CN101742229B - Method, system and device for improving safety of monitoring data - Google Patents

Method, system and device for improving safety of monitoring data Download PDF

Info

Publication number
CN101742229B
CN101742229B CN 200810227192 CN200810227192A CN101742229B CN 101742229 B CN101742229 B CN 101742229B CN 200810227192 CN200810227192 CN 200810227192 CN 200810227192 A CN200810227192 A CN 200810227192A CN 101742229 B CN101742229 B CN 101742229B
Authority
CN
China
Prior art keywords
unit
data unit
data
loads
initial data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN 200810227192
Other languages
Chinese (zh)
Other versions
CN101742229A (en
Inventor
邱嵩
卢京辉
杨晓东
俞青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mid Star Technology Ltd By Share Ltd
Vimicro Corp
Original Assignee
Vimicro Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vimicro Corp filed Critical Vimicro Corp
Priority to CN 200810227192 priority Critical patent/CN101742229B/en
Publication of CN101742229A publication Critical patent/CN101742229A/en
Application granted granted Critical
Publication of CN101742229B publication Critical patent/CN101742229B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Selective Calling Equipment (AREA)

Abstract

The invention provides a method for improving safety of monitoring data. The method comprises the following steps that: an encoding end acquires the monitoring data; the encoding end encodes the monitoring data and divides and packages the encoded data into corresponding original data units; the encoding end enciphers a unit load of the original data unit to generate the corresponding unit loads of the enciphered data units; and the encoding end packages the enciphered data unit and sends the packaged data to a decoding end, and an enciphered mark is set in a unit head of each enciphered dataunit to indicate the decoding end that the unit load of the enciphered data unit is enciphered and the algorithm is used in enciphering. In the method, the encoding end enciphers and certifies the original data units, so that the safety, reliability and wholeness of the data are ensured, and the method is strong in generality and can be easily realized.

Description

Improve the method, system and device of safety of monitoring data
Technical field
The present invention relates to the monitoring technique field, particularly a kind of method, system and device that improve safety of monitoring data.
Background technology
Along with the development of electronic information technology and popularizing of network, the new and high technologies such as audio-video monitoring have been applied to each field of national economy.Modern market, bank etc. be unable to do without modern management and defendance means, and urban safety monitoring, traffic administration, forest fire protection monitoring etc. also all be unable to do without the audio-video monitoring technology.In above-mentioned these monitoring are used, the fail safe of a lot of monitor messages (comprising audio, video data) is very important, for example the video information of bank's internal control not only can be revealed the security situation of bank inside, may reveal in addition user's the user profile such as password.Therefore need to protect monitor datas such as the audio-video frequency content of coding side collection passback and warning messages, prevent that the personnel that do not check authority from knowing its content, cause information leakage.For monitor datas such as the audio-video frequency content of coding side collection passback and warning messages, also should guarantee its authenticity and integrity in addition, prevent that these data are tampered, so that as the evidence of later stage comprehensive analysis and court investigation.Therefore for existing supervisory control system, the monitor datas such as warning message of the audio-video frequency content of coding side collection and generation need to be passed Surveillance center back by network in the supervisory control system, in this course than the leakage that is easier to the information that occurs be tampered, yet there is not a kind of complete, unified data security scheme to solve the problems such as the fail safe of monitor message, integrality in the prior art.
Summary of the invention
Purpose of the present invention is intended to solve at least one of above-mentioned technological deficiency, particularly solves fail safe and the not high technological deficiency of authenticity of existing monitor message.
For achieving the above object, the present invention one side proposes a kind of method that improves safety of monitoring data, may further comprise the steps: coding side acquisition monitoring data; Described coding side is encoded described monitor data and cut apart and is encapsulated as corresponding initial data unit; Described coding side is encrypted the unit loads of described initial data unit, generates the unit loads of corresponding enciphered data unit; Described coding side encapsulates described enciphered data unit and sends to decoding end, and encryption indicator is set with the algorithm that unit loads is encrypted and encryption is adopted of the described enciphered data of indication decoding end unit in the unit header of enciphered data unit.
As one embodiment of the present of invention, described enciphered data unit is encapsulated and after decoding end sends at described coding side, further comprising the steps of: described decoding end receives the enciphered data unit that described coding side sends, and resolves the unit header of described enciphered data unit; When the described encryption indicator in the unit header of described enciphered data unit is effective, described decoding end is according to default key, be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit.
As one embodiment of the present of invention, described coding side encapsulates specifically described enciphered data unit and comprises: described coding side with unit header, unit loads and the encryption key message of described enciphered data unit as described enciphered data unit.
In the above-described embodiments, described enciphered data unit is encapsulated and after decoding end sends at described coding side, further comprising the steps of: described decoding end receives the enciphered data unit that described coding side sends, and resolves the unit header of described enciphered data unit; When the described encryption indicator in the unit header of described enciphered data unit is effective, at first obtain the encryption key message in the described enciphered data unit, again according to the described encryption key message that obtains, the cryptographic algorithm of obtaining according to the described encryption indicator of parsing is decrypted described enciphered data unit, obtains the unit loads of described initial data unit.
As one embodiment of the present of invention, the unit loads length of described enciphered data unit is identical with the unit loads length of described initial data unit.
As one embodiment of the present of invention, described coding side with described monitor data coding and cut apart be encapsulated as corresponding initial data unit after, also comprise: described coding side carries out authentication processing to the unit loads of described initial data unit, generates verify data; Described coding side is encrypted the unit loads of described initial data unit, the unit loads that generates corresponding enciphered data unit is specially: described coding side together is encrypted unit loads and the described verify data of described initial data unit, generate the unit loads of corresponding enciphered data unit, and when described enciphered data unit is encapsulated, in the unit header of described enciphered data unit, authentication marks are set.
As one embodiment of the present of invention, described enciphered data unit is encapsulated and after decoding end sends at described coding side, further comprising the steps of: described decoding end receives the enciphered data unit that described coding side sends, and resolve the unit header of described enciphered data unit, judge whether described encryption indicator and the described authentication marks in the described enciphered data unit unit header are effective; If the described encryption indicator in the described enciphered data unit unit header is effective, then described decoding end is decrypted the unit loads that obtains corresponding initial data unit to the unit loads of described enciphered data unit according to the cryptographic algorithm that the described encryption indicator of parsing obtains; If the described authentication marks in the described enciphered data unit unit header are effective, then described decoding end judges according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered; Be tampered if judge the unit loads of described initial data unit, then to User Alarms.
As one embodiment of the present of invention, described decoding end is judged according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered specifically and be may further comprise the steps: described decoding end is carried out authentication processing to the unit loads of described initial data unit and is obtained contrasting verify data according to resolving identifying algorithm that described authentication marks obtain; Described decoding end judges whether described contrast verify data is identical with the described verify data of obtaining, if described contrast verify data is not identical with the described verify data of obtaining, judges that then the unit loads of described initial data unit is tampered.
In the above-described embodiments, the unit loads of described initial data unit is one or more in compression layer data, coding parameter collection and the warning message.
The present invention also proposes a kind of monitor data encryption system, comprise decoding end and at least one coding side, described coding side, be used for the acquisition monitoring data, and with described monitor data coding and cut apart and be encapsulated as corresponding initial data unit, and the unit loads that the unit loads of described initial data unit is encrypted the enciphered data unit that generates correspondence, and described enciphered data unit is encapsulated backward decoding end send, encryption indicator is set encrypted and encrypt the algorithm that is adopted with the unit loads of the described enciphered data of indication decoding end unit simultaneously in the unit header of enciphered data unit; Described decoding end, after being used for receiving the enciphered data unit of described coding side transmission, resolve the unit header of described enciphered data unit, when the described encryption indicator in the unit header of described enciphered data unit is effective, according to default key, be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit.
As one embodiment of the present of invention, described enciphered data also includes encryption key message in the unit, described decoding end is according to described encryption key message and predetermined key generation rule, be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit.
As one embodiment of the present of invention, the unit loads length of described enciphered data unit is identical with the unit loads length of described initial data unit.
As one embodiment of the present of invention, described coding side, also be used for the unit loads of described initial data unit is carried out authentication processing, generate verify data, and unit loads and the described verify data of described initial data unit together be encrypted, generate the unit loads of corresponding enciphered data unit, and when described enciphered data unit is encapsulated, in the unit header of described enciphered data unit, authentication marks are set.
As one embodiment of the present of invention, described decoding end, also be used for when described coding side carries out authentication processing to the unit loads of described initial data unit, be decrypted the unit loads and verify data of the corresponding initial data of acquisition unit in the unit loads to described enciphered data unit after, unit loads according to the verify data in the described initial data unit and described initial data unit, judge according to the identifying algorithm that the described authentication marks of parsing obtain whether the unit loads of described initial data unit is tampered, be tampered if judge the unit loads of described initial data unit, then to User Alarms.
In the above-described embodiments, the unit loads of described initial data unit is one or more in compression layer data, coding parameter collection and the warning message.
The present invention also proposes a kind of coding side, comprises data acquisition module, code division module, encrypting module and sending module, and described data acquisition module is used for the acquisition monitoring data; Described code division module is encapsulated as corresponding initial data unit for the monitor data of described data collecting module collected is encoded and cut apart; Described encrypting module, the unit loads that is used for initial data unit that described code division module is obtained is encrypted, and generates the unit loads of corresponding enciphered data unit; Described sending module, be used for described enciphered data unit is encapsulated and sends to decoding end, and encryption indicator be set with the algorithm that unit loads is encrypted and encryption is adopted of the described enciphered data of indication decoding end unit in the unit header of enciphered data unit.
As one embodiment of the present of invention, the unit loads length of described enciphered data unit is identical with the unit loads length of described initial data unit.
As one embodiment of the present of invention, also comprise authentication module, be used for the unit loads of described initial data unit is carried out authentication processing, generate verify data.
The present invention also proposes a kind of decoding end, comprises receiver module and deciphering module, and described receiver module is used for the enciphered data unit that the received code end sends; Described deciphering module, when effective for the described encryption indicator in the unit header of described enciphered data unit, according to default key, and be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of initial data unit.
As one embodiment of the present of invention, also comprise authentication module and alarm module, described authentication module, for the unit loads of the initial data unit that obtains according to described deciphering module and the verify data in the described initial data unit, judge according to the identifying algorithm that the described authentication marks of parsing obtain whether the unit loads of described initial data unit is tampered; Described alarm module is used for when described authentication module judges that the unit loads of described initial data unit is tampered to User Alarms.
The present invention also proposes a kind of method that improves safety of monitoring data, may further comprise the steps: coding side acquisition monitoring data; Described coding side is encoded described monitor data and cut apart and is encapsulated as corresponding initial data unit, and described initial data unit comprises unit header and unit loads; Described coding side carries out authentication processing to the unit loads of described initial data unit, generates corresponding verify data; Described coding side together as the described data cell that sends to decoding end, and arranges unit header, unit loads and the verify data of described initial data unit and includes the algorithm that verify data and authentication are adopted in the unit loads of authentication marks with the described data cell of indication decoding end in the unit header of data cell.
As one embodiment of the present of invention, also comprise: if described authentication marks are effective in the unit header of the described data cell that decoding end receives, then described decoding end is according to the identifying algorithm of resolving described authentication marks and obtaining, and judges according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered; Be tampered if judge the unit loads of described initial data unit, then to User Alarms.
As one embodiment of the present of invention, also comprise: also include approval-key information in the unit loads of described data cell, described decoding end is according to described approval-key information, according to the identifying algorithm of resolving described authentication marks and obtaining, and judge according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered.
The present invention also proposes a kind of coding side, comprises data acquisition module, code division module, authentication module and sending module, and described data acquisition module is used for the acquisition monitoring data; Described code division module is encapsulated as corresponding initial data unit for the monitor data of described data collecting module collected is encoded and cut apart; Described authentication module is used for the unit loads of described initial data unit is carried out authentication processing, generates corresponding verify data; Described sending module, be used for verify data that unit header, unit loads and described authentication module with described initial data unit generate together as the described data cell that sends to decoding end, and in the unit header of data cell, arrange and include the algorithm that verify data and authentication are adopted in the unit loads of authentication marks with the described data cell of indication decoding end.
As one embodiment of the present of invention, also comprise: also include approval-key information in the unit loads of described data cell.
The present invention can improve fail safe, the authenticity and integrity of data by encryption and the authentication processing of coding side to the initial data unit, and highly versatile of the present invention, realizes simple.
The aspect that the present invention adds and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or the additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein:
When being Internet Transmission, divides Fig. 1 the schematic diagram of network abstract layer data cell;
Fig. 2 is the data cell structural representation;
Fig. 3 is the method flow diagram of the raising safety of monitoring data of the embodiment of the invention one;
Fig. 4 is the schematic diagram to initial data unit R DU encryption of the embodiment of the invention one
Fig. 5 is the schematic diagram to enciphered data unit EDU encapsulation of the embodiment of the invention one;
Fig. 6 is the method flow diagram of the raising safety of monitoring data of the embodiment of the invention two;
Fig. 7 is the schematic diagram of authentication and the encryption of the embodiment of the invention two;
Fig. 8 is the another kind authentication of the embodiment of the invention two and the schematic diagram of encrypting;
Fig. 9 is another authentication of the embodiment of the invention two and the schematic diagram of encryption;
Figure 10 is another authentication of the embodiment of the invention two and the schematic diagram of encryption;
Figure 11 is a kind of authentication schematic diagram of the embodiment of the invention three;
Figure 12 is the another kind authentication schematic diagram of the embodiment of the invention three;
Figure 13 is the structure chart of the monitor data encryption system of the embodiment of the invention.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.
The present invention is that mainly coding side is encrypted and/or authentication processing the unit loads of initial data unit, thereby improves the fail safe of monitor data.In order to realize purpose of the present invention, also need in unit header, correspondingly add encryption indicator and/or authentication marks in addition, existing cellular construction is carried out corresponding modify.Need to prove that the present invention can realize improving by various embodiments the purpose of safety of monitoring data method, encipher only for example, perhaps only authenticate, perhaps both combinations, below will be introduced the present invention with various embodiments, need to prove that following embodiment only is for can the clearer the present invention of understanding, is not that the present invention only can realize by following examples.
As one embodiment of the present of invention, encryption indicator is set encrypted with the unit loads of this enciphered data unit of indication decoding end when can be encrypted in the unit loads to the initial data unit in the unit header of enciphered data unit, reach and encrypt the algorithm that adopts, thereby decoding end can be decrypted according to this indication and the predetermined key unit loads to the enciphered data unit, thereby the fail safe that improves monitoring data transmission.As the preferred embodiments of the present invention, on the basis of above-described embodiment, also can be authenticated by the unit loads of coding side to the initial data unit, generate corresponding verify data and initial data and together send to decoding end, thereby decoding end can authenticate the initial data that receives according to verify data, judge whether the initial data that receives is tampered, thereby guarantee the reliability of monitoring data transmission.
Embodiment one,
In this embodiment, coding side is encrypted processing to the unit loads of initial data unit, encryption indicator is set with the algorithm that unit loads is encrypted and encryption is adopted of the described enciphered data of indication decoding end unit simultaneously in the unit header of enciphered data unit.In order clearer and comprehensive understanding to be arranged to the present invention, below coding side is simply introduced the monitor data compression that gathers and the process of coding.
The monitor data (such as the data such as warning message of audio-video frequency content and generation) of coding side coding need to be passed Surveillance center's (such as decoding end among the present invention) back by network in the supervisory control system.Usually, coding side carries out compressed encoding to the monitor data that gathers and generates the compression layer data, and some coding parameters composition coding parameter collection, the parameters such as the class during such as video compression and rank, image resolution ratio, data bit width, video type, quantization parameter, the parameters such as the coding mode when audio frequency and/or compress speech, sample frequency, port number, code check.When carrying out Internet Transmission, the general data cell that also compression layer data, coding parameter collection and the warning message that may exist will be further subdivided into certain-length is called the network abstract layer data cell.Divide the schematic diagram of network abstract layer data cell during as shown in Figure 1, for Internet Transmission.
As shown in Figure 2, be the data cell structural representation, each data cell generally comprises two parts, unit header and unit loads.Wherein, in unit header, include some syntactic elements, between coding side and Surveillance center's (decoding end), transmit relevant information, such as syntactic elements such as element length, cell types.
Wherein, initial data unit R DU can be called before the above-mentioned network abstract layer data cell unencryption, enciphered data unit EDU can be called after the encryption.
As shown in Figure 3, the method flow diagram for the raising safety of monitoring data of the embodiment of the invention one may further comprise the steps:
Step S301, coding side acquisition monitoring data.Wherein, described monitor data comprises the data such as warning message of audio, video data and generation.
Step S302, coding side are with monitor data coding and cut apart and be encapsulated as corresponding initial data unit R DU, and the unit loads of initial data unit R DU can be one or more in aforesaid compression layer data, coding parameter collection and the warning message.
Step S303, coding side is encrypted initial data unit R DU, generates corresponding enciphered data unit EDU.Wherein, when initial data unit R DU was encrypted, unit header was not encrypted, and only unit loads was encrypted, and did not change the data length of unit loads.As one embodiment of the present of invention, the unit header of enciphered data unit EDU is identical with the unit header of initial data unit R DU.As shown in Figure 4, be the schematic diagram that initial data unit R DU is encrypted of the embodiment of the invention one.As one embodiment of the present of invention, it both can be (being that decoding end is known) that presets that this step is encrypted used key, also can produce according to preset rules.If produce according to preset rules, in enciphered data unit EDU, increase the key information of a regular length, the notice decoding end adopts this key information to decode.Wherein, can adopt such as common crypto algorithms such as DES, 3DES, AES for encryption and decryption process of the present invention, also can adopt the encryption and decryption mode of other wildcard.Key length can adopt 40-bit, 56-bit, and 64-bit, 80-bit, 128-bit etc., wherein key length is larger, and fail safe is higher, and computing is more complicated.To different data types, such as compression layer data, coding parameter collection and warning message, can adopt the cryptographic algorithm of different brackets, thereby can realize the control of a plurality of level of securitys and data access authority.
Step S304, coding side encapsulate enciphered data unit EDU and send to decoding end, and encryption indicator are set with the algorithm that unit loads is encrypted and encryption is adopted of this enciphered data unit of indication decoding end in the unit header of enciphered data unit.As shown in Figure 5, be the schematic diagram to enciphered data unit EDU encapsulation of the embodiment of the invention one, in this embodiment, coding side together transmits unit header and the unit loads of key information and enciphered data unit EDU, and wherein key information itself is not encrypted.As foregoing description, when decoding end well-known key information, coding side also can only together transmit unit header and the unit loads of enciphered data unit EDU.
Wherein as a specific embodiment of the present invention, in the unit header of enciphered data unit, increase by two flag informations and an optional key information, as follows:
{
Encryption indicator;
There is sign in encryption key message;
Be masked as effectively if encryption key message exists, then exist
{
Encryption key message length;
Encryption key message;
}
}
Wherein, the encryption indicator in the above-mentioned grammer represents that unit loads is whether encrypted and encrypt the algorithm that adopts.Preferably, encryption indicator can represent with 3-bit, and " 000 " expression encryption indicator is invalid, and namely unit loads is not encrypted; Other non-" 000 " value representation is effective, and namely unit loads is encrypted, and has shown the cryptographic algorithm that adopts, for example, " 001 " expression unit loads is encrypted and adopt cryptographic algorithm A, and " 010 " expression unit loads is encrypted and adopt cryptographic algorithm B, and the rest may be inferred.Encryption key message exists the sign expression whether to have encryption key message.Preferably, encryption key message exists sign to represent with 1-bit, and effectively namely there is encryption key message in " 1 " expression; " 0 " expression is invalid, does not namely have encryption key message.Encryption key message length represents the length of encryption key message thereafter.Preferably, encryption key message length can represent with 8-bit, the length of expression encryption key message take bit or byte as unit, and for example, " 0100,0000 " expression encryption key message has 64 bits or 64 bytes.The all or part of information that includes encryption key in the encryption key message, wherein, as one embodiment of the present of invention, encryption key message is one group of pseudo random number that produces by certain preset rules, and it has consisted of encryption key with preset-key according to ad hoc rules.Preferably, preset-key can be unique identify label ID of coding side.
Step S305, the enciphered data unit that decoding end received code end sends, and the unit header of parsing enciphered data unit, whether the encryption indicator in the judging unit head is effective.If the encryption indicator in the unit header of enciphered data unit is invalid, the unit loads that then represents the enciphered data unit does not have encrypted, directly obtains the unit loads of initial data unit R DU.
Step S306, if the encryption indicator in the unit header of enciphered data unit is effective, the unit loads that then represents the enciphered data unit is encrypted, decoding end is decrypted according to the cryptographic algorithm that the parsing encryption indicator obtains according to the unit loads of default key to enciphered data unit EDU, obtains the unit loads of initial data unit R DU.If encryption key message exists sign effectively, then decoding end is obtained first key information (key information is not encrypted) from the unit loads of enciphered data unit, be decrypted according to the cryptographic algorithm that the parsing encryption indicator obtains according to the key information that obtains and the unit loads of the key generation rule of being scheduled to enciphered data unit EDU again, obtain the unit loads of initial data unit R DU.
Embodiment two,
This embodiment is with respect to embodiment one, not only to the unit loads of initial data unit R DU be encrypted, also need to be before encrypting, unit loads to initial data unit R DU authenticates the corresponding verify data of generation, when encrypting, also verify data is encrypted simultaneously, decoding end equally also will authenticate the unit loads of the initial data unit R DU that obtains after deciphering obtains the unit loads of initial data unit R DU and verify data, generate the verify data of corresponding decoding end, and judge whether the verify data that generates is consistent with the verify data of deciphering, if inconsistent words, think that then the unit loads of this initial data unit R DU is tampered, sends alarm signal to the user.
As shown in Figure 6, the method flow diagram for the raising safety of monitoring data of the embodiment of the invention two may further comprise the steps:
Step S601, coding side acquisition monitoring data.Wherein, described monitor data comprises the data such as warning message of audio, video data and generation.
Step S602, coding side are with monitor data coding and cut apart and be encapsulated as corresponding initial data unit R DU, and the unit loads of initial data unit R DU can be one or more in aforesaid compression layer data, coding parameter collection and the warning message.
Step S603, coding side carries out authentication processing to the unit loads of initial data unit R DU, generates verify data.Authentication processing can adopt such as common authentication algorithms such as MD5, SHA, HMAC, also can adopt other predefined authentication mode.
Step S604, coding side together is encrypted the unit loads of initial data unit R DU and the verify data of generation, generate the unit loads of corresponding enciphered data unit EDU, and authentication marks and encryption indicator are set in the unit header of enciphered data unit when enciphered data unit EDU is encapsulated.Wherein, the unit loads length of enciphered data unit EDU and the unit loads of initial data unit R DU add that the length of verify data of generation is identical.As shown in Figure 7, be a kind of authentication of the embodiment of the invention two and the schematic diagram of encrypting, approval-key information and encryption key message all do not transmit in this embodiment.As shown in Figure 8, be the another kind authentication of the embodiment of the invention two and the schematic diagram of encrypting, in this embodiment only certified transmission key information, not traffic encryption key information.As shown in Figure 9, be another authentication of the embodiment of the invention two and the schematic diagram of encryption, in this embodiment encrypt for transmission only key information, not certified transmission key information.As shown in figure 10, be another authentication of the embodiment of the invention two and the schematic diagram of encryption, in this embodiment both certified transmission key information, also traffic encryption key information.
With respect to above-described embodiment one, in this embodiment, also need in the unit header of enciphered data unit, increase authentication marks, as specific implementation of the present invention, can in the unit header of enciphered data unit, increase by two authentication marks information and an optional approval-key information by following grammer.
{
Authentication marks;
There is sign in approval-key information;
Be masked as effectively if approval-key information exists, then exist
   {
Approval-key information length;
Approval-key information;
   }
}
Wherein, authentication marks represent that whether the unit loads of initial data unit R DU is through authentication.Preferably, authentication marks can represent with 3-bit, and " 000 " expression is invalid, and namely the unit loads of initial data unit R DU is through authentication and do not comprise verify data; Other non-" 000 " value representation is effective, the unit loads that is initial data unit R DU is passed through authentication and is comprised verify data, and shown the identifying algorithm that adopts, for example, " 001 " represents that unit loads is certified and adopts identifying algorithm A, " 010 " expression unit loads is certified and adopt identifying algorithm B, and the rest may be inferred.Approval-key information exists the sign expression whether to have approval-key information.Preferably, approval-key information exists sign to represent with 1-bit, and effectively namely there is approval-key information in " 1 " expression; " 0 " expression is invalid, does not namely have approval-key information.Approval-key information length represents the length of approval-key information thereafter.Preferably, approval-key information length can represent with 8-bit, the length of expression approval-key information take bit or byte as unit, and for example, " 1000,0000 " expression approval-key information has 128 bits or 128 bytes.Approval-key information comprises all or part of information of authenticate key, and wherein in one embodiment of the invention, approval-key information is one group of pseudo random number that produces by certain preset rules, and it and preset-key have consisted of authenticate key according to ad hoc rules together.Preferably, authenticate key can be unique identify label ID of coding side.
Step S605, the enciphered data unit that decoding end received code end sends, and the unit header of parsing enciphered data unit, whether encryption indicator and authentication marks in the judging unit head are effective.If encryption indicator and authentication marks in the enciphered data unit unit header are all invalid, then decoding end directly obtains the unit loads of initial data unit R DU.If encryption indicator is only arranged effectively and authentication marks are invalid in the unit header of enciphered data unit, then the processing procedure of decoding end is identical with embodiment one, does not repeat them here.If authentication marks are only arranged effectively and encryption indicator is invalid in the unit header of enciphered data unit, then decoding end is directly obtained unit loads and the verify data of initial data unit R DU, and authenticate according to resolving identifying algorithm that authentication marks the obtain unit loads to the initial data unit R DU that obtains, judge that consequently no verify data with the coding side transmission is consistent, if inconsistent then illustrate that the unit loads of initial data unit R DU is tampered, then decoding end is to User Alarms.Following steps will all effectively be described as example take the encryption indicator in the enciphered data unit unit header and authentication marks.
Step S606, the cryptographic algorithm that decoding end is obtained according to the parsing encryption indicator is decrypted unit loads and the verify data of the corresponding initial data unit R DU of acquisition to the unit loads of enciphered data unit EDU.
Step S607, decoding end is carried out authentication processing to the unit loads of the initial data unit R DU that deciphering obtains according to the identifying algorithm that the parsing authentication marks obtain, and obtains local contrast verify data.If approval-key information exists sign effectively, then decoding end is obtained approval-key information first from the initial data unit, again according to the approval-key information of obtaining and predetermined key generation rule, the unit loads of deciphering the initial data unit R DU that obtains is carried out authentication processing according to the identifying algorithm that the parsing authentication marks obtain, obtain local contrast verify data.
Step S608, decoding end judges whether this locality contrast verify data that obtains is identical with the verify data of obtaining, if the contrast verify data is not identical with the verify data of obtaining, the unit loads of then judging the initial data unit is tampered, decoding end is to User Alarms, and the unit loads of this initial data unit of prompting user is tampered.
Embodiment three,
This embodiment and above-described embodiment difference be, among this embodiment only the unit loads to the initial data unit carry out authentication processing, and be not encrypted processing.As shown in figure 11, a kind of authentication schematic diagram for the embodiment of the invention three transmits approval-key information in the figure together.Particularly, at first, coding side carries out authentication processing to the unit loads of initial data unit R DU, generates verify data.Wherein, authentication processing can adopt such as common authentication algorithms such as MD5, SHA, HMAC, also can adopt other predefined authentication mode.And coding side also need to increase authentication marks in unit header, and the authentication marks of increase such as above-mentioned embodiment do not repeat them here.Same decoding end need to be carried out authentication processing according to resolving the identifying algorithm that authentication marks obtain to the unit loads of the initial data unit R DU of transmission, obtains local contrast verify data.If approval-key information exists sign effectively, then decoding end is obtained approval-key information first from the initial data unit, again according to the approval-key information of obtaining and predetermined key generation rule, unit loads to initial data unit R DU is carried out authentication processing according to the identifying algorithm that the parsing authentication marks obtain, and obtains local contrast verify data.And judge whether this locality contrast verify data that obtains is identical with the verify data of obtaining, if the contrast verify data is not identical with the verify data of obtaining, the unit loads of then judging the initial data unit is tampered, decoding end is to User Alarms, and the unit loads of this initial data unit of prompting user is tampered.
As shown in figure 12, be the another kind authentication schematic diagram of the embodiment of the invention three, in the figure certified transmission key information not.
As shown in figure 13, be the structure chart of the monitor data encryption system of the embodiment of the invention, this system comprises decoding end 810 and at least one coding side 820.Coding side 820 is used for the acquisition monitoring data, and with the monitor data coding and cut apart and be encapsulated as corresponding initial data unit R DU, and the unit loads of initial data unit R DU is one or more in compression layer data, coding parameter collection and the warning message.And the unit loads of 820 pairs of initial data unit R of coding side DU is encrypted the unit loads that generates corresponding enciphered data unit EDU, wherein the unit loads length of enciphered data unit EDU is identical with the unit loads length of initial data unit R DU, and enciphered data unit EDU is encapsulated backward decoding end 810 send, encryption indicator is set encrypted and encrypt the algorithm that is adopted with the unit loads of indication decoding end 810 this enciphered data unit EDU simultaneously in the unit header of enciphered data unit EDU.After decoding end 810 is used for receiving the enciphered data unit EDU of coding side 820 transmissions, resolve the unit header of this enciphered data unit EDU, the default key of basis when encryption indicator is effective in unit header, be decrypted according to resolving cryptographic algorithm that encryption indicator the obtains unit loads to enciphered data unit EDU, obtain the unit loads of initial data unit R DU.
As one embodiment of the present of invention, in enciphered data unit EDU, also include encryption key message, decoding end 810 is according to encryption key message and predetermined key generation rule, be decrypted according to resolving cryptographic algorithm that encryption indicator the obtains unit loads to enciphered data unit EDU, obtain the unit loads of initial data unit R DU.
As one embodiment of the present of invention, coding side 820 also is used for the unit loads of initial data unit R DU is carried out authentication processing, generate verify data, and unit loads and the verify data of initial data unit R DU together be encrypted, generate the unit loads of corresponding enciphered data unit EDU, and when enciphered data unit EDU is encapsulated, in the unit header of enciphered data unit EDU, authentication marks are set.Simultaneously, decoding end 810 also is used for when the unit loads of 820 pairs of initial data unit R of coding side DU is carried out authentication processing, be decrypted the unit loads and verify data of the corresponding initial data unit R DU of acquisition in the unit loads to enciphered data unit EDU after, unit loads according to the verify data in the initial data unit R DU and initial data unit R DU, whether the unit loads of judging the initial data unit R DU of deciphering is tampered, be tampered if judge the unit loads of the initial data unit R DU of deciphering, then to User Alarms.
Wherein, coding side 820 comprises data acquisition module 821, code division module 822, encrypting module 823 and sending module 824.Data acquisition module 821 is used for the acquisition monitoring data.Code division module 822 is used for the monitor data coding that data acquisition module 821 is gathered and cuts apart being encapsulated as corresponding initial data unit R DU.Encrypting module 823 is encrypted for the unit loads of the initial data unit R DU that code division module 822 is obtained, generate the unit loads of corresponding enciphered data unit EDU, wherein the unit loads length of enciphered data unit EDU is identical with the unit loads length of initial data unit R DU.Sending module 824 is used for enciphered data unit EDU is encapsulated and sends to decoding end 810, and encryption indicator is set with the algorithm that unit loads is encrypted and encryption is adopted of indication decoding end 810 this enciphered data unit EDU in the unit header of enciphered data unit EDU.
As one embodiment of the present of invention, coding side 820 also comprises authentication module 825, is used for the unit loads of initial data unit R DU is carried out authentication processing, generates verify data.
Wherein, decoding end 810 comprises receiver module 811 and deciphering module 812.Receiver module 811 is used for the enciphered data unit EDU that received code end 820 sends.When deciphering module 812 is effective for the encryption indicator in the unit header of enciphered data unit EDU, according to default key, be decrypted according to resolving cryptographic algorithm that encryption indicator the obtains unit loads to enciphered data unit EDU, obtain the unit loads of initial data unit R DU.Certainly, as in enciphered data unit EDU, key information being arranged, then deciphering module 812 at first obtains this unencrypted key information, again according to default key generation rule and the key information of acquisition, be decrypted according to resolving cryptographic algorithm that encryption indicator the obtains unit loads to enciphered data unit EDU, obtain the unit loads of initial data unit R DU.
As one embodiment of the present of invention, decoding end 810 also comprises authentication module 813 and alarm module 814.Authentication module 813 judges for unit loads and the verify data in the initial data unit R DU of the initial data unit R DU that obtains according to deciphering module 812 whether the unit loads of initial data unit R DU is tampered.Alarm module 814 is used for when authentication module 813 judges that the unit loads of initial data unit R DU is tampered to User Alarms.
Above-described embodiment is the comparatively preferred scheme of the present invention, but the embodiment according to said method, it will be appreciated by those skilled in the art that, coding side also can only have authentication module in above-described embodiment, initial data is authenticated, and need not to include encrypting module, the fail safe that equally also can improve monitor data.The similar equivalent variations that does not break away from the above-mentioned thought of the present invention all should be protected within protection scope of the present invention.
The present invention can improve fail safe, the authenticity and integrity of data by encryption and the authentication processing of coding side to the initial data unit, and highly versatile of the present invention, realizes simple.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claims and be equal to and limit.

Claims (22)

1. a method that improves safety of monitoring data is characterized in that, may further comprise the steps:
Coding side acquisition monitoring data;
Described coding side is encoded described monitor data and cut apart and is encapsulated as corresponding initial data unit, and described initial data unit comprises unit header and unit loads;
Described coding side is encrypted the unit loads of described initial data unit, generates the unit loads of corresponding enciphered data unit;
Described coding side encapsulates described enciphered data unit and sends to decoding end, and encryption indicator is set with the algorithm that unit loads is encrypted and encryption is adopted of the described enciphered data of indication decoding end unit in the unit header of enciphered data unit,
Wherein, described coding side with described monitor data coding and cut apart be encapsulated as corresponding initial data unit after, also comprise:
Described coding side carries out authentication processing to the unit loads of described initial data unit, generates verify data;
Described coding side is encrypted the unit loads of described initial data unit, and the unit loads that generates corresponding enciphered data unit is specially:
Described coding side together is encrypted unit loads and the described verify data of described initial data unit, generate the unit loads of corresponding enciphered data unit, and authentication marks are set in the unit header of described enciphered data unit when described enciphered data unit is encapsulated authenticate with the unit loads process of indicating described initial data unit, and indication authenticates the algorithm that adopts.
2. the method for raising safety of monitoring data as claimed in claim 1 is characterized in that, described enciphered data unit is encapsulated and after decoding end sends at described coding side, and is further comprising the steps of:
Described decoding end receives the enciphered data unit that described coding side sends, and resolves the unit header of described enciphered data unit;
When the described encryption indicator in described enciphered data unit unit header is effective, described decoding end is according to default key, and be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit.
3. the method for raising safety of monitoring data as claimed in claim 1 is characterized in that, described coding side encapsulates specifically described enciphered data unit and comprises:
Described coding side with unit header, unit loads and the encryption key message of described enciphered data unit together as the described enciphered data unit that sends to decoding end.
4. the method for raising safety of monitoring data as claimed in claim 3 is characterized in that, described enciphered data unit is encapsulated and after decoding end sends at described coding side, and is further comprising the steps of:
Described decoding end receives the enciphered data unit that described coding side sends, and resolves the unit header of described enciphered data unit;
When the described encryption indicator in described enciphered data unit unit header is effective, described decoding end is at first obtained the encryption key message in the described enciphered data unit, again according to the described encryption key message that obtains, and be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit.
5. the method for raising safety of monitoring data as claimed in claim 1 is characterized in that, the unit loads length of described enciphered data unit is identical with the unit loads length of described initial data unit.
6. the method for raising safety of monitoring data as claimed in claim 1 is characterized in that, described enciphered data unit is encapsulated and after decoding end sends at described coding side, and is further comprising the steps of:
Described decoding end receives the enciphered data unit that described coding side sends, and resolves the unit header of described enciphered data unit, judges whether described encryption indicator and the described authentication marks in the described enciphered data unit unit header are effective;
If the described encryption indicator in the described enciphered data unit unit header is effective, then described decoding end is decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtains the unit loads of corresponding initial data unit;
If the described authentication marks in the described enciphered data unit unit header are effective, then described decoding end is according to the identifying algorithm of resolving described authentication marks and obtaining, and judges according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered;
Be tampered if judge the unit loads of described initial data unit, then to User Alarms.
7. the method for raising safety of monitoring data as claimed in claim 6, it is characterized in that, described decoding end is judged according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered specifically and be may further comprise the steps:
The identifying algorithm that described decoding end is obtained according to the described authentication marks of parsing carries out authentication processing to the unit loads of described initial data unit and obtains contrasting verify data;
Described decoding end judges whether described contrast verify data is identical with the described verify data of obtaining, if described contrast verify data is not identical with the described verify data of obtaining, judges that then the unit loads of described initial data unit is tampered.
8. the method for raising safety of monitoring data as claimed in claim 1, it is characterized in that, described coding side together is encrypted unit loads and the described verify data of described initial data unit, and the unit loads that generates corresponding enciphered data unit is specially:
Described coding side together is encrypted the unit loads of described initial data unit, described verify data and approval-key information, generates the unit loads of corresponding enciphered data unit.
9. the method for raising safety of monitoring data as claimed in claim 8 is characterized in that, described enciphered data unit is encapsulated and after decoding end sends at described coding side, and is further comprising the steps of:
Described decoding end receives the enciphered data unit that described coding side sends, and resolves the unit header of described enciphered data unit, judges whether described encryption indicator and the described authentication marks in the described enciphered data unit unit header are effective;
If the described encryption indicator in the described enciphered data unit unit header is effective, then described decoding end is decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtains the unit loads of corresponding initial data unit;
If the described authentication marks in the described enciphered data unit unit header are effective, then described decoding end is at first obtained the approval-key information in the initial data unit, according to the unit loads of the verify data in the described approval-key information of obtaining, the initial data unit and described initial data unit, judge according to the identifying algorithm that the described authentication marks of parsing obtain whether the unit loads of described initial data unit is tampered again;
Be tampered if judge the unit loads of described initial data unit, then to User Alarms.
10. such as the method for each described raising safety of monitoring data of claim 1-9, it is characterized in that, the unit loads of described initial data unit is one or more in compression layer data, coding parameter collection and the warning message.
11. a monitor data encryption system is characterized in that, comprises decoding end and at least one coding side,
Described coding side, be used for the acquisition monitoring data, and with described monitor data coding and cut apart and be encapsulated as corresponding initial data unit, and the unit loads that the unit loads of described initial data unit is encrypted the enciphered data unit that generates correspondence, and described enciphered data unit is encapsulated backward decoding end send, encryption indicator is set encrypted and encrypt the algorithm that is adopted with the unit loads of the described enciphered data of indication decoding end unit simultaneously in the unit header of enciphered data unit;
Described decoding end, after being used for receiving the enciphered data unit of described coding side transmission, resolve the unit header of described enciphered data unit, when the described encryption indicator in the unit header of described enciphered data unit is effective, according to default key, and be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit
Wherein, described coding side, also be used for the unit loads of described initial data unit is carried out authentication processing, generate verify data, and unit loads and the described verify data of described initial data unit together be encrypted, generate the unit loads of corresponding enciphered data unit, and when described enciphered data unit is encapsulated, in the unit header of described enciphered data unit, authentication marks are set.
12. monitor data encryption system as claimed in claim 11, it is characterized in that, described enciphered data also includes encryption key message in the unit, described decoding end is according to described encryption key message and predetermined key generation rule, and be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of described initial data unit.
13. monitor data encryption system as claimed in claim 11 is characterized in that, the unit loads length of described enciphered data unit is identical with the unit loads length of described initial data unit.
14. monitor data encryption system as claimed in claim 11, it is characterized in that, described decoding end, also be used for when described coding side carries out authentication processing to the unit loads of described initial data unit, be decrypted the unit loads and verify data of the corresponding initial data of acquisition unit in the unit loads to described enciphered data unit after, unit loads according to the verify data in the described initial data unit and described initial data unit, judge according to the identifying algorithm that the described authentication marks of parsing obtain whether the unit loads of described initial data unit is tampered, be tampered if judge the unit loads of described initial data unit, then to User Alarms.
15. such as claim 11,12 or 14 described monitor data encryption systems, it is characterized in that, the unit loads of described initial data unit is one or more in compression layer data, coding parameter collection and the warning message.
16. a coding side is characterized in that, comprises data acquisition module, code division module, encrypting module and sending module,
Described data acquisition module is used for the acquisition monitoring data;
Described code division module is encapsulated as corresponding initial data unit for the monitor data of described data collecting module collected is encoded and cut apart;
Described encrypting module, the unit loads that is used for initial data unit that described code division module is obtained is encrypted, and generates the unit loads of corresponding enciphered data unit;
Described sending module is used for described enciphered data unit is encapsulated and sends to decoding end, and encryption indicator is set with the algorithm that unit loads is encrypted and encryption is adopted of the described enciphered data of indication decoding end unit in the unit header of enciphered data unit; And
Authentication module is used for the unit loads of described initial data unit is carried out authentication processing, generates verify data,
Wherein, described coding side together is encrypted unit loads and the described verify data of described initial data unit, generate the unit loads of corresponding enciphered data unit, and authentication marks are set in the unit header of described enciphered data unit when described enciphered data unit is encapsulated authenticate with the unit loads process of indicating described initial data unit, and indication authenticates the algorithm that adopts.
17. coding side as claimed in claim 16 is characterized in that, the unit loads length of described enciphered data unit is identical with the unit loads length of described initial data unit.
18. a decoding end is characterized in that, comprises receiver module and deciphering module,
Described receiver module is used for the enciphered data unit that the received code end sends;
Described deciphering module, when effective for the encryption indicator in the unit header of described enciphered data unit, according to default key, be decrypted according to resolving cryptographic algorithm that described encryption indicator the obtains unit loads to described enciphered data unit, obtain the unit loads of initial data unit; And
Authentication module and alarm module, when described authentication module is effective for the authentication marks in the unit header of described enciphered data unit, the unit loads of the initial data unit that obtains according to described deciphering module and the verify data in described initial data unit, the identifying algorithm that obtains according to the described authentication marks of parsing judges whether the unit loads of described initial data unit is tampered, described alarm module is used for when described authentication module judges that the unit loads of described initial data unit is tampered to User Alarms
Wherein, described coding side together is encrypted unit loads and the described verify data of described initial data unit, generate the unit loads of corresponding enciphered data unit, and authentication marks are set in the unit header of described enciphered data unit when described enciphered data unit is encapsulated authenticate with the unit loads process of indicating described initial data unit, and indication authenticates the algorithm that adopts.
19. a method that improves safety of monitoring data is characterized in that, may further comprise the steps:
Coding side acquisition monitoring data;
Described coding side is encoded described monitor data and cut apart and is encapsulated as corresponding initial data unit, and described initial data unit comprises unit header and unit loads;
Described coding side carries out authentication processing to the unit loads of described initial data unit, generates corresponding verify data;
Described coding side together as the data cell that sends to decoding end, and arranges unit header, unit loads and the verify data of described initial data unit and includes the algorithm that verify data and authentication are adopted in the unit loads of authentication marks with the described data cell of indication decoding end in the unit header of data cell; And
If described authentication marks are effective in the unit header of the described data cell that decoding end receives, then described decoding end is according to the identifying algorithm of resolving described authentication marks and obtaining, and judges according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered;
Be tampered if judge the unit loads of described initial data unit, then to User Alarms,
Wherein, described coding side together is encrypted unit loads and the described verify data of described initial data unit, generate the unit loads of corresponding enciphered data unit, and authentication marks are set in the unit header of described enciphered data unit when described enciphered data unit is encapsulated authenticate with the unit loads process of indicating described initial data unit, and indication authenticates the algorithm that adopts.
20. the method for raising safety of monitoring data as claimed in claim 19 is characterized in that, also comprises: also include approval-key information in the unit loads of described data cell,
Described decoding end is according to described approval-key information, according to the identifying algorithm of resolving described authentication marks and obtaining, and judge according to the unit loads of the verify data in the described initial data unit and described initial data unit whether the unit loads of described initial data unit is tampered.
21. a coding side is characterized in that, comprises data acquisition module, code division module, authentication module and sending module,
Described data acquisition module is used for the acquisition monitoring data;
Described code division module is encapsulated as corresponding initial data unit for the monitor data of described data collecting module collected is encoded and cut apart;
Described authentication module, be used for the unit loads of described initial data unit is carried out authentication processing, generate corresponding verify data, wherein, described coding side together is encrypted unit loads and the described verify data of described initial data unit, generate the unit loads of corresponding enciphered data unit, and authentication marks are set in the unit header of described enciphered data unit when described enciphered data unit is encapsulated authenticate with the unit loads process of indicating described initial data unit, and indication authenticates the algorithm that adopts;
Described sending module, be used for verify data that unit header, unit loads and described authentication module with described initial data unit generate together as the data cell that sends to decoding end, and the algorithm that authentication marks are adopted to include verify data and authentication in the unit loads of indicating the described data cell of decoding end is set in the unit header of data cell.
22. coding side as claimed in claim 21 is characterized in that, also comprises: also include approval-key information in the unit loads of described data cell.
CN 200810227192 2008-11-25 2008-11-25 Method, system and device for improving safety of monitoring data Active CN101742229B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810227192 CN101742229B (en) 2008-11-25 2008-11-25 Method, system and device for improving safety of monitoring data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810227192 CN101742229B (en) 2008-11-25 2008-11-25 Method, system and device for improving safety of monitoring data

Publications (2)

Publication Number Publication Date
CN101742229A CN101742229A (en) 2010-06-16
CN101742229B true CN101742229B (en) 2013-10-16

Family

ID=42465017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810227192 Active CN101742229B (en) 2008-11-25 2008-11-25 Method, system and device for improving safety of monitoring data

Country Status (1)

Country Link
CN (1) CN101742229B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8527748B2 (en) * 2010-10-01 2013-09-03 Schneider Electric USA, Inc. System and method for hosting encrypted monitoring data
US9185080B2 (en) 2011-08-12 2015-11-10 Intel Deutschland Gmbh Data transmitting devices, data receiving devices, methods for controlling a data transmitting device, and methods for controlling a data receiving device
WO2014047931A1 (en) * 2012-09-29 2014-04-03 Broadcom Corporation Privacy-aware communication scheme in advanced metering infrastructure
CN111193741B (en) * 2019-12-31 2022-09-13 中国银行股份有限公司 Information sending method, information obtaining method, device and equipment
CN112272314B (en) * 2020-12-15 2021-03-26 视联动力信息技术股份有限公司 Method, device, equipment and medium for safely transmitting video in video network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1279791A (en) * 1997-11-25 2001-01-10 摩托罗拉公司 Method and system for securely transferring data set in a data communications system
CN1729660A (en) * 2002-10-17 2006-02-01 松下电器产业株式会社 Packet transmission/reception device
CN1777274A (en) * 2005-11-29 2006-05-24 中国科学技术大学 Flow media content protection method based on motion audio-video stardard file format
CN101094394A (en) * 2007-07-17 2007-12-26 中国科学院软件研究所 Method for guaranteeing safe transmission of video data, and video monitoring system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1279791A (en) * 1997-11-25 2001-01-10 摩托罗拉公司 Method and system for securely transferring data set in a data communications system
CN1729660A (en) * 2002-10-17 2006-02-01 松下电器产业株式会社 Packet transmission/reception device
CN1777274A (en) * 2005-11-29 2006-05-24 中国科学技术大学 Flow media content protection method based on motion audio-video stardard file format
CN101094394A (en) * 2007-07-17 2007-12-26 中国科学院软件研究所 Method for guaranteeing safe transmission of video data, and video monitoring system

Also Published As

Publication number Publication date
CN101742229A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
CN101783793B (en) Improve the method, system and device of safety of monitoring data
CN112150147A (en) Data security storage system based on block chain
KR100785810B1 (en) Apparatus and method for rfid data protection
CN101448130B (en) Method, system and device for protecting data encryption in monitoring system
Zhou et al. Joint physical-application layer security for wireless multimedia delivery
CN109218825B (en) Video encryption system
JP4094216B2 (en) Automatic resynchronization of cryptographic synchronization information
CN102024123B (en) Method and device for importing mirror image of virtual machine in cloud calculation
CN109151508B (en) Video encryption method
CN107547918A (en) The methods, devices and systems that a kind of IPTV channel plays safely
CN101990748A (en) Method and device for transmitting messages in real time
CN101742229B (en) Method, system and device for improving safety of monitoring data
CN103441983A (en) Information protection method and device based on link layer discovery protocol
CN110611670A (en) API request encryption method and device
CN104506500A (en) GOOSE message authentication method based on transformer substation
CN104009842A (en) Communication data encryption and decryption method based on DES encryption algorithm, RSA encryption algorithm and fragile digital watermarking
CN102264068B (en) Shared key consultation method, system, network platform and terminal
CN106850669B (en) Message security transmission method for Internet of things monitoring system
KR101424972B1 (en) Method for using contents with a mobile card, host device, and mobile card
CN113591109B (en) Method and system for communication between trusted execution environment and cloud
CN112020037A (en) Domestic communication encryption method suitable for rail transit
CN115955310A (en) Information source encrypted multimedia data export security protection method, device and equipment
CN110995671A (en) Communication method and system
CN114189359B (en) Internet of things equipment capable of avoiding data tampering, data safety transmission method and system
CN115913571A (en) File encryption and decryption method and device, and digital copyright protection system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20171221

Address after: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee after: Vimicro Electronics Co., Ltd.

Patentee after: Zhongxing Technology Co., Ltd.

Address before: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee before: Vimicro Electronics Co., Ltd.

Patentee before: Beijing Vimicro Corporation

TR01 Transfer of patent right
CP01 Change in the name or title of a patent holder

Address after: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee after: Vimicro Electronics Co., Ltd.

Patentee after: Mid Star Technology Limited by Share Ltd

Address before: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee before: Vimicro Electronics Co., Ltd.

Patentee before: Zhongxing Technology Co., Ltd.

CP01 Change in the name or title of a patent holder