CN108989651A - Credible video camera - Google Patents

Credible video camera Download PDF

Info

Publication number
CN108989651A
CN108989651A CN201811030945.2A CN201811030945A CN108989651A CN 108989651 A CN108989651 A CN 108989651A CN 201811030945 A CN201811030945 A CN 201811030945A CN 108989651 A CN108989651 A CN 108989651A
Authority
CN
China
Prior art keywords
video data
module
video
client
control module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811030945.2A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Zhongke Think Tank Internet Information Safe Technology Ltd
Original Assignee
Shenzhen Zhongke Think Tank Internet Information Safe Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zhongke Think Tank Internet Information Safe Technology Ltd filed Critical Shenzhen Zhongke Think Tank Internet Information Safe Technology Ltd
Priority to CN201811030945.2A priority Critical patent/CN108989651A/en
Publication of CN108989651A publication Critical patent/CN108989651A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N23/00Cameras or camera modules comprising electronic image sensors; Control thereof
    • H04N23/50Constructional details
    • H04N23/54Mounting of pick-up tubes, electronic image sensors, deviation or focusing coils
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N19/00Methods or arrangements for coding, decoding, compressing or decompressing digital video signals
    • H04N19/85Methods or arrangements for coding, decoding, compressing or decompressing digital video signals using pre-processing or post-processing specially adapted for video compression
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network

Abstract

The present invention provides a kind of credible video cameras, it include: video acquisition module, middle control module, network module, trusted root, client, the present invention changes the operating mode of traditional cameras, solves environmental security, Verify Your Identity questions, video data transmission safety problem, the video data that middle control module acquires video acquisition module, by calling the first module of trusted root to be encrypted, the video data of encryption is stored by middle control module to being locally stored in card, it is encoded by middle control module, video data after coding is compressed again, compressed video data is sent to client by network module, client unzips it the video data received, data after decompression are decoded, decoded video data is decrypted by the second module of trusted root, the video data of decryption is for users to use.

Description

Credible video camera
Technical field
The present invention relates to safety-security areas, specifically, being related to a kind of credible video camera.
Background technique
Web camera safety problem has caused the concern of society.Occur in October, 2016 disconnected in the large area in the U.S. Net event causes east coast of the United States area by large area network paralysis, the reason for this is that domain name resolution service provider of U.S. Dyn Caused by ddos attack on the day of company by strength.Dyn company claims this ddos attack behavior to come from 10,000,000 sources IP, In important attack source in internet of things equipment.These equipment are by a kind of Network Intrusion for being known as Mirai virus, large number of equipment Form the Botnet for causing DDOS attack.
Internet of things equipment by Mirai poisoning intrusion includes a large amount of web cameras, these Internet of Things of Mirai virus attack The main means of net equipment are the login username and and uncomplicated password guess when passing through factory.Afterwards, some networks are taken the photograph Camera manufacturer, which has timely updated, logs in password, but the equipment of some manufacturers has used the login mode of fixed the user name and password, Password modification function is not provided.Therefore helpless in face of wreaking havoc for Mirai virus.
In March, 2017 big China Tech skill monitor camera just produced there are security breaches, attacker can log in and completely Control up to 210,000 compromised, the equipment whole world of video camera.
The function of video server is distributed to front end and taken the photograph by video camera on the market mainly based on web camera at present Camera is embedded in web server in front-end camera, is connected to Internet by Ethernet interface, composition one based on The web camera netted very much, but generally existing many safety problems in this video camera.
Summary of the invention
The purpose of the present invention is to provide a kind of credible video cameras, and its role is to provide safe work for video acquisition Make environment, the behavior for any access video camera provides identification, encrypts to storing and transmitting for video data, main The security protection ability of dynamic enhancing video camera, takes precautions against external attack.
The invention is realized in this way a kind of credible video camera, including;
Video acquisition module 101, for acquiring video data, using CCD (Charged Coupled Device) or CMOS (Complementary Metal-Oxide-Semiconductor) imaging sensor acquires video counts under high-frequency clock According to collected data being transferred to middle control resume module, the video data that middle control module has little time processing is put into video buffer pond In;
Middle control module 102 is used for the various processing of video data, encodes to video data, add to video data It is close, the video data of encryption is saved in non-volatile memory banks, authentication is carried out to Terminal Server Client;
Network module 103 for accessing network, and transmits video data, and the mode for accessing network may be access in radio, It is also likely to be wireless access, wireless access includes WiFi (Wireless-Fidelity) and 4G (fourth generation mobile communication technology);
Credible root module 105 is used for safe handling, encryption and decryption authentication information, encryption and decrypted video data, Start prior to camera chain, Environmental security verification is carried out to system;
Client 104 submits identity information to remote service end, calls trusted root for receiving simultaneously decoding video data Module is decrypted or encrypts for identity information and video data, checks user is provided after video data decoding, decompression;
The video data that middle control module 102 acquires video acquisition module 101, by calling the first module of trusted root 105 are encrypted, and the video data of encryption is stored by middle control module 102 to being locally stored in card, by middle control module 102 into Row encodes, and the video data after coding is compressed again, and compressed video data is sent to client 104 by network module 103, Client 104 unzips it the video data received, and the data after decompression are decoded, decoded video data quilt The second module of trusted root 105 is decrypted, and the video data of decryption is for users to use.
Beneficial effects of the present invention are as follows:
The present invention changes the operating mode of traditional cameras, solves environmental security, Verify Your Identity questions, video Data transmission security problem, it is therefore prevented that the hair for the serious safeties events such as IP Camera meets with abduction, hacker attacks, data leak It is raw.
Detailed description of the invention
The present invention will be further described in detail with specific embodiment with reference to the accompanying drawing.
Fig. 1 is the structure chart for the credible video camera that the one of embodiment of the present invention provides.
Fig. 2 is the structure chart for the credible video camera that another embodiment of the present invention provides.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
Fig. 1 shows a kind of structure chart for credible video camera that the one of embodiment of the present invention provides.
In the present embodiment, in video camera server-side, acquire video data using imaging sensor, and to video data into Row encryption, coding, compression, data that treated are sent to client, client unzips it video data, decodes, Video is obtained after decryption.
Video acquisition module accesses ccd sensor by ITU-R BT656/601/1120 standard interface, passes through MIPI (Mobile Industry Processor Interface) interface accesses cmos sensor, and video acquisition module is in high speed Image data is constantly acquired under clock, when network module is in off-line state, video acquisition module is by collected video Data are saved in memory, and are saved in SD (Secure Digital Memory after encrypting by the first module of trusted root Card) in card, when network module is online, collected video data is passed through trusted root the by video acquisition module One module encryption after, then by middle control module coding, compression after, be sent to client.
Trusted root, i.e. TCM, the abbreviation of English Trusted Cryptography Module, is according to China's cryptographic algorithm The trust computing standardized product of independent development, referred to as credible password module are by using a variety of encipher-decipher methods and strategy Guarantee the credible, reliable, safe of host equipment, TCM major function is to provide encryption and decryption platform, security hardening function and identity Authentic authentication function.
Trusted root is in server-side as the first module of trusted root, in video camera starting, priority system starting, to video camera Embedded system carries out integrity measurement, guarantees video camera running environment safety by the verifying of chain-of-trust, trusted root is also to view For frequency according to being encrypted, the user and password that trusted root also logs in client carry out authentication, pass through the use of identity verification Family can just check the video of video camera.
Collected video data is transferred to middle control resume module, the complete video data of middle control resume module by video acquisition module Afterwards, if video data is not transmitted to client by middle control module, video data will be placed to video cache pond, if middle control mould Block is saved in SD card after encrypting video data, and the video data in buffer pool is destroyed, and video buffer pond is released, and is it Its application provides use space.
Smart home field of employment is since locating living environment has wireless router, and network module is using wireless WiFi's Form accesses wireless router, and internet Terminal Server Client is taken the photograph by dynamic-dns (Domain Name System) parsing access The server-side of camera, server-side is provides Video service by the client of authentication.
For enterprise or factory in remote districts, due to lacking cable network, it is difficult to access internet, network module Internet is accessed using the wireless mode of 4G, at this point, internet Terminal Server Client accesses the service of video camera by fixing address End, server-side is provides Video service by the client of authentication.
Client 104 and the embodiment of the present invention can be at the same local area network, can also be in unlimited internet.Client End 104 and the embodiment of the present invention are in the same local area network, such as the terminating machine of an installation client 104,104 He of client The embodiment of the present invention is located in internet, and the two physical distance remote away, for example is located at the prison of client 104 of information centre of city Control is located at the embodiment of the present invention of outlying mountain area.
Client 104 calls the second module of trusted root to carry out identity ciphering, decryption of video, and wherein the second module of trusted root can It can be the trusted root in physical significance, i.e. hardware TCM, it is also possible to which formal trusted root, such as virtual credible root, deriving from can Believe the credible duplication of the first module of root, can also be transmitted from the trusted root positioned at cloud.
The first module of trusted root and the second module of trusted root function having the same, identical security level, its essence is It is identical, it can just be named in this way in order to illustrate facilitating for technical solution, trusted root is not only confined to the first module, the second mould Block, it is also possible to have third module, the 4th module, Nth module, be intended merely to the purpose of narration, these modules are all similarly may be used Believe root.
Fig. 2 shows a kind of structure charts for credible video camera that another embodiment of the present invention provides.
In this embodiment, the invention also includes:
Aperture control module 106 controls exposure intensity for adjusting the aperture size of video camera;
Cradle head control module 107 controls the shooting side of video camera for adjusting the upper and lower position and horizontal position of holder To video camera is fixed on holder, and adjustment video camera is realized by adjusting holder;
Client 104 can remotely adjust the exposure intensity of aperture behind the authentication by local service end, can Adjustment is loaded with the holder position of video camera, but the adjustment order of client 104, is sent to middle control module 102, middle control mould first Block 102 is handed down to the first module of trusted root 105 after determining that the identity for sending order client 104 is errorless, by adjustment order, can Letter root module 105 again verifies adjustment order, if verification is correct, adjustment order is converted to driving instruction, is driven Instruction accurate changes aperture size or holder position, if verification failure, returns to error code to middle control module 102, without taking Any drive actions.
The verification of 105 pairs of credible root module adjustment orders is by the combination of the identity information of client 104, adjustment order It carries out HMAC (Hash-based Message Authentication Code, Hash operation), the result and trusted root of HMAC The HMAC information that module 105 retains is compared, and comparing identical explanation is that same client is said if information comparison is different The bright client is possible to be tampered, and will prevent the execution of the adjustment order of the client.
Client 104 has obtained the authorization of server-side, the identity letter of client 104 when first time accessing server-side Breath, adjustment order are sent to the first module of trusted root and save, wherein the combination that identity information, adjustment are ordered carries out HMAC, what the first module of trusted root saved is HMAC as a result, no before preservation, and the preservation array of trusted root is sky, is not supported Any operation.
The embodiment of the present invention is to having carried out safety certification as the identity information of client, to being sent to qualified client Video data carried out safe encryption, to client issue adjustment order safety check has been carried out by credible root module, These safety measures ensure that the information sent and received all and be safe and reliable, and the embodiment of the present invention belongs to active safety protection Equipment is credible equipment.
The implementation of the present embodiment facilitates the security protection of video data, ensures video counts by the encryption to video data According to be robbed take after still cannot be checked by malicious persons.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (4)

1. a kind of credible video camera characterized by comprising
Video acquisition module 101 is acquired under high-frequency clock for acquiring video data using CCD or cmos image sensor Collected data are transferred to middle control resume module by video data, and the video data that middle control module has little time processing is put into video In buffer pool;
Middle control module 102 is used for the various processing of video data, encodes to video data, encrypt to video data, will The video data of encryption is saved in non-volatile memory banks, carries out authentication to Terminal Server Client;
Network module 103 for accessing network, and transmits video data, and the mode for accessing network may be access in radio, can also It can be wireless access, wireless access includes WiFi and 4G;
Credible root module 105 is used for safe handling, encryption and decryption authentication information, encryption and decrypted video data, prior to Camera chain starting carries out Environmental security verification to system;
Client 104 submits identity information to remote service end, calls credible root module for receiving simultaneously decoding video data Identity information and video data are decrypted or are encrypted, is checked user is provided after video data decoding, decompression;
The middle video data that acquire for video acquisition module 101 of control module 102, by calling the first module of trusted root 105 into The video data of row encryption, encryption is stored by middle control module 102 to being locally stored in card, is compiled by middle control module 102 Yard, the video data after coding is compressed again, and compressed video data is sent to client 104, client by network module 103 End 104 unzips it the video data received, and the data after decompression are decoded, and decoded video data is credible The second module of root 105 is decrypted, and the video data of decryption is for users to use.
2. credible video camera according to claim 1, which is characterized in that the trusted root is in server-side as trusted root One module, in video camera starting, priority system starting carries out integrity measurement to video camera embedded system, by credible The verifying of chain guarantees video camera running environment safety, and trusted root also encrypts video data, and trusted root also steps on client The user in land and password carry out authentication, and the video of video camera can be just checked by the user of identity verification.
3. credible video camera according to claim 1, which is characterized in that further include:
Aperture control module 106 controls exposure intensity for adjusting the aperture size of video camera;Cradle head control module 107 is used In the upper and lower position and horizontal position of adjustment holder, the shooting direction of video camera is controlled, video camera is fixed on holder, and adjustment is taken the photograph Camera is realized by adjusting holder;
Client 104 can remotely adjust the exposure intensity of aperture, can adjust behind the authentication by local service end It is loaded with the holder position of video camera, but the adjustment order of client 104, it is sent to middle control module 102, middle control module first 102 after determining that the identity for sending order client 104 is errorless, and adjustment order is handed down to the first module of trusted root 105, credible Root 105 again verifies adjustment order, if verification is correct, adjustment order is converted to driving instruction, driving instruction essence Really change aperture size or holder position, if verification failure, returns to error code to middle control module 102, without taking any drive Movement.
4. credible video camera according to claim 3, which is characterized in that being carried out as the identity information of client Safety certification has carried out safe encryption to the video data for being sent to qualified client, and the adjustment order issued to client is logical It crosses trusted root and has carried out safety check, these safety measures ensure that the information sent and received all and be safe and reliable, and being can Believe equipment.
CN201811030945.2A 2018-09-05 2018-09-05 Credible video camera Withdrawn CN108989651A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811030945.2A CN108989651A (en) 2018-09-05 2018-09-05 Credible video camera

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811030945.2A CN108989651A (en) 2018-09-05 2018-09-05 Credible video camera

Publications (1)

Publication Number Publication Date
CN108989651A true CN108989651A (en) 2018-12-11

Family

ID=64544810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811030945.2A Withdrawn CN108989651A (en) 2018-09-05 2018-09-05 Credible video camera

Country Status (1)

Country Link
CN (1) CN108989651A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448811A (en) * 2019-09-03 2021-03-05 上海云从汇临人工智能科技有限公司 Data security management method, data security management device and data security management system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006135930A (en) * 2004-08-06 2006-05-25 Canon Inc Image capture apparatus, communication system, transmission method, method for controlling image capture apparatus, and computer program
CN101938462A (en) * 2009-06-30 2011-01-05 安讯士有限公司 Be used to limit the method for the visit of the media data that video camera is produced
CN202600714U (en) * 2012-05-28 2012-12-12 山东神思电子技术股份有限公司 Embedded terminal based on SD (Secure Digital) trusted computing module
US20130219459A1 (en) * 2012-02-21 2013-08-22 Intertrust Technologies Corporation Content management systems and methods
CN103747036A (en) * 2013-12-23 2014-04-23 中国航天科工集团第二研究院七〇六所 Trusted security enhancement method in desktop virtualization environment
US20150046712A1 (en) * 2013-08-08 2015-02-12 Samsung Electronics Co., Ltd. Method of operating data security and electronic device supporting the same
CN104834845A (en) * 2015-05-12 2015-08-12 武汉上博科技有限公司 Implementation method for credible industrial camera
CN105554033A (en) * 2016-02-04 2016-05-04 同方计算机有限公司 Trusted authentication method for image input equipment, and image input equipment thereof
CN207573453U (en) * 2017-06-14 2018-07-03 成都三零凯天通信实业有限公司 A kind of trustable network video camera based on domestic commercial cipher algorithm

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006135930A (en) * 2004-08-06 2006-05-25 Canon Inc Image capture apparatus, communication system, transmission method, method for controlling image capture apparatus, and computer program
CN101938462A (en) * 2009-06-30 2011-01-05 安讯士有限公司 Be used to limit the method for the visit of the media data that video camera is produced
US20130219459A1 (en) * 2012-02-21 2013-08-22 Intertrust Technologies Corporation Content management systems and methods
CN202600714U (en) * 2012-05-28 2012-12-12 山东神思电子技术股份有限公司 Embedded terminal based on SD (Secure Digital) trusted computing module
US20150046712A1 (en) * 2013-08-08 2015-02-12 Samsung Electronics Co., Ltd. Method of operating data security and electronic device supporting the same
CN103747036A (en) * 2013-12-23 2014-04-23 中国航天科工集团第二研究院七〇六所 Trusted security enhancement method in desktop virtualization environment
CN104834845A (en) * 2015-05-12 2015-08-12 武汉上博科技有限公司 Implementation method for credible industrial camera
CN105554033A (en) * 2016-02-04 2016-05-04 同方计算机有限公司 Trusted authentication method for image input equipment, and image input equipment thereof
CN207573453U (en) * 2017-06-14 2018-07-03 成都三零凯天通信实业有限公司 A kind of trustable network video camera based on domestic commercial cipher algorithm

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448811A (en) * 2019-09-03 2021-03-05 上海云从汇临人工智能科技有限公司 Data security management method, data security management device and data security management system

Similar Documents

Publication Publication Date Title
US8763097B2 (en) System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication
CN106685973B (en) Remember method and device, log-in control method and the device of log-on message
US20150195257A1 (en) Securing passwords against dictionary attacks
CN106302502A (en) A kind of secure access authentication method, user terminal and service end
Barbosa et al. Provable security analysis of FIDO2
KR20180075513A (en) Method and apparatus for realizing session identifier synchronization
US20170091463A1 (en) Secure Audit Logging
US10248772B2 (en) Secure communication between a virtual smartcard enclave and a trusted I/O enclave
JP2015504222A (en) Data protection method and system
JP5489775B2 (en) Secret key sharing system, method, data processing apparatus, management server, and program
CN104270347B (en) The methods, devices and systems of security control
CN116032533A (en) Remote office access method and system based on zero trust
KR20220079648A (en) Method and apparatus, computer device, and storage medium for authenticating a biometric payment device
CN111147740B (en) Method and device for controlling intelligent camera
CN114422194A (en) Single package authentication method, device, server and storage medium
CN105516066A (en) Method and device for identifying existence of intermediary
CN113591109B (en) Method and system for communication between trusted execution environment and cloud
US11258766B2 (en) VNF package signing system and VNF package signing method
CN104270346B (en) The methods, devices and systems of two-way authentication
CN108989651A (en) Credible video camera
CN111917803A (en) Cross-network data safety exchange equipment
KR101404537B1 (en) A server access control system by automatically changing user passwords and the method thereof
US11102198B2 (en) Portable security tool for user authentication
KR20020083551A (en) Development and Operation Method of Multiagent Based Multipass User Authentication Systems
Yamamoto et al. A user attestation system using a cellular phone equipped with digital camera

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20181211