CN114449216A - Video transmission method and system - Google Patents
Video transmission method and system Download PDFInfo
- Publication number
- CN114449216A CN114449216A CN202111580843.XA CN202111580843A CN114449216A CN 114449216 A CN114449216 A CN 114449216A CN 202111580843 A CN202111580843 A CN 202111580843A CN 114449216 A CN114449216 A CN 114449216A
- Authority
- CN
- China
- Prior art keywords
- key
- video
- server
- initial working
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000005540 biological transmission Effects 0.000 title claims abstract description 31
- 238000012544 monitoring process Methods 0.000 claims abstract description 147
- 238000004422 calculation algorithm Methods 0.000 claims description 22
- 230000004044 response Effects 0.000 claims description 22
- 230000008859 change Effects 0.000 claims description 13
- 239000000126 substance Substances 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 12
- 230000007246 mechanism Effects 0.000 abstract description 10
- 230000006854 communication Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000002035 prolonged effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N5/00—Details of television systems
- H04N5/76—Television signal recording
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a video transmission method and a system, comprising the following steps: the video monitoring security terminal communicates with the key server through the equipment key to acquire an initial working key; the video monitoring security terminal determines a first video encryption key based on the initial working key, and encrypts monitored video source data by using the first video encryption key to obtain video encryption data; the video server communicates with the key server to acquire the initial working key; and the video server determines a second video encryption key based on the initial working key and decrypts the video encryption data based on the second video encryption key to acquire the video source data. The method of the invention simplifies the key updating negotiation process, adopts the different safety mechanisms of the device key and the working key to ensure the safety of the device key, can reduce the complexity of the whole system, the device investment and the resource requirement and ensure the video transmission efficiency.
Description
Technical Field
The present invention relates to the field of video transmission technologies, and in particular, to a video transmission method and system.
Background
With the increasing popularity of various video applications, the security problem of video information is also increasingly highlighted. The application of video is mainly divided into two aspects of storage-oriented and transmission-oriented. For storage-oriented applications, for example, some important video databases need to encrypt video contents stored on storage media such as hard disks, and a legitimate user can decrypt and view correct videos on the premise of acquiring a correct key. There are many transmission-oriented video applications, such as video conferencing, video telephony, streaming media, and telemedicine, among others. In important fields such as military defense, political agencies, application, subsidiary affairs and the like, the various types of video transmission have urgent needs for the confidentiality of video information.
No matter the video application is storage-oriented or transmission-oriented, the practice of only performing identity authentication or private network isolation and the like on a video user to obtain video security proves to be unreliable or expensive. Source encryption, i.e., the encryption of the video content itself, is a major and more important solution to the security of video information. The encryption of the video content itself can ensure that an illegal user cannot correctly decrypt and watch the original correct video image without the key even if the illegal user obtains the video information.
Because the video information has mass data, the traditional total encryption algorithm obviously has huge calculation amount and can not meet the requirement of video real-time transmission. On the other hand, because the mark information of the standard video coding information is in a fixed format, an attacker analyzes the ciphertext after acquiring the ciphertext, extracts the corresponding ciphertext obtained by encrypting the mark information in the plaintext, and can easily break the encryption algorithm by comparing the mark information in the fixed format in the plaintext. And a plurality of flag information of the video information
Other solutions may have drawbacks and problems: the encryption method of the existing encryption method for the video stream is generally complex, so that the encryption speed is low, and the security and the efficiency of the encryption can not be considered at the same time. The related art generally performs encryption and decryption based on a secure transmission link, such as TLS, and the method is too costly and inefficient.
Some schemes adopt an asymmetric algorithm of a certificate of a CA system to perform mutual authentication and key agreement between a server and a terminal, and the CA server needs to be invested, and the life cycle of the certificate is involved, and CRL and the like also need to be verified in real time, so that the system is huge and the project investment is more.
Disclosure of Invention
The invention provides a video transmission method and a video transmission system, which aim to solve the problem of how to safely transmit video data.
In order to solve the above-mentioned problems, according to an aspect of the present invention, there is provided a video transmission method including:
the video monitoring security terminal communicates with the key server through the equipment key to acquire an initial working key;
the video monitoring security terminal determines a first video encryption key based on the initial working key, and encrypts monitored video source data by using the first video encryption key to obtain video encryption data;
the video server communicates with the key server to acquire the initial working key;
the video server determines a second video encryption key based on the initial working key, and decrypts the video encryption data based on the second video encryption key to obtain the video source data; wherein the first video encryption key and the second encryption key are obtained based on the same encryption algorithm.
Preferably, the device keys correspond to video monitoring security terminals one to one, the device keys are stored in a security storage device, and the security storage device is connected to the video monitoring security terminals, so that the video monitoring security terminals read the device keys from the security storage device.
Preferably, wherein the method further comprises:
the video server judges whether the equipment key needs to be replaced or not according to a first preset time period, determines to change an equipment key zone bit when the equipment key needs to be replaced, and returns a response message comprising the changed equipment key zone bit to the video monitoring safety terminal;
when the equipment key is determined to be changed based on the equipment key changing zone bit, the frequency monitoring safety terminal sends an equipment updating request to the key server;
and the key server encrypts a new device key by using the existing device key and transmits the encrypted new device key to the video monitoring security terminal, so that the video monitoring security terminal decrypts by using the existing device key to obtain the new device key.
Preferably, wherein the method further comprises:
the video server determines to change a video encryption key zone bit according to the importance degree of the acquired video source data, and returns a response message comprising the changed video encryption key zone bit to the video monitoring security terminal;
when the video monitoring security terminal determines that the video encryption key needs to be replaced based on the video encryption key replacement flag bit, the video monitoring security terminal generates a new first video encryption key based on the current first video encryption key;
the video server generates a new second video encryption key based on the current second video encryption key.
Preferably, wherein the method further comprises:
the video server judges whether the initial working key needs to be replaced or not according to a second preset time period, determines to change the initial working key zone bit when the need of replacing the initial working key is confirmed, and returns a response message comprising the changed initial working key zone bit to the video monitoring safety terminal;
when the initial working key is determined to be replaced based on the changed initial working key zone bit, the frequency monitoring security terminal sends an initial working key updating request to the key server;
and the key server encrypts a new initial working key by using the equipment key corresponding to the video monitoring safety terminal and transmits the encrypted new initial working key to the video monitoring safety terminal, so that the video monitoring safety terminal decrypts by using the equipment key to obtain the new initial working key.
According to another aspect of the present invention, there is provided a video transmission system, the system including: the system comprises a video monitoring security terminal, a key server and a video server; wherein, the first and the second end of the pipe are connected with each other,
the video monitoring security terminal is respectively connected with the key server and the video server and is used for communicating with the key server through the equipment key to acquire an initial working key; the video encryption device is used for determining a first video encryption key based on the initial working key and encrypting monitored video source data by using the first video encryption key to obtain video encryption data;
the video server is connected with the key server and is used for communicating with the key server to obtain the initial working key; the video source encryption device is used for determining a second video encryption key based on the initial working key and decrypting the video encryption data based on the second video encryption key to obtain the video source data; wherein the first video encryption key and the second encryption key are obtained based on the same encryption algorithm.
Preferably, the device keys correspond to video monitoring security terminals one to one, the device keys are stored in a security storage device, and the security storage device is connected to the video monitoring security terminals, so that the video monitoring security terminals read the device keys from the security storage device.
Preferably, wherein the system further comprises:
the video server is used for judging whether the equipment key needs to be replaced or not according to a first preset time period, determining a zone bit of the changed equipment key when the equipment key needs to be replaced, and returning a response message comprising the zone bit of the changed equipment key to the video monitoring safety terminal;
the video monitoring security terminal is used for sending an equipment updating request to the key server when the equipment key is determined to be changed based on the equipment key changing zone bit;
the key server is used for encrypting a new device key by using the existing device key and transmitting the encrypted new device key to the video monitoring security terminal, so that the video monitoring security terminal decrypts by using the existing device key to obtain the new device key.
Preferably, wherein the system further comprises:
the video server is used for determining a flag bit of a changed video encryption key according to the importance degree of the acquired video source data and returning a response message comprising the flag bit of the changed video encryption key to the video monitoring security terminal;
the video monitoring security terminal is used for generating a new first video encryption key based on the current first video encryption key when the video monitoring security terminal determines that the video encryption key needs to be replaced based on the video encryption key replacement flag bit;
and the video server is used for generating a new second video encryption key based on the current second video encryption key.
Preferably, wherein the system further comprises:
the video server is used for judging whether the initial working key needs to be replaced according to a second preset time period, determining to change the initial working key zone bit when the need of replacing the initial working key is confirmed, and returning a response message comprising the changed initial working key zone bit to the video monitoring safety terminal;
the frequency monitoring security terminal is used for sending an initial working key updating request to the key server when determining to replace an initial working key based on the changed initial working key zone bit;
and the key server is used for encrypting a new initial working key by using an equipment key corresponding to the video monitoring safety terminal and transmitting the encrypted new initial working key to the video monitoring safety terminal, so that the video monitoring safety terminal decrypts by using the equipment key to obtain a new initial working key.
The invention provides a video transmission method and a system, comprising the following steps: the video monitoring security terminal communicates with the key server through the equipment key to acquire an initial working key; the video monitoring security terminal determines a first video encryption key based on the initial working key, and encrypts monitored video source data by using the first video encryption key to obtain video encryption data; the video server communicates with the key server to acquire the initial working key; and the video server determines a second video encryption key based on the initial working key and decrypts the video encryption data based on the second video encryption key to acquire the video source data. The method of the invention can ensure the safe transmission of the video data, simplify the key updating negotiation process, adopt the different safety mechanisms of the device key and the working key to ensure the safety of the device key, reduce the complexity of the whole system, the device investment and the resource requirement and ensure the video transmission efficiency; the method can be applied to application scenes needing to safely transmit video monitoring and video stream data.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
fig. 1 is a flow chart of a video transmission method 100 according to an embodiment of the invention;
fig. 2 is a schematic structural diagram of a video transmission system 200 according to an embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a flow chart of a video transmission method 100 according to an embodiment of the invention. As shown in fig. 1, the video transmission method provided in the embodiment of the present invention can ensure the secure transmission of video data, simplify the key update negotiation process, ensure the security of the device key by using the different security mechanisms of the device key and the working key, reduce the complexity of the whole system, reduce the device investment and resource requirements, and ensure the video transmission efficiency; the method can be applied to application scenes needing to safely transmit video monitoring and video stream data. The video transmission method 100 provided by the embodiment of the present invention starts with step 101, and in step 101, the video monitoring security terminal communicates with the key server through the device key to obtain the initial working key.
Preferably, the device keys correspond to video monitoring security terminals one to one, the device keys are stored in a security storage device, and the security storage device is connected to the video monitoring security terminals, so that the video monitoring security terminals read the device keys from the security storage device.
In the invention, video transmission is realized based on a plurality of video monitoring safety terminals, a video server and a key server. The video monitoring safety terminal is responsible for encrypting and transmitting the monitoring video to the video server, and the video server is responsible for decrypting the encrypted video transmitted by the video monitoring safety terminal and preparing for subsequent storage processing. The key server is then the device key and the initial working key needed to generate the entire system.
In the invention, the initial device key in the video monitoring security terminal is generated by the key server, and a specific device key related to the video monitoring security terminal. And writing the specific device key into a safety storage device such as hardware usbkey, reading the device key from the safety storage device such as hardware usbkey by the video monitoring safety terminal, and writing the device key into a safety storage area of the video monitoring safety terminal. And after the video monitoring security terminal is started each time, reading the device key from the security storage area for use.
In step 102, the video monitoring security terminal determines a first video encryption key based on the initial working key, and encrypts monitored video source data by using the first video encryption key to obtain video encryption data.
In the invention, the video monitoring security terminal communicates with the key server through the device key to obtain the initial working key. The video monitoring security terminal is provided with an equipment key and an initial working key. The device key is used for the communication between the video monitoring security terminal and the key server to obtain an initial working key, and is used for encrypting the initial working key in the communication process. The initial working key is to generate a true working key (i.e., a video encryption key) which is used as a parameter to generate a video encryption key using an algorithm. The video encryption key is used for encrypting the video data, the video monitoring terminal equipment safely transmits the video data to the video server, the video server obtains the related initial working key from the key server, and the video encryption key for real encryption can be obtained according to the same algorithm to decrypt the video data.
In step 103, the video server communicates with the key server to obtain the initial working key.
In step 104, the video server determines a second video encryption key based on the initial working key, and decrypts the video encrypted data based on the second video encryption key to obtain the video source data; wherein the first video encryption key and the second encryption key are obtained based on the same encryption algorithm.
In the invention, the video server acquires the related initial working key from the key server, and can acquire the real video encryption key for encryption according to the same algorithm to decrypt the video data.
Preferably, wherein the method further comprises:
the video server judges whether the equipment key needs to be replaced or not according to a first preset time period, determines to change an equipment key zone bit when the equipment key needs to be replaced, and returns a response message comprising the changed equipment key zone bit to the video monitoring safety terminal;
when the equipment key is determined to be changed based on the equipment key changing zone bit, the frequency monitoring safety terminal sends an equipment updating request to the key server;
and the key server encrypts a new device key by using the existing device key and transmits the encrypted new device key to the video monitoring security terminal, so that the video monitoring security terminal decrypts by using the existing device key to obtain the new device key.
In the invention, the equipment key needs to be replaced after a certain period from the safety perspective, the process is also that the video monitoring safety terminal transmits the encrypted video data to the video server, and the video server judges that the equipment key needs to be replaced according to the time period, so that the equipment key updating flag bit in the returned protocol is required to be set. The video monitoring security terminal carries out equipment key updating request command communication with the key server, the key server encrypts a new equipment key by using the existing equipment key, the encrypted new equipment key is transmitted to the video monitoring security terminal, the video monitoring security terminal decrypts the new equipment key by using the old equipment key after analyzing a protocol, and the new equipment key is stored, so that the equipment key updating is realized in a communication mode.
Preferably, wherein the method further comprises:
the video server determines to change a video encryption key zone bit according to the importance degree of the acquired video source data, and returns a response message comprising the changed video encryption key zone bit to the video monitoring security terminal;
when the video monitoring security terminal determines that the video encryption key needs to be replaced based on the video encryption key replacement flag bit, the video monitoring security terminal generates a new first video encryption key based on the current first video encryption key;
the video server generates a new second video encryption key based on the current second video encryption key.
In the invention, the video server can require the client to change the video encryption key for encrypting the video data next time by setting the related zone bit in the response protocol returned to the video monitoring safety terminal according to the importance degree of the video data, the video monitoring safety terminal analyzes the changed working key zone bit in the related protocol after receiving the video data response protocol, and if the working key needs to be updated, the video server generates a new video encryption key by using the existing video encryption key and combining a corresponding algorithm. Thus, the life cycle of the video encryption key can be prolonged, and the security can be ensured.
Preferably, wherein the method further comprises:
the video server judges whether the initial working key needs to be replaced or not according to a second preset time period, determines to change the initial working key zone bit when the need of replacing the initial working key is confirmed, and returns a response message comprising the changed initial working key zone bit to the video monitoring safety terminal;
when the initial working key is determined to be replaced based on the changed initial working key zone bit, the frequency monitoring security terminal sends an initial working key updating request to the key server;
and the key server encrypts a new initial working key by using the equipment key corresponding to the video monitoring safety terminal and transmits the encrypted new initial working key to the video monitoring safety terminal, so that the video monitoring safety terminal decrypts by using the equipment key to obtain the new initial working key.
In the present invention, the initial working key also needs to be updated periodically, which requires the device key to participate in the completion. In the communication process that the video monitoring security terminal transmits the encrypted video data to the video server, the video server judges that a new round of initial working key replacement is needed according to the time period, and then a flag bit of the updated initial working key in the returned protocol is set. The video monitoring security terminal carries out initial working key updating request command communication with the key server, the key server encrypts a new initial working key by using the equipment key of the terminal, and transmits the encrypted new initial working key to the video monitoring security terminal. After the video monitoring security terminal analyzes the protocol, the initial working key is decrypted by the equipment key, and a new initial working key is stored, so that the updating of the initial working key is realized in a communication mode.
The main process of the invention comprises:
1. device key generation flow:
a. a specific device key generated by the key server and related to the video monitoring security terminal;
b. writing the specific device key into a hardware usbkey and other secure storage devices;
c. the video monitoring security terminal reads the device key from the security storage device such as hardware usbkey and the like and writes the device key into the security storage area of the video monitoring security terminal.
2. The device key updating process comprises the following steps:
a. in the communication process that the video monitoring security terminal transmits the encrypted video data to the video server, the video server judges that the equipment key needs to be replaced according to the time period, and then an updated equipment key zone bit in a returned protocol is required to be set;
b. the video monitoring security terminal carries out equipment key updating request command communication with the key server, the key server encrypts a new equipment key by using the existing equipment key and transmits the encrypted new equipment key to the video monitoring security terminal;
c. after the video monitoring security terminal analyzes the protocol, the old equipment key is used for decrypting the new equipment key, and the new equipment key is stored, so that the equipment key is updated in a communication mode.
3. Updating the initial work key flow by using the device key:
a. in the communication process that the video monitoring security terminal transmits the encrypted video data to the video server, the video server judges that a new round of initial working key replacement is needed according to the time period, and then a flag bit of the updated initial working key in the returned protocol is set.
b. The video monitoring security terminal carries out initial working key updating request command communication with the key server, the key server encrypts a new initial working key by using the equipment key of the terminal, and transmits the encrypted new initial working key to the video monitoring security terminal.
c. After the video monitoring security terminal analyzes the protocol, the initial working key is decrypted by the equipment key, and a new initial working key is stored, so that the updating of the initial working key is realized in a communication mode.
4. The process of converting the initial working key into the video encryption key:
the initial working key is used for generating a real video encryption key, and the initial working key is used as a parameter video monitoring security terminal and a video server to respectively generate a video encryption key by using the same algorithm.
5. And (3) periodically generating a new video encryption key:
a. the video server can require the video encryption key of the video data to be encrypted next time to be changed by setting the relevant flag bit in the response protocol returned to the video monitoring security terminal according to the importance degree of the video data.
b. After the video monitoring security terminal receives the video data response protocol, the flag bit of the changed video encryption key in the relevant protocol is analyzed, and if the video encryption key needs to be updated, the existing video encryption key is utilized and a corresponding algorithm is combined to generate a new video encryption key.
c. The video server also utilizes the existing video encryption key in combination with the same algorithm to generate a new video encryption key.
6. The video data encryption and decryption process by using the video encryption key comprises the following steps:
A. after the video monitoring terminal equipment encrypts the video data by using the video encryption key, the encrypted video data is safely transmitted to the video server.
B. The video server obtains the relevant initial working key from the key server, and can obtain the real working key for encryption according to the same algorithm to decrypt the video data.
The present invention first uses the device key to get the initial working key with the key server, and then uses the mechanism of algorithm to generate the video encryption key from the initial working key. In addition, in order to ensure the safety of the working key, the video server and the video monitoring safety terminal can update the working key periodically by using the existing working key and combining a certain algorithm, and the key server does not need to participate in the generation of the working key, so that the time is saved, the flow is simplified, and the safety requirement can be better met.
The invention realizes the updating mechanism of the device key through a protocol, the device key of the initial video monitoring safety terminal is introduced into the video monitoring safety terminal in a hardware mode, and then if the device key needs to be updated, the device key updating mechanism can be invoked directly through the communication process of the video server and the video monitoring safety terminal. Therefore, the simplified process of the equipment key is ensured, the updating is more real-time, safe and reliable, the video server can control the updating period, and the safety and reliability of the whole system are ensured.
The method of the invention has the following effects:
1. the video data is encrypted and transmitted in real time by using the working key, so that the safe transmission of the video data is ensured.
2. The key updating negotiation process is simplified, and the security of the key is ensured. The initial working key and the video encryption key are completely and automatically generated at the video monitoring security terminal and the video server, so that the service cycle of the working key can be prolonged, and the security of the key is ensured. The complexity of mechanisms such as asymmetric password negotiation and the like can be avoided. And the symmetric algorithm has low requirements on the performance of the cryptographic algorithm of the video monitoring terminal.
3. And the safety of the equipment key is ensured by adopting different safety mechanisms of the equipment key and the working key. The method comprises the steps that an equipment key is initially introduced in a hardware mode, an equipment key updating mechanism is started in a communication protocol mode in the later period, and finally a mode that a key server communicates with a video monitoring safety terminal is achieved.
4. Because the encryption processes are all symmetric algorithms, complex authentication mechanisms such as CA are not utilized, the investment of a CA server and the like is reduced, and the equipment investment and the resource requirement of the whole system are reduced.
Fig. 2 is a schematic structural diagram of a video transmission system 200 according to an embodiment of the present invention. As shown in fig. 2, a video transmission system 200 according to an embodiment of the present invention includes: a video monitoring security terminal 201, a key server 202 and a video server 203.
Preferably, the video monitoring security terminal 201 is connected to the key server 202 and the video server 203, respectively, and is configured to communicate with the key server through an equipment key to obtain an initial working key; and the video encryption device is used for determining a first video encryption key based on the initial working key and encrypting monitored video source data by using the first video encryption key to obtain video encryption data.
Preferably, the device keys correspond to video monitoring security terminals one to one, the device keys are stored in a security storage device, and the security storage device is connected to the video monitoring security terminals, so that the video monitoring security terminals read the device keys from the security storage device.
Preferably, the video server 203 is connected to the key server, and is configured to communicate with the key server to obtain the initial working key; the video source encryption device is used for determining a second video encryption key based on the initial working key and decrypting the video encryption data based on the second video encryption key to obtain the video source data; wherein the first video encryption key and the second encryption key are obtained based on the same encryption algorithm.
Preferably, wherein the system further comprises:
the video server is used for judging whether the equipment key needs to be replaced or not according to a first preset time period, determining a zone bit of the changed equipment key when the equipment key needs to be replaced, and returning a response message comprising the zone bit of the changed equipment key to the video monitoring safety terminal;
the video monitoring security terminal is used for sending an equipment updating request to the key server when the equipment key is determined to be changed based on the equipment key changing zone bit;
and the key server is used for encrypting a new device key by using the existing device key and transmitting the encrypted new device key to the video monitoring security terminal, so that the video monitoring security terminal decrypts by using the existing device key to obtain the new device key.
Preferably, wherein the system further comprises:
the video server is used for determining a flag bit of a changed video encryption key according to the importance degree of the acquired video source data and returning a response message comprising the flag bit of the changed video encryption key to the video monitoring security terminal;
the video monitoring security terminal is used for generating a new first video encryption key based on the current first video encryption key when the video monitoring security terminal determines that the video encryption key needs to be replaced based on the video encryption key replacement flag bit;
and the video server is used for generating a new second video encryption key based on the current second video encryption key.
Preferably, wherein the system further comprises:
the video server is used for judging whether the initial working key needs to be replaced according to a second preset time period, determining to change the initial working key zone bit when the need of replacing the initial working key is confirmed, and returning a response message comprising the changed initial working key zone bit to the video monitoring safety terminal;
the frequency monitoring security terminal is used for sending an initial working key updating request to the key server when determining to replace the initial working key based on the changed initial working key zone bit;
and the key server is used for encrypting a new initial working key by using an equipment key corresponding to the video monitoring safety terminal and transmitting the encrypted new initial working key to the video monitoring safety terminal, so that the video monitoring safety terminal decrypts by using the equipment key to obtain a new initial working key.
The video transmission system 200 according to the embodiment of the present invention corresponds to the video transmission method 100 according to another embodiment of the present invention, and is not described herein again.
The invention has been described with reference to a few embodiments. However, other embodiments of the invention than the one disclosed above are equally possible within the scope of the invention, as would be apparent to a person skilled in the art from the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the [ device, component, etc ]" are to be interpreted openly as referring to at least one instance of said device, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (10)
1. A method of video transmission, the method comprising:
the video monitoring security terminal communicates with the key server through the equipment key to acquire an initial working key;
the video monitoring security terminal determines a first video encryption key based on the initial working key, and encrypts monitored video source data by using the first video encryption key to obtain video encryption data;
the video server communicates with the key server to acquire the initial working key;
the video server determines a second video encryption key based on the initial working key, and decrypts the video encryption data based on the second video encryption key to obtain the video source data; wherein the first video encryption key and the second video encryption key are obtained based on the same encryption algorithm.
2. The method according to claim 1, wherein the device key corresponds to a video surveillance security terminal one to one, the device key is stored in a security storage device, and the security storage device is connected to the video surveillance security terminal, so that the video surveillance security terminal reads the device key from the security storage device.
3. The method of claim 1, further comprising:
the video server judges whether the equipment key needs to be replaced or not according to a first preset time period, determines to change an equipment key zone bit when the equipment key needs to be replaced, and returns a response message comprising the changed equipment key zone bit to the video monitoring safety terminal;
when the equipment key is determined to be changed based on the equipment key changing zone bit, the frequency monitoring safety terminal sends an equipment updating request to the key server;
and the key server encrypts a new device key by using the existing device key and transmits the encrypted new device key to the video monitoring security terminal, so that the video monitoring security terminal decrypts by using the existing device key to obtain the new device key.
4. The method of claim 1, further comprising:
the video server determines to change a video encryption key zone bit according to the importance degree of the acquired video source data, and returns a response message comprising the changed video encryption key zone bit to the video monitoring security terminal;
when the video monitoring security terminal determines that the video encryption key needs to be replaced based on the video encryption key replacement flag bit, the video monitoring security terminal generates a new first video encryption key based on the current first video encryption key;
the video server generates a new second video encryption key based on the current second video encryption key.
5. The method of claim 1, further comprising:
the video server judges whether the initial working key needs to be replaced or not according to a second preset time period, determines to change the initial working key zone bit when the need of replacing the initial working key is confirmed, and returns a response message comprising the changed initial working key zone bit to the video monitoring safety terminal;
when the initial working key is determined to be replaced based on the changed initial working key zone bit, the frequency monitoring security terminal sends an initial working key updating request to the key server;
and the key server encrypts a new initial working key by using the equipment key corresponding to the video monitoring safety terminal and transmits the encrypted new initial working key to the video monitoring safety terminal, so that the video monitoring safety terminal decrypts by using the equipment key to obtain the new initial working key.
6. A video transmission system, the system comprising: the system comprises a video monitoring security terminal, a key server and a video server; wherein the content of the first and second substances,
the video monitoring security terminal is respectively connected with the key server and the video server and is used for communicating with the key server through the equipment key to acquire an initial working key; the video encryption device is used for determining a first video encryption key based on the initial working key and encrypting monitored video source data by using the first video encryption key to obtain video encryption data;
the video server is connected with the key server and is used for communicating with the key server to obtain the initial working key; the video source encryption device is used for determining a second video encryption key based on the initial working key and decrypting the video encryption data based on the second video encryption key to obtain the video source data; wherein the first video encryption key and the second encryption key are obtained based on the same encryption algorithm.
7. The system according to claim 6, wherein the device key corresponds to a video surveillance security terminal, the device key is stored in a security storage device, and the security storage device is connected to the video surveillance security terminal, so that the video surveillance security terminal reads the device key from the security storage device.
8. The system of claim 6, further comprising:
the video server is used for judging whether the equipment key needs to be replaced or not according to a first preset time period, determining a zone bit of the changed equipment key when the equipment key needs to be replaced, and returning a response message comprising the zone bit of the changed equipment key to the video monitoring safety terminal;
the video monitoring security terminal is used for sending an equipment updating request to the key server when the equipment key is determined to be changed based on the equipment key changing zone bit;
and the key server is used for encrypting a new device key by using the existing device key and transmitting the encrypted new device key to the video monitoring security terminal, so that the video monitoring security terminal decrypts by using the existing device key to obtain the new device key.
9. The system of claim 6, further comprising:
the video server is used for determining a flag bit of a changed video encryption key according to the importance degree of the acquired video source data and returning a response message comprising the flag bit of the changed video encryption key to the video monitoring security terminal;
the video monitoring security terminal is used for generating a new first video encryption key based on the current first video encryption key when the video monitoring security terminal determines that the video encryption key needs to be replaced based on the video encryption key replacement flag bit;
and the video server is used for generating a new second video encryption key based on the current second video encryption key.
10. The system of claim 6, further comprising:
the video server is used for judging whether the initial working key needs to be replaced according to a second preset time period, determining to change the initial working key zone bit when the need of replacing the initial working key is confirmed, and returning a response message comprising the changed initial working key zone bit to the video monitoring safety terminal;
the frequency monitoring security terminal is used for sending an initial working key updating request to the key server when determining to replace an initial working key based on the changed initial working key zone bit;
and the key server is used for encrypting a new initial working key by using an equipment key corresponding to the video monitoring safety terminal and transmitting the encrypted new initial working key to the video monitoring safety terminal, so that the video monitoring safety terminal decrypts by using the equipment key to obtain a new initial working key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111580843.XA CN114449216A (en) | 2021-12-22 | 2021-12-22 | Video transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111580843.XA CN114449216A (en) | 2021-12-22 | 2021-12-22 | Video transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114449216A true CN114449216A (en) | 2022-05-06 |
Family
ID=81363515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111580843.XA Pending CN114449216A (en) | 2021-12-22 | 2021-12-22 | Video transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114449216A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040011695A (en) * | 2002-07-29 | 2004-02-11 | 테라피정보통신 주식회사 | Security handfree kit and security communication system and method using public key infrastructure |
| WO2009028137A1 (en) * | 2007-08-28 | 2009-03-05 | Panasonic Corporation | Key terminal apparatus, lsi for encryption process, unique key producing method, and content system |
| CN101448130A (en) * | 2008-12-19 | 2009-06-03 | 北京中星微电子有限公司 | Method, system and device for protecting data encryption in monitoring system |
| CN107360393A (en) * | 2016-05-09 | 2017-11-17 | Sat株式会社 | Utilize the safe intensifiers of the CCTV of hardware security module and its method |
| CN113259933A (en) * | 2021-06-15 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Key updating method, gateway, control device, electronic equipment and medium |
-
2021
- 2021-12-22 CN CN202111580843.XA patent/CN114449216A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040011695A (en) * | 2002-07-29 | 2004-02-11 | 테라피정보통신 주식회사 | Security handfree kit and security communication system and method using public key infrastructure |
| WO2009028137A1 (en) * | 2007-08-28 | 2009-03-05 | Panasonic Corporation | Key terminal apparatus, lsi for encryption process, unique key producing method, and content system |
| CN101448130A (en) * | 2008-12-19 | 2009-06-03 | 北京中星微电子有限公司 | Method, system and device for protecting data encryption in monitoring system |
| CN107360393A (en) * | 2016-05-09 | 2017-11-17 | Sat株式会社 | Utilize the safe intensifiers of the CCTV of hardware security module and its method |
| CN113259933A (en) * | 2021-06-15 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Key updating method, gateway, control device, electronic equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109218825B (en) | Video encryption system | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| US11075759B2 (en) | Fingerprint data processing method and processing apparatus | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN109151508B (en) | Video encryption method | |
| CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| KR20070029864A (en) | Method and apparatus for securely transmitting and receiving data in peer to peer | |
| JP2009510978A (en) | Constrained encryption key | |
| WO2013117087A1 (en) | Method and system for downloading file | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| KR20150079489A (en) | Instant messaging method and system | |
| CN115065472B (en) | Security chip encryption and decryption method and device based on multi-key encryption and decryption | |
| CN106131008B (en) | Video and audio monitoring equipment, security authentication method thereof and video and audio display equipment | |
| US20020021804A1 (en) | System and method for data encryption | |
| JP2001177513A (en) | Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon | |
| CN111372056A (en) | Video data encryption and decryption processing method and device | |
| CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
| KR100789354B1 (en) | Method and apparatus for mataining data security on network camera, home gateway and home automation | |
| CN116743372A (en) | Quantum security protocol implementation method and system based on SSL protocol | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| JP2022511664A (en) | Video data transmission systems, methods and equipment | |
| CN106341424B (en) | Video encryption system based on identity authentication and implementation method | |
| CN112929166B (en) | Master station, slave station and data transmission system based on Modbus-TCP protocol | |
| CN114449216A (en) | Video transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |