CN101420587A - Network video collecting device, network video monitoring system and method - Google Patents
Network video collecting device, network video monitoring system and method Download PDFInfo
- Publication number
- CN101420587A CN101420587A CN 200810225796 CN200810225796A CN101420587A CN 101420587 A CN101420587 A CN 101420587A CN 200810225796 CN200810225796 CN 200810225796 CN 200810225796 A CN200810225796 A CN 200810225796A CN 101420587 A CN101420587 A CN 101420587A
- Authority
- CN
- China
- Prior art keywords
- terminal
- video
- authentication
- audio
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000012544 monitoring process Methods 0.000 title claims abstract description 25
- 230000008569 process Effects 0.000 claims abstract description 32
- 238000004891 communication Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims abstract description 19
- 230000006835 compression Effects 0.000 claims abstract description 10
- 238000007906 compression Methods 0.000 claims abstract description 10
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 230000008901 benefit Effects 0.000 description 6
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Abstract
The invention discloses a network video capture device, a network video monitoring system and a method, the network video capture device is arranged at a terminal of the network video monitoring system and comprises an audio and video capture unit for capturing real-time image and sound data, an audio and video compression unit for carrying out the compression of the image and the sound data and converting the image and the sound data to transmissible video data, a network transmission unit for transmitting the transmissible video data to a server end, a user authentication unit for saving the operation parameters of the terminal and utilizing the non-symmetric encryption algorithm to carry out the device authentication on the device, and a central processing unit for completing the device authentication process by being matched with the user authentication unit; when the device authentication is passed, the operation parameters of the terminal are obtained, and the network communication is carried out through the network transmission unit and the service end according to the operation parameters of the terminal. The authentication of the video capture device which is accessed to the network video monitoring system can be carried out by setting the user authentication unit, thereby protecting the interests of a system operator.
Description
Technical field
The present invention relates to the Network Video Surveillance technical field, refer in particular to a kind of network video collecting device and the network video monitor and control system, the method that adopt this network video collecting device.
Background technology
Along with computer, network, development of Communication Technique, be that the network remote monitoring of platform and the fields such as security protection, traffic that are controlled at are more and more universal with the network and the communication technology.
Video capture device in the existing network video monitoring system, as web camera, video server or DVR etc., on-the-spot voice and image are gathered in real time, after this voice signal that collects and picture signal be converted into digital signal, transfer to the server of Surveillance center by general Ethernet, optical networking, user side can be connected to this monitoring central server by internet or LAN, visits the realtime graphic that this video capture device transmits according to the IP address of video capture device.Compare with traditional video monitoring system, the network video monitor and control system automations such as compression, storage, analysis, demonstration and warning that computer carries out video information of being more convenient for are handled, and realize monitoring at a distance.
For guaranteeing the video content safety of transmission, web camera in the existing network video monitoring system, video server or DVR are at collection site sound and image and when carrying out Network Transmission, the conduct interviews subscription authentication of end of the mode of the server of Surveillance center by software, judge whether this IP address of carrying out the equipment of video transmission belongs to secure address, have only under the situation that authentication is passed through, the video Data Transmission that just allows this access end is to monitoring central server.Yet the method for this kind subscription authentication authentication, owing to can only be that authentication is carried out in the address of client, the video capture device that can not guarantee the access network video monitoring system is legal and the compliance with system specification requirement, thereby is difficult to ensure the network service system benefits of operators.
Summary of the invention
The purpose of technical solution of the present invention provides a kind of network video collecting device and the network video monitor and control system, the method that adopt this network video collecting device, by the subscription authentication unit of hardware device is set in network video collecting device, not only can carry out authentication to the terminal use, guarantee the fail safe of video transmission content, and can the video capture device of access network video monitoring system be authenticated, ensure the network service system benefits of operators.
For achieving the above object, one aspect of the present invention provides a kind of network video collecting device, is arranged in the terminal of network video monitor and control system, and described device comprises: the audio-video collection unit is used for real-time images acquired and voice data; The audio frequency and video compression unit, but be used for described image and voice data being compressed and being converted to transmitting video data; The Network Transmission unit, but be used for described transmitting video data is transferred to server end; The subscription authentication unit is used to preserve the terminal operating parameter, and utilizes rivest, shamir, adelman, and described device is carried out device authentication; CPU, be used to cooperate described subscription authentication unit to finish the device authentication process, under the situation that described device authentication passes through, obtain described terminal operating parameter, carry out network communication according to described terminal operating parameter by described Network Transmission unit and described server end.
Preferably, above-mentioned described network video collecting device, terminal public key and terminal secret key are preserved in described subscription authentication unit, in described device authentication process, described subscription authentication unit generates random number, and encrypts described random number with described terminal secret key and send to described CPU.
Preferably, above-mentioned described network video collecting device, described CPU is obtained described terminal public key from described subscription authentication unit, and deciphers described random number with described terminal public key, obtains to be sent to described subscription authentication unit behind the device authentication data decryption.
Preferably, above-mentioned described network video collecting device, described subscription authentication unit are used to also judge whether described device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
Preferably, above-mentioned described network video collecting device, described subscription authentication unit also is used to preserve the server end PKI, utilize rivest, shamir, adelman, with described server end PKI the network of described terminal operating parameter being connected encrypted authentication information is to be sent to described server end after the ciphertext, makes described server end carry out terminal authentication according to described ciphertext to described terminal.
Preferably, above-mentioned described network video collecting device, described subscription authentication unit also is used to generate session key, but the audio and video data streams of the described transmitting video data of client being desired to read with described session key encrypt, and with client public key to described session key.
Preferably, above-mentioned described network video collecting device, described terminal operating parameter comprises medium access address MAC, current unique identifier PUID, terminal password, encoder control information.
The present invention provides a kind of network video monitor and control system on the other hand, described system comprises: the audio-video collection terminal, comprise audio and video acquisition devices, gather the image and the voice data of described audio-video collection terminal by described audio and video acquisition devices, but with the compression of described image and voice data and be converted to transmitting video data; The subscription authentication unit is arranged at described audio and video acquisition devices, is used to preserve the terminal operating parameter, utilize rivest, shamir, adelman, described audio and video acquisition devices is carried out device authentication, when described device authentication passes through, described terminal operating parameter is sent to described audio and video acquisition devices; Server end is used for described audio-video collection terminal is carried out terminal authentication, when described terminal authentication passes through, carries out network communication with described terminal audio and video acquisition devices, but receives described transmitting video data; Client is used for carrying out network communication with described server end, but browses the audio frequency and video image of described transmitting video data correspondence by described server end.
Preferably, above-mentioned described system, described audio and video acquisition devices comprises: CPU, be used to cooperate described subscription authentication unit to finish described device authentication, under the situation that described device authentication passes through, obtain described terminal operating parameter, according to of the network communication of described terminal operating parameter by described audio-video collection terminal and described server end.
Preferably, above-mentioned described system, terminal public key and terminal secret key are preserved in described subscription authentication unit, in described device authentication process, described subscription authentication unit generates random number, and encrypts described random number with described terminal secret key and send to described CPU.
Preferably, above-mentioned described system, described CPU is obtained described terminal public key from described subscription authentication unit, and deciphers described random number with described terminal public key, obtains to be sent to described subscription authentication unit behind the device authentication data decryption.
Preferably, above-mentioned described system, described subscription authentication unit is used to also judge whether described device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
Preferably, above-mentioned described system, described subscription authentication unit also is used to preserve the server end PKI, utilize rivest, shamir, adelman, with described server end PKI the network of described terminal operating parameter being connected encrypted authentication information is to be sent to described server end after the ciphertext, makes described server end carry out terminal authentication according to described ciphertext to described audio-video collection terminal.
Preferably, above-mentioned described system, described server end passes through the server end private key to described decrypt ciphertext, obtain the terminal authentication data decryption, and the end message that described terminal authentication data decryption and described server end are preserved mates, if the match is successful, then described terminal authentication passes through.
Preferably, above-mentioned described system, described subscription authentication unit also is used to generate session key, and the data flow of the described audio frequency and video image of described client being desired to read with described session key is encrypted, and with client public key to described session key.
Preferably, above-mentioned described system, described client also were used for deciphering described session key with client private key before browsing described audio frequency and video image, and deciphered described audio and video data streams with the described session key after the deciphering.
Further aspect of the present invention also provides a kind of network video monitoring method, and described method comprises: audio and video acquisition devices is arranged in the audio-video collection terminal of network video monitor and control system; Utilize rivest, shamir, adelman, described audio and video acquisition devices is carried out device authentication, when described device authentication passes through, described terminal operating parameter is sent to described audio and video acquisition devices, make described audio and video acquisition devices connecting system network; The server end of described network video monitor and control system carries out terminal authentication to described audio-video collection terminal, when described terminal authentication passes through, carry out network communication with described terminal audio and video acquisition devices, receive the audio and video data streams that described audio and video acquisition devices sends.
Preferably, above-mentioned described method, described server end receives before the described audio and video data streams that described audio and video acquisition devices sends, also comprise with session key described audio and video data streams encrypted, and with client public key to described session key.
Preferably, above-mentioned described method, the process of described device authentication comprises: generate a random number, encrypt described random number with terminal secret key and send to described audio and video acquisition devices; Described audio and video acquisition devices is deciphered described random number with terminal public key, obtains the device authentication data decryption; Judge whether described device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
Preferably, above-mentioned described method, the process of described terminal authentication comprises: it is to be sent to described server end after the ciphertext that described audio and video acquisition devices connects encrypted authentication information with described server end PKI with the network of described terminal operating parameter; Described server end passes through the server end private key to described decrypt ciphertext, obtain the terminal authentication data decryption, and all end messages that described terminal authentication data decryption and described server end are preserved mate, if the match is successful, then described terminal authentication passes through, if coupling is unsuccessful, then described terminal authentication does not pass through.
At least one of technique scheme has following beneficial effect, described network video collecting device of the specific embodiment of the invention and the network video monitor and control system that adopts this network video collecting device, method, the terminal operating parameter is arranged at the subscription authentication unit, utilize rivest, shamir, adelman that the network video collecting device that accesses terminal is carried out authentication, the video acquisition device that only allows authentication to pass through obtains the terminal operating parameter, therefore can provide more strong guarantee for the equipment control of network video monitor and control system, and then ensure the network service system benefits of operators; In addition, also, utilize rivest, shamir, adelman, finish the encryption function of audio/video flow data, and cooperate and to make server end carry out terminal authentication, therefore can also protect customer information effectively and guarantee the privacy of monitor message by the subscription authentication unit.
Description of drawings
Fig. 1 is the structural representation of prior art network video monitor and control system;
Fig. 2 is the structural representation of the described network video collecting device of the specific embodiment of the invention;
Fig. 3 is for carrying out the flow chart of device authentication process by described subscription authentication unit;
Fig. 4 is for carrying out the flow chart of terminal authentication procedure by described subscription authentication unit;
Fig. 5 is the schematic flow sheet of the described network video collecting device of the specific embodiment of the invention to the audio/video flow data encryption;
Fig. 6 obtains the decrypting process schematic diagram of audio/video flow data for client;
Fig. 7 is the structural representation of the described network video monitor and control system of the specific embodiment of the invention;
Fig. 8 is the schematic flow sheet of the described network video monitoring method of the specific embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, describe the present invention below in conjunction with the accompanying drawings and the specific embodiments.
The described network video collecting device of the specific embodiment of the invention and the network video monitor and control system, the method that adopt this network video collecting device, by network video collecting device the subscription authentication unit is set in the network video monitor and control system terminal, can guarantee to have only watch-dog just can be connected to supervisory control system through the network video monitor and control system mandate, thus effective maintaining network service system benefits of operators.
Fig. 1 is the syndeton schematic diagram of network video monitor and control system, this network video collecting device is arranged in the terminal of network video monitor and control system, in order to image and the voice data that obtains the supervisory control system end, be transmitted through the network to long-range server end, the audio frequency and video image that client can be obtained by the server end browsing terminal.
Fig. 2 is the structural representation of the described network video collecting device of the specific embodiment of the invention, consults Fig. 1, and this device comprises: audio-video collection unit, audio frequency and video compression unit, Network Transmission unit, subscription authentication unit, CPU, wherein:
The audio-video collection unit is used for the image and the voice data of real-time acquisition terminal;
The audio frequency and video compression unit compresses and is converted to transmitting video data but be used for the image that will be collected and voice data;
The Network Transmission unit, but be used for described transmitting video data is transferred to server end;
The subscription authentication unit is used to preserve terminal operating parameter, terminal public key, terminal secret key, according to this terminal public key and this terminal secret key, utilizes rivest, shamir, adelman, and network video collecting device is carried out device authentication;
CPU, be used to control the co-ordination of whole device, comprise and cooperate this subscription authentication unit to finish the device authentication process, under the situation that this device authentication passes through, obtain the terminal operating parameter, carry out network communication according to this terminal operating parameter by this Network Transmission unit and server end, but transmitting video data is transferred to described server end.
This terminal operating parameter comprises MAC Address (Media Access Control medium access address), PUID (Passport Unique Id pass through unique identifier), terminal password, because MAC Address is the necessary address that network video collecting device moves in network monitoring system, not having this MAC Address can't move by normal cluster, PUID, terminal password is that network video collecting device connects relevant authentication information with the webserver, therefore network video collecting device only has this terminal operating parameter, can be connected to network video monitor and control system, normally operation in system.And the network video collecting device of the specific embodiment of the invention, ensure that the terminal operating parameter that this device moves is stored in the subscription authentication unit in supervisory control system, have only after the subscription authentication unit passes through the device authentication of this device, just can make device obtain the terminal operating parameter, can in system, move.
In addition; adopt the mode of this subscription authentication unit to device authentication; to a certain extent the software of back-up system operation is protected simultaneously; this is because the crucial operational factor of system terminal is stored in the subscription authentication unit; only copy systems soft ware fully merely; can not obtain crucial terminal operating parameter, system is normally moved.
The process that described subscription authentication unit carries out device authentication to described network video collecting device by rivest, shamir, adelman as shown in Figure 3, consult Fig. 3, the process of this device authentication is from step S301, the terminal of described network video collecting device access network video monitoring system.
Step S302, described CPU is obtained terminal public key from the subscription authentication unit;
Step S303, the subscription authentication unit generates a random number, and encrypts described random number with described terminal secret key and send to described CPU;
Step S304, CPU is deciphered described random number with terminal public key, obtains the device authentication data decryption;
Step S305, CPU is sent to the subscription authentication unit with described device authentication data decryption;
Step S306, whether the described device authentication data decryption of subscription authentication unit judges is correct, if judged result is for being that then this device authentication passes through, and allows this device access network video monitoring system, flow performing step S307, if judged result is that then this device authentication can not pass through, and illustrates that this device is not the specified equipment of service provider of video monitoring system, forbid this device access network video monitoring system, execution in step S308;
Step S307 is sent to CPU with the terminal operating parameter, makes device continue operation;
Step S308, the process of the said equipment authentication finishes.
In addition, in the specific embodiment of the invention, described subscription authentication unit is set except can authenticating, also has and encrypt audio/video information and cooperate server end to realize the function of server end terminal authentication to the video acquisition device that is installed on user terminal.
Described subscription authentication unit is by preserving the server end PKI, utilize rivest, shamir, adelman, be sent to described server end after with described server end PKI described terminal operating parameter being encrypted as ciphertext, make described server end carry out terminal authentication to described terminal according to described ciphertext.The verification process of concrete this terminal sees also Fig. 4.
As shown in Figure 4, this terminal authentication procedure also comprises from step S401:
Step S402, the CPU of terminal is sent to server end after by the server end PKI that is kept at the subscription authentication unit PUID, terminal password being encrypted as ciphertext;
Step S403, server end utilize the server end private key to described decrypt ciphertext, and the deciphering back obtains the terminal authentication data decryption;
Step S404, the terminal client information that server end is preserved described terminal authentication data decryption and this server end is in advance compared;
Step S405 judges whether to exist the comparison successful information, if judged result is for being, illustrate that then this terminal is a validated user, execution in step S406 is not as if judged result downwards, illustrate that then this terminal is the disabled user, forbid that this terminal use inserts supervisory control system, downwards execution in step S407;
Step S406, terminal allows the terminal transmission audio, video data by authentication;
Step S407 finishes.
By the terminal authentication procedure of above step S401 to S407, can forbid illegal terminal user access network video monitoring system, thereby effectively protect customer information, prevent to be eavesdropped or duplicate.
In addition, described subscription authentication unit also has and cooperates described CPU, to the function of the audio/video flow data encryption transmitted.In network video monitor and control system, when client is browsed the audio frequency and video image of described network video collecting device by server end at every turn, the CPU of this network video collecting device all can be carried out the communication dialogue with the subscription authentication unit, generate session key, encrypt with the audio-video code stream that session key is desired to browse to client.
Described network video collecting device is consulted Fig. 5 to the process of audio/video flow data encryption as shown in Figure 5, and this process comprises from step S501:
Step S502, described subscription authentication unit generates session key, and this session key can be one 128 random numbers;
Step S503, the audio/video flow that described CPU is desired to browse to client with session key is encrypted, and with client public key session key is further encrypted, and obtains encryption key;
Step S504, by the Network Transmission unit with described encryption key to client transmissions.
Step S505, ciphering process finishes.
The decrypting process that described client is obtained described audio/video flow data is consulted Fig. 6 as shown in Figure 6, and this process comprises from step S601:
Step S602, described client is obtained described encryption key;
Step S603 deciphers this encryption key with client private key, obtains described session key;
Step S604 with the audio/video flow data that described session key deciphering is obtained, browses corresponding audio frequency and video image information;
Step S605, decrypting process finishes.
Above step S501 to S505 is to the process of audio/video flow data encryption, because the session key that obtains during the audio frequency and video image of the each browsing terminal of client is all different, and this session key is to calculate to lift through asymmetric encryption to encrypt, therefore can prevent effectively that session key from being intercepted and captured, and then guarantee the privacy of monitor message.
Particularly, the subscription authentication unit in the described network video collecting device of the specific embodiment of the invention can be realized by SIM card, UIM card or USB-key.
The specific embodiment of the invention also provides a kind of network video monitor and control system with above-mentioned network video collecting device on the other hand, consults Fig. 7, and this system comprises:
The audio-video collection terminal comprises audio and video acquisition devices, gathers the image and the voice data of this end by described audio and video acquisition devices, but with the compression of described image and voice data and be converted to transmitting video data;
The subscription authentication unit, be arranged at described audio and video acquisition devices, preserve terminal public key, terminal secret key, be used to utilize rivest, shamir, adelman, described audio and video acquisition devices is carried out device authentication, when described device authentication passes through, described terminal operating parameter is sent to described audio and video acquisition devices;
Server end is used for described audio-video collection terminal is carried out terminal authentication, when described terminal authentication passes through, carries out network communication with described terminal audio and video acquisition devices, but receives described transmitting video data;
Client is used for carrying out network communication with described server end, but browses the audio frequency and video image of described transmitting video data correspondence by described server end.
Described subscription authentication unit can be consulted shown in Figure 3 by the process that rivest, shamir, adelman carries out device authentication to described audio and video acquisition devices, usually audio and video acquisition devices all has a CPU, cooperate the subscription authentication unit to finish device authentication by this CPU, under the situation that device authentication passes through, obtain described terminal operating parameter, control the network communication of described audio-video collection terminal and described server end according to described terminal operating parameter.
The method of subscription authentication unit actuating equipment authentication is: generate a random number, encrypt described random number with described terminal secret key and send to described CPU, CPU is deciphered described random number with terminal public key, obtain the device authentication data decryption, when this authentication data decryption of subscription authentication unit judges is correct, then device authentication passes through, and concrete verification process is consulted Fig. 3, is not described in detail in this.
Wherein, this audio and video acquisition devices comprises web camera, video server, DVR, adopt the described system of the specific embodiment of the invention, those audio and video acquisition devices access network video monitoring system terminals, only after the authentication of subscription authentication unit is passed through, the terminal operating parameter that could obtain the assurance device operation (comprises MAC Address, PUID, terminal password etc.), can operate by connecting system, therefore being connected to that the Internet video prison can be set at by the device in the system must be the equipment of network service system operator permission, guarantee benefits of operators thus.In addition; adopt the mode of this subscription authentication unit to device authentication; to a certain extent the software of back-up system operation is protected simultaneously; this is because the crucial operational factor of system terminal is stored in the subscription authentication unit; only copy systems soft ware fully merely; can not obtain crucial terminal operating parameter, system is normally moved.
In addition, the described system of the specific embodiment of the invention is provided with the subscription authentication unit except can authenticating the video acquisition device that is installed on user terminal, also has to encrypt audio/video information and cooperate server end to realize the function of server end to terminal authentication.
Described subscription authentication unit is by preserving the server end PKI, utilize rivest, shamir, adelman, be sent to described server end after with described server end PKI described terminal operating parameter being encrypted as ciphertext, make described server end carry out terminal authentication to described terminal according to described ciphertext.The verification process of concrete this terminal sees also Fig. 4.The CPU of audio and video acquisition devices is sent to server end after by the server end PKI that is kept at the subscription authentication unit PUID, terminal password being encrypted as ciphertext, server end utilizes the server end private key to described decrypt ciphertext, the deciphering back obtains the terminal authentication data decryption, the terminal client information that described terminal authentication data decryption and this server end are preserved is in advance compared again, if there are the successful data of comparison, then the authentication of this terminal is passed through, and can judge that it is a validated user.By this terminal authentication procedure, can forbid illegal terminal user access network video monitoring system, thereby effectively protect customer information, prevent to be eavesdropped or duplicate.
In addition, described subscription authentication unit also has and cooperates described CPU, and to the function of the audio/video flow data encryption transmitted, this ciphering process can be consulted shown in Figure 5.When client is browsed the audio frequency and video image of described network video collecting device by server end at every turn, CPU all can be carried out the communication dialogue with the subscription authentication unit, generate session key, encrypt with the audio-video code stream that session key is desired to browse to client, and with client public key to session key.
The decrypting process of client deciphering audio/video flow data as shown in Figure 6, described client is obtained the session key after the encryption, with the client private key deciphering, obtains session key, so the audio/video flow data of being obtained with this session key deciphering are browsed corresponding audio frequency and video image information.
The subscription authentication unit of the specific embodiment of the invention can adopt SIM card, UIM card or USB-key to realize, insert audio and video acquisition devices as peripheral apparatus, also can adopt the mode that the subscription authentication unit directly is arranged at the primary processor of audio and video acquisition devices, make primary processor support rivest, shamir, adelman, have the function of subscription authentication authentication.
The specific embodiment of the invention also provides a kind of network video monitoring method on the other hand, adopts this method for supervising, except that can carrying out audio/video flow encryption, terminal authentication, can also the audio and video acquisition devices that add terminal be authenticated.Principle schematic such as Fig. 8 of described method show that this method also comprises from step S801:
Step S802, audio and video acquisition devices is arranged in the terminal of network video monitor and control system;
Step S803 utilizes rivest, shamir, adelman, and described audio and video acquisition devices is carried out device authentication;
Step S804, whether the judgment device authentication is passed through, if judged result is for being, then the terminal operating parameter is sent to audio and video acquisition devices, make audio and video acquisition devices connecting system network, and downward execution in step S805, if judged result is for denying, then execution in step S808 refuses this audio and video acquisition devices connecting system network operation;
Step S805 utilizes rivest, shamir, adelman, and server end carries out terminal authentication to the audio-video collection terminal;
Step S806 judges whether this terminal authentication passes through, if judged result is for being, and execution in step S807 downwards then, if judged result is not for, then execution in step S808 rejects the audio, video data from this terminal transmission;
Step S807 begins in System Operation the audio and video acquisition devices that accesses terminal, and carries out network communication with server end;
Step S808 finishes.
In above-mentioned method, when client is browsed the audio frequency and video image of described network video collecting device by server end at every turn, this method also comprises generation one session key, encrypt with the audio-video code stream that this session key is desired the browse graph picture to client, and with client public key to session key.When client desires to browse corresponding audio frequency and video image information, need obtain the session key after the encryption,, obtain session key, so decipher the audio/video flow data of being obtained with this session key with the client private key deciphering.
The process of the device authentication of the described method of the specific embodiment of the invention comprises:
Generate a random number, encrypt this random number with terminal secret key and send to audio and video acquisition devices;
Audio and video acquisition devices is deciphered this random number with terminal public key, obtains the device authentication data decryption;
Judge whether this device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
The process of described terminal authentication comprises:
It is to be sent to server end after the ciphertext that audio and video acquisition devices connects encrypted authentication information with the server end PKI with the network of terminal operating parameter;
Decrypt ciphertext after this server end is encrypted this by the server end private key, obtain the terminal authentication data decryption, and all end messages that this terminal authentication data decryption and server end are preserved mate, if the match is successful, then described terminal authentication passes through, if coupling is unsuccessful, then described terminal authentication does not pass through.
Described terminal operating parameter comprises medium access address MAC, current unique identifier PUID, terminal password, encoder control information, network video collecting device only has this terminal operating parameter, can be connected to network video monitor and control system, normally operation in system.
Therefore, the described network video collecting device of the specific embodiment of the invention and the network video monitor and control system, the method that adopt this network video collecting device, the terminal operating parameter is arranged at the subscription authentication unit, the video acquisition device that only allows authentication to pass through obtains the terminal operating parameter, can be the equipment control of network video monitor and control system, the safe transmission of video content provides more strong guarantee.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (20)
1. network video collecting device is arranged in the terminal of network video monitor and control system, it is characterized in that described device comprises:
The audio-video collection unit is used for real-time images acquired and voice data;
The audio frequency and video compression unit, but be used for described image and voice data being compressed and being converted to transmitting video data;
The Network Transmission unit, but be used for described transmitting video data is transferred to server end;
The subscription authentication unit is used to preserve the terminal operating parameter, and utilizes rivest, shamir, adelman, and described device is carried out device authentication;
CPU, be used to cooperate described subscription authentication unit to finish the device authentication process, under the situation that described device authentication passes through, obtain described terminal operating parameter, carry out network communication according to described terminal operating parameter by described Network Transmission unit and described server end.
2. network video collecting device as claimed in claim 1, it is characterized in that, terminal public key and terminal secret key are preserved in described subscription authentication unit, in described device authentication process, described subscription authentication unit generates random number, and encrypts described random number with described terminal secret key and send to described CPU.
3. network video collecting device as claimed in claim 2, it is characterized in that, described CPU is obtained described terminal public key from described subscription authentication unit, and deciphers described random number with described terminal public key, obtains to be sent to described subscription authentication unit behind the device authentication data decryption.
4. network video collecting device as claimed in claim 3 is characterized in that, described subscription authentication unit is used to also judge whether described device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
5. network video collecting device as claimed in claim 1, it is characterized in that, described subscription authentication unit also is used to preserve the server end PKI, utilize rivest, shamir, adelman, with described server end PKI the network of described terminal operating parameter being connected encrypted authentication information is to be sent to described server end after the ciphertext, makes described server end carry out terminal authentication according to described ciphertext to described terminal.
6. network video collecting device as claimed in claim 1, it is characterized in that, described subscription authentication unit also is used to generate session key, but the audio and video data streams of the described transmitting video data of client being desired to read with described session key is encrypted, and with client public key to described session key.
7. network video collecting device as claimed in claim 1 is characterized in that, described terminal operating parameter comprises medium access address MAC, current unique identifier PUID, terminal password, encoder control information.
8. a network video monitor and control system is characterized in that, described system comprises:
The audio-video collection terminal comprises audio and video acquisition devices, gathers the image and the voice data of described audio-video collection terminal by described audio and video acquisition devices, but with the compression of described image and voice data and be converted to transmitting video data;
The subscription authentication unit is arranged at described audio and video acquisition devices, is used to preserve the terminal operating parameter, utilize rivest, shamir, adelman, described audio and video acquisition devices is carried out device authentication, when described device authentication passes through, described terminal operating parameter is sent to described audio and video acquisition devices;
Server end is used for described audio-video collection terminal is carried out terminal authentication, when described terminal authentication passes through, carries out network communication with described terminal audio and video acquisition devices, but receives described transmitting video data;
Client is used for carrying out network communication with described server end, but browses the audio frequency and video image of described transmitting video data correspondence by described server end.
9. system as claimed in claim 8 is characterized in that, described audio and video acquisition devices comprises:
CPU, be used to cooperate described subscription authentication unit to finish described device authentication, under the situation that described device authentication passes through, obtain described terminal operating parameter, according to of the network communication of described terminal operating parameter by described audio-video collection terminal and described server end.
10. system as claimed in claim 9, it is characterized in that terminal public key and terminal secret key are preserved in described subscription authentication unit, in described device authentication process, described subscription authentication unit generates random number, and encrypts described random number with described terminal secret key and send to described CPU.
11. system as claimed in claim 10, it is characterized in that, described CPU is obtained described terminal public key from described subscription authentication unit, and deciphers described random number with described terminal public key, obtains to be sent to described subscription authentication unit behind the device authentication data decryption.
12. system as claimed in claim 11 is characterized in that, described subscription authentication unit is used to also judge whether described device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
13. system as claimed in claim 8, it is characterized in that, described subscription authentication unit also is used to preserve the server end PKI, utilize rivest, shamir, adelman, with described server end PKI the network of described terminal operating parameter being connected encrypted authentication information is to be sent to described server end after the ciphertext, makes described server end carry out terminal authentication according to described ciphertext to described audio-video collection terminal.
14. system as claimed in claim 13, it is characterized in that, described server end passes through the server end private key to described decrypt ciphertext, obtain the terminal authentication data decryption, and the end message that described terminal authentication data decryption and described server end are preserved mates, if the match is successful, then described terminal authentication passes through.
15. system as claimed in claim 8, it is characterized in that, described subscription authentication unit also is used to generate session key, and the data flow of the described audio frequency and video image of described client being desired to read with described session key is encrypted, and with client public key to described session key.
16. system as claimed in claim 15 is characterized in that, described client also was used for deciphering described session key with client private key before browsing described audio frequency and video image, and deciphered described audio and video data streams with the described session key after the deciphering.
17. a network video monitoring method is characterized in that, described method comprises:
Audio and video acquisition devices is arranged in the audio-video collection terminal of network video monitor and control system;
Utilize rivest, shamir, adelman, described audio and video acquisition devices is carried out device authentication, when described device authentication passes through, described terminal operating parameter is sent to described audio and video acquisition devices, make described audio and video acquisition devices connecting system network;
The server end of described network video monitor and control system carries out terminal authentication to described audio-video collection terminal, when described terminal authentication passes through, carry out network communication with described terminal audio and video acquisition devices, receive the audio and video data streams that described audio and video acquisition devices sends.
18. method as claimed in claim 17, it is characterized in that, described server end receives before the described audio and video data streams that described audio and video acquisition devices sends, also comprise with session key described audio and video data streams encrypted, and with client public key to described session key.
19. method as claimed in claim 17 is characterized in that, the process of described device authentication comprises:
Generate a random number, encrypt described random number with terminal secret key and send to described audio and video acquisition devices;
Described audio and video acquisition devices is deciphered described random number with terminal public key, obtains the device authentication data decryption;
Judge whether described device authentication data decryption is correct, if judged result then authenticates and passes through for being, if judged result is not, then authentication can not be passed through.
20. method as claimed in claim 17 is characterized in that, the process of described terminal authentication comprises:
It is to be sent to described server end after the ciphertext that described audio and video acquisition devices connects encrypted authentication information with described server end PKI with the network of described terminal operating parameter;
Described server end passes through the server end private key to described decrypt ciphertext, obtain the terminal authentication data decryption, and all end messages that described terminal authentication data decryption and described server end are preserved mate, if the match is successful, then described terminal authentication passes through, if coupling is unsuccessful, then described terminal authentication does not pass through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810225796 CN101420587B (en) | 2008-11-13 | 2008-11-13 | Network video collecting device, network video monitoring system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810225796 CN101420587B (en) | 2008-11-13 | 2008-11-13 | Network video collecting device, network video monitoring system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101420587A true CN101420587A (en) | 2009-04-29 |
| CN101420587B CN101420587B (en) | 2013-04-17 |
Family
ID=40631150
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810225796 Active CN101420587B (en) | 2008-11-13 | 2008-11-13 | Network video collecting device, network video monitoring system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101420587B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316110A (en) * | 2011-09-14 | 2012-01-11 | 福建三元达软件有限公司 | Authentication method for data terminal to access to server |
| CN102497581A (en) * | 2011-12-14 | 2012-06-13 | 广州杰赛科技股份有限公司 | Digital-certificate-based video monitoring data transmission method and system |
| CN102932143A (en) * | 2011-08-10 | 2013-02-13 | 上海康纬斯电子技术有限公司 | Authentication, encryption and decryption and tamper-proofing method in digital interrogation device |
| CN103020504A (en) * | 2012-12-03 | 2013-04-03 | 鹤山世达光电科技有限公司 | Image management system and image management method based on fingerprint identification |
| CN103763469A (en) * | 2014-01-03 | 2014-04-30 | 浙江宇视科技有限公司 | Simulation camera and parameter configuration method thereof |
| CN104105096A (en) * | 2014-07-28 | 2014-10-15 | 浙江宇视科技有限公司 | Wireless access method of internet protocol camera (IPC) devices |
| CN104702437A (en) * | 2015-02-28 | 2015-06-10 | 深圳市宝德软件开发有限公司 | Device for using two-dimensional code to perform network configuration for equipment |
| CN106331867A (en) * | 2015-06-23 | 2017-01-11 | 上海华虹集成电路有限责任公司 | Network camera security reinforcement system based on CA authentication |
| CN107087142A (en) * | 2017-05-10 | 2017-08-22 | 武汉市公安局公共交通分局 | Video investigation data acquisition device and its method under a kind of line |
| CN107343179A (en) * | 2017-08-14 | 2017-11-10 | 华北电力大学 | A kind of video information encryption and video terminal security certification system, authentication method and its application |
| CN107844149A (en) * | 2017-09-02 | 2018-03-27 | 孟旭 | A kind of greenhouse intelligent detecting system based on Internet of Things |
| CN108174151A (en) * | 2017-12-27 | 2018-06-15 | 北京计算机技术及应用研究所 | Video monitoring system and control method, the call method of video information |
| CN108282456A (en) * | 2017-12-08 | 2018-07-13 | 济南中维世纪科技有限公司 | The method that web camera mandate accesses |
| CN108449563A (en) * | 2018-02-01 | 2018-08-24 | 晨星半导体股份有限公司 | To the method and system of audio and video encryption and decryption |
| CN108600236A (en) * | 2018-04-28 | 2018-09-28 | 张红彬 | Video surveillance network intelligent information safety integrated management system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1254972C (en) * | 2004-01-19 | 2006-05-03 | 上海交通大学 | Intelligent video content monitoring system based on IP network |
| CN101031071A (en) * | 2006-02-28 | 2007-09-05 | 中兴通讯股份有限公司 | System and method for monitoring mobile video signals |
| CN101232609A (en) * | 2007-12-27 | 2008-07-30 | 北京中传视讯科技有限公司 | Method for implementing mobile phone video true time monitoring |
-
2008
- 2008-11-13 CN CN 200810225796 patent/CN101420587B/en active Active
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932143A (en) * | 2011-08-10 | 2013-02-13 | 上海康纬斯电子技术有限公司 | Authentication, encryption and decryption and tamper-proofing method in digital interrogation device |
| CN102932143B (en) * | 2011-08-10 | 2016-04-06 | 上海康纬斯电子技术有限公司 | Certification in digital interrogation device, encrypting and decrypting and tamper resistant method |
| CN102316110A (en) * | 2011-09-14 | 2012-01-11 | 福建三元达软件有限公司 | Authentication method for data terminal to access to server |
| CN102497581A (en) * | 2011-12-14 | 2012-06-13 | 广州杰赛科技股份有限公司 | Digital-certificate-based video monitoring data transmission method and system |
| CN102497581B (en) * | 2011-12-14 | 2014-06-25 | 广州杰赛科技股份有限公司 | Digital-certificate-based video monitoring data transmission method and system |
| CN103020504A (en) * | 2012-12-03 | 2013-04-03 | 鹤山世达光电科技有限公司 | Image management system and image management method based on fingerprint identification |
| CN103763469A (en) * | 2014-01-03 | 2014-04-30 | 浙江宇视科技有限公司 | Simulation camera and parameter configuration method thereof |
| CN104105096B (en) * | 2014-07-28 | 2018-01-16 | 浙江宇视科技有限公司 | A kind of radio switch-in method of IPC equipment |
| CN104105096A (en) * | 2014-07-28 | 2014-10-15 | 浙江宇视科技有限公司 | Wireless access method of internet protocol camera (IPC) devices |
| CN104702437A (en) * | 2015-02-28 | 2015-06-10 | 深圳市宝德软件开发有限公司 | Device for using two-dimensional code to perform network configuration for equipment |
| CN104702437B (en) * | 2015-02-28 | 2018-04-17 | 深圳市宝德软件开发有限公司 | A kind of device for using Quick Response Code to carry out network configuration for equipment |
| CN106331867A (en) * | 2015-06-23 | 2017-01-11 | 上海华虹集成电路有限责任公司 | Network camera security reinforcement system based on CA authentication |
| CN107087142A (en) * | 2017-05-10 | 2017-08-22 | 武汉市公安局公共交通分局 | Video investigation data acquisition device and its method under a kind of line |
| CN107343179A (en) * | 2017-08-14 | 2017-11-10 | 华北电力大学 | A kind of video information encryption and video terminal security certification system, authentication method and its application |
| CN107343179B (en) * | 2017-08-14 | 2019-11-29 | 华北电力大学 | A kind of encryption of video information and video terminal safety certifying method |
| CN107844149A (en) * | 2017-09-02 | 2018-03-27 | 孟旭 | A kind of greenhouse intelligent detecting system based on Internet of Things |
| CN108282456A (en) * | 2017-12-08 | 2018-07-13 | 济南中维世纪科技有限公司 | The method that web camera mandate accesses |
| CN108174151A (en) * | 2017-12-27 | 2018-06-15 | 北京计算机技术及应用研究所 | Video monitoring system and control method, the call method of video information |
| CN108449563A (en) * | 2018-02-01 | 2018-08-24 | 晨星半导体股份有限公司 | To the method and system of audio and video encryption and decryption |
| CN108449563B (en) * | 2018-02-01 | 2020-07-10 | 厦门星宸科技有限公司 | Method and system for encrypting and decrypting audio and video |
| CN108600236A (en) * | 2018-04-28 | 2018-09-28 | 张红彬 | Video surveillance network intelligent information safety integrated management system |
| CN108600236B (en) * | 2018-04-28 | 2020-10-23 | 张红彬 | Intelligent information safety comprehensive management system of video monitoring network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101420587B (en) | 2013-04-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101420587B (en) | Network video collecting device, network video monitoring system and method | |
| TWI486809B (en) | Method for restricting access to media data generated by a camera | |
| US9055047B2 (en) | Method and device for negotiating encryption information | |
| CN101163228B (en) | Video data encrypted system and method for network video monitoring | |
| JP2020519208A (en) | Secure communication method and smart lock system based on the method | |
| CN109218825B (en) | Video encryption system | |
| CN102724563A (en) | Monitoring front end and terminal, monitoring system as well as audio/video signal encryption and decryption methods | |
| CN103051869A (en) | System and method for encrypting camera video in real time | |
| KR20150079489A (en) | Instant messaging method and system | |
| JP2001292176A (en) | Gateway device and method for integrating control/ information network | |
| CN110300287B (en) | Access authentication method for public safety video monitoring networking camera | |
| CN106027473B (en) | Identity card card-reading terminal and cloud authentication platform data transmission method and system | |
| CN107770137A (en) | A kind of information processing method and device | |
| KR101568871B1 (en) | Encrypting method for vital control system | |
| CN108174151A (en) | Video monitoring system and control method, the call method of video information | |
| CN201336704Y (en) | Remote video monitoring system | |
| CN112804215A (en) | Video acquisition safety processing system and method based on zero trust mechanism | |
| KR100789354B1 (en) | Method and apparatus for mataining data security on network camera, home gateway and home automation | |
| JP7208383B2 (en) | Video data transmission system, method and apparatus | |
| KR101289888B1 (en) | Method and terminal for lawful interception | |
| CN106341424B (en) | Video encryption system based on identity authentication and implementation method | |
| CN101159540A (en) | Method and process device of transmitting-receiving data flow | |
| CN113965396A (en) | Data security communication system and method based on risk assessment | |
| CN102143174A (en) | Method and system for implementing remote control between Intranet and Internet host computers | |
| CN111641646A (en) | Safety enhancement type communication positioning terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: FUZHOU VIMICRO CO., LTD. Free format text: FORMER OWNER: BEIJING VIMICRO CORPORATION Effective date: 20140902 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100083 HAIDIAN, BEIJING TO: 350108 FUZHOU, FUJIAN PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140902 Address after: 350108, Fujian County, Fuzhou City, Minhou Province town of science and technology on the East Road, Haixi hi tech Industrial Park, B building, 3 floor Patentee after: FUZHOU ZHONGXING ELECTRONICS CO., LTD. Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 35, Nanjing Ning building, 15 Floor Patentee before: Beijing Vimicro Corporation |