CN107872324A - A kind of safe audio-video encryption client and certification implementation method - Google Patents

A kind of safe audio-video encryption client and certification implementation method Download PDF

Info

Publication number
CN107872324A
CN107872324A CN201711152323.2A CN201711152323A CN107872324A CN 107872324 A CN107872324 A CN 107872324A CN 201711152323 A CN201711152323 A CN 201711152323A CN 107872324 A CN107872324 A CN 107872324A
Authority
CN
China
Prior art keywords
identity information
key
client
audio
video
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711152323.2A
Other languages
Chinese (zh)
Inventor
胡双喜
吕前进
冯杰
李明星
李良
李一良
张文浩
王辉
梁超
陈本阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Opto Electronic Information Technology Ltd By Share Ltd
Original Assignee
Tianjin Opto Electronic Information Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Opto Electronic Information Technology Ltd By Share Ltd filed Critical Tianjin Opto Electronic Information Technology Ltd By Share Ltd
Priority to CN201711152323.2A priority Critical patent/CN107872324A/en
Publication of CN107872324A publication Critical patent/CN107872324A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention discloses a kind of safe audio frequency and video client and certification implementation method, including:Web camera is used for the collection and processing for realizing audio/video information;Network hard disk video recorder is used to realize the transmission of audio/video information, use and storage control;The present invention safe audio-video monitoring encrypt and client certificate by way of, realize the safe transmission of audio, video data, safety certification and key agreement between client device, eliminate potential safety hazard, improve security.

Description

A kind of safe audio-video encryption client and certification implementation method
Technical field
The invention belongs to audio-video encryption and field of authentication, and in particular to a kind of safe audio-video encryption client and certification Implementation method.
Background technology
Encryption device is the general designation with certain cryptographic function or the equipment that can complete certain password task.Password is set It is standby to be divided into encryption device and interface software two large divisions.Encryption device is the core of hardware encryption equipment, is various safety The supplier of service function.It is several that encryption device can be divided into hardware circuit, control software, cryptographic algorithm, bottom firmware etc. again Part, wherein, hardware circuit includes interface circuit, control circuit, crypto-operation circuit, storage circuit etc. again.
In practical application, in order to safeguard national security and social stability, China deploy a large amount of safety defense monitoring systems.But It is that with the development of prior art, video monitoring system is also faced with full spectrum of threats, and security cannot be guaranteed, and can not ensure The good experience of user.
Existing potential safety hazard between existing video monitoring system client:
(1) leakage of information:Video file is compromised and steals and causes citizen's legitimate rights and interests to be invaded, state secret and business Secret is compromised;
(2) illegally distort:Video information is forged by illegal means, replaces, destroy;
(3) illegal invasion:Video stream data and communication protocol progress Network Intrusion are intercepted and captured by intercepting, causes system can not Normal work, leak and weak spot in security work are grasped by the video data of intercepting and capturing, targetedly carries out destruction work It is dynamic, serious threat is caused to national security and social stability.
The content of the invention
The invention provides a kind of safe audio-video encryption client and certification implementation method, the present invention is regarded by safe sound Frequency monitoring encryption and the mode of client certificate, realize the safe transmission of audio, video data, the peace between client device Full Authentication and Key Agreement, eliminates potential safety hazard, improves security, described below:
A kind of safe audio-video encryption client, including:
Safety network camera, including SD cipher cards and web camera;
Secure network DVR, including intelligent code key and network hard disk video recorder;
SD cipher cards, intelligent code key are used for the authentication for realizing corresponding device and add solution to audio, video data It is close;
Web camera is used for the collection and processing for realizing audio/video information;Network hard disk video recorder is used to realize audio frequency and video Transmission, the use and storage control of information.
A kind of certification implementation method of safe audio-video encryption client, the implementation method comprise the following steps:
1) network hard disk video recorder reads the first identity information and is compared with the first encryption device list of sequence numbers that prestores, The second identity information in intelligent code key is obtained, SM2 algorithm sign tests are carried out to the first identity information;Believed according to the first identity Breath, current time information t1 and Emac, are calculated by SM3 algorithms, obtain cryptographic Hash H2;Use SD cipher card client public key The sign test of SM2 algorithms is carried out to signature value M1;SM1 algorithm for encryption is carried out to Emac using one-level distributed key, obtains secret value E1;And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_pub;
2) network hard disk video recorder passes through SM3 according to the second identity information, current time information t2 and ciphertext Eipc_pub Cryptographic algorithm carries out Hash calculation, obtains cryptographic Hash H3;SM2 is carried out to cryptographic Hash H3 by the private key for user of intelligent code key Cryptographic algorithm is signed, and obtains signature value M2;Send the second identity information, ciphertext Eipc_pub, temporal information t2, signature value M2 and Sign test result is to web camera;
3) web camera reads the second identity information and is compared with the second encryption device list of sequence numbers that prestores, use First public key carries out the sign test of SM2 cryptographic algorithms to the signing messages of the second identity information;According to the first identity information, ciphertext Eipc_pub, temporal information t2, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H4;
4) web camera carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4, uses The private key for user of SD cipher cards, ciphertext Eipc_pub is decrypted, obtains secret value E1, take preceding 16 byte to be preserved as working key.
Before step 1), the implementation method also includes:
Web camera carries out SM2 algorithm signatures using the private key for user of SD cipher cards to cryptographic Hash H1, obtains signature value M1;Send the first identity information, current time information t1, Emac and signature value M1 to network hard disk video recorder.
The implementation method of the client certificate also includes:
Web camera reads the first identity information of SD cipher cards, according to the first identity information, Emac and current time Information t1, calculated by SM3 algorithms, obtain cryptographic Hash H1.
First identity information is specially:
1) the SD cipher card sequence numbers of 16 byte lengths;2) the SD cipher card client public key of 64 byte lengths;
3) the first public key of 64 byte lengths;4) the first private key signature of 64 byte lengths.
Second identity information is specially:
1) the intelligent code key sequence number of 16 byte lengths;2) the intelligent code key client public key of 64 byte lengths;
3) the second public key of 64 byte lengths;4) the second private key signature K2 of 64 byte lengths.
The beneficial effect of technical scheme provided by the invention is:
1st, audio, video data information is encrypted and client certificate by way of, realize audio, video data Safe transmission, safety certification and key agreement between client device, eliminates potential safety hazard that may be present, improves sound The security of video information;
2nd, user can be protected important and sensitive image is not stolen illegally, distorted, refusing disabled user using forgery Equipment invasive system;
3rd, all safety means realize authentication using digital certificate in network, using data integrity protection's algorithm, Session protocol and control protocol are protected, prevent the protocol attack of disabled user.
Brief description of the drawings
Fig. 1 is a kind of structural representation of safe audio-video encryption client;
Fig. 2 is the structural representation of safety network camera;
Fig. 3 is the structural representation of secure network DVR;
Fig. 4 is a kind of flow chart of the implementation method of client certificate;
Fig. 5 is a kind of another flow chart of the implementation method of client certificate.
In accompanying drawing, the list of parts representated by each label is as follows:
1:Safety network camera; 2:Secure network DVR;
11:SD cipher cards; 12:Web camera;
21:Intelligent code key; 22:Network hard disk video recorder.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, embodiment of the present invention is made below further It is described in detail on ground.
Embodiment 1
A kind of safe audio-video encryption client, referring to Fig. 1, the safe audio frequency and video client, including:Secure network images Machine 1, secure network DVR 2.
Referring to Fig. 2, the safety network camera 1 includes:SD cipher cards 11 and web camera 12.
Referring to Fig. 3, the secure network DVR 2 includes:Intelligent code key 21 and network hard disk video recorder 22.
SD cipher cards 11 are connected with web camera 12 by SDIO interfaces;Intelligent code key 21 is recorded a video with network hard disc Machine 22 is connected by USB interface;Web camera 12, network hard disk video recorder 22 are communicated by network.
SD cipher cards 11, intelligent code key 21 are used for the authentication for realizing corresponding device.
Web camera 12 is used for the collection and processing for realizing audio/video information.
Network hard disk video recorder 22 is used to realize the transmission of audio/video information, use and storage control.
Wherein, hardware encryption equipment includes:SD cipher cards 11, intelligent code key 21, but connecing for encryption device is not limited Mouth type and equipment form.
Wherein, the difference with ordinary network camera is, web camera 12 possesses what is communicated with SD cipher cards 11 SDIO interface communication modules.
Wherein, the difference with general network DVR is, network hard disk video recorder 22 possesses and intelligent cipher key The USB interface communication module of the communication of spoon 21.
That is, the embodiment of the present invention realizes the use certification of Monitor Equipment by above-mentioned device, and to audio frequency and video Collection, transmission, storage, the broadcasting of information.
Wherein, the signal transmission in above-mentioned each device, be not related to improvement to software, the present invention simply uses Existing application flow realizes safe audio-video monitoring encryption client.
To the model of each device in addition to specified otherwise is done, the model of other devices is not limited the embodiment of the present invention, As long as the device of above-mentioned function can be completed.
In summary, the embodiment of the present invention safe audio-video monitoring encrypt and client certificate by way of, realize The safe transmission of audio, video data, safety certification and key agreement between server device, eliminates potential safety hazard, improves Security.
Embodiment 2
A kind of certification implementation method of safe audio-video encryption client, the implementation method are and the safety in embodiment 1 Audio-video encryption client is corresponding, and referring to Fig. 4, the implementation method comprises the following steps:
101:Web camera 12, which reads the MAC Address of itself and carries out SM3 algorithms, is calculated Emac;Web camera 12 carry out SM2 algorithm signatures using the private key for user of SD cipher cards 11 to cryptographic Hash H1, obtain signature value M1;Send the first identity Information C1, current time information t1, Emac and signature value M1 are to network hard disk video recorder 22;
Wherein, before step 101, the implementation method of the client certificate also includes:It is close that web camera 12 reads SD First identity information C1 of code card 11, according to the first identity information C1, current time information t1 and Emac, is entered by SM3 algorithms Row calculates, and obtains cryptographic Hash H1.
102:Network hard disk video recorder 22 reads the first identity information C1 and entered with the first encryption device list of sequence numbers that prestores Row is compared, and obtains the second identity information C2 in intelligent code key 21, and SM2 algorithm sign tests are carried out to the first identity information C1; According to the first identity information C1, current time information t1 and Emac, calculated by SM3 algorithms, obtain cryptographic Hash H2;Use SD cipher cards client public key carries out the sign test of SM2 algorithms to signature value M1;And SM1 algorithms are carried out to Emac with one-level distributed key Encryption, obtains secret value E1;And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_ pub;
103:Network hard disk video recorder 22 according to the second identity information C2, current time information t2 and ciphertext Eipc_pub, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H3;By the private key for user of intelligent code key 21 to cryptographic Hash H3 carries out SM2 cryptographic algorithm signatures, obtains signature value M2;Send the second identity information C2, ciphertext Eipc_pub, temporal information T2, signature value M2 and sign test result are to web camera 12;
104:Web camera 12 reads the second identity information C2 to be compared with the second encryption device list of sequence numbers that prestores It is right, the sign test of SM2 cryptographic algorithms is carried out to the second identity information C2 signing messages using the first public key;Believed according to the first identity C1, ciphertext Eipc_pub, temporal information t2 are ceased, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H4;
105:Web camera 12 carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4, Using the private key for user of SD cipher cards 11, ciphertext Eipc_pub is decrypted, secret value E 1 is obtained, takes preceding 16 byte close as work Key preserves.
In summary, the embodiment of the present invention safe audio-video monitoring encrypt and client certificate by way of, realize The safe transmission of audio, video data, safety certification and key agreement between client device, eliminates potential safety hazard, improves Security.
Embodiment 3
The scheme in embodiment 2 is done with reference to Fig. 5 and further introduced, it is described below:
201:Web camera 12, which reads the MAC Address of itself and carries out SM3 algorithms, is calculated Emac;Web camera 12 read the first identity information C1 of SD cipher cards 11, according to the first identity information C1, current time information t1 and Emac, pass through SM3 algorithms are calculated, and obtain cryptographic Hash H1;
Further, above-mentioned first identity information C1 includes:
1) the SD cipher card sequence numbers of 16 byte lengths;
2) the PSD cipher card client public key of 64 byte lengths;
3) the first public key of 64 byte lengths;
4) the first private key signature K1 of 64 byte lengths.
During specific implementation, the first public key and the first private key provide by KMC, the embodiment of the present invention to this not Repeat.
Further, the first private key signature K1 is by above-mentioned 1) -3) in content calculated by SM3 algorithms, The first private key signature is carried out to calculated value by SM2 algorithms to obtain.
Wherein, above-mentioned SM2 and SM3 cryptographic algorithms are known to those skilled in the art, the commercial cipher algorithm for known to, The embodiment of the present invention is not repeated this.
202:Web camera 12 carries out SM2 algorithm signatures using the private key for user of SD cipher cards 11 to cryptographic Hash H1, obtains To signature value M1;
Wherein, the private key for user of SD cipher cards 11 and the client public key of SD cipher cards 11, SM2 is used for SD cipher cards 11 itself The key pair of cryptographic algorithm generation, during specific implementation, the embodiment of the present invention is without limitation.
203:Web camera 12 sends the first identity information C1, current time information t1, Emac and signature value M1 to net Network DVR 22;
204:Network hard disk video recorder 22 reads the first identity information C1 and entered with the first encryption device list of sequence numbers that prestores Row compares, and equipment is illegal if within blacklist, returns to failure result to web camera 12, disconnects, flow Terminate;Otherwise step 205 is performed;
Wherein, the first prestore encryption device list of sequence numbers, blacklist is set all in accordance with the needs in practical application, The embodiment of the present invention is not repeated this.
205:Network hard disk video recorder 22 obtains the second identity information C2 in intelligent code key 21;
Wherein, the second identity information C2 includes:
1) the intelligent code key sequence number of 16 byte lengths;
2) the intelligent code key client public key of 64 byte lengths;
3) the second public key of 64 byte lengths;
4) the second private key signature K2 of 64 byte lengths.
Wherein, 64 words in the first public key of 64 byte lengths in the first identity information C1 and the second identity information C2 The second public key for saving length is identical.During specific implementation, the second public key and the second private key provide by KMC, the present invention Embodiment is not repeated this.
Further, the second private key signature K2 is by above-mentioned 1) -3) in content calculated by SM3 algorithms, The second private key signature is carried out to calculated value by SM2 algorithms to obtain.
206:Network hard disk video recorder 22 reads the second public key of 64 byte lengths, and the first identity is believed using the second public key Cease C1 and carry out SM2 algorithm sign tests, sign test by returning to identity information authentication failed result to web camera 12, does not disconnect and connected Connect, flow terminates;Otherwise step 207 is performed;
207:Network hard disk video recorder 22 is calculated according to the first identity information C1, current time information t1 and Emac by SM3 Method is calculated, and obtains cryptographic Hash H2;
208:Network hard disk video recorder 22 reads the SD cipher card client public key in the first identity information C1;
209:Network hard disk video recorder 22 carries out the sign test of SM2 algorithms using SD cipher cards client public key to signature value M1, Not by returning to signature verification failure result, disconnect, flow terminates;Otherwise step 210 is performed;
210:Network hard disk video recorder 22 carries out SM1 algorithm for encryption using one-level distributed key to Emac, obtains secret value E1;And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_pub;
Wherein, set when one-level distributed key is initialized by KMC, it is known to those skilled in the art, this Inventive embodiments are not repeated this.
211:Network hard disk video recorder 22 reads the second identity information C2 in intelligent code key 21;
212:Network hard disk video recorder 22 is according to the second identity information C2, current time information t2, Emac and ciphertext Eipc_ Pub, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H3;
213:Network hard disk video recorder 22 carries out SM2 passwords by the private key for user of intelligent code key 21 to cryptographic Hash H3 Algorithm is signed, and obtains signature value M2;
Wherein, the private key for user of intelligent code key 21 and intelligent code key client public key be intelligent code key 21 from Body uses the key pair of SM2 cryptographic algorithms generation, and during specific implementation, the embodiment of the present invention is without limitation.
214:Network hard disk video recorder 22 send second identity information C2, Emac, ciphertext Eipc_pub, temporal information t2, Signature value M2 and sign test result are to web camera 12;
215:Web camera 12 reads the second identity information C2 to be compared with the second encryption device list of sequence numbers that prestores Right, equipment is illegal if within blacklist, disconnects, and otherwise carries out next step 216;
Wherein, second needs of the encryption device list of sequence numbers in practical application that prestore are set, and the present invention is real Example is applied not repeat this.
216:Web camera 12 reads the first public key in SD cipher cards 11;
217:Web camera 12 carries out SM2 cryptographic algorithms using the first public key to the second identity information C2 signing messages Sign test, sign test do not disconnect unsuccessfully by returning to identity information sign test, and flow terminates, and sign test is by then carrying out in next step 218;
218:Web camera 12 is close by SM3 according to the second identity information C2, ciphertext Eipc_pub, temporal information t2 Code algorithm carries out Hash calculation, obtains cryptographic Hash H4;
219:Web camera 12 carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4, Not by disconnecting, flow terminates sign test, otherwise, performs step 220;
220:Web camera 12 is decrypted ciphertext Eipc_pub, is obtained secret value E using the private key for user of SD cipher cards 11 1, take preceding 16 byte to be preserved as working key.
In summary, the embodiment of the present invention safe audio-video monitoring encrypt and client certificate by way of, realize The safe transmission of audio, video data, safety certification and key agreement between client device, eliminates potential safety hazard, improves Security.
To the model of each device in addition to specified otherwise is done, the model of other devices is not limited the embodiment of the present invention, As long as the device of above-mentioned function can be completed.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the embodiments of the present invention Sequence number is for illustration only, does not represent the quality of embodiment.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent substitution and improvements made etc., it should be included in the scope of the protection.

Claims (6)

1. a kind of safe audio-video encryption client, it is characterised in that the encryption client includes:
Safety network camera, including SD cipher cards and web camera;
Secure network DVR, including intelligent code key and network hard disk video recorder;
SD cipher cards, intelligent code key are used to realize the authentication of corresponding device and the encryption and decryption to audio, video data;
Web camera is used for the collection and processing for realizing audio/video information;Network hard disk video recorder is used to realize audio/video information Transmission, use and storage control.
2. a kind of certification implementation method of safe audio-video encryption client, it is characterised in that the implementation method includes following Step:
1) network hard disk video recorder reads the first identity information and is compared with the first encryption device list of sequence numbers that prestores, acquisition The second identity information in intelligent code key, SM2 algorithm sign tests are carried out to the first identity information;According to the first identity information, Current time information t1 and Emac, are calculated by SM3 algorithms, obtain cryptographic Hash H2;Use SD cipher card client public key pair Signature value M1 carries out the sign test of SM2 algorithms;SM1 algorithm for encryption is carried out to Emac using one-level distributed key, obtains secret value E1; And SM2 algorithm for encryption is carried out to secret value E1 with SD cipher cards client public key, obtain ciphertext Eipc_pub;
2) network hard disk video recorder passes through SM3 passwords according to the second identity information, current time information t2 and ciphertext Eipc_pub Algorithm carries out Hash calculation, obtains cryptographic Hash H3;SM2 passwords are carried out to cryptographic Hash H3 by the private key for user of intelligent code key Algorithm is signed, and obtains signature value M2;Send the second identity information, ciphertext Eipc_pub, temporal information t2, signature value M2 and sign test As a result web camera is arrived;
3) web camera reads the second identity information and is compared with the second encryption device list of sequence numbers that prestores, and uses first Public key carries out the sign test of SM2 cryptographic algorithms to the signing messages of the second identity information;According to the first identity information, ciphertext Eipc_ Pub, temporal information t2, Hash calculation is carried out by SM3 cryptographic algorithms, obtains cryptographic Hash H4;
4) web camera carries out SM2 cryptographic algorithm sign tests using the first public key to signature value M2 and cryptographic Hash H4, close using SD The private key for user of code card, decrypts ciphertext Eipc_pub, obtains secret value E1, takes preceding 16 byte to be preserved as working key.
A kind of 3. certification implementation method of safe audio-video encryption client according to claim 2, it is characterised in that Before step 1), the implementation method also includes:
Web camera carries out SM2 algorithm signatures using the private key for user of SD cipher cards to cryptographic Hash H1, obtains signature value M1;Hair Send the first identity information, current time information t1, Emac and signature value M1 to network hard disk video recorder.
A kind of 4. certification implementation method of safe audio-video encryption client according to claim 3, it is characterised in that institute Stating the implementation method of client certificate also includes:
Web camera reads the first identity information of SD cipher cards, according to the first identity information, Emac and current time information T1, calculated by SM3 algorithms, obtain cryptographic Hash H1.
5. a kind of certification implementation method of safe audio-video encryption client according to claim 3 or 4, its feature exist In first identity information is specially:
1) the SD cipher card sequence numbers of 16 byte lengths;2) the SD cipher card client public key of 64 byte lengths;
3) the first public key of 64 byte lengths;4) the first private key signature of 64 byte lengths.
A kind of 6. certification implementation method of safe audio-video encryption client according to claim 3, it is characterised in that institute Stating the second identity information is specially:
1) the intelligent code key sequence number of 16 byte lengths;2) the intelligent code key client public key of 64 byte lengths;
3) the second public key of 64 byte lengths;4) the second private key signature K2 of 64 byte lengths.
CN201711152323.2A 2017-11-19 2017-11-19 A kind of safe audio-video encryption client and certification implementation method Pending CN107872324A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711152323.2A CN107872324A (en) 2017-11-19 2017-11-19 A kind of safe audio-video encryption client and certification implementation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711152323.2A CN107872324A (en) 2017-11-19 2017-11-19 A kind of safe audio-video encryption client and certification implementation method

Publications (1)

Publication Number Publication Date
CN107872324A true CN107872324A (en) 2018-04-03

Family

ID=61754122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711152323.2A Pending CN107872324A (en) 2017-11-19 2017-11-19 A kind of safe audio-video encryption client and certification implementation method

Country Status (1)

Country Link
CN (1) CN107872324A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110381505A (en) * 2019-07-22 2019-10-25 浙江大华技术股份有限公司 Access the method and device of network hard disk video recorder
CN110691225A (en) * 2019-11-05 2020-01-14 杭州视洞科技有限公司 High-security encryption scheme for playing of AP direct connection/local area network camera
CN111586076A (en) * 2020-05-26 2020-08-25 清华大学 Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password
CN112804215A (en) * 2020-12-31 2021-05-14 中孚信息股份有限公司 Video acquisition safety processing system and method based on zero trust mechanism

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN101374159A (en) * 2008-10-08 2009-02-25 中国科学院计算技术研究所 Credible control method and system for P2P network
CN101789934A (en) * 2009-11-17 2010-07-28 北京飞天诚信科技有限公司 Method and system for online security trading
CN102103666A (en) * 2009-12-18 2011-06-22 鸿富锦精密工业(深圳)有限公司 Hot swap protection system and method for hard disk
CN103051869A (en) * 2012-11-15 2013-04-17 山东中孚信息产业股份有限公司 System and method for encrypting camera video in real time
CN106341424A (en) * 2016-11-08 2017-01-18 天津光电安辰信息技术股份有限公司 Identity authentication based video encryption system and realization method thereof
CN106656497A (en) * 2016-11-08 2017-05-10 天津光电安辰信息技术股份有限公司 Domestic password module based video encryption identity verification system and implementation method thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN101374159A (en) * 2008-10-08 2009-02-25 中国科学院计算技术研究所 Credible control method and system for P2P network
CN101789934A (en) * 2009-11-17 2010-07-28 北京飞天诚信科技有限公司 Method and system for online security trading
CN102103666A (en) * 2009-12-18 2011-06-22 鸿富锦精密工业(深圳)有限公司 Hot swap protection system and method for hard disk
CN103051869A (en) * 2012-11-15 2013-04-17 山东中孚信息产业股份有限公司 System and method for encrypting camera video in real time
CN106341424A (en) * 2016-11-08 2017-01-18 天津光电安辰信息技术股份有限公司 Identity authentication based video encryption system and realization method thereof
CN106656497A (en) * 2016-11-08 2017-05-10 天津光电安辰信息技术股份有限公司 Domestic password module based video encryption identity verification system and implementation method thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110381505A (en) * 2019-07-22 2019-10-25 浙江大华技术股份有限公司 Access the method and device of network hard disk video recorder
CN110691225A (en) * 2019-11-05 2020-01-14 杭州视洞科技有限公司 High-security encryption scheme for playing of AP direct connection/local area network camera
CN110691225B (en) * 2019-11-05 2021-04-06 杭州视洞科技有限公司 High-security encryption method for playing of AP direct connection/local area network camera
CN111586076A (en) * 2020-05-26 2020-08-25 清华大学 Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password
CN112804215A (en) * 2020-12-31 2021-05-14 中孚信息股份有限公司 Video acquisition safety processing system and method based on zero trust mechanism

Similar Documents

Publication Publication Date Title
CN109361668B (en) Trusted data transmission method
US7792296B2 (en) Access-controlled encrypted recording method for site, interaction and process monitoring
CN107947937A (en) A kind of safe audio-video encryption system and terminal authentication implementation method
WO2017097041A1 (en) Data transmission method and device
EP3324572B1 (en) Information transmission method and mobile device
US9852300B2 (en) Secure audit logging
CN109218825B (en) Video encryption system
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN106104562A (en) Safety of secret data stores and recovery system and method
CN111274578B (en) Data safety protection system and method for video monitoring system
CN102024123B (en) Method and device for importing mirror image of virtual machine in cloud calculation
CN109151508B (en) Video encryption method
CN107872324A (en) A kind of safe audio-video encryption client and certification implementation method
CN104158653A (en) Method of secure communication based on commercial cipher algorithm
CN104796265A (en) Internet-of-things identity authentication method based on Bluetooth communication access
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
US20180013832A1 (en) Health device, gateway device and method for securing protocol using the same
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
CN110233729A (en) A kind of encryption solid-state disk key management method based on PUF
CN112702582B (en) Secure transmission method and device for monitoring video based on SM2
CN109981271A (en) A kind of network multimedia security protection encryption method
CN107666420B (en) Method for production control and identity authentication of intelligent home gateway

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180403

RJ01 Rejection of invention patent application after publication