Summary of the invention
In view of the above problems, it is proposed that the present invention in case provide one overcome the problems referred to above or at least in part solve on
State the safety certification invention of a kind of video and audio monitoring device of problem, a kind of video and audio monitoring device and a kind of video and audio displaying to set
Standby.
According to the first aspect of the invention, it is provided that a kind of video and audio presentation device, described video and audio presentation device bag
Include:
Public key acquisition unit, for obtaining the first of correspondence according to video and audio monitoring device mark from mark PKI matrix
Mark PKI;
Asymmetric encryption unit, for carrying out asymmetric adding by described first mark PKI in plain text to instruction waiting for transmission
Close, obtain instructing ciphertext;
Ciphertext signature unit, for using the first identity private key of local device to sign described instruction ciphertext;
Ciphertext transmitting element, for the instruction ciphertext after signature is sent to described video and audio monitoring device, so that described
Video and audio monitoring device carries out safety certification according to the instruction ciphertext after described signature.
Alternatively, described video and audio presentation device also includes:
Mark receives unit, sets for receiving and store the described video and audio monitoring sent by described video and audio monitoring device
Standby mark.
According to the second aspect of the invention, it is provided that the safety certifying method of a kind of video and audio monitoring device, described side
Method includes:
From mark PKI matrix, the first mark PKI of correspondence is obtained according to video and audio monitoring device mark;
By described first mark PKI, instruction waiting for transmission is carried out asymmetric encryption in plain text, obtain instructing ciphertext;
Described instruction ciphertext is signed by the first identity private key using local device;
Instruction ciphertext after signature is sent to described video and audio monitoring device so that described video and audio monitoring device according to
Instruction ciphertext after described signature carries out safety certification.
Alternatively, the described mark according to video and audio monitoring device obtains the first mark of correspondence from mark PKI matrix
Before PKI, described method also includes:
Receive and store the described video and audio monitoring device mark sent by described video and audio monitoring device.
According to the third aspect of the invention, it is provided that a kind of video and audio monitoring device, described video and audio monitoring device bag
Include:
Ciphertext receives unit, for receiving the instruction ciphertext that video and audio presentation device sends;
Public key acquisition unit, for obtaining the second of correspondence according to video and audio presentation device mark from mark PKI matrix
Mark PKI;
Signature verification unit, for the signature by instructing ciphertext described in described second mark public key verifications;
Ciphertext decryption unit, for when being verified, the second identity private key using local device is close to described instruction
Literary composition is decrypted, and obtains instruction in plain text, to realize safety certification.
Alternatively, described video and audio monitoring device also includes:
Identify and receive unit, set for receiving and store the described video and audio displaying sent by described video and audio presentation device
Standby mark.
Alternatively, described video and audio monitoring device also includes:
Instruction execution unit, for performing instruction in plain text according to described instruction.
According to the fourth aspect of the invention, it is provided that the safety certifying method of a kind of video and audio monitoring device, described side
Method includes:
Receive the instruction ciphertext that video and audio presentation device sends;
From mark PKI matrix, the second mark PKI of correspondence is obtained according to video and audio presentation device mark;
By instructing the signature of ciphertext described in described second mark public key verifications;
When being verified, use the second identity private key of local device that described instruction ciphertext is decrypted, referred to
Order plaintext, to realize safety certification.
Alternatively, before the instruction ciphertext that described reception video and audio presentation device is sent, described method also includes:
Receive and store the described video and audio presentation device mark sent by described video and audio presentation device.
Alternatively, described method also includes:
Instruction is performed in plain text according to described instruction.
The present invention obtains the first mark PKI of correspondence according to video and audio monitoring device mark from mark PKI matrix, logical
Cross described first mark PKI and instruction waiting for transmission is carried out asymmetric encryption in plain text, obtain instructing ciphertext, use local device
The first identity private key described instruction ciphertext is signed, will signature after instruction ciphertext send to described video and audio monitoring set
Standby, so that described video and audio monitoring device carries out safety certification according to the instruction ciphertext after described signature, can prevent in the Internet
Under environment under attack, by control etc., it is ensured that monitoring system can normally work.
Detailed description of the invention
Below in conjunction with the accompanying drawings and embodiment, the detailed description of the invention of the present invention is described in further detail.Hereinafter implement
Example is used for illustrating the present invention, but is not limited to the scope of the present invention.
Fig. 1 is the flow chart of the safety certifying method of the video and audio monitoring device of one embodiment of the present invention;With reference to figure
1, described method includes:
S101: obtain the first mark PKI of correspondence according to video and audio monitoring device mark from mark PKI matrix;
It should be noted that the executive agent of the method for present embodiment is video and audio presentation device, described video and audio exhibition
Showing that equipment is the equipment can being shown video and audio, it can be to have video and audio to show the server of function, it is possible to for tool
Having video and audio to show the subscriber equipment of function, certainly, can be also other equipment, this be any limitation as by present embodiment.
In implementing, described subscriber equipment can be that PC, notebook computer, panel computer or smart mobile phone etc. set
Standby, this is not any limitation as by present embodiment.
It will be appreciated that described video and audio presentation device is provided with product or customer digital certificate, described digital certificate bag
Include: mark PKI matrix and the first identity private key of local device.
For ease of generating described digital certificate, in present embodiment, with reference to Fig. 2, can be beforehand through the key of special development
Production system produces identity private key matrix and mark PKI matrix, (is i.e. used for reflecting product identification by product or ID
Mark, or for reflecting the mark of user identity) identify as video and audio presentation device, and HASH is logical to identity private key matrix
Cross mould N integer arithmetic generate local device the first identity private key, then together with mark PKI matrix generate product or
Customer digital certificate.
In the present embodiment, described local device i.e. refers to video and audio presentation device.
Certainly, described product or customer digital certificate can use close state software data form to directly write to make in product
With, or be written to identify in USBKEY and be issued to user and use.
Described mark USBKEY includes but not limited to TF card KEY and SIM KEY, by meeting the close certification of state and permitting
Special safety chip (such as: HS08K, HS32U2, Z8D64, Z8168 or Z32) make further development and production and form, and producing
Product and user's application process complete to product or ID and the digital signature of the information such as data, instruction and encryption.
Described digital certificate or tagged keys meet ITU-T X.509 international standard, meet Conbined public or double key cipher system
Certificate specification, meets CA certificate specification.
S102: in plain text instruction waiting for transmission is carried out asymmetric encryption by described first mark PKI, obtains instructing close
Literary composition;
It will be appreciated that described first mark PKI is the mark PKI corresponding with video and audio monitoring device mark, the most just
It is to say, between described first mark PKI and video and audio monitoring device mark, there is one-to-one relationship.
It should be noted that instruction waiting for transmission is carried out asymmetric encryption, i.e. in plain text by described first mark PKI
Can obtain instructing ciphertext, say, that described instruction ciphertext is the file after described instruction carries out asymmetric encryption in plain text.
S103: use the first identity private key of local device that described instruction ciphertext is signed;
Owing to the first identity private key of described local device is to generate according to product or ID, so, itself and product
Or there is one-to-one relationship in ID, say, that the first identity private key of described local device can reflect described product
Product or the identity of ID.
It will be appreciated that described instruction ciphertext is signed be typically with the first identity private key of local device to institute
The digital digest stating instruction ciphertext is encrypted.
S104: send the instruction ciphertext after signature to described video and audio monitoring device, so that the monitoring of described video and audio sets
For carrying out safety certification according to the instruction ciphertext after described signature.
Present embodiment obtains the first mark public affairs of correspondence according to video and audio monitoring device mark from mark PKI matrix
Key, carries out asymmetric encryption by described first mark PKI in plain text to instruction waiting for transmission, obtains instructing ciphertext, use this locality
Described instruction ciphertext is signed by the first identity private key of equipment, sends the instruction ciphertext after signature to described video and audio prison
Control equipment, so that described video and audio monitoring device carries out safety certification according to the instruction ciphertext after described signature, can prevent mutually
Under networked environment under attack, by control etc., it is ensured that monitoring system can normally work.
Further, owing to using the first identity private key of local device that described instruction ciphertext is signed, and described this locality
First identity private key of equipment can reflect the identity of described product or ID, therefore, when carrying out safety certification, only needs
Unilateral authentication to be carried out, and without using two-way authentication.
Fig. 3 is the flow chart of the safety certifying method of the video and audio monitoring device of another embodiment of the present invention;Reference
Fig. 3, described method includes:
S300: receive and store the video and audio monitoring device mark sent by described video and audio monitoring device;
It should be noted that the executive agent of the method for present embodiment is similarly video and audio presentation device.
It will be appreciated that in video and audio monitoring device after safety is opened, need to note in video and audio presentation device
Volume, say, that described video and audio monitoring device sends video and audio monitoring device mark to described video and audio presentation device, by institute
State video and audio presentation device and receive and store the video and audio monitoring device mark sent by described video and audio monitoring device.
Certainly, usual described video and audio presentation device also can send video and audio presentation device to described video and audio monitoring device
Mark, is received and stored described video and audio presentation device mark by described video and audio monitoring device.
S301: obtain the first mark PKI of correspondence according to video and audio monitoring device mark from mark PKI matrix;
S302: in plain text instruction waiting for transmission is carried out asymmetric encryption by described first mark PKI, obtains instructing close
Literary composition;
S303: use the first identity private key of local device that described instruction ciphertext is signed;
S304: send the instruction ciphertext after signature to described video and audio monitoring device, so that the monitoring of described video and audio sets
For carrying out safety certification according to the instruction ciphertext after described signature.
Step S101~the S104 of the embodiment shown in step S301~S304 with Fig. 1 are identical, do not repeat them here.
Fig. 4 is the flow chart of the safety certifying method of the video and audio monitoring device of another embodiment of the present invention;Reference
Fig. 4, described method includes:
S401: receive the instruction ciphertext that video and audio presentation device sends;
It should be noted that the executive agent of the method for present embodiment is video and audio monitoring device, described video and audio is supervised
Control equipment is the equipment can being acquired video and audio, and it can be the photographic head with video and audio acquisition function, it is possible to for figure
As sensor, certainly, can be also other equipment, this be any limitation as by present embodiment.
S402: obtain the second mark PKI of correspondence according to video and audio presentation device mark from mark PKI matrix;
It will be appreciated that described video and audio monitoring device also is provided with product or customer digital certificate, described digital certificate
Including: mark PKI matrix and the second identity private key of local device.
For ease of generating described digital certificate, in present embodiment, can be beforehand through the key production system of special development
Produce identity private key matrix and mark PKI matrix, by product or ID (i.e. for reflecting the mark of product identification, or
For reflecting the mark of user identity) identify as video and audio monitoring device, and HASH passes through mould N integer to identity private key matrix
Computing generates the second identity private key of local device, then generates product or number card together with mark PKI matrix
Book.
In the present embodiment, described local device i.e. refers to video and audio presentation device.
Certainly, described product or customer digital certificate can use close state software data form to directly write to make in product
With, or be written to identify in USBKEY and be issued to user and use.
Described mark USBKEY includes but not limited to TF card KEY and SIM KEY, by meeting the close certification of state and permitting
Special safety chip (such as: HS08K, HS32U2, Z8D64, Z8168 or Z32) make further development and production and form, and producing
Product and user's application process complete to product or ID and the digital signature of the information such as data, instruction and encryption.
Described digital certificate or tagged keys meet ITU-T X.509 international standard, meet Conbined public or double key cipher system
Certificate specification, meets CA certificate specification.
S403: by instructing the signature of ciphertext described in described second mark public key verifications;
It will be appreciated that owing to instruction ciphertext is used the first identity private key to sign by video and audio presentation device,
Described first identity private key is to generate according to video and audio presentation device mark, and described second mark PKI is according to video and audio exhibition
Show that device identification obtains from mark PKI matrix, so, there is corresponding closing with the second mark PKI in described first identity private key
System, both can mutually carry out encryption and decryption.
Therefore, described instruction ciphertext carrying out signature is to be used the first identity private key to described finger by video and audio presentation device
In the case of the digital digest making ciphertext is encrypted, by the second mark PKI, described digital digest can be decrypted, and will
Digital digest after deciphering mates with described instruction ciphertext, if the match is successful, then regards as being verified, thus ensures
When carrying out safety certification, it is only necessary to carry out unilateral authentication, and without using two-way authentication.
S404: when being verified, uses the second identity private key of local device to be decrypted described instruction ciphertext,
To instruction in plain text, to realize safety certification.
It will be appreciated that owing to instruction is used the first mark PKI to be encrypted by video and audio presentation device in plain text,
Described first mark PKI is to obtain from mark PKI matrix according to video and audio monitoring device mark, and described second mark private
Key is to generate according to video and audio monitoring device mark, so, there is correspondence and close in described first mark PKI and the second identity private key
System, both can mutually carry out encryption and decryption.
It should be noted that use the second identity private key of local device that described instruction ciphertext is decrypted, in deciphering
After success, i.e. can be regarded as achieving safety certification.
Fig. 5 is the flow chart of the safety certifying method of the video and audio monitoring device of still another embodiment of the present invention;Reference
Fig. 5, described method includes:
S500: receive and store the described video and audio presentation device mark sent by described video and audio presentation device;
It should be noted that the executive agent of the method for present embodiment is similarly video and audio monitoring device.
S501: receive the instruction ciphertext that video and audio presentation device sends;
S502: obtain the second mark PKI of correspondence according to video and audio presentation device mark from mark PKI matrix;
S503: by instructing the signature of ciphertext described in described second mark public key verifications;
S504: when being verified, uses the second identity private key of local device to be decrypted described instruction ciphertext,
To instruction in plain text, to realize safety certification.
Step S401~the S404 of the embodiment shown in step S501~S504 with Fig. 4 are identical, do not repeat them here.
S505: perform instruction in plain text according to described instruction.
It will be appreciated that described instruction can be the triggering command making described video and audio monitoring device start monitoring in plain text, also
Can be the adjustment instruction of video and audio collection or the coding parameter adjusting described video and audio monitoring device, certainly, can be also that other refer to
Order, this is not any limitation as by present embodiment.
With reference to Fig. 6, after video and audio monitoring device A carries out safety certification, can adopt according to the video and audio pre-set
Collection and coding parameter, or the adjustment instruction received, configure its video and audio collection and coding parameter, it is achieved video and audio collection,
After the audiovisual information data gathered are carried out video encoding, carry out symmetric cryptography, export A close state video and audio file;
Wherein, described symmetric cryptography, it is as symmetric cryptography by randomizer one random number of generation, uses this
Symmetric cryptography carries out symmetric cryptography to the video/audio after coding, exports A close state video and audio file;
It will be appreciated that owing to video and audio monitoring device A having video and audio presentation device X mark, according to video and audio exhibition
Show that equipment X mark goes out X mark PKI (the most corresponding above-mentioned " the second mark PKI ") by mark PKI matrix calculus, use X
Symmetric cryptography is encrypted by mark PKI, obtains A-key file, then by A identity private key (the most corresponding above-mentioned " the second mark
Know private key ") described A-key file is signed;
A-key file state close with A video and audio file after signature is packed into together with proprietary protocol algorithm fusion
Close state data file, exports video and audio presentation device by cable network, wireless network, high in the clouds or internet platform.
Correspondingly, the close state data file of each video and audio monitoring device is saved in regarding sound by described video and audio presentation device X
Frequently, in data storage array, the close state data file of each video and audio monitoring device is all handled as follows simultaneously:
If being directed to the close state data file of video and audio monitoring device A, with reference to Fig. 7, first by the packing of close state data
Proprietary protocol algorithm reversible process carries out data to close state data file and unpacks, and respectively obtains A close state video and audio file and A-key
File, goes out A mark PKI (the most corresponding above-mentioned " first according to video and audio monitoring device A mark by mark PKI matrix calculus
Mark PKI "), by the signature of A mark public key verifications A-key file, when being verified, (i.e. corresponding by X identity private key
Above-mentioned " the first identity private key ") described A-key file is decrypted, obtain symmetric cryptography, then use symmetric cryptography pair
Described A close state video and audio file carries out symmetrical deciphering, obtains video/audio, also described video/audio can be exported supervision
Device is decoded playing.
Compared with the mode of prior art, the various embodiments described above have at least one advantage following:
1, use the checking of Pin code and tagged keys double factor authentication, improve level of security;
2, use random number to produce the symmetric cryptography of video data encryption, one-time pad can be accomplished;
3, use asymmetric arithmetic that symmetric cryptography is encrypted, improve the safety of symmetric cryptography.
4, the file after encryption is digitally signed again with the identity private key of encipherer, it is ensured that data are in transmission
Safety in Tu, anti-tamper.
5, key file and ciphertext data are merged, facilitate the transmission of file.
6, receiving close state data, decomposing, it is thus achieved that close state video and key file.Key file is carried out identity test
Card, and decrypt symmetric cryptography, then close state video is directly deciphered, greatly facilitate application, improve safety.
7, instruction is in plain text through encryption and signature, is used by sign test and deciphering during use, it is ensured that instruction plaintext transmission
Safety and reliability, and non repudiation.
8, in each equipment end, all by the digital certificate of their own, based on the mark PKI that marker extraction is corresponding, it is achieved
The local key exchange of offline mode, greatly facilitates systematic difference and high strength safe guarantee.
9, constructing the information data of whole video and audio monitoring system, instruction is all complete close state under any platform and pattern
Transmission and mutual system.
For method embodiment, in order to be briefly described, therefore it is all expressed as a series of combination of actions, but ability
Field technique personnel should know, embodiment of the present invention is not limited by described sequence of movement, because according to the present invention
Embodiment, some step can use other orders or carry out simultaneously.Secondly, those skilled in the art also should know,
Embodiment described in this description belongs to preferred implementation, involved action embodiment party the most of the present invention
Necessary to formula.
Fig. 8 is the structured flowchart of the present invention a kind of video and audio presentation device;With reference to Fig. 8, described video and audio presentation device bag
Include:
Public key acquisition unit 801, for obtaining correspondence according to video and audio monitoring device mark from mark PKI matrix
First mark PKI;
Asymmetric encryption unit 802, non-right for instruction waiting for transmission being carried out in plain text by described first mark PKI
Claim encryption, obtain instructing ciphertext;
Ciphertext signature unit 803, for using the first identity private key of local device to sign described instruction ciphertext;
Ciphertext transmitting element 804, for the instruction ciphertext after signature is sent to described video and audio monitoring device, so that institute
State video and audio monitoring device and carry out safety certification according to the instruction ciphertext after described signature.
In the optional embodiment of one of the present invention, described video and audio presentation device also includes:
Mark receives unit, sets for receiving and store the described video and audio monitoring sent by described video and audio monitoring device
Standby mark.
Fig. 9 is the structured flowchart of the present invention a kind of video and audio monitoring device;With reference to Fig. 9, described video and audio monitoring device bag
Include:
Ciphertext receives unit 901, for receiving the instruction ciphertext that video and audio presentation device sends;
Public key acquisition unit 902, for obtaining correspondence according to video and audio presentation device mark from mark PKI matrix
Second mark PKI;
Signature verification unit 903, for the signature by instructing ciphertext described in described second mark public key verifications;
Ciphertext decryption unit 904, for when being verified, uses the second identity private key of local device to described instruction
Ciphertext is decrypted, and obtains instruction in plain text, to realize safety certification.
In the optional embodiment of one of the present invention, described video and audio monitoring device also includes:
Identify and receive unit, set for receiving and store the described video and audio displaying sent by described video and audio presentation device
Standby mark.
In the optional embodiment of one of the present invention, described video and audio monitoring device also includes:
Instruction execution unit, for performing instruction in plain text according to described instruction.
For device embodiments, due to itself and method embodiment basic simlarity, so describe is fairly simple,
Relevant part sees the part of method embodiment and illustrates.
It should be noted that, in all parts of assembly of the invention, the function to be realized according to it and to therein
Parts have carried out logical partitioning, but, the present invention is not only restricted to this, can as required all parts be repartitioned or
Person combines.
The all parts embodiment of the present invention can realize with hardware, or to transport on one or more processor
The software module of row realizes, or realizes with combinations thereof.In this device, PC is by realizing the Internet to equipment or device
Remotely control, control equipment or the step of each operation of device accurately.The present invention is also implemented as performing here
Part or all equipment of described method or device program (such as, computer program and computer program product
Product).It is achieved in that the program of the present invention can store on a computer-readable medium, and the file or document tool that program produces
Have and statistically can produce data report and cpk report etc., power amplifier can be carried out batch testing and add up.It should be noted
The present invention will be described rather than limits the invention to state embodiment, and those skilled in the art are without departing from institute
Replacement embodiment can be designed in the case of the scope of attached claim.In the claims, should not will be located between bracket
Any reference marks be configured to limitations on claims.Word " comprises " and does not excludes the presence of the unit not arranged in the claims
Part or step.Word "a" or "an" before being positioned at element does not excludes the presence of multiple such element.The present invention can borrow
Help include the hardware of some different elements and realize by means of properly programmed computer.If listing equipment for drying
Unit claim in, several in these devices can be specifically to be embodied by same hardware branch.Word first,
Second and third use do not indicate that any order.Can be title by these word explanations.
Embodiment of above is merely to illustrate the present invention, and not limitation of the present invention, common about technical field
Technical staff, without departing from the spirit and scope of the present invention, it is also possible to make a variety of changes and modification, therefore own
The technical scheme of equivalent falls within scope of the invention, and the scope of patent protection of the present invention should be defined by the claims.