CN111641808A - Perimeter protection system and method - Google Patents
Perimeter protection system and method Download PDFInfo
- Publication number
- CN111641808A CN111641808A CN202010405734.3A CN202010405734A CN111641808A CN 111641808 A CN111641808 A CN 111641808A CN 202010405734 A CN202010405734 A CN 202010405734A CN 111641808 A CN111641808 A CN 111641808A
- Authority
- CN
- China
- Prior art keywords
- video
- monitoring
- encryption
- perimeter protection
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012544 monitoring process Methods 0.000 claims abstract description 80
- 230000005540 biological transmission Effects 0.000 claims abstract description 46
- 230000007123 defense Effects 0.000 claims abstract description 37
- 230000008569 process Effects 0.000 claims abstract description 24
- 238000005070 sampling Methods 0.000 claims description 24
- 230000004044 response Effects 0.000 claims description 8
- 230000001133 acceleration Effects 0.000 claims description 6
- 238000012858 packaging process Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 abstract description 7
- 230000007547 defect Effects 0.000 abstract description 2
- 230000006872 improvement Effects 0.000 description 20
- 238000005516 engineering process Methods 0.000 description 9
- 230000006855 networking Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
- H04N7/181—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast for receiving images from a plurality of remote sources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/231—Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers, prioritizing data for deletion
- H04N21/23103—Content storage operation, e.g. caching movies for short term storage, replicating data over plural servers, prioritizing data for deletion using load balancing strategies, e.g. by placing or distributing content on different disks, different memories or different servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention belongs to the technical field of security and protection systems, and particularly relates to a perimeter protection system and a method. Aiming at the defect that the monitoring video of the existing perimeter protection system has larger potential safety hazard in the network transmission process, the invention adopts the following technical scheme: a perimeter protection system, comprising: the protection module collects the monitoring video and encrypts the monitoring video once by combining the defense deploying point position and the IP information; the source server stores the video stream which is encrypted once and comes from the protection module; the balanced load module is used for carrying out secondary mixed encryption on the video data after primary encryption in the processing process; and a monitoring platform master control module. The perimeter protection system adopts a mixed encryption mode to transmit transmission data, thereby effectively improving the data security performance in the network transmission process; the system has a load balancing module, so that the processing of video data streams by a platform and a network becomes more efficient and flexible.
Description
Technical Field
The invention belongs to the technical field of security and protection systems, and particularly relates to a perimeter protection system and a method.
Background
The existing perimeter protection means are mainly divided into three directions of physical defense, civil defense and technical defense. Physical defense and civil defense are always the most direct and effective protection measures from ancient times and nowadays, and are the most original traditional protection modes. Along with social progress, scientific and technological development, the thing networking has emerged, and technological defense is gradually applied to in the novel perimeter protection. The technical defense is a means or a method in the field of safety precaution by using scientific technology. Technical protection is an extension and enhancement of object protection and human protection. Technical protection makes the protection means and functions of perimeter protection increasingly diversified. Technical precautions such as radar surveillance, thermal imagers, electronic sensors, electronic fences, etc. are available.
In recent years, video surveillance systems have become an important and effective method of perimeter protection. The Video monitoring system is provided with an infrared camera and the like at important points for monitoring, and adopts a DVR (Digital Video Recorder) technology to remotely monitor and control videos and audios. The DVR is arranged near the analog camera and used for coding, decoding and converting the collected analog video into a digital signal and storing the digital signal in a hard disk. Because of the adoption of the digital compression technology, the DVR system has the characteristics of higher image transmission quality, stronger system function, good application flexibility and the like. However, although the DVR system performs digital storage, the DVR system still performs analog transmission in the transmission process from the monitoring point to the monitoring center, so that the DVR system has many problems in the long-distance transmission process, such as high system construction cost, difficult maintenance, high maintenance cost, long transmission delay time, and the like.
In solving the problems of transmission delay, incapability of multi-path transmission and the like, the Network Video Recorder (NVR) technology has remarkable expressive force. The NVR mainly receives a digital video stream transmitted by an IPC (Internet Protocol Camera) device through a network, and stores and manages processes, so as to realize the advantage of a network distributed architecture. The NVR can realize the simultaneous remote access and record of the video shot by the IPC network camera, and is easy to install and use. NVR is still a hybrid system in most cases. NVR can be said to be a transitional product of analog monitoring techniques to digital monitoring techniques.
The IPVS (Internet Protocol Video Surveillance, network Video monitoring) system takes all the advantages of DVR and NVR into account, is compatible and supports various original analog Video devices on the basis of complete networking, and has quite excellent systematization and networking capability. The IPVS is a TCP/IP-based all-digital video monitoring system, which digitizes video and audio information and transmits the information through a wired or wireless IP (Internet Protocol) network. The IPVS system can support real-time monitoring and video recording on the basis of an IP network and can be connected and integrated with other security systems.
However, due to the openness of the IPVS system, the security risk of the surveillance video in the network transmission process is still a non-negligible problem: in the process of transmitting the monitoring video stream, the traditional encryption means solves the potential safety hazard in the network to a great extent, however, if a man-in-the-middle directly attacks the authentication center, the safety of the transmission channel still faces huge challenges. In addition, large-scale centralized management of video and audio data in a network also brings great challenges to the IPVS in terms of flexibility and security of transmission.
Disclosure of Invention
The invention provides a perimeter protection system aiming at the defect that the monitoring video of the existing perimeter protection system has larger potential safety hazard in the network transmission process, and the security performance in the transmission process is effectively improved. The invention also provides a perimeter protection method.
In order to achieve the purpose, the invention adopts the following technical scheme: a perimeter protection system, comprising:
the protection module collects the monitoring video and encrypts the monitoring video once by combining the defense deploying point position and the IP information;
the source server stores the video stream which is encrypted once and comes from the protection module;
each node of the balanced load module copies the video data after the primary encryption from the source server, and simultaneously distributes and processes the response of the remote terminal, and performs secondary mixed encryption on the video data after the primary encryption in the process;
and the monitoring platform master control module pulls monitoring video stream data from the nodes of the balanced load module and sends an authorized private key to the remote terminal when the remote terminal pulls the secondary mixed encrypted data stream from the nodes.
The perimeter protection system adopts a mixed encryption mode of primary encryption and secondary encryption to transmit transmission data, thereby effectively improving the data security performance in the network transmission process; the system has a load balancing module, so that the processing of video data streams by a platform and a network becomes more efficient and flexible. The perimeter protection system not only keeps the networking and systematization advantages of the IPVS system, but also overcomes the potential safety hazard caused by the openness of the IPVS system.
As an improvement, the primary encryption is differential feature encryption dce (differential charcters encryption), that is, the differential features of the surveillance video stream of the defense deployment point, the defense deployment point position and the IP information are extracted for discrete sampling, and a discrete sequence uniquely corresponding to the discrete sequence is generated; and the secondary mixed encryption is to convolute the discrete sequence after the differential characteristic sampling and a secure socket protocol transmission key sequence, and the discrete value after the mixed convolution is used as the transmitted characteristic key.
As an improvement, the protection module pushes the video sequence after discrete sampling and the source video monitoring stream to a source server for storage by adopting a real-time streaming media protocol. In the transmission process of the internet streaming media, an RTMP (Real time messaging Protocol) is mostly adopted, such as live video. Since the RTMP protocol does not support browsers and security is not high. Therefore, the present invention proposes to use HLS (Http Live Streaming) protocol. In the process of pushing flow, if the pushing flow speed needs to be increased, a CDN (Content Delivery Network) can be used for acceleration.
As an improvement, the protection module includes a front-end network monitoring camera, the front-end network monitoring camera encodes video data by using an h.265 encoding standard, the encoded video stream and the front-end network monitoring camera are packed when deploying defense point position information and IP information, and differential features of the coded video stream and the front-end network monitoring camera are extracted in the packing process to perform discrete sampling. Because the video without being coded is huge in volume, the invention adopts the coding standard of H.265 to code the video data.
As an improvement, the load balancing module comprises:
the cache server copies the content of the source server, and when the source server updates the content, the cache server synchronously updates, and the cache server also distributes the responded video content to the user terminal;
the load balancing system schedules the remote terminal request and determines a final access address provided for the remote terminal; the load balancing system comprises global load balancing and server load balancing, wherein the global load balancing determines a buffer as a user service point nearby according to the address of the remote terminal and the request content; and
and the domain name system is used for carrying out domain name resolution.
A perimeter protection method, comprising the steps of:
s1, collecting a monitoring video of the defense deploying point position, and encrypting for the first time by combining the defense deploying point position and the IP information;
s2, transmitting the video after the primary encryption to a source server in a streaming media mode;
s3, the remote user terminal requests video content;
s4, copying the video data after primary encryption from the source server by each node of the balanced load module, distributing the response of the remote terminal, and performing secondary mixed encryption on the video data after primary encryption in the process;
s5, the monitoring platform master control module requests the source server to pull the monitoring video stream data, and sends an authorized private key to the remote terminal when the remote terminal pulls the encrypted data stream from the node.
S6, the remote terminal decrypts the encrypted video stream.
As an improvement of the perimeter protection method, in step S1, the primary encryption mode is differential feature encryption dce (differential signatures encryption), that is, the differential features of the surveillance video stream of the deployment point, the deployment point position and the IP information are extracted and subjected to discrete sampling, and a discrete sequence (N) uniquely corresponding to the differential features and the deployment point position is generated (N is greater than or equal to 0 and less than or equal to N-1, and N is a sequence length value).
As an improvement of the perimeter protection method, in step S4, the second hybrid encryption is to convolve the discrete sequence (N) after sampling the differential features with the secure socket protocol ssl (secure Sockets layer) transmission key sequence h (N) (N is greater than or equal to 0 and less than or equal to N-1, where N is the sequence length value), and the convolution is as follows:
where n is 0. ltoreq. M-1, M is the length of the k (n) sequence, and i varies from ∞ to ∞. Mixing the convolved discrete values K (n) as the transmitted characteristic key; in step S5, the user terminal performs differential feature decryption on the encrypted video stream according to the convolution feature based on the discrete sequence set.
As an improvement of the perimeter protection method, in step S2, video data is encoded by using the encoding standard of h.265, and the discretely sampled video sequence and the source video monitoring stream are pushed to the source server by using a real-time streaming media protocol for storage.
As an improvement of the perimeter protection method, in the process of streaming media transmission, a content distribution network is adopted for acceleration and load balancing.
The perimeter protection system or the perimeter protection method has the advantages that: the transmission data is transmitted by adopting a mixed encryption mode of primary encryption and secondary encryption, so that the data security performance in the network transmission process is effectively improved; the system has a load balancing module, so that the processing of video data streams by a platform and a network becomes more efficient and flexible. Furthermore, the invention is based on the distributed perimeter protection system, the CDN is adopted for acceleration in the streaming media transmission process, and the CDN nodes are adopted in the system, so that the streaming efficiency of the master control platform can be improved, the speed of accessing the cloud service platform and caching of remote users can be ensured, the network security of the perimeter protection system is effectively ensured based on the DCE mixed SSL encryption technology, and the intrusion interference and attack on the network level are greatly reduced.
Drawings
FIG. 1 is a system block diagram of a first embodiment of a perimeter protection system of the present invention.
Fig. 2 is a schematic diagram of the operation of the load balancing module according to the first embodiment of the perimeter protection system of the present invention.
Fig. 3 is a block diagram of a module structure of a monitoring platform total control module according to a first embodiment of the perimeter protection system of the present invention.
FIG. 4 is a flowchart of an embodiment of the perimeter protection method of the present invention.
Detailed Description
The technical solutions of the embodiments of the present invention will be explained and explained below with reference to the drawings of the embodiments of the present invention, but the embodiments described below are only preferred embodiments of the present invention, and are not all embodiments. Other embodiments obtained by persons skilled in the art without any inventive work based on the embodiments in the embodiment belong to the protection scope of the invention.
Referring to fig. 1 to 3, a perimeter protection system of the present invention includes:
the protection module collects the monitoring video and encrypts the monitoring video once by combining the defense deploying point position and the IP information;
the source server stores the video stream which is encrypted once and comes from the protection module;
each node of the balanced load module copies the video data after the primary encryption from the source server, and simultaneously distributes and processes the response of the remote terminal, and performs secondary mixed encryption on the video data after the primary encryption in the process;
and the monitoring platform master control module pulls monitoring video stream data from the nodes of the balanced load module and sends an authorized private key to the remote terminal when the remote terminal pulls the secondary mixed encrypted data stream from the nodes.
The perimeter protection system adopts a mixed encryption mode of primary encryption and secondary encryption to transmit transmission data, thereby effectively improving the data security performance in the network transmission process; the system has a load balancing module, so that the processing of video data streams by a platform and a network becomes more efficient and flexible. The perimeter protection system not only keeps the networking and systematization advantages of the IPVS system, but also overcomes the potential safety hazard caused by the openness of the IPVS system.
Embodiment one of the perimeter protection system
Referring to fig. 1 to 3, a first embodiment of the perimeter protection system of the present invention includes:
the protection module collects the monitoring video and encrypts the monitoring video once by combining the defense deploying point position and the IP information;
the source server stores the video stream which is encrypted once and comes from the protection module;
each node of the balanced load module copies the video data after the primary encryption from the source server, and simultaneously distributes and processes the response of the remote terminal, and performs secondary mixed encryption on the video data after the primary encryption in the process;
and the monitoring platform master control module pulls the monitoring video stream data from the nodes of the balanced load module and sends an authorized private key to the remote terminal when the remote terminal pulls the encrypted data stream from the nodes.
In other embodiments, the source server may also be a cloud.
Taking community perimeter protection as an example, the design criteria of the perimeter protection module is around the precision. The community perimeter protection deployment points are mainly arranged at the following key points: setting defences on the periphery of a community, setting defences at equal intervals, and monitoring a first peripheral defense line in an all-round manner; public area monitoring points are used for defense arrangement, and the safety care of the old and children is emphasized; and (4) arranging defense at the entrance and exit points of the building, and monitoring the entrance and exit of suspicious personnel.
As an improvement, the protection module includes a front-end network monitoring camera, the front-end network monitoring camera encodes video data by using an h.265 encoding standard, the encoded video stream and the front-end network monitoring camera are packed when deploying defense point position information and IP information, and differential features of the coded video stream and the front-end network monitoring camera are extracted in the packing process to perform discrete sampling. Real-time storage of a front-end network monitoring camera IPC (Internet Protocol Camera) and real-time propagation of a web server are a big difficulty of perimeter protection. Because the video without being coded is huge in volume, the invention adopts the coding standard of H.265 to code the video data. And packaging the coded video stream, the front-end IPC defense point position information and the IP information, and extracting the difference characteristics in the packaging process to perform discrete sampling. The front-end monitoring end adopts an HLS (Http Live Streaming) protocol to push the video sequence and the source video monitoring stream which are discretely sampled based on a differential characteristic DC (differential Characters) to a source server for storage. In the process of pushing flow, if the pushing flow speed needs to be increased, the CDN can also be used for accelerating. The detailed description of the working mode of the CDN technology is described later.
As an improvement, the primary encryption is differential feature encryption dce (differential charcters encryption), that is, differential features of a surveillance video stream of a defense deployment point, defense deployment point positions and IP information are extracted for discrete sampling, a discrete sequence uniquely corresponding to the differential features and the defense deployment point positions is generated, and the discrete sequence is set as (N) (N is more than or equal to 0 and less than or equal to N-1); the secondary mixed encryption is to convolute the discrete sequence after the differential feature sampling with a secure socket protocol transmission key sequence H (N) (N is more than or equal to 0 and is less than or equal to N-1), and the discrete value K (N) after the mixed convolution is used as a transmission feature key, and the convolution is as follows:
where n is 0. ltoreq. M-1, M is the length of the k (n) sequence, and i varies from ∞ to ∞.
As an improvement, the protection module pushes the video sequence after discrete sampling and the source video monitoring stream to a source server for storage by adopting a real-time streaming media protocol. In the transmission process of the internet streaming media, an RTMP (Real time messaging Protocol) is mostly adopted, such as live video. Since the RTMP protocol does not support browsers and security is not high. Therefore, the present invention proposes to use HLS (Http Live Streaming) protocol.
The perimeter protection system comprises a video monitoring platform based on a distributed network and supports simultaneous online access of multiple terminals. In order to improve the transmission speed of the video transmission stream and the access efficiency of the terminal, the invention arranges a balance load module CDN node near the source server terminal.
As an improvement, the load balancing module comprises:
the cache server copies the content of the source server, and when the source server updates the content, the cache server synchronously updates, and the cache server also distributes the responded video content to the user terminal;
the load balancing system schedules the remote terminal request and determines a final access address provided for the remote terminal; the Load balancing system comprises a global Load balancing GSLB (global Server Load balance) and a Server Load balancing SLB (Server Load balance), wherein the global Load balancing determines a buffer as a user service point nearby according to the address of the remote terminal and the request content; and
and the domain name system is used for carrying out domain name resolution.
As an improvement, a general control module of a perimeter protection video monitoring platform is a service system module of the invention, a trusty private key center with a master key provides authorized private keys for other user terminals, the general control center only needs to pull a discrete sequence set obtained from a source end in advance, even if a man in the middle attacks the trusty private key center, the characteristics of a monitored video stream cannot be decrypted, and the user terminals can perform differential characteristics decryption on the encrypted video stream according to convolution characteristics based on the discrete sequence set. And after the monitoring video content is pulled from the CDN node by the monitoring platform master control module, analyzing and processing are locally carried out.
As an improvement, the monitoring platform master control module is mainly integrated by the following sub-modules: the system comprises an electronic map sub-module, a monitoring playback sub-module, an alarm control sub-module, a data report sub-module and an equipment management sub-module. The electronic map sub-module visualizes all monitoring arming points and can control arming and disarming of protection. The monitoring playback sub-module is linked with the alarm control module and can process real-time alarm conditions. The alarm control processes and responds to alarms of different defence areas. The data report integrates monitoring information, equipment information, alarm information and the like. The equipment management submodule manages the IPC network camera, including working state of IPC, log collection and the like.
The first embodiment of the perimeter protection system of the invention has the following beneficial effects: the transmission data is transmitted by adopting a mixed encryption mode of primary encryption and secondary encryption, so that the data security performance in the network transmission process is effectively improved; the system is provided with a load balancing module, so that the processing of video data streams by a platform and a network becomes more efficient and flexible; a DCE hybrid SSL hybrid encrypted surveillance video stream transmission technology is provided. The first embodiment of the perimeter protection system extracts the differential characteristics of the streaming media data collected at the front end, performs discrete sampling by combining the position of the protection point and IP information, generates a discrete sequence uniquely corresponding to the discrete sequence, performs convolution integral on the discrete sequence and an SSL key, increases trusted transmission in the transmission process, prevents a network man in the middle from maliciously hijacking and invading and interfering a network system, retains the networking and systematization superiority of an IPVS system, and overcomes the potential safety hazard caused by the openness of the IPVS system.
Embodiment one of the perimeter protection method
Referring to fig. 4, a first embodiment of the perimeter protection method of the present invention includes the following steps:
s1, collecting a monitoring video of the defense deploying point position, and encrypting for the first time by combining the defense deploying point position and the IP information;
s2, transmitting the video after the primary encryption to a source server in a streaming media mode;
s3, the remote terminal requests video content;
s4, copying the video data after primary encryption from the source server by each node of the balanced load module, distributing the response of the remote terminal, and performing secondary mixed encryption on the video data after primary encryption in the process;
s5, the monitoring platform master control module requests the source server to pull the monitoring video stream data, and sends an authorized private key to the remote terminal when the remote terminal pulls the encrypted data stream from the node.
S6, the remote terminal decrypts the encrypted video stream.
The specific processes in some steps can be carried out sequentially or simultaneously.
As an improvement of the perimeter protection method, in step S1, the primary encryption mode is differential feature encryption dce (differential signatures encryption), that is, the differential features of the surveillance video stream of the deployment point, the deployment point position and the IP information are extracted and subjected to discrete sampling, and a discrete sequence (N) uniquely corresponding to the differential features and the deployment point position is generated (N is greater than or equal to 0 and less than or equal to N-1).
As an improvement of the perimeter protection method, in step S4, the quadratic hybrid encryption is to convolve the discrete sequence (N) after sampling the differential features with the secure socket protocol transmission key sequence h (N) (0 ≦ N-1), where the convolution is as follows:
where n is 0. ltoreq. M-1, M is the length of the k (n) sequence, and i varies from ∞ to ∞. Mixing the convolved discrete values K (n) as the transmitted characteristic key; in step S5, the user terminal performs differential feature decryption on the encrypted video stream according to the convolution feature based on the discrete sequence set.
As an improvement of the perimeter protection method, in step S2, video data is encoded by using the encoding standard of h.265, and the discretely sampled video sequence and the source video monitoring stream are pushed to the source server by using a real-time streaming media protocol for storage.
As an improvement of the perimeter protection method, the video stream data transmitted from the source server to the CDN node are all data after secondary hybrid encryption, and in step S5, the monitoring video stream data pulled by the monitoring platform master control module is data after secondary hybrid encryption.
As an improvement of the perimeter protection method, in order to improve efficiency, a content distribution network is adopted for acceleration and load balancing in the streaming media transmission process.
As an improvement of the perimeter protection method, the working principle of the balanced load module is as follows:
the Cache server of the edge layer copies the content of the source server, and when the source server updates the content, the Cache server updates the content in the source server at the same time;
the remote user terminal requests video content;
the DNS server carries out domain name resolution;
the load balancing system schedules the user request and determines the final access address provided for the user. The Load balancing system is realized by using grades and comprises a Global Server Load Balance (GSLB) and a Server Load Balance (SLB), and the GSLB nearby determines a Cache as a user service point according to a user address and request content;
and the Cache server distributes the responded video content to the user terminal.
The DCE mixed SSL encryption technology adopted by the perimeter protection method specifically comprises the following steps: collecting a monitoring video by a front-end camera of a protection module, extracting differential characteristics of monitoring video streams of different defense points, positions of the protection points and IP information, performing discrete sampling to generate a discrete sequence uniquely corresponding to the differential characteristics, wherein the process is named as DCE characteristic sampling, and then transmitting the discrete sequence obtained by the characteristic sampling and an original monitoring video stream to a source server or a cloud end through a switch for storage; and each CDN node copies video stream data from the source server and distributes the user response, the DCE-encrypted video stream data is subjected to secondary mixed encryption transmission by adopting SSL (secure socket layer), namely, a discrete sequence of DCE characteristic sampling is convoluted with an SSL transmission key, and a discrete value after mixed convolution is used as a characteristic key of the current transmission. Because the key rule of DCE mixed SSL mixed encryption is related to the feature set, the user directly obtains the authorized private key from the monitoring platform master control module for decryption.
According to the perimeter protection method and the distributed perimeter protection system, the CDN is adopted for acceleration in the streaming media transmission process, CDN nodes are adopted in the system, the streaming efficiency of a master control platform can be improved, the speed of a remote user accessing a cloud service platform and caching can be ensured, the network security of the perimeter protection system is effectively guaranteed based on the DCE mixed SSL encryption technology, and the intrusion interference and attack on the network level are greatly reduced. The perimeter protection method has an expandable system structure, has stronger network security while ensuring the transmission rate, and is an expandable security integration monitoring platform.
While the invention has been described with reference to specific embodiments thereof, it will be understood by those skilled in the art that the invention is not limited thereto but is intended to cover various modifications and changes, including but not limited to the details shown in the drawings and described in the foregoing detailed description. Any modification which does not depart from the functional and structural principles of the invention is intended to be included within the scope of the following claims.
Claims (10)
1. A perimeter protection system, characterized by: the perimeter protection system comprises:
the protection module collects the monitoring video and encrypts the monitoring video once by combining the defense deploying point position and the IP information;
the source server stores the video stream which is encrypted once and comes from the protection module;
each node of the balanced load module copies the video data after the primary encryption from the source server, and simultaneously distributes and processes the response of the remote terminal, and performs secondary mixed encryption on the video data after the primary encryption in the process;
and the monitoring platform master control module pulls monitoring video stream data from the nodes of the balanced load module and sends an authorized private key to the remote terminal when the remote terminal pulls the secondary mixed encrypted data stream from the nodes.
2. A perimeter protection system according to claim 1, characterized in that: the primary encryption is differential feature encryption, namely, the differential features of the surveillance video stream of the defense deploying point, the defense deploying point position and the IP information are extracted for discrete sampling, and a discrete sequence uniquely corresponding to the defense deploying point is generated; and the secondary mixed encryption is to convolute the discrete sequence after the characteristic sampling and a secure socket protocol transmission key, and the discrete value after the mixed convolution is used as the transmitted characteristic key.
3. A perimeter protection system according to claim 2, characterized in that: the protection module pushes the video sequence after discrete sampling and the source video monitoring stream to a source server for storage by adopting a real-time streaming media protocol.
4. A perimeter protection system according to claim 2, characterized in that: the protection module comprises a front-end network monitoring camera, the front-end network monitoring camera adopts the H.265 coding standard to code video data, the coded video stream and the front-end network monitoring camera are packaged when deploying defense point position information and IP information, and differential characteristics of the coded video stream and the front-end network monitoring camera are extracted in the packaging process to perform discrete sampling.
5. A perimeter protection system according to claim 2, characterized in that: the load balancing module comprises:
the cache server copies the content of the source server, and when the source server updates the content, the cache server synchronously updates, and the cache server also distributes the responded video content to the user terminal;
the load balancing system schedules the remote terminal request and determines a final access address provided for the remote terminal; the load balancing system comprises global load balancing and server load balancing, wherein the global load balancing determines a buffer as a user service point nearby according to the address of the remote terminal and the request content; and
and the domain name system is used for carrying out domain name resolution.
6. A perimeter protection method, characterized by: the perimeter protection method comprises the following steps:
s1, collecting a monitoring video of the defense deploying point position, and encrypting for the first time by combining the defense deploying point position and the IP information;
s2, transmitting the video after the primary encryption to a source server in a streaming media mode;
s3, the remote user terminal requests video content;
s4, copying the video data after primary encryption from the source server by each node of the balanced load module, distributing the response of the remote terminal, and performing secondary mixed encryption on the video data after primary encryption in the process;
s5, the monitoring platform master control module requests the source server to pull the monitoring video stream data, and sends an authorized private key to the remote terminal when the remote terminal pulls the encrypted data stream from the node.
S6, the remote terminal decrypts the encrypted video stream.
7. A method of perimeter protection according to claim 6, characterized in that: in step S1, the primary encryption mode is differential feature encryption, that is, the differential features of the surveillance video stream of the defense deployment point, the defense deployment point position and the IP information are extracted to perform discrete sampling, and a discrete sequence uniquely corresponding to the extracted differential features and defense deployment point position is generated.
8. A method of perimeter protection according to claim 7, characterized in that: in step S4, the secondary hybrid encryption is to convolve the discrete sequence after the feature sampling with the secure socket protocol transmission key, and the discrete value after the hybrid convolution is used as the transmitted feature key; in step S5, the user terminal performs differential feature decryption on the encrypted video stream according to the convolution feature based on the discrete sequence set.
9. A method of perimeter protection according to claim 6, characterized in that: in step S2, video data is encoded by using the encoding standard of h.265, and the discretely sampled video sequence and the source video monitoring stream are pushed to the source server by using the real-time streaming media protocol for storage.
10. A method of perimeter protection according to claim 6, characterized in that: in the process of streaming media transmission, a content distribution network is adopted for acceleration and load balancing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010405734.3A CN111641808B (en) | 2020-05-14 | 2020-05-14 | Perimeter protection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010405734.3A CN111641808B (en) | 2020-05-14 | 2020-05-14 | Perimeter protection system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111641808A true CN111641808A (en) | 2020-09-08 |
| CN111641808B CN111641808B (en) | 2021-09-07 |
Family
ID=72332053
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010405734.3A Active CN111641808B (en) | 2020-05-14 | 2020-05-14 | Perimeter protection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111641808B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6918038B1 (en) * | 1996-08-13 | 2005-07-12 | Angel Secure Networks, Inc. | System and method for installing an auditable secure network |
| US20070174362A1 (en) * | 2006-01-18 | 2007-07-26 | Duc Pham | System and methods for secure digital data archiving and access auditing |
| CA2647470A1 (en) * | 2006-03-15 | 2007-09-20 | Terayon Communications Systems, Inc. | Decryption key reuse in encrypted digital data stream distribution systems |
| US20110145560A1 (en) * | 2009-12-11 | 2011-06-16 | Electronics And Telecommunications Research Institute | Adaptive security policy based scalable video service apparatus and method |
| CN104618419A (en) * | 2014-08-02 | 2015-05-13 | 江苏物泰信息科技有限公司 | Scheme based on content sharing policy in cloud |
| CN106375721A (en) * | 2016-09-14 | 2017-02-01 | 重庆邮电大学 | Smart video monitoring system based on cloud platform |
| CN108322776A (en) * | 2018-02-02 | 2018-07-24 | 深圳爱影科技有限公司 | Virtual reality cinema release system |
| CN108777677A (en) * | 2018-05-18 | 2018-11-09 | 上海小蚁科技有限公司 | cloud storage data security protection method and device, storage medium, camera, computing device |
-
2020
- 2020-05-14 CN CN202010405734.3A patent/CN111641808B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6918038B1 (en) * | 1996-08-13 | 2005-07-12 | Angel Secure Networks, Inc. | System and method for installing an auditable secure network |
| US20070174362A1 (en) * | 2006-01-18 | 2007-07-26 | Duc Pham | System and methods for secure digital data archiving and access auditing |
| CA2647470A1 (en) * | 2006-03-15 | 2007-09-20 | Terayon Communications Systems, Inc. | Decryption key reuse in encrypted digital data stream distribution systems |
| US20110145560A1 (en) * | 2009-12-11 | 2011-06-16 | Electronics And Telecommunications Research Institute | Adaptive security policy based scalable video service apparatus and method |
| CN104618419A (en) * | 2014-08-02 | 2015-05-13 | 江苏物泰信息科技有限公司 | Scheme based on content sharing policy in cloud |
| CN106375721A (en) * | 2016-09-14 | 2017-02-01 | 重庆邮电大学 | Smart video monitoring system based on cloud platform |
| CN108322776A (en) * | 2018-02-02 | 2018-07-24 | 深圳爱影科技有限公司 | Virtual reality cinema release system |
| CN108777677A (en) * | 2018-05-18 | 2018-11-09 | 上海小蚁科技有限公司 | cloud storage data security protection method and device, storage medium, camera, computing device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111641808B (en) | 2021-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rani et al. | Threats and corrective measures for IoT security with observance of cybercrime: A survey | |
| KR101320350B1 (en) | Secure management server and video data managing method of secure management server | |
| CN101420587B (en) | Network video collecting device, network video monitoring system and method | |
| US11496472B2 (en) | System and method for secure access to camera systems | |
| US11070531B2 (en) | Data communication system and method | |
| JP2016021649A (en) | Image processing system, image processing device and image processing method | |
| Chang et al. | Effective distributed service architecture for ubiquitous video surveillance | |
| JP2019527524A (en) | Network separation device and video surveillance system including the same | |
| Kim et al. | A study on the security threats and privacy policy of intelligent video surveillance system considering 5G network architecture | |
| KR102128945B1 (en) | Video transmission system based on edge cloud | |
| Rabieh et al. | Privacy-preserving and efficient sharing of drone videos in public safety scenarios using proxy re-encryption | |
| CN202713535U (en) | Video and audio monitoring network system | |
| JP2016184917A (en) | Monitoring system and reproduction device | |
| CN111641808B (en) | Perimeter protection system and method | |
| Prantl et al. | Simpl: Secure iot management platform | |
| Lee et al. | A secure framework of the surveillance video network integrating heterogeneous video formats and protocols | |
| CN115134080A (en) | Data transmission method and device based on security encryption chip | |
| WO2014185814A1 (en) | System for transmitting video data from a plurality of simultaneously occurring territorially dispersed events | |
| Tymochko et al. | Research of providing the video information protection using wireless technologies for aerial reconnaissance by unmanned aerial vehicles | |
| KR101857708B1 (en) | Network Separation Device and Video Surveillance System Employing the Same | |
| Vagts et al. | Security and privacy challenges in modern surveillance systems | |
| Podlesny et al. | Mathematical Model of the Process Encoding and Transmitting Video in Face of Cyberattacks | |
| Zia et al. | A scalable and secure model for surveillance cameras in resource constrained IoT systems | |
| Park et al. | Study on strengthening plan of safety network CCTV monitoring by steganography and user authentication | |
| US10395496B2 (en) | Alarm and surveillance system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230508 Address after: Room 205, Building 7, Sanshan Science and Technology Innovation Center, No. 12 Ganggang Road, Guicheng Street, Nanhai District, Foshan City, Guangdong Province, 528200 Patentee after: Shenghui New Energy Co.,Ltd. Address before: No.17 Huanzhen Road, Chihua residential committee, Chencun Town, Shunde District, Foshan City, Guangdong Province Patentee before: Shenghui Holdings Ltd. |
|
| TR01 | Transfer of patent right |