CN113114705B - Credible and programmable video internet of things terminal endogenous security detection method and device - Google Patents

Credible and programmable video internet of things terminal endogenous security detection method and device Download PDF

Info

Publication number
CN113114705B
CN113114705B CN202110660358.7A CN202110660358A CN113114705B CN 113114705 B CN113114705 B CN 113114705B CN 202110660358 A CN202110660358 A CN 202110660358A CN 113114705 B CN113114705 B CN 113114705B
Authority
CN
China
Prior art keywords
entity
safety detection
security
security detection
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110660358.7A
Other languages
Chinese (zh)
Other versions
CN113114705A (en
Inventor
王滨
刘松
万里
姚相振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN202110660358.7A priority Critical patent/CN113114705B/en
Publication of CN113114705A publication Critical patent/CN113114705A/en
Application granted granted Critical
Publication of CN113114705B publication Critical patent/CN113114705B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Alarm Systems (AREA)

Abstract

The application provides a credible and programmable video internet of things terminal endogenous safety detection method and device, and the method comprises the following steps: the module operation entity acquires the security detection entity, the signature information and the public key from the third-party equipment; verifying the security detection entity based on the public key and the signature information; and if the verification is passed, operating the safety detection entity. The module operation entity receives a safety detection result from the safety detection entity, wherein the safety detection result is obtained by the safety detection entity performing safety detection on the equipment to be detected based on the safety detection parameters and the address information of the equipment to be detected. And the module operation entity determines the operation state of the equipment to be detected based on the safety detection result and outputs the alarm information of the equipment to be detected when the operation state is abnormal. According to the technical scheme, the safety detection entity is not required to be loaded by extra hardware resources, equipment resources are saved, endogenous safety detection of the video Internet of things terminal is achieved, and the safety detection entity is guaranteed to be credibly executed.

Description

Credible and programmable video internet of things terminal endogenous security detection method and device
Technical Field
The application relates to the technical field of video security, in particular to a method and a device for detecting endogenous security of a credible and programmable video internet of things terminal.
Background
The video internet of things is a video network composed of video front-end equipment, forwarding equipment, a video server and other equipment, and along with the development of IP (Internet of things) and intellectualization of the video internet of things, the video internet of things brings convenience and brings corresponding safety problems, for example, a video internet of things terminal (such as the video front-end equipment, the video server and the like) may have safety defects or security holes, so that the video internet of things has potential safety hazards.
In order to find a video internet of things terminal with a safety problem in a video internet of things, one or more safety detection devices are generally deployed in the video internet of things, and all video internet of things terminals of the video internet of things are continuously scanned through the safety detection devices, so that the video internet of things terminal with the safety problem is found out.
However, in practical application, the safety detection device needs to be maintained by operation and maintenance personnel, which wastes human resources of the operation and maintenance personnel. The safety detection equipment lacks the pertinence to the detection of the video Internet of things and causes damage to the equipment.
Disclosure of Invention
The application provides a credible and programmable video internet of things terminal endogenous safety detection method, which is applied to a video internet of things terminal, wherein a module operation entity is configured in the video internet of things terminal, and the method comprises the following steps:
the module operation entity acquires a security detection entity, signature information corresponding to the security detection entity and a public key corresponding to the security detection entity from third-party equipment; the signature information is obtained by the third-party equipment by adopting a private key corresponding to the public key to sign the security detection entity;
the module operation entity verifies the security detection entity based on the public key and the signature information; if the verification is passed, the security detection entity is operated at the video Internet of things terminal;
the module operation entity receives a safety detection result from the safety detection entity, wherein the safety detection result is obtained by the safety detection entity performing safety detection on the equipment to be detected based on the safety detection parameters and the address information of the equipment to be detected;
and the module operation entity determines the operation state of the equipment to be detected based on the safety detection result, and outputs the alarm information of the equipment to be detected when the operation state is abnormal.
Illustratively, the running of the security detection entity by the module running entity at the video internet of things terminal includes: the module operation entity acquires an available resource value in the operation process of the video Internet of things terminal; the module operation entity determines a configured predicted resource value of the security detection entity;
and if the difference value between the available resource value and the predicted resource value is greater than a first resource value threshold value, the module operation entity operates the safety detection entity at the video Internet of things terminal.
Illustratively, after the video internet of things terminal runs the security detection entity, the module running entity further includes: in the operation process of the safety detection entity, the module operation entity acquires the actual resource consumption value of the safety detection entity; and if the actual resource consumption value is larger than a second resource value threshold value, the module operation entity closes the safety detection entity operated in the video Internet of things terminal.
Illustratively, after the module running entity runs the security detection entity on the video internet of things terminal, the method further includes: the module operation entity receives heartbeat messages periodically sent by the safety detection entity in the operation process;
if the module operation entity receives the heartbeat message within the preset time, determining that the safety detection entity is in an operation state;
and if the module operation entity does not receive the heartbeat message within the preset time, determining that the safety detection entity is in a closed state, and generating alarm information aiming at the safety detection entity.
Exemplarily, the signing, by the third-party device, the security detection entity with a private key corresponding to the public key to obtain the signature information includes: calculating the security detection entity by adopting a Hash algorithm to obtain first summary information, and encrypting the first summary information by adopting the private key to obtain the signature information; wherein the signature information is added in a package within the security detection entity;
the module operation entity verifies the security detection entity based on the public key and the signature information, and the method comprises the following steps: decrypting the signature information by adopting the public key to obtain first abstract information; calculating the safety detection entity by adopting a Hash algorithm to obtain second abstract information; if the first abstract information is the same as the second abstract information, determining that the security detection entity passes the verification; and if the first summary information is different from the second summary information, determining that the security detection entity fails to verify.
Exemplarily, if the number of the security detection entities is at least two, and there are a first security detection entity and a second security detection entity having a dependency relationship among all the security detection entities, and the operation of the second security detection entity depends on the security detection result of the first security detection entity, the method further includes:
after the video internet of things terminal operates the first safety detection entity, the module operation entity acquires a safety detection result corresponding to the first safety detection entity and determines whether to operate the second safety detection entity based on the safety detection result corresponding to the first safety detection entity;
and if so, operating the second safety detection entity at the video Internet of things terminal.
Illustratively, if the number of the safety detection entities is at least two and each safety detection entity obtains a safety detection result, the determining, by the module operating entity, the operating state of the device to be detected based on the safety detection result includes: the module operation entity acquires a safety detection result corresponding to each safety detection entity; for each safety detection result, the module operation entity determines an operation state corresponding to the safety detection result; if the running state corresponding to any safety detection result is abnormal, determining that the running state of the equipment to be detected is abnormal; if the running states corresponding to all the safety detection results are normal, determining that the running state of the equipment to be detected is normal; alternatively, the first and second electrodes may be,
the module operation entity inquires at least two safety detection results with dependency relationship from all the safety detection results, and determines the operation state of the equipment to be detected based on the at least two safety detection results with dependency relationship; each safety detection result corresponds to one detection type, and at least two detection types corresponding to at least two safety detection results with dependency relationship have dependency relationship.
Illustratively, the module running entity receives the security detection result from the security detection entity, and includes: the module operation entity sends a data request message to the security detection entity, wherein the data request message carries verification parameters matched with the data service of the security detection entity; wherein the data service of the security detection entity is used to indicate the type of authentication parameter;
the module operation entity receives a safety detection result from the safety detection entity; and the safety detection result is sent when the module operation entity is determined to pass the verification after the safety detection entity verifies the module operation entity based on the verification parameters.
Illustratively, the security detection entity is an executable file-based security detection entity; or a security detection entity based on a docker image; the video Internet of things terminal is a video front-end device or a video server.
The application provides a credible and programmable video internet of things terminal endogenous safety detection device, which is applied to a video internet of things terminal and comprises a module operation entity and a safety detection entity; wherein:
the module operation entity is used for acquiring a security detection entity, signature information corresponding to the security detection entity and a public key corresponding to the security detection entity from third-party equipment; the signature information is obtained by the third-party equipment by adopting a private key corresponding to the public key to sign the security detection entity;
and verifying the security detection entity based on the public key and the signature information; if the verification is passed, the security detection entity is operated at the video Internet of things terminal;
the safety detection entity is used for acquiring address information and safety detection parameters of equipment to be detected, carrying out safety detection on the equipment to be detected based on the safety detection parameters and the address information to obtain a safety detection result, and sending the safety detection result to the module operation entity;
and the module operation entity is also used for determining the operation state of the equipment to be detected based on the safety detection result, and outputting the alarm information of the equipment to be detected when the operation state is abnormal operation.
According to the technical scheme, in the embodiment of the application, the safety detection entity is built in the video Internet of things terminal, safety detection is realized through the safety detection entity in the video Internet of things terminal, safety problems of the video Internet of things terminal and other video Internet of things terminals in the same network segment can be detected, the video Internet of things terminal needing protection can be closer, extra hardware resources are not needed to bear the safety detection entity, safety detection equipment does not need to be additionally deployed, equipment resources are saved, endogenous safety detection of the video Internet of things terminal is realized, the problem that operation and maintenance personnel maintain the safety detection equipment independently, and the safety detection equipment needs extra hardware resources is solved. Before the safety detection entity is operated, the safety detection entity is verified based on the signature information and the public key corresponding to the safety detection entity, and the safety detection entity is operated only when the safety detection entity passes the verification, so that all safety detection modules can be reliably detected, and the safety detection entity is ensured to be reliably executed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present application.
Fig. 1A and 1B are schematic networking diagrams of a video internet of things;
fig. 2 is a flow chart of a method for detecting intrinsic safety in a trusted and programmable video internet of things terminal;
fig. 3 is a schematic networking diagram of a video internet of things in an embodiment of the present application;
FIGS. 4A and 4B are schematic diagrams of a security detection entity, a signature distribution entity, and a module execution entity;
fig. 5 is a flow chart of a method for detecting intrinsic safety in a trusted and programmable video internet of things terminal;
fig. 6 is a flow chart of a method for detecting intrinsic safety in a trusted and programmable video internet of things terminal.
Detailed Description
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
The Video internet of things is a Video Network composed of devices such as a Video front-end device, a forwarding device and a Video server, the Video front-end device is a device for collecting Video images, and includes but is not limited to an analog Camera, an IPC (IP Camera), an NVR (Network Video Recorder) and the like, and the type of the Video front-end device is not limited. The video server is a device for managing video front-end devices, and includes, but is not limited to, a management device, an internet of things platform, a terminal device, a PC (Personal Computer), and the like, and the type of the video server is not limited thereto. The forwarding device may be a switch, a router, or the like, and is configured to forward the instruction of the video server to the video front-end device, and forward the video image of the video front-end device to the video server, where the type of the forwarding device is not limited.
Referring to fig. 1A, which is a networking schematic diagram of the video internet of things, the number of the video front-end devices may be at least one, and the video front-end devices may be connected to the video server through the forwarding device.
In order to find a video internet of things terminal (such as a video front-end device and a video server) with a security problem in a video internet of things, a security detection device may be generally deployed in the video internet of things, as shown in fig. 1B, the security detection device is another networking schematic diagram of the video internet of things, and all video internet of things terminals of the video internet of things are continuously scanned through the security detection device, so that the video internet of things terminal with the security problem is found.
However, the safety detection device needs additional hardware resources, needs the operation and maintenance personnel to maintain separately, wastes the human resources of the operation and maintenance personnel, and wastes the device resources. Due to the complexity and the heterogeneity of the video internet of things, the safety detection equipment cannot clearly acquire the IP addresses of all video internet of things terminals in the video internet of things, so that the whole video internet of things needs to be scanned, namely, the whole network segment is scanned, damage is brought to the video internet of things, the safety detection lacks pertinence, and the safety detection of the whole video internet of things needs to be completed within a large time.
In order to solve the above problems, an embodiment of the application provides a video internet of things terminal (also referred to as a video internet of things intelligent terminal) endogenous safety detection framework and mechanism capable of being arranged in a trusted manner, a safety detection entity can be built in the video internet of things terminal, safety detection is realized through the safety detection entity in the video internet of things terminal, and endogenous safety detection of the video internet of things terminal is realized. And all the safety detection modules can be reliably detected, and the safety detection entity is ensured to be executed in a reliable way. When the number of the safety detection entities is at least two, all the safety detection entities can be arranged, random combination arrangement of the safety detection entities is realized, the purpose of adapting to diversified application scenes is achieved, and the requirements of user scenes are met quickly. In summary, in the embodiment of the application, a trusted and programmable video internet of things terminal endogenous security detection framework and mechanism are realized.
The embodiment of the application provides a credible and programmable video internet of things terminal endogenous safety detection method, which can be applied to a video internet of things terminal, and a module operation entity is configured in the video internet of things terminal, namely, the module operation entity can be deployed on the video internet of things terminal as a functional module.
In the embodiment of the application, the security detection can be realized by the video internet of things terminal, namely, the security detection service is deployed at the video internet of things terminal. In order to implement the security detection service, a module operation entity and a security detection entity can be operated in the video internet of things terminal, and the module operation entity and the security detection entity implement the security detection service, that is, the security detection method of the embodiment of the application is adopted to implement the security detection service.
The video internet of things terminal can realize the safety detection service and can execute normal services, such as image acquisition service and the like, and the normal services of the video internet of things terminal are not limited. For example, other services except the security detection service can be used as normal services of the video internet of things terminal, that is, the video internet of things terminal can already realize the normal services before the video internet of things terminal realizes the security detection service. In summary, the security detection service can be used as an abnormal service of the video internet of things terminal.
For example, the video internet of things terminal may be a video front-end device or a video server, that is, the security detection service may be deployed to the video front-end device, and the video front-end device implements the security detection service by using the security detection method according to the embodiment of the present application. The security detection service can also be deployed to a video server, and the video server adopts the security detection method of the embodiment of the application to realize the security detection service.
Referring to fig. 2, a flowchart of a method for detecting intrinsic safety in a trusted and programmable video internet of things terminal, where the method may be applied to the video internet of things terminal, and the method may include the following steps:
step 201, a module running entity obtains a security detection entity, signature information corresponding to the security detection entity, and a public key corresponding to the security detection entity from a third-party device. For example, the signature information may be obtained by the third-party device signing the security detection entity with a private key corresponding to the public key.
For example, the third-party device signs the security detection entity with a private key corresponding to the public key to obtain signature information, which may include but is not limited to: and calculating the security detection entity by adopting a Hash algorithm to obtain first summary information, encrypting the first summary information by adopting the private key to obtain the signature information, and packaging and adding the signature information into the security detection entity. Therefore, after the module running entity acquires the security detection entity from the third-party device, the signature information can be acquired from the security detection entity.
Step 202, the module running entity verifies the security detection entity based on the public key and the signature information; if the verification is passed, the module operation entity operates the safety detection entity at the video Internet of things terminal; and if the verification fails, the module operation entity prohibits the safety detection entity from operating at the video Internet of things terminal.
For example, the module running entity verifies the security detection entity based on the public key and the signature information, which may include but is not limited to: decrypting the signature information by adopting the public key to obtain first abstract information; calculating the safety detection entity by adopting a Hash algorithm to obtain second abstract information; if the first abstract information is the same as the second abstract information, determining that the security detection entity passes the verification; and if the first summary information is different from the second summary information, determining that the security detection entity fails to verify.
For example, the module running entity runs the security detection entity at the video internet of things terminal, which may include but is not limited to: a module operation entity acquires an available resource value in the operation process of the video Internet of things terminal, namely a residual resource value in the operation process of the video Internet of things terminal; the module operation entity determines a configured predicted resource value of the security detection entity; and if the difference value between the available resource value and the predicted resource value is greater than a first resource value threshold value, the module operation entity operates the safety detection entity at the video Internet of things terminal.
For example, after the video internet of things terminal runs the security detection entity, the module running entity may further obtain (e.g., periodically obtain) an actual resource consumption value of the security detection entity during the running process of the security detection entity. If the actual resource consumption value is greater than the second resource value threshold, the module operation entity may also close the security detection entity operating in the video internet of things terminal.
For example, after the module operation entity operates the security detection entity at the video internet of things terminal, the module operation entity may receive a heartbeat message periodically sent by the security detection entity in an operation process, for example, in the operation process of the security detection entity, the security detection entity may periodically send a heartbeat message to the module operation entity, that is, the module operation entity periodically receives the heartbeat message. On this basis, if the module operation entity receives the heartbeat message within the preset time, the module operation entity determines that the safety detection entity is in the operation state. If the module operation entity does not receive the heartbeat message within the preset time, the module operation entity determines that the safety detection entity is in a closed state and generates alarm information aiming at the safety detection entity.
And 203, the module operation entity receives a safety detection result from the safety detection entity, wherein the safety detection result is obtained by the safety detection entity through carrying out safety detection on the equipment to be detected based on the safety detection parameters and the address information of the equipment to be detected. For example, the security detection entity obtains address information and security detection parameters of the device to be detected, performs security detection on the device to be detected based on the security detection parameters and the address information to obtain a security detection result of the device to be detected, and sends the security detection result to the module operation entity, that is, the module operation entity receives the security detection result from the security detection entity.
For example, the module running entity receives the security detection result from the security detection entity, which may include but is not limited to: the module operation entity sends a data request message to the security detection entity, wherein the data request message carries the verification parameters matched with the data service of the security detection entity, and the data service of the security detection entity is used for indicating the type of the verification parameters. The module operation entity receives a safety detection result from the safety detection entity, wherein the safety detection result can be sent when the module operation entity is determined to pass the verification after the safety detection entity verifies the module operation entity based on the verification parameter. For example, after receiving the data request message, the security detection entity may verify the module running entity based on the verification parameter in the data request message; if the verification is passed, the safety detection entity can send the safety detection result to the module operation entity; and if the verification fails, the security detection result is forbidden to be sent to the module operation entity.
And 204, the module operation entity determines the operation state of the equipment to be detected based on the safety detection result, and outputs the alarm information of the equipment to be detected when the operation state is abnormal.
Exemplarily, if the number of the security detection entities is at least two, and there are a first security detection entity and a second security detection entity having a dependency relationship in all the security detection entities, and the operation of the second security detection entity depends on the security detection result of the first security detection entity, then: after the video internet of things terminal operates the first security detection entity, the module operation entity can acquire a security detection result corresponding to the first security detection entity and determine whether to operate the second security detection entity based on the security detection result corresponding to the first security detection entity; if so, the module operation entity operates a second safety detection entity at the video Internet of things terminal; and if not, the module operation entity does not operate a second safety detection entity at the video Internet of things terminal.
For example, if the number of the safety detection entities is at least two, and each safety detection entity obtains a safety detection result, the module operating entity determines the operating state of the device to be detected based on the safety detection result, which may include but is not limited to: and the module operation entity acquires the safety detection result corresponding to each safety detection entity. For each safety detection result, the module operation entity determines an operation state corresponding to the safety detection result; if the running state corresponding to any safety detection result is abnormal, the module running entity can determine that the running state of the equipment to be detected is abnormal; and if the running states corresponding to all the safety detection results are normal, the module running entity can determine that the running state of the equipment to be detected is normal.
Or the module operation entity inquires at least two safety detection results with dependency relationship from all the safety detection results, and determines the operation state of the equipment to be detected based on the at least two safety detection results with dependency relationship; illustratively, each safety detection result corresponds to one detection type, and at least two detection types corresponding to at least two safety detection results with dependency relationship have dependency relationship.
In the above embodiment, the security detection entity may be an executable file-based security detection entity; alternatively, the security detection entity may be a security detection entity based on a docker image, which is not limited thereto.
According to the technical scheme, in the embodiment of the application, the safety detection entity is built in the video Internet of things terminal, safety detection is realized through the safety detection entity in the video Internet of things terminal, safety problems of the video Internet of things terminal and other video Internet of things terminals in the same network segment can be detected, safety problems of other video Internet of things terminals in different network segments can also be detected, the video Internet of things terminal needing protection can be closer, extra hardware resources are not needed to bear the safety detection entity, extra safety detection equipment is not needed to be deployed, equipment resources are saved, endogenous safety detection of the video Internet of things terminal is realized, the problem that operation and maintenance personnel maintain the safety detection equipment independently, the cost is increased, the safety detection equipment needs extra hardware resources, and network damage and the like are caused due to lack of detection pertinence. Before the safety detection entity is operated, the safety detection entity is verified based on the signature information and the public key corresponding to the safety detection entity, and the safety detection entity is operated only when the safety detection entity passes the verification, so that all safety detection modules can be reliably detected, and the safety detection entity is ensured to be reliably executed. When the number of the safety detection entities is at least two, all the safety detection entities can be arranged, so that all the safety detection entities can be randomly assembled and customized according to the actual application scene requirements of users, the random combination arrangement of the safety detection entities is realized, the purpose of adapting to diversified application scenes can be achieved, the fragmented scene requirements of the users can be quickly met, and the scene requirements of the users can be quickly met.
The above technical solution of the embodiment of the present application is described below with reference to specific application scenarios.
Referring to fig. 3, a networking schematic diagram of a video internet of things is shown, where the video internet of things may include a video front-end device and a video server. The video front-end device is internally configured with a module running entity, and the module running entity can run at least one security detection entity, and fig. 3 takes one security detection entity as an example. The video server is internally configured with a module running entity, and the module running entity can run at least one security detection entity, and fig. 3 takes three security detection entities as an example. As shown in fig. 3, the video internet of things may further include a third-party device, the signature issuing entity is configured in the third-party device, and the signature issuing entity may acquire the security detection entity, sign the security detection entity, and send the signed security detection entity to the module operation entity.
To sum up, the endogenous safety inspection framework and the mechanism of the video thing networking terminal that can be arranged of trust that put forward in this application embodiment can relate to safety inspection entity, signature issue entity and module operation entity, and on this basis, the endogenous safety inspection framework and the mechanism of the video thing networking terminal that can be arranged of trust can include:
and constructing a safety detection entity, wherein the safety detection entity is used for carrying out safety detection (such as routing inspection detection) on the network where the video Internet of things terminal is located or the network which can be reached to obtain a safety detection result (routing inspection result). The security detection entity provides a uniform data access interface for an external module (such as a module operation entity) to access or call data, and based on the data access or call of the module operation entity, the security detection entity sends a security detection result to the module operation entity, namely, the security detection result is output to the module operation entity through the data access interface. Referring to fig. 3, a security detection entity may be deployed to a video headend and a video server.
And constructing a signature issuing entity, wherein the signature issuing entity is used for signing the security detection entity, issuing the signed security detection entity to the module operation entity and providing a signature public key of the security detection entity.
And constructing a module operation entity, wherein the module operation entity is used for acquiring the signed safety detection entity and the signature public key from the signature release entity, verifying the signed safety detection entity by using the signature public key, and loading and operating the safety detection entity after the safety detection entity passes the verification. And the module operation entity acquires the safety detection result through a data access interface provided by the safety detection entity and determines the operation state, such as normal operation or abnormal operation, based on the safety detection result. The module running entity can run at least two security detection entities simultaneously. Referring to fig. 3, the module execution entity may be deployed to the video headend equipment and the video server.
Referring to fig. 4A, the security detection entity may include a security detection module, a parameter obtaining module, and an interface service module, and after the security detection entity is loaded and operated by the module operation entity, the parameter obtaining module may obtain address information (for example, an IP address field to be detected) and security detection parameters of the device to be detected. The safety detection module can carry out safety detection on the equipment to be detected based on the safety detection parameters and the address information to obtain a safety detection result of the equipment to be detected. The interface service module keeps providing data service to the outside, that is to say, the interface service module can send the safety detection result of the equipment to be detected to the module operation entity.
Referring to fig. 4A, the signature issuing entity may include an entity signature module, a public key distribution module, and an entity distribution module, where the entity signature module is configured to sign the security detection entity, so as to obtain the signed security detection entity. And the entity distribution module is used for issuing the signed security detection entity to the module operation entity. The public key distribution module is used for issuing the signature public key of the security detection entity to the module operation entity.
Referring to fig. 4A, the module operation entity may include a security detection entity verification module, a security detection entity loading module, a security detection entity management module, a security data analysis module, and a security alarm module.
The security detection entity verification module is used for verifying the security detection entity, namely verifying the validity of the signed security detection entity operated in the module operation entity, wherein the verification result is that the verification is passed or the verification is not passed. If the verification result of the safety detection entity is that the verification is passed, the safety detection entity loading module can normally load and operate the safety detection entity; and if the verification result of the security detection entity is that the verification fails, the security detection entity loading module discards the security detection entity and informs that an illegal security detection entity is loaded. The safety detection entity management module is used for managing the running safety detection entities, monitoring the conditions of the functional state, the resource consumption and the like of the running safety detection entities and uniformly arranging the safety detection entities. The safety data analysis module acquires a safety detection result of the safety detection entity in real time by calling an interface service module of the safety detection entity, and performs safety event analysis based on the safety detection result, namely, determines the running state of the equipment to be detected based on the safety detection result, wherein the running state is abnormal or normal. When the operation state is abnormal, the safety alarm module generates and outputs alarm information of the equipment to be detected, namely, corresponding safety events are alarmed, and therefore one-time complete safety detection analysis is completed.
In a possible implementation manner, referring to fig. 4B, the security detection entity may further add a heartbeat data sending module, where the heartbeat data sending module is configured to send a heartbeat message periodically. The module operation entity can also be added with a heartbeat data receiving module, and the heartbeat data receiving module is used for receiving heartbeat messages of the currently operated safety detection entity and determining the current state of the safety detection entity based on the heartbeat messages. For example, if the heartbeat data receiving module receives a heartbeat message, it is determined that the security detection entity is in an operating state, and if the heartbeat data receiving module does not receive the heartbeat message, it is determined that the security detection entity is in a closed state.
In a possible implementation manner, the framework and the mechanism for detecting intrinsic security of a trusted and programmable video internet of things terminal provided by the embodiment of the present application can be shown in fig. 5, and may include the following steps:
step 501, the security detection entity is sent to the signature issuing entity. The security detection entity may be an executable file-based security detection entity, that is, the security detection entity may be a packaged executable file, and the function of the security detection entity may be realized by running the executable file. Or, the security detection entity may be a security detection entity based on a docker mirror image, that is, the security detection entity may be a packaged docker mirror image, and the function of the security detection entity may be realized by operating the docker mirror image.
Step 502, the signature issuing entity signs the security detection entity by using a private key (i.e. a signature private key) to obtain signature information, and adds the signature information to the security detection entity. For example, referring to fig. 6, the signature issuing entity may sign the security detection entity as follows:
step 5021, the signature issuing entity adopts a hash algorithm (namely, a hash algorithm) to operate the safety detection entity to obtain first abstract information. For example, the hash algorithm such as md5 or sha256 may be used to hash the security detection entity to obtain the first digest information, that is, the first digest information is md5 (security detection entity), or the first digest information is sha256 (security detection entity).
Step 5022, the signature issuing entity encrypts the first summary information by using a private key to obtain signature information corresponding to the security detection entity. For example, the first digest information is encrypted by using a signature algorithm to obtain signature information, when the first digest information is encrypted by using the signature algorithm, the first digest information is encrypted by using a private key and is encrypted offline, so that the private key is not leaked, and the signature information is ENY { first digest information } private _ key, which means that the first digest information is encrypted based on the private _ key (ENY).
Step 5023, the signature issuing entity encodes the signature information to obtain the encoded signature information. For example, the signature information is encoded by using base64, and the encoded signature information is obtained.
Step 5024, the signature issuing entity packs the coded signature information and adds the coded signature information into the security detection entity. For example, the encoded signature information may be filled in a file header of the security detection entity to obtain a new security detection entity, where the new security detection entity is the security detection entity carrying the signature information.
In summary, the signature issuing entity may obtain the security detection entity carrying the signature information.
Step 503, the signature issuing entity sends the security detection entity carrying the signature information to the module operating entity, and sends a public key (i.e. a signature public key) corresponding to a private key for signing the security detection entity to the module operating entity, that is, the private key and the public key form a key pair.
In step 504, the module operation entity parses the signature information from the security detection entity carrying the signature information to obtain the signature information and the security detection entity (i.e. the security detection entity which is sent to the signature release entity and does not carry the signature information), and the module operation entity obtains the public key corresponding to the security detection entity.
In step 505, the module running entity verifies the security detection entity based on the public key and the signature information. If the verification is passed, step 506 is performed. If the verification fails, the module running entity discards the security detection entity and informs that an illegal security detection entity is loaded, namely the security detection entity is tampered.
Illustratively, after the module running entity obtains the public key from the signature issuing entity, the public key is built in the module running entity. After the module operation entity obtains the security detection entity carrying the signature information from the signature release entity, the signature information and the security detection entity are separated, and the signature information and the security detection entity are respectively built in the module operation entity. So far, the public key, the signature information and the security detection entity are built in the module operation entity, and the module operation entity can verify the security detection entity, the verification process is the reverse process of fig. 6, for example, the module operation entity can verify the security detection entity in the following way:
in step 5051, the module running entity decodes the signature information (i.e., the encoded signature information) to obtain the decoded signature information (i.e., the signature information corresponding to the security detection entity in step 5022). For example, the signature information may be decoded by using base64 to obtain decoded signature information.
In step 5052, the module running entity decrypts the decoded signature information by using the public key to obtain the first digest information, that is, the decrypted digest information is the same as the first digest information in step 5021. The decryption process of step 5052 is the reverse process of the encryption process of step 5022, and is not repeated here.
In step 5053, the module running entity performs operation on the security detection entity by using a hash algorithm (i.e., a hash algorithm, such as md5 or sha256 hash algorithm), so as to obtain second digest information.
Step 5054, comparing whether the first summary information is the same as the second summary information. If so, it indicates that the content of the security detection entity is not tampered, i.e., the security detection entity is legal, and the security detection entity is authentic and can be loaded for operation, step 5055 is executed, otherwise, it indicates that the content of the security detection entity is tampered, i.e., the security detection entity is illegal, and the security detection entity is not authentic, and step 5056 is executed.
At step 5055, the module run entity determines that the security detection entity has verified.
At step 5056, the module running entity determines that the security detection entity fails verification.
In summary, the module operation entity may verify the security detection entity, complete the validity verification process for the security detection entity, ensure that the security detection entity operating on the module operation entity is legal and authentic, and does not interfere with the environment where the module operation entity is located, thereby ensuring the security of the module operation entity.
In step 506, the module running entity runs the security detection entity at the video internet of things terminal, for example, after the security detection entity passes the verification, the module running entity may load and run the security detection entity.
In a possible implementation manner, if the verification of the security detection entity passes, that is, the security detection entity is legal, the module running entity may implement the running, management and arrangement of the security detection entity.
Regarding the operation of the security detection entity, after the security detection entity passes the verification, the module operation entity may obtain an available resource value in the operation process of the video internet of things terminal, that is, a remaining resource value in the operation process, for example, a total resource value of the video internet of things terminal may be determined, and a resource value occupied by a normal service of the video internet of things terminal may be determined, and a difference value between the two is the available resource value in the operation process. Of course, the module running entity may also directly count the available resource value in the running process, which is not limited to this.
The module running entity may further determine a configured predicted resource value of the security detection entity, for example, the predicted resource value of the security detection entity may be included in an executable file of the security detection entity, and the predicted resource value is used to indicate a resource value that the security detection entity will occupy after running, and of course, in an actual running process, the resource value actually occupied by the security detection entity may be greater than the predicted resource value, may also be less than the predicted resource value, and may also be equal to the predicted resource value, which is not limited herein.
Based on the acquired available resource value and the predicted resource value, if the difference between the available resource value and the predicted resource value is greater than the first resource value threshold, the module operation entity operates the security detection entity, that is, the security detection entity is in a working state, and can perform security detection on the device to be detected. If the difference value between the available resource value and the predicted resource value is not greater than the first resource value threshold, the module operation entity does not operate the security detection entity, but waits for a preset time period, then obtains the available resource value in the operation process of the video internet of things terminal again, judges whether the difference value between the available resource value and the predicted resource value is greater than the first resource value threshold, and so on until the module operation entity operates the security detection entity.
In the above embodiment, the resource value may be a resource value of a memory resource, or may also be a resource value of a CPU (Central Processing Unit) resource, and the type of the resource value is not limited.
For example, the first resource value threshold may be a positive value configured empirically, and is not limited to this first resource value threshold. When the available resource value is greater than the predicted resource value and the difference between the available resource value and the predicted resource value is greater than the first resource value threshold, it is indicated that even if the security detection entity is operated (the security detection entity occupies the resource matched with the predicted resource value), the video internet of things terminal still has available residual resources (i.e., the difference between the available resource value and the predicted resource value), and the available residual resources are greater than the first resource value threshold, that is, after the security detection entity is operated, the available residual resources are still greater than the first resource value threshold, so that the problems of blockage and the like of the video internet of things terminal can be avoided.
After the security detection entity is operated, the security detection entity can perform security detection on the device to be detected to obtain a security detection result, and the security detection result is sent to the module operation entity through a uniform interface provided by the security detection entity. For example, the detection process of the security detection entity may include:
and step S11, the safety detection entity acquires the address information and the safety detection parameters of the equipment to be detected.
And step S12, the safety detection entity carries out safety detection on the equipment to be detected based on the safety detection parameters and the address information, the detection mode is not limited, and the safety detection result of the equipment to be detected is obtained.
The address information of the device to be detected can be the IP address of the device to be detected, and the number of the devices to be detected can be at least one. Based on the IP address of the equipment to be detected, the safety detection entity can access the equipment to be detected, and then safety detection is carried out on the equipment to be detected. The equipment to be detected can be a video internet of things terminal running the safety detection entity, namely, the safety detection entity carries out safety detection on the video internet of things terminal. The device to be detected can be other video internet of things terminals in the same network segment of the video internet of things terminal, namely, the safety detection entity carries out safety detection on the other video internet of things terminals in the same network segment of the video internet of things terminal. The device to be detected can be other video internet of things terminals of the video internet of things terminal in different network segments, namely, the safety detection entity carries out safety detection on the other video internet of things terminals of the video internet of things terminal in different network segments.
In summary, the security detection entity can perform security detection on any video internet of things terminal, and as long as the security detection entity can acquire the address information of the device to be detected, the security detection entity can perform security detection on the device to be detected. In practical application, the address information may also be an IP network segment, that is, each device corresponding to the IP network segment is a device to be detected, and the security detection entity performs security detection on all devices to be detected corresponding to the IP network segment.
The safety detection parameters of the equipment to be detected are used for representing how to carry out safety detection on the equipment to be detected, are parameters related to safety detection, and are not limited. For example, the security detection parameters may include, but are not limited to, a detection type, such as a weak password type or a vulnerability type, and if the detection type is the weak password type, the security detection entity needs to detect whether the device to be detected has a weak password, and if the detection type is the vulnerability type, the security detection entity needs to detect whether the device to be detected has a vulnerability.
In summary, the security detection entity may perform security detection on the device to be detected based on the security detection parameter, and the security detection manner is related to the security detection parameter, which is not described in detail herein.
And step S13, the security detection entity sends the security detection result to the module operation entity.
For example, the security detection entity may keep providing data services externally, that is, providing a uniform data access interface for an external module (e.g., a module running entity) to perform data access or call, so that the module running entity may access the security detection entity and obtain a security detection result from the security detection entity.
For example, the data access Interface provided by the security detection entity may be a Representational State Transfer API (Application Programming Interface) Interface or an MQTT (Message queue Telemetry Transport) Interface, where data transmission of the two interfaces is stateless, and the data access Interface does not need to be called or detected all the time, so as to ensure low coupling of data acquisition, and thus the security detection entity is dedicated to security detection.
In a possible implementation manner, based on the data access interface provided by the security detection entity, the module operating entity may send a data request message to the security detection entity, the security detection entity receives the data request message sent by the module operating entity, the data request message may carry an authentication parameter matching with a data service (i.e., a data access interface) of the security detection entity, and the data service of the security detection entity is used to indicate a type of the authentication parameter. The security detection entity can verify the module operation entity based on the verification parameter; if the verification is passed, the safety detection entity can send the safety detection result to the module operation entity; and if the verification fails, the security detection entity prohibits sending the security detection result to the module running entity.
For example, the data service (i.e., the data access interface) of the security detection entity is used to indicate that the type of the verification parameter is an authentication code or token, and the like, and the type of the verification parameter is not limited, and the authentication code is taken as an example in the following.
Based on the data access interface provided by the security detection entity, when the module operation entity sends a data request message to the security detection entity, the data request message may carry a target authentication code, and the security detection entity may verify the module operation entity based on the target authentication code, without limitation to the verification process.
In summary, the module operation entity may obtain the safety detection result, and after obtaining the safety detection result, may determine the operation state of the device to be detected based on the safety detection result, where the operation state is normal operation (indicating that no potential safety hazard exists) or abnormal operation (indicating that a potential safety hazard exists). When the operation state is abnormal, the module operation entity can output alarm information aiming at the equipment to be detected, namely, alarms corresponding security events, so that complete security detection analysis is completed once, namely, the module operation entity carries out real-time security alarm according to a security detection result, such as loophole information alarm or weak password information alarm and the like.
Regarding management of the security detection entity, after the security detection entity is operated, the module operation entity may also manage the operating security detection entity, for example, the module operation entity monitors a functional state (i.e., an operating state, such as on or off) of the operating security detection entity, resource consumption (i.e., resource occupation), and the like, so as to implement optimal configuration of the security detection entity based on the information.
In a possible embodiment, during the operation of the security detection entity, the module operation entity may obtain (e.g., periodically obtain) an actual resource consumption value of the security detection entity, that is, a resource value occupied by the security detection entity after the operation. And if the actual resource consumption value is not greater than the second resource value threshold, waiting for the next acquisition period, and re-acquiring the actual resource consumption value of the security detection entity. If the actual resource consumption value is greater than the second resource value threshold, it indicates that the resource value occupied by the security detection entity is large, and may affect the normal service of the video internet of things terminal, resulting in the failure of the normal service.
After the module operation entity closes the safety detection entity, after waiting for a preset time, the module operation entity can acquire an available resource value, namely a residual resource value in the operation process, of the video internet of things terminal in the operation process, and determine a configured predicted resource value of the safety detection entity, if a difference value between the available resource value and the predicted resource value is greater than a first resource value threshold value, the module operation entity can operate the safety detection entity again, namely, the safety detection entity is reloaded, so that the safety detection entity is in a working state, and safety detection can be performed on equipment to be detected. If the difference between the available resource value and the expected resource value is not greater than the first resource value threshold, the module run entity does not run the security detection entity, and so on.
In a possible implementation manner, in the operation process of the security detection entity, the security detection entity may periodically send a heartbeat message to the module operation entity, and if the module operation entity receives the heartbeat message within a preset time, it is determined that the security detection entity is in an operation state. If the module operation entity does not receive the heartbeat message within the preset time, the security detection entity is determined to be in a closed state, namely the security detection entity is illegally closed, and the module operation entity generates alarm information aiming at the security detection entity.
In the above embodiment, if the security detection entity is a process executable file, the process manager may be used to automatically complete monitoring, opening or closing of the security detection entity; if the security detection entity is a docker image file, the docker container can be used for automatically monitoring, opening or closing the security detection entity. The safety detection entities are managed through the process manager or the docker container, so that the safety detection entities are independent and do not interfere with each other, and the running independence of the safety detection entities is guaranteed.
Regarding the arrangement of the safety detection entities, the module operation entity can simultaneously operate at least two safety detection entities, the arrangement and the assembly of a plurality of safety detection entities are ensured by defining a uniform data service (interface service) and a uniform parameter transmission channel (used for acquiring the address information and the safety detection parameters of the equipment to be detected) for the safety detection entities, the safety detection entities can be uniformly arranged, the independence of the safety detection entities is ensured, the safety detection entities can exist depending on the module operation entity, and the cross-platform arrangement is completed along with the difference of the installation environments of the module operation entities. For example, when the module operation entity is deployed at the video internet of things terminal of the embedded platform, the security detection entity is also deployed at the video internet of things terminal of the embedded platform along with the module operation entity, and when the module operation entity is deployed at the video internet of things terminal of the X86 platform, the security detection entity is also deployed at the video internet of things terminal of the X86 platform along with the module operation entity.
In a possible embodiment, if the number of the security detection entities is at least two, and there are a first security detection entity and a second security detection entity having a dependency relationship among all the security detection entities, and the operation of the second security detection entity depends on the security detection result of the first security detection entity, then: after the first security detection entity is operated, the module operation entity may obtain a security detection result corresponding to the first security detection entity, and determine whether to operate the second security detection entity based on the security detection result corresponding to the first security detection entity. And if not, the module operation entity does not operate the second safety detection entity, thereby realizing the arrangement of the safety detection entities.
For example, the video internet of things terminal is deployed with a security detection entity t1, a security detection entity t2 and a security detection entity t3, the operation of the security detection entity t2 depends on the security detection result of the security detection entity t1, the operation of the security detection entity t3 depends on the security detection result of the security detection entity t2, and based on this:
the module running entity first runs the security detection entity t1, but does not run the security detection entity t2 and the security detection entity t3, and after the security detection entity t1 is run, the module running entity may obtain a security detection result corresponding to the security detection entity t1, and the specific obtaining manner refers to the above embodiments, which is described in detail in this step.
It is assumed that the security detection result corresponding to the security detection entity t1 may be the security detection result t11 or the security detection result t12, and the security detection result t11 does not trigger the operation of the security detection entity t2, and the security detection result t12 triggers the operation of the security detection entity t 2. On this basis, if the security detection result corresponding to the security detection entity t1 is t11, the module running entity does not run the security detection entity t2, nor does the module running entity t3 run. If the security check result corresponding to the security check entity t1 is t12, the module operation entity operates the security check entity t2, but the module operation entity does not operate the security check entity t 3.
After the module operation entity operates the security detection entity t2, the module operation entity may obtain the security detection result corresponding to the security detection entity t2, and the specific obtaining manner refers to the above embodiments, which is described in detail in this step.
It is assumed that the security detection result corresponding to the security detection entity t2 may be the security detection result t21 or the security detection result t22, and the security detection result t21 does not trigger the operation of the security detection entity t3, and the security detection result t22 triggers the operation of the security detection entity t 3. On this basis, if the security check result corresponding to the security check entity t2 is t21, the module running entity does not run the security check entity t 3. If the security detection result corresponding to the security detection entity t2 is t22, the module running entity runs the security detection entity t 3.
In summary, the module running entity can implement the arrangement of the security inspection entity t1, the security inspection entity t2 and the security inspection entity t3, and can decide when to run the security inspection entity or not to run the security inspection entity.
In a possible implementation manner, if the number of the security detection entities is at least two, and each security detection entity can obtain the security detection result, the module running entity may obtain the security detection result corresponding to each security detection entity. For each safety detection result, the module operation entity determines an operation state corresponding to the safety detection result; if the running state corresponding to any safety detection result is abnormal running, the running state of the equipment to be detected can be determined to be abnormal running; if the operation states corresponding to all the safety detection results are normal, the operation state of the equipment to be detected can be determined to be normal.
For example, the video internet of things terminal is deployed with a security detection entity t1, a security detection entity t2, and a security detection entity t3, and after the security detection entity t1, the security detection entity t2, and the security detection entity t3 are operated, the module operation entity may obtain a security detection result t11 corresponding to the security detection entity t1, a security detection result t21 corresponding to the security detection entity t2, and a security detection result t31 corresponding to the security detection entity t 3.
If the operation state corresponding to the safety detection result t11 (i.e., the operation state determined based on the safety detection result t 11) is abnormal operation, or the operation state corresponding to the safety detection result t21 is abnormal operation, or the operation state corresponding to the safety detection result t31 is abnormal operation, the module operation entity determines that the operation state of the device to be tested is abnormal operation. If the operation state corresponding to the safety detection result t11 is normal, the operation state corresponding to the safety detection result t21 is normal, and the operation state corresponding to the safety detection result t31 is normal, the module operation entity determines that the operation state of the equipment to be detected is normal.
In summary, the module running entity can realize the arrangement of the security detection entity t1, the security detection entity t2 and the security detection entity t3, and can decide how to utilize the security detection result of the security detection entity.
In a possible implementation manner, if the number of the security detection entities is at least two, and each security detection entity can obtain the security detection result, the module running entity may obtain the security detection result corresponding to each security detection entity. The module operation entity inquires at least two safety detection results with dependency relationship from all the safety detection results, and determines the operation state of the equipment to be detected based on the at least two safety detection results with dependency relationship; each safety detection result corresponds to one detection type, and at least two detection types corresponding to at least two safety detection results with dependency relationship have dependency relationship.
For example, the video internet of things terminal is deployed with a security detection entity t1, a security detection entity t2, and a security detection entity t3, and after the security detection entity t1, the security detection entity t2, and the security detection entity t3 are operated, the module operation entity may obtain a security detection result t11 corresponding to the security detection entity t1, a security detection result t21 corresponding to the security detection entity t2, and a security detection result t31 corresponding to the security detection entity t 3.
Assume that the security detection entity t1 is configured to obtain the security detection result of the detection type s1, that is, the detection type of the security detection result t11 is the detection type s1, the security detection entity t2 is configured to obtain the security detection result of the detection type s2, that is, the detection type of the security detection result t21 is the detection type s2, the security detection entity t3 is configured to obtain the security detection result of the detection type s3, that is, the detection type of the security detection result t31 is the detection type s3, and the detection type s1, the detection type s2, and the detection type s3 have a dependency relationship.
Then, the safety detection result t11, the safety detection result t21, and the safety detection result t31 are safety detection results having a dependency relationship, and the module operating entity needs to determine the operating state of the device to be detected based on the safety detection result t11, the safety detection result t21, and the safety detection result t31, instead of determining the operating state of the device to be detected by using a certain safety detection result (e.g., the safety detection result t 11) alone.
For example, if the safety detection result t11 is x11, the safety detection result t21 is x21, and the safety detection result t31 is x31, the operation state of the device under test is abnormal operation. And if the safety detection result t11 is y11, the safety detection result t21 is x21 or y21, and the safety detection result t31 is x31 or y31, the operation state of the equipment to be detected is normal operation. Of course, the above-described manner is merely an example, and is not limited thereto.
In summary, the module running entity can realize the arrangement of the security detection entity t1, the security detection entity t2 and the security detection entity t3, and can decide how to utilize the security detection result of the security detection entity.
In a possible embodiment, assuming that the video server manages 3 different video access areas, 3 security detection entities may be deployed in the video server, and different security detection entities are used to detect the different video access areas, for example, the security detection entity t1 is used to perform security detection on devices in a first video access area, the security detection entity t2 is used to perform security detection on devices in a second video access area, and the security detection entity t3 is used to perform security detection on devices in a third video access area. In summary, the module running entity can implement the arrangement of the security detection entity t1, the security detection entity t2 and the security detection entity t3, and can decide which devices are to be security-detected by the security detection entity.
According to the technical scheme, the safety detection entity is arranged in the video Internet of things terminal, safety detection is achieved through the safety detection entity in the video Internet of things terminal, the video Internet of things terminal needing protection can be closer to the video Internet of things terminal, extra hardware resources are not needed to bear the safety detection entity, extra safety detection equipment does not need to be deployed, equipment resources are saved, and endogenous safety detection of the video Internet of things terminal is achieved. Before the safety detection entity is operated, the safety detection entity is verified based on the signature information and the public key corresponding to the safety detection entity, and the safety detection entity is operated only when the safety detection entity passes the verification, so that all safety detection modules can be reliably detected, and the safety detection entity is ensured to be reliably executed. When the number of the safety detection entities is at least two, all the safety detection entities can be arranged, so that all the safety detection entities can be randomly assembled and customized according to the actual application scene requirements of users, the random combination arrangement of the safety detection entities is realized, the purpose of adapting to diversified application scenes can be achieved, the fragmented scene requirements of the users can be quickly met, and the scene requirements of the users can be quickly met. The safety detection mechanism can adapt to safety detection under different application scenes, only few resources are needed for protecting the video Internet of things terminals with small quantity in the network, and the large-scale network can be freely arranged according to actual scenes, so that the user requirements can be met more closely. A plurality of different safety detection entities can be arranged for safety detection, for example, a video server manages 3 different video access areas, and then different safety detection entities are used for respectively detecting different video access areas, so that the purpose of quick low-interference safety detection is achieved, hardware resources are reduced, and the blindness of safety detection is reduced. The security detection entity provides a uniform calling interface for the outside and performs security detection for the inside, so that the purposes of random combination and arrangement and adaptation to diversified application scenes are achieved.
Based on the same application concept as the method, the embodiment of the application provides a credible and programmable video internet of things terminal endogenous safety detection device, the device can be applied to the video internet of things terminal, and the device can comprise a module operation entity and a safety detection entity; wherein:
the module operation entity is used for acquiring a security detection entity, signature information corresponding to the security detection entity and a public key corresponding to the security detection entity from third-party equipment; the signature information is obtained by the third-party equipment by adopting a private key corresponding to the public key to sign the security detection entity;
and verifying the security detection entity based on the public key and the signature information; if the verification is passed, the security detection entity is operated at the video Internet of things terminal;
the safety detection entity is used for acquiring address information and safety detection parameters of equipment to be detected, carrying out safety detection on the equipment to be detected based on the safety detection parameters and the address information to obtain a safety detection result, and sending the safety detection result to the module operation entity;
and the module operation entity is also used for determining the operation state of the equipment to be detected based on the safety detection result, and outputting the alarm information of the equipment to be detected when the operation state is abnormal operation.
Illustratively, the module running entity is specifically configured to, when the video internet of things terminal runs the security detection entity: acquiring an available resource value in the running process of the video Internet of things terminal; determining a configured projected resource value for the security detection entity; and if the difference value between the available resource value and the predicted resource value is greater than a first resource value threshold value, operating the safety detection entity at the video Internet of things terminal.
In a possible implementation manner, the module running entity is further configured to, after the video internet of things terminal runs the security detection entity: acquiring an actual resource consumption value of the safety detection entity in the operation process of the safety detection entity; and if the actual resource consumption value is larger than a second resource value threshold value, closing the safety detection entity operated in the video Internet of things terminal.
In a possible implementation manner, the module running entity is further configured to, after the video internet of things terminal runs the security detection entity: receiving heartbeat messages periodically sent by the security detection entity in the operation process; if the heartbeat message is received within the preset time, determining that the safety detection entity is in the running state; and if the heartbeat message is not received within the preset time, determining that the safety detection entity is in a closed state, and generating alarm information aiming at the safety detection entity.
In a possible implementation manner, if the number of the security detection entities is at least two, and there are a first security detection entity and a second security detection entity having a dependency relationship among all the security detection entities, and the operation of the second security detection entity depends on the security detection result of the first security detection entity, after the video internet of things terminal operates the first security detection entity, the module operation entity is further configured to: acquiring a safety detection result corresponding to the first safety detection entity, and determining whether to operate the second safety detection entity based on the safety detection result corresponding to the first safety detection entity; and if so, operating the second safety detection entity at the video Internet of things terminal.
Illustratively, if the number of the safety detection entities is at least two, and each safety detection entity obtains a safety detection result, the module operating entity is specifically configured to, when determining the operating state of the device to be detected based on the safety detection result: acquiring a safety detection result corresponding to each safety detection entity; determining an operating state corresponding to each safety detection result; if the running state corresponding to any safety detection result is abnormal, determining that the running state of the equipment to be detected is abnormal; if the running states corresponding to all the safety detection results are normal, determining that the running state of the equipment to be detected is normal; or querying at least two safety detection results with dependency relationship from all the safety detection results, and determining the running state of the equipment to be detected based on the at least two safety detection results with dependency relationship; each safety detection result corresponds to one detection type, and at least two detection types corresponding to at least two safety detection results with dependency relationship have dependency relationship.
For example, when the security detection entity sends the security detection result to the module running entity, the security detection entity is specifically configured to: receiving a data request message sent by the module operation entity, wherein the data request message carries verification parameters matched with the data service of the safety detection entity; wherein the data service of the security detection entity is used to indicate the type of authentication parameter; verifying the module operation entity based on the verification parameters; and if the verification is passed, sending the safety detection result to the module operation entity.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A credible and programmable video Internet of things terminal endogenous safety detection method is applied to a video Internet of things terminal, and an internal configuration module running entity of the video Internet of things terminal comprises the following steps:
the module operation entity acquires a security detection entity, signature information corresponding to the security detection entity and a public key corresponding to the security detection entity from third-party equipment; the signature information is obtained by the third-party equipment by adopting a private key corresponding to the public key to sign the security detection entity;
the module operation entity verifies the security detection entity based on the public key and the signature information; if the verification is passed, the security detection entity is operated at the video Internet of things terminal;
the module operation entity receives a safety detection result from the safety detection entity, wherein the safety detection result is obtained by the safety detection entity performing safety detection on the equipment to be detected based on the safety detection parameters and the address information of the equipment to be detected; the safety detection entity is used for carrying out safety detection on a network or an reachable network where the video Internet of things terminal is located to obtain a safety detection result; the device to be detected is a video Internet of things terminal operating the safety detection entity, or other video Internet of things terminals of the same network segment of the video Internet of things terminal, or other video Internet of things terminals of different network segments of the video Internet of things terminal; the address information comprises an IP network segment, and the safety detection entity is used for carrying out safety detection on all equipment to be detected corresponding to the IP network segment to obtain a safety detection result of each equipment to be detected;
and the module operation entity determines the operation state of the equipment to be detected based on the safety detection result, and outputs the alarm information of the equipment to be detected when the operation state is abnormal.
2. The method of claim 1,
the module operation entity operates the security detection entity at the video internet of things terminal, and the method comprises the following steps:
the module operation entity acquires an available resource value in the operation process of the video Internet of things terminal;
the module operation entity determines a configured predicted resource value of the security detection entity;
and if the difference value between the available resource value and the predicted resource value is greater than a first resource value threshold value, the module operation entity operates the safety detection entity at the video Internet of things terminal.
3. The method according to claim 1, wherein the module running entity runs the security detection entity after the video internet of things terminal runs the security detection entity, and the method further comprises:
in the operation process of the safety detection entity, the module operation entity acquires the actual resource consumption value of the safety detection entity; and if the actual resource consumption value is larger than a second resource value threshold value, the module operation entity closes the safety detection entity operated in the video Internet of things terminal.
4. The method according to claim 1, wherein the module running entity runs the security detection entity after the video internet of things terminal runs the security detection entity, and the method further comprises:
the module operation entity receives heartbeat messages periodically sent by the safety detection entity in the operation process;
if the module operation entity receives the heartbeat message within the preset time, determining that the safety detection entity is in an operation state;
and if the module operation entity does not receive the heartbeat message within the preset time, determining that the safety detection entity is in a closed state, and generating alarm information aiming at the safety detection entity.
5. The method of claim 1,
the third-party device signs the security detection entity by using a private key corresponding to the public key to obtain the signature information, and the signature information includes: calculating the security detection entity by adopting a Hash algorithm to obtain first summary information, and encrypting the first summary information by adopting the private key to obtain the signature information; wherein the signature information is added in a package within the security detection entity;
the module operation entity verifies the security detection entity based on the public key and the signature information, and the method comprises the following steps: decrypting the signature information by adopting the public key to obtain first abstract information; calculating the safety detection entity by adopting a Hash algorithm to obtain second abstract information; if the first abstract information is the same as the second abstract information, determining that the security detection entity passes the verification; and if the first summary information is different from the second summary information, determining that the security detection entity fails to verify.
6. The method according to any one of claims 1 to 5,
if the number of the security detection entities is at least two, and a first security detection entity and a second security detection entity having a dependency relationship exist in all the security detection entities, the operation of the second security detection entity depends on the security detection result of the first security detection entity, the method further comprises:
after the video internet of things terminal operates the first safety detection entity, the module operation entity acquires a safety detection result corresponding to the first safety detection entity and determines whether to operate the second safety detection entity based on the safety detection result corresponding to the first safety detection entity;
and if so, operating the second safety detection entity at the video Internet of things terminal.
7. The method according to any one of claims 1 to 5, wherein if the number of the safety detection entities is at least two and each safety detection entity obtains a safety detection result, the module operating entity determines the operating state of the device to be detected based on the safety detection result, including:
the module operation entity acquires a safety detection result corresponding to each safety detection entity;
for each safety detection result, the module operation entity determines an operation state corresponding to the safety detection result; if the running state corresponding to any safety detection result is abnormal, determining that the running state of the equipment to be detected is abnormal; if the running states corresponding to all the safety detection results are normal, determining that the running state of the equipment to be detected is normal; alternatively, the first and second electrodes may be,
the module operation entity inquires at least two safety detection results with dependency relationship from all the safety detection results, and determines the operation state of the equipment to be detected based on the at least two safety detection results with dependency relationship; each safety detection result corresponds to one detection type, and at least two detection types corresponding to at least two safety detection results with dependency relationship have dependency relationship.
8. The method according to any one of claims 1 to 5,
the module operation entity receives a safety detection result from the safety detection entity, and comprises:
the module operation entity sends a data request message to the security detection entity, wherein the data request message carries verification parameters matched with the data service of the security detection entity; wherein the data service of the security detection entity is used to indicate the type of authentication parameter;
the module operation entity receives a safety detection result from the safety detection entity; and the safety detection result is sent when the module operation entity is determined to pass the verification after the safety detection entity verifies the module operation entity based on the verification parameters.
9. The method according to any of claims 1-5, wherein the security detection entity is an executable file based security detection entity; or, a security detection entity based on a docker image;
the video Internet of things terminal is a video front-end device or a video server.
10. An endogenous safety detection device of a credible and programmable video Internet of things terminal is characterized by being applied to the video Internet of things terminal and comprising a module operation entity and a safety detection entity; wherein:
the module operation entity is used for acquiring a security detection entity, signature information corresponding to the security detection entity and a public key corresponding to the security detection entity from third-party equipment; the signature information is obtained by the third-party equipment by adopting a private key corresponding to the public key to sign the security detection entity;
and verifying the security detection entity based on the public key and the signature information; if the verification is passed, the security detection entity is operated at the video Internet of things terminal;
the safety detection entity is used for acquiring address information and safety detection parameters of equipment to be detected, carrying out safety detection on the equipment to be detected based on the safety detection parameters and the address information to obtain a safety detection result, and sending the safety detection result to the module operation entity; the safety detection entity is used for carrying out safety detection on a network or an reachable network where the video Internet of things terminal is located to obtain a safety detection result; the device to be detected is a video Internet of things terminal operating the safety detection entity, or other video Internet of things terminals of the same network segment of the video Internet of things terminal, or other video Internet of things terminals of different network segments of the video Internet of things terminal; the address information comprises an IP network segment, and the safety detection entity is used for carrying out safety detection on all equipment to be detected corresponding to the IP network segment to obtain a safety detection result of each equipment to be detected;
and the module operation entity is also used for determining the operation state of the equipment to be detected based on the safety detection result, and outputting the alarm information of the equipment to be detected when the operation state is abnormal operation.
CN202110660358.7A 2021-06-15 2021-06-15 Credible and programmable video internet of things terminal endogenous security detection method and device Active CN113114705B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110660358.7A CN113114705B (en) 2021-06-15 2021-06-15 Credible and programmable video internet of things terminal endogenous security detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110660358.7A CN113114705B (en) 2021-06-15 2021-06-15 Credible and programmable video internet of things terminal endogenous security detection method and device

Publications (2)

Publication Number Publication Date
CN113114705A CN113114705A (en) 2021-07-13
CN113114705B true CN113114705B (en) 2021-09-21

Family

ID=76723572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110660358.7A Active CN113114705B (en) 2021-06-15 2021-06-15 Credible and programmable video internet of things terminal endogenous security detection method and device

Country Status (1)

Country Link
CN (1) CN113114705B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10216542B2 (en) * 2014-03-17 2019-02-26 Huawei Technologies Co., Ltd. Resource comparison based task scheduling method, apparatus, and device
CN109583223B (en) * 2017-09-29 2021-08-13 北京国双科技有限公司 Detection method and device for big data safety deployment
KR102339239B1 (en) * 2017-10-13 2021-12-14 후아웨이 테크놀러지 컴퍼니 리미티드 System and method for cloud-device collaborative real-time user usage and performance anomaly detection
CN109977662B (en) * 2019-03-01 2021-04-02 晋商博创(北京)科技有限公司 Application program processing method, device, terminal and storage medium based on combined public key
CN111565218B (en) * 2020-04-08 2023-03-10 深圳数联天下智能科技有限公司 Data processing method and electronic equipment
CN111901336A (en) * 2020-07-28 2020-11-06 安徽高山科技有限公司 Block chain-based digital identity authentication method

Also Published As

Publication number Publication date
CN113114705A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
US10341321B2 (en) System and method for policy based adaptive application capability management and device attestation
CN111132138B (en) Transparent communication protection method and device for mobile application program
US10122746B1 (en) Correlation and consolidation of analytic data for holistic view of malware attack
TW201642135A (en) Detecting malicious files
CN112765684B (en) Block chain node terminal management method, device, equipment and storage medium
CN113067817B (en) Equipment activation method and device
CN114124583B (en) Terminal control method, system and device based on zero trust
CN112688907A (en) Combined type equipment remote certification mode negotiation method and related equipment
US20210329479A1 (en) Network Analytics
CN115147956B (en) Data processing method, device, electronic equipment and storage medium
CN108769743B (en) Video playing control method, system, node and computer storage medium
CN111698126A (en) Information monitoring method, system and computer readable storage medium
EP3627361B1 (en) Media content control
CN113114705B (en) Credible and programmable video internet of things terminal endogenous security detection method and device
US11558402B2 (en) Virtual switch-based threat defense for networks with multiple virtual network functions
CN109886011B (en) Safety protection method and device
CN110245523B (en) Data verification method, system and device and computer readable storage medium
KR101641306B1 (en) Apparatus and method of monitoring server
US20200344057A1 (en) Cybersecurity guard for core network elements
CN116305005A (en) Application method, device and system of software encryption service
CN110995756B (en) Method and device for calling service
CN113742740B (en) Equipment behavior supervision method, device and storage medium
CN117319088B (en) Method, device, equipment and medium for blocking illegal external connection equipment
Księżopolski et al. On scalable security model for sensor networks protocols
CN114969790A (en) Data processing method, data processing device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant