CN108184134A - 一种视频流安全转发方法及系统 - Google Patents
一种视频流安全转发方法及系统 Download PDFInfo
- Publication number
- CN108184134A CN108184134A CN201711398364.XA CN201711398364A CN108184134A CN 108184134 A CN108184134 A CN 108184134A CN 201711398364 A CN201711398364 A CN 201711398364A CN 108184134 A CN108184134 A CN 108184134A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- service platform
- random number
- forwarding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 5
- 238000012795 verification Methods 0.000 abstract description 2
- 238000012544 monitoring process Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 3
- 230000011664 signaling Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/239—Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests
- H04N21/2393—Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests involving handling client requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/637—Control signals issued by the client directed to the server or network components
- H04N21/6377—Control signals issued by the client directed to the server or network components directed to server
- H04N21/63775—Control signals issued by the client directed to the server or network components directed to server for uploading keys, e.g. for a client to communicate its public key to the server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
本发明公开了一种视频流安全转发的方法,包括:转发平台与远程摄像机之间的认证以及客户端与转发平台之间的认证。转发平台与远程摄像机之间的认证、客户端与转发平台之间的认证过程一致。端与端之间通过非对称加密技术实现双向安全认证。最终保证非法用户无法与远程摄像机、转发服务平台进行交互。
Description
技术领域
本发明涉及视频监控领域,尤其是一种音视频流安全转发系统。
背景技术
视频监控系统作为安全防范系统的组成部分,承载着监控人员掌握所辖区域监控点的图像信息,对事件进行记录仪、预警,避免国家及个人财产受到损害,或者对监控点紧急事件进行远程指挥、综合战斗,具有高清晰、稳定性和实时性要求;音视频数据本身的安全性受到越来越多的重视;视频监控系统经历三代演变,第三代数字化系统基于网络摄像机技术,视频信息完全通过标准的以太网协议和通道进行传输,视频码率较低,网络的通用性和可维护性得到明显提升,但由于网络治安和视频监控区域的分散,导致难于管理,网络安全状况遇到了极大的挑战;音视频流安全、稳定和高效转发成为一个需要解决的问题,需要一种能够安全可靠稳定的音视频流转发方法及系统来解决目前遇到的问题。
发明内容
如图1,本发明提出一个音视频流安全转发方法及系统,该方法采用多层加密以及认证并使用客户端-服务器架构设计系统,可以很好的保证音视频流转发的安全性、高效性和稳定性;通过采用客户端-服务器架构可以充分运用高性能物理设备资源以减轻远程网络摄像端的负载压力。
这种基于多层加密与双向认证的客户端-服务器协议的IP Camera服务实现方法,其基于一个由网络摄像终端、客户端以及服务平台所构建的服务系统。其中网络摄像终端用于采集被监控对象图像和音频,客户端用于控制和调整网络摄像终端的运行状态,服务平台作为中间平台,与客户端和网络摄像终端分别建立通信连接,并执行客户端的请求,若客户端需要音视频,服务平台会从网络摄像终端申请并转发给客户端。主要方案是:
(1)网络摄像终端从服务平台获取配置,与服务平台双向安全认证,然后保持心跳连接等待客户端访问;
(2)客户端从服务平台获取配置,与服务平台双向安全认证,然后与服务平台建立连接并由服务平台去执行客户端的指令,执行完毕后,若有音视频流则由服务平台转发给客户端;
上述方案中,所述步骤(1)中网络摄像终端与服务平台的双向安全认证是由网络摄像终端连接服务平台获取用于注册和认证等配置信息,之后网络摄像终端根据该配置信息向服务平台注册继而完成双向认证。客户端与服务平台的双向认证与之类似。
上述方案中,所述网络摄像终端连接服务平台获取注册和认证等配置信息由加密算法E1(E1可以是DES、3DES、RC2、RC4、IDEA、RSA、DSA、AES等加密算法),内置于网络摄像终端和服务平台内;网络摄像终端用E1加密特征信息,向服务平台发送获取配置信息的请求;服务平台受到请求后用E1解密判断网络摄像终端是否合法,如合法则将配置信息用E1加密后发送给网络摄像终端;网络摄像终端用E1解密后判断服务平台是否合法,同时获取配置信息;
上述方案中,所述网络摄像终端根据该配置信息向服务平台注册由加密算法E2(E2可以是DES、3DES、RC2、RC4、IDEA、RSA、DSA、AES等加密算法),内置于网络摄像终端和服务平台内;网络摄像终端根据之前的配置信息,向服务平台发送用E2加密的注册信息;服务平台收到请求后用E2解密判断网络摄像终端是否合法,如合法则将注册成功信息用E2加密后发送给网络摄像终端;网络摄像终端用E2解密后判断服务平台是否合法,同时获取注册成功信息。上述方案中,所述网络摄像终端注册成功后,与服务平台保持心跳连接,等待客户端连接请求。
上述方案中,所述步骤(2)中客户端同时也需要与服务平台进行双向认证,认证成功后便可以进行相关操作业务;服务平台转接客户端的操作信令代之执行;若客户端需要网络摄像端的码流,服务平台会从网络摄像端抓取码流并转发给客户端;网络摄像终端用内置加密算法E3(E3可以是DES、3DES、RC2、RC4、IDEA、RSA、DSA、AES等加密算法)及用户自定义密钥(K1)加密音视频码流,加密的码流通过服务平台转发给客户端,由客户端程序内置加密算法E3及用户输入密钥进行解密;如用户输入密钥与加密密钥K1相同,则可完成解密并观看视频;如用户输入密钥与加密密钥K1不同,则无法完成解密。对于上述提及的加密算法E1、E2及E3,能够使得E1、E2和E3这三者分别采用不同的加密算法,或者能够使得三者中任意两个采用相同的加密算法,或能够使得三者都采用相同的加密算法。这全是根据实际应用时对安全等级的需要来设定的。
本发明所述的系统使用了多重加密与认证并结合了高性能物理设备的资源特性,具有安全稳定等特性,可用于多种场合。网络摄像端可以放置在户外,通过无线Wi-Fi或者以太网与路由器连接,通过互联网与服务平台连接。客户端为个人计算机。个人计算机一般位于路由器的局域网内,可访问互联网。
服务平台架构在互联网上,包括以下组成部分:
1.门户信息。用户或客户端访问的门户,通过认证后可进行相关交互操作。
2.信令服务。服务执行客户端的请求操作。
3.网络连接。实现客户端-服务平台-网络摄像机三者之间的连接。
4.码流转发服务。通过服务平台实现音视频码流转发。
5.配置服务。用于网络摄像终端与服务平台以及服务平台与客户端之间的认证信息。
6.数据库。记录所有终端、客户端和服务平台的诗句及使用情况。
由此可见,本发明系统运用服务器-客户端架构和多重认证加密技术并使用了高性能服务器多路资源等,保证了视频流转发的稳定和安全性。服务平台采用的是高性能的物理设备,为保证传输的安全性以及其他性能,选择了将客户端的一切信令转交给服务平台去完成并由服务平台从网络摄像端获取码流并转发给客户端。
具体实施方式
以下结合附图和具体实施例对本发明进行详细描述,但不作为对本发明的限定。
本发明提供的一种视频流安全转发方法,图1为本发明方法架构示意图,如图1所示,该方法包括:
转发服务端与远程摄像机之间的双向认证、客户端与转发服务端之间的认证。两个认证过程一致,以下仅仅阐述客户端与育成转发服务端之间的认证步骤:
1)客户端将自身的公钥发送给转发服务端;
2)转发服务端将自身的公钥发送给客户端;
3)客户端生成随机数并通过转发服务端的公钥进行加密,然后转发给转发服务端;
4)转发服务端生成随机数并通过客户端的公钥进行加密,然后转发给客户端;
5)客户端使用自身的私钥对加密后的随机数进行解密,与自己生成的原始随机数进行对比,若相同,则客户端与转发服务端实现单向认证;
6)转发服务端使用自身的私钥对加密后的随机数进行解密,与自身生成的原始随机数进行对比,若相同,则转发服务端与客户端实现单向认证;
7)步骤5)、6)成功后,转发服务端与客户端之间实现双向认证。
当然,本发明还可有其它多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员当可根据本发明做出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。
Claims (1)
1.一种视频流安全转发方法,该方法采用非对称加密技术实现端与端之间的双向安全认证,其特征在于,包括:
利用非对称加密技术实现端与端之间的双向认证,具体步骤如下:
1)客户端将自身的公钥发送给转发服务端;
2)转发服务端将自身的公钥发送给客户端;
3)客户端生成随机数并通过转发服务端的公钥进行加密,然后转发给转发服务端;
4)转发服务端生成随机数并通过客户端的公钥进行加密,然后转发给客户端;
5)客户端使用自身的私钥对加密后的随机数进行解密,与自己生成的原始随机数进行对比,若相同,则客户端与转发服务端实现单向认证;
6)转发服务端使用自身的私钥对加密后的随机数进行解密,与自身生成的原始随机数进行对比,若相同,则转发服务端与客户端实现单向认证;
7)步骤5)、6)成功后,转发服务端与客户端之间实现双向认证。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711398364.XA CN108184134A (zh) | 2017-12-21 | 2017-12-21 | 一种视频流安全转发方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711398364.XA CN108184134A (zh) | 2017-12-21 | 2017-12-21 | 一种视频流安全转发方法及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108184134A true CN108184134A (zh) | 2018-06-19 |
Family
ID=62547107
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711398364.XA Pending CN108184134A (zh) | 2017-12-21 | 2017-12-21 | 一种视频流安全转发方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108184134A (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218825A (zh) * | 2018-11-09 | 2019-01-15 | 北京京航计算通讯研究所 | 一种视频加密系统 |
CN109725612A (zh) * | 2018-12-17 | 2019-05-07 | 深圳市中行建设工程顾问有限公司 | 一种水电站灌浆集中智能监测系统 |
CN110300287A (zh) * | 2019-07-26 | 2019-10-01 | 华东师范大学 | 一种公共安全视频监控联网摄像头接入认证方法 |
-
2017
- 2017-12-21 CN CN201711398364.XA patent/CN108184134A/zh active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218825A (zh) * | 2018-11-09 | 2019-01-15 | 北京京航计算通讯研究所 | 一种视频加密系统 |
CN109218825B (zh) * | 2018-11-09 | 2020-12-11 | 北京京航计算通讯研究所 | 一种视频加密系统 |
CN109725612A (zh) * | 2018-12-17 | 2019-05-07 | 深圳市中行建设工程顾问有限公司 | 一种水电站灌浆集中智能监测系统 |
CN110300287A (zh) * | 2019-07-26 | 2019-10-01 | 华东师范大学 | 一种公共安全视频监控联网摄像头接入认证方法 |
CN110300287B (zh) * | 2019-07-26 | 2020-12-22 | 华东师范大学 | 一种公共安全视频监控联网摄像头接入认证方法 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8115819B2 (en) | Systems and methods for configuring a camera for access across a network | |
KR101541911B1 (ko) | 사용자 인터페이스에서 보안 서비스를 제공하는 장치 및 방법 | |
CN101420587B (zh) | 网络视频采集装置、网络视频监控系统和方法 | |
CN107483505B (zh) | 一种对视频聊天中的用户隐私进行保护的方法及系统 | |
CN106936788B (zh) | 一种适用于voip语音加密的密钥分发方法 | |
CN110557680B (zh) | 一种音视频数据帧传输方法和系统 | |
CN108184134A (zh) | 一种视频流安全转发方法及系统 | |
KR101508859B1 (ko) | 클라이언트와 서버 간 보안 세션을 수립하기 위한 방법 및 장치 | |
EP1982494A1 (de) | Verfahren, vorrichtung und computerprogrammprodukt zum verschlüsselten übertragen von mediendaten zwischen dem medienserver und dem teilnehmergerät | |
WO2014183540A1 (zh) | 一种视频监控的内容适配方法、系统及中心服务器、装置 | |
CN108174151A (zh) | 视频监控系统及控制方法、视频信息的调用方法 | |
CN108833943A (zh) | 码流的加密协商方法、装置及会议终端 | |
WO2016065787A1 (zh) | 一种rdp数据采集装置及方法 | |
CN104243146A (zh) | 一种加密通信方法、装置及终端 | |
KR101448866B1 (ko) | 웹 보안 프로토콜에 따른 암호화 데이터를 복호화하는 보안 장치 및 그것의 동작 방법 | |
TW201216660A (en) | Method and system for handling security in an IP multimedia gateway | |
CN110719247A (zh) | 终端入网方法和装置 | |
US9825942B2 (en) | System and method of authenticating a live video stream | |
CN112165494A (zh) | 报文分析方法、装置、电子设备及存储介质 | |
CN100428748C (zh) | 一种基于双重身份的多方通信方法 | |
CA2637983A1 (en) | Communication system and method | |
KR20020079044A (ko) | 네트워크 카메라, 홈 게이트웨이 및 홈 오토메이션장치에서의 데이터 보안 유지 방법 및 장치 | |
CN112333088B (zh) | 一种兼容性即时通信传输方法 | |
CN110336836A (zh) | 一种网络过滤服务系统及方法 | |
CN109286598A (zh) | 一种tls通道加密的rdp协议明文数据采集系统及方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180619 |
|
WD01 | Invention patent application deemed withdrawn after publication |