CN116545758A - Conference audio and video summary processing encryption storage system - Google Patents
Conference audio and video summary processing encryption storage system Download PDFInfo
- Publication number
- CN116545758A CN116545758A CN202310718283.2A CN202310718283A CN116545758A CN 116545758 A CN116545758 A CN 116545758A CN 202310718283 A CN202310718283 A CN 202310718283A CN 116545758 A CN116545758 A CN 116545758A
- Authority
- CN
- China
- Prior art keywords
- audio
- video
- module
- data
- background management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims abstract description 58
- 238000012544 monitoring process Methods 0.000 claims abstract description 46
- 230000006835 compression Effects 0.000 claims abstract description 13
- 238000007906 compression Methods 0.000 claims abstract description 13
- 238000007726 management method Methods 0.000 claims description 66
- 238000012805 post-processing Methods 0.000 claims description 17
- 238000002955 isolation Methods 0.000 claims description 10
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 230000006854 communication Effects 0.000 claims description 6
- 238000013500 data storage Methods 0.000 claims description 6
- 230000002155 anti-virotic effect Effects 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 4
- 230000001360 synchronised effect Effects 0.000 claims description 4
- 230000006978 adaptation Effects 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims 1
- 238000000034 method Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000005286 illumination Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H04L65/403—Arrangements for multi-party communication, e.g. for conferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/65—Network streaming protocols, e.g. real-time transport protocol [RTP] or real-time control protocol [RTCP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
- H04L65/70—Media network packetisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a conference audio and video summary processing encryption storage system, which comprises: the system comprises a field audio and video acquisition system, a transmission system and a background management system, wherein the field audio and video acquisition system is used for realizing acquisition, compression coding, encryption, storage of the field audio and video acquisition system and mobile network transmission, the transmission system is used for transmitting audio and video data, and the background management system is used for completing receiving, real-time monitoring, decryption, storage, retrieval, playback and equipment management of the audio and video data. The invention can better ensure the safety of meeting audios and videos.
Description
Technical Field
The invention relates to the field of audio and video storage, in particular to an encryption storage system for processing audio and video summary of a conference.
Background
With the development of computer technology, the storage of data brings great convenience for later data searching and evidence providing. However, in the prior art, the security of data backup is a primary problem, whether it is self-storage or cloud storage, the encryption is easy to crack, and the storage of conference audio and video is generally directly stored in hardware equipment and has no encryption measures.
Disclosure of Invention
The invention provides an encryption storage system for processing conference audio and video summary in order to solve the problems.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows:
a conference audio video summary processing encryption storage system, comprising: the system comprises a field audio and video acquisition system, a transmission system and a background management system, wherein the field audio and video acquisition system is used for realizing acquisition, compression coding, encryption, storage of the field audio and video acquisition system and mobile network transmission, the transmission system is used for transmitting audio and video data, and the background management system is used for completing receiving, real-time monitoring, decryption, storage, retrieval, playback and equipment management of the audio and video data.
Optionally, the on-site audio and video acquisition system comprises an audio and video acquisition module, an audio and video coding module, an audio and video encryption module and a mobile network module; the background management system comprises an audio and video decryption module, an audio and video storage module and a background management module.
Optionally, the audio/video acquisition module includes an a/D conversion module, a logic generation module and an audio/video data processor, where the a/D conversion module is configured to sample analog audio/video signals and convert the sampled analog audio/video signals into digital audio/video signals, the logic generation module outputs synchronous logic control signals, so as to ensure real-time performance of audio/video acquisition and data processing, and the audio/video data processor performs analysis and normalization processing on the audio/video data converted by the a/D conversion module.
Optionally, the audio/video coding module uses an h.264 audio/video compression coding algorithm and a DSP processor and adopts dual-code stream output, one path is transmitted to the mobile network module through the internal network, and the other path is transmitted to the storage device of the on-site audio/video acquisition system to realize the functions of local storage and network transmission separate processing.
Optionally, the audio-video encryption module and the audio-video decryption module encrypt and decrypt the audio-video by using an asymmetric encryption algorithm SM2, and the on-site audio-video acquisition system writes in a public key generated by the background management system in advance before transmitting data to the background management system, wherein the public key is randomly generated by the background management system; and taking out the public key from the background management system, copying the public key into a field audio and video acquisition system setting computer, and uploading the public key into the field audio and video acquisition system equipment for storage when the field audio and video acquisition system equipment is connected to the computer for setting.
Optionally, the mobile network module uses a mobile network audio/video server to complete corresponding mobile network adaptation and transmission, and when dialing of the mobile network module is successful, the mobile network module communicates with the background management system adopting a fixed IP address, and the mobile network module comprises: the on-site audio and video acquisition system establishes a communication link with a background management system with a fixed IP address through the mobile network module, the background management system sends a control command to the mobile network module, the audio and video transmission is started, and the mobile network module sends audio and video data to a network transmission module of the background management system.
Alternatively, the transmission system uses the internet, which uses RTP and RTCP protocols, carried over UDP protocols, and then transmitted over IP, or the real-time streaming protocol RTSP and the resource reservation protocol RSVP, and then transmitted over IP.
Optionally, the background management module is used for adding, deleting and setting authority to the user.
Optionally, the background management system further comprises a data and system security module, wherein the data and system security module comprises a network unidirectional isolation module, a firewall, an intrusion detection module, a vulnerability scanning module and an antivirus system.
Optionally, the background management system is isolated by a network unidirectional isolation module into an external network area, a monitoring area and a background management system, and the device of the external network area comprises: the access gateway, the download server and the external network configuration terminal are used for completing the data receiving; the device for monitoring an area comprises: the original data storage server, the configuration server and the monitoring terminal are used for completing real-time audio and video monitoring and audio and video data downloading; the device of the background management system comprises: the post-processing data storage server, the database server and the post-processing terminal are used for finishing decryption, storage, file editing processing and equipment management of the audio and video data.
Compared with the prior art, the invention has the following technical progress:
in the invention, in data encryption and decryption, in order to ensure stronger confidentiality of data, an asymmetric encryption algorithm SM2 encryption and decryption with better encryption performance is adopted in the system. In order to solve the problem of real-time video data loss caused by mobile network congestion, the system designs that video data is encrypted and then adopts double code stream output, one path is transmitted to a mobile network module through an internal network, and the other path is transmitted to a storage device of a field audio and video acquisition system so as to realize the functions of local storage and network transmission separate processing. In the network security design of the system, a background management system is mainly used for accessing an external network through network unidirectional isolation equipment, and two-stage network unidirectional isolation equipment is used, so that the audio and video security of a conference can be better ensured.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention.
In the drawings:
fig. 1 is a schematic structural view of the present invention.
Fig. 2 is a schematic diagram of video acquisition according to the present invention.
Fig. 3 is a connection mode diagram of the background management system according to the present invention.
Detailed Description
The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Example 1
The invention discloses a conference audio and video summary processing encryption storage system, which comprises: the system comprises an on-site audio and video acquisition system, a transmission system and a background management system.
The on-site audio and video acquisition system is mainly responsible for the functions of audio and video acquisition, compression coding, encryption, on-site audio and video acquisition system storage, mobile network transmission and the like.
The transmission system is responsible for the transmission of audio and video data. The audio-visual data is transmitted to the background monitoring subsystem through the broadband IP network.
The background management system mainly completes the functions of receiving, real-time monitoring, decrypting, storing, retrieving, playing back, managing equipment and the like of the audio and video data.
The working flow of the invention is as follows:
the on-site audio and video acquisition system writes in a key in advance before transmitting data to the background management system, so that the data is transmitted after being encrypted.
The on-site audio and video acquisition system samples the audio and video signals acquired by the monitoring camera, uses h.264 double-code stream compression coding and uses advanced algorithm encryption. One path is transmitted in real time through a mobile network, and the other path is stored in a field audio and video acquisition system.
The background management system monitoring platform is accessed to the external network through the optical fiber, and receives the encrypted data sent by the on-site audio and video acquisition system from the network port through the server and the program.
And adopting stream ferrying equipment to ferry the data from the external network to a monitoring platform to complete real-time monitoring. And simultaneously, automatically downloading high-quality audio and video files stored in the on-site audio and video acquisition system. The audio and video files can be requested to be downloaded to the monitoring area.
After the encrypted audio and video files of the monitoring area are unidirectionally ferred to the post-processing platform through the file unidirectionally ferrying equipment, the post-processing platform automatically decrypts, converts formats and stores the encrypted audio and video files in a classified mode in real time. The user retrieves, plays back and information statistics on the material as authorized. And the audio and video can be further edited by using non-line software.
The audio and video are acquired by a camera and a pickup located at the conference site. The quality of the audio and video acquired by the monitoring camera directly influences the work effect of the whole monitoring system. Therefore, the selection of the monitoring camera is the first link of the system design.
The camera may employ a fixed focus, zoom or wide angle lens, which may use a fixed aperture or an automatic aperture. And selecting corresponding lenses according to different monitoring objects and places.
If the conditions allow, the lens adopting automatic aperture and electric zooming is ideal, and the matching of the focusing of the lens and the camera can be conveniently realized. However, such a lens has a complicated structure, is generally bulky, and cannot be installed in a specific place. When selecting short-focus, medium-focus or long-focus lenses, the focal length is calculated according to the object distance and the imaging size, and the lens with the corresponding focal length is selected. And through on-site actual debugging, the lens is well matched with the camera, so that the phenomenon of unclear audio and video is avoided. A wide-angle lens can be adopted for special places, so that the control range of monitoring audio and video is enlarged.
For the monitoring system based on the mobile network, the transmitted audio and video resolution can only reach the standard definition resolution standard, and the definition of a common camera can basically exceed the standard. Therefore, the camera is selected to be a common illumination camera or a low-light camera besides a color or black-and-white camera according to different monitoring requirements.
Example two
As shown in fig. 2, the audio-video acquisition is to sample the analog audio-video signal from the camera. Converting into binary digital audio-video signals by a special A/D (analog/digital) conversion device, and storing the binary digital audio-video signals in a format of a digital audio-video file. The on-site audio and video acquisition system is the first functional module of the audio and video monitoring system, and the quality of acquisition directly influences the audio and video effect of the whole system.
The audio and video acquisition module mainly comprises an audio and video A/D, a synchronous logic control and an audio and video data processor. The a/D conversion is to sample an analog audio/video signal and then convert the sampled analog audio/video signal into a digital audio/video signal. The logic generation unit outputs synchronous logic control signals, so that the real-time performance of audio and video acquisition and data processing is ensured. The audio and video data processor analyzes and normalizes the audio and video data after the A/D conversion, and the required operand is very large. In order to ensure the real-time performance of audio and video processing, an audio and video processing special chip, a high-speed DSP and the like are used for completing the processing.
In a monitoring system, a plurality of cameras are often installed. Multiple analog audio/video input interfaces are needed to input audio/video signals at the audio/video acquisition end. The audio and video acquisition modules are used for processing simultaneously, so that multipath acquisition of audio and video signals is completed, and multipoint monitoring is realized.
The video compression coding module adopts the most advanced H.264 video compression coding algorithm and a high-performance DSP processor. The H.264 video compression coding algorithm can obtain high compression ratio, high quality video restoration quality and good network transmission performance. The high-performance DSP processor can flexibly configure the video encoder, and can dynamically set video resolution, frame rate, code rate and the like. And then adopting double code stream output, wherein one path is transmitted to the mobile network module through an internal network, and the other path is transmitted to the storage equipment of the field video acquisition system. The function of processing local storage and network transmission respectively is realized.
The common resolution standards of the video compression used by the monitoring system are CIF and D1. Cif=352×288 pixels, d1=4 cif=704×576 pixels. The CIF has the advantage of low data volume and can be transmitted in a common broadband network. Its video quality is good and accepted by most users. The disadvantage is that the video quality does not meet the high definition requirements. D1 is standard definition resolution. Its advantages are clear image, large data size and high bandwidth requirement of transmission network.
In the monitoring system, the video quality stored by the field video acquisition system is D1 (704 multiplied by 576), and h.264 compression is adopted. With a video capacity of about 426 Mb/hr, if the high-speed SD card with a storage capacity of 32G is used for scrolling storage, video data of about 3 days can be saved. Each video file size may be set to 100M for later storage and editing. Video for real-time transmission uses h.264 coding, CIF picture quality (352×288), and its video capacity is about 163 Mb/hr. And a communication process between the network transmission module and the background management system.
Example III
The mobile network transmission module mainly uses a mobile network audio and video server to complete corresponding mobile network adaptation and transmission functions. When the mobile network module dials successfully and communicates with a background management system adopting a fixed IP address, the process is as follows:
(1) The on-site audio and video acquisition system establishes a communication link with a monitoring subsystem with a fixed IP address of the background management system through the mobile network module.
(2) The background management system sends a control command to a mobile network module of the on-site audio and video acquisition system, and starts audio and video transmission.
(3) The mobile network module sends the audio and video data to a network receiving module of the background management system.
(4) In the communication process, the background management system feeds back the network condition to the on-site audio and video acquisition system so as to control the rate
The transmission system uses the Internet telecommunication network to rapidly develop in the aspect of Internet access, and dial up the Internet from the original modem, and further develop into ISDN, ADSL, VDSL, frame relay, DDN and the like. The approach to high-speed, broadband Internet access is now advancing. With different systems based on different transmission media, such as: the broadband of access networks has been an unprecedented development based on the advent and evolution of twisted pair (xDSL, homePNA), digital power line, wireless (WLL), coaxial cable (HFC, cableModem) and optical fiber (OAN). Of these, optical fibers are the most desirable transmission medium. The method is characterized by good transmission quality, small loss, large transmission capacity and high cost. The bandwidth, reliability and stability of the transmission are greatly increased due to the reduction of other intermediate links. In the monitoring system, the network access of the background management system selects FTTH with a fixed IP address of 10M bandwidth.
The UDP protocol with better real-time performance is generally used for transmitting real-time audio/video information which has a large data volume and has a relatively high real-time requirement. However, UDP provides unreliable data service, and thus cannot guarantee smooth transmission of real-time multimedia. The real-time transport and control protocol RTP/RTCP is required to monitor data transport and quality of service in real time at the upper layer of the UDP protocol. Thus, real-time audio video streaming network transport uses RTP and RTCP protocols, carried over UDP protocols, and then transported over IP. In order to further ensure the real-time property of audio and video transmission and improve the quality as much as possible, a real-time streaming protocol RTSP and a resource reservation protocol RSVP are also required to be used. Real-time transmission of network audio and video requires timely transmission and delivery. The timely transmission is not only short in delay time, but also the final signal and the initial signal are completely identical in sequence, and the time sequence is completely identical. The Internet is a packet data transmission network. For real-time audio-video data or stored audio-video files transmitted, the data is broken down into packets in the network transmission. The routes selected for each packet data may be different and the audio-video data arriving at the destination is therefore also unordered. The irregular delay of an IP network is called jitter. To be of practical significance for digital audio and video signals transmitted and reproduced over IP networks, support of real-time transmission and control protocols is required. To handle IP network data duplication and out-of-order delivery, each transmission must contain a sequence number. To handle jitter, each transmission must contain a time stamp telling the receiver when the data in the packet should be played back. The use of separate sequence numbers and time information enables the receiver to accurately reconstruct the signal.
The real-time transport protocol RTP is a protocol for multimedia data streaming over the internet. RTP mainly provides time information to realize synchronization of multimedia data stream transmission. RTP provides two key features: there is a sequence number in each packet that allows the receiver to detect out-of-order delivery or loss. There is also a time stamp allowing the recipient to control playback. RTP provides end-to-end real-time media transport functionality, and the protocol itself is relatively lightweight and fast. RTP itself does not provide mechanisms to ensure real-time transport and quality of service guarantees. This requires that the real-time transport control protocols RTCP and RTP be used together.
When data is transmitted using the RTP protocol, the RTCP protocol also starts to run. The server changes the transmission rate using information such as the number of currently transmitted packet data and the number of lost packet data contained in the periodically transmitted RTCP packet data. Therefore, the RTP and the RTCP are matched for use, so that the transmission efficiency of real-time data can be effectively improved.
RTP does not require the transport layer to provide reliable data transport services and therefore UDP transport is typically used. By cooperation with RTCP and UDP, the transmission efficiency is optimized.
RTSP defines how to efficiently transfer multimedia data through an IP network. The data includes data that needs to be transferred in real time and data stored in a hard disk. RTSP is an application layer protocol. The streaming media data is controllably transmitted to the client through the network by establishing a communication link with the streaming media server using RTSP. Provide VCR-like audio and audio video remote control functions such as: pause, fast forward, rewind, and direct select positions, etc. RTSP is architecturally located above RTP and RTCP. RTSP itself does not transmit data. When the client successfully connects to the server via RTSP, it starts to transmit data via TCP or RTP. RTSP and lower layer protocols (such as RTP and RSVP) coordinate to realize high-efficiency transmission of multimedia stream on IP network.
RSVP is an IP network signaling protocol. RSVP allows data receivers to request a particular end-to-end QoS for a data flow and in conjunction with routing protocols, implement control over network transport QoS. RSVP reserves necessary resources on the router. By reservation, network resources can be fully utilized in data transmission, and required network bandwidth is obtained.
In order to ensure the strong confidentiality of data, an encryption and decryption module of the system adopts an asymmetric encryption algorithm SM2 with good encryption performance to encrypt and decrypt. The encryption and decryption process of the audio and video data is as follows:
1. the on-site audio and video acquisition system pre-writes the public key generated by the post-processing platform before transmitting the data to the background management system. The public key is randomly generated by the post-processing platform and is derived by software. And taking out the public key from the post-processing platform, and copying the public key into a setting computer of the on-site audio and video acquisition system. When the on-site audio and video acquisition system is connected to the computer for setting, the public key is uploaded to the on-site audio and video acquisition system for storage.
2. The encoded audio-video data is encrypted using a public key before transmission. The on-site audio and video acquisition system stores high-quality audio and video data for downloading and audio and video data for real-time transmission, both of which are encrypted using the dynamic random public key. The field audio and video acquisition system encryption can be realized by using hardware or software. Because the real-time requirement of monitoring audio and video is higher, the system adopts an integrated special encryption chip, and ensures the real-time of audio and video transmission while guaranteeing the data security.
3. The background management system uses the private key to decrypt. The private key is also generated by the post-processing platform and written into the USB-key. The system post-processing platform must insert a USB-key when in operation. In order to ensure the real-time performance of monitoring audio and video, the background management system uses a decryption algorithm card. In order to ensure the security of the data, a new public and private key pair is generated in each different work task.
The audio and video data are transmitted through the mobile network and the IP network, and the data and the network system are very vulnerable if no security measures are taken. The safety construction of data and network system is a comprehensive system engineering. Multiple security mechanisms must be provided from multiple levels of network architecture, business applications, etc., to build a high-strength secure network. It comprises the following steps: data encryption transmission and storage, network structure, network unidirectional isolation, firewall, intrusion detection, vulnerability scanning, anti-virus system and the like.
The data encryption of the on-site audio and video acquisition system ensures the safety of the data. The audio and video data stored in the on-site audio and video acquisition system are stored on the SD card in an encrypted mode, and a special file system and a custom format are adopted. The files on the SD card can be seen only by using special software on windows, so that irrelevant people are prevented from seeing file information. The audio and video real-time data is encrypted by adopting a high-strength encryption algorithm.
The access gateway forms a first layer of security barrier for the network architecture. The network unidirectional isolation device can effectively prevent network attacks from the external network. The background management system is isolated into three areas of external network, monitoring and post-processing by two kinds of network unidirectional isolation equipment. The security of the monitoring area mainly depends on the flow ferrying device. The device enables data to flow in one direction absolutely, and only allows external network data to enter the monitoring area. The ferrying content is as follows: real-time audio and video stream, downloaded audio and video file, equipment status information and time synchronization information.
The security of the background management system depends on the file ferrying device. The file ferrying equipment ensures that data can not only enter and exit in the background management system, and ensures the absolute safety of the data in the background management system. The ferrying content is as follows: time synchronization information, on-line information of an on-site audio and video acquisition system and audio and video files.
The monitoring area does not store confidential information, and sensitive words and the like do not appear in the interface and the database. The audio and video data are not decrypted, and are automatically decrypted, format converted and classified stored in real time until the audio and video data are ferred to a post-processing platform. And the audio and video data is automatically deleted after being ferred to a background management system, and is not reserved in a monitoring area.
According to the requirements of system safety protection, a Boundary Protection System (BPS), an intrusion detection system, various anti-virus and anti-Trojan software and the like are mainly additionally arranged on an external network configuration terminal so as to reduce network intrusion. And virus-proof and Trojan-proof software is installed on the monitoring terminal and the post-processing terminal to prevent possible viruses and Trojan. The device management can reasonably distribute the front and back management system devices, and manage the addition, deletion, basic parameter setting and the like in the post-processing platform.
The system applies USB-key authentication technology. The corresponding permission levels are divided according to the different responsibilities of each user. Different rights have different access and management rights to the audio and video storage content. The specific method is that the corresponding information of the user and the equipment is encrypted and then written into the special USB-Key. And the user logs in the monitoring platform by using the USB-Key and performs identity authentication. After providing correct user name and password, the on-site audio and video acquisition system is controlled and the audio and video is monitored in the authority. The illegal and unauthorized access of the user to the system is effectively prevented. This also allows for work distribution between users. The background management system is isolated into three different security level areas of an external network area, a monitoring area and a background management system by two network unidirectional isolation devices.
As shown in fig. 3, the apparatus of the extranet area includes: an access gateway, a download server and an external network configuration terminal. And finishing the data receiving function.
The equipment for monitoring the area comprises: the system comprises an original data storage server, a configuration server and a monitoring terminal. And the real-time audio and video monitoring and audio and video data downloading functions are completed.
The background management system comprises the following devices: the system comprises a post-processing data storage server, a database server and a post-processing terminal. And the functions of decryption, storage and file editing processing and equipment management of the audio and video data are completed.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (10)
1. A conference audio and video summary processing encryption storage system, comprising: the system comprises a field audio and video acquisition system, a transmission system and a background management system, wherein the field audio and video acquisition system is used for realizing acquisition, compression coding, encryption, storage of the field audio and video acquisition system and mobile network transmission, the transmission system is used for transmitting audio and video data, and the background management system is used for completing receiving, real-time monitoring, decryption, storage, retrieval, playback and equipment management of the audio and video data.
2. The conference audio and video summary processing encryption storage system of claim 1, wherein: the on-site audio and video acquisition system comprises an audio and video acquisition module, an audio and video coding module, an audio and video encryption module and a mobile network module; the background management system comprises an audio and video decryption module, an audio and video storage module and a background management module.
3. The conference audio video summary processing encryption storage system of claim 2, wherein: the audio/video acquisition module comprises an A/D conversion module, a logic generation module and an audio/video data processor, wherein the A/D conversion module is used for sampling analog audio/video signals and then converting the analog audio/video signals into digital audio/video signals, the logic generation module outputs synchronous logic control signals, the real-time performance of audio/video acquisition and data processing is guaranteed, and the audio/video data processor is used for analyzing and normalizing the audio/video data converted by the A/D conversion module.
4. The conference audio video summary processing encryption storage system of claim 3, wherein: the audio and video coding module uses an H.264 audio and video compression coding algorithm and a DSP processor and adopts double code stream output, one path is transmitted to the mobile network module through an internal network, and the other path is transmitted to the storage equipment of the on-site audio and video acquisition system so as to realize the functions of local storage and network transmission separate processing.
5. The conference audio video summary processing encryption storage system of claim 4, wherein: the audio/video encryption module and the audio/video decryption module encrypt and decrypt the audio/video by using an asymmetric encryption algorithm SM2, and the on-site audio/video acquisition system writes in a public key generated by the background management system in advance before transmitting data to the background management system, wherein the public key is randomly generated by the background management system; and taking out the public key from the background management system, copying the public key into a field audio and video acquisition system setting computer, and uploading the public key into the field audio and video acquisition system equipment for storage when the field audio and video acquisition system equipment is connected to the computer for setting.
6. The conference audio and video summary processing encryption storage system of claim 5, wherein: the mobile network module uses a mobile network audio and video server to complete corresponding mobile network adaptation and transmission, and when the mobile network module dials successfully, the mobile network module communicates with the background management system adopting a fixed IP address, and the mobile network module comprises: the on-site audio and video acquisition system establishes a communication link with a background management system with a fixed IP address through the mobile network module, the background management system sends a control command to the mobile network module, the audio and video transmission is started, and the mobile network module sends audio and video data to a network transmission module of the background management system.
7. The conference audio video summary processing encryption storage system of claim 6, wherein: the transmission system uses the internet, which uses RTP and RTCP protocols, is carried over UDP protocols and then transmitted over IP, or the real-time streaming protocol RTSP and the resource reservation protocol RSVP and then transmitted over IP.
8. The conference audio video summary processing encryption storage system of claim 7, wherein: the background management module is used for adding, deleting and setting authority for the user.
9. The conference audio video summary processing encryption storage system of claim 8, wherein: the background management system also comprises a data and system security module, wherein the data and system security module comprises a network unidirectional isolation module, a firewall, an intrusion detection module, a vulnerability scanning module and an antivirus system.
10. The conference audio video summary processing encryption storage system of claim 9, wherein: the background management system is isolated by a network unidirectional isolation module into an external network area, a monitoring area and a background management system, and the equipment of the external network area comprises: the access gateway, the download server and the external network configuration terminal are used for completing the data receiving; the device for monitoring an area comprises: the original data storage server, the configuration server and the monitoring terminal are used for completing real-time audio and video monitoring and audio and video data downloading; the device of the background management system comprises: the post-processing data storage server, the database server and the post-processing terminal are used for finishing decryption, storage, file editing processing and equipment management of the audio and video data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310718283.2A CN116545758A (en) | 2023-06-16 | 2023-06-16 | Conference audio and video summary processing encryption storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310718283.2A CN116545758A (en) | 2023-06-16 | 2023-06-16 | Conference audio and video summary processing encryption storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116545758A true CN116545758A (en) | 2023-08-04 |
Family
ID=87443820
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310718283.2A Pending CN116545758A (en) | 2023-06-16 | 2023-06-16 | Conference audio and video summary processing encryption storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116545758A (en) |
-
2023
- 2023-06-16 CN CN202310718283.2A patent/CN116545758A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9032461B2 (en) | System and method for video conferencing through a television forwarding device | |
| US9832700B2 (en) | High-speed WAN to wireless LAN gateway | |
| US9497373B2 (en) | Remote controlled studio camera system | |
| US20090254960A1 (en) | Method for a clustered centralized streaming system | |
| US20060170778A1 (en) | Systems and methods that facilitate audio/video data transfer and editing | |
| CN109803111B (en) | Method and device for watching video conference after meeting | |
| CN109729310B (en) | Method and device for exporting monitoring inspection data | |
| US20070127508A1 (en) | System and method for managing the transmission of video data | |
| US20180218073A1 (en) | System and method for secure transmission of signals from a camera | |
| US11153360B2 (en) | Methods and systems for codec detection in video streams | |
| EP3691257B1 (en) | Internet protocol camera security system allowing secure encryption information to be transmitted | |
| CN112422583A (en) | Method and system for fusion and intercommunication of multi-protocol video application | |
| CN110012322B (en) | Method and system for initiating video networking service | |
| CN113014885B (en) | Railway video resource interconnection convergence system and method | |
| EP2882193B1 (en) | Uploading and transcoding media files | |
| US8359434B1 (en) | Distributive network control | |
| CN111125426A (en) | Data storage and query method and device | |
| RU61971U1 (en) | IPTV SERVICE SYSTEM | |
| US8706843B2 (en) | Network connector device | |
| CN115665111B (en) | Real-time Communication System Based on Law Enforcement Recorder | |
| CN116545758A (en) | Conference audio and video summary processing encryption storage system | |
| CN203608286U (en) | Satellite communication monitoring system | |
| US20110016222A1 (en) | Network element for enabling a user of an iptv system to obtain media stream from a surveillance system and corresponding method | |
| CN110460811B (en) | Multimedia data processing method and system based on video network | |
| TWI648984B (en) | System and method for streaming media |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |