CN107343179B - A kind of encryption of video information and video terminal safety certifying method - Google Patents

A kind of encryption of video information and video terminal safety certifying method Download PDF

Info

Publication number
CN107343179B
CN107343179B CN201710692351.7A CN201710692351A CN107343179B CN 107343179 B CN107343179 B CN 107343179B CN 201710692351 A CN201710692351 A CN 201710692351A CN 107343179 B CN107343179 B CN 107343179B
Authority
CN
China
Prior art keywords
video
security
module
access gateway
monitor terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710692351.7A
Other languages
Chinese (zh)
Other versions
CN107343179A (en
Inventor
吴克河
张晓良
李宝强
李梦雪
程瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
North China Electric Power University
Original Assignee
North China Electric Power University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by North China Electric Power University filed Critical North China Electric Power University
Priority to CN201710692351.7A priority Critical patent/CN107343179B/en
Publication of CN107343179A publication Critical patent/CN107343179A/en
Application granted granted Critical
Publication of CN107343179B publication Critical patent/CN107343179B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Abstract

The present invention discloses a kind of encryption of video information and video terminal security certification system, authentication method and its application, and system includes security video monitor terminal module and security video access gateway module;Security video monitor terminal module is that the safety chip for realizing the close SM1 algorithm of quotient is embedded on IP camera or NVR, realizes Data Encryption Transmission and authentication between security video monitor terminal module and security video access gateway module;Security video access gateway module includes access gateway module, digital video certificate module, access authentication module and the close hardware encryption card of quotient based on pci interface;Security video access gateway module establishes Video Monitoring Terminal hardware characteristics information bank, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway module.Present inventive verification system equipment is few, safe and efficient, easy to implement, low-cost, can guarantee the safety and video information transmission efficiency of video information;It is with a wide range of applications.

Description

A kind of encryption of video information and video terminal safety certifying method
Technical field
The present invention relates to field of video monitoring more particularly to a kind of video information encryption and video based on the close algorithm of quotient are whole Hold security certification system, authentication method and its application.
Background technique
Important sources of the video monitoring as video information, are used to key sector by every profession and trade or again more and more widely Place is wanted to be monitored in real time, administrative department can obtain effective video information by video monitoring, to real-time unexpected accident Process timely monitored and recorded, so that commander arranges, settles a case efficiently, in time.Video monitoring has been at present It is monitored from the high-definition digital video of the IP based network of traditional simulation closed-circuit TV monitoring system till now, it is maximum Feature is to be converted to the data packet based on TCP/IP standard by after video information compression, coding, pass through Ethernet interface or optical fiber Interface accesses network, realizes that the long-range displaying live view of video and monitoring data remotely store.
IP-based network high-definition digital video monitoring system is also brought while offering convenience pacifies video information The worry of full property, mainly includes following risk and problem:
1, insincere Video Monitoring Terminal access: monitor terminal is many kinds of, is generally spread in open air, difficult to regulate, very It is more easily damaged, kidnaps;Monitor terminal can be directly connected to video Intranet, lack effective terminal access authentication, illegal terminal Intranet can be accessed at legal terminal by counterfeit, implement Intranet attack.
2, unreliable network transmits: video monitoring system uses the internet as access link more and more, in network Data clear text transmission, it is easy to privacy of user leakage or data be caused to be tampered.
3, illegal access control: illegal user is linked into video surveillance network by control video terminal infiltration, to view Other monitor terminals implement attack in frequency monitoring network, in this way, by the monitor terminal of unauthorized access just at hacker attack Intranet Springboard.If the control signaling from video management center has virus in itself, monitor terminal can be destroyed by lower visit.Largely Terminal is controlled, and can initiate DDOS attack by unauthorized access.
Security incident for Video Monitoring Terminal takes place frequently, and people increasingly focus on the safety of video monitoring.How It ensures the secure access of Video Monitoring Terminal and the safe transmission of video information, becomes the weight during video surveillance applications Want problem.
Since video data stream has, transmitted data amount is big, requirement of real-time is high, this makes traditional encryption method uncomfortable With the encryption of video information.Video information encryption method need to seek equalization point between encryption resource overhead and security intensity, close Reason utilizes the data structure feature of video information itself, realizes the working efficiency for not only having guaranteed monitoring system, but also guarantee the peace of system Entirely.
Summary of the invention
Goal of the invention: to overcome the shortcomings of the existing technology, for the existing peace of existing IP-based digital video monitor system Full blast danger and existing video-encryption transmission method can not combine the problem of video information safety and operation timeliness, The present invention is directed to provide a kind of video information encryption and video terminal security certification system and method based on the close algorithm of quotient.
Technical solution: in order to solve the above technical problems, the present invention adopts the following technical scheme:
A kind of encryption of video information and video terminal security certification system, including security video monitor terminal module and safety Video access gateway module;The security video monitor terminal module is that the close SM1 of embedded quotient is realized on IP camera or NVR The safety chip of algorithm realizes Data Encryption Transmission between security video monitor terminal module and security video access gateway module And authentication;The security video access gateway module includes access gateway module, digital video certificate module, access authentication Module and the close hardware encryption card of quotient based on pci interface;It is special that security video access gateway module establishes Video Monitoring Terminal hardware Levy information bank, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway module.
Working principle: the present invention is based on the encryption of the video information of the close algorithm of quotient with video terminal security certification system in video Video information is divided into control signaling and video stream data by monitor terminal, using SM2 algorithm and digital certificate technique to video end End carries out authentication, using the close SM1 algorithm of quotient to video control signaling information encryption transmission, constructs video using SM2 algorithm Flow data secure transmission tunnel avoids the illegal access and unauthorized access of Video Monitoring Terminal, eliminates video information and pass in network The hidden danger that privacy leakage and data that may be present are tampered during defeated.Video access gateway is added using the hardware of pci interface Close card realizes the encryption and decryption of video information, it is ensured that data are not distorted illegally before being transferred to Intranet;It is accessed simultaneously in video The terminal hardware characteristic information library of trusted Video Monitoring Terminal is established on gateway, the video entered according to hardware characteristics information butt joint Monitor terminal carries out authentication.
The safety chip is integrated using SPI interface or SD interface standard and video terminal;SPI interface signal wire is few, association View is simple, high safety, and safety chip is integrated on video terminal mainboard using SPI interface, it is ensured that safety chip is not non- Method terminal utilizes.SD interface is versatile, can easily integrate and all kinds of Video Monitoring Terminals.
The safety chip has unique sequence numbers;It can ensure the uniqueness of video terminal, guarantee that illegal terminal can not Legal terminal is pretended to be to access.
The security video access gateway module uses dedicated video terminal security authentication protocol, realizes security video monitoring The foundation for the exit passageway that authentication, key agreement and the data of terminal are transmitted.
A kind of encryption of video information and video terminal safety certifying method, comprising the following steps:
1) video information, is divided into control signaling data and video stream data;
2) two transmission channels, are established respectively between Video Monitoring Terminal and video access gateway, a control is logical Road is used for transmission control signaling data, and a channel data is used for transmission video stream data;
3), in control Path Setup, it is based on digital certificate, it is double using sending and receiving of the SM2 algorithm to the channel control Fang Jinhang authentication;After certification passes through, the close SM1 algorithm of quotient in safety chip is called to add the control signaling to be transmitted It is close, then via control channel transfer;
4), in data Path Setup, authentication is carried out using sending and receiving both sides of the SM2 algorithm to the channel data;Certification By rear, both sides negotiate a random number, carry out XOR operation to video stream data using random number, random number is every specified Time renegotiates, and realizes video stream data safe transmission with this.
Video information is divided into control signaling data and view with video terminal safety certifying method by above-mentioned video information encryption Frequency flow data, and transmitted using two channels;It not only can guarantee the safety of video information, and can guarantee video information transmission Efficiency.
Video control signaling process flow between Video Monitoring Terminal module and video management center the following steps are included:
Step 1, it is logical to establish control for security video monitor terminal module request linking secure video access gateway module Road includes the digital certificate and hardware characteristics information of Video Monitoring Terminal in linking request;
Step 2, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution Analyse linking request in Video Monitoring Terminal digital certificate and Video Monitoring Terminal hardware characteristics information, to Video Monitoring Terminal into Row authentication;Guarantee that the Video Monitoring Terminal identity at access video management center is legal credible;
Step 3, symmetric key negotiation is carried out after certification passes through, and establishes the channel control;
Step 4, security video monitor terminal module calls the close calculation of quotient on encryption chip using the symmetric key consulted The control signaling of encryption is transferred to security video access gateway by the channel control by method SM1, control extension signaling data Module;
Step 5, it is symmetrical using what is consulted after security video access gateway module receives the video control signaling of encryption Key calls the close algorithm SM1 of quotient on hardware encryption card, decrypts control signaling, then turns the video control signaling after decryption Video management center is issued, the safe transmission of control signaling is completed.
The video stream data process flow that Video Monitoring Terminal issues video management center is as follows:
Step 1, video management center sends the video control signaling of request video stream data to peace by the channel control Full Video Monitoring Terminal module;
Step 2, after security video monitor terminal module receives the control signaling for requesting video stream data, linking secure video The channel data is established in access gateway module, request, and request content includes the digital certificate and hardware characteristics letter of Video Monitoring Terminal Breath;
Step 3, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution The digital certificate and Video Monitoring Terminal hardware characteristics information in linking request are analysed, body is carried out to security video monitor terminal module Part certification;
Step 4, after certification passes through, random number of holding consultation is negotiated, and establishes the channel data;
Step 5, security video monitor terminal module carries out collected video stream data using the random number consulted Ciphertext video stream data after calculating is sent to gateway by the channel data by XOR operation;
Step 6, gateway receives ciphertext video stream data, is carried out using the random number consulted to ciphertext video stream data XOR operation obtains Clear video flow data, and Clear video flow data is then transmitted to video management center, completes video flowing The safe transmission of data.
Video Monitoring Terminal authentication is carried out by the way of based on number card and hardware characteristics information, using dedicated view Frequency terminal safety authentication protocol establishes video information safety transmission channel, carries out video information encryption using national secret algorithm, and will Video stream data and control signaling data subchannel transmit, and solve terminal identity certification and video in existing video monitoring system Security risk in terms of information privacy.
Above-mentioned video information encryption is applied to the field of acquisition video information with video terminal security certification system.
The field for needing to acquire video information includes intelligent transportation, smart city or smart grid.Applied to intelligence When field of traffic, applies to monitor and disobey in the electronic police, video monitoring, bayonet for not taking the associated safety precautionary measures and stop capturing Camera;By embedding a safety chip to camera, realization carries out stringent body to the camera for being linked into video Intranet Part certification carries out encrypted transmission to video information, can effectively ensure the safety of Intelligent traffic video Intranet, just really accomplish to pacify Side is arrived entirely.
The unmentioned technology of the present invention is the prior art.
The utility model has the advantages that video information encryption of the present invention and video terminal security certification system, authentication method and its application, peace Full Verification System equipment is less, safe and efficient, easy to implement, low-cost, and authentication method not only can guarantee the peace of video information Entirely, and it can guarantee video information transmission efficiency;Verification System can be applied to a series of numerous areas for needing to acquire video information, It is with a wide range of applications.
Detailed description of the invention
Fig. 1 is video information of the present invention encryption and terminal security Verification System topological structure schematic diagram;
Fig. 2 is that the present invention establishes the channel control, and carries out the flow chart of control signaling interaction;
Fig. 3 is the dedicated video terminal security authentication protocol work flow diagram that the present invention establishes the channel control;
Fig. 4 is that control signaling of the present invention encrypts schematic diagram;
Fig. 5 is that the present invention establishes the channel data, and carries out the flow chart of video stream data transmission;
Fig. 6 is the dedicated video terminal security authentication protocol work flow diagram that the present invention establishes the channel data.
Specific embodiment
For a better understanding of the present invention, below with reference to the embodiment content that the present invention is furture elucidated, but it is of the invention Content is not limited solely to the following examples.
Embodiment 1
As shown in figures 1 to 6, a kind of video information encryption and video terminal security certification system, including security video monitoring is eventually End module and security video access gateway module;Security video monitor terminal module is to embed to realize on IP camera or NVR The safety chip of the close SM1 algorithm of quotient realizes number between security video monitor terminal module and security video access gateway module According to encrypted transmission and authentication;The security video access gateway module includes access gateway module, digital video certificate mould Block, access authentication module and the close hardware encryption card of quotient based on pci interface;Security video access gateway module establishes video monitoring Terminal hardware characteristic information library, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway mould Block;Safety chip is integrated using SPI interface or SD interface standard and video terminal;Safety chip has unique sequence numbers;Safety Video access gateway module use dedicated video terminal security authentication protocol, realize security video monitor terminal authentication, The foundation of key agreement and the exit passageway of data transmission.
The authentication method of above-mentioned video information encryption and video terminal security certification system, comprising the following steps:
1) video information, is divided into control signaling data and video stream data;
2) two transmission channels, are established respectively between Video Monitoring Terminal and video access gateway, a control is logical Road is used for transmission control signaling data, and a channel data is used for transmission video stream data;
3), in control Path Setup, it is based on digital certificate, it is double using sending and receiving of the SM2 algorithm to the channel control Fang Jinhang authentication;After certification passes through, the close SM1 algorithm of quotient in safety chip is called to add the control signaling to be transmitted It is close, then via control channel transfer;
4), in data Path Setup, authentication is carried out using sending and receiving both sides of the SM2 algorithm to the channel data;Certification By rear, both sides negotiate a random number, carry out XOR operation to video stream data using random number, random number is every specified Time renegotiates, and realizes video stream data safe transmission with this.
Video control signaling process flow between Video Monitoring Terminal module and video management center the following steps are included:
Step 1, it is logical to establish control for security video monitor terminal module request linking secure video access gateway module Road includes the digital certificate and Video Monitoring Terminal hardware characteristics information of Video Monitoring Terminal in linking request;
Step 2, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution The Video Monitoring Terminal digital certificate and hardware characteristics information in linking request are analysed, authentication is carried out to Video Monitoring Terminal;
Step 3, symmetric key negotiation is carried out after certification passes through, and establishes the channel control;
Step 4, security video monitor terminal module calls the close calculation of quotient on encryption chip using the symmetric key consulted The control signaling of encryption is transferred to security video access gateway by the channel control by method SM1, control extension signaling data Module;
Step 5, it is symmetrical using what is consulted after security video access gateway module receives the video control signaling of encryption Key calls the close algorithm SM1 of quotient on hardware encryption card, decrypts control signaling, then turns the video control signaling after decryption Video management center is issued, the safe transmission of control signaling is completed.
The video stream data process flow that Video Monitoring Terminal issues video management center is as follows:
Step 1, video management center sends the video control signaling of request video stream data to peace by the channel control Full Video Monitoring Terminal module;
Step 2, after security video monitor terminal module receives the control signaling for requesting video stream data, linking secure video The channel data is established in access gateway module, request, and request content includes the digital certificate and hardware characteristics letter of Video Monitoring Terminal Breath;
Step 3, security video access gateway module receives the linking request that security video monitor terminal module is sent, solution The digital certificate and Video Monitoring Terminal hardware characteristics information in linking request are analysed, body is carried out to security video monitor terminal module Part certification;
Step 4, after certification passes through, random number of holding consultation is negotiated, and establishes the channel data;
Step 5, security video monitor terminal module is using the random number consulted to collected video stream data progress- Ciphertext video stream data after calculating is sent to gateway by the channel data by XOR operation;
Step 6, gateway receives ciphertext video stream data, is carried out using the random number consulted to ciphertext video stream data XOR operation obtains Clear video flow data, and Clear video flow data is then transmitted to video management center, completes video flowing The safe transmission of data.
As shown in Fig. 2, being established between security video monitor terminal module of the present invention and security video access gateway module The channel control, and control signaling interaction is carried out, specifically includes the following steps:
Step 201, security video monitor terminal module starts;
Step 202, security video monitor terminal module establishes the connection with security video access gateway module;
Step 203, security video access gateway module is based on digital certificate and hardware characteristics information, monitors to security video Terminal module carries out authentication, otherwise certification carries out step 208 by then carrying out step 204
Step 204, both sides carry out symmetrical code key negotiation, if it succeeds, completing control Path Setup, carry out step 205, otherwise carry out step 208;
Step 205, both sides call the close calculation of quotient in encryption chip or hardware encryption card using the symmetric key consulted Method SM1 encrypts video control signaling, and by encrypted control signaling through control channel transfer;
Step 206, step 207 is otherwise carried out if error, carries out step 208 in communication process;
Step 207, whether communication continues, and if it is carries out step 205, otherwise carries out step 208;
Step 208, it exits.
As shown in figure 3, being established between security video monitor terminal module of the present invention and security video access gateway module The dedicated video terminal security authentication protocol in the channel control;Detailed process is as follows:
Step 301, security video monitor terminal module request carries out safety certification, generates random number r1, it calculates:
A=CSN | ID | Cert1 | Ecert2(r1)|Eskey1(H(CSN|ID|Cert1|ECert2(r1)))
Security video access gateway module is sent by A.
Wherein, A is the safety certification request report that security video monitor terminal module issues security video access gateway module Text;| it is connector;CSN is the channel control sequence of message number, is randomly provided by security video monitor terminal module, CSN's It is introduced for preventing playback attack;ID is the hardware characteristics information of security video monitor terminal module;Cert1 is security video prison The digital certificate of control terminal module;RCert2(r1) it is the SM2 public key using security video access gateway module to r1It is encrypted;To use SM3 hash algorithm to make a summary above-mentioned items, and supervised with security video The SM2 private key Skey of control terminal module1It signs;
Step 302, security video access gateway module receives A, verifies the signature of security video monitor terminal module, and According to the hardware characteristics Information ID and digital certificate Cert1 of security video monitor terminal module, security video monitor terminal is verified The identity of module.Security video access gateway module uses the SM2 private key Skey of oneself2Decryption obtains r1, while generating random number r3, and synthesize symmetric session keys:
Step 303, security video access gateway module replys the request of security video monitor terminal module, calculates:
Security video monitor terminal module is sent by B;
Wherein, B is the safety certification response report that security video access gateway module sends back to security video monitor terminal module Text;RCert1(r2) it is the SM2 public key using security video monitor terminal module to r2It is encrypted;
To use SM3 hash algorithm to above-mentioned items into abstract, and use security video The SM2 private key Skey of access gateway module2It signs;
Step 304, security video monitor terminal module receives B, verifies the signature of security video access gateway module, and With the private key Skey of security video monitor terminal module1Decryption obtains r2, and synthesize symmetric session keys:
Step 305, the reply of security video monitor terminal module confirmation security video access gateway module, calculates:
Security video access gateway module is sent by C;
Wherein, C is that security video monitor terminal module responds the safety certification that security video access gateway module is sent back to The confirmation message of message;To use SM3 hash algorithm to random number r1With r2Exclusive or make a summary.
Step 306, security video access gateway module receives C, extracts what security video monitor terminal module was sentSecurity video access gateway module utilizes the r received1The r generated with oneself2It calculates:
Compare what security video monitor terminal module was sentIt is whether identical as D.
If they are the same, then both sides' authentication passes through, and control Path Setup is completed, and both sides hold session key:If it is different, then security video access gateway module provides the information of authentification failure, and security video is notified to monitor Terminal module re-initiates certification request by security video monitor terminal module.
Shown in Fig. 4 is control signaling encryption schematic diagram of the present invention, and ciphering process is described in detail as follows:
Step 401,1~16 byte is filled to original control signaling message, makes the multiple (original length the length is 16 For 16 multiple when fill 16 bytes), the first character section of filling is 0x80, and subsequent byte of padding content is 0x0.It is additional Encrypt the header information and initial vector IV of message (IV is 16 byte random numbers, is generated at random by encrypting side).
Step 402, using the session key DK consulted, the close algorithm of quotient in encryption chip or hardware encryption card is called Original message+filling message after SM1 encryption pad completes ciphering process.
As shown in figure 5, being established between security video monitor terminal module of the present invention and security video access gateway module The channel data, and carry out video stream data transmission;Detailed process is as follows:
Step 501, security video monitor terminal module starts;
Step 502, security video monitor terminal module establishes the connection with security video access gateway module;
Step 503, security video access gateway module is based on digital certificate and hardware characteristics information, monitors to security video Terminal module carries out authentication, and certification carries out step 504, otherwise carry out step 509 by then completing data Path Setup;
Step 504, both sides carry out random number negotiation, if it succeeds, carrying out step 505, otherwise carry out step 509;
Step 505, security video monitor terminal module carries out exclusive or fortune to video stream data using the random number consulted It calculates, realizes the secure communication of video stream data;
Step 506, step 507 is otherwise carried out if error, carries out step 509 in communication process;
Step 507, whether random number is overtime, if it times out, carrying out step 504, renegotiates random number, otherwise carries out Step 508;
Step 508, whether communication continues, and if it is carries out step 505, otherwise carries out step 509;
Step 509, it exits.
As shown in fig. 6, being established between security video monitor terminal module of the present invention and security video access gateway module The dedicated video terminal security authentication protocol in the channel data;Detailed process is as follows:
Step 601, security video monitor terminal module request carries out safety certification, generates random number r1, calculates:
Security video access gateway module is sent by A.
Wherein, A is the safety certification request report that security video monitor terminal module issues security video access gateway module Text;| it is connector;DSN is the channel data sequence of message number;ID is the hardware characteristics information of security video monitor terminal module; Cert1 is the digital certificate of security video monitor terminal module;RCert2(r1) it is to use security video access gateway module SM2 public key is to r1It is encrypted;For use SM3 hash algorithm to it is above-mentioned it is every into Row abstract, and with the SM2 private key Skey of security video monitor terminal module1It signs.
Step 602, security video access gateway module receives A, verifies the signature of security video monitor terminal module, and According to the hardware characteristics Information ID and digital certificate Cert1 of security video monitor terminal module, security video monitor terminal is verified The identity of module.Security video access gateway module uses the SM2 private key Skey of oneself2Decryption obtains r1, while generating random number r3
Step 603, security video access gateway module replys the request of security video monitor terminal module, calculates:
Security video monitor terminal module is sent by B.
Wherein B is the safety certification response report that security video access gateway module sends back to security video monitor terminal module Text;E′Cert1(r2) it is the SM2 public key using security video monitor terminal module to r2It is encrypted;
To use SM3 hash algorithm to above-mentioned items into abstract, and use security video The SM2 private key Skey of access gateway module2It signs.
Step 604, the signature of security video monitor terminal module verification security video access gateway module, and regarded with safety The private key Skey of frequency monitor terminal module1Decryption obtains r2
Step 605, security video monitors the reply of whole module confirmation security video access gateway module, calculates:
Security video access gateway module is sent by C;
Wherein, C is that security video monitor terminal module responds the safety certification that security video access gateway module is sent back to The confirmation message of message;To use SM3 hash algorithm to random number r1With r2Exclusive or make a summary.
Step 606, security video access gateway module receives C, extracts what security video monitor terminal module was sentSecurity video access gateway module utilizes the r received1The r generated with oneself2It calculates:
Compare what security video monitor terminal module was sentIt is whether identical as D.
If they are the same, then both sides' authentication passes through, and data Path Setup is completed, and both sides hold random numberIf no Together, then security video access gateway module provides the information of authentification failure, and notifies security video monitor terminal module, by safety Video Monitoring Terminal module re-initiates certification request.
Video information encryption of the present invention is applied to the field of acquisition video information with video terminal security certification system; The field for needing to acquire video information includes intelligent transportation, smart city or smart grid;When applied to intelligent transportation field, answer Stop capturing camera used in not taking the electronic police, video monitoring, bayonet of the associated safety precautionary measures to monitor and disobey.
The above is only the preferred embodiment of the present invention, it should be pointed out that: those skilled in the art are come It says, without departing from the principle of the present invention, can also be adjusted to each facility locations, these adjustment also should be regarded as this hair Bright protection scope.

Claims (9)

1. a kind of video information encryption and video terminal safety certifying method, it is characterised in that: the following steps are included:
1), the encryption of building video information and video terminal security certification system, including security video monitor terminal module and safety Video access gateway module;The security video monitor terminal module is to embed to realize the close SM1 of quotient on IP camera or NVR The safety chip of algorithm realizes Data Encryption Transmission between security video monitor terminal module and security video access gateway module And authentication;The security video access gateway module includes access gateway module, digital video certificate module, access authentication Module and the close hardware encryption card of quotient based on pci interface;It is special that security video access gateway module establishes Video Monitoring Terminal hardware Levy information bank, it is ensured that the legal Video Monitoring Terminal only registered could access security video access gateway module;
2) video information, is divided into control signaling data and video stream data;
3) two transmission channels, are established respectively between security video monitor terminal module and security video access gateway module, One channel control is used for transmission control signaling data, and a channel data is used for transmission video stream data;
4), in control Path Setup, be based on digital certificate, using SM2 algorithm to the sending and receiving both sides in the channel control into Row authentication;After certification passes through, the close SM1 algorithm of quotient in safety chip is called to encrypt the control signaling to be transmitted, Then via control channel transfer;
5), in data Path Setup, authentication is carried out using sending and receiving both sides of the SM2 algorithm to the channel data;Certification passes through Afterwards, both sides negotiate a random number, carry out XOR operation to video stream data using random number, random number is every specified time It renegotiates, video stream data safe transmission is realized with this.
2. video information encryption according to claim 1 and video terminal safety certifying method, it is characterised in that: safety view Video control signaling process flow between frequency monitor terminal module and video management center the following steps are included:
Step 1, security video monitor terminal module request linking secure video access gateway module establishes the channel control, chain Connect the digital certificate and security video monitor terminal module hardware characteristic information in request comprising security video monitor terminal module;
Step 2, security video access gateway module receives the linking request that security video monitor terminal module is sent, analytic thread The digital certificate and hardware characteristics information for connecing the security video monitor terminal module in request, to security video monitor terminal module Carry out authentication;
Step 3, symmetric key negotiation is carried out after certification passes through, and establishes the channel control;
Step 4, security video monitor terminal module calls the close algorithm of quotient on encryption chip using the symmetric key consulted The control signaling of encryption is transferred to security video access gateway mould by the channel control by SM1, control extension signaling data Block;
Step 5, it is symmetrical close using what is consulted after security video access gateway module receives the video control signaling of encryption Key calls the close algorithm SM1 of quotient on hardware encryption card, decrypts control signaling, then forwards the video control signaling after decryption Video management center is given, the safe transmission of control signaling is completed.
3. video information encryption according to claim 1 and video terminal safety certifying method, it is characterised in that: safety view The video stream data process flow that frequency monitor terminal module issues video management center is as follows:
Step 1, video management center is regarded by the video control signaling that the channel control sends request video stream data to safety Frequency monitor terminal module;
Step 2, after security video monitor terminal module receives the control signaling for requesting video stream data, the access of linking secure video The channel data is established in gateway module, request, and request content includes the digital certificate and hardware characteristics information of Video Monitoring Terminal;
Step 3, security video access gateway module receives the linking request that security video monitor terminal module is sent, analytic thread The digital certificate and Video Monitoring Terminal hardware characteristics information in request are connect, identity is carried out to security video monitor terminal module and is recognized Card;
Step 4, after certification passes through, random number of holding consultation is negotiated, and establishes the channel data;
Step 5, security video monitor terminal module carries out exclusive or to collected video stream data using the random number consulted Ciphertext video stream data after calculating is sent to gateway by the channel data by operation;
Step 6, gateway receives ciphertext video stream data, carries out exclusive or to ciphertext video stream data using the random number consulted Operation obtains Clear video flow data, and Clear video flow data is then transmitted to video management center, completes video stream data Safe transmission.
4. video information encryption according to claim 1 and video terminal safety certifying method, it is characterised in that: the peace Full chip is integrated using SPI interface or SD interface standard and video terminal.
5. video information encryption according to claim 1 and video terminal safety certifying method, it is characterised in that: the peace Full chip has unique sequence numbers.
6. video information encryption according to claim 1 and video terminal safety certifying method, it is characterised in that: the peace Full video access gateway module uses dedicated video terminal security authentication protocol, realizes that the identity of security video monitor terminal is recognized The foundation of the exit passageway of card, key agreement and data transmission.
7. video information encryption according to claim 1 and video terminal safety certifying method, it is characterised in that: will be described Video information encryption is applied to the field of acquisition video information with video terminal security certification system.
8. video information encryption according to claim 7 and video terminal safety certifying method, it is characterised in that: the need The field for acquiring video information includes intelligent transportation, smart city or smart grid.
9. video information encryption according to claim 8 and video terminal safety certifying method, it is characterised in that: be applied to When intelligent transportation field, applies to monitor and disobey in the electronic police, video monitoring, bayonet for not taking the associated safety precautionary measures and stop Capture camera.
CN201710692351.7A 2017-08-14 2017-08-14 A kind of encryption of video information and video terminal safety certifying method Active CN107343179B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710692351.7A CN107343179B (en) 2017-08-14 2017-08-14 A kind of encryption of video information and video terminal safety certifying method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710692351.7A CN107343179B (en) 2017-08-14 2017-08-14 A kind of encryption of video information and video terminal safety certifying method

Publications (2)

Publication Number Publication Date
CN107343179A CN107343179A (en) 2017-11-10
CN107343179B true CN107343179B (en) 2019-11-29

Family

ID=60217058

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710692351.7A Active CN107343179B (en) 2017-08-14 2017-08-14 A kind of encryption of video information and video terminal safety certifying method

Country Status (1)

Country Link
CN (1) CN107343179B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306853A (en) * 2017-12-13 2018-07-20 晖保智能科技(上海)有限公司 A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method
CN108111497B (en) * 2017-12-14 2021-01-22 深圳市共进电子股份有限公司 Mutual authentication method and device for camera and server
CN108495087B (en) * 2018-03-29 2020-12-22 北京安为科技有限公司 Safety intelligent processing device for front end of video monitoring system
CN108600236B (en) * 2018-04-28 2020-10-23 张红彬 Intelligent information safety comprehensive management system of video monitoring network
CN111262816A (en) * 2018-11-30 2020-06-09 西安宇视信息科技有限公司 Method and device for accessing multiple monitoring platforms to central monitoring center
CN109474613B (en) * 2018-12-11 2022-08-19 北京数盾信息科技有限公司 Highway information issuing private network security reinforcement system based on identity authentication
CN109788269A (en) * 2019-01-17 2019-05-21 深圳市迪威泰实业有限公司 Video data encrypts the dedicated USB binocular camera of class
CN109618344B (en) * 2019-01-25 2020-06-23 广东省恒博信息有限公司 Safe connection method and device of wireless monitoring equipment
CN110035085A (en) * 2019-04-19 2019-07-19 无锡京和信息技术有限公司 A kind of security system based on mixed architecture
CN110049291A (en) * 2019-04-25 2019-07-23 南京三宝弘正视觉科技有限公司 Embedded block mode video stores transfer display system
CN110300287B (en) * 2019-07-26 2020-12-22 华东师范大学 Access authentication method for public safety video monitoring networking camera
CN110674515B (en) * 2019-09-10 2021-06-29 苏州中科安源信息技术有限公司 Multilevel security storage chip framework
CN112543203B (en) * 2020-12-28 2023-04-28 杭州迪普科技股份有限公司 Terminal access method, device and system
CN112995612B (en) * 2021-05-06 2021-07-23 信联科技(南京)有限公司 Safe access method and system for power video monitoring terminal
CN114501143B (en) * 2022-01-29 2024-02-13 南京南瑞信息通信科技有限公司 Video security access method and system based on port selective encryption
CN117596421B (en) * 2024-01-18 2024-04-02 北京智芯微电子科技有限公司 Video encryption transmission method, device and system based on fusion terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094394A (en) * 2007-07-17 2007-12-26 中国科学院软件研究所 Method for guaranteeing safe transmission of video data, and video monitoring system
CN101420587A (en) * 2008-11-13 2009-04-29 北京中星微电子有限公司 Network video collecting device, network video monitoring system and method
CN105450660A (en) * 2015-12-23 2016-03-30 北京安托软件技术有限公司 Business resource security control system
CN106713279A (en) * 2016-11-29 2017-05-24 北京航天爱威电子技术有限公司 Video terminal identity authentication system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102025544B1 (en) * 2013-01-02 2019-11-04 삼성전자주식회사 Wearable video device and video system having the same
US10140827B2 (en) * 2014-07-07 2018-11-27 Google Llc Method and system for processing motion event notifications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094394A (en) * 2007-07-17 2007-12-26 中国科学院软件研究所 Method for guaranteeing safe transmission of video data, and video monitoring system
CN101420587A (en) * 2008-11-13 2009-04-29 北京中星微电子有限公司 Network video collecting device, network video monitoring system and method
CN105450660A (en) * 2015-12-23 2016-03-30 北京安托软件技术有限公司 Business resource security control system
CN106713279A (en) * 2016-11-29 2017-05-24 北京航天爱威电子技术有限公司 Video terminal identity authentication system

Also Published As

Publication number Publication date
CN107343179A (en) 2017-11-10

Similar Documents

Publication Publication Date Title
CN107343179B (en) A kind of encryption of video information and video terminal safety certifying method
CN107277456B (en) Safe video monitoring system based on Android equipment
CN105162772B (en) A kind of internet of things equipment certifiede-mail protocol method and apparatus
CN109218825B (en) Video encryption system
CN104702611B (en) A kind of device and method for protecting Secure Socket Layer session key
CN109151508B (en) Video encryption method
CN104683304B (en) A kind of processing method of secure traffic, equipment and system
CN109194656A (en) A kind of method of distribution wireless terminal secure accessing
CN109714360B (en) Intelligent gateway and gateway communication processing method
CN109088870A (en) A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
CN111756529B (en) Quantum session key distribution method and system
CN104168267A (en) Identity authentication method for accessing SIP security video monitoring system
CN108809637A (en) The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher
CN104468126B (en) A kind of safe communication system and method
CN110247881A (en) Identity identifying method and system based on wearable device
CN113225352B (en) Data transmission method and device, electronic equipment and storage medium
CN109951513A (en) Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card
CN101729871B (en) Method for safe cross-domain access to SIP video monitoring system
CN106685983A (en) Data recovery method and device based on SSL protocol
WO2012055204A1 (en) A management frame protection method and device based on wlan authentication and privacy infrastructure
CN110427762A (en) A kind of encryption and decryption approaches for realizing the transmission of electric power monitoring system Video security
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN107947937A (en) A kind of safe audio-video encryption system and terminal authentication implementation method
CN114553441B (en) Electronic contract signing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant