CN107343179A - A kind of video information encryption and video terminal security certification system, authentication method and its application - Google Patents
A kind of video information encryption and video terminal security certification system, authentication method and its application Download PDFInfo
- Publication number
- CN107343179A CN107343179A CN201710692351.7A CN201710692351A CN107343179A CN 107343179 A CN107343179 A CN 107343179A CN 201710692351 A CN201710692351 A CN 201710692351A CN 107343179 A CN107343179 A CN 107343179A
- Authority
- CN
- China
- Prior art keywords
- video
- security
- module
- terminal
- access gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Abstract
The present invention discloses a kind of video information encryption includes security video monitor terminal module and security video access gateway module with video terminal security certification system, authentication method and its application, system;Security video monitor terminal module is that the safety chip for realizing the close SM1 algorithms of business is embedded on IP cameras or NVR, realizes Data Encryption Transmission and authentication between security video monitor terminal module and security video access gateway module;Security video access gateway module includes access gateway module, digital video certificate module, access authentication module and the close hardware encryption card of business based on pci interface;Security video access gateway module establishes Video Monitoring Terminal hardware characteristics information bank, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway module.Present inventive verification system equipment is few, safe and efficient, easy to implement, low-cost, can guarantee that the safety and video information transmission efficiency of video information;It is with a wide range of applications.
Description
Technical field
The present invention relates to field of video monitoring, more particularly to a kind of video information encryption and video based on the close algorithm of business are whole
Hold security certification system, authentication method and its application.
Background technology
Important sources of the video monitoring as video information, are used for key sector by every profession and trade or again more and more widely
Place is wanted to be monitored in real time, administrative department can obtain effective video information by video monitoring, to unexpected abnormality event
Process timely monitor and record, so that commander arranges, settled a case efficiently, in time.Video monitoring has been at present
Monitored from the high-definition digital video of the IP based network of traditional simulation closed-circuit TV monitoring system till now, its maximum
Feature is by after video information compression, coding, is converted to the packet based on TCP/IP standards, passes through Ethernet interface or optical fiber
Interface accesses network, and the long-range displaying live view and monitoring data for realizing video remotely store.
IP-based network high-definition digital video monitoring system is also brought while offering convenience pacifies to video information
The worry of full property, mainly including following risk and problem:
1st, insincere Video Monitoring Terminal access:Monitor terminal species is various, is generally spread in open air, difficult regulatory, very
It is more easily damaged, kidnaps;Monitor terminal can be directly connected to video Intranet, lack effective terminal access authentication, illegal terminal
Intranet can be accessed into legal terminal by counterfeit, implement Intranet attack.
2nd, unreliable network transmits:Video monitoring system uses the internet as access link more and more, in network
Data clear text is transmitted, it is easy to causes privacy of user leakage or data to be tampered.
3rd, illegal access control:Disabled user by control video terminal infiltration be linked into video surveillance network, to regarding
Other monitor terminals implement attack in frequency monitoring network, so, by the monitor terminal of unauthorized access just into assault Intranet
Springboard.If the control signaling from video management center has virus in itself, monitor terminal can be destroyed by lower visit.Largely
Terminal is controlled, and DDOS attack can be initiated by unauthorized access.
Security incident for Video Monitoring Terminal takes place frequently, and people increasingly focus on the safety of video monitoring.How
The secure access of Video Monitoring Terminal, and the safe transmission of video information are ensured, turns into the weight during video surveillance applications
Want problem.
Because video data stream has, transmitted data amount is big, requirement of real-time is high, and this make it that traditional encryption method is uncomfortable
With the encryption of video information.Video information encryption method need to seek equalization point between encryption resource overhead and security intensity, close
Reason is realized the operating efficiency for both having ensured monitoring system, is ensured the peace of system again using the data structure feature of video information itself
Entirely.
The content of the invention
Goal of the invention:To overcome the shortcomings of the existing technology, pacify for existing IP-based digital video monitor system is existing
Full blast danger, and existing video-encryption transmission method can not take into account video information safety simultaneously with operating the problem of ageing,
The present invention is directed to provide a kind of video information encryption and video terminal security certification system and method based on the close algorithm of business.
Technical scheme:In order to solve the above technical problems, the present invention adopts the following technical scheme that:
A kind of video information encryption and video terminal security certification system, including security video monitor terminal module and safety
Video access gateway module;The security video monitor terminal module is that the close SM1 of embedded business is realized on IP cameras or NVR
The safety chip of algorithm, realize Data Encryption Transmission between security video monitor terminal module and security video access gateway module
And authentication;The security video access gateway module includes access gateway module, digital video certificate module, access authentication
Module and the close hardware encryption card of business based on pci interface;Security video access gateway module establishes Video Monitoring Terminal hardware spy
Levy information bank, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway module.
Operation principle:Video information encryption of the present invention based on the close algorithm of business is with video terminal security certification system in video
Video information is divided into control signaling and video stream data by monitor terminal, whole to video using SM2 algorithms and digital certificate technique
End carries out authentication, and using the close SM1 algorithms of business to video control signaling information encryption transmission, video is built using SM2 algorithms
Flow data secure transmission tunnel, the illegal access and unauthorized access of Video Monitoring Terminal are avoided, eliminate video information and passed in network
The hidden danger that privacy leakage and data that may be present are tampered during defeated.Video access gateway is added using the hardware of pci interface
Close card, realize the encryption and decryption of video information, it is ensured that data are not distorted illegally before Intranet is transferred to;Accessed simultaneously in video
The terminal hardware characteristic information storehouse of trusted Video Monitoring Terminal is established on gateway, the video entered according to hardware characteristics information butt joint
Monitor terminal carries out authentication.
The safety chip is integrated using SPI interface or SD interface standard with video terminal;SPI interface signal wire is few, association
View is simple, and high safety, safety chip is integrated on video terminal mainboard using SPI interface, it is ensured that safety chip is not non-
Method terminal utilizes.SD interface is versatile, can easily integrate and all kinds of Video Monitoring Terminals.
The safety chip has unique sequence numbers;The uniqueness of video terminal is able to ensure that, ensures that illegal terminal can not
Legal terminal is pretended to be to access.
The security video access gateway module uses dedicated video terminal security authentication protocol, realizes that security video monitors
The foundation of the escape way of the authentication of terminal, key agreement, and data transfer.
A kind of video information encryption and video terminal safety certifying method, comprise the following steps:
1) video information, is divided into control signaling data and video stream data;
2) two transmission channels, are established respectively between Video Monitoring Terminal and video access gateway, a control leads to
Road is used to transmit control signaling data, and a data passage is used for transmitting video-frequency flow data;
3) it is double using sending and receiving of the SM2 algorithms to control passages based on digital certificate, in control Path Setups
Fang Jinhang authentications;By rear, the close SM1 algorithms of business in calling safety chip add to the control signaling to be transmitted for certification
It is close, then via control channel transfers;
4), in data Path Setups, using SM2 algorithms, the sending and receiving both sides to data passages carry out authentication;Certification
By rear, both sides negotiate a random number, and using random number to video stream data progress or computing, random number is every specified
Time is renegotiated, and video stream data safe transmission is realized with this.
Video information is divided into control signaling data with video terminal safety certifying method and regarded by above-mentioned video information encryption
Frequency flow data, and be transmitted using two passages;The safety of video information is not only can guarantee that, and can ensures video information transmission
Efficiency.
Video control signaling handling process between Video Monitoring Terminal module and video management center comprises the following steps:
Step 1, security video monitor terminal module request linking secure video access gateway module is established control and led to
Road, the digital certificate and hardware characteristics information of Video Monitoring Terminal are included in linking request;
Step 2, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution
The Video Monitoring Terminal digital certificate and Video Monitoring Terminal hardware characteristics information in linking request are analysed, Video Monitoring Terminal is entered
Row authentication;Ensure that the Video Monitoring Terminal identity at access video management center is legal credible;
Step 3, certification is by rear progress symmetric key negotiation, and establishes control passages;
Step 4, security video monitor terminal module calls the close calculation of business on encryption chip using the symmetric key consulted
Method SM1, control extension signaling data, the control signaling of encryption is transferred to by security video access gateway by control passages
Module;
Step 5, it is symmetrical using what is consulted after security video access gateway module receives the video control signaling of encryption
Key, the close algorithm SM1 of business on hardware encryption card is called, decrypt control signaling, then turn the video control signaling after decryption
Video management center is issued, completes the safe transmission of control signaling.
The video stream data handling process that Video Monitoring Terminal issues video management center is as follows:
Step 1, video management sends the video control signaling of request video stream data to peace centrally through control passages
Full Video Monitoring Terminal module;
Step 2, after security video monitor terminal module receives the control signaling of request video stream data, linking secure video
Data passages are established in access gateway module, request, and request content includes the digital certificate and hardware characteristics letter of Video Monitoring Terminal
Breath;
Step 3, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution
The digital certificate and Video Monitoring Terminal hardware characteristics information in linking request are analysed, body is carried out to security video monitor terminal module
Part certification;
Step 4, by rear, random number of holding consultation is consulted, and establishes data passages for certification;
Step 5, security video monitor terminal module is carried out using the random number consulted to the video stream data collected
Or computing, the ciphertext video stream data after calculating is sent to gateway by data passages;
Step 6, gateway receives ciphertext video stream data, and ciphertext video stream data is carried out using the random number consulted
Or computing, Clear video flow data is obtained, Clear video flow data is then transmitted to video management center, complete video flowing
The safe transmission of data.
Video Monitoring Terminal authentication is carried out by the way of based on numeral card and hardware characteristics information, is regarded using special
Frequency terminal safety authentication protocol establishes video information safety transmission channel, and video information encryption is carried out using national secret algorithm, and will
Video stream data transmits with control signaling data subchannel, solves terminal identity certification and video in existing video monitoring system
Potential safety hazard in terms of information privacy.
Above-mentioned video information encryption is applied to gather the field of video information with video terminal security certification system.
The field for needing to gather video information includes intelligent transportation, smart city or intelligent grid.Applied to intelligence
During field of traffic, apply do not take the associated safety precautionary measures electronic police, video monitoring, bayonet socket monitor and disobey stop capturing
Camera;By embedding a safety chip to camera, achieve a butt joint and carry out strict body into the camera to video Intranet
Part certification, transmission is encrypted to video information, can effectively ensure the safety of Intelligent traffic video Intranet, is just really accomplishing to pacify
Arrive side entirely.
The NM technology of the present invention is prior art.
Beneficial effect:Video information encryption of the present invention and video terminal security certification system, authentication method and its application, peace
Full Verification System equipment is less, safe and efficient, easy to implement, low-cost, and authentication method not only can guarantee that the peace of video information
Entirely, and can ensures video information transmission efficiency;Verification System can be applied to a series of numerous areas for needing to gather video information,
It is with a wide range of applications.
Brief description of the drawings
Fig. 1 is video information of the present invention encryption and terminal security Verification System topological structure schematic diagram;
Fig. 2 is that the present invention establishes control passages, and carries out the flow chart of control signaling interaction;
Fig. 3 is the dedicated video terminal security authentication protocol workflow diagram that the present invention establishes control passages;
Fig. 4 is that control signaling of the present invention encrypts schematic diagram;
Fig. 5 is that the present invention establishes data passages, and carries out the flow chart of video stream data transmission;
Fig. 6 is the dedicated video terminal security authentication protocol workflow diagram that the present invention establishes data passages.
Embodiment
For a better understanding of the present invention, with reference to the embodiment content that the present invention is furture elucidated, but the present invention
Content is not limited solely to the following examples.
Embodiment 1
As shown in figures 1 to 6, a kind of video information encryption and video terminal security certification system, including security video monitoring is eventually
End module and security video access gateway module;Security video monitor terminal module is to embed to realize on IP cameras or NVR
The safety chips of the close SM1 algorithms of business, realize number between security video monitor terminal module and security video access gateway module
According to encrypted transmission and authentication;The security video access gateway module includes access gateway module, digital video certificate mould
Block, access authentication module and the close hardware encryption card of business based on pci interface;Security video access gateway module establishes video monitoring
Terminal hardware characteristic information storehouse, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway mould
Block;Safety chip is integrated using SPI interface or SD interface standard with video terminal;Safety chip has unique sequence numbers;Safety
Video access gateway module uses dedicated video terminal security authentication protocol, realize security video monitor terminal authentication,
Key agreement, and the foundation of the escape way of data transfer.
Above-mentioned video information encryption and the authentication method of video terminal security certification system, comprise the following steps:
1) video information, is divided into control signaling data and video stream data;
2) two transmission channels, are established respectively between Video Monitoring Terminal and video access gateway, a control leads to
Road is used to transmit control signaling data, and a data passage is used for transmitting video-frequency flow data;
3) it is double using sending and receiving of the SM2 algorithms to control passages based on digital certificate, in control Path Setups
Fang Jinhang authentications;By rear, the close SM1 algorithms of business in calling safety chip add to the control signaling to be transmitted for certification
It is close, then via control channel transfers;
4), in data Path Setups, using SM2 algorithms, the sending and receiving both sides to data passages carry out authentication;Certification
By rear, both sides negotiate a random number, and using random number to video stream data progress or computing, random number is every specified
Time is renegotiated, and video stream data safe transmission is realized with this.
Video control signaling handling process between Video Monitoring Terminal module and video management center comprises the following steps:
Step 1, security video monitor terminal module request linking secure video access gateway module is established control and led to
Road, the digital certificate and Video Monitoring Terminal hardware characteristics information of Video Monitoring Terminal are included in linking request;
Step 2, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution
The Video Monitoring Terminal digital certificate and hardware characteristics information in linking request are analysed, authentication is carried out to Video Monitoring Terminal;
Step 3, certification is by rear progress symmetric key negotiation, and establishes control passages;
Step 4, security video monitor terminal module calls the close calculation of business on encryption chip using the symmetric key consulted
Method SM1, control extension signaling data, the control signaling of encryption is transferred to by security video access gateway by control passages
Module;
Step 5, it is symmetrical using what is consulted after security video access gateway module receives the video control signaling of encryption
Key, the close algorithm SM1 of business on hardware encryption card is called, decrypt control signaling, then turn the video control signaling after decryption
Video management center is issued, completes the safe transmission of control signaling.
The video stream data handling process that Video Monitoring Terminal issues video management center is as follows:
Step 1, video management sends the video control signaling of request video stream data to peace centrally through control passages
Full Video Monitoring Terminal module;
Step 2, after security video monitor terminal module receives the control signaling of request video stream data, linking secure video
Data passages are established in access gateway module, request, and request content includes the digital certificate and hardware characteristics letter of Video Monitoring Terminal
Breath;
Step 3, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution
The digital certificate and Video Monitoring Terminal hardware characteristics information in linking request are analysed, body is carried out to security video monitor terminal module
Part certification;
Step 4, by rear, random number of holding consultation is consulted, and establishes data passages for certification;
Step 5, security video monitor terminal module is carried out using the random number consulted to the video stream data collected
Or computing, the ciphertext video stream data after calculating is sent to gateway by data passages;
Step 6, gateway receives ciphertext video stream data, and ciphertext video stream data is carried out using the random number consulted
Or computing, Clear video flow data is obtained, Clear video flow data is then transmitted to video management center, complete video flowing
The safe transmission of data.
As shown in Fig. 2 established between security video monitor terminal module of the present invention and security video access gateway module
Control passages, and control signaling interaction is carried out, specifically include following steps:
Step 201, security video monitor terminal module starts;
Step 202, security video monitor terminal module establishes the connection with security video access gateway module;
Step 203, security video access gateway module is based on digital certificate and hardware characteristics information, and security video is monitored
Terminal module carries out authentication, otherwise certification carries out step 208 by then carrying out step 204
Step 204, both sides carry out symmetrical key negotiation, if it succeeds, completing control Path Setups, carry out step
205, otherwise carry out step 208;
Step 205, both sides call the close calculation of business in encryption chip or hardware encryption card using the symmetric key consulted
Video control signaling is encrypted method SM1, and by the control signaling after encryption through control channel transfers;
Step 206, step 208 is then carried out if error in communication process, otherwise carries out step 207;
Step 207, whether communication continues, and if it is carries out step 205, otherwise carries out step 208;
Step 208, exit.
As shown in figure 3, established between security video monitor terminal module of the present invention and security video access gateway module
The dedicated video terminal security authentication protocol of control passages;Idiographic flow is as follows:
Step 301, security video monitor terminal module request carries out safety certification, produces random number r1, calculate:
A is sent to security video access gateway module.
Wherein, A is the safety certification request report that security video monitor terminal module issues security video access gateway module
Text;| it is connector;CSN is control passage sequence of message number, is randomly provided by security video monitor terminal module, CSN's
It is introduced for preventing playback attack;ID is the hardware characteristics information of security video monitor terminal module;Cert1 supervises for security video
The digital certificate of control terminal module;ECert2(r1) for video access gateway module safe to use SM2 public keys to r1It is encrypted;To be made a summary using SM3 hash algorithms to above-mentioned items, and supervised with security video
The SM2 private keys Skey of control terminal module1Signed;
Step 302, security video access gateway module receives A, verifies the signature of security video monitor terminal module, and
According to the hardware characteristics Information ID and digital certificate Cert1 of security video monitor terminal module, security video monitor terminal is verified
The identity of module.Security video access gateway module uses the SM2 private keys Skey of oneself2Decryption obtains r1, while produce random number
r2, and synthesize symmetric session keys:
Step 303, security video access gateway module replys the request of security video monitor terminal module, calculates:
B is sent to security video monitor terminal module;
Wherein, B is the safety certification response report that security video access gateway module beams back security video monitor terminal module
Text;ECert1(r2) for Video Monitoring Terminal module safe to use SM2 public keys to r2It is encrypted;
To enter summary to above-mentioned items using SM3 hash algorithms, and use security video
The SM2 private keys Skey of access gateway module2Signed;
Step 304, security video monitor terminal module receives B, verifies the signature of security video access gateway module, and
With the private key Skey of security video monitor terminal module1Decryption obtains r2, and synthesize symmetric session keys:
Step 305, security video monitor terminal module confirms the reply of security video access gateway module, calculates:
C is sent to security video access gateway module;
Wherein, C is the safety certification response that security video monitor terminal module is beamed back to security video access gateway module
The confirmation message of message;To use SM3 hash algorithms to random number r1With r2Or made a summary.
Step 306, security video access gateway module receives C, and extraction security video monitor terminal module is sentSecurity video access gateway module utilizes the r received1With oneself caused r2Calculate:
Compare what security video monitor terminal module was sentIt is whether identical with D.
If identical, both sides' authentication is by the way that control Path Setups are completed, and both sides hold session key:If it is different, then security video access gateway module provides the information of authentification failure, and security video is notified to monitor
Terminal module, certification request is initiated by security video monitor terminal module again.
Shown in Fig. 4 is control signaling encryption schematic diagram of the present invention, and ciphering process is described in detail as follows:
Step 401,1~16 byte is filled to original control signaling message, makes the multiple (original length that its length is 16
For 16 multiple when fill 16 bytes), the first character section of filling is 0x80, and follow-up byte of padding content is 0x0.It is additional to add
The header information and initial vector IV of secret report text (IV is 16 byte random numbers, is generated at random by encrypting side).
Step 402, using the session key DK consulted, the close algorithm of business in encryption chip or hardware encryption card is called
Original message+filling message after SM1 encryption pads, complete ciphering process.
As shown in figure 5, established between security video monitor terminal module of the present invention and security video access gateway module
Data passages, and carry out video stream data transmission;Idiographic flow is as follows:
Step 501, security video monitor terminal module starts;
Step 502, security video monitor terminal module establishes the connection with security video access gateway module;
Step 503, security video access gateway module is based on digital certificate and hardware characteristics information, and security video is monitored
Terminal module carries out authentication, and certification carries out step 504, otherwise carry out step 509 by then completing data Path Setups;
Step 504, both sides carry out random number negotiation, if it succeeds, carrying out step 505, otherwise carry out step 509;
Step 505, security video monitor terminal module is carried out or transported to video stream data using the random number consulted
Calculate, realize the secure communication of video stream data;
Step 506, step 509 is then carried out if error in communication process, otherwise carries out step 507;
Step 507, whether random number is overtime, if it times out, carrying out step 504, renegotiates random number, otherwise carries out
Step 508;
Step 508, whether communication continues, and if it is carries out step 505, otherwise carries out step 509;
Step 509, exit.
As shown in fig. 6, established between security video monitor terminal module of the present invention and security video access gateway module
The dedicated video terminal security authentication protocol of data passages;Idiographic flow is as follows:
Step 601, security video monitor terminal module request carries out safety certification, produces random number r1, calculate:
A is sent to security video access gateway module.
Wherein, A is the safety certification request report that security video monitor terminal module issues security video access gateway module
Text;| it is connector;DSN is data passage sequence of message number;ID is the hardware characteristics information of security video monitor terminal module;
Cert1 is the digital certificate of security video monitor terminal module;ECert2(r1) be video access gateway module safe to use SM2
Public key is to r1It is encrypted;To be plucked using SM3 hash algorithms to above-mentioned items
Will, and with the SM2 private keys Skey of security video monitor terminal module1Signed.
Step 602, security video access gateway module receives A, verifies the signature of security video monitor terminal module, and
According to the hardware characteristics Information ID and digital certificate Cert1 of security video monitor terminal module, security video monitor terminal is verified
The identity of module.Security video access gateway module uses the SM2 private keys Skey of oneself2Decryption obtains r1, while produce random number
r2。
Step 603, security video access gateway module replys the request of security video monitor terminal module, calculates:
B is sent to security video monitor terminal module.
Wherein B is the safety certification response report that security video access gateway module beams back security video monitor terminal module
Text;ECert1(r2) for Video Monitoring Terminal module safe to use SM2 public keys to r2It is encrypted;
To enter summary to above-mentioned items using SM3 hash algorithms, and use security video
The SM2 private keys Skey of access gateway module2Signed.
Step 604, the signature of security video monitor terminal module verification security video access gateway module, and regarded with safety
The private key Skey of frequency monitor terminal module1Decryption obtains r2。
Step 605, security video monitors the reply that whole module confirms security video access gateway module, calculates:
C is sent to security video access gateway module;
Wherein, C is the safety certification response that security video monitor terminal module is beamed back to security video access gateway module
The confirmation message of message;To use SM3 hash algorithms to random number r1With r2Or made a summary.
Step 606, security video access gateway module receives C, and extraction security video monitor terminal module is sentSecurity video access gateway module utilizes the r received1With oneself caused r2Calculate:
Compare what security video monitor terminal module was sentIt is whether identical with D.
If identical, both sides' authentication is by the way that data Path Setups are completed, and both sides hold random numberIf no
Together, then security video access gateway module provides the information of authentification failure, and notifies security video monitor terminal module, by safety
Video Monitoring Terminal module initiates certification request again.
Video information encryption of the present invention is applied to gather the field of video information with video terminal security certification system;
The field for needing to gather video information includes intelligent transportation, smart city or intelligent grid;, should during applied to intelligent transportation field
Stop capturing camera used in not taking the electronic police, video monitoring, bayonet socket of the associated safety precautionary measures to monitor and disobey.
It the above is only the preferred embodiment of the present invention, it should be pointed out that:Come for those skilled in the art
Say, under the premise without departing from the principles of the invention, each facility locations can also be adjusted, and these adjustment also should be regarded as this hair
Bright protection domain.
Claims (10)
1. a kind of video information encryption and video terminal security certification system, it is characterised in that:Including security video monitor terminal
Module and security video access gateway module;The security video monitor terminal module is embedded in fact on IP cameras or NVR
The safety chip of the close SM1 algorithms of business is showed, has realized between security video monitor terminal module and security video access gateway module
Data Encryption Transmission and authentication;The security video access gateway module includes access gateway module, digital video certificate
Module, access authentication module and the close hardware encryption card of business based on pci interface;Security video access gateway module establishes video prison
Control terminal hardware characteristics information bank, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway mould
Block.
2. video information encryption as claimed in claim 1 and video terminal security certification system, it is characterised in that:The safety
Chip is integrated using SPI interface or SD interface standard with video terminal.
3. video information encryption as claimed in claim 1 and video terminal security certification system, it is characterised in that:The safety
Chip has unique sequence numbers.
4. the video information encryption as described in claim 1-3 any one exists with video terminal security certification system, its feature
In:The security video access gateway module uses dedicated video terminal security authentication protocol, realizes security video monitor terminal
Authentication, key agreement, and the foundation of the escape way of data transfer.
5. video information encryption and the authentication method of video terminal security certification system described in claim 1-4 any one,
It is characterized in that:Comprise the following steps:
1) video information, is divided into control signaling data and video stream data;
2) two transmission channels, are established respectively between Video Monitoring Terminal and video access gateway, a control passage is used
In transmission control signaling data, a data passage is used for transmitting video-frequency flow data;
3), in control Path Setups, based on digital certificate, using SM2 algorithms, the sending and receiving both sides to control passages enter
Row authentication;By rear, the control signaling to be transmitted is encrypted the close SM1 algorithms of business in calling safety chip for certification,
Then via control channel transfers;
4), in data Path Setups, using SM2 algorithms, the sending and receiving both sides to data passages carry out authentication;Certification passes through
Afterwards, both sides negotiate a random number, and using random number to video stream data progress or computing, random number is every specified time
Renegotiate, video stream data safe transmission is realized with this.
6. the video information encryption based on the close algorithm of business and video terminal safety certifying method as claimed in claim 5, it is special
Sign is:Video control signaling handling process between Video Monitoring Terminal module and video management center comprises the following steps:
Step 1, security video monitor terminal module request linking secure video access gateway module establishes control passages, chain
Connect the digital certificate and Video Monitoring Terminal hardware characteristics information for including Video Monitoring Terminal in request;
Step 2, security video access gateway module receives the linking request that security video monitor terminal module is sent, analytic thread
The Video Monitoring Terminal digital certificate and hardware characteristics information in request are connect, authentication is carried out to Video Monitoring Terminal;
Step 3, certification is by rear progress symmetric key negotiation, and establishes control passages;
Step 4, security video monitor terminal module calls the close algorithm of business on encryption chip using the symmetric key consulted
SM1, control extension signaling data, the control signaling of encryption is transferred to by security video access gateway mould by control passages
Block;
Step 5, it is symmetrical close using what is consulted after security video access gateway module receives the video control signaling of encryption
Key, the close algorithm SM1 of business on hardware encryption card is called, decrypt control signaling, then forward the video control signaling after decryption
Video management center is given, completes the safe transmission of control signaling.
7. the video information encryption based on the close algorithm of business and video terminal safety certifying method as claimed in claim 5, it is special
Sign is:The video stream data handling process that Video Monitoring Terminal issues video management center is as follows:
Step 1, video management is sent centrally through control passages asks the video control signaling of video stream data to be regarded to safety
Frequency monitor terminal module;
Step 2, after security video monitor terminal module receives the control signaling of request video stream data, the access of linking secure video
Data passages are established in gateway module, request, and request content includes the digital certificate and hardware characteristics information of Video Monitoring Terminal;
Step 3, security video access gateway module receives the linking request that security video monitor terminal module is sent, analytic thread
The digital certificate and Video Monitoring Terminal hardware characteristics information in request are connect, carrying out identity to security video monitor terminal module recognizes
Card;
Step 4, by rear, random number of holding consultation is consulted, and establishes data passages for certification;
Step 5, security video monitor terminal module the video stream data that collects is carried out using the random number consulted or
Computing, the ciphertext video stream data after calculating is sent to gateway by data passages;
Step 6, gateway receives ciphertext video stream data, using the random number consulted to ciphertext video stream data carry out or
Computing, Clear video flow data is obtained, Clear video flow data is then transmitted to video management center, complete video stream data
Safe transmission.
8. video information encryption and the application of video terminal security certification system described in claim 1-4 any one, it is special
Sign is:It is applied to gather the field of video information.
9. video information encryption as claimed in claim 8 and the application of video terminal security certification system, it is characterised in that:Institute
The field that stating needs to gather video information includes intelligent transportation, smart city or intelligent grid.
10. video information encryption as claimed in claim 9 and the application of video terminal security certification system, it is characterised in that:
During applied to intelligent transportation field, apply and do not taking the electronic police, video monitoring, bayonet socket of the associated safety precautionary measures to monitor
Stop capturing camera with disobeying.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710692351.7A CN107343179B (en) | 2017-08-14 | 2017-08-14 | A kind of encryption of video information and video terminal safety certifying method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710692351.7A CN107343179B (en) | 2017-08-14 | 2017-08-14 | A kind of encryption of video information and video terminal safety certifying method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107343179A true CN107343179A (en) | 2017-11-10 |
| CN107343179B CN107343179B (en) | 2019-11-29 |
Family
ID=60217058
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710692351.7A Active CN107343179B (en) | 2017-08-14 | 2017-08-14 | A kind of encryption of video information and video terminal safety certifying method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107343179B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111497A (en) * | 2017-12-14 | 2018-06-01 | 深圳市共进电子股份有限公司 | Video camera and server inter-authentication method and device |
| CN108306853A (en) * | 2017-12-13 | 2018-07-20 | 晖保智能科技(上海)有限公司 | A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method |
| CN108495087A (en) * | 2018-03-29 | 2018-09-04 | 北京安为科技有限公司 | The safe and intelligent processing unit and control method of video monitoring system front end |
| CN108600236A (en) * | 2018-04-28 | 2018-09-28 | 张红彬 | Video surveillance network intelligent information safety integrated management system |
| CN109474613A (en) * | 2018-12-11 | 2019-03-15 | 北京数盾信息科技有限公司 | A kind of Expressway Information publication private network security hardened system of identity-based certification |
| CN109618344A (en) * | 2019-01-25 | 2019-04-12 | 刘美连 | A kind of secure connection method and device of wireless monitoring equipment |
| CN109788269A (en) * | 2019-01-17 | 2019-05-21 | 深圳市迪威泰实业有限公司 | Video data encrypts the dedicated USB binocular camera of class |
| CN110035085A (en) * | 2019-04-19 | 2019-07-19 | 无锡京和信息技术有限公司 | A kind of security system based on mixed architecture |
| CN110049291A (en) * | 2019-04-25 | 2019-07-23 | 南京三宝弘正视觉科技有限公司 | Embedded block mode video stores transfer display system |
| CN110300287A (en) * | 2019-07-26 | 2019-10-01 | 华东师范大学 | A kind of public safety video monitoring networking camera access authentication method |
| CN110674515A (en) * | 2019-09-10 | 2020-01-10 | 苏州中科安源信息技术有限公司 | Multilevel security storage chip framework |
| CN111262816A (en) * | 2018-11-30 | 2020-06-09 | 西安宇视信息科技有限公司 | Method and device for accessing multiple monitoring platforms to central monitoring center |
| CN112543203A (en) * | 2020-12-28 | 2021-03-23 | 杭州迪普科技股份有限公司 | Terminal access method, device and system |
| CN112995612A (en) * | 2021-05-06 | 2021-06-18 | 信联科技(南京)有限公司 | Safe access method and system for power video monitoring terminal |
| CN114501143A (en) * | 2022-01-29 | 2022-05-13 | 南京南瑞信息通信科技有限公司 | Video security access method and system based on port selective encryption |
| CN117596421A (en) * | 2024-01-18 | 2024-02-23 | 北京智芯微电子科技有限公司 | Video encryption transmission method, device and system based on fusion terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094394A (en) * | 2007-07-17 | 2007-12-26 | 中国科学院软件研究所 | Method for guaranteeing safe transmission of video data, and video monitoring system |
| CN101420587A (en) * | 2008-11-13 | 2009-04-29 | 北京中星微电子有限公司 | Network video collecting device, network video monitoring system and method |
| US20140184801A1 (en) * | 2013-01-02 | 2014-07-03 | Samsung Electronics Co., Ltd. | Wearable video device and video system including the same |
| US20160005281A1 (en) * | 2014-07-07 | 2016-01-07 | Google Inc. | Method and System for Processing Motion Event Notifications |
| CN105450660A (en) * | 2015-12-23 | 2016-03-30 | 北京安托软件技术有限公司 | Business resource security control system |
| CN106713279A (en) * | 2016-11-29 | 2017-05-24 | 北京航天爱威电子技术有限公司 | Video terminal identity authentication system |
-
2017
- 2017-08-14 CN CN201710692351.7A patent/CN107343179B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094394A (en) * | 2007-07-17 | 2007-12-26 | 中国科学院软件研究所 | Method for guaranteeing safe transmission of video data, and video monitoring system |
| CN101420587A (en) * | 2008-11-13 | 2009-04-29 | 北京中星微电子有限公司 | Network video collecting device, network video monitoring system and method |
| US20140184801A1 (en) * | 2013-01-02 | 2014-07-03 | Samsung Electronics Co., Ltd. | Wearable video device and video system including the same |
| US20160005281A1 (en) * | 2014-07-07 | 2016-01-07 | Google Inc. | Method and System for Processing Motion Event Notifications |
| CN105450660A (en) * | 2015-12-23 | 2016-03-30 | 北京安托软件技术有限公司 | Business resource security control system |
| CN106713279A (en) * | 2016-11-29 | 2017-05-24 | 北京航天爱威电子技术有限公司 | Video terminal identity authentication system |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108306853A (en) * | 2017-12-13 | 2018-07-20 | 晖保智能科技(上海)有限公司 | A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method |
| CN108111497A (en) * | 2017-12-14 | 2018-06-01 | 深圳市共进电子股份有限公司 | Video camera and server inter-authentication method and device |
| CN108495087A (en) * | 2018-03-29 | 2018-09-04 | 北京安为科技有限公司 | The safe and intelligent processing unit and control method of video monitoring system front end |
| CN108600236A (en) * | 2018-04-28 | 2018-09-28 | 张红彬 | Video surveillance network intelligent information safety integrated management system |
| CN108600236B (en) * | 2018-04-28 | 2020-10-23 | 张红彬 | Intelligent information safety comprehensive management system of video monitoring network |
| CN111262816A (en) * | 2018-11-30 | 2020-06-09 | 西安宇视信息科技有限公司 | Method and device for accessing multiple monitoring platforms to central monitoring center |
| CN109474613A (en) * | 2018-12-11 | 2019-03-15 | 北京数盾信息科技有限公司 | A kind of Expressway Information publication private network security hardened system of identity-based certification |
| CN109788269A (en) * | 2019-01-17 | 2019-05-21 | 深圳市迪威泰实业有限公司 | Video data encrypts the dedicated USB binocular camera of class |
| CN109618344B (en) * | 2019-01-25 | 2020-06-23 | 广东省恒博信息有限公司 | Safe connection method and device of wireless monitoring equipment |
| CN109618344A (en) * | 2019-01-25 | 2019-04-12 | 刘美连 | A kind of secure connection method and device of wireless monitoring equipment |
| CN110035085A (en) * | 2019-04-19 | 2019-07-19 | 无锡京和信息技术有限公司 | A kind of security system based on mixed architecture |
| CN110049291A (en) * | 2019-04-25 | 2019-07-23 | 南京三宝弘正视觉科技有限公司 | Embedded block mode video stores transfer display system |
| CN110300287A (en) * | 2019-07-26 | 2019-10-01 | 华东师范大学 | A kind of public safety video monitoring networking camera access authentication method |
| CN110300287B (en) * | 2019-07-26 | 2020-12-22 | 华东师范大学 | Access authentication method for public safety video monitoring networking camera |
| CN110674515A (en) * | 2019-09-10 | 2020-01-10 | 苏州中科安源信息技术有限公司 | Multilevel security storage chip framework |
| CN112543203A (en) * | 2020-12-28 | 2021-03-23 | 杭州迪普科技股份有限公司 | Terminal access method, device and system |
| CN112995612A (en) * | 2021-05-06 | 2021-06-18 | 信联科技(南京)有限公司 | Safe access method and system for power video monitoring terminal |
| CN112995612B (en) * | 2021-05-06 | 2021-07-23 | 信联科技(南京)有限公司 | Safe access method and system for power video monitoring terminal |
| CN114501143A (en) * | 2022-01-29 | 2022-05-13 | 南京南瑞信息通信科技有限公司 | Video security access method and system based on port selective encryption |
| CN114501143B (en) * | 2022-01-29 | 2024-02-13 | 南京南瑞信息通信科技有限公司 | Video security access method and system based on port selective encryption |
| CN117596421A (en) * | 2024-01-18 | 2024-02-23 | 北京智芯微电子科技有限公司 | Video encryption transmission method, device and system based on fusion terminal |
| CN117596421B (en) * | 2024-01-18 | 2024-04-02 | 北京智芯微电子科技有限公司 | Video encryption transmission method, device and system based on fusion terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107343179B (en) | 2019-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107343179B (en) | A kind of encryption of video information and video terminal safety certifying method | |
| CN107277456B (en) | Safe video monitoring system based on Android equipment | |
| CN104702611B (en) | A kind of device and method for protecting Secure Socket Layer session key | |
| CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
| CN100488168C (en) | Method for safety packaging network message | |
| CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
| CN104113409B (en) | The key management method and system of a kind of SIP video monitoring networkings system | |
| CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
| CN109218825B (en) | Video encryption system | |
| CN109151508B (en) | Video encryption method | |
| CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
| CN104168267A (en) | Identity authentication method for accessing SIP security video monitoring system | |
| CN105162808B (en) | A kind of safe login method based on national secret algorithm | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| CN101729871B (en) | Method for safe cross-domain access to SIP video monitoring system | |
| CN107508847A (en) | One kind connection method for building up, device and equipment | |
| CN110247881A (en) | Identity identifying method and system based on wearable device | |
| CN106685983A (en) | Data recovery method and device based on SSL protocol | |
| CN112637136A (en) | Encrypted communication method and system | |
| CN110099072A (en) | A kind of safety protecting method being directed to industrial data transmission of internet of things | |
| CN109951513A (en) | Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card | |
| CN107947937A (en) | A kind of safe audio-video encryption system and terminal authentication implementation method | |
| TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
| CN110427762A (en) | A kind of encryption and decryption approaches for realizing the transmission of electric power monitoring system Video security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |