CN111953656B - Method, device, equipment and medium for monitoring video encryption transmission - Google Patents
Method, device, equipment and medium for monitoring video encryption transmission Download PDFInfo
- Publication number
- CN111953656B CN111953656B CN202010658435.0A CN202010658435A CN111953656B CN 111953656 B CN111953656 B CN 111953656B CN 202010658435 A CN202010658435 A CN 202010658435A CN 111953656 B CN111953656 B CN 111953656B
- Authority
- CN
- China
- Prior art keywords
- video data
- data packets
- video
- monitoring
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 257
- 230000005540 biological transmission Effects 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 title claims abstract description 79
- 230000006855 networking Effects 0.000 claims abstract description 142
- 238000003860 storage Methods 0.000 claims abstract description 9
- 238000012806 monitoring device Methods 0.000 claims description 28
- 238000012795 verification Methods 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 11
- 230000004044 response Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 description 19
- 238000004891 communication Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000000007 visual effect Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000005304 joining Methods 0.000 description 3
- 230000011664 signaling Effects 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/75—Media network packet handling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Closed-Circuit Television Systems (AREA)
Abstract
The embodiment of the invention provides a monitoring video encryption transmission method, a device, electronic equipment and a storage medium, which are applied to a monitoring access server in the video networking, wherein the method comprises the following steps: responding to a monitoring and checking request sent by a video networking terminal in the video networking, and calling a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet; generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets; encrypting the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets; and respectively transmitting the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets. By adopting the technical scheme of the invention, the safety of calling the monitoring video from the Internet can be improved.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a method, an apparatus, a device, and a medium for monitoring video encryption transmission.
Background
The video networking adopts the most advanced Vision Vera real-time high-definition video exchange technology worldwide, so that the real-time transmission of the full-network high-definition video which cannot be realized by the current Internet is realized, tens of services such as high-definition video conference, video monitoring, remote training, intelligent monitoring analysis, emergency command, video telephone, live broadcast, television mail, information release and the like are all integrated into one system platform, and the real-time interconnection and intercommunication of high-definition quality video communication are realized through various terminal equipment.
With the continuous popularization of the internet of view, it is very common to call a monitoring video in the internet of view (for example, a terminal a in the internet of view calls a monitoring B in the internet of view), and based on the security of the internet of view, the called monitoring video in the internet of view is very safe, that is, it is guaranteed that the called monitoring video in the internet of view cannot be stolen. However, with the increase of user demands, a monitoring video in the internet needs to be actually obtained from the internet of view, so as to improve the smoothness and definition of the monitoring video. Thus, a new problem arises: since the monitoring video on the internet side is external network data relative to the video network, the problem that the data security is insufficient to be stolen in the transmission process can be caused. Therefore, how to ensure that the monitoring video on the internet side is safely accessed into the internet of view so that the called internet video is not stolen is a technical problem to be solved urgently.
Disclosure of Invention
In view of the foregoing, embodiments of the present invention provide a method, an apparatus, an electronic device, and a storage medium for encrypted transmission of surveillance video, so as to overcome or at least partially solve the foregoing problems.
In a first aspect of the embodiment of the present invention, a method for transmitting encrypted monitoring video is disclosed, which is applied to a monitoring access server in an internet of view, and the method includes:
responding to a monitoring and checking request sent by a video networking terminal in the video networking, and retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet;
generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets;
encrypting the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets;
and respectively transmitting the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
Optionally, in response to a monitoring view request sent by a view network terminal in the view network, a plurality of video data packets collected by monitoring equipment corresponding to the monitoring view request are invoked from the internet, including:
sending an identity verification request to a network management server in the video network so that the network management server verifies the authority of the video network terminal for calling and monitoring;
and receiving a verification result returned by the network management server, and invoking a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet when the verification result is that the video network terminal has the authority to invoke monitoring.
Optionally, the monitoring access server is further configured with a master virtual terminal and a non-master virtual terminal, and before the plurality of video data packets collected by the monitoring device corresponding to the monitoring and viewing request are invoked from the internet, the method further includes:
sending a current network access request to the network management server through the master virtual terminal;
receiving a signature key returned by the network management server for the current network access request, and adding the video network based on the signature key;
Sending a network access request of the non-master virtual terminal to the network management server, wherein the network access request of the non-master virtual terminal carries the signature key so that the network management server verifies the signature key;
when receiving an instruction that the network management server successfully verifies the signing key, controlling the non-master virtual terminal to join the video network;
when responding to a monitoring and viewing request sent by a video networking terminal in the video networking, retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and viewing request from the Internet, the method further comprises:
binding the non-master virtual terminal with the video networking terminal, and establishing the mutually independent data transmission channels between the non-master virtual terminal and the video networking terminal.
Optionally, generating encryption keys corresponding to the plurality of video data packets respectively according to the plurality of video data packets includes:
for each video data packet of the plurality of video data packets:
obtaining encryption parameters from the video data packet, wherein the encryption parameters at least comprise one of the following: source address, destination address, I-frame data, packet sequence number;
And generating an encryption key corresponding to the video data packet according to the encryption parameter.
Optionally, after encrypting the plurality of video data packets with encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets, the method further includes:
respectively adding a preset encryption and decryption protocol to the plurality of encrypted video data packets to obtain a plurality of video networking encrypted video data packets;
the preset encryption and decryption protocol is used for indicating the association relation between each video network encrypted video data packet and the encryption key corresponding to the video network encrypted video data packet;
transmitting the plurality of video data packets and each encryption key to a video networking terminal through mutually independent data transmission channels, respectively, comprising:
and respectively transmitting the plurality of video network encrypted video data packets and the encryption keys to the video network terminal through mutually independent data transmission channels, so that the video network terminal decrypts the plurality of video network encrypted video data packets through the encryption keys respectively corresponding to the plurality of video network encrypted video data packets based on the preset encryption and decryption protocol.
Optionally, encrypting the plurality of video data packets by using encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets, including:
for each video data packet of the plurality of video data:
analyzing I frame data from the video data packet;
and encrypting the I frame data by adopting an encryption key corresponding to the video data packet to obtain an encrypted video data packet.
In a second aspect of the embodiment of the present invention, a method for encrypting and transmitting a surveillance video is disclosed, which is applied to a video networking terminal in a video networking, and the method includes:
sending a monitoring and checking request to a monitoring access server so that the monitoring access server receives a plurality of video data packets from monitoring equipment in the Internet, generates corresponding encryption keys according to the plurality of video data packets, and encrypts the plurality of video data packets by adopting the corresponding encryption keys respectively to obtain a plurality of encrypted video data packets:
receiving a plurality of encrypted video data packets and encryption keys respectively corresponding to the plurality of encrypted video data packets sent by the monitoring access server through mutually independent data transmission channels;
Decrypting the plurality of encrypted video data packets using encryption keys respectively corresponding to the plurality of encrypted video data packets.
Optionally, each of the plurality of encrypted video data packets includes a preset encryption and decryption protocol, where the preset encryption and decryption protocol is used to indicate an association relationship between each video network encrypted video data packet and an encryption key corresponding to the video network encrypted video data packet; decrypting the plurality of encrypted video data packets using encryption keys respectively corresponding to the plurality of encrypted video data packets, comprising:
for each encrypted video data packet of the plurality of encrypted video data packets:
determining a time stamp of the encrypted video data packet based on a preset encryption and decryption protocol in the encrypted video data packet;
from each received encryption key, the encrypted video data packet is decrypted using the encryption key corresponding to the time stamp.
In a third aspect of the embodiment of the present invention, a monitoring video encryption transmission device is disclosed, which is applied to a monitoring access server in a video network, and the device includes:
the channel establishing module is used for responding to a monitoring and checking request sent by a video networking terminal in the video networking and retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet;
The key generation module is used for generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets;
the encryption module is used for encrypting the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets;
and the sending module is used for respectively sending the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
In a fourth aspect of the embodiment of the present invention, a monitoring video encryption transmission device is disclosed, which is applied to a video networking terminal in video networking, and the device includes:
the request sending module is used for sending a monitoring and checking request to the monitoring access server so that the monitoring access server receives a plurality of video data packets from monitoring equipment in the Internet, generates corresponding encryption keys according to the plurality of video data packets, and encrypts the plurality of video data packets by adopting the corresponding encryption keys respectively to obtain a plurality of encrypted video data packets;
The data receiving module is used for respectively receiving a plurality of encrypted video data packets sent by the monitoring access server and encryption keys respectively corresponding to the plurality of encrypted video data packets through mutually independent data transmission channels;
and the decryption module is used for decrypting the plurality of encrypted video data packets by adopting encryption keys respectively corresponding to the plurality of encrypted video data packets.
The embodiment of the invention also discloses an electronic device, which comprises:
one or more processors; and
one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform the surveillance video encryption transmission method according to the first or second aspect of the embodiments of the present invention.
The embodiment of the invention also discloses a computer readable storage medium, and a stored computer program causes a processor to execute the monitoring video encryption transmission method according to the first aspect or the second aspect of the embodiment of the invention.
The embodiment of the invention has the following advantages:
in this embodiment, the monitoring access server may invoke a plurality of video data packets collected by a corresponding monitoring device from the internet in response to a monitoring view request sent by a view networking terminal in the view networking; generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets; encrypting the plurality of video data packets by adopting the corresponding encryption keys to obtain a plurality of encrypted video data packets; and then, respectively transmitting the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
According to the monitoring video encryption transmission method, on one hand, the monitoring video on the internet side is encrypted at the monitoring access server side, so that the monitoring video is encrypted at the entrance of the video network transmitted from the internet, encryption transmission in the video network is realized, and transmission safety of the monitoring video in the video network is ensured. On the other hand, since the encryption key for encrypting the video data packets is generated based on each video data packet, different video data packets can have different encryption keys, thus ensuring the security of each video data packet. On the other hand, because the data transmission channels which are mutually independent are adopted to respectively transmit the plurality of encrypted video data packets and the encryption keys to the video networking terminal, compared with the mode of transmitting the plurality of encrypted video data packets and the encryption keys through one data transmission channel, the risk of simultaneously stealing the encrypted video data packets and the encryption keys is reduced, and therefore the security of the video data packets is further ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a diagram of a communication environment of an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a method for encrypted transmission of surveillance video according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps of another method for encrypted transmission of surveillance video according to an embodiment of the invention;
FIG. 4 is a flowchart of a method for encrypted transmission of surveillance video according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating steps for monitoring access server joining an Internet of view in an embodiment of the present invention;
FIG. 6 is a flowchart illustrating steps of a method for encrypted transmission of surveillance video according to an embodiment of the invention;
fig. 7 is a flowchart of steps of a video network terminal side executing a method for encrypted transmission of surveillance video in an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a monitoring video encryption transmission device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of still another video encryption transmission device for monitoring according to an embodiment of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
In the field of video networking communication, a monitoring video in the video networking is called in the video networking, and generally, the process of calling the monitoring video is very safe based on a network mechanism specific to the video networking, and the monitoring video cannot be stolen in the transmission process in the video networking.
However, with popularization and application of the internet of view, the internet of view is required to call video from the internet, in this case, since the monitoring video called from the internet is data in the external network, the transmission security of the monitoring video cannot be ensured, and the risk of theft of the monitoring video easily occurs. Therefore, the monitoring video in the internet is urgently required to be safely accessed into the video network, so that the transmission safety of the monitoring video is ensured, and the monitoring video is prevented from being stolen.
In view of this, the applicant has proposed one of the core concepts of the present invention: the monitoring access server encrypts the video data packet acquired by the monitoring equipment in the video network, and then sends the encryption key and the encrypted video data packet to the receiving end in the video network through mutually independent data transmission channels, so that the safe transmission of the monitoring video in the video network is ensured.
Referring to fig. 1, fig. 1 shows a communication environment diagram of an embodiment of the present invention. As shown in fig. 1, the communication environment is a communication environment of internet of view and internet, and includes a monitoring access server, a network management server, a plurality of monitoring devices (only 3 monitoring devices are shown in fig. 1), and a plurality of internet of view terminals (only 3 internet of view terminals are shown in fig. 1). The network management server and the plurality of video networking terminals are located in the video networking, the plurality of monitoring devices are located in the Internet, and the monitoring access server can be simultaneously connected with the Internet and the video networking in a communication mode, so that the monitoring access server is connected with the plurality of monitoring devices in a communication mode on the Internet side, and the network management server and the plurality of video networking terminals can be connected in a communication mode on the video networking side.
In this embodiment, the monitoring access server is a device for retrieving a monitoring video of a monitoring device from the internet and transmitting the monitoring video to the internet of view. The monitoring device may be a camera or other device with video acquisition capability, which may be connected to the monitoring access server via an internet communication link.
The network management server can be used for performing network access authentication and management on the devices needing to be added into the visual network in the visual network, namely, all the devices in the visual network need to be added into the visual network, and when network resources in the visual network are used, the devices need to be added into the visual network through the network management server.
Referring to fig. 2 in combination with the communication environment shown in fig. 1, fig. 2 shows a flow chart of steps of a method for transmitting encrypted monitoring video according to an embodiment of the present application from a monitoring access server side, as shown in fig. 2, specifically may include the following steps:
step S201: and responding to a monitoring and checking request sent by a video networking terminal in the video networking, and retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet.
In this embodiment, when a video networking terminal in the video networking needs to invoke a monitoring video in the internet, a monitoring and checking request may be sent to a monitoring access server, where the monitoring and checking request may carry an identifier of a monitoring device to be checked, for example, an identifier 0123 carrying a monitoring device a.
The monitoring access server can respond to the monitoring and checking request, and determine the monitoring equipment to be called for the video according to the identification of the monitoring equipment carried by the monitoring and checking request, so as to call for the monitoring video from the monitoring equipment. The monitoring access server may call the monitoring video of the monitoring device, send a monitoring video request to the monitoring device, and further receive the monitoring device and split the collected monitoring video stream into a plurality of video data packets and send the video data packets to the monitoring access server in response to the monitoring video request.
In this embodiment, the plurality of video data packets sent by the monitoring device may be sent to the monitoring access server based on an internet protocol.
Step S202: and generating encryption keys respectively corresponding to the video data packets according to the video data packets.
In this embodiment, for each of a plurality of video data packets, an encryption key uniquely corresponding to the video data packet may be generated, so that different video data packets may have different encryption keys. The encryption key may be generated by using a key generation tool, and in this embodiment, the generated key may be a symmetric key, that is, a symmetric encryption is performed on the video data packet. Therefore, the encryption/decryption speed can be improved, and the method is suitable for encryption in a monitoring video calling scene with a large data volume.
Step S203: and encrypting the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets.
In this embodiment, for each video data packet in the plurality of video data packets, an encryption key uniquely corresponding to the video data packet may be used to encrypt the video data packet, thereby obtaining an encrypted video data packet. Thus, a plurality of encrypted video data packets are obtained after the plurality of video data packets are encrypted.
When each video data packet is encrypted, all data of the video data packet may be encrypted, or part of data in the video data packet may be encrypted.
In this way, since different video data packets can be encrypted by different encryption keys, even if a stealer steals one encryption key, only one of the encrypted video data packets can be decrypted, but all the encrypted video data packets cannot be decrypted, so that the security of a plurality of video data packets is ensured.
Step S204: and respectively transmitting the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
In this embodiment, the monitoring access server may create multiple independent data transmission channels between itself and the internet-of-view terminal, and then separately transmit multiple encrypted video data packets and each of the encryption keys by using the multiple independent data transmission channels, so as to implement the multi-channel transmission of the encrypted video data packets and the encryption keys, that is, the transmission channels of the multiple encrypted video data packets and the transmission channels of the encryption keys are different from each other.
In an alternative example, the monitoring access server may create two mutually independent data transmission channels, such that one of the two mutually independent data transmission channels may be used for transmitting a plurality of encrypted video data packets, and the other data transmission channel may be used for transmitting each encryption key. When the method is adopted, as the transmission channels of the plurality of encrypted video data packets and the transmission channels of the encryption keys are mutually different, if a stealer steals the monitoring video, the encrypted video data packets and the encryption keys need to be acquired from the two data transmission channels at the same time, and compared with the transmission of the plurality of encrypted video data packets and the encryption keys by adopting the same data transmission channel, the stealing difficulty is obviously improved. That is, the difficulty of stealing two types of data from one data transmission channel at the same time is less than the difficulty of stealing two types of data from two different data transmission channels. Furthermore, the security of the encrypted video data packet and the security of the encryption key are ensured at the same time, so that the monitoring video is safely accessed from the Internet.
When the embodiment is adopted, the monitoring access server can respond to the monitoring check request sent by the video networking terminal in the video networking and call a plurality of video data packets collected by the corresponding monitoring equipment from the Internet; generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets; encrypting the plurality of video data packets by adopting the corresponding encryption keys to obtain a plurality of encrypted video data packets; and then, respectively transmitting a plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels. Compared with the prior art, the application has the following advantages:
firstly, because the monitoring access server encrypts the monitoring video at the internet side, the monitoring video is encrypted at the entrance of the video network transmitted from the internet, and the transmission safety of the monitoring video in the video network is ensured.
Second, since different video data packets can be encrypted by different encryption keys, the security of each video data packet is ensured.
Thirdly, as a plurality of encrypted video data packets and the encryption keys are respectively sent to the video networking terminal through the mutually independent data transmission channels, the difficulty in stealing the video data packets and the encryption keys is improved, and therefore the safety of the video data packets is further ensured.
In an embodiment, in order to further improve the security of the surveillance video invoked from the internet and improve the complexity of encrypting the video data packet, an encryption transmission method of the surveillance video in the foregoing embodiment may be improved, and further provide another encryption transmission method of the surveillance video, referring to fig. 3, a flowchart illustrating steps of the encryption transmission method of the surveillance video in this embodiment may specifically include the following steps:
step S301: and responding to a monitoring and checking request sent by a video networking terminal in the video networking, and retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet.
The process of step S301 is similar to that of step S201, and the description of step S201 is referred to for relevant points, and will not be repeated here.
After receiving the plurality of video data packets, encryption keys respectively corresponding to the plurality of video data packets can be generated according to the plurality of video data packets. Specifically, the encryption key corresponding to each video data packet may be different, and in this embodiment, the step of generating the encryption key is as follows:
step S302: for each video data packet of the plurality of video data packets, obtaining an encryption parameter from the video data packet, the encryption parameter including at least one of: source address, destination address, I-frame data, packet sequence; and generating an encryption key corresponding to the video data packet according to the encryption parameter.
In this embodiment, for each of a plurality of video data packets, at least one of a source address, a destination address, I-frame data, and a packet sequence number may be acquired from the video data packet as an encryption parameter of the video data packet.
The source address may refer to a MAC address or an IP address of the monitoring device, the destination address may refer to a MAC address of the video networking terminal, the I frame data refers to data of an I frame (key frame) in a video data packet, and the packet sequence number refers to a sequence number of the video data packet in a plurality of video data packets.
In practice, the more data items contained in the encryption parameters, the more complex the encryption key is generated. In this way, the source address, the destination address, the I-frame data and the packet sequence number can be used as encryption parameters, so as to increase the complexity of the encryption key generated subsequently.
Of course, in some embodiments, the transmission link of the surveillance video may also be used as an encryption parameter, for example, the MAC address or IP address of the surveillance access server may be used as an encryption parameter together with the source address, destination address, I-frame data, and packet sequence number. Therefore, the complexity of the encryption key is improved, so that the difficulty of cracking the encryption key is improved, and the security of the encryption key is maintained.
After the above-described encryption parameters are obtained, the encryption key may be generated by a key generation tool. Since the packet sequence numbers of different video data packets are different and the I frame data is also different, the encryption keys corresponding to the different video data packets are different.
After the encryption key is generated, the encryption keys corresponding to different video data packets can be different, so that the video data packets can be encrypted by using the corresponding encryption keys. In order to improve encryption efficiency, in this embodiment, the process of encrypting the video data packet is as follows:
step S303: and analyzing the I frame data from each video data packet in the plurality of video data, and encrypting the I frame data by adopting an encryption key corresponding to the video data packet to obtain an encrypted video data packet.
In this embodiment, the video data generally includes I-frame video data, P-frame video data, and B-frame video data, where the I-frame video data is key frame data, and in general, the I-frame video data needs to be decoded to realize normal playing of the video. In this embodiment, the I frame data of each video data packet may be encrypted by using the corresponding encryption key, so that on one hand, the amount of data to be encrypted is reduced, and on the other hand, the security of the video data packet is ensured, that is, when a stealer steals the video data packet, the I frame video data cannot be decrypted, and the monitoring video cannot be played normally.
In this embodiment, in order to further protect the encryption and decryption policy provided in the present application, that is, different video data packets need to be decrypted by corresponding different encryption keys, a preset encryption and decryption protocol may be added to the multiple encrypted video data packets, so as to obtain multiple video networking encrypted video data packets; the preset encryption and decryption protocol is used for indicating the association relation between each video network encrypted video data packet and the encryption key corresponding to the video network encrypted video data packet.
In this embodiment, the encryption and decryption protocol is used to indicate, at the video networking terminal, encryption policies corresponding to different encryption keys for different encrypted video data packets, so that the video networking terminal obtains the correct encryption key according to the encryption and decryption protocol. The encryption and decryption protocol can be predefined, so that after the video data packet is encrypted to obtain an encrypted video data packet, the preset encryption and decryption protocol can be added into the packet header of the encrypted video data packet, thereby obtaining the video networking encrypted video data packet.
The packet header of the video network encrypted video data packet can also comprise a video network communication protocol, a data transmission protocol and the like. Thus, the video data packet encrypted by the video network can be analyzed only by the terminal in the video network, and the preset encryption and decryption protocol can be analyzed only by the terminal in the video network.
Step S304: and respectively transmitting the plurality of video network encrypted video data packets and the encryption keys to the video network terminal through mutually independent data transmission channels, so that the video network terminal decrypts the plurality of video network encrypted video data packets through the encryption keys respectively corresponding to the plurality of video network encrypted video data packets based on the preset encryption and decryption protocol.
In step S304, the process of sending the plurality of video data packets and the encryption keys to the video network terminal through the mutually independent data transmission channels is similar to the process of step S204, and the description of step S204 is omitted herein.
In this embodiment, the video networking terminal may acquire an encryption policy according to a preset encryption and decryption protocol, and may correctly acquire an encryption key corresponding to each video networking encrypted video data packet according to the encryption policy, so as to correctly decrypt each video networking encrypted video data packet.
By adopting the technical scheme of the embodiment, the method has the following advantages:
firstly, because the source address, the destination address, the I-frame data and the packet serial number of the video data packet are used as encryption parameters, the encryption key for each video data packet is generated, so that different video data packets have different encryption keys, the difficulty of cracking the encryption keys is improved, and the safety of the encryption keys is ensured.
Second, since the I frame data is encrypted when the video data packet is encrypted, the amount of encrypted data is reduced, so that the encryption efficiency can be improved while the security of the video data is ensured.
Thirdly, because the preset encryption and decryption protocol is added in each encrypted video data packet, the video network encrypted video data packet is formed, so that the video network encrypted video data packet can only be analyzed by a terminal in the video network, and the safety of the video data packet is further improved. Meanwhile, the video networking terminal is ensured to correctly decrypt each video networking encrypted video data packet according to a preset encryption and decryption protocol.
In still another practical case, in order to ensure the security of accessing the monitoring video in the internet to the video network, the network management server can avoid the unauthorized terminal from stealing the monitoring video in the internet through the video network, and can further improve the access security policy of the monitoring access server accessing the video network through the network management server so as to avoid illegal devices from stealing the monitoring video.
In order to realize the technical improvement, the master virtual terminal and the non-master virtual terminal can be configured in the monitoring access server so as to help the monitoring access server realize the function of normal data transmission in the video networking and the Internet. In this embodiment, the number of non-primary virtual terminals may be plural, where the primary virtual terminal may be used to manage plural non-primary virtual terminals, for example, to manage network access, network disconnection, and video networking services loaded by the non-primary virtual terminals.
Referring to fig. 4, fig. 4 is a schematic flow chart of a monitoring video encryption transmission method in an example, where, as in fig. 4, the monitoring access server includes 4 non-master virtual terminals, and the monitoring video encryption transmission method of the embodiment is illustrated by taking a monitoring video of the monitoring device a as an example by the video networking terminal 1. As shown in fig. 4, the network management server may be used to perform security verification on the network access of the primary virtual terminal and the non-primary virtual terminal of the monitoring access server, and after the security verification, legal network access of the monitoring access server is implemented, so that the monitoring access server may perform subsequent encrypted transmission of the monitoring video more safely, so as to avoid that the virtual terminals (primary virtual terminal and non-primary virtual terminal) in the monitoring access server are impersonated by an illegal virtual terminal to join the video network, thereby causing potential safety hazard, so that a pre-security defense mechanism may be formed.
Referring to fig. 5, a flowchart illustrating steps for monitoring an access server for joining an internet of view is shown, and as shown in fig. 4, the steps may specifically include:
step S501: and sending a current network access request to a network management server through the master virtual terminal.
In this embodiment, the monitoring access server may have a master virtual terminal, and in practice, the monitoring access server may join the internet of view through the master virtual terminal. Specifically, the master virtual terminal may send a current network access request to the network management server. The request may carry the terminal number of the primary virtual terminal and a pre-stored internet-of-view pass, so that the network management server confirms that the monitoring access server needs to access the network according to the internet-of-view pass and the terminal number. As shown in fig. 4, the master virtual terminal may send login authentication signaling to the network management server to request to join the internet of view.
Step S502: and receiving a signature key returned by the network management server for the current network access request, and adding the video network based on the signature key.
In this embodiment, the network management server may return the signing key to the monitoring access server for the current network access request, and may store the signing key to the monitoring access server.
In practice, when the monitoring access server applies to join the internet of view each time, a signature key different from the last time can be obtained, so that the security of each access of the monitoring access server can be ensured.
Step S503: and sending the network access request of the non-master virtual terminal to the network management server, wherein the network access request of the non-master virtual terminal carries the signature key so that the network management server verifies the signature key.
In practice, since the monitoring access server may need to help the multiple internet-of-view terminals to call the monitoring video of the multiple monitoring devices in the internet at the same time, in this case, the monitoring access server needs to transfer the monitoring video between the monitoring devices and the internet-of-view terminals through the non-master virtual terminal. Thus, it is desirable that non-master virtual terminals also join the view network.
In this embodiment, in order to enable the non-master virtual terminal to safely join the internet of view, so as to avoid the illegal virtual terminal from stealing the monitoring video, the monitoring access server may control the non-master virtual terminal that needs to access the network to send a network access request of the non-master virtual terminal to the network management server, where the request may carry a signature key obtained when accessing the network at a time, so that the network management server verifies the non-master virtual terminal through the signature key. That is, in practice, only if the signing key is carried, it is confirmed that the network access request transmitted by the non-master virtual terminal is legal. As shown in fig. 4, the non-master virtual terminal 1-4 may also send login authentication signaling to the network management server, which carries a signing key to request to join the internet of view.
Step S504: and when receiving an instruction of successful verification of the signing key by the network management server, controlling the non-master virtual terminal to join the video network.
In this embodiment, when the non-master virtual terminal receives an instruction that the verification of the signing key is successful, the virtual terminal may join the internet of view.
By adopting the process, the monitoring access server safely joins the video network through the master virtual terminal, and the non-master virtual terminal also legally joins the video network. The monitoring access server can perform encrypted transmission of the monitoring video through the legal non-master virtual terminal.
Accordingly, referring to fig. 6, a flowchart illustrating steps of the method for encrypted transmission of surveillance video in this embodiment, as shown in fig. 6, may specifically include the following steps:
step S601: and responding to a monitoring and checking request sent by a video networking terminal in the video networking, retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet, binding the non-master virtual terminal with the video networking terminal, and establishing the mutually independent data transmission channels between the non-master virtual terminal and the video networking terminal.
In this embodiment, the master virtual terminal of the monitoring access server may receive the monitoring view request sent by the internet-of-view terminal, and further may bind the non-master virtual terminal legally accessing the internet-of-view terminal with the internet-of-view terminal, and establish the mutually independent data transmission channel between the non-master virtual terminal and the internet-of-view terminal. Thus, when a plurality of video data packets collected by the monitoring device corresponding to the monitoring and viewing request are called from the internet, the non-master virtual terminal can call the plurality of video data packets.
In a specific example, in order to avoid potential safety hazards caused by illegal video access of the internet by the video access terminal, it may be verified whether the video access terminal has the right to access the video when receiving the monitoring and checking request, and then the subsequent steps of establishing the data transmission channel and acquiring the plurality of video data packets are executed when verifying that the video access terminal has the right to access the video.
Specifically, the master virtual terminal of the monitoring access server can send an identity verification request to a network management server in the video network, so that the network management server verifies the authority of the video network terminal to invoke monitoring; and then, receiving a verification result returned by the network management server, and when the verification result is that the video networking terminal has the authority to invoke monitoring, invoking a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet, binding the non-master virtual terminal with the video networking terminal, and establishing the mutually independent data transmission channels between the non-master virtual terminal and the video networking terminal.
The identity verification request sent to the network management server can carry the identifier of the video networking terminal, and the network management server can search the authority of the video networking terminal in a preset terminal authority table according to the identifier of the video networking terminal. The preset terminal permission list can store the use permission of each video networking terminal in the video networking, wherein the permission comprises permission for calling the monitoring video, permission for video networking conference, permission for live broadcast and the like.
When the networking terminal is found to have the right of calling the monitoring video, a plurality of video data packets collected by the monitoring equipment can be called in the Internet, the non-master virtual terminal and the video networking terminal are bound, and mutually independent data transmission channels are established.
As shown in fig. 4, the monitoring access server may send a viewing terminal authentication signaling to the network management server to authenticate the authority of the video networking terminal 1. When the verification result is that the video networking terminal 1 has the authority to call the monitoring device A, the non-master virtual terminal 4 can be bound with the video networking terminal 1, and a first channel and a second channel between the non-master virtual terminal 4 and the video networking terminal 1 are established, wherein the first channel and the second channel are mutually independent. And thus the master virtual terminal 4 may call up a plurality of video data packets of the monitoring device a,
step S602: and the non-master virtual terminal generates encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets.
The process of the present step S602 is similar to the process of the above step S302, and the description of the relevant step S302 is omitted here.
Step S603: and the non-master virtual terminal encrypts the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets.
The process of the present step S603 is similar to the process of the above step S303, and the description of the relevant point with reference to step S303 is omitted here.
Step S604: and the non-master virtual terminal respectively sends the plurality of encrypted video data packets and the encryption keys to the video networking terminal through the mutually independent data transmission channels so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
The process of step S604 is similar to the process of step S304, and the description of step S304 is omitted here.
By adopting the technical scheme, the method has the following advantages:
first, because the network management server can be utilized to perform security verification on network access of the main virtual terminal and the non-main virtual terminal of the monitoring access server, the hidden danger of stealing the monitoring video caused by the fact that an illegal virtual terminal impersonates a virtual terminal (the main virtual terminal and the non-main virtual terminal) in the monitoring access server to join the video network is avoided.
Second, because the authority of the video networking terminal can be verified, the condition that the monitoring video is called by the non-authority video networking terminal is avoided, and the safety of calling the monitoring video from the Internet is ensured.
Based on the same inventive concept, in one embodiment, still another monitoring video encryption transmission method is provided, and referring to fig. 7, the method may be performed by a video networking terminal, and specifically may include the following steps:
step S701: and sending a monitoring and checking request to a monitoring access server so that the monitoring access server receives a plurality of video data packets from monitoring equipment in the Internet, generates corresponding encryption keys according to the plurality of video data packets, and encrypts the plurality of video data packets by adopting the corresponding encryption keys respectively to obtain a plurality of encrypted video data packets.
In this embodiment, a client for calling a monitoring video may be installed in the internet-of-view terminal, and a user may select an identifier of the monitoring video to be called in the client, so that the internet-of-view terminal sends a monitoring view request to the monitoring access server according to the selection of the user, where the monitoring view request may carry the identifier of the monitoring device.
The process of the monitoring access server retrieving the plurality of video data packets to the monitoring device and encrypting the plurality of video data packets to obtain the encrypted video data packets may refer to the process from step S201 to step S203 in the above embodiment, or refer to the process from step S301 to step S303 in the above embodiment.
Step S702: and respectively receiving a plurality of encrypted video data packets sent by the monitoring access server and encryption keys respectively corresponding to the plurality of encrypted video data packets through mutually independent data transmission channels.
In this embodiment, the video networking terminal may acquire a plurality of encrypted video data packets and each encryption key from different data transmission channels, respectively.
Step S703: decrypting the plurality of encrypted video data packets using encryption keys respectively corresponding to the plurality of encrypted video data packets.
In an exemplary embodiment, since the adopted encryption policy corresponds to different encryption keys of different video data packets, in order to avoid that the encryption policy is stolen, a preset encryption and decryption protocol may be encapsulated in the encrypted video data packets, where the preset encryption and decryption protocol is used to indicate an association relationship between each video network encrypted video data packet and the encryption key corresponding to the video network encrypted video data packet.
Then, when decrypting the plurality of encrypted video data packets using encryption keys respectively corresponding to the plurality of encrypted video data packets, for each of the plurality of encrypted video data packets, the encrypted video data packets may be decrypted by:
(1) And determining the time stamp of the encrypted video data packet based on a preset encryption and decryption protocol in the encrypted video data packet.
(2) From each received encryption key, the encrypted video data packet is decrypted using the encryption key corresponding to the time stamp.
In this embodiment, the association relationship between the encrypted video data packet and the encryption key may be: the association relation between the encrypted video data packet and the identifier of the encryption key corresponds to the identifier of only one encryption key, and the association relation can be obtained according to a preset encryption and decryption protocol, wherein the video networking terminal can analyze the packet head of the encrypted video data packet by adopting the video networking protocol, so that the preset encryption and decryption protocol is analyzed.
Of course, the correspondence between the encrypted video data packet and the identifier of the encryption key may be obtained by negotiating between the video networking terminal and the non-virtual terminal in advance. The video networking terminal may determine, according to the timestamp of the encrypted video data packet, an identification of the encryption key corresponding to the timestamp, and further determine the corresponding encryption key.
In an alternative example, the video networking terminal may also determine the identity of the encryption key based on the timestamp of the encrypted video data packet, e.g., the identity of the encryption key may be a combination of the timestamp of the encrypted video data packet and a specific character. For example, assuming that the timestamp of the current encrypted video data packet a is 12456524, the identification of the encryption key for encrypting video data packet a may be 12456524#.
Thus, the video networking terminal can determine the encryption key corresponding to the time stamp according to the time stamp of the encrypted video data packet, so that the encrypted video data packet is correctly decrypted.
In this embodiment, the encrypted video data packet including the preset encryption and decryption protocol is the video networking encrypted video data packet pointed out by the above embodiment.
By adopting the technical scheme of the embodiment, the video networking terminal can safely retrieve the monitoring video of the monitoring device from the Internet, and correctly obtain the encryption key corresponding to each encrypted video packet according to the preset encryption and decryption protocol, so that each encrypted video packet is correctly decrypted.
The following describes a monitoring video encryption transmission method of the present embodiment from a video networking terminal side and a monitoring access server side:
step S001: the monitoring access server sends a current network access request to the network management server through the master virtual terminal;
step S002: the monitoring access server receives a signature key returned by the network management server for the current network access request, and joins the video network based on the signature key;
step S003: the monitoring access server sends a network access request of the non-master virtual terminal to the network management server, wherein the network access request of the non-master virtual terminal carries the signature key so that the network management server verifies the signature key;
Step S004: and when the monitoring access server receives the instruction of successful verification of the signing key by the network management server, controlling the non-master virtual terminal to join the video network.
Step S005: and the video networking terminal sends a monitoring and checking request to the monitoring access server.
Step S006: and the monitoring access server sends an identity verification request to a network management server in the video network so that the network management server verifies the authority of the video network terminal for calling the monitoring.
Step S007: and the monitoring access server receives a verification result returned by the network management server, and when the verification result is that the video network terminal has the authority of calling monitoring, a plurality of video data packets collected by monitoring equipment corresponding to the monitoring and checking request are called from the Internet, the non-master virtual terminal and the video network terminal are bound, and the mutually independent data transmission channel between the non-master virtual terminal and the video network terminal is established.
Step S008: the non-master virtual terminal of the monitoring access server generates encryption keys respectively corresponding to the video data packets according to the video data packets;
Step S009: the non-master virtual terminal of the monitoring access server encrypts the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets;
step S010: and the non-master virtual terminal of the monitoring access server respectively sends the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels.
Step S011: and the video networking terminal receives the plurality of encrypted video data packets and the encryption keys respectively through the mutually independent data transmission channels.
Step S012: and the video networking terminal decrypts the plurality of encrypted video data packets by adopting encryption keys respectively corresponding to the plurality of encrypted video data packets so that the video networking terminal decrypts the plurality of encrypted video data packets by adopting the corresponding encryption keys respectively.
Step S013: and playing the decrypted encrypted video data packets by the video networking terminal.
By adopting the technical scheme, the monitoring video on the internet side is encrypted at the monitoring access server end, so that the monitoring video is encrypted at the entrance of the internet-of-view from the internet, and the transmission safety of the monitoring video in the internet-of-view is ensured. On the other hand, since the encryption key for encrypting the video data packets is generated based on each video data packet, different video data packets can have different encryption keys, thus ensuring the security of each video data packet. On the other hand, as the data transmission channels which are mutually independent are adopted to respectively transmit a plurality of encrypted video data packets and each encryption key to the video networking terminal, the difficulty of simultaneously stealing the encrypted video data packets and each encryption key is increased, and the security of monitoring video in the access internet is further ensured.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Referring to fig. 8, a monitoring video encryption transmission device is shown, which is applied to a monitoring access server in the internet of vision, and the device specifically can include the following modules:
a data obtaining module 801, configured to, in response to a monitoring view request sent by a view networking terminal in the view networking, invoke, from the internet, a plurality of video data packets collected by a monitoring device corresponding to the monitoring view request;
a key generation module 802, configured to generate encryption keys corresponding to the plurality of video data packets respectively according to the plurality of video data packets;
an encryption module 803, configured to encrypt the plurality of video data packets with encryption keys corresponding to the plurality of video data packets, to obtain a plurality of encrypted video data packets;
The sending module 804 is configured to send the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal decrypts the plurality of encrypted video data packets by using the corresponding encryption keys.
Optionally, the data acquisition module 801 may specifically include the following units:
the authentication unit is used for sending an identity authentication request to a network management server positioned in the video network so that the network management server authenticates the authority of the video network terminal for calling and monitoring;
and the result response unit is used for receiving the verification result returned by the network management server, and invoking a plurality of video data packets acquired by the monitoring equipment corresponding to the monitoring and checking request from the Internet when the verification result is that the video network terminal has the authority of invoking monitoring.
Optionally, the monitoring access server is further configured with a primary virtual terminal and a non-primary virtual terminal, and the apparatus may further include the following modules:
the first network access module is used for sending a current network access request to the network management server through the master virtual terminal;
The network access module is used for receiving a signature key returned by the network management server for the current network access request and joining the video network based on the signature key;
the second network access module is used for sending a network access request of the non-master virtual terminal to the network management server, wherein the network access request of the non-master virtual terminal carries the signature key so that the network management server can verify the signature key;
the control module is used for controlling the non-master virtual terminal to join the video network when receiving an instruction of successful verification of the signing key by the network management server;
and the channel establishing module is used for responding to a monitoring and checking request sent by the video networking terminal in the video networking, binding the non-master virtual terminal with the video networking terminal and establishing the mutually independent data transmission channel between the non-master virtual terminal and the video networking terminal.
Optionally, according to the key generating module 802, the following steps may be specifically performed for each video data packet of the plurality of video data packets:
obtaining encryption parameters from the video data packet, wherein the encryption parameters at least comprise one of the following: source address, destination address, I-frame data, packet sequence number;
And generating an encryption key corresponding to the video data packet according to the encryption parameter.
Optionally, the apparatus may further include the following modules:
the protocol adding module is used for adding a preset encryption and decryption protocol to the plurality of encrypted video data packets respectively to obtain a plurality of video networking encrypted video data packets;
the preset encryption and decryption protocol is used for indicating the association relation between each video network encrypted video data packet and the encryption key corresponding to the video network encrypted video data packet;
the sending module 804 may be specifically configured to send the plurality of video networking encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal decrypts the plurality of video networking encrypted video data packets through the encryption keys respectively corresponding to the plurality of video networking encrypted video data packets based on the preset encryption and decryption protocol.
Optionally, the encryption module 803 may specifically perform the following steps for each video data packet in the plurality of video data:
analyzing I frame data from the video data packet;
and encrypting the I frame data by adopting an encryption key corresponding to the video data packet to obtain an encrypted video data packet.
Referring to fig. 9, there is shown a block diagram of still another monitoring video encryption transmission device, which can be applied to a video networking terminal in the video networking, and the device specifically can include the following modules:
the request sending module 901 is configured to send a monitoring view request to a monitoring access server, so that the monitoring access server receives a plurality of video data packets from a monitoring device in the internet, generates corresponding encryption keys according to the plurality of video data packets, and encrypts the plurality of video data packets by using the corresponding encryption keys respectively to obtain a plurality of encrypted video data packets;
a data receiving module 902, configured to receive, through mutually independent data transmission channels, a plurality of encrypted video data packets sent by the monitoring access server and encryption keys corresponding to the plurality of encrypted video data packets respectively;
the decryption module 903 is configured to decrypt the plurality of encrypted video data packets by using encryption keys corresponding to the plurality of encrypted video data packets, respectively.
Optionally, the plurality of encrypted video data packets each include a preset encryption and decryption protocol, where the preset encryption and decryption protocol is used to indicate an association relationship between each video network encrypted video data packet and an encryption key corresponding to the video network encrypted video data packet, and the decryption module 903 may specifically execute the following steps for each encrypted video data packet in the plurality of encrypted video data packets:
Determining a time stamp of the encrypted video data packet based on a preset encryption and decryption protocol in the encrypted video data packet;
from each received encryption key, the encrypted video data packet is decrypted using the encryption key corresponding to the time stamp.
It should be noted that, the device embodiment is similar to the method embodiment, so the description is simpler, and the relevant places refer to the method embodiment.
The embodiment of the invention also provides electronic equipment, which comprises:
one or more processors; and
one or more machine readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform a surveillance video encryption transmission method according to any one of the above embodiments of the present invention.
The embodiment of the invention also provides a computer readable storage medium, and a stored computer program causes a processor to execute the monitoring video encryption transmission method according to any one of the above embodiments of the invention.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The above description of the method, the device, the equipment and the storage medium for monitoring video encryption transmission provided by the invention applies specific examples to illustrate the principle and the implementation of the invention, and the above description of the examples is only used for helping to understand the method and the core idea of the invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (12)
1. The method is characterized by being applied to a monitoring access server in the video networking, and comprises the following steps:
responding to a monitoring and checking request sent by a video networking terminal in the video networking, and retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet;
generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets;
encrypting the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets;
and respectively transmitting the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels, so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
2. The method of claim 1, wherein retrieving, from the internet, a plurality of video data packets collected by a monitoring device corresponding to a monitoring view request in response to the monitoring view request sent by a view networking terminal in the view networking, comprises:
Sending an identity verification request to a network management server in the video network so that the network management server verifies the authority of the video network terminal for calling and monitoring;
and receiving a verification result returned by the network management server, and invoking a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet when the verification result is that the video network terminal has the authority to invoke monitoring.
3. The method of claim 1, wherein the monitoring access server further comprises a master virtual terminal and a non-master virtual terminal, and wherein before retrieving the plurality of video data packets collected by the monitoring device corresponding to the monitoring view request from the internet, the method further comprises:
sending a current network access request to a network management server through the master virtual terminal;
receiving a signature key returned by the network management server for the current network access request, and adding the video network based on the signature key;
sending a network access request of the non-master virtual terminal to the network management server, wherein the network access request of the non-master virtual terminal carries the signature key so that the network management server verifies the signature key;
When receiving an instruction that the network management server successfully verifies the signing key, controlling the non-master virtual terminal to join the video network;
when responding to a monitoring and viewing request sent by a video networking terminal in the video networking, retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and viewing request from the Internet, the method further comprises:
binding the non-master virtual terminal with the video networking terminal, and establishing the mutually independent data transmission channels between the non-master virtual terminal and the video networking terminal.
4. The method of claim 1, wherein generating encryption keys corresponding to the plurality of video data packets, respectively, from the plurality of video data packets, comprises:
for each video data packet of the plurality of video data packets:
obtaining encryption parameters from the video data packet, wherein the encryption parameters at least comprise one of the following: source address, destination address, I-frame data, packet sequence number;
and generating an encryption key corresponding to the video data packet according to the encryption parameter.
5. The method of claim 1, wherein after encrypting the plurality of video data packets using encryption keys corresponding to the plurality of video data packets, respectively, to obtain a plurality of encrypted video data packets, the method further comprises:
Respectively adding a preset encryption and decryption protocol to the plurality of encrypted video data packets to obtain a plurality of video networking encrypted video data packets;
the preset encryption and decryption protocol is used for indicating the association relation between each video network encrypted video data packet and the encryption key corresponding to the video network encrypted video data packet;
transmitting the plurality of video data packets and each encryption key to a video networking terminal through mutually independent data transmission channels, respectively, comprising:
and respectively transmitting the plurality of video network encrypted video data packets and the encryption keys to the video network terminal through mutually independent data transmission channels, so that the video network terminal decrypts the plurality of video network encrypted video data packets through the encryption keys respectively corresponding to the plurality of video network encrypted video data packets based on the preset encryption and decryption protocol.
6. The method according to any one of claims 1-5, wherein encrypting the plurality of video data packets using encryption keys corresponding to the plurality of video data packets, respectively, results in a plurality of encrypted video data packets, comprising:
for each video data packet of the plurality of video data:
Analyzing I frame data from the video data packet;
and encrypting the I frame data by adopting an encryption key corresponding to the video data packet to obtain an encrypted video data packet.
7. The method is characterized by being applied to a video networking terminal in the video networking, and comprises the following steps:
sending a monitoring and checking request to a monitoring access server so that the monitoring access server receives a plurality of video data packets from monitoring equipment in the Internet, generates corresponding encryption keys according to the plurality of video data packets, and encrypts the plurality of video data packets by adopting the corresponding encryption keys respectively to obtain a plurality of encrypted video data packets:
receiving a plurality of encrypted video data packets and encryption keys respectively corresponding to the plurality of encrypted video data packets sent by the monitoring access server through mutually independent data transmission channels;
decrypting the plurality of encrypted video data packets using encryption keys respectively corresponding to the plurality of encrypted video data packets.
8. The method of claim 7, wherein each of the plurality of encrypted video data packets includes a preset encryption/decryption protocol, the preset encryption/decryption protocol being configured to indicate an association between each video-on-line encrypted video data packet and an encryption key corresponding to the video-on-line encrypted video data packet; decrypting the plurality of encrypted video data packets using encryption keys respectively corresponding to the plurality of encrypted video data packets, comprising:
For each encrypted video data packet of the plurality of encrypted video data packets:
determining a time stamp of the encrypted video data packet based on a preset encryption and decryption protocol in the encrypted video data packet;
from each received encryption key, the encrypted video data packet is decrypted using the encryption key corresponding to the time stamp.
9. A monitoring video encryption transmission device, characterized in that it is applied to a monitoring access server in the internet of vision, said device comprising:
the data acquisition module is used for responding to a monitoring and checking request sent by a video networking terminal in the video networking and retrieving a plurality of video data packets acquired by monitoring equipment corresponding to the monitoring and checking request from the Internet;
the key generation module is used for generating encryption keys respectively corresponding to the plurality of video data packets according to the plurality of video data packets;
the encryption module is used for encrypting the plurality of video data packets by adopting encryption keys respectively corresponding to the plurality of video data packets to obtain a plurality of encrypted video data packets;
and the sending module is used for respectively sending the plurality of encrypted video data packets and the encryption keys to the video networking terminal through mutually independent data transmission channels so that the video networking terminal adopts the corresponding encryption keys to respectively decrypt the plurality of encrypted video data packets.
10. A monitoring video encryption transmission device, which is characterized in that the device is applied to a video networking terminal in the video networking, and comprises:
the request sending module is used for sending a monitoring and checking request to the monitoring access server so that the monitoring access server receives a plurality of video data packets from monitoring equipment in the Internet, generates corresponding encryption keys according to the plurality of video data packets, and encrypts the plurality of video data packets by adopting the corresponding encryption keys respectively to obtain a plurality of encrypted video data packets;
the data receiving module is used for respectively receiving a plurality of encrypted video data packets sent by the monitoring access server and encryption keys respectively corresponding to the plurality of encrypted video data packets through mutually independent data transmission channels;
and the decryption module is used for decrypting the plurality of encrypted video data packets by adopting encryption keys respectively corresponding to the plurality of encrypted video data packets.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executed implementing the surveillance video encryption transmission method according to any one of claims 1-6 or 7-8.
12. A computer-readable storage medium, characterized in that a computer program stored therein causes a processor to execute the surveillance video encryption transmission method according to any one of claims 1 to 6 or 7 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010658435.0A CN111953656B (en) | 2020-07-09 | 2020-07-09 | Method, device, equipment and medium for monitoring video encryption transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010658435.0A CN111953656B (en) | 2020-07-09 | 2020-07-09 | Method, device, equipment and medium for monitoring video encryption transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111953656A CN111953656A (en) | 2020-11-17 |
| CN111953656B true CN111953656B (en) | 2024-03-19 |
Family
ID=73340293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010658435.0A Active CN111953656B (en) | 2020-07-09 | 2020-07-09 | Method, device, equipment and medium for monitoring video encryption transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111953656B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112272314B (en) * | 2020-12-15 | 2021-03-26 | 视联动力信息技术股份有限公司 | Method, device, equipment and medium for safely transmitting video in video network |
| CN112738188A (en) * | 2020-12-24 | 2021-04-30 | 广东电网有限责任公司电力科学研究院 | Data cross-network transmission method and device |
| CN112291592B (en) * | 2020-12-29 | 2021-03-26 | 视联动力信息技术股份有限公司 | Control plane protocol-based secure video communication method, device, equipment and medium |
| CN113422984B (en) * | 2021-06-10 | 2022-10-14 | 北京快乐茄信息技术有限公司 | Video processing method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109495258A (en) * | 2018-12-19 | 2019-03-19 | 世纪龙信息网络有限责任公司 | Method and device for decrypting monitoring data, computer equipment and storage medium |
| CN109698935A (en) * | 2017-10-24 | 2019-04-30 | 中国移动通信有限公司研究院 | Monitor video encrypting and decrypting method and device, equipment, storage medium, system |
| CN110493193A (en) * | 2019-07-17 | 2019-11-22 | 视联动力信息技术股份有限公司 | Data transmission method and device |
| CN110557680A (en) * | 2019-07-30 | 2019-12-10 | 视联动力信息技术股份有限公司 | Audio and video data frame transmission method and system |
| WO2020019387A1 (en) * | 2018-07-26 | 2020-01-30 | 网宿科技股份有限公司 | Method for acquiring video resource file, and management system |
-
2020
- 2020-07-09 CN CN202010658435.0A patent/CN111953656B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109698935A (en) * | 2017-10-24 | 2019-04-30 | 中国移动通信有限公司研究院 | Monitor video encrypting and decrypting method and device, equipment, storage medium, system |
| WO2020019387A1 (en) * | 2018-07-26 | 2020-01-30 | 网宿科技股份有限公司 | Method for acquiring video resource file, and management system |
| CN109495258A (en) * | 2018-12-19 | 2019-03-19 | 世纪龙信息网络有限责任公司 | Method and device for decrypting monitoring data, computer equipment and storage medium |
| CN110493193A (en) * | 2019-07-17 | 2019-11-22 | 视联动力信息技术股份有限公司 | Data transmission method and device |
| CN110557680A (en) * | 2019-07-30 | 2019-12-10 | 视联动力信息技术股份有限公司 | Audio and video data frame transmission method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111953656A (en) | 2020-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111953656B (en) | Method, device, equipment and medium for monitoring video encryption transmission | |
| CN109218825B (en) | Video encryption system | |
| CN109151508B (en) | Video encryption method | |
| CN109743170B (en) | Method and device for logging in streaming media and encrypting data transmission | |
| WO2007092588A2 (en) | Secure digital content management using mutating identifiers | |
| CN110662091B (en) | Third-party live video access method, storage medium, electronic device and system | |
| CN108989325A (en) | Encryption communication method, apparatus and system | |
| CN112165596A (en) | Monitoring video data transmission method and device, terminal equipment and storage medium | |
| CN108174151A (en) | Video monitoring system and control method, the call method of video information | |
| CN107145769A (en) | A kind of digital rights management method about DRM, equipment and system | |
| US20230132485A1 (en) | System for Thin Client Devices in Hybrid Edge Cloud Systems | |
| CN107204983A (en) | A kind of SCADA System for Wind Power Farm data transmission technology based on Session Initiation Protocol | |
| CN110933112B (en) | Network access authentication method, device and storage medium | |
| CN102546528B (en) | Stream media playing method and stream media playing equipment | |
| CN101945102A (en) | Method, server and system for authenticating IPTV (intelligent personal television) user validation based on IMS (IP Multimedia Subsystem) | |
| CN113572788A (en) | BACnet/IP protocol equipment authentication safety method | |
| CN113645115B (en) | Virtual private network access method and system | |
| CN110139163B (en) | Method and related device for acquiring bullet screen | |
| CN115604862B (en) | Video streaming transmission method and system | |
| CN107483197B (en) | VPN network terminal key distribution method and device | |
| CN112235320B (en) | Cipher-based video networking multicast communication method and device | |
| CN112291592B (en) | Control plane protocol-based secure video communication method, device, equipment and medium | |
| CN109698966B (en) | Method and device for logging in streaming media and interactively encrypting data | |
| CN108965939A (en) | Media data processing method, device, system and readable storage medium storing program for executing | |
| CN101990771B (en) | Service reporting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |