenge-response authentication mechanism, two-way authentication is achieved between the video signal transmitter and receiver, effectively preventing unauthorized access and man-in-the-middle attacks. The Diffie-Hellman key exchange algorithm is used to dynamically generate session keys, enhancing key security and ensuring the encryption strength of subsequent communications. Combining EDID verification with HDCP encryption creates a multi-layered security system, effectively preventing the illegal interception and duplication of video signals. A heartbeat detection mechanism enables real-time monitoring of device connection status, enabling timely detection and resolution of anomalies. A comprehensive exception handling and link reestablishment mechanism is designed to rapidly disconnect video transmission and automatically reestablish a secure link upon detecting a security threat. A segmented data processing and verification scheme improves the system's fault tolerance and reliability, ensuring the continuity and stability of video signal transmission.

Those skilled in the art will clearly understand that, for the convenience and brevity of description, the specific working processes of the above-described systems, systems and units can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.

If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium and includes several instructions for enabling a computer device (which can be a personal computer, server, or network device, etc.) to execute all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program code.

As described above, the above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them. Although the present application has been described in detail with reference to the above embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the above embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (8)

1. A method for dynamic encryption authentication of a video signal, comprising: Performing bidirectional challenge-response authentication on the video signal sending device and the video signal receiving device to obtain a bidirectional identity authentication result; Based on the two-way identity authentication result, calculating a session key for the video signal sending device and the video signal receiving device to obtain a session key; Performing EDID verification on the video signal receiving device to obtain encrypted EDID verification pass information; According to the encrypted EDID verification pass information, encrypting and transmitting the HDCP key and encrypting the video signal to obtain an encrypted video signal; Performing device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result; According to the connection status confirmation result, the video signal transmission status of the video signal sending device and the HDMI receiving channel of the video signal receiving device are controlled to obtain a reconstruction instruction of the video signal transmission link. 2. The method for dynamic encryption authentication of video signals according to claim 1, wherein performing bidirectional challenge-response authentication on the video signal sending device and the video signal receiving device to obtain a bidirectional identity authentication result comprises: Initializing a public key and a private key pair preset in a video signal transmitting device and a public key and a private key pair preset in a video signal receiving device to obtain two independent asymmetric key pairs; The video signal sending device generates a first random number, and encapsulates the first random number to obtain first authentication challenge information; The first authentication challenge information is sent, the video signal receiving device receives the first authentication challenge information, and digitally signs the first authentication challenge information using a private key preset in the video signal receiving device to obtain first signature information; The first signature information is transmitted, and the video signal sending device verifies the first signature information using a public key preset in the video signal receiving device to obtain a first verification result; The video signal receiving device generates a second random number, and encapsulates the second random number to obtain second authentication challenge information; The second authentication challenge information is sent, and the video signal sending device receives the second authentication challenge information and digitally signs the second authentication challenge information using a private key preset in the video signal sending device to obtain second signature information; The second signature information is transmitted, and the video signal receiving device verifies the second signature information using a public key preset in the video signal sending device to obtain a second verification result; A logical AND operation is performed based on the first verification result and the second verification result to obtain a two-way identity authentication result. 3. The method for dynamic encryption authentication of video signals according to claim 2, wherein the step of calculating a session key for the video signal transmitting device and the video signal receiving device based on the bidirectional identity authentication result to obtain the session key comprises: Performing conditional judgment based on the two-way identity authentication result, and executing a key exchange start instruction when the two-way identity authentication result is true; Initializing a preset large prime number p and a primitive root g based on the key exchange initiation instruction, and sending the large prime number p and the primitive root g to the video signal transmitting device and the video signal receiving device, respectively, to obtain a key exchange parameter; The video signal sending device generates an integer e as a first private key, and performs a modular exponentiation operation on the primitive root g and the first private key a to obtain a first random key parameter; The video signal receiving device generates an integer f as a second private key, and performs a modular exponentiation operation on the primitive root g and the second private key b to obtain a second random key parameter; The first random key parameter is sent, and the video signal receiving device receives the first random key parameter and performs a modular exponentiation operation on the first random key parameter and the second private key b to obtain a first session key; The second random key parameter is sent, and the video signal sending device receives the second random key parameter and performs a modular exponentiation operation on the second random key parameter and the first private key to obtain a second session key; The first session key and the second session key are consistency verified to obtain a consistency verification result, and the first session key or the second session key is selected based on the consistency verification result to obtain a session key. 4. The method for dynamic encryption authentication of video signals according to claim 3, wherein the step of performing EDID verification on the video signal receiving device to obtain encrypted EDID verification pass information comprises: Initializing the DDC channel of HDMI, establishing an I2C communication link between the video signal sending device and the video signal receiving device, and obtaining a DDC channel read instruction; Reading EDID raw data from an EDID register of the video signal receiving device based on the DDC channel read instruction, and parsing the EDID raw data to obtain EDID information; Segmenting the EDID information, extracting a resolution information segment, a manufacturer identification information segment, and a product identification information segment from the EDID information, and obtaining characteristic data of the video signal receiving device; Reading pre-stored device characteristic information from a memory, and segmenting the pre-stored device characteristic information to extract an expected resolution information segment, an expected manufacturer identification information segment, and an expected product identification information segment to obtain expected characteristic data; Comparing the resolution information segment in the feature data with the expected resolution information segment in the expected feature data to obtain a resolution matching result; Comparing the manufacturer identification information segment and the product identification information segment in the feature data with the expected manufacturer identification information segment and the expected product identification information segment in the expected feature data to obtain a device identification matching result; A logical AND operation is performed based on the resolution matching result and the device identification matching result to generate EDID verification pass information, and the EDID verification pass information is encrypted using the session key to obtain encrypted EDID verification pass information. 5. The method for dynamic encryption authentication of video signals according to claim 4, wherein the step of encrypting and transmitting the HDCP key and encrypting the video signal based on the encrypted EDID verification pass information to obtain the encrypted video signal comprises: The video signal receiving device decrypts the encrypted EDID verification pass information using the session key to obtain the decrypted EDID verification pass information, and verifies the decrypted EDID verification pass information to obtain an HDCP startup instruction; Establishing an HDMI connection between the video signal transmitting device and the video signal receiving device based on the HDCP startup instruction, and enabling HDCP on the HDMI connection to obtain an HDCP physical link; The video signal sending device sends an HDCP capability negotiation request through the HDCP physical link, obtains HDCP version information of the video signal receiving device and performs version matching to obtain an HDCP version negotiation result; generating an HDCP key based on the HDCP version negotiation result, segmenting the HDCP key to obtain key data segments, and encrypting the key data segments using the session key to obtain encrypted key data segments; The encrypted key data segment is transmitted, and the video signal receiving device receives the encrypted key data segment and decrypts it using the session key to reconstruct the HDCP key; The video signal transmitting device generates an HDCP key verification code, encrypts the HDCP key verification code for transmission, and verifies the code by the video signal receiving device to obtain an HDCP key verification result; The video data input channel of the video signal sending device is enabled based on the HDCP key verification result, and the input video signal is encrypted using the HDCP key to obtain an encrypted video signal. 6. The method for dynamic encryption authentication of a video signal according to claim 5, wherein the step of performing device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result comprises: Reading a preset heartbeat detection time interval, and generating a heartbeat detection trigger instruction based on the heartbeat detection time interval; The video signal sending device generates a random sequence based on the heartbeat detection trigger instruction, and encapsulates the random sequence to obtain heartbeat detection information; Encrypting the heartbeat detection information using the session key to obtain encrypted heartbeat detection information; The encrypted heartbeat detection information is transmitted, and the video signal receiving device decrypts the encrypted heartbeat detection information using the session key to obtain decrypted heartbeat detection information; The video signal receiving device digitally signs the decrypted heartbeat detection information to obtain heartbeat response information, and encrypts the heartbeat response information using the session key to obtain encrypted heartbeat response information; The encrypted heartbeat response information is transmitted, and the video signal sending device decrypts the encrypted heartbeat response information using the session key to obtain decrypted heartbeat response information; The digital signature in the decrypted heartbeat response information is verified to obtain a connection status confirmation result. 7. The video signal dynamic encryption authentication method according to claim 6, wherein the step of controlling the video signal transmission state of the video signal transmitting device and the HDMI receiving channel of the video signal receiving device according to the connection status confirmation result to obtain a video signal transmission link reconstruction instruction comprises: According to the connection status confirmation result, the video signal sending device performs abnormal status detection on the first signature information, the second signature information, the EDID verification pass information, the HDCP key verification result, and the heartbeat response information to obtain sending end abnormal status information; The video signal receiving device performs abnormal state detection on the first signature information, the second signature information, the EDID verification pass information, the HDCP key verification code, and the heartbeat detection information to obtain receiving end abnormal state information; Generate an abnormal state flag based on the abnormal state information of the sending end and the abnormal state information of the receiving end, perform state judgment on the abnormal state flag, and obtain an abnormal processing trigger instruction; Closing the video signal transmission channel of the video signal transmitting device based on the exception handling trigger instruction to obtain a video signal transmission interrupt instruction, and closing the HDMI receiving channel of the video signal receiving device based on the exception handling trigger instruction to obtain an HDMI receiving interrupt instruction; Status confirmation is performed on the video signal sending interrupt instruction and the HDMI receiving interrupt instruction to obtain channel closing status information, and a video signal transmission link reconstruction instruction is generated based on the channel closing status information. 8. A video signal dynamic encryption authentication system, characterized in that it is used to execute the video signal dynamic encryption authentication method according to any one of claims 1 to 7, comprising: An authentication module is used to perform a two-way challenge-response authentication on the video signal sending device and the video signal receiving device to obtain a two-way identity authentication result; a key calculation module, configured to calculate a session key for the video signal sending device and the video signal receiving device based on the two-way identity authentication result to obtain a session key; A verification module, configured to perform EDID verification on the video signal receiving device and obtain encrypted EDID verification pass information; An encryption transmission module is used to encrypt and transmit the HDCP key and encrypt the video signal according to the encrypted EDID verification pass information to obtain an encrypted video signal; a response detection module, configured to perform device heartbeat response detection based on the encrypted video signal to obtain a connection status confirmation result; A reconstruction module is used to control the video signal transmission state of the video signal sending device and the HDMI receiving channel of the video signal receiving device according to the connection status confirmation result, and obtain a reconstruction instruction for the video signal transmission link.