CN108989651A - Credible video camera - Google Patents
Credible video camera Download PDFInfo
- Publication number
- CN108989651A CN108989651A CN201811030945.2A CN201811030945A CN108989651A CN 108989651 A CN108989651 A CN 108989651A CN 201811030945 A CN201811030945 A CN 201811030945A CN 108989651 A CN108989651 A CN 108989651A
- Authority
- CN
- China
- Prior art keywords
- video data
- module
- video
- client
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N23/00—Cameras or camera modules comprising electronic image sensors; Control thereof
- H04N23/50—Constructional details
- H04N23/54—Mounting of pick-up tubes, electronic image sensors, deviation or focusing coils
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N19/00—Methods or arrangements for coding, decoding, compressing or decompressing digital video signals
- H04N19/85—Methods or arrangements for coding, decoding, compressing or decompressing digital video signals using pre-processing or post-processing specially adapted for video compression
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
Abstract
The present invention provides a kind of credible video cameras, it include: video acquisition module, middle control module, network module, trusted root, client, the present invention changes the operating mode of traditional cameras, solves environmental security, Verify Your Identity questions, video data transmission safety problem, the video data that middle control module acquires video acquisition module, by calling the first module of trusted root to be encrypted, the video data of encryption is stored by middle control module to being locally stored in card, it is encoded by middle control module, video data after coding is compressed again, compressed video data is sent to client by network module, client unzips it the video data received, data after decompression are decoded, decoded video data is decrypted by the second module of trusted root, the video data of decryption is for users to use.
Description
Technical field
The present invention relates to safety-security areas, specifically, being related to a kind of credible video camera.
Background technique
Web camera safety problem has caused the concern of society.Occur in October, 2016 disconnected in the large area in the U.S.
Net event causes east coast of the United States area by large area network paralysis, the reason for this is that domain name resolution service provider of U.S. Dyn
Caused by ddos attack on the day of company by strength.Dyn company claims this ddos attack behavior to come from 10,000,000 sources IP,
In important attack source in internet of things equipment.These equipment are by a kind of Network Intrusion for being known as Mirai virus, large number of equipment
Form the Botnet for causing DDOS attack.
Internet of things equipment by Mirai poisoning intrusion includes a large amount of web cameras, these Internet of Things of Mirai virus attack
The main means of net equipment are the login username and and uncomplicated password guess when passing through factory.Afterwards, some networks are taken the photograph
Camera manufacturer, which has timely updated, logs in password, but the equipment of some manufacturers has used the login mode of fixed the user name and password,
Password modification function is not provided.Therefore helpless in face of wreaking havoc for Mirai virus.
In March, 2017 big China Tech skill monitor camera just produced there are security breaches, attacker can log in and completely
Control up to 210,000 compromised, the equipment whole world of video camera.
The function of video server is distributed to front end and taken the photograph by video camera on the market mainly based on web camera at present
Camera is embedded in web server in front-end camera, is connected to Internet by Ethernet interface, composition one based on
The web camera netted very much, but generally existing many safety problems in this video camera.
Summary of the invention
The purpose of the present invention is to provide a kind of credible video cameras, and its role is to provide safe work for video acquisition
Make environment, the behavior for any access video camera provides identification, encrypts to storing and transmitting for video data, main
The security protection ability of dynamic enhancing video camera, takes precautions against external attack.
The invention is realized in this way a kind of credible video camera, including;
Video acquisition module 101, for acquiring video data, using CCD (Charged Coupled Device) or
CMOS (Complementary Metal-Oxide-Semiconductor) imaging sensor acquires video counts under high-frequency clock
According to collected data being transferred to middle control resume module, the video data that middle control module has little time processing is put into video buffer pond
In;
Middle control module 102 is used for the various processing of video data, encodes to video data, add to video data
It is close, the video data of encryption is saved in non-volatile memory banks, authentication is carried out to Terminal Server Client;
Network module 103 for accessing network, and transmits video data, and the mode for accessing network may be access in radio,
It is also likely to be wireless access, wireless access includes WiFi (Wireless-Fidelity) and 4G (fourth generation mobile communication technology);
Credible root module 105 is used for safe handling, encryption and decryption authentication information, encryption and decrypted video data,
Start prior to camera chain, Environmental security verification is carried out to system;
Client 104 submits identity information to remote service end, calls trusted root for receiving simultaneously decoding video data
Module is decrypted or encrypts for identity information and video data, checks user is provided after video data decoding, decompression;
The video data that middle control module 102 acquires video acquisition module 101, by calling the first module of trusted root
105 are encrypted, and the video data of encryption is stored by middle control module 102 to being locally stored in card, by middle control module 102 into
Row encodes, and the video data after coding is compressed again, and compressed video data is sent to client 104 by network module 103,
Client 104 unzips it the video data received, and the data after decompression are decoded, decoded video data quilt
The second module of trusted root 105 is decrypted, and the video data of decryption is for users to use.
Beneficial effects of the present invention are as follows:
The present invention changes the operating mode of traditional cameras, solves environmental security, Verify Your Identity questions, video
Data transmission security problem, it is therefore prevented that the hair for the serious safeties events such as IP Camera meets with abduction, hacker attacks, data leak
It is raw.
Detailed description of the invention
The present invention will be further described in detail with specific embodiment with reference to the accompanying drawing.
Fig. 1 is the structure chart for the credible video camera that the one of embodiment of the present invention provides.
Fig. 2 is the structure chart for the credible video camera that another embodiment of the present invention provides.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Fig. 1 shows a kind of structure chart for credible video camera that the one of embodiment of the present invention provides.
In the present embodiment, in video camera server-side, acquire video data using imaging sensor, and to video data into
Row encryption, coding, compression, data that treated are sent to client, client unzips it video data, decodes,
Video is obtained after decryption.
Video acquisition module accesses ccd sensor by ITU-R BT656/601/1120 standard interface, passes through MIPI
(Mobile Industry Processor Interface) interface accesses cmos sensor, and video acquisition module is in high speed
Image data is constantly acquired under clock, when network module is in off-line state, video acquisition module is by collected video
Data are saved in memory, and are saved in SD (Secure Digital Memory after encrypting by the first module of trusted root
Card) in card, when network module is online, collected video data is passed through trusted root the by video acquisition module
One module encryption after, then by middle control module coding, compression after, be sent to client.
Trusted root, i.e. TCM, the abbreviation of English Trusted Cryptography Module, is according to China's cryptographic algorithm
The trust computing standardized product of independent development, referred to as credible password module are by using a variety of encipher-decipher methods and strategy
Guarantee the credible, reliable, safe of host equipment, TCM major function is to provide encryption and decryption platform, security hardening function and identity
Authentic authentication function.
Trusted root is in server-side as the first module of trusted root, in video camera starting, priority system starting, to video camera
Embedded system carries out integrity measurement, guarantees video camera running environment safety by the verifying of chain-of-trust, trusted root is also to view
For frequency according to being encrypted, the user and password that trusted root also logs in client carry out authentication, pass through the use of identity verification
Family can just check the video of video camera.
Collected video data is transferred to middle control resume module, the complete video data of middle control resume module by video acquisition module
Afterwards, if video data is not transmitted to client by middle control module, video data will be placed to video cache pond, if middle control mould
Block is saved in SD card after encrypting video data, and the video data in buffer pool is destroyed, and video buffer pond is released, and is it
Its application provides use space.
Smart home field of employment is since locating living environment has wireless router, and network module is using wireless WiFi's
Form accesses wireless router, and internet Terminal Server Client is taken the photograph by dynamic-dns (Domain Name System) parsing access
The server-side of camera, server-side is provides Video service by the client of authentication.
For enterprise or factory in remote districts, due to lacking cable network, it is difficult to access internet, network module
Internet is accessed using the wireless mode of 4G, at this point, internet Terminal Server Client accesses the service of video camera by fixing address
End, server-side is provides Video service by the client of authentication.
Client 104 and the embodiment of the present invention can be at the same local area network, can also be in unlimited internet.Client
End 104 and the embodiment of the present invention are in the same local area network, such as the terminating machine of an installation client 104,104 He of client
The embodiment of the present invention is located in internet, and the two physical distance remote away, for example is located at the prison of client 104 of information centre of city
Control is located at the embodiment of the present invention of outlying mountain area.
Client 104 calls the second module of trusted root to carry out identity ciphering, decryption of video, and wherein the second module of trusted root can
It can be the trusted root in physical significance, i.e. hardware TCM, it is also possible to which formal trusted root, such as virtual credible root, deriving from can
Believe the credible duplication of the first module of root, can also be transmitted from the trusted root positioned at cloud.
The first module of trusted root and the second module of trusted root function having the same, identical security level, its essence is
It is identical, it can just be named in this way in order to illustrate facilitating for technical solution, trusted root is not only confined to the first module, the second mould
Block, it is also possible to have third module, the 4th module, Nth module, be intended merely to the purpose of narration, these modules are all similarly may be used
Believe root.
Fig. 2 shows a kind of structure charts for credible video camera that another embodiment of the present invention provides.
In this embodiment, the invention also includes:
Aperture control module 106 controls exposure intensity for adjusting the aperture size of video camera;
Cradle head control module 107 controls the shooting side of video camera for adjusting the upper and lower position and horizontal position of holder
To video camera is fixed on holder, and adjustment video camera is realized by adjusting holder;
Client 104 can remotely adjust the exposure intensity of aperture behind the authentication by local service end, can
Adjustment is loaded with the holder position of video camera, but the adjustment order of client 104, is sent to middle control module 102, middle control mould first
Block 102 is handed down to the first module of trusted root 105 after determining that the identity for sending order client 104 is errorless, by adjustment order, can
Letter root module 105 again verifies adjustment order, if verification is correct, adjustment order is converted to driving instruction, is driven
Instruction accurate changes aperture size or holder position, if verification failure, returns to error code to middle control module 102, without taking
Any drive actions.
The verification of 105 pairs of credible root module adjustment orders is by the combination of the identity information of client 104, adjustment order
It carries out HMAC (Hash-based Message Authentication Code, Hash operation), the result and trusted root of HMAC
The HMAC information that module 105 retains is compared, and comparing identical explanation is that same client is said if information comparison is different
The bright client is possible to be tampered, and will prevent the execution of the adjustment order of the client.
Client 104 has obtained the authorization of server-side, the identity letter of client 104 when first time accessing server-side
Breath, adjustment order are sent to the first module of trusted root and save, wherein the combination that identity information, adjustment are ordered carries out
HMAC, what the first module of trusted root saved is HMAC as a result, no before preservation, and the preservation array of trusted root is sky, is not supported
Any operation.
The embodiment of the present invention is to having carried out safety certification as the identity information of client, to being sent to qualified client
Video data carried out safe encryption, to client issue adjustment order safety check has been carried out by credible root module,
These safety measures ensure that the information sent and received all and be safe and reliable, and the embodiment of the present invention belongs to active safety protection
Equipment is credible equipment.
The implementation of the present embodiment facilitates the security protection of video data, ensures video counts by the encryption to video data
According to be robbed take after still cannot be checked by malicious persons.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (4)
1. a kind of credible video camera characterized by comprising
Video acquisition module 101 is acquired under high-frequency clock for acquiring video data using CCD or cmos image sensor
Collected data are transferred to middle control resume module by video data, and the video data that middle control module has little time processing is put into video
In buffer pool;
Middle control module 102 is used for the various processing of video data, encodes to video data, encrypt to video data, will
The video data of encryption is saved in non-volatile memory banks, carries out authentication to Terminal Server Client;
Network module 103 for accessing network, and transmits video data, and the mode for accessing network may be access in radio, can also
It can be wireless access, wireless access includes WiFi and 4G;
Credible root module 105 is used for safe handling, encryption and decryption authentication information, encryption and decrypted video data, prior to
Camera chain starting carries out Environmental security verification to system;
Client 104 submits identity information to remote service end, calls credible root module for receiving simultaneously decoding video data
Identity information and video data are decrypted or are encrypted, is checked user is provided after video data decoding, decompression;
The middle video data that acquire for video acquisition module 101 of control module 102, by calling the first module of trusted root 105 into
The video data of row encryption, encryption is stored by middle control module 102 to being locally stored in card, is compiled by middle control module 102
Yard, the video data after coding is compressed again, and compressed video data is sent to client 104, client by network module 103
End 104 unzips it the video data received, and the data after decompression are decoded, and decoded video data is credible
The second module of root 105 is decrypted, and the video data of decryption is for users to use.
2. credible video camera according to claim 1, which is characterized in that the trusted root is in server-side as trusted root
One module, in video camera starting, priority system starting carries out integrity measurement to video camera embedded system, by credible
The verifying of chain guarantees video camera running environment safety, and trusted root also encrypts video data, and trusted root also steps on client
The user in land and password carry out authentication, and the video of video camera can be just checked by the user of identity verification.
3. credible video camera according to claim 1, which is characterized in that further include:
Aperture control module 106 controls exposure intensity for adjusting the aperture size of video camera;Cradle head control module 107 is used
In the upper and lower position and horizontal position of adjustment holder, the shooting direction of video camera is controlled, video camera is fixed on holder, and adjustment is taken the photograph
Camera is realized by adjusting holder;
Client 104 can remotely adjust the exposure intensity of aperture, can adjust behind the authentication by local service end
It is loaded with the holder position of video camera, but the adjustment order of client 104, it is sent to middle control module 102, middle control module first
102 after determining that the identity for sending order client 104 is errorless, and adjustment order is handed down to the first module of trusted root 105, credible
Root 105 again verifies adjustment order, if verification is correct, adjustment order is converted to driving instruction, driving instruction essence
Really change aperture size or holder position, if verification failure, returns to error code to middle control module 102, without taking any drive
Movement.
4. credible video camera according to claim 3, which is characterized in that being carried out as the identity information of client
Safety certification has carried out safe encryption to the video data for being sent to qualified client, and the adjustment order issued to client is logical
It crosses trusted root and has carried out safety check, these safety measures ensure that the information sent and received all and be safe and reliable, and being can
Believe equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811030945.2A CN108989651A (en) | 2018-09-05 | 2018-09-05 | Credible video camera |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811030945.2A CN108989651A (en) | 2018-09-05 | 2018-09-05 | Credible video camera |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108989651A true CN108989651A (en) | 2018-12-11 |
Family
ID=64544810
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811030945.2A Withdrawn CN108989651A (en) | 2018-09-05 | 2018-09-05 | Credible video camera |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108989651A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112448811A (en) * | 2019-09-03 | 2021-03-05 | 上海云从汇临人工智能科技有限公司 | Data security management method, data security management device and data security management system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006135930A (en) * | 2004-08-06 | 2006-05-25 | Canon Inc | Image capture apparatus, communication system, transmission method, method for controlling image capture apparatus, and computer program |
CN101938462A (en) * | 2009-06-30 | 2011-01-05 | 安讯士有限公司 | Be used to limit the method for the visit of the media data that video camera is produced |
CN202600714U (en) * | 2012-05-28 | 2012-12-12 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (Secure Digital) trusted computing module |
US20130219459A1 (en) * | 2012-02-21 | 2013-08-22 | Intertrust Technologies Corporation | Content management systems and methods |
CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
US20150046712A1 (en) * | 2013-08-08 | 2015-02-12 | Samsung Electronics Co., Ltd. | Method of operating data security and electronic device supporting the same |
CN104834845A (en) * | 2015-05-12 | 2015-08-12 | 武汉上博科技有限公司 | Implementation method for credible industrial camera |
CN105554033A (en) * | 2016-02-04 | 2016-05-04 | 同方计算机有限公司 | Trusted authentication method for image input equipment, and image input equipment thereof |
CN207573453U (en) * | 2017-06-14 | 2018-07-03 | 成都三零凯天通信实业有限公司 | A kind of trustable network video camera based on domestic commercial cipher algorithm |
-
2018
- 2018-09-05 CN CN201811030945.2A patent/CN108989651A/en not_active Withdrawn
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006135930A (en) * | 2004-08-06 | 2006-05-25 | Canon Inc | Image capture apparatus, communication system, transmission method, method for controlling image capture apparatus, and computer program |
CN101938462A (en) * | 2009-06-30 | 2011-01-05 | 安讯士有限公司 | Be used to limit the method for the visit of the media data that video camera is produced |
US20130219459A1 (en) * | 2012-02-21 | 2013-08-22 | Intertrust Technologies Corporation | Content management systems and methods |
CN202600714U (en) * | 2012-05-28 | 2012-12-12 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (Secure Digital) trusted computing module |
US20150046712A1 (en) * | 2013-08-08 | 2015-02-12 | Samsung Electronics Co., Ltd. | Method of operating data security and electronic device supporting the same |
CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
CN104834845A (en) * | 2015-05-12 | 2015-08-12 | 武汉上博科技有限公司 | Implementation method for credible industrial camera |
CN105554033A (en) * | 2016-02-04 | 2016-05-04 | 同方计算机有限公司 | Trusted authentication method for image input equipment, and image input equipment thereof |
CN207573453U (en) * | 2017-06-14 | 2018-07-03 | 成都三零凯天通信实业有限公司 | A kind of trustable network video camera based on domestic commercial cipher algorithm |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112448811A (en) * | 2019-09-03 | 2021-03-05 | 上海云从汇临人工智能科技有限公司 | Data security management method, data security management device and data security management system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8763097B2 (en) | System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication | |
CN106685973B (en) | Remember method and device, log-in control method and the device of log-on message | |
US20150195257A1 (en) | Securing passwords against dictionary attacks | |
CN106302502A (en) | A kind of secure access authentication method, user terminal and service end | |
Barbosa et al. | Provable security analysis of FIDO2 | |
KR20180075513A (en) | Method and apparatus for realizing session identifier synchronization | |
US20170091463A1 (en) | Secure Audit Logging | |
US10248772B2 (en) | Secure communication between a virtual smartcard enclave and a trusted I/O enclave | |
JP2015504222A (en) | Data protection method and system | |
JP5489775B2 (en) | Secret key sharing system, method, data processing apparatus, management server, and program | |
CN104270347B (en) | The methods, devices and systems of security control | |
CN116032533A (en) | Remote office access method and system based on zero trust | |
KR20220079648A (en) | Method and apparatus, computer device, and storage medium for authenticating a biometric payment device | |
CN111147740B (en) | Method and device for controlling intelligent camera | |
CN114422194A (en) | Single package authentication method, device, server and storage medium | |
CN105516066A (en) | Method and device for identifying existence of intermediary | |
CN113591109B (en) | Method and system for communication between trusted execution environment and cloud | |
US11258766B2 (en) | VNF package signing system and VNF package signing method | |
CN104270346B (en) | The methods, devices and systems of two-way authentication | |
CN108989651A (en) | Credible video camera | |
CN111917803A (en) | Cross-network data safety exchange equipment | |
KR101404537B1 (en) | A server access control system by automatically changing user passwords and the method thereof | |
US11102198B2 (en) | Portable security tool for user authentication | |
KR20020083551A (en) | Development and Operation Method of Multiagent Based Multipass User Authentication Systems | |
Yamamoto et al. | A user attestation system using a cellular phone equipped with digital camera |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181211 |