CN107872324A - A kind of safe audio-video encryption client and certification implementation method - Google Patents
A kind of safe audio-video encryption client and certification implementation method Download PDFInfo
- Publication number
- CN107872324A CN107872324A CN201711152323.2A CN201711152323A CN107872324A CN 107872324 A CN107872324 A CN 107872324A CN 201711152323 A CN201711152323 A CN 201711152323A CN 107872324 A CN107872324 A CN 107872324A
- Authority
- CN
- China
- Prior art keywords
- identity information
- key
- client
- audio
- video
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Abstract
The invention discloses a kind of safe audio frequency and video client and certification implementation method, including:Web camera is used for the collection and processing for realizing audio/video information;Network hard disk video recorder is used to realize the transmission of audio/video information, use and storage control;The present invention safe audio-video monitoring encrypt and client certificate by way of, realize the safe transmission of audio, video data, safety certification and key agreement between client device, eliminate potential safety hazard, improve security.
Description
Technical field
The invention belongs to audio-video encryption and field of authentication, and in particular to a kind of safe audio-video encryption client and certification
Implementation method.
Background technology
Encryption device is the general designation with certain cryptographic function or the equipment that can complete certain password task.Password is set
It is standby to be divided into encryption device and interface software two large divisions.Encryption device is the core of hardware encryption equipment, is various safety
The supplier of service function.It is several that encryption device can be divided into hardware circuit, control software, cryptographic algorithm, bottom firmware etc. again
Part, wherein, hardware circuit includes interface circuit, control circuit, crypto-operation circuit, storage circuit etc. again.
In practical application, in order to safeguard national security and social stability, China deploy a large amount of safety defense monitoring systems.But
It is that with the development of prior art, video monitoring system is also faced with full spectrum of threats, and security cannot be guaranteed, and can not ensure
The good experience of user.
Existing potential safety hazard between existing video monitoring system client:
(1) leakage of information:Video file is compromised and steals and causes citizen's legitimate rights and interests to be invaded, state secret and business
Secret is compromised;
(2) illegally distort:Video information is forged by illegal means, replaces, destroy;
(3) illegal invasion:Video stream data and communication protocol progress Network Intrusion are intercepted and captured by intercepting, causes system can not
Normal work, leak and weak spot in security work are grasped by the video data of intercepting and capturing, targetedly carries out destruction work
It is dynamic, serious threat is caused to national security and social stability.
The content of the invention
The invention provides a kind of safe audio-video encryption client and certification implementation method, the present invention is regarded by safe sound
Frequency monitoring encryption and the mode of client certificate, realize the safe transmission of audio, video data, the peace between client device
Full Authentication and Key Agreement, eliminates potential safety hazard, improves security, described below:
A kind of safe audio-video encryption client, including:
Safety network camera, including SD cipher cards and web camera;
Secure network DVR, including intelligent code key and network hard disk video recorder;
SD cipher cards, intelligent code key are used for the authentication for realizing corresponding device and add solution to audio, video data
It is close;
Web camera is used for the collection and processing for realizing audio/video information;Network hard disk video recorder is used to realize audio frequency and video
Transmission, the use and storage control of information.
A kind of certification implementation method of safe audio-video encryption client, the implementation method comprise the following steps:
1) network hard disk video recorder reads the first identity information and is compared with the first encryption device list of sequence numbers that prestores,
The second identity information in intelligent code key is obtained, SM2 algorithm sign tests are carried out to the first identity information;Believed according to the first identity
Breath, current time information t1 and Emac, are calculated by SM3 algorithms, obtain cryptographic Hash H2;Use SD cipher card client public key
The sign test of SM2 algorithms is carried out to signature value M1;SM1 algorithm for encryption is carried out to Emac using one-level distributed key, obtains secret value
E1;And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_pub;
2) network hard disk video recorder passes through SM3 according to the second identity information, current time information t2 and ciphertext Eipc_pub
Cryptographic algorithm carries out Hash calculation, obtains cryptographic Hash H3;SM2 is carried out to cryptographic Hash H3 by the private key for user of intelligent code key
Cryptographic algorithm is signed, and obtains signature value M2;Send the second identity information, ciphertext Eipc_pub, temporal information t2, signature value M2 and
Sign test result is to web camera;
3) web camera reads the second identity information and is compared with the second encryption device list of sequence numbers that prestores, use
First public key carries out the sign test of SM2 cryptographic algorithms to the signing messages of the second identity information;According to the first identity information, ciphertext
Eipc_pub, temporal information t2, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H4;
4) web camera carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4, uses
The private key for user of SD cipher cards, ciphertext Eipc_pub is decrypted, obtains secret value E1, take preceding 16 byte to be preserved as working key.
Before step 1), the implementation method also includes:
Web camera carries out SM2 algorithm signatures using the private key for user of SD cipher cards to cryptographic Hash H1, obtains signature value
M1;Send the first identity information, current time information t1, Emac and signature value M1 to network hard disk video recorder.
The implementation method of the client certificate also includes:
Web camera reads the first identity information of SD cipher cards, according to the first identity information, Emac and current time
Information t1, calculated by SM3 algorithms, obtain cryptographic Hash H1.
First identity information is specially:
1) the SD cipher card sequence numbers of 16 byte lengths;2) the SD cipher card client public key of 64 byte lengths;
3) the first public key of 64 byte lengths;4) the first private key signature of 64 byte lengths.
Second identity information is specially:
1) the intelligent code key sequence number of 16 byte lengths;2) the intelligent code key client public key of 64 byte lengths;
3) the second public key of 64 byte lengths;4) the second private key signature K2 of 64 byte lengths.
The beneficial effect of technical scheme provided by the invention is:
1st, audio, video data information is encrypted and client certificate by way of, realize audio, video data
Safe transmission, safety certification and key agreement between client device, eliminates potential safety hazard that may be present, improves sound
The security of video information;
2nd, user can be protected important and sensitive image is not stolen illegally, distorted, refusing disabled user using forgery
Equipment invasive system;
3rd, all safety means realize authentication using digital certificate in network, using data integrity protection's algorithm,
Session protocol and control protocol are protected, prevent the protocol attack of disabled user.
Brief description of the drawings
Fig. 1 is a kind of structural representation of safe audio-video encryption client;
Fig. 2 is the structural representation of safety network camera;
Fig. 3 is the structural representation of secure network DVR;
Fig. 4 is a kind of flow chart of the implementation method of client certificate;
Fig. 5 is a kind of another flow chart of the implementation method of client certificate.
In accompanying drawing, the list of parts representated by each label is as follows:
1:Safety network camera; 2:Secure network DVR;
11:SD cipher cards; 12:Web camera;
21:Intelligent code key; 22:Network hard disk video recorder.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, embodiment of the present invention is made below further
It is described in detail on ground.
Embodiment 1
A kind of safe audio-video encryption client, referring to Fig. 1, the safe audio frequency and video client, including:Secure network images
Machine 1, secure network DVR 2.
Referring to Fig. 2, the safety network camera 1 includes:SD cipher cards 11 and web camera 12.
Referring to Fig. 3, the secure network DVR 2 includes:Intelligent code key 21 and network hard disk video recorder 22.
SD cipher cards 11 are connected with web camera 12 by SDIO interfaces;Intelligent code key 21 is recorded a video with network hard disc
Machine 22 is connected by USB interface;Web camera 12, network hard disk video recorder 22 are communicated by network.
SD cipher cards 11, intelligent code key 21 are used for the authentication for realizing corresponding device.
Web camera 12 is used for the collection and processing for realizing audio/video information.
Network hard disk video recorder 22 is used to realize the transmission of audio/video information, use and storage control.
Wherein, hardware encryption equipment includes:SD cipher cards 11, intelligent code key 21, but connecing for encryption device is not limited
Mouth type and equipment form.
Wherein, the difference with ordinary network camera is, web camera 12 possesses what is communicated with SD cipher cards 11
SDIO interface communication modules.
Wherein, the difference with general network DVR is, network hard disk video recorder 22 possesses and intelligent cipher key
The USB interface communication module of the communication of spoon 21.
That is, the embodiment of the present invention realizes the use certification of Monitor Equipment by above-mentioned device, and to audio frequency and video
Collection, transmission, storage, the broadcasting of information.
Wherein, the signal transmission in above-mentioned each device, be not related to improvement to software, the present invention simply uses
Existing application flow realizes safe audio-video monitoring encryption client.
To the model of each device in addition to specified otherwise is done, the model of other devices is not limited the embodiment of the present invention,
As long as the device of above-mentioned function can be completed.
In summary, the embodiment of the present invention safe audio-video monitoring encrypt and client certificate by way of, realize
The safe transmission of audio, video data, safety certification and key agreement between server device, eliminates potential safety hazard, improves
Security.
Embodiment 2
A kind of certification implementation method of safe audio-video encryption client, the implementation method are and the safety in embodiment 1
Audio-video encryption client is corresponding, and referring to Fig. 4, the implementation method comprises the following steps:
101:Web camera 12, which reads the MAC Address of itself and carries out SM3 algorithms, is calculated Emac;Web camera
12 carry out SM2 algorithm signatures using the private key for user of SD cipher cards 11 to cryptographic Hash H1, obtain signature value M1;Send the first identity
Information C1, current time information t1, Emac and signature value M1 are to network hard disk video recorder 22;
Wherein, before step 101, the implementation method of the client certificate also includes:It is close that web camera 12 reads SD
First identity information C1 of code card 11, according to the first identity information C1, current time information t1 and Emac, is entered by SM3 algorithms
Row calculates, and obtains cryptographic Hash H1.
102:Network hard disk video recorder 22 reads the first identity information C1 and entered with the first encryption device list of sequence numbers that prestores
Row is compared, and obtains the second identity information C2 in intelligent code key 21, and SM2 algorithm sign tests are carried out to the first identity information C1;
According to the first identity information C1, current time information t1 and Emac, calculated by SM3 algorithms, obtain cryptographic Hash H2;Use
SD cipher cards client public key carries out the sign test of SM2 algorithms to signature value M1;And SM1 algorithms are carried out to Emac with one-level distributed key
Encryption, obtains secret value E1;And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_
pub;
103:Network hard disk video recorder 22 according to the second identity information C2, current time information t2 and ciphertext Eipc_pub,
Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H3;By the private key for user of intelligent code key 21 to cryptographic Hash
H3 carries out SM2 cryptographic algorithm signatures, obtains signature value M2;Send the second identity information C2, ciphertext Eipc_pub, temporal information
T2, signature value M2 and sign test result are to web camera 12;
104:Web camera 12 reads the second identity information C2 to be compared with the second encryption device list of sequence numbers that prestores
It is right, the sign test of SM2 cryptographic algorithms is carried out to the second identity information C2 signing messages using the first public key;Believed according to the first identity
C1, ciphertext Eipc_pub, temporal information t2 are ceased, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H4;
105:Web camera 12 carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4,
Using the private key for user of SD cipher cards 11, ciphertext Eipc_pub is decrypted, secret value E 1 is obtained, takes preceding 16 byte close as work
Key preserves.
In summary, the embodiment of the present invention safe audio-video monitoring encrypt and client certificate by way of, realize
The safe transmission of audio, video data, safety certification and key agreement between client device, eliminates potential safety hazard, improves
Security.
Embodiment 3
The scheme in embodiment 2 is done with reference to Fig. 5 and further introduced, it is described below:
201:Web camera 12, which reads the MAC Address of itself and carries out SM3 algorithms, is calculated Emac;Web camera
12 read the first identity information C1 of SD cipher cards 11, according to the first identity information C1, current time information t1 and Emac, pass through
SM3 algorithms are calculated, and obtain cryptographic Hash H1;
Further, above-mentioned first identity information C1 includes:
1) the SD cipher card sequence numbers of 16 byte lengths;
2) the PSD cipher card client public key of 64 byte lengths;
3) the first public key of 64 byte lengths;
4) the first private key signature K1 of 64 byte lengths.
During specific implementation, the first public key and the first private key provide by KMC, the embodiment of the present invention to this not
Repeat.
Further, the first private key signature K1 is by above-mentioned 1) -3) in content calculated by SM3 algorithms,
The first private key signature is carried out to calculated value by SM2 algorithms to obtain.
Wherein, above-mentioned SM2 and SM3 cryptographic algorithms are known to those skilled in the art, the commercial cipher algorithm for known to,
The embodiment of the present invention is not repeated this.
202:Web camera 12 carries out SM2 algorithm signatures using the private key for user of SD cipher cards 11 to cryptographic Hash H1, obtains
To signature value M1;
Wherein, the private key for user of SD cipher cards 11 and the client public key of SD cipher cards 11, SM2 is used for SD cipher cards 11 itself
The key pair of cryptographic algorithm generation, during specific implementation, the embodiment of the present invention is without limitation.
203:Web camera 12 sends the first identity information C1, current time information t1, Emac and signature value M1 to net
Network DVR 22;
204:Network hard disk video recorder 22 reads the first identity information C1 and entered with the first encryption device list of sequence numbers that prestores
Row compares, and equipment is illegal if within blacklist, returns to failure result to web camera 12, disconnects, flow
Terminate;Otherwise step 205 is performed;
Wherein, the first prestore encryption device list of sequence numbers, blacklist is set all in accordance with the needs in practical application,
The embodiment of the present invention is not repeated this.
205:Network hard disk video recorder 22 obtains the second identity information C2 in intelligent code key 21;
Wherein, the second identity information C2 includes:
1) the intelligent code key sequence number of 16 byte lengths;
2) the intelligent code key client public key of 64 byte lengths;
3) the second public key of 64 byte lengths;
4) the second private key signature K2 of 64 byte lengths.
Wherein, 64 words in the first public key of 64 byte lengths in the first identity information C1 and the second identity information C2
The second public key for saving length is identical.During specific implementation, the second public key and the second private key provide by KMC, the present invention
Embodiment is not repeated this.
Further, the second private key signature K2 is by above-mentioned 1) -3) in content calculated by SM3 algorithms,
The second private key signature is carried out to calculated value by SM2 algorithms to obtain.
206:Network hard disk video recorder 22 reads the second public key of 64 byte lengths, and the first identity is believed using the second public key
Cease C1 and carry out SM2 algorithm sign tests, sign test by returning to identity information authentication failed result to web camera 12, does not disconnect and connected
Connect, flow terminates;Otherwise step 207 is performed;
207:Network hard disk video recorder 22 is calculated according to the first identity information C1, current time information t1 and Emac by SM3
Method is calculated, and obtains cryptographic Hash H2;
208:Network hard disk video recorder 22 reads the SD cipher card client public key in the first identity information C1;
209:Network hard disk video recorder 22 carries out the sign test of SM2 algorithms using SD cipher cards client public key to signature value M1,
Not by returning to signature verification failure result, disconnect, flow terminates;Otherwise step 210 is performed;
210:Network hard disk video recorder 22 carries out SM1 algorithm for encryption using one-level distributed key to Emac, obtains secret value
E1;And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_pub;
Wherein, set when one-level distributed key is initialized by KMC, it is known to those skilled in the art, this
Inventive embodiments are not repeated this.
211:Network hard disk video recorder 22 reads the second identity information C2 in intelligent code key 21;
212:Network hard disk video recorder 22 is according to the second identity information C2, current time information t2, Emac and ciphertext Eipc_
Pub, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H3;
213:Network hard disk video recorder 22 carries out SM2 passwords by the private key for user of intelligent code key 21 to cryptographic Hash H3
Algorithm is signed, and obtains signature value M2;
Wherein, the private key for user of intelligent code key 21 and intelligent code key client public key be intelligent code key 21 from
Body uses the key pair of SM2 cryptographic algorithms generation, and during specific implementation, the embodiment of the present invention is without limitation.
214:Network hard disk video recorder 22 send second identity information C2, Emac, ciphertext Eipc_pub, temporal information t2,
Signature value M2 and sign test result are to web camera 12;
215:Web camera 12 reads the second identity information C2 to be compared with the second encryption device list of sequence numbers that prestores
Right, equipment is illegal if within blacklist, disconnects, and otherwise carries out next step 216;
Wherein, second needs of the encryption device list of sequence numbers in practical application that prestore are set, and the present invention is real
Example is applied not repeat this.
216:Web camera 12 reads the first public key in SD cipher cards 11;
217:Web camera 12 carries out SM2 cryptographic algorithms using the first public key to the second identity information C2 signing messages
Sign test, sign test do not disconnect unsuccessfully by returning to identity information sign test, and flow terminates, and sign test is by then carrying out in next step
218;
218:Web camera 12 is close by SM3 according to the second identity information C2, ciphertext Eipc_pub, temporal information t2
Code algorithm carries out Hash calculation, obtains cryptographic Hash H4;
219:Web camera 12 carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4,
Not by disconnecting, flow terminates sign test, otherwise, performs step 220;
220:Web camera 12 is decrypted ciphertext Eipc_pub, is obtained secret value E using the private key for user of SD cipher cards 11
1, take preceding 16 byte to be preserved as working key.
In summary, the embodiment of the present invention safe audio-video monitoring encrypt and client certificate by way of, realize
The safe transmission of audio, video data, safety certification and key agreement between client device, eliminates potential safety hazard, improves
Security.
To the model of each device in addition to specified otherwise is done, the model of other devices is not limited the embodiment of the present invention,
As long as the device of above-mentioned function can be completed.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the embodiments of the present invention
Sequence number is for illustration only, does not represent the quality of embodiment.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc., it should be included in the scope of the protection.
Claims (6)
1. a kind of safe audio-video encryption client, it is characterised in that the encryption client includes:
Safety network camera, including SD cipher cards and web camera;
Secure network DVR, including intelligent code key and network hard disk video recorder;
SD cipher cards, intelligent code key are used to realize the authentication of corresponding device and the encryption and decryption to audio, video data;
Web camera is used for the collection and processing for realizing audio/video information;Network hard disk video recorder is used to realize audio/video information
Transmission, use and storage control.
2. a kind of certification implementation method of safe audio-video encryption client, it is characterised in that the implementation method includes following
Step:
1) network hard disk video recorder reads the first identity information and is compared with the first encryption device list of sequence numbers that prestores, acquisition
The second identity information in intelligent code key, SM2 algorithm sign tests are carried out to the first identity information;According to the first identity information,
Current time information t1 and Emac, are calculated by SM3 algorithms, obtain cryptographic Hash H2;Use SD cipher card client public key pair
Signature value M1 carries out the sign test of SM2 algorithms;SM1 algorithm for encryption is carried out to Emac using one-level distributed key, obtains secret value E1;
And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_pub;
2) network hard disk video recorder passes through SM3 passwords according to the second identity information, current time information t2 and ciphertext Eipc_pub
Algorithm carries out Hash calculation, obtains cryptographic Hash H3;SM2 passwords are carried out to cryptographic Hash H3 by the private key for user of intelligent code key
Algorithm is signed, and obtains signature value M2;Send the second identity information, ciphertext Eipc_pub, temporal information t2, signature value M2 and sign test
As a result web camera is arrived;
3) web camera reads the second identity information and is compared with the second encryption device list of sequence numbers that prestores, and uses first
Public key carries out the sign test of SM2 cryptographic algorithms to the signing messages of the second identity information;According to the first identity information, ciphertext Eipc_
Pub, temporal information t2, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H4;
4) web camera carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4, close using SD
The private key for user of code card, decrypts ciphertext Eipc_pub, obtains secret value E1, takes preceding 16 byte to be preserved as working key.
A kind of 3. certification implementation method of safe audio-video encryption client according to claim 2, it is characterised in that
Before step 1), the implementation method also includes:
Web camera carries out SM2 algorithm signatures using the private key for user of SD cipher cards to cryptographic Hash H1, obtains signature value M1;Hair
Send the first identity information, current time information t1, Emac and signature value M1 to network hard disk video recorder.
A kind of 4. certification implementation method of safe audio-video encryption client according to claim 3, it is characterised in that institute
Stating the implementation method of client certificate also includes:
Web camera reads the first identity information of SD cipher cards, according to the first identity information, Emac and current time information
T1, calculated by SM3 algorithms, obtain cryptographic Hash H1.
5. a kind of certification implementation method of safe audio-video encryption client according to claim 3 or 4, its feature exist
In first identity information is specially:
1) the SD cipher card sequence numbers of 16 byte lengths;2) the SD cipher card client public key of 64 byte lengths;
3) the first public key of 64 byte lengths;4) the first private key signature of 64 byte lengths.
A kind of 6. certification implementation method of safe audio-video encryption client according to claim 3, it is characterised in that institute
Stating the second identity information is specially:
1) the intelligent code key sequence number of 16 byte lengths;2) the intelligent code key client public key of 64 byte lengths;
3) the second public key of 64 byte lengths;4) the second private key signature K2 of 64 byte lengths.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711152323.2A CN107872324A (en) | 2017-11-19 | 2017-11-19 | A kind of safe audio-video encryption client and certification implementation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711152323.2A CN107872324A (en) | 2017-11-19 | 2017-11-19 | A kind of safe audio-video encryption client and certification implementation method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107872324A true CN107872324A (en) | 2018-04-03 |
Family
ID=61754122
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711152323.2A Pending CN107872324A (en) | 2017-11-19 | 2017-11-19 | A kind of safe audio-video encryption client and certification implementation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107872324A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110381505A (en) * | 2019-07-22 | 2019-10-25 | 浙江大华技术股份有限公司 | Access the method and device of network hard disk video recorder |
CN110691225A (en) * | 2019-11-05 | 2020-01-14 | 杭州视洞科技有限公司 | High-security encryption scheme for playing of AP direct connection/local area network camera |
CN111586076A (en) * | 2020-05-26 | 2020-08-25 | 清华大学 | Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password |
CN112804215A (en) * | 2020-12-31 | 2021-05-14 | 中孚信息股份有限公司 | Video acquisition safety processing system and method based on zero trust mechanism |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
CN101374159A (en) * | 2008-10-08 | 2009-02-25 | 中国科学院计算技术研究所 | Credible control method and system for P2P network |
CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
CN102103666A (en) * | 2009-12-18 | 2011-06-22 | 鸿富锦精密工业(深圳)有限公司 | Hot swap protection system and method for hard disk |
CN103051869A (en) * | 2012-11-15 | 2013-04-17 | 山东中孚信息产业股份有限公司 | System and method for encrypting camera video in real time |
CN106341424A (en) * | 2016-11-08 | 2017-01-18 | 天津光电安辰信息技术股份有限公司 | Identity authentication based video encryption system and realization method thereof |
CN106656497A (en) * | 2016-11-08 | 2017-05-10 | 天津光电安辰信息技术股份有限公司 | Domestic password module based video encryption identity verification system and implementation method thereof |
-
2017
- 2017-11-19 CN CN201711152323.2A patent/CN107872324A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
CN101374159A (en) * | 2008-10-08 | 2009-02-25 | 中国科学院计算技术研究所 | Credible control method and system for P2P network |
CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
CN102103666A (en) * | 2009-12-18 | 2011-06-22 | 鸿富锦精密工业(深圳)有限公司 | Hot swap protection system and method for hard disk |
CN103051869A (en) * | 2012-11-15 | 2013-04-17 | 山东中孚信息产业股份有限公司 | System and method for encrypting camera video in real time |
CN106341424A (en) * | 2016-11-08 | 2017-01-18 | 天津光电安辰信息技术股份有限公司 | Identity authentication based video encryption system and realization method thereof |
CN106656497A (en) * | 2016-11-08 | 2017-05-10 | 天津光电安辰信息技术股份有限公司 | Domestic password module based video encryption identity verification system and implementation method thereof |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110381505A (en) * | 2019-07-22 | 2019-10-25 | 浙江大华技术股份有限公司 | Access the method and device of network hard disk video recorder |
CN110691225A (en) * | 2019-11-05 | 2020-01-14 | 杭州视洞科技有限公司 | High-security encryption scheme for playing of AP direct connection/local area network camera |
CN110691225B (en) * | 2019-11-05 | 2021-04-06 | 杭州视洞科技有限公司 | High-security encryption method for playing of AP direct connection/local area network camera |
CN111586076A (en) * | 2020-05-26 | 2020-08-25 | 清华大学 | Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password |
CN112804215A (en) * | 2020-12-31 | 2021-05-14 | 中孚信息股份有限公司 | Video acquisition safety processing system and method based on zero trust mechanism |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109361668B (en) | Trusted data transmission method | |
US7792296B2 (en) | Access-controlled encrypted recording method for site, interaction and process monitoring | |
CN107947937A (en) | A kind of safe audio-video encryption system and terminal authentication implementation method | |
WO2017097041A1 (en) | Data transmission method and device | |
EP3324572B1 (en) | Information transmission method and mobile device | |
US9852300B2 (en) | Secure audit logging | |
CN109218825B (en) | Video encryption system | |
CN111740844A (en) | SSL communication method and device based on hardware cryptographic algorithm | |
US10594479B2 (en) | Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device | |
CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
CN106104562A (en) | Safety of secret data stores and recovery system and method | |
CN111274578B (en) | Data safety protection system and method for video monitoring system | |
CN102024123B (en) | Method and device for importing mirror image of virtual machine in cloud calculation | |
CN109151508B (en) | Video encryption method | |
CN107872324A (en) | A kind of safe audio-video encryption client and certification implementation method | |
CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
CN104796265A (en) | Internet-of-things identity authentication method based on Bluetooth communication access | |
CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
US20180013832A1 (en) | Health device, gateway device and method for securing protocol using the same | |
CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
CN110233729A (en) | A kind of encryption solid-state disk key management method based on PUF | |
CN112702582B (en) | Secure transmission method and device for monitoring video based on SM2 | |
CN109981271A (en) | A kind of network multimedia security protection encryption method | |
CN107666420B (en) | Method for production control and identity authentication of intelligent home gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180403 |
|
RJ01 | Rejection of invention patent application after publication |