CN104244026A - Secret key distribution device in video monitoring system - Google Patents
Secret key distribution device in video monitoring system Download PDFInfo
- Publication number
- CN104244026A CN104244026A CN201410449163.8A CN201410449163A CN104244026A CN 104244026 A CN104244026 A CN 104244026A CN 201410449163 A CN201410449163 A CN 201410449163A CN 104244026 A CN104244026 A CN 104244026A
- Authority
- CN
- China
- Prior art keywords
- video
- key
- digital certificate
- license server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a secret key distribution device in a video monitoring system. The secret key distribution device is used for achieving distribution of video stream secret keys from a video source device to client-sides. The secret key distribution device is connected with a video management server, the video source device and the client-sides through a network. A first digital certificate issuance unit, a first public key verification unit and a service-side secret key decoding unit of the secret key distribution device are used for conducting interaction with the video source device to obtain the video stream secret keys and recording the video stream secret keys. A second digital certificate request unit, a second public key verification request unit and a server-side secret key transmitting unit of the secret key distribution device are used for conducting interaction with the client-sides and distributing the video stream secret keys to the client-sides. By the adoption of the secret key distribution device, safe distribution of the video stream secret keys is achieved, and the distribution range of secret videos is effectively controlled to prevent sniffering.
Description
Technical field
The invention belongs to technical field of data security, particularly relate to key distribution device in a kind of video monitoring system.
Background technology
Video monitoring is the important component part of safety and protection system, and video monitoring is directly perceived with it, accurately, timely and the information content is abundant and be widely used in many occasions.In recent years, along with the develop rapidly of computer, network and image procossing, transmission technology, the universalness trend of video monitoring is more and more obvious.Common video monitoring system as shown in Figure 1, comprises media server, video management server, video source device and client.Client is received by media server and the video flowing of displaying video source device shooting, and video flowing to carry out transmitting in video monitoring system network be generally pass through internet.Due to the network that internet is open, easily eavesdropped by people and cause divulging a secret of video flowing.
Therefore the video monitoring system of some specific position or privacy mechanism needs to be encrypted video flowing, the video flowing of prior art generally transmits after symmetric cryptography, symmetric cryptography have employed symmetric cryptography coding techniques, encryption and decryption use identical key, and namely encryption key also can be used as decruption key.Symmetric cryptography uses simple and fast, key is shorter, and deciphering difficult, disclosed in the cryptographic algorithm of symmetric cryptography is, its confidentiality depends on maintaining secrecy to key, but the key that encryption and decryption both sides adopt is identical, be easy to be stolen at online encryption key of propagating, therefore the issue of key is changed more difficult.
How can carry out symmetric cryptography to video flowing, can ensure again the issue of encryption key, be the technical problem being badly in need of in video monitoring system solving.
Summary of the invention
The object of this invention is to provide the key distribution device in a kind of video monitoring system, distribution of video stream secrete key between video source device and client, owing to adopting asymmetric enciphering and deciphering algorithm to be encrypted distribution to video streaming keys, ensure that the safety that video streaming keys is issued.
To achieve these goals, technical solution of the present invention is as follows:
Key distribution device in a kind of video monitoring system, described video monitoring system comprises video source device, video management server and client, described key distribution device is connected by network with described video management server, video source device and client respectively, described key distribution device comprises the first digital certificate issuing unit, the first public key verifications unit, service end cipher key decryption unit, the second digital certificate request unit, the second public key verifications request unit and service end key transmitting element, wherein:
First digital certificate issuing unit is used for the digital certificate request that receiver, video source device sends, and returns the first digital certificate to this video source device;
First public key verifications unit is used for the checking request message of receiver, video source device the first public key encryption comprised in the first digital certificate, to this video source device sends checking message with first encrypted private key after being decrypted with the first private key;
Service end cipher key decryption unit is used for the video streaming keys message of use first public key encryption that receiver, video source device sends, be decrypted with the first private key, obtain video streaming keys and record, for each video streaming keys generates a corresponding key ID, and this key ID is sent to this video source device;
The decoding request of carrying key ID that second digital certificate request unit sends for receiving client, sends the second digital certificate request to this client;
The second digital certificate that second public key verifications request unit returns for receiving client, sends the checking request with the second public key encryption comprised in the second digital certificate to this client;
Service end key transmitting element is for receiving the checking message of use second encrypted private key of client transmission, after being decrypted checking with the second PKI, find the video streaming keys that the key ID of carrying in decoding request is corresponding, send to this client with the second public key encryption video streaming keys.
Further, described key distribution device also stores the authorization code of delegated strategy and correspondence thereof.Preferably, described key distribution device is also provided with subscriber authorisation unit, for arranging the authorization code of delegated strategy and correspondence thereof for the user of video monitoring system.Generate in this locality that the authorization code of delegated strategy and correspondence thereof is convenient to be called.
Further, described decoding request also carries the described authorization code of user's input, described second digital certificate request unit is after the decoding request receiving client transmission, also can find corresponding delegated strategy according to the authorization code carried in decoding request, determine whether provide video streaming keys to described client according to described delegated strategy.Wherein finding corresponding delegated strategy according to the authorization code carried in decoding request, is search from described granted unit; Or after authorized strategy and authorization code, forming list storage in a database by granted unit, the second digital certificate request unit is directly searched from database.
The invention allows for the key distribution device in a kind of video monitoring system, described video monitoring system comprises video source device, video management server and client, described video monitoring system also comprises license server, described license server is connected by network with described video management server, video source device and client respectively, described key distribution device is applied to video source device, comprise the first digital certificate request unit, front end key transmitting element and video flowing ciphering unit, wherein:
First digital certificate request unit is used for sending digital certificate request to license server when not having the first digital certificate in this locality, and receive the first digital certificate that license server returns, send the checking request message with the first public key encryption comprised in the first digital certificate to license server;
Front end key transmitting element, for receiving the checking message of license server the first encrypted private key, after the first public key decryptions checking, sends the video streaming keys with the first public key encryption to license server;
The key ID that video flowing ciphering unit sends for receiving license server, the video flowing video streaming keys exported is encrypted, when being encrypted video flowing, leave non-encrypted area at video flowing header, this non-encrypted area comprises license server URL and key ID.
Further, described key distribution device also comprises encryption switch, described encryption switch is in video source device startup or after receiving OPEN, and triggering described first digital certificate request unit does not have in this locality to send digital certificate request to license server during the first digital certificate.Encryption switch being set, then adding the flexibility of video source device, when not needing to carry out video flowing encryption, not carrying out the distribution of video streaming keys.
Further, described front end key transmitting element is at the checking message receiving license server the first encrypted private key, after the first public key decryptions checking, also first check whether local video stream secrete key exists, if existing just is used the first public key encryption to send to license server, if there is no with regard to stochastic generation video streaming keys, and license server is sent to the first public key encryption; Or receive the instruction stochastic generation video streaming keys again of described video management server, and send to license server with the first public key encryption.The present invention can upgrade video streaming keys, to increase fail safe further according to the instruction of video management server.
The invention also proposes the key distribution device in a kind of video monitoring system, described video monitoring system comprises video source device, video management server and client, described video monitoring system also comprises license server, described license server is connected by network with described video management server, video source device and client respectively, described key distribution device is applied to client, comprise decryption request unit, the second digital certificate issuing unit, the second public key verifications unit and client key decryption unit, wherein:
The license server URL that decryption request unit comprises for the non-encrypted area obtaining video flowing header and key ID, and carry this key ID and send decoding request to this license server;
The second digital certificate request that second digital certificate issuing unit sends for receiving license server, sends the second digital certificate to license server;
Second public key verifications unit, for receiving the checking request of license server with the second public key encryption comprised in the second digital certificate, after the second private key deciphering, sends the checking message with the second encrypted private key to license server;
Client key decryption unit, for receiving the video streaming keys of license server with the second public key encryption, is decrypted with the second private key, obtains video streaming keys.
Further, described decoding request also carries authorization code.Authorization code is just supplied to user when video monitoring system user needs to authorize, so that user inputs authorization code in use, decoding request is carried this authorization code and initiated decoding request to license server.
The present invention proposes the key distribution device in a kind of video monitoring system, be applied to server end respectively as license server, and video source device and client.Thus between license server and video source device and between license server and client distribution of video stream secrete key safely.And identify corresponding relation list by setting up video streaming keys in license server with video source device, distinguish the video streaming keys that different video stream is corresponding, ensure the accurate of distribution.Be also that each user arranges delegated strategy by license server, and input authorization code by user and correspond to respective delegated strategy, divide the monitor video that user can play at times.This invention ensures that the secure distribution of video streaming keys, and the scope of release of effective control secure video is to prevent eavesdropping.Video monitoring system only needs just can be realized by software upgrading, does not need to change hardware designs, and system upgrade cost is lower.
Accompanying drawing explanation
Fig. 1 is the structural representation of prior art video monitoring system;
Fig. 2 is the structural representation of video monitoring system of the present invention;
Fig. 3 is the key distribution device structural representation that the present invention is applied to server end;
Fig. 4 is the key distribution device structural representation that the present invention is applied to video source device;
Fig. 5 is the key distribution device structural representation that the present invention is applied to client.
Embodiment
Be described in further details technical solution of the present invention below in conjunction with drawings and Examples, following examples do not form limitation of the invention.
As shown in Figure 2, unlike the prior art, the video monitoring system of the present embodiment not only comprises video management server, media server, video source device and client to the video monitoring system of the present embodiment, also comprises license server.Video source device in video monitoring system is web camera IPC, or encoder, or any equipment that can be encrypted video flowing and distribute such as DVR.And client is user is used for logging in and plays player or the playout software of monitoring video flow, same client can there is different users log in, user logs in after client succeeds in registration to video management server, the video of order video source device, video source device by video stream to media server, media server forwards video and flows to client, realizes video monitoring.
Because key video flowing being carried out to symmetric cryptography and deciphering is identical, they are referred to as video streaming keys by the present embodiment, then the application is by the asymmetric enciphering and deciphering algorithm between license server and video source device, ensures the safety of the transmission of video stream secrete key between video source device and license server; By the asymmetric enciphering and deciphering algorithm between license server and client, ensure the safety transmitting video streaming keys between license server and client.Asymmetric enciphering and deciphering algorithm has PKI and private key, the PKI of enciphering and deciphering algorithm asymmetric between license server and video source device and private key are called the first PKI and the first private key by the present embodiment, and the PKI of enciphering and deciphering algorithm asymmetric between licence and client and private key are called the second PKI and the second private key.
In asymmetric encryption and decryption technology field, digital certificate is a file comprising PKI owner information and PKI through certificate authority digital signature, and the simplest digital certificate comprises the digital signature of a PKI, PKI owner title and certificate authority.In the present embodiment, the digital certificate comprising the first PKI is called the first digital certificate, the digital certificate comprising the second PKI is called the second digital certificate.License server and each client are assigned with independent digital certificate, digital certificate can have third party's independently Notified Body's granting, also accessible site is in license server, is provided by license server, the invention is not restricted to the granting form of digital certificate.License server has the first digital certificate, and each client has the second digital certificate.
In the video monitoring system of the present embodiment, license server is connected by network with video management server, video source device and client respectively, license server can be special equipment or independently server, also can be synthesized together with video management server.If special equipment or independently server, license server and video management server are configured with the address of the other side mutually, and license server can obtain video source device and user list video monitoring system from video management server.Video source device and license server send the video streaming keys through the first public key encryption alternately, and client and license server obtain the video streaming keys through the second public key encryption alternately, thus the second private key deciphering to be adopted on the client to obtain video streaming keys, play with video streaming keys decrypted video stream.
Fig. 3 shows the internal structure schematic diagram of the present embodiment license server, comprises the first digital certificate issuing unit, the first public key verifications unit, service end cipher key decryption unit, the second digital certificate request unit, the second public key verifications request unit, service end key transmitting element.
In the present embodiment, video management server is configuration encryption switch and license server address on the video source device needing encryption, when video source device starts post-registration to video monitoring system, check encryption switch, if encryption switch opens, continue inspection first digital certificate whether to exist, if not then send digital certificate request to license server.After license server receives digital certificate request, according to the video source device list obtained from video management server, because this video source device is registered at video management server, be legal video source device, then start the video streaming keys distribution procedure between license server.Video streaming keys distribution procedure between license server and video source device is as follows:
The digital certificate request that first digital certificate issuing unit receiver, video source device sends, returns the first digital certificate to this video source device;
Video source device, after receiving the first digital certificate, according to the first PKI in the first digital certificate, sends the checking request message with the first public key encryption to the first public key verifications unit;
The checking request message of use first public key encryption that the first public key verifications unit receiver, video source device sends, to this video source device sends checking message with first encrypted private key after being decrypted with the first private key;
Video source device, after receiving the checking message of the first encrypted private key, after the first public key decryptions checking, sends the video streaming keys with the first public key encryption to video cipher key decryption unit;
The video streaming keys message of use first public key encryption that service end cipher key decryption unit receiver, video source device sends, be decrypted with the first private key, obtain video streaming keys and record, for each video streaming keys generates a corresponding key ID, and this key ID is sent to video source device.
In the present embodiment, after video source device is verified with the first public key decryptions after receiving the checking message of the first encrypted private key, check whether local video stream secrete key exists, and if there is no with regard to stochastic generation video streaming keys, and sends to license server with the first public key encryption.After video streaming keys is sent to license server, there is no new trigger condition (as the accepted video server instruction) video streaming keys that just regeneration is not new, if accept the newly-generated video streaming keys of video server instruction, then need the video streaming keys again sending encryption to license server.License server, after receiving the video streaming keys of encryption, is decrypted with the first private key and obtains video streaming keys, at the enterprising line item of license server.Here recording video streaming keys is to distinguish video streaming keys corresponding to video flowing, after license server obtains video streaming keys, set up video streaming keys and video source device identifies the table of comparisons of (video source device ID), as shown in table 1:
Table 1
Thus the key ID corresponding according to video flowing can uniquely determine the video streaming keys of this video flowing.After video source device regenerates video streaming keys and adopts said method to be sent to license server, license server can upgrade by his-and-hers watches 1, and that records a upper video streaming keys stops using the time, increases the record that current video stream secrete key is corresponding.Save video streaming keys corresponding to each time period like this, even if when playback, the video streaming keys still can determining at that time according to key ID.
Video source device is when sending video flowing, and the non-encrypted area in video flowing header adds following parameter: the URL of license server, the key ID that current video stream secrete key is corresponding.Because the quantity of the video source device in video monitoring system and client may be very huge, may need multiple license server, the URL adding the server of licence in the non-encrypted area here in video flowing header is for accurately finding corresponding license server.
Such user is after client logs, the video of order video source device, video source device by video stream to media server, media server forwards video and flows to client, client begins through media server receiver, video stream, after client receives video flowing, first from the non-encrypted area of video flowing, read the URL of key ID and license server, and carry this key ID to this license server transmission decoding request, because license server records the corresponding relation of video streaming keys and key ID, thus the video streaming keys that current video stream is corresponding can be found.License server is according to the user list obtained from video management server, because user registers at video management server, legal user, thus the video streaming keys distribution procedure started between license server and client, the video streaming keys distribution procedure between license server and client is as follows:
Second digital certificate request unit receives the decoding request that client sends, and sends the second digital certificate request to this client;
Client sends the second digital certificate to the second public key verifications request unit after receiving the second digital certificate request from the second digital certificate request unit;
Second public key verifications request unit receives the second digital certificate that client returns, and sends the checking request with the second public key encryption comprised in the second digital certificate to client;
Client receives the checking request of the second public key encryption in use second digital certificate sent from the second public key verifications request unit, after the second private key deciphering, sends the checking message with the second encrypted private key to service end key transmitting element;
Service end key transmitting element receives the checking message of use second encrypted private key that client sends, and after being decrypted checking, finds the video streaming keys that decoding request is corresponding, send to client with the second public key encryption video streaming keys with the second PKI.
From said process, video streaming keys is all encryption in Internet Transmission, thus effectively improves fail safe.Client, after acquisition video streaming keys, is decrypted broadcasting to video flowing.
It should be noted that, license server has the first digital certificate, and each client has second digital certificate, and whether the digital certificate that the present invention is not limited to license server and each client is identical or not identical.
Because the corresponding relation of video streaming keys and key ID is kept at license server, video source device can put into license server URL and key ID in the non-encrypted area of video flowing header, client obtains key ID and license server URL from non-encrypted area after receiving video flowing, this key ID can be carried and send decoding request to license server, license server finds corresponding video streaming keys according to this key ID, then by the video streaming keys transport process between license server and client, video streaming keys is sent to client.
Further, the license server of the present embodiment is also provided with subscriber authorisation unit, for the delegated strategy of configure user, for user generates an authorization code, authorization code is to having delegated strategy, delegated strategy comprises the video source device ID that correspondence can be play, and concrete restriction measure, as limited IP address, limit MAC Address, limit reproduction time section, limit IP address and limit MAC Address, limit IP address and limit reproduction time section, limit MAC Address and limiting time section.Could correct displaying video stream when client can only have video streaming keys, authorization code at the same time, and license server can continue to revise the delegated strategy for user after authorization code granting.
Such as the video flowing of video source device 1 at one day 0 ~ 24 hour, the security personnel of monitoring are divided into three order of classes or grades at school, and the period on duty that respective user 1, user 2 and user 3, three users are corresponding is respectively different, as shown in table 2:
Table 2
Then client also needs user to input authorization code after receiving video flowing, and carry this authorization code and send decoding request to license server, license server is after receiving decoding request, second digital certificate request unit is according to the authorization code carried in decoding request, corresponding delegated strategy is found from table 2, if authorization code and video source device ID, time period are corresponding, judge that this user has the right to play, determine video streaming keys to issue client, to play; Otherwise notify that this user is invalid authorization code, client cannot displaying video stream.
Arranging of the delegated strategy that authorization code is corresponding can have various ways, such as different restriction strategies is set for each video source device, and permission ID is set, permission ID can the different restriction strategy of corresponding multiple video source device, and multiple authorization code can a corresponding permission ID.As shown in table 3:
Table 3
Multiple like this user can realize carrying out video monitoring to same group of video source device, and same video source device can arrange different restriction strategies for different users.
It should be noted that, license server is exactly the key distribution device being applied to server end in fact, and it can be special equipment, also can be independently server, or a part for video management server, the invention is not restricted to which kind of implementation.The subscriber authorisation unit that the present embodiment license server is arranged, be not limited to be arranged in license server, can also be arranged in video management server or other servers, after their corresponding relation being kept at database after generation delegated strategy and authorization code, license server can obtain very easily, and operates accordingly according to the decoding request of client.Releasing mode about authorization code can be informed face to face when user opens an account, or notifies user when opening mandate etc. and needing to authorize by other means of communication, the invention is not restricted to the concrete releasing mode of authorization code.
The present embodiment also proposed the key distribution device being applied to video source device simultaneously, comprises the first digital certificate request unit, front end key transmitting element and video flowing ciphering unit as shown in Figure 4.
First digital certificate request unit is used for sending digital certificate request to license server when not having the first digital certificate in this locality, and receive the first digital certificate that license server returns, send the checking request message with the first public key encryption comprised in the first digital certificate to license server.
And front end key transmitting element is after the checking message receiving license server the first encrypted private key, after the first public key decryptions checking, send the video streaming keys with the first public key encryption to license server.
The key ID that video flowing ciphering unit sends for receiving license server, the video flowing video streaming keys exported is encrypted, when being encrypted video flowing, leave non-encrypted area at video flowing header, this non-encrypted area comprises license server URL and key ID.
Further, the key distribution device of the present embodiment also comprises encryption switch, when video source device starts and encryption on off state changes, encryption switch is according to the current state of self, have there is no the first digital certificate if open mode then triggers first digital certificate request unit inspection this locality, if not, start to send digital certificate request, if had, inoperation; If the current state of encryption switch is closed condition, do not trigger.
Wherein key transmitting element in front end is after the checking message receiving license server the first encrypted private key, after the first public key decryptions checking, just first check whether local video stream secrete key exists, if there is no with regard to stochastic generation video streaming keys, and license server is sent to the first public key encryption.After video streaming keys is sent to license server, there is no new trigger condition (as the accepted video server instruction) video streaming keys that just regeneration is not new, if accept the newly-generated video streaming keys of video server instruction, then need the video streaming keys again sending encryption to license server.
The present embodiment also proposed the key distribution device being applied to client simultaneously, as shown in Figure 5, comprises decryption request unit, the second digital certificate issuing unit, the second public key verifications unit, client key decryption unit.
Client is after receiving video flowing, decryption request unit gets a license after server URL and key ID from the non-encrypted area of video flowing header, decoding request is sent to license server, after license server receives decoding request, send the second digital certificate request to the second digital certificate issuing unit, such license server could find corresponding video streaming keys according to this key ID.
Second digital certificate issuing unit, receiving after license server sends the second digital certificate request, sends the second digital certificate to license server.License server receives the second digital certificate, sends the checking request with the second public key encryption comprised in the second digital certificate.
Second public key verifications unit receives checking request, after the second private key deciphering, sends the checking message with the second encrypted private key to license server.License server finds the video streaming keys that decoding request is corresponding after being decrypted checking with the second PKI, sends to cipher key decryption unit with the second public key encryption video streaming keys.
After cipher key decryption unit receives the video streaming keys of encryption, be decrypted with the second private key, obtain video streaming keys.
Further, when license server sets delegated strategy for user, decryption request unit is when sending decoding request, also carry authorization code, so that license server finds corresponding delegated strategy according to authorization code, determine whether carry out video streaming keys distribution according to delegated strategy, repeat no more here.
Thus client obtains video streaming keys, and with it, broadcasting is decrypted to video flowing.
It should be noted that, in the present embodiment, checking is decrypted to checking message, be by deciphering after message and former message compare, if consistent, think and be verified, otherwise send error message, the work of end key distribution.
Above embodiment is only in order to illustrate technical scheme of the present invention but not to be limited; when not deviating from the present invention's spirit and essence thereof; those of ordinary skill in the art are when making various corresponding change and distortion according to the present invention, but these change accordingly and are out of shape the protection range that all should belong to the claim appended by the present invention.
Claims (9)
1. the key distribution device in a video monitoring system, described video monitoring system comprises video source device, video management server and client, it is characterized in that, described key distribution device is connected by network with described video management server, video source device and client respectively, described key distribution device comprises the first digital certificate issuing unit, the first public key verifications unit, service end cipher key decryption unit, the second digital certificate request unit, the second public key verifications request unit and service end key transmitting element, wherein:
First digital certificate issuing unit is used for the digital certificate request that receiver, video source device sends, and returns the first digital certificate to this video source device;
First public key verifications unit is used for the checking request message of receiver, video source device the first public key encryption comprised in the first digital certificate, to this video source device sends checking message with first encrypted private key after being decrypted with the first private key;
Service end cipher key decryption unit is used for the video streaming keys message of use first public key encryption that receiver, video source device sends, be decrypted with the first private key, obtain video streaming keys and record, for each video streaming keys generates a corresponding key ID, and this key ID is sent to this video source device;
The decoding request of carrying key ID that second digital certificate request unit sends for receiving client, sends the second digital certificate request to this client;
The second digital certificate that second public key verifications request unit returns for receiving client, sends the checking request with the second public key encryption comprised in the second digital certificate to this client;
Service end key transmitting element is for receiving the checking message of use second encrypted private key of client transmission, after being decrypted checking with the second PKI, find the video streaming keys that the key ID of carrying in decoding request is corresponding, send to this client with the second public key encryption video streaming keys.
2. key distribution device according to claim 1, is characterized in that, described key distribution device also stores the authorization code of delegated strategy and correspondence thereof.
3. key distribution device according to claim 2, is characterized in that, described key distribution device is provided with subscriber authorisation unit, for arranging the authorization code of described delegated strategy and correspondence thereof for the user of video monitoring system.
4. the key distribution device according to Claims 2 or 3, it is characterized in that, described decoding request also carries the described authorization code of user's input, described second digital certificate request unit is after the decoding request receiving client transmission, also can find corresponding delegated strategy according to the authorization code carried in decoding request, determine whether provide video streaming keys to described client according to described delegated strategy.
5. the key distribution device in a video monitoring system, described video monitoring system comprises video source device, video management server and client, it is characterized in that, described video monitoring system also comprises license server, described license server is connected by network with described video management server, video source device and client respectively, described key distribution device is applied to video source device, comprise the first digital certificate request unit, front end key transmitting element and video flowing ciphering unit, wherein:
First digital certificate request unit is used for sending digital certificate request to license server when not having the first digital certificate in this locality, and receive the first digital certificate that license server returns, send the checking request message with the first public key encryption comprised in the first digital certificate to license server;
Front end key transmitting element, for receiving the checking message of license server the first encrypted private key, after the first public key decryptions checking, sends the video streaming keys with the first public key encryption to license server;
The key ID that video flowing ciphering unit sends for receiving license server, the video flowing video streaming keys exported is encrypted, when being encrypted video flowing, leave non-encrypted area at video flowing header, this non-encrypted area comprises license server URL and key ID.
6. key distribution device according to claim 5, it is characterized in that, described key distribution device also comprises encryption switch, described encryption switch is in video source device startup or after receiving OPEN, and triggering described first digital certificate request unit does not have in this locality to send digital certificate request to license server during the first digital certificate.
7. key distribution device according to claim 5, it is characterized in that, described front end key transmitting element is at the checking message receiving license server the first encrypted private key, after the first public key decryptions checking, also first check whether local video stream secrete key exists, if existing just is used the first public key encryption to send to license server, if there is no with regard to stochastic generation video streaming keys, and send to license server with the first public key encryption; Or receive the instruction stochastic generation video streaming keys again of described video management server, and send to license server with the first public key encryption.
8. the key distribution device in a video monitoring system, described video monitoring system comprises video source device, video management server and client, it is characterized in that, described video monitoring system also comprises license server, described license server is connected by network with described video management server, video source device and client respectively, described key distribution device is applied to client, comprise decryption request unit, the second digital certificate issuing unit, the second public key verifications unit and client key decryption unit, wherein:
The license server URL that decryption request unit comprises for the non-encrypted area obtaining video flowing header and key ID, and carry this key ID and send decoding request to this license server;
The second digital certificate request that second digital certificate issuing unit sends for receiving license server, sends the second digital certificate to license server;
Second public key verifications unit, for receiving the checking request of license server with the second public key encryption comprised in the second digital certificate, after the second private key deciphering, sends the checking message with the second encrypted private key to license server;
Client key decryption unit, for receiving the video streaming keys of license server with the second public key encryption, is decrypted with the second private key, obtains video streaming keys.
9. key distribution device according to claim 8, is characterized in that, described decoding request also carries authorization code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410449163.8A CN104244026B (en) | 2014-09-04 | 2014-09-04 | A kind of key distribution device in video monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410449163.8A CN104244026B (en) | 2014-09-04 | 2014-09-04 | A kind of key distribution device in video monitoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104244026A true CN104244026A (en) | 2014-12-24 |
| CN104244026B CN104244026B (en) | 2017-08-15 |
Family
ID=52231236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410449163.8A Active CN104244026B (en) | 2014-09-04 | 2014-09-04 | A kind of key distribution device in video monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104244026B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635177A (en) * | 2016-02-23 | 2016-06-01 | 苏州元禾医疗器械有限公司 | Method, device and system for transmitting encrypted data |
| CN107294968A (en) * | 2017-06-21 | 2017-10-24 | 北京奇艺世纪科技有限公司 | The monitoring method and system of a kind of audio, video data |
| CN108965911A (en) * | 2017-05-17 | 2018-12-07 | 北京博瑞彤芸文化传播股份有限公司 | A kind of video/audio acquisition methods based on authorization code |
| CN108965923A (en) * | 2017-05-17 | 2018-12-07 | 北京博瑞彤芸文化传播股份有限公司 | A kind of acquisition methods of video/audio |
| CN108959283A (en) * | 2017-05-17 | 2018-12-07 | 北京博瑞彤芸文化传播股份有限公司 | A kind of querying method of video/audio play right |
| CN109120648A (en) * | 2018-10-31 | 2019-01-01 | 杭州恒生数字设备科技有限公司 | A kind of anti-tamper verifying system of real-time monitoring data |
| CN109151507A (en) * | 2018-08-08 | 2019-01-04 | 武汉市风奥科技股份有限公司 | Audio/video player system and method |
| CN109639691A (en) * | 2018-12-19 | 2019-04-16 | 世纪龙信息网络有限责任公司 | Method, apparatus, computer equipment and the storage medium of monitoring data encryption |
| CN109698935A (en) * | 2017-10-24 | 2019-04-30 | 中国移动通信有限公司研究院 | Monitor video encrypting and decrypting method and device, equipment, storage medium, system |
| CN109962781A (en) * | 2017-12-26 | 2019-07-02 | 浙江宇视科技有限公司 | A kind of digital certificate diostribution device |
| CN110505531A (en) * | 2019-07-02 | 2019-11-26 | 杭州海康威视数字技术股份有限公司 | A kind of media data transmission system, method and device |
| CN110741650A (en) * | 2017-07-18 | 2020-01-31 | 谷歌有限责任公司 | Method, system, and medium for protecting and verifying video files |
| CN110868641A (en) * | 2018-08-28 | 2020-03-06 | 中国电信股份有限公司 | Method and system for detecting validity of live broadcast source |
| CN111147805A (en) * | 2018-11-05 | 2020-05-12 | 华北电力大学扬中智能电气研究中心 | Video data transmission system, method and device |
| CN111582925A (en) * | 2020-04-30 | 2020-08-25 | 成都新潮传媒集团有限公司 | Advertisement monitoring method and multimedia monitoring terminal |
| CN112272174A (en) * | 2020-10-22 | 2021-01-26 | 北京海泰方圆科技股份有限公司 | Encrypted data transmission method, device, equipment and computer storage medium |
| CN115065530A (en) * | 2022-06-13 | 2022-09-16 | 北京华信傲天网络技术有限公司 | Trusted data interaction method and system |
| CN115086719A (en) * | 2022-08-18 | 2022-09-20 | 芯见(广州)科技有限公司 | Video transmission method, switching equipment, KVM (keyboard video mouse) agent system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070294178A1 (en) * | 2006-06-16 | 2007-12-20 | Scientific Atlanta, Inc. | Securing media content using interchangeable encryption key |
| CN101156448A (en) * | 2005-04-06 | 2008-04-02 | 美国博通公司 | Method and system for securing media content in a multimedia processor |
| CN103401894A (en) * | 2013-07-11 | 2013-11-20 | 华南理工大学 | Streaming media DRM (Digital Rights Management) cloud service system with browser/server architecture and implementation method thereof |
-
2014
- 2014-09-04 CN CN201410449163.8A patent/CN104244026B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101156448A (en) * | 2005-04-06 | 2008-04-02 | 美国博通公司 | Method and system for securing media content in a multimedia processor |
| US20070294178A1 (en) * | 2006-06-16 | 2007-12-20 | Scientific Atlanta, Inc. | Securing media content using interchangeable encryption key |
| CN103401894A (en) * | 2013-07-11 | 2013-11-20 | 华南理工大学 | Streaming media DRM (Digital Rights Management) cloud service system with browser/server architecture and implementation method thereof |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635177A (en) * | 2016-02-23 | 2016-06-01 | 苏州元禾医疗器械有限公司 | Method, device and system for transmitting encrypted data |
| CN108965911B (en) * | 2017-05-17 | 2021-06-11 | 北京博瑞彤芸科技股份有限公司 | Video and audio data acquisition method based on authorization code |
| CN108965911A (en) * | 2017-05-17 | 2018-12-07 | 北京博瑞彤芸文化传播股份有限公司 | A kind of video/audio acquisition methods based on authorization code |
| CN108965923A (en) * | 2017-05-17 | 2018-12-07 | 北京博瑞彤芸文化传播股份有限公司 | A kind of acquisition methods of video/audio |
| CN108959283A (en) * | 2017-05-17 | 2018-12-07 | 北京博瑞彤芸文化传播股份有限公司 | A kind of querying method of video/audio play right |
| CN107294968A (en) * | 2017-06-21 | 2017-10-24 | 北京奇艺世纪科技有限公司 | The monitoring method and system of a kind of audio, video data |
| CN110741650A (en) * | 2017-07-18 | 2020-01-31 | 谷歌有限责任公司 | Method, system, and medium for protecting and verifying video files |
| US11750577B2 (en) | 2017-07-18 | 2023-09-05 | Google Llc | Methods, systems, and media for protecting and verifying video files |
| US11368438B2 (en) | 2017-07-18 | 2022-06-21 | Google Llc | Methods, systems, and media for protecting and verifying video files |
| CN110741650B (en) * | 2017-07-18 | 2022-04-12 | 谷歌有限责任公司 | Method, system, and medium for storing and verifying video streams |
| CN109698935A (en) * | 2017-10-24 | 2019-04-30 | 中国移动通信有限公司研究院 | Monitor video encrypting and decrypting method and device, equipment, storage medium, system |
| CN109962781A (en) * | 2017-12-26 | 2019-07-02 | 浙江宇视科技有限公司 | A kind of digital certificate diostribution device |
| CN109962781B (en) * | 2017-12-26 | 2022-05-10 | 浙江宇视科技有限公司 | Digital certificate distributing device |
| CN109151507A (en) * | 2018-08-08 | 2019-01-04 | 武汉市风奥科技股份有限公司 | Audio/video player system and method |
| CN110868641A (en) * | 2018-08-28 | 2020-03-06 | 中国电信股份有限公司 | Method and system for detecting validity of live broadcast source |
| CN110868641B (en) * | 2018-08-28 | 2021-12-07 | 中国电信股份有限公司 | Method and system for detecting validity of live broadcast source |
| CN109120648B (en) * | 2018-10-31 | 2019-08-02 | 杭州恒生数字设备科技有限公司 | A kind of anti-tamper verifying system of real-time monitoring data |
| CN109120648A (en) * | 2018-10-31 | 2019-01-01 | 杭州恒生数字设备科技有限公司 | A kind of anti-tamper verifying system of real-time monitoring data |
| CN111147805A (en) * | 2018-11-05 | 2020-05-12 | 华北电力大学扬中智能电气研究中心 | Video data transmission system, method and device |
| CN111147805B (en) * | 2018-11-05 | 2021-05-11 | 华北电力大学扬中智能电气研究中心 | Video data transmission system, method and device |
| CN109639691B (en) * | 2018-12-19 | 2021-11-12 | 世纪龙信息网络有限责任公司 | Method and device for monitoring data encryption, computer equipment and storage medium |
| CN109639691A (en) * | 2018-12-19 | 2019-04-16 | 世纪龙信息网络有限责任公司 | Method, apparatus, computer equipment and the storage medium of monitoring data encryption |
| CN110505531B (en) * | 2019-07-02 | 2021-04-16 | 杭州海康威视数字技术股份有限公司 | Media data transmission system, method and device |
| CN110505531A (en) * | 2019-07-02 | 2019-11-26 | 杭州海康威视数字技术股份有限公司 | A kind of media data transmission system, method and device |
| CN111582925A (en) * | 2020-04-30 | 2020-08-25 | 成都新潮传媒集团有限公司 | Advertisement monitoring method and multimedia monitoring terminal |
| CN112272174A (en) * | 2020-10-22 | 2021-01-26 | 北京海泰方圆科技股份有限公司 | Encrypted data transmission method, device, equipment and computer storage medium |
| CN115065530A (en) * | 2022-06-13 | 2022-09-16 | 北京华信傲天网络技术有限公司 | Trusted data interaction method and system |
| CN115065530B (en) * | 2022-06-13 | 2024-01-23 | 北京华信傲天网络技术有限公司 | Trusted data interaction method and system |
| CN115086719A (en) * | 2022-08-18 | 2022-09-20 | 芯见(广州)科技有限公司 | Video transmission method, switching equipment, KVM (keyboard video mouse) agent system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104244026B (en) | 2017-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104244026A (en) | Secret key distribution device in video monitoring system | |
| JP6921075B2 (en) | Secure hierarchical encryption of data streams | |
| CN105103488B (en) | By the policy Enforcement of associated data | |
| JP4810577B2 (en) | Method and apparatus for temporary use of DRM content | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| EP3585023B1 (en) | Data protection method and system | |
| KR101687945B1 (en) | Identity-based encryption of data items for secure access thereto | |
| CN104113409B (en) | The key management method and system of a kind of SIP video monitoring networkings system | |
| CN105103119A (en) | Data security service | |
| CN103366102A (en) | Digital rights management system for transfer of content and distribution | |
| WO2009037582A9 (en) | System and method for securely communicating on- demand content from closed network to dedicated devices, and for compiling content usage data in closed network securely communicating content to dedicated devices | |
| KR101452708B1 (en) | CE device management server, method for issuing DRM key using CE device management server, and computer readable medium | |
| CN101277181A (en) | Dynamic multilayer encryption method for managing flow medium digital authority | |
| US9330250B2 (en) | Authorization of media content transfer between home media server and client device | |
| CN101702725A (en) | System, method and device for transmitting streaming media data | |
| CN105122265A (en) | Data security service system | |
| CN105049877A (en) | Encryption method and device for live and recorded broadcast interaction system | |
| KR20170047717A (en) | Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device | |
| CN106027473A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
| CN109151507A (en) | Audio/video player system and method | |
| CN102546528B (en) | Stream media playing method and stream media playing equipment | |
| CN108881240B (en) | Member privacy data protection method based on block chain | |
| CN108882030A (en) | A kind of monitor video classification encryption and decryption method and system based on time-domain information | |
| CN108038355A (en) | IPTV system for numeral copyright management and its method based on Database Systems on-line authentication | |
| CN102510374B (en) | License management method and device capable of detecting clone for front-end system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |