CN109639627B - Encryption mode switching method and device - Google Patents
Encryption mode switching method and device Download PDFInfo
- Publication number
- CN109639627B CN109639627B CN201811246830.7A CN201811246830A CN109639627B CN 109639627 B CN109639627 B CN 109639627B CN 201811246830 A CN201811246830 A CN 201811246830A CN 109639627 B CN109639627 B CN 109639627B
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted data
- video
- video networking
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Abstract
The embodiment of the invention provides an encryption mode switching method and device, which are applied to a video network. The method comprises the following steps: acquiring video networking encrypted data; analyzing the video networking encrypted data into a format specified by a video networking protocol; decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data; and re-encrypting the decrypted video networking data by using a second encryption mode. Therefore, the encryption mode of the encrypted data is switched in the video network, and the flexibility of switching the encryption mode of the data in the video network is improved.
Description
Technical Field
The present invention relates to the field of video networking technologies, and in particular, to an encryption scheme switching method and an encryption scheme switching apparatus.
Background
With the rapid development of network technologies, communication and data transmission via networks are becoming more and more dense with people's lives. In order to ensure the security of network data transmission, the transmission data needs to be encrypted.
The existing data encryption modes are various, and the advantages and the disadvantages of different encryption modes are not completely the same, so different users may prefer different encryption modes. However, in the video networking environment, a switching mechanism for the encryption mode does not exist at present, so that the data encryption mode is inflexible, and the personalized encryption requirements of different users cannot be met.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide an encryption scheme switching method and a corresponding encryption scheme switching apparatus that overcome or at least partially solve the above problems.
In order to solve the above problem, an embodiment of the present invention discloses an encryption mode switching method, which is applied to a video network and includes:
acquiring video networking encrypted data;
analyzing the video networking encrypted data into a format specified by a video networking protocol;
decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data;
and re-encrypting the decrypted video networking data by using a second encryption mode.
Optionally, the step of parsing the internet-of-view encrypted data into a format specified by an internet-of-view protocol includes:
acquiring a data packet signaling of the video networking encrypted data;
determining a function point of the video networking encrypted data based on the data packet signaling;
determining the analytic format of the video networking encrypted data according to the function point;
and carrying out data analysis on the video networking encrypted data based on the analysis format.
Optionally, the step of obtaining the packet signaling of the internet of view encrypted data includes:
and acquiring a data packet signaling of the encrypted data of the video network from a data packet header of the encrypted data of the video network.
Optionally, the step of re-encrypting the decrypted video networking data by using a second encryption method includes:
the decrypted video networking data is re-encrypted by using a second encryption mode;
and packaging the re-encrypted video networking data to obtain the video networking encrypted data with the switched encryption mode.
Optionally, the first encryption scheme includes one of an RC4 encryption scheme and an SM4 encryption scheme, the second encryption scheme includes one of an RC4 encryption scheme and an SM4 encryption scheme, and the first encryption scheme and the second encryption scheme are different from each other.
The embodiment of the invention also discloses an encryption mode switching device, which is applied to the video network and comprises the following components:
the original encrypted data acquisition module is used for acquiring the encrypted data of the video network;
the data analysis module is used for analyzing the video networking encrypted data into a format specified by a video networking protocol;
the decryption module is used for decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data;
and the re-encryption module is used for re-encrypting the decrypted video networking data by utilizing a second encryption mode.
Optionally, the data parsing module includes:
the signaling acquisition submodule is used for acquiring a data packet signaling of the video networking encrypted data;
the function point confirming submodule is used for confirming the function point of the video network encrypted data based on the data packet signaling;
the analysis format determining submodule is used for determining the analysis format of the video network encryption data according to the function point;
and the data analysis submodule is used for carrying out data analysis on the video networking encrypted data based on the analysis format.
Optionally, the signaling obtaining sub-module is further configured to obtain a data packet signaling of the encrypted data of the video network from a data packet header of the encrypted data of the video network.
Optionally, the re-encryption module includes:
the re-encryption sub-module is used for re-encrypting the decrypted video networking data by using a second encryption mode;
and the data packaging sub-module is used for packaging the video networking data after being encrypted again to obtain the video networking encrypted data after the encryption mode is switched.
Optionally, the first encryption scheme includes one of an RC4 encryption scheme and an SM4 encryption scheme, the second encryption scheme includes one of an RC4 encryption scheme and an SM4 encryption scheme, and the first encryption scheme and the second encryption scheme are different from each other.
The embodiment of the invention has the following advantages:
the embodiment of the invention applies the characteristics of the video network, and the encrypted data of the video network is obtained; analyzing the video networking encrypted data into a format specified by a video networking protocol; decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data; and re-encrypting the decrypted video networking data by using a second encryption mode. Therefore, the encryption mode of the encrypted data can be switched in the video network, and the flexibility of the encryption mode of the data in the video network is improved.
Drawings
FIG. 1 is a schematic networking diagram of a video network of the present invention;
FIG. 2 is a schematic diagram of a hardware architecture of a node server according to the present invention;
fig. 3 is a schematic diagram of a hardware structure of an access switch of the present invention;
fig. 4 is a schematic diagram of a hardware structure of an ethernet protocol conversion gateway according to the present invention;
FIG. 5 is a flowchart illustrating steps of an embodiment of a method for switching encryption schemes according to the present invention;
fig. 6 is a block diagram of an embodiment of an encryption scheme switching apparatus according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.
The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like on a system platform on a network platform, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcast control, information distribution and the like, and realizes high-definition quality video broadcast through a television or a computer.
To better understand the embodiments of the present invention, the following description refers to the internet of view:
some of the technologies applied in the video networking are as follows:
network technology (network technology)
Network technology innovation in video networking has improved over traditional Ethernet (Ethernet) to face the potentially enormous video traffic on the network. Unlike pure network Packet Switching (Packet Switching) or network Circuit Switching (Circuit Switching), the Packet Switching is adopted by the technology of the video networking to meet the Streaming requirement. The video networking technology has the advantages of flexibility, simplicity and low price of packet switching, and simultaneously has the quality and safety guarantee of circuit switching, thereby realizing the seamless connection of the whole network switching type virtual circuit and the data format.
Switching Technology (Switching Technology)
The video network adopts two advantages of asynchronism and packet switching of the Ethernet, eliminates the defects of the Ethernet on the premise of full compatibility, has end-to-end seamless connection of the whole network, is directly communicated with a user terminal, and directly bears an IP data packet. The user data does not require any format conversion across the entire network. The video networking is a higher-level form of the Ethernet, is a real-time exchange platform, can realize the real-time transmission of the whole-network large-scale high-definition video which cannot be realized by the existing Internet, and pushes a plurality of network video applications to high-definition and unification.
Server technology (Servertechnology)
The server technology on the video networking and unified video platform is different from the traditional server, the streaming media transmission of the video networking and unified video platform is established on the basis of connection orientation, the data processing capacity of the video networking and unified video platform is independent of flow and communication time, and a single network layer can contain signaling and data transmission. For voice and video services, the complexity of video networking and unified video platform streaming media processing is much simpler than that of data processing, and the efficiency is greatly improved by more than one hundred times compared with that of a traditional server.
Storage Technology (Storage Technology)
The super-high speed storage technology of the unified video platform adopts the most advanced real-time operating system in order to adapt to the media content with super-large capacity and super-large flow, the program information in the server instruction is mapped to the specific hard disk space, the media content is not passed through the server any more, and is directly sent to the user terminal instantly, and the general waiting time of the user is less than 0.2 second. The optimized sector distribution greatly reduces the mechanical motion of the magnetic head track seeking of the hard disk, the resource consumption only accounts for 20% of that of the IP internet of the same grade, but concurrent flow which is 3 times larger than that of the traditional hard disk array is generated, and the comprehensive efficiency is improved by more than 10 times.
Network Security Technology (Network Security Technology)
The structural design of the video network completely eliminates the network security problem troubling the internet structurally by the modes of independent service permission control each time, complete isolation of equipment and user data and the like, generally does not need antivirus programs and firewalls, avoids the attack of hackers and viruses, and provides a structural carefree security network for users.
Service Innovation Technology (Service Innovation Technology)
The unified video platform integrates services and transmission, and is not only automatically connected once whether a single user, a private network user or a network aggregate. The user terminal, the set-top box or the PC are directly connected to the unified video platform to obtain various multimedia video services in various forms. The unified video platform adopts a menu type configuration table mode to replace the traditional complex application programming, can realize complex application by using very few codes, and realizes infinite new service innovation.
Networking of the video network is as follows:
the video network is a centralized control network structure, and the network can be a tree network, a star network, a ring network and the like, but on the basis of the centralized control node, the whole network is controlled by the centralized control node in the network.
As shown in fig. 1, the video network is divided into an access network and a metropolitan network.
The devices of the access network part can be mainly classified into 3 types: node server, access switch, terminal (including various set-top boxes, coding boards, memories, etc.). The node server is connected to an access switch, which may be connected to a plurality of terminals and may be connected to an ethernet network.
The node server is a node which plays a centralized control function in the access network and can control the access switch and the terminal. The node server can be directly connected with the access switch or directly connected with the terminal.
Similarly, devices of the metropolitan network portion may also be classified into 3 types: a metropolitan area server, a node switch and a node server. The metro server is connected to a node switch, which may be connected to a plurality of node servers.
The node server is a node server of the access network part, namely the node server belongs to both the access network part and the metropolitan area network part.
The metropolitan area server is a node which plays a centralized control function in the metropolitan area network and can control a node switch and a node server. The metropolitan area server can be directly connected with the node switch or directly connected with the node server.
Therefore, the whole video network is a network structure with layered centralized control, and the network controlled by the node server and the metropolitan area server can be in various structures such as tree, star and ring.
The access network part can form a unified video platform (the part in the dotted circle), and a plurality of unified video platforms can form a video network; each unified video platform may be interconnected via metropolitan area and wide area video networking.
Video networking device classification
1.1 devices in the video network of the embodiment of the present invention can be mainly classified into 3 types: servers, switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.). The video network as a whole can be divided into a metropolitan area network (or national network, global network, etc.) and an access network.
1.2 wherein the devices of the access network part can be mainly classified into 3 types: node servers, access switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.).
The specific hardware structure of each access network device is as follows:
a node server:
as shown in fig. 2, the system mainly includes a network interface module 201, a switching engine module 202, a CPU module 203, and a disk array module 204;
the network interface module 201, the CPU module 203, and the disk array module 204 all enter the switching engine module 202; the switching engine module 202 performs an operation of looking up the address table 205 on the incoming packet, thereby obtaining the direction information of the packet; and stores the packet in a queue of the corresponding packet buffer 206 based on the packet's steering information; if the queue of the packet buffer 206 is nearly full, it is discarded; the switching engine module 202 polls all packet buffer queues for forwarding if the following conditions are met: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero. The disk array module 204 mainly implements control over the hard disk, including initialization, read-write, and other operations on the hard disk; the CPU module 203 is mainly responsible for protocol processing with an access switch and a terminal (not shown in the figure), configuring an address table 205 (including a downlink protocol packet address table, an uplink protocol packet address table, and a data packet address table), and configuring the disk array module 204.
The access switch:
as shown in fig. 3, the network interface module mainly includes a network interface module (a downlink network interface module 301 and an uplink network interface module 302), a switching engine module 303 and a CPU module 304;
wherein, the packet (uplink data) coming from the downlink network interface module 301 enters the packet detection module 305; the packet detection module 305 detects whether the Destination Address (DA), the Source Address (SA), the packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id) and enters the switching engine module 303, otherwise, discards the stream identifier; the packet (downstream data) coming from the upstream network interface module 302 enters the switching engine module 303; the data packet coming from the CPU module 204 enters the switching engine module 303; the switching engine module 303 performs an operation of looking up the address table 306 on the incoming packet, thereby obtaining the direction information of the packet; if the packet entering the switching engine module 303 is from the downstream network interface to the upstream network interface, the packet is stored in the queue of the corresponding packet buffer 307 in association with the stream-id; if the queue of the packet buffer 307 is nearly full, it is discarded; if the packet entering the switching engine module 303 is not from the downlink network interface to the uplink network interface, the data packet is stored in the queue of the corresponding packet buffer 307 according to the guiding information of the packet; if the queue of the packet buffer 307 is nearly full, it is discarded.
The switching engine module 303 polls all packet buffer queues, which in this embodiment of the present invention is divided into two cases:
if the queue is from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queued packet counter is greater than zero; 3) obtaining a token generated by a code rate control module;
if the queue is not from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero.
The rate control module 208 is configured by the CPU module 204, and generates tokens for packet buffer queues from all downstream network interfaces to upstream network interfaces at programmable intervals to control the rate of upstream forwarding.
The CPU module 304 is mainly responsible for protocol processing with the node server, configuration of the address table 306, and configuration of the code rate control module 308.
Ethernet protocol conversion gateway:
As shown in fig. 4, the apparatus mainly includes a network interface module (a downlink network interface module 401 and an uplink network interface module 402), a switching engine module 403, a CPU module 404, a packet detection module 405, a rate control module 408, an address table 406, a packet buffer 407, a MAC adding module 409, and a MAC deleting module 410.
Wherein, the data packet coming from the downlink network interface module 401 enters the packet detection module 405; the packet detection module 405 detects whether the ethernet MAC DA, the ethernet MAC SA, the ethernet length or frame type, the video network destination address DA, the video network source address SA, the video network packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id); then, the MAC deletion module 410 subtracts MAC DA, MAC SA, length or frame type (2byte) and enters the corresponding receiving buffer, otherwise, discards it;
the downlink network interface module 401 detects the sending buffer of the port, and if there is a packet, obtains the ethernet MAC DA of the corresponding terminal according to the destination address DA of the packet, adds the ethernet MAC DA of the terminal, the MAC SA of the ethernet protocol gateway, and the ethernet length or frame type, and sends the packet.
The other modules in the ethernet protocol gateway function similarly to the access switch.
A terminal:
the system mainly comprises a network interface module, a service processing module and a CPU module; for example, the set-top box mainly comprises a network interface module, a video and audio coding and decoding engine module and a CPU module; the coding board mainly comprises a network interface module, a video and audio coding engine module and a CPU module; the memory mainly comprises a network interface module, a CPU module and a disk array module.
1.3 devices of the metropolitan area network part can be mainly classified into 2 types: node server, node exchanger, metropolitan area server. The node switch mainly comprises a network interface module, a switching engine module and a CPU module; the metropolitan area server mainly comprises a network interface module, a switching engine module and a CPU module.
2. Video networking packet definition
2.1 Access network packet definition
The data packet of the access network mainly comprises the following parts: destination Address (DA), Source Address (SA), reserved bytes, payload (pdu), CRC.
As shown in the following table, the data packet of the access network mainly includes the following parts:
| DA | SA | Reserved | Payload | CRC |
wherein:
the Destination Address (DA) is composed of 8 bytes (byte), the first byte represents the type of the data packet (such as various protocol packets, multicast data packets, unicast data packets, etc.), there are 256 possibilities at most, the second byte to the sixth byte are metropolitan area network addresses, and the seventh byte and the eighth byte are access network addresses;
the Source Address (SA) is also composed of 8 bytes (byte), defined as the same as the Destination Address (DA);
the reserved byte consists of 2 bytes;
the payload part has different lengths according to different types of datagrams, and is 64 bytes if the datagram is various types of protocol packets, and is 32+1024 or 1056 bytes if the datagram is a unicast packet, of course, the length is not limited to the above 2 types;
the CRC consists of 4 bytes and is calculated in accordance with the standard ethernet CRC algorithm.
2.2 metropolitan area network packet definition
The topology of a metropolitan area network is a graph and there may be 2, or even more than 2, connections between two devices, i.e., there may be more than 2 connections between a node switch and a node server, a node switch and a node switch, and a node switch and a node server. However, the metro network address of the metro network device is unique, and in order to accurately describe the connection relationship between the metro network devices, parameters are introduced in the embodiment of the present invention: a label to uniquely describe a metropolitan area network device.
In this specification, the definition of the Label is similar to that of the Label of MPLS (Multi-Protocol Label Switch), and assuming that there are two connections between the device a and the device B, there are 2 labels for the packet from the device a to the device B, and 2 labels for the packet from the device B to the device a. The label is classified into an incoming label and an outgoing label, and assuming that the label (incoming label) of the packet entering the device a is 0x0000, the label (outgoing label) of the packet leaving the device a may become 0x 0001. The network access process of the metro network is a network access process under centralized control, that is, address allocation and label allocation of the metro network are both dominated by the metro server, and the node switch and the node server are both passively executed, which is different from label allocation of MPLS, and label allocation of MPLS is a result of mutual negotiation between the switch and the server.
As shown in the following table, the data packet of the metro network mainly includes the following parts:
| DA | SA | Reserved | label (R) | Payload | CRC |
Namely Destination Address (DA), Source Address (SA), Reserved byte (Reserved), tag, payload (pdu), CRC. The format of the tag may be defined by reference to the following: the tag is 32 bits with the upper 16 bits reserved and only the lower 16 bits used, and its position is between the reserved bytes and payload of the packet.
3. Implementation of video networking
The network access process between the node server and the access switch, and between the node server and the terminal are discussed below. To simplify the design, the data packet types in the access network are defined as 4 types, respectively:
a downlink protocol packet (a protocol packet sent to an access switch and a terminal by a node server);
an uplink protocol packet (a protocol packet responded to the node server by the access switch and the terminal);
unicast data packet;
multicasting the data packet;
the total address of the access network is 16 bits, so the total number of the accessible access switches and terminals is 65536, and assuming that the datagram type of the downstream protocol packet is "10000000" (binary), that is, 0x80 (hexadecimal), the datagram type of the upstream protocol packet is "00001000" (binary), that is, 0x08 (hexadecimal), the datagram type of the unicast data packet is "00010000" (binary), that is, 0x10 (hexadecimal), the datagram type of the multicast data packet is "01111000" (binary), that is, 0x78 (hexadecimal), by combining the same kind of entries, the 8-bit long address table can be mapped into a 2-bit long address table, for example:
"10000000" ═ 00 ", the address table of the downlink protocol packet is defined as a number 0 table in the embodiment of the present invention;
"00001000" ═ 01 ", the address table of the upstream protocol packet, define as the table of number 1 in the embodiment of the invention;
"00010000" ═ 10 ", the address table of the unicast data packet is defined as table No. 2 in the embodiment of the present invention;
"01111000" - "11", the address table of the multicast packet is defined as a table No. 3 in the embodiment of the present invention;
in combination with the 16-bit access network address, in practice, only 4 address tables of 64K-4 x 65536, that is, 256K are needed, and the output of the address table indicates the port to which the packet is directed. For example, one of the access switches BX-008 has 1 upstream hundred mega network port, 8 downstream hundred mega network ports, and 1 CPU module interface. If 8 downstream hundred mega network ports are sequentially defined as port No. 0 to port No. 7, the CPU module interface is defined as port No. 8, and 1 upstream hundred mega network port is defined as port No. 9, 256K x10 bit address tables are required in total, for example, the output of the address table is "0000000001" to indicate port No. 0 to which a packet is directed, "1100000000" to indicate port No. 8 and port No. 9 to which a packet is directed, and so on.
Assuming that the Destination Address (DA) of a packet incoming from port number 9 is 0x 80560 x 15000 x 00000x55aa, the packet type is 0x80, the access network address is 0x55aa, and according to the table lookup rule, the table number 0 is looked up, i.e. the address is "000101010110101010", and the output of the address table corresponding to the address is "0100000000", indicating that the packet is directed to port number 8.
3.1 Access network flow of Access network device
3.1.1 the network access process of the access switch:
firstly, each access switch allowed to be accessed to the network must be registered in the node server, and the access switches which are not registered cannot be accessed to the network. As shown in fig. 4, the process of accessing the network by the access switch involves the following steps:
s1, the node server sends a query packet to each port, the access switch sends a response packet after receiving the query packet, and the response packet contains the registration information of the current access switch;
s2, after receiving the response packet sent by the access switch, the node server knows which port is connected with an access switch, then finds the access switch information in the registration information table in the node server, sends a network access command (informing the access network address) to the access switch, and the access switch accesses the network after receiving the network access command and sends a network access command response to the node server;
s3, the node server knows the access exchanger has accessed the network after receiving the response of the access command sent by the access exchanger, then sends a state inquiry packet to the port at regular time, checks whether the access exchanger works normally, and simultaneously sends a port inquiry packet to the downlink port of the access exchanger, checks whether other access network equipment is connected below the access exchanger. And if the current access switch works normally, the current access switch sends a state query response to the node server after receiving the equipment state query instruction. When the node server does not receive the state inquiry response within a period of time, the access switch is considered to be moved out of the network, the state inquiry packet is not sent any more, and the inquiry packet is continuously sent to the port.
3.1.2 network access process of the terminal:
first, each terminal allowed to access the network must be registered in the node server, and terminals that are not registered cannot access the network. The process of accessing the network by the terminal comprises the following steps: s1, the node server sends a query packet to each port, and the terminal sends a response packet after receiving the query packet, wherein the response packet comprises the registration information of the terminal;
s2, after receiving the response packet sent by the terminal, the node server knows which terminal (set-top box, coding board or memory) is connected to which port, then finds the information of the terminal in the registration information table in the node server, sends the network access command (telling the access network address of the terminal) to the terminal, and the terminal accesses the network after receiving the network access command and sends the network access command response to the node server;
s3, the node server receives the response of the network access command from the terminal to know that the terminal has accessed the network, and then sends a state inquiry packet to the port at regular time to check whether the terminal is working normally. And if the terminal works normally, the terminal sends a state query response to the node server after receiving the state query packet. When the node server does not receive the state inquiry response within a period of time, the node server considers that the terminal is moved out of the network, does not send the state inquiry packet any more, and continues to send the inquiry packet to the port.
Based on the above characteristics of the video network, one of the core concepts of the embodiments of the present invention is proposed, and the encryption mode of the encrypted data transmitted by the video network is switched according to the protocol of the video network.
Referring to fig. 5, a flowchart illustrating steps of an embodiment of an encryption method switching method according to the present invention is shown, where the method may be applied to a video network, and specifically may include the following steps:
and step 501, acquiring the video networking encrypted data.
The video network encryption data may be transmitted in the video network, or may be any encryption data of any video client, which is not limited in the embodiment of the present invention. Moreover, the original video network data which needs to be switched in the encryption mode can be selected by the user according to the own encryption requirement.
Of course, in the embodiment of the present invention, the unencrypted data may also be encrypted, and then the original networking video data to be encrypted may be obtained at this time, and the subsequent steps are performed on the original networking video data to encrypt the original networking video data, which is also not limited in the embodiment of the present invention.
In practical applications, the internet of view protocol has a corresponding requirement for data format, so that it is necessary to parse data sent from the internet of view and package the data into a format specified by the internet of view protocol. Therefore, in the embodiment of the present invention, after the obtained video networking encrypted data is obtained, the video networking encrypted data may be further parsed into a format specified by a video networking protocol.
The format specified by the video networking protocol may vary according to the version of the video networking protocol. Therefore, in the embodiment of the present invention, the format specified by the video networking protocol corresponding to the corresponding version parameter may also be determined based on the version parameter included in the packet header of the video networking encrypted data. Of course, in the embodiment of the present invention, formats defined by different versions of video networking protocols may also be set to be consistent, and the embodiment of the present invention is not limited to this.
Moreover, in practical application, different video networking data can be used for realizing different functions, different formats can be set in the video networking protocol according to different functions, the analysis format can be determined according to the function corresponding to the video networking encrypted data, and the video networking encrypted data is analyzed according to the corresponding analysis format.
And 503, decrypting the analyzed video network encryption data according to the first encryption mode of the video network encryption data.
In order to switch the encryption mode of the encrypted data of the video network, the original encryption mode needs to be decrypted firstly. Specifically, the analyzed encrypted data of the video network can be decrypted according to the first encryption mode of the encrypted data of the video network.
For example, if the first encryption mode of the video network encryption data is an RC (rivest cipher)4 encryption mode, the decrypted video network encryption data needs to be decrypted according to an RC4 decryption mode. If the video networking encrypted data is not encrypted, that is, the obtained original video networking data is obtained at this time, the original video networking data may not be decrypted, that is, the parsed original video networking data may not be decrypted at this time, and the process may directly proceed to step 504.
Moreover, in the video network, the decryption process can be completed at the video network central server and/or the video network client, so that the decryption process of the video network encrypted data can also be completed at the video network central server and/or the video network client in the embodiment of the invention.
And step 504, re-encrypting the decrypted video networking data by using a second encryption mode.
And then, the decrypted and analyzed video networking data can be re-encrypted by using a second encryption mode. The second encryption mode may be any encryption mode, and specifically may be preset according to requirements, which is not limited in this embodiment of the present invention. In general, the second encryption scheme is not exactly the same as the first encryption scheme described above.
Furthermore, as described above, before the encrypted data of the video network is decrypted, the encrypted data of the video network may be firstly parsed into a format specified by a video network protocol, so that the decryption is performed on the encrypted data of the video network after the decryption, and then the decrypted data is also the parsed data. Of course, in the embodiment of the present invention, the data after being re-encrypted may not be packaged according to a requirement, and the data after being re-encrypted is directly used as the encrypted data of the video network after the encryption mode is switched corresponding to the original encrypted data, which is not limited in the embodiment of the present invention.
Optionally, in an embodiment of the present invention, the step 502 may further include:
substep 5021, obtaining a data packet signaling of the video networking encrypted data;
compared with the internet protocol, the header of the data packet in the video networking protocol adds the signaling belonging to the video networking, the current video networking protocol version and other parameters. The signaling can represent the function to be completed or realized corresponding to the corresponding data packet. In addition, in the video networking protocol, the parsing formats corresponding to the packets with different functions are not completely the same. Therefore, in the embodiment of the present invention, in order to determine the parsing format of the current internet-of-view encrypted data, a data packet signaling of the internet-of-view encrypted data needs to be acquired. Specifically, the corresponding data packet signaling may be obtained from the data packet header of the video networking encrypted data, and so on. Of course, if the data packet information is set in other positions in the video networking data packet, the corresponding data packet signaling may also be obtained from the corresponding position in the data packet of the video networking encrypted data, which is not limited in this embodiment of the present invention.
Substep 5022, determining the analytic format of the encrypted data of the video network based on the data packet signaling;
as mentioned above, after obtaining the packet signaling of the video networking encrypted data, the packet signaling may characterize the function of the corresponding packet, and the parsing formats corresponding to the packets with different functions may be different. Therefore, in the embodiment of the present invention, the parsing format of the encrypted data in the video networking may be determined according to the packet signaling of the encrypted data in the video networking, and specifically, the function point of each data packet in the encrypted data in the video networking may be determined based on the data packet signaling of each data packet in the encrypted data in the video networking, so that the parsing format of each data packet in the encrypted data in the video networking is determined according to the function point of each data packet.
Moreover, in the embodiment of the present invention, if the packet signaling can represent the function corresponding to the corresponding packet, the parsing format of the corresponding original video networking data may also be determined directly based on the packet signaling of the original video networking data, and specifically, the parsing format of the corresponding packet may be determined based on the packet signaling of each packet in the original video networking data, which is not limited in the embodiment of the present invention.
In addition, as can be seen from the above analysis, if the original video networking data includes a plurality of data packets, the original video networking data may correspond to a plurality of parsing patterns. For example, if the packet signaling of each packet in the original video networking data is not all consistent, each packet in the original video networking data may correspond to a respective parsing format, and each parsing format may not be all consistent.
Substep 5024, performing data analysis on the encrypted data of the video network based on the analysis format.
After the parsing format of the internet of view encrypted data is determined, the internet of view encrypted data may then be data parsed based on the parsing format. Specifically, if the analytic formats corresponding to different data packets in the video networking encrypted data are not completely consistent, data analysis can be performed on the corresponding data packets according to the analytic formats corresponding to the different data packets in the video networking encrypted data; if the video networking encrypted data only contains one data packet or the parsing formats corresponding to a plurality of contained data packets are completely consistent, the video networking encrypted data can be directly parsed based on the corresponding parsing formats.
Optionally, in an embodiment of the present invention, the sub-step 5021 further may include: and acquiring a data packet signaling of the encrypted data of the video network from a data packet header of the encrypted data of the video network.
As mentioned above, the current video networking protocol may set the data packet signaling in the header of the corresponding data packet, so in the embodiment of the present invention, the data packet signaling of the video networking encrypted data may be obtained from the data packet header of the video networking encrypted data. Specifically, for the data packets included in the encrypted data of the video network, the data packet signaling of the corresponding data packet may be obtained from the header of each data packet.
Optionally, in an embodiment of the present invention, the step 504 may further include:
substep 5041, re-encrypting the decrypted video networking data by using a second encryption mode;
and a substep 5042 of packaging the re-encrypted video networking data to obtain the video networking encrypted data with the switched encryption mode.
Furthermore, as described above, before the original encrypted data is decrypted, the view networking encrypted data may be first parsed into a format specified by a view networking protocol, so that the decryption is performed on the parsed view networking encrypted data, and then the decrypted view networking encrypted data is also parsed data. When the decrypted video network data is re-encrypted by the second encryption method, the analysis data may be encrypted, and in order to restore the re-encrypted data to the original data format, the re-encrypted data may be further packaged, and the re-encrypted and packaged data may be used as the second video network encrypted data corresponding to the original encrypted data after the encryption method is switched.
Optionally, in this embodiment of the present invention, the second encryption scheme may include, but is not limited to, any one of an RC4 encryption scheme and an SM4 encryption scheme.
The RC4 encryption method was proposed in 1987, and is a symmetric encryption algorithm like DES (Data encryption Standard), that is, the used key is a single key (or called private key). Unlike DES, however, RC4 does not perform block processing on plaintext, but instead encrypts each byte in plaintext in a byte stream manner in turn, and decrypts each byte in ciphertext in turn when decrypting. The SM4 encryption mode is a commercial algorithm compiled by the national password administration, is used for digital signature and verification, generation and verification of message authentication codes and generation of random numbers in password application, and can meet the security requirements of various password applications.
The first encryption algorithm may include, but is not limited to, any one of the RC4 encryption scheme and SM4 encryption scheme described above. In addition, as the above solution switches the encryption method of the video networking data, the first encryption method and the second encryption method may not be completely the same in general. For example, if the first encryption scheme is the SM4 encryption scheme, the second encryption scheme may be the RC4 encryption scheme, and so on.
In this practical application, the video network is a network with a centralized control function, and includes a main control server and a lower level network device, where the lower level network device includes a terminal, and one of the core concepts of the video network is that a table is configured for a downlink communication link of a current service by notifying a switching device by the main control server, and then a data packet is transmitted based on the configured table.
Namely, the communication method in the video network includes:
the main control server configures a downlink communication link of the current service;
and transmitting the data packet of the current service sent by the source terminal to a target terminal (such as a client) according to the downlink communication link.
In the embodiment of the present invention, configuring the downlink communication link of the current service includes: informing the switching equipment related to the downlink communication link of the current service to allocate a table;
further, transmitting according to the downlink communication link includes: the configured table is consulted, and the switching equipment transmits the received data packet through the corresponding port.
In particular implementations, the services include unicast communication services and multicast communication services. Namely, whether multicast communication or unicast communication, the core concept of the table matching-table can be adopted to realize communication in the video network.
As mentioned above, the video network includes an access network portion, in which the master server is a node server and the lower-level network devices include an access switch and a terminal.
For the unicast communication service in the access network, the step of configuring the downlink communication link of the current service by the master server may include the following steps:
in the substep S11, the main control server obtains downlink communication link information of the current service according to the service request protocol packet initiated by the source terminal, wherein the downlink communication link information includes downlink communication port information of the main control server and the access switch participating in the current service;
in the substep S12, the main control server sets a downlink port to which a packet of the current service is directed in a packet address table inside the main control server according to the downlink communication port information of the control server; sending a port configuration command to a corresponding access switch according to the downlink communication port information of the access switch;
in sub-step S13, the access switch sets the downstream port to which the packet of the current service is directed in its internal packet address table according to the port configuration command.
For a multicast communication service (e.g., video conference) in the access network, the step of the master server obtaining downlink information of the current service may include the following sub-steps:
in the substep S21, the main control server obtains a service request protocol packet initiated by the target terminal and applying for the multicast communication service, wherein the service request protocol packet includes service type information, service content information and an access network address of the target terminal; wherein, the service content information comprises a service number;
substep S22, the master control server extracts the access network address of the source terminal in the preset content-address mapping table according to the service number;
in the substep of S23, the main control server obtains the multicast address corresponding to the source terminal and distributes the multicast address to the target terminal; and acquiring the communication link information of the current multicast service according to the service type information and the access network addresses of the source terminal and the target terminal.
The embodiment of the invention applies the characteristics of the video network, and the encrypted data of the video network is obtained; analyzing the video networking encrypted data into a format specified by a video networking protocol; decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data; and re-encrypting the decrypted video networking data by using a second encryption mode. Therefore, the encryption mode of the encrypted data can be switched in the video network, and the flexibility of the encryption mode of the data in the video network is improved.
Moreover, in the embodiment of the present invention, a data packet signaling of the encrypted data of the video networking may also be obtained; determining a function point of the video networking encrypted data based on the data packet signaling; determining the analytic format of the video networking encrypted data according to the function point; and carrying out data analysis on the video networking encrypted data based on the analysis format. And acquiring the data packet signaling of the encrypted data of the video network from the data packet header of the encrypted data of the video network. Therefore, the accuracy of encryption mode switching can be improved, and data errors in the encryption mode switching process are avoided.
In addition, in the invention, the decrypted video networking data can be re-encrypted by using a second encryption mode; and packaging the re-encrypted video networking data to obtain the video networking encrypted data with the switched encryption mode. The second encryption scheme may include one of an RC4 encryption scheme and an SM4 encryption scheme. Therefore, the data after the encryption mode is switched can still be in the initial data format, and the influence of the change of the data format on the normal use of the user is avoided.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 6, a block diagram of an embodiment of an encryption mode switching apparatus according to the present invention is shown, where the apparatus may be applied to a video network, and specifically includes the following modules:
an original encrypted data acquisition module 601, configured to acquire video networking encrypted data;
a data parsing module 602, configured to parse the video networking encrypted data into a format specified by a video networking protocol;
optionally, in an embodiment of the present invention, the data parsing module 602 further may include:
the signaling acquisition submodule is used for acquiring a data packet signaling of the video networking encrypted data;
the analysis format determining submodule is used for determining the analysis format of the video networking encrypted data based on the data packet signaling;
and the data analysis submodule is used for carrying out data analysis on the video networking encrypted data based on the analysis format.
Optionally, in this embodiment of the present invention, the signaling obtaining sub-module is further configured to obtain a data packet signaling of the encrypted data of the video network from a data packet header of the encrypted data of the video network.
The decryption module 603 is configured to decrypt the analyzed video networking encrypted data according to the first encryption manner of the video networking encrypted data;
and a re-encryption module 604, configured to re-encrypt the decrypted video networking data in a second encryption manner.
Optionally, in an embodiment of the present invention, the re-encrypting module 604 further includes:
the re-encryption sub-module is used for re-encrypting the decrypted video networking data by using a second encryption mode;
and the data packaging sub-module is used for packaging the video networking data after being encrypted again to obtain the video networking encrypted data after the encryption mode is switched.
Optionally, in this embodiment of the present invention, the first encryption scheme includes any one of an RC4 encryption scheme and an SM4 encryption scheme, the second encryption scheme includes any one of an RC4 encryption scheme and an SM4 encryption scheme, and the first encryption scheme and the second encryption scheme are different from each other.
The embodiment of the invention applies the characteristics of the video network, and the encrypted data of the video network is obtained; analyzing the video networking encrypted data into a format specified by a video networking protocol; decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data; and re-encrypting the decrypted video networking data by using a second encryption mode. Therefore, the encryption mode of the encrypted data can be switched in the video network, and the flexibility of the encryption mode of the data in the video network is improved.
Moreover, in the embodiment of the present invention, a data packet signaling of the encrypted data of the video networking may also be obtained; determining a function point of the video networking encrypted data based on the data packet signaling; determining the analytic format of the video networking encrypted data according to the function point; and carrying out data analysis on the video networking encrypted data based on the analysis format. And acquiring the data packet signaling of the encrypted data of the video network from the data packet header of the encrypted data of the video network. Therefore, the accuracy of encryption mode switching can be improved, and data errors in the encryption mode switching process are avoided.
In addition, in the invention, the decrypted video networking data can be re-encrypted by using a second encryption mode; and packaging the re-encrypted video networking data to obtain the video networking encrypted data with the switched encryption mode. The second encryption scheme may include one of an RC4 encryption scheme and an SM4 encryption scheme. Therefore, the data after the encryption mode is switched can still be in the initial data format, and the influence of the change of the data format on the normal use of the user is avoided.
The encryption mode switching device provided by the embodiment of the invention can realize each process realized in the encryption mode switching method embodiment, and is not described herein again in order to avoid repetition.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The encryption mode switching method and the encryption mode switching device provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. An encryption mode switching method is applied to a video network and comprises the following steps:
acquiring video networking encrypted data;
analyzing the video networking encrypted data into a format specified by a video networking protocol;
decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data;
the decrypted video networking data is re-encrypted by using a second encryption mode;
wherein the parsing the video networking encrypted data into a format specified by a video networking protocol comprises: determining an analysis format according to the function corresponding to the video network encrypted data, and further analyzing the video network encrypted data according to the corresponding analysis format;
and the function corresponding to the video network encrypted data is represented by data packet signaling.
2. The method of claim 1, wherein the step of parsing the internet-of-view encrypted data into a format specified by an internet-of-view protocol comprises:
acquiring a data packet signaling of the video networking encrypted data;
determining the analytic format of the video networking encrypted data based on the data packet signaling;
and carrying out data analysis on the video networking encrypted data based on the analysis format.
3. The method of claim 2, wherein the step of obtaining packet signaling of the internet of view encrypted data comprises:
and acquiring a data packet signaling of the encrypted data of the video network from a data packet header of the encrypted data of the video network.
4. The method according to any one of claims 1-3, wherein the step of re-encrypting the decrypted video networking data using the second encryption method comprises:
the decrypted video networking data is re-encrypted by using a second encryption mode;
and packaging the re-encrypted video networking data to obtain the video networking encrypted data with the switched encryption mode.
5. The method according to any one of claims 1 to 3, wherein the first encryption scheme comprises any one of an RC4 encryption scheme and an SM4 encryption scheme, the second encryption scheme comprises any one of an RC4 encryption scheme and an SM4 encryption scheme, and the first encryption scheme and the second encryption scheme are different from each other.
6. An encryption mode switching device, which is applied in a video network, includes:
the original encrypted data acquisition module is used for acquiring the encrypted data of the video network;
the data analysis module is used for analyzing the video networking encrypted data into a format specified by a video networking protocol;
the decryption module is used for decrypting the analyzed video networking encrypted data according to the first encryption mode of the video networking encrypted data;
the re-encryption module is used for re-encrypting the decrypted video networking data by using a second encryption mode;
the data analysis module determines an analysis format according to the function corresponding to the video network encrypted data, and further analyzes the video network encrypted data according to the corresponding analysis format;
and the function corresponding to the video network encrypted data is represented by data packet signaling.
7. The apparatus of claim 6, wherein the data parsing module comprises:
the signaling acquisition submodule is used for acquiring a data packet signaling of the video networking encrypted data;
the analysis format determining submodule is used for determining the analysis format of the video networking encrypted data based on the data packet signaling;
and the data analysis submodule is used for carrying out data analysis on the video networking encrypted data based on the analysis format.
8. The apparatus of claim 7, wherein the signaling obtaining sub-module is further configured to obtain packet signaling of the internet-of-view encrypted data from a packet header of the internet-of-view encrypted data.
9. The apparatus of any of claims 6-8, wherein the re-encryption module comprises:
the re-encryption sub-module is used for re-encrypting the decrypted video networking data by using a second encryption mode;
and the data packaging sub-module is used for packaging the video networking data after being encrypted again to obtain the video networking encrypted data after the encryption mode is switched.
10. The apparatus according to any one of claims 6-8, wherein the first encryption scheme comprises any one of an RC4 encryption scheme and an SM4 encryption scheme, the second encryption scheme comprises any one of an RC4 encryption scheme and an SM4 encryption scheme, and the first encryption scheme and the second encryption scheme are different from each other.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811246830.7A CN109639627B (en) | 2018-10-24 | 2018-10-24 | Encryption mode switching method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811246830.7A CN109639627B (en) | 2018-10-24 | 2018-10-24 | Encryption mode switching method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109639627A CN109639627A (en) | 2019-04-16 |
| CN109639627B true CN109639627B (en) | 2021-12-17 |
Family
ID=66066647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811246830.7A Active CN109639627B (en) | 2018-10-24 | 2018-10-24 | Encryption mode switching method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109639627B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112217967B (en) * | 2019-07-12 | 2022-04-12 | 杭州海康威视数字技术股份有限公司 | Network camera |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340443B (en) * | 2008-08-28 | 2014-12-03 | 中国电信股份有限公司 | Session key negotiating method, system and server in communication network |
| CN103106607A (en) * | 2012-08-22 | 2013-05-15 | 杨磊 | Financial certificate processing system and method thereof |
| DK3120593T3 (en) * | 2014-03-19 | 2019-04-01 | Bluefin Payment Sys Llc | SYSTEMS AND PROCEDURE FOR MANUFACTURING FINGERPRINTING FOR CRYPTIC DEVICES |
| CN106255103A (en) * | 2016-07-29 | 2016-12-21 | 华为技术有限公司 | A kind of method of data synchronization and equipment |
| CN108124165A (en) * | 2016-11-30 | 2018-06-05 | 北京视联动力国际信息技术有限公司 | A kind of code stream recording method and its system based on regarding networking |
| CN107195132A (en) * | 2017-04-28 | 2017-09-22 | 深圳怡化电脑股份有限公司 | A kind of finance self-help traction equipment and its auth method |
-
2018
- 2018-10-24 CN CN201811246830.7A patent/CN109639627B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109639627A (en) | 2019-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110430043B (en) | Authentication method, system and device and storage medium | |
| CN110557680B (en) | Audio and video data frame transmission method and system | |
| CN111083425B (en) | Video stream processing method, device, server, electronic equipment and storage medium | |
| CN112333210B (en) | Method and equipment for realizing data communication function of video network | |
| CN109672664B (en) | Authentication method and system for video networking terminal | |
| CN110022295B (en) | Data transmission method and video networking system | |
| CN110392044B (en) | Information transmission method and device based on video networking | |
| CN111786778A (en) | Method and device for updating key | |
| CN110661784B (en) | User authentication method, device and storage medium | |
| CN109977137B (en) | Data query method and device | |
| CN110719247B (en) | Terminal network access method and device | |
| CN109347844B (en) | Method and device for accessing equipment to Internet | |
| CN111125426A (en) | Data storage and query method and device | |
| CN112291072B (en) | Secure video communication method, device, equipment and medium based on management plane protocol | |
| CN110535856B (en) | User authentication method, device and storage medium | |
| CN110266577B (en) | Tunnel establishment method and video networking system | |
| CN109376507B (en) | Data security management method and system | |
| CN110022353B (en) | Service sharing method and video networking system | |
| CN110012063B (en) | Data packet processing method and system | |
| CN109639627B (en) | Encryption mode switching method and device | |
| CN108965366B (en) | Version information query method and device | |
| CN109617858B (en) | Encryption method and device for streaming media link | |
| CN110049007B (en) | Video networking transmission method and device | |
| CN110620936B (en) | Video network video backup method and device, electronic equipment and storage medium | |
| CN110661783B (en) | Terminal registration method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |