CN104834845A - Implementation method for credible industrial camera - Google Patents
Implementation method for credible industrial camera Download PDFInfo
- Publication number
- CN104834845A CN104834845A CN201510237041.7A CN201510237041A CN104834845A CN 104834845 A CN104834845 A CN 104834845A CN 201510237041 A CN201510237041 A CN 201510237041A CN 104834845 A CN104834845 A CN 104834845A
- Authority
- CN
- China
- Prior art keywords
- camera
- module
- credible
- soc
- tcm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Studio Devices (AREA)
Abstract
The invention discloses an implementation method for a credible industrial camera. The implementation method is characterized in that a camera SoC (System on Chip), a TCM (Terminal-to-Computer Multiplexer) module, a read-only NAND FLASH memory and a credible selector switch circuit are adopted in the method, wherein switching among the NAND FLASH memory, the TCM module and the camera SoC is realized by virtue of the switch circuit; a code and a verification algorithm are embedded in the TCM module, and further the trust root of the camera is stored in the TCM module, so that safety verification and credibility verification for the camera are finished by virtue of the TCM module; <0}{0><}0{>the NAND FLASH memory is connected with the TCM module or the industrial camera SoC by virtue of the credible selector switch; when the system is powered on, the NAND FLASH memory and the TCM module are connected; after kernel verification is finished, the NAND FLASH memory and the camera SoC module are connected. <0}{0><}0{>In an execution process, the camera can execute a subsequent camera task process only after credibility verification is performed on an external network access request and the data or programs in the connected memory by virtue of the TCM module.
Description
Technical field
The invention belongs to electronics field, more specifically, relate to a kind of implementation method of credible industrial camera.
Background technology
The use of current industrial camera gets more and more, especially at public safety field and field of traffic, the use of all types of industries camera is on the one hand for public safety provides technical support, as video monitoring etc., in addition on the one hand also for management of public safety provides technological means, as: testing the speed in intelligent transportation, capture.Because current most industrial cameras are all undertaken connecting and communicating by network, its security has become camera and has used one of factor that must consider on a large scale, once these industrial cameras are controlled by malicious attacker, its consequence is by hardly imaginable, therefore the safety problem of current industrial equipment has obtained countries in the world and has more and more paid close attention to, eliminate the mission critical that commercial unit potential safety hazard has become current national informatization, and industrial camera is as the fundamental equipments of Country Monitor and management of public safety, its security performance also becomes important technical indicator.
Each producer current is when design and implimentation industrial camera, often pay close attention to its stability and user's experience, and have ignored the anti-malicious attack ability of camera, the use in the future for camera leaves a lot of hidden danger, some or even directly can control the high-risk leak of camera and background system.
In view of this, the implementation method that a kind of credible industrial camera is provided is necessary, to solve the problem.
Summary of the invention
The object of the invention is: for the situation of current industrial camera low-security, the present invention proposes a kind of implementation method of credible industrial camera, by adopting credible TCM hardware module, to system kernel, system application and service and user authentication request and command request carry out trust authentication, to strengthen the security performance of camera.
The technical solution adopted in the present invention is: a kind of implementation method of credible industrial camera, is characterized in that, comprises following modules:
Camera SoC, TCM module, SD/TF memory interface, network interface, warning/control interface, 485 or 232 transmitted in both directions interfaces, read-only NAND FLASH memory, DDR/SDRAM internal memory, image sensor module, also there is a credible switching switch circuit in addition, realize the switching between NAND FLASH memory and TCM module and camera SoC by this on-off circuit;
In above-mentioned camera structure, TCM module cryptography built and verification algorithm, store the root of trust of camera simultaneously, completed safety verification and the trust authentication of camera by this TCM module; NAND FASH storer is connected with TCM model calling or industrial camera SoC by credible change-over switch; Connect NAND FLASH and TCM module when system power-up, after completing kernel checking, then connect NAND FLASH and camera SoC module.
The implementation method of credible industrial camera as above, is characterized in that, its setting up procedure is as follows:
(1) make industrial camera SoC be in non-executing state by controlling camera SoC its enable port level after system power-up, TCM module first obtains startup authority;
(2) after TCM module oneself completes startup, control credible change-over switch, NAND FLASH is connected with camera SoC, and camera SoC completes the trust authentication to system kernel by inner safe root of trust and authentication module, guarantees system kernel not through illegal modifications;
(3) after TCM module completion system kernel trust authentication, NAND FLASH is connected with camera SoC by credible change-over switch, and adjusts camera SoC its enable port level, make camera SoC loading system kernel enter Booting sequence;
(4) after the system kernel of trust authentication starts, first trust authentication is carried out to other software module of camera system, comprise types of applications program, system service, network service, the configuration file of all kinds of key and file system, after being proved to be successful, just enter into normal Booting sequence.
The implementation method of credible industrial camera as above, it is characterized in that, camera adopts a kind of remote authentication based on USBKey mechanism, need during remote access to insert at distance access ports the login authentication process that corresponding USBKey just can complete camera, after certification, just can complete the configuration modification of camera and the video of camera and image viewing; After certification is passed through, this USBKey can pull out, once access end is restarted or camera is restarted or power-off, then needs to reinsert USBKey and carries out certification; This USBKey can support the certification of multiple stage camera, only has camera producer could generate this hardware USBKey according to camera information.
The implementation method of credible industrial camera as above, is characterized in that, trust authentication flow process is as follows:
(1) for the connection request of network, control command request and all kinds of session request, first carry out trust authentication by TCM module, trust authentication just can enter into network service or system service module continues subsequent transaction by rear;
(2) credible industrial camera is when access or the program performing storage in TF/SD card or data, first carries out program or data trust authentication by TCM module, could continue camera flow of transactions below after trust authentication passes through.
The invention has the beneficial effects as follows: credible industrial camera of the present invention by implanting credible password module TCM as trusted root in camera system, camera body architecture is transformed, make camera have security, integrality and reliability demonstration mechanism, build the believable system environments of camera comprehensively.
Accompanying drawing explanation
Fig. 1 is the system chart of credible industrial camera of the present invention.
Embodiment
In order to understand the present invention better, illustrate content of the present invention further below in conjunction with embodiment, but content of the present invention is not only confined to the following examples.Those skilled in the art can make various changes or modifications the present invention, and these equivalent form of values are equally within claims limited range listed by the application.
The built-in credible password module TCM of this credible camera of the present invention, credible verification is carried out by the startup kernel of this module to system, after verification, system right of execution is given camera master control SoC, after SoC kernel starts, credible verification is carried out to other module of camera, after verification is correct, completes the start-up course of whole camera.In the operational process of camera, all user log-in authentications, just can complete after the amendment request of critical system will be verified by TCM, to guarantee that the course of work of whole camera is credible and secure, and the illegal resource access avoiding malicious intrusions to cause.
Credible password module TCM is the trust computing standard hardware module of Chinese government departments concerned's accreditation, and inside has crypto-operation device and Guared memory, embedded independent intellectual property right cryptographic algorithm.Credible password module provides the security service of credible tolerance root, trusted storage root and credible report root by trusted cryptography algorithm and reliable storage mechanism for computing machine, provides hardware support for realizing safe and reliable industrial camera.
As shown in Figure 1, a concrete case study on implementation of the present invention comprises following System's composition and performs step:
Credible industrial camera provided by the invention, comprise camera SoC, TCM module, SD/TF memory interface, network interface, alarm/control interface, 485 or 232 transmitted in both directions interfaces, read-only NAND FLASH memory, DDR/SDRAM internal memory, cmos image sensor or ccd image sensor and the A/D modular converter etc. supporting with it, also there is a credible switching switch circuit in addition, realize the switching between NAND FLASH and TCM and camera master control SoC by this on-off circuit.
In above-mentioned camera structure, DDR or SDRAM is connected by camera SoC special purpose interface; The exterior storage interface that SD or TF cartoon crosses SoC to be provided connects; The network interface of Phy and SoC inside connects; Camera externally provides the constrained input interface controlling or report to the police simultaneously, warning input interface is accessed by photoelectric coupling module, complete external trigger to capture, alert event responds, and control or warning output terminal complete the output function of control signal by photoelectric coupling module; 232 and 485 interfaces are used for carrying out the functions such as control signal transmission, system debug or system state output; NAND FLASH is used for the startup kernel of storage system, application program, camera service program and camera file system, NAND FASH storer and is connected with TCM model calling or industrial camera SoC by credible change-over switch; TCM module cryptography built and verification algorithm, store the root of trust of camera simultaneously, completed safety verification and the trust authentication of camera by this TCM module.
This camera start-up course has comparatively strict timing requirements, and it also has security certification requirements in performing simultaneously, specific as follows:
Make industrial camera SoC be in non-executing state by controlling camera SoC its enable port level after system power-up, TCM module first obtains startup authority.
After TCM oneself completes startup, control credible change-over switch, NAND FLASH is connected with camera SoC, SoC completes the trust authentication to system kernel by inner safe root of trust and authentication module, guarantees system kernel not through illegal modifications.
After TCM completion system kernel trust authentication, NAND FLASH is connected with SoC by credible change-over switch, and adjusts SoC its enable port level, make camera SoC loading system kernel enter Booting sequence.
After the system kernel of trust authentication starts, first trust authentication is carried out to other software module of camera system, comprise types of applications program, system service, the configuration file of network service, all kinds of key and file system etc., after being proved to be successful, just enter into normal Booting sequence.
Credible industrial camera is after completing startup, for the connection request of network, control command request and all kinds of session request, first carry out trust authentication by TCM module, trust authentication just can enter into network service or system service module continuation subsequent transaction by rear.
Trust authentication signature has been included in above-mentioned network connecting request, control command request and all kinds of session request message, this signature is generated by the secret key of trust of cryptographic algorithm and visitor and all kinds of identification information by request end, has the base attribute can not forged with palming off.
Credible industrial camera, when access or the program performing storage in TF/SD card or data, first carries out program or data trust authentication by TCM module, could continue camera flow of transactions below after trust authentication passes through.
Included trust authentication signature in the program stored in above-mentioned TF/SD card or data, this signature is generated by the secret key of trust of cryptographic algorithm and visitor and all kinds of identification information by visitor, has the base attribute can not forged with palming off.
For improving security performance, when carrying out Remote configuration to camera, this camera provides a kind of optional authentication process based on USBKey, namely camera can be configured to need to insert at distance access ports the login authentication process that corresponding USBKey just can complete camera, after certification, just can complete the configuration modification of camera and the video of camera and image viewing.After certification is passed through, this USBKey can pull out, once access end is restarted or power-off, then needs to reinsert USBKey and carries out certification.This USBKey can support the certification of multiple stage camera, only has camera producer could generate this hardware USBKey according to camera information.
Finally should be noted that; above content is only in order to illustrate technical scheme of the present invention; but not limiting the scope of the invention; the simple modification that those of ordinary skill in the art carries out technical scheme of the present invention or equivalently to replace, does not all depart from essence and the scope of technical solution of the present invention.
Claims (4)
1. an implementation method for credible industrial camera, is characterized in that, comprises following modules:
Camera SoC, TCM module, SD/TF memory interface, network interface, warning/control interface, 485 or 232 transmitted in both directions interfaces, read-only NAND FLASH memory, DDR/SDRAM internal memory, image sensor module, also there is a credible switching switch circuit in addition, realize the switching between NAND FLASH memory and TCM module and camera SoC by this on-off circuit;
In above-mentioned camera structure, TCM module cryptography built and verification algorithm, store the root of trust of camera simultaneously, completed safety verification and the trust authentication of camera by this TCM module; NAND FASH storer is connected with TCM model calling or industrial camera SoC by credible change-over switch; Connect NAND FLASH and TCM module when system power-up, after completing kernel checking, then connect NAND FLASH and camera SoC module.
2. the implementation method of credible industrial camera according to claim 1, is characterized in that, its setting up procedure is as follows:
(1) make industrial camera SoC be in non-executing state by controlling camera SoC its enable port level after system power-up, TCM module first obtains startup authority;
(2) after TCM module oneself completes startup, control credible change-over switch, NAND FLASH is connected with camera SoC, and camera SoC completes the trust authentication to system kernel by inner safe root of trust and authentication module, guarantees system kernel not through illegal modifications;
(3) after TCM module completion system kernel trust authentication, NAND FLASH is connected with camera SoC by credible change-over switch, and adjusts camera SoC its enable port level, make camera SoC loading system kernel enter Booting sequence;
(4) after the system kernel of trust authentication starts, first trust authentication is carried out to other software module of camera system, comprise types of applications program, system service, network service, the configuration file of all kinds of key and file system, after being proved to be successful, just enter into normal Booting sequence.
3. the implementation method of credible industrial camera according to claim 1, it is characterized in that, camera adopts a kind of remote authentication based on USBKey mechanism, need during remote access to insert at distance access ports the login authentication process that corresponding USBKey just can complete camera, after certification, just can complete the configuration modification of camera and the video of camera and image viewing; After certification is passed through, this USBKey can pull out, once access end is restarted or camera is restarted or power-off, then needs to reinsert USBKey and carries out certification; This USBKey can support the certification of multiple stage camera, only has camera producer could generate this hardware USBKey according to camera information.
4. the implementation method of credible industrial camera according to claim 2, is characterized in that, trust authentication flow process is as follows:
(1) for the connection request of network, control command request and all kinds of session request, first carry out trust authentication by TCM module, trust authentication just can enter into network service or system service module continues subsequent transaction by rear;
(2) credible industrial camera is when access or the program performing storage in TF/SD card or data, first carries out program or data trust authentication by TCM module, could continue camera flow of transactions below after trust authentication passes through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510237041.7A CN104834845A (en) | 2015-05-12 | 2015-05-12 | Implementation method for credible industrial camera |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510237041.7A CN104834845A (en) | 2015-05-12 | 2015-05-12 | Implementation method for credible industrial camera |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104834845A true CN104834845A (en) | 2015-08-12 |
Family
ID=53812727
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510237041.7A Pending CN104834845A (en) | 2015-05-12 | 2015-05-12 | Implementation method for credible industrial camera |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104834845A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108989651A (en) * | 2018-09-05 | 2018-12-11 | 深圳市中科智库互联网信息安全技术有限公司 | Credible video camera |
| CN110727966A (en) * | 2018-07-16 | 2020-01-24 | Oppo广东移动通信有限公司 | Image processing method and device, storage medium and electronic equipment |
| CN110996006A (en) * | 2019-12-19 | 2020-04-10 | 苏州光测视界智能科技有限公司 | Adapter ring for industrial camera lens and CCD and control method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
| CN101504705A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Trusted platform module and its computer starting control method |
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN101527025A (en) * | 2008-03-06 | 2009-09-09 | 同方股份有限公司 | Safe web bank system and realization method thereof |
| CN103795905A (en) * | 2013-11-03 | 2014-05-14 | 北京工业大学 | Trusted starting method of web camera |
| CN104410636A (en) * | 2014-12-01 | 2015-03-11 | 浪潮集团有限公司 | Method for enhancing security of BMC/SMC in cloud computing system |
-
2015
- 2015-05-12 CN CN201510237041.7A patent/CN104834845A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN101527025A (en) * | 2008-03-06 | 2009-09-09 | 同方股份有限公司 | Safe web bank system and realization method thereof |
| CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
| CN101504705A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Trusted platform module and its computer starting control method |
| CN103795905A (en) * | 2013-11-03 | 2014-05-14 | 北京工业大学 | Trusted starting method of web camera |
| CN104410636A (en) * | 2014-12-01 | 2015-03-11 | 浪潮集团有限公司 | Method for enhancing security of BMC/SMC in cloud computing system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110727966A (en) * | 2018-07-16 | 2020-01-24 | Oppo广东移动通信有限公司 | Image processing method and device, storage medium and electronic equipment |
| CN108989651A (en) * | 2018-09-05 | 2018-12-11 | 深圳市中科智库互联网信息安全技术有限公司 | Credible video camera |
| CN110996006A (en) * | 2019-12-19 | 2020-04-10 | 苏州光测视界智能科技有限公司 | Adapter ring for industrial camera lens and CCD and control method |
| CN110996006B (en) * | 2019-12-19 | 2022-04-15 | 苏州光测视界智能科技有限公司 | Control method for adapter ring of industrial camera lens and CCD |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10635809B2 (en) | Authenticating application legitimacy | |
| US10839079B2 (en) | Systems and methods for tamper-resistant verification of firmware with a trusted platform module | |
| US9509502B2 (en) | Symmetric keying and chain of trust | |
| EP3057053B1 (en) | Electronic device and method for processing secure information | |
| JP7332087B2 (en) | Systems and methods for signing transactions using air-gapped private keys | |
| CN102567662B (en) | For processing the apparatus and method of data | |
| WO2017034312A1 (en) | Apparatus and method for trusted execution environment based secure payment transactions | |
| US8893295B2 (en) | Secure and private location | |
| US20150244711A1 (en) | Method and apparatus for authenticating client credentials | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| CN107247899B (en) | Role authority control method and device based on security engine and security chip | |
| CN108335105B (en) | Data processing method and related equipment | |
| CN104866343A (en) | Security startup method for embedded equipment and securely-started embedded equipment | |
| US11520859B2 (en) | Display of protected content using trusted execution environment | |
| CN104680055A (en) | Control method for performing management on U disk after access into industrial control system network | |
| CN103166952A (en) | Embedded type vehicle-mounted data collection terminal | |
| CN104834845A (en) | Implementation method for credible industrial camera | |
| EP3221996B1 (en) | Symmetric keying and chain of trust | |
| CN107317925B (en) | Mobile terminal | |
| CN103795905A (en) | Trusted starting method of web camera | |
| CN113472737B (en) | Data processing method and device of edge equipment and electronic equipment | |
| CN201741156U (en) | Trusted hardware equipment | |
| CN112532586A (en) | Network communication method, system, computer equipment and storage medium | |
| CN111625846A (en) | Mobile terminal equipment and system state recording method | |
| CN113966510A (en) | Trusted device and computing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150812 |
|
| WD01 | Invention patent application deemed withdrawn after publication |