CN201378857Y - Trusted video system utilizing digital signature technology - Google Patents
Trusted video system utilizing digital signature technology Download PDFInfo
- Publication number
- CN201378857Y CN201378857Y CN200920106453U CN200920106453U CN201378857Y CN 201378857 Y CN201378857 Y CN 201378857Y CN 200920106453 U CN200920106453 U CN 200920106453U CN 200920106453 U CN200920106453 U CN 200920106453U CN 201378857 Y CN201378857 Y CN 201378857Y
- Authority
- CN
- China
- Prior art keywords
- digital
- video
- credible
- digital video
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 230000005540 biological transmission Effects 0.000 claims abstract description 22
- 238000012544 monitoring process Methods 0.000 claims abstract description 16
- 238000004364 calculation method Methods 0.000 claims description 20
- 230000000694 effects Effects 0.000 abstract description 7
- 238000000034 method Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 6
- 230000015572 biosynthetic process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a trusted video system utilizing the digital signature technology, which comprises a monitoring front end and a monitoring center. The monitoring front end comprises a video signal collector. The video signal collector is connected with a trusted digital video encoder. The trusted digital video encoder is connected with a front end transmission device. The monitoring center comprises a center transmission device connected with a digital video decoder. The digital video decoder is connected with a display. The front end transmission device is connected with a front end storage. The center transmission device is connected with a center storage, a control terminal, a certificat management server and a trusted authentication server. The trusted digital video encoder consists of an analog video input interface, a digital video encoding module, a trusted computation module and a network interface. The trusted computation module is connected with a dedicated security chip. The utility model can greatly improve difficulty and cost of secretly falsifying data, so as to achieve the effects of effectively avoiding data from being falsified and maintaining the creditability of the video data.
Description
Technical field
The utility model relates to a kind of video monitoring system, relates in particular to a kind of reliable video system that uses digital signature technology.Belong to technical field of video monitoring.
Background technology
Along with the develop rapidly of science and technology, technical field such as the video monitoring technology has been widely used in security monitoring and protection, tracks down and arrest, image data acquiring, and more and more play an important role.Digital video monitor system is general to be constituted as shown in Figure 3: partly be made of video signal collective device, digital video code, front-end memory, Surveillance center's memory, front end transmission equipment, control terminal, digital video decoder, display etc.Wherein, the formation of digital video code is made up of analog video input interface, digital video coding module, network interface as shown in Figure 4, and the analog video input interface is connected with the digital video coding module, and the digital video coding module is connected with network interface.The video signal collective device converts monitored object to vision signal; Digital video code converts vision signal to the video data stream that can transmit by transmission equipment or network; Transmission equipment or network constitute a data transmission channel that is communicated with front monitoring front-end and Surveillance center with transmission line or network; The vision signal that memory stores collects; Digital video decoder converts the video data stream that receives to the vision signal that can be accepted by regular display; Display shows the vision signal of recovering out through decoder; Control terminal can be controlled said process.By digital video monitor system, the monitor staff can monitor one or more monitored objects in real time in Surveillance center, and can be with monitoring and video data stored by memory, as the resource or the authority of later retrieval or verification.Aforesaid video monitoring system because of simple structure, with low costly obtained extensive application, and cracking that some are heavy, bringing into play important effect in the megacase process.But; such vedio data that system recorded but exists obvious defects when being used to testify; reason is that through the video data that digital video code was encoded be " naked " data that do not add any protection; as long as anyone is ready; all but the very low cost of only use expense can be made amendment to it easily; and the data through revising are difficult to be proved or falsfication, and this makes the legal effect of these video datas have a greatly reduced quality.Because the existing above-mentioned defective of ordinary video supervisory control system, making can only be as auxiliary clue or evidence of solving a case via the multitude of video image resource that these systems recorded, and can not become real corroboration, this has influenced the performance of video monitoring system effect undoubtedly greatly, and has caused the serious waste of video data resource.
The utility model content
The utility model is in order to overcome the deficiencies in the prior art, provides to have independently a kind of reliable video system that uses digital signature technology of certificate management server and credible authentication server.
The reliable video system of use digital signature technology of the present utility model is achieved through the following technical solutions:
A kind of reliable video system that uses digital signature technology, comprise front monitoring front-end and be attached thereto the Surveillance center that connects by network, described front monitoring front-end is provided with credible digital video code, described credible digital video code is used for the credible coding of video data, described Surveillance center is provided with the certificate management server that is used for managing digital certificate and is used for carrying out the credible authentication server of credible checking behind the decoding digital video, described credible digital video code one end is connected with the video signal collective device, the other end is connected with the front end transmission equipment, described front end transmission equipment connects a front end memory, described certificate management server and credible authentication server all are connected with central transmission equipment, described central transmission equipment also with central memory, control terminal, digital video decoder connects, and described digital video decoder is connected with display.
Described credible digital encoder also comprises analog video input interface, digital video coding module, creditable calculation modules, special-purpose safety chip and network interface, described analog video input interface is connected with the digital video coding module, described digital video coding module is connected with creditable calculation modules, described creditable calculation modules is connected with network interface, and described creditable calculation modules is connected with special-purpose safety chip.
In the described credible digital encoder embedded one that issue by certificate management server or approve, deposit in the digital certificate in the special-purpose safety chip, the device id number of preserving the PKI of described digital certificate in the described certificate management server and using this digital certificate equipment is preserved the private key of this digital certificate in the described special-purpose safety chip.
Core of the present utility model is creditable calculation modules, special-purpose safety chip two parts, different with the digital video code course of work of the prior art is, video data stream behind the process compressed encoding is before being sent to network interface, increased a credible calculation process, make in the video data stream of final output transmission or network and to have increased the trust data part than in the past, table 1 is the comparison of general network video data stream and trustable network video data flow structure, table 1 a) be general network video data flow structure, the b of table 1) be the trustable network data flow architecture.Trust data makes that nearly all modification to video data can both be identified at an easy rate.
Carrying out using special-purpose safety chip when trust data is calculated is necessary.The effect of special-purpose safety chip mainly contains 2 points: preserve private key and algorithm and quicken.Can replace with software from the function of the special-purpose safety chip of principle, but under present technical conditions, do the problem that to bring aspect two like this: be difficult to guarantee that the private key of being preserved can not be stolen, just be difficult to also therefore guarantee that the fail safe of trust data is promptly credible; Operand is big, and ordinary processor is difficult to satisfy the requirement of real-time or power consumption aspect.
Table 1: the comparison of general network video data stream and trustable network video data flow structure:
A). general network video data flow structure:
| Packet header | The I frame data | Packet header | The P frame data | Packet header | The P frame data |
B). trustable network video data flow structure:
| Packet header | The I frame data | Trust data | Packet header | The P frame data | Trust data | Packet header | The P frame data | Trust data |
Trust data is as follows through the computational process of creditable calculation modules:
1, at first video requency frame data is carried out HASH computing (as using MD5, SHA-1, SHA-256 scheduling algorithm), generate video requency frame data summary HD (abbreviation of Hashed data, frame of video digital digest).
2, with the private key that leaves in the special-purpose safety chip HD is signed (as using RSA1024, RSA2048 scheduling algorithm), generate frame of video signature digest data SHD (abbreviation of Signed Hashed Data, frame of video signed data summary).
3, assemble credible coded data TED (abbreviation of Trust Encoded Data, credible coded data) according to form shown in the table 2.
Table 2 is the formation of the credible coded data of frame of video (TED).
Table 2: the formation of the credible coded data of frame of video (TED):
20bytes 46bits 2bits 2bits 6bits 128bytes
| Device id | Corresponding frame number | Digest algorithm | Signature algorithm | Coded frame information | SHD |
The EIC equipment identification code of device id wherein on certificate management server and credible authentication server, having registered, give credible video encoder by system, each device id all is unique in supervisory control system, can find corresponding with it PKI by device id on certificate management server and credible authentication server.Corresponding frame number is the serial number of the video data frame corresponding with this trust data, and in same section video data (file or one section video flowing), each video data frame all has a unique serial number.Digest algorithm, signature algorithm are determined by table 3, table 4 respectively, indicate the algorithm that is adopted when carrying out credible calculating.
Table 3: digest algorithm coding schedule
| The digest algorithm value | Employed digest algorithm |
| 00 | SHA-1 |
| 01 | SHA-256 |
| 10 | |
| 11 | Keep |
Table 4: signature algorithm coding schedule
| The signature algorithm value | Employed digest algorithm |
| 00 | RSA1024 |
| 01 | RSA2048 |
| 10 | Keep |
| 11 | Keep |
Coded frame information indicates the type of initial data and the mapping relations of trust data and initial data.Except that each summary was signed, the utility model was also supported a plurality of frame of video are once made a summary jointly and signed (being called for short " connection is signed ").Using connection to sign this method to some non-important frame can reduce operand greatly under the prerequisite of not obvious reduction fail safe, thereby improves the real-time of credible calculating and reduce Overall Power Consumption.Be shown in Table 5.
Table 5: coded frame information
| The coded frame value of information | Implication |
| 0x20 | To frame number the credible coding of corresponding important frame (as the I frame) data |
| 0x00 | To frame number the credible coding of corresponding non-important frame (as the P frame) data |
| 0x01-0x17 | To frame number the corresponding frame and the credible coding of N frame before this |
| Other | Keep |
For video file that has trust data or data flow, when the wherein a certain frame video data of needs checkings credible, its proof procedure is as follows:
1, by the frame number of these frame data, finds the identical with it trust data TED of corresponding frame number.
2, in TED, isolate device id, and ask for corresponding with it public key certificate to certificate management server according to this device id.
3, use the signature algorithm of appointment among the public key certificate obtain and TED or the TED that SHD (abbreviation of Signed Hashed Data, frame of video signed data summary) is decrypted computing, obtain RSHD.
4, the digest algorithm that uses appointment among TED or the TED obtains SCHD (digital digest is calculated in the abbreviation of Self-calculatedHashed Data certainly) to the calculating that makes an abstract of these frame data.
5, compare RSHD (abbreviation of Recovered Signed Hasked Data recovers summary data, promptly is the video data summary that recovers to come out) and HD from trust data, if RSHD=SCHD shows that then these frame data were not distorted; Otherwise promptly RSHD ≠ SCHD shows that then these frame data were once distorted.
The utility model has following beneficial effect with respect to prior art:
The utility model can greatly improve secret the altered data difficulty and the cost of (comprising raw image data and trust data), thereby reaches the effect that effectively prevents to distort, keep the video data credibility;
From the technical solution of the utility model, want that the video image that has trust data is carried out secret and distort (promptly data having been carried out revising and don't being found), its approach only has two:
The one, keep its digest value constant to the piece image back of making amendment.The difficulty of doing like this depends on the digest algorithm that is adopted.When using the MD5 algorithm, its difficulty is 1/2
128When using the SHA-1 algorithm, its difficulty is 1/2
160When using the SHA-256 algorithm, its difficulty is 1/2
256Even wherein the MD5 algorithm of difficulty minimum uses the most effective birthday attack (birthdayattack) method, need carry out 2
64Inferior hash computing just can find two width of cloth to have the image of identical digest value, and will finish this attack, uses the strongest general processor of present operational capability (can carry out 100,000,000 hash computings as dominant frequency 10GHz, per second), needs 2
64/ (10
8) second=2.3 * 10
18Second=7.3 * 10
10Nian Caineng finishes.
The 2nd, decode the private key that is kept in the special-purpose safety chip.Because safety chip just stipulates that the private key that is stored under any condition wherein can not be read out chip in when design, the only approach that therefore obtains private key is decoded signed data exactly, and hope can be from recovering private key the signed data.Crack the RSA1024 algorithm, use the most effective at present special number field factorization method, the operand that needs is about 3 * 10
7MIPS-year is an example with the strongest general processor of present operational capability (as dominant frequency 10GHz) still, needs just can finish in about 3000.
(MD5 and RSA1024 algorithm at present on the net commercial field such as bank, E-Payment obtained extensive use, its fail safe gains universal acceptance).
This shows that the utility model can improve cost and the difficulty that secret is distorted video image greatly, strengthen the credibility of video image.
Description of drawings
Fig. 1 is the reliable video system block diagram of use digital signature technology of the present utility model;
Fig. 2 is the credible video encoder block diagram of use digital signature technology of the present utility model.
Fig. 3 is the digital video monitor system block diagram with respect to prior art of the present utility model.
Fig. 4 is the digital video coding coder structure block diagram with respect to prior art of the present utility model
Embodiment
For can being known, one of ordinary skill in the art understands the technical solution of the utility model, existing in conjunction with the accompanying drawings to further explanation at large of enforcement do of the present utility model:
A kind of reliable video system that uses digital signature technology, as shown in Figures 1 and 2, comprise front monitoring front-end 1 and be attached thereto the Surveillance center 2 that connects by network, front monitoring front-end 1 is provided with credible digital video code 4, credible digital video code 4 is used for the credible coding of video data, Surveillance center 2 is provided with the certificate management server 12 that is used for managing digital certificate and is used for carrying out the credible authentication server 13 of credible checking behind the decoding digital video, credible digital video code 4 one ends are connected with video signal collective device 3, the other end is connected with front end transmission equipment 5, front end transmission equipment 5 connects a front end memory 6, certificate management server 12 and credible authentication server 13 all are connected with central transmission equipment 7, central transmission equipment 7 also with central memory 10, control terminal 11, digital video decoder 8 connects, and digital video decoder 8 is connected with display 9.
Credible digital encoder 4 also comprises analog video input interface 41, digital video coding module 42, creditable calculation modules 43, special-purpose safety chip 45 and network interface 44, analog video input interface 41 is connected with digital video coding module 42, digital video coding module 42 is connected with creditable calculation modules 43, creditable calculation modules 43 is connected with network interface 44, and creditable calculation modules 43 is connected with special-purpose safety chip 45.
In the credible digital encoder 4 embedded one that issue by certificate management server 12 or approve, deposit in the digital certificate in the special-purpose safety chip 45, the device id number of preserving the PKI of digital certificate in the certificate management server 12 and using this digital certificate equipment is preserved the private key of this digital certificate in the special-purpose safety chip 45.
Embodiment:
As shown in Figures 1 and 2, at first system's certificate management server 12 is provided certificate for this equipment, its public key certificate leaves in the certificate management server 12, for user inquiring in the system, private key certificate leaves in the special-purpose safety chip 45, the private key certificate that the technical characteristics that special-purpose safety chip 45 itself is had can guarantee to leave in wherein can not read from the outside by anyone any time, to the certificate issued work of credible digital video code 4 can be when equipment dispatches from the factory or equipment carry out before bringing into operation and once get final product.
Analog video input interface 41 in the present embodiment is made up of digital video transcoding integrated circuit TVP5146, digital video code 42 mainly is made up of dsp processor and digital video coding software among general SOC (system on a chip) (SOC) TMS320DM6446, creditable calculation modules 43 mainly is made up of arm processor among the SOC (system on a chip) TMS320DM6446 and related software, network interface 44 is made up of network interface integrated circuit LXT971, special-purpose safety chip 45 models are ZDTX001, analog video input interface 41, digital video coding module 42, creditable calculation modules 43, the digital interface that is provided by SOC (system on a chip) TMS320DM6446 between the network interface 44 is connected to each other and swap data, links to each other by the SD interface between creditable calculation modules 43 and the special-purpose safety chip 45.
SOC (system on a chip) is the literal translation to English System On Chip, the meaning is that a system (and being not only certain function) is integrated on the chip, aforesaid DM6446, its inner integrated arm processor, a dsp processor, one cover Memory Controller Hub, one cover video front controller, side controller etc. behind the one cover video, the relative peripheral resource of main functional modules in the SOC (system on a chip) (comprises what oneself was monopolized, and shared with other functional modules) generally can be called as the subsystem of SOC (system on a chip), as DM6446, arm processor wherein and associated bus thereof, memory, common formation such as peripheral hardware ARM subsystem, other subsystems are also all similar.
During this equipment operate as normal, at first pass through analog video input interface 41 from the analog video signal of outside input, after analog video signal carried out frame coding, be converted into digital video signal and output to digital video code 42,42 pairs of digital video signals of receiving of digital video code according to certain algorithm (as H.264, MPEG-4 etc.) carry out the compressed encoding computing, and it is encapsulated according to certain format (as PS or PES), generation contains packet header and (contains frame number in the packet header, Frame Properties, the general network video code flow of video requency frame data information such as timestamp), then it is sent to creditable calculation modules 43, the general network video code flow that 45 pairs of special-purpose safety chips of creditable calculation modules 43 control are received according to aforesaid trust data computational process calculate successively HD, SHD, TED, and with TED result together with the general network video code flow, with its b according to table 1) shown in order outwards send by network interface 44, promptly be final trustable network video data stream.
If will carry out credible checking to a certain frame in the trustable network video data stream, its proof procedure is:
Frame number (leaving in the packet header) by these frame data, find the identical with it trust data TED of corresponding frame number or in TED, isolate device id, and ask for it corresponding public key certificate to certificate management server 12 according to this device id, the signature algorithm of appointment is decrypted computing to SHD among public key certificate that use obtains and the TED, obtain RSHD, the digest algorithm that uses appointment among the TED obtains SCHD to the calculating that makes an abstract of these frame data; Relatively RSHD and SCHD as if RSHD=SCHD, show that then these frame data were not distorted, otherwise promptly RSHD ≠ SCHD show that then these frame data were once distorted.The utility model can greatly improve the difficulty and the cost of secret altered data, thereby reaches the effect that effectively prevents to distort, keep the video data credibility.
The utility model is not limited only to the foregoing description, and is every in any conspicuous change of being done inwardly without prejudice to the utility model, all will all will produce abuse in the protection range of the utility model right.
Claims (3)
1, a kind of reliable video system that uses digital signature technology, comprise front monitoring front-end and be attached thereto the Surveillance center that connects by network, it is characterized in that, described front monitoring front-end is provided with credible digital video code, described credible digital video code is used for the credible coding of video data, described Surveillance center is provided with the certificate management server that is used for managing digital certificate and is used for carrying out the credible authentication server of credible checking behind the decoding digital video, described credible digital video code one end is connected with the video signal collective device, the other end is connected with the front end transmission equipment, described front end transmission equipment connects a front end memory, described certificate management server and credible authentication server all are connected with central transmission equipment, described central transmission equipment also with central memory, control terminal, digital video decoder connects, and described digital video decoder is connected with display.
2, the reliable video system of use digital signature technology according to claim 1, it is characterized in that, described credible digital encoder also comprises analog video input interface, digital video coding module, creditable calculation modules, special-purpose safety chip and network interface, described analog video input interface is connected with the digital video coding module, described digital video coding module is connected with creditable calculation modules, described creditable calculation modules is connected with network interface, and described creditable calculation modules is connected with special-purpose safety chip.
3, the reliable video system of use digital signature technology according to claim 1, it is characterized in that, in the described credible digital encoder embedded one that issue by certificate management server or approve, deposit in the digital certificate in the special-purpose safety chip, the device number of preserving the PKI of described digital certificate in the described certificate management server and using this digital certificate equipment is preserved the private key of this digital certificate in the described special-purpose safety chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200920106453U CN201378857Y (en) | 2009-03-25 | 2009-03-25 | Trusted video system utilizing digital signature technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200920106453U CN201378857Y (en) | 2009-03-25 | 2009-03-25 | Trusted video system utilizing digital signature technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201378857Y true CN201378857Y (en) | 2010-01-06 |
Family
ID=41518975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200920106453U Expired - Lifetime CN201378857Y (en) | 2009-03-25 | 2009-03-25 | Trusted video system utilizing digital signature technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201378857Y (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017193949A1 (en) * | 2016-05-11 | 2017-11-16 | 中兴通讯股份有限公司 | Code stream tampering monitoring method and device and communication system |
-
2009
- 2009-03-25 CN CN200920106453U patent/CN201378857Y/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017193949A1 (en) * | 2016-05-11 | 2017-11-16 | 中兴通讯股份有限公司 | Code stream tampering monitoring method and device and communication system |
| CN107370712A (en) * | 2016-05-11 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of code stream distorts monitoring method, device and communication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101516025B (en) | Reliable video system using digital signature technology | |
| CN107682308B (en) | Electronic evidence preservation system based on block chain latent channel technology | |
| CN112395643B (en) | Data privacy protection method and system for neural network | |
| CN113660092B (en) | Power data uploading system and method based on zero knowledge proof | |
| CN110474892B (en) | False data injection attack defense method based on block chain technology | |
| CN110427772B (en) | Privacy protection electronic voting method and system based on block chain | |
| CN112532389B (en) | Smart power grid lightweight privacy protection data aggregation method based on block chain | |
| CN112214544A (en) | Ubiquitous power Internet of things edge data safe storage method based on permission block chain | |
| CN112733172A (en) | Smart power grid data aggregation scheme based on RSA and differential privacy | |
| CN201378857Y (en) | Trusted video system utilizing digital signature technology | |
| CN113591103B (en) | Identity authentication method and system between intelligent terminals of electric power Internet of things | |
| CN103401906B (en) | A kind of remote configuring method of safety interlock | |
| CN113254987B (en) | Fault-tolerant time sequence data aggregation method capable of protecting privacy | |
| CN201657196U (en) | Creditable infrared thermal imaging system using digital signature technique | |
| CN102752307B (en) | Based on transmission method and the system of the video monitoring data of mark | |
| CN111931194A (en) | Security monitoring big data processing method and device based on cloud computing | |
| CN115484030B (en) | Enterprise tax data sharing method and system based on Internet of things technology | |
| CN109697613B (en) | Security authentication method and system for network transaction in block chain | |
| CN116127429A (en) | Data right determining method based on symbol mapping coding and block chain | |
| CN114221809B (en) | Data aggregation system and method for resisting abnormal data and protecting privacy | |
| Ma et al. | A multi-stage information protection scheme for CDA-based energy trading market in smart grids | |
| CN114978711A (en) | Data transmission method and system for symmetric encryption of dynamic secret key | |
| CN112087308A (en) | Data integrity protection platform based on smart city | |
| CN111147258A (en) | Block chain-based certificate authentication method and system | |
| CN117544430B (en) | Intelligent data encryption method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20100106 |