TWI437876B - Backup method of remote monitoring system - Google Patents

Description

Remote monitoring system backup method

The present invention relates to a backup method, and in particular to a remote monitoring system backup method.

In recent years, due to the development of industrial and commercial development and social progress, the products provided are mainly aimed at convenience, reliability, and economic benefits. Therefore, the products currently being developed are more advanced than before and can contribute to society.

Many railway crossings in remote areas are equipped with a Network Image Recorder (NVR) or Digital Image Recorder (DVR) based on security. However, in terms of cost considerations, it is generally not necessary to deploy personnel to monitor images in railway level crossings in remote areas. Therefore, it is not necessary to install peripherals such as monitors and keyboards, etc., for real-time image monitoring and setting, but by The central central control center (CMS) monitors the NVR or DVR set up in the railway crossings in remote areas.

In general, the bandwidth of the network connection between the NVR or DVR installed in a remote area and the center of the central control center is not high, resulting in limited image quality for real-time monitoring, and even no instant image return. When an accident occurs, if the central control center wants to obtain images of NVRs or DVRs in remote areas through low-frequency wide network connections, it is often impossible to obtain the required images in the first time and cannot ensure the location. The security of the acquired image.

It can be seen that the above existing methods obviously still have inconveniences and defects, and need to be further improved. In order to solve the above problems, the relevant fields have not exhausted their efforts to seek solutions, but the methods that have not been applied for a long time have been developed. Therefore, how to improve the time-consuming problems of obtaining NVR or DVR images in remote areas and how to ensure the security of the images obtained is one of the current important research and development topics, and it has become an urgent need for improvement in related fields.

It is an object of the present invention to provide a remote monitoring system backup method for improving the time-consuming problem of obtaining NVR or DVR images in remote areas and ensuring the security of the acquired images.

In order to achieve the above object, a technical aspect of the present invention relates to a remote monitoring system backup method, which is to store an image stored in a remote monitoring system through a central control center, a remote branch end, and a remote monitoring system. The information is safely backed up to the storage device. The foregoing method includes the following steps: using the central control center to encrypt the data packet and the security authentication certificate according to the symmetric key, and encrypting the encrypted data packet and the security authentication certificate through the first network. The data is transmitted to the remote monitoring system; the remote monitoring system receives the encrypted data packet and decrypts the encrypted data packet according to the symmetric key.

In addition, the remote monitoring system is used to check whether the decrypted data packet is the foregoing data packet; if yes, the remote monitoring system is used to store the encrypted security authentication certificate; and the central control center uses the symmetric key to encapsulate the data and the security authentication certificate. And the start time data is encrypted and transmitted to the remote branch through the second network; the remote branch is used to store the encrypted data packet, the encrypted security authentication certificate and the encrypted start and end time data to the storage device.

And then connecting the storage device to the remote monitoring system; and using the remote monitoring system to check whether the encrypted data packet in the storage device and the encrypted security authentication certificate conform to the encrypted data packet and the encrypted security in the remote monitoring system The authentication certificate; if yes, the remote monitoring system encrypts the image data in the remote monitoring system according to the start and end time data through the symmetric key and stores it in the storage device.

According to an embodiment of the invention, the symmetric key is generated by using a method comprising the following steps: using the central control center and the remote monitoring system to jointly generate a set of main keys, and respectively storing them to the central control center and remote monitoring Within the system; the central control center and the remote monitoring system perform authentication; and the central control center and the remote monitoring system jointly generate the aforementioned group symmetric key according to the primary key.

According to another embodiment of the present invention, after the step of encrypting and storing the image data in the remote monitoring system through the symmetric key according to the start and end time data to the storage device, the remote monitoring system further includes the following steps: The remote branch transmits the encrypted image data to the central control center through the second network; and uses the central control center to decrypt the encrypted image data according to the symmetric key to securely obtain the image data.

According to still another embodiment of the present invention, the symmetric key is time-sensitive. If the symmetric key exceeds the time limit, the remote monitoring system cannot store the image data in the remote monitoring system into the storage device.

According to still another embodiment of the present invention, the step of storing the image data in the remote monitoring system into the storage device by using the remote monitoring system further includes: generating, by the remote monitoring system, the first hash number according to the image data and storing the same to the storage device. In the device.

According to still another embodiment of the present invention, the step of decrypting the encrypted image data according to the symmetric key by using the central control center further comprises: generating, by the central control center, the second hash number according to the decrypted image data, and Determining whether the first hash number is equal to the second hash number; if so, generating an image data valid signal; and if not, generating an image data invalid signal.

In accordance with yet another embodiment of the present invention, the data packet contains a fixed string and a strictly increasing number of dialogs.

According to still another embodiment of the present invention, when the remote monitoring system checks that the fixed string in the encrypted data packet in the storage device does not conform to the fixed string in the encrypted data packet in the remote monitoring system, an alert signal is generated. .

In accordance with still another embodiment of the present invention, an alert signal is generated when the remote monitoring system checks that the strictly increasing number of conversations in the encrypted data packet in the storage device does not conform to the strictly increasing number of conversations in the remote monitoring system.

According to still another embodiment of the present invention, when the remote monitoring system checks that the encrypted security authentication credential in the storage device does not conform to the encrypted security authentication credential in the remote monitoring system, an alert signal is generated.

Therefore, according to the technical content of the present invention, an embodiment of the present invention provides a method for backing up a remote monitoring system, thereby improving the problem of obtaining an NVR or DVR image in a remote area. In addition, through the communication protocol set by the central control center, the remote branch and the remote monitoring system, if the third party wants to perform any tampering action or the employee inadvertently damages the required image, etc., The remote monitoring system backup method of the embodiment of the present invention detects the security of the acquired image.

In order to make the description of the present disclosure more complete and complete, reference is made to the accompanying drawings and the accompanying drawings. However, the embodiments provided are not intended to limit the scope of the invention, and the description of the operation of the structure is not intended to limit the order of its execution, and any device that is recombined by the components produces equal devices. The scope covered by the invention. The drawings are for illustrative purposes only and are not drawn to the original dimensions. On the other hand, well-known elements and steps are not described in the embodiments to avoid unnecessarily limiting the invention.

FIG. 1 is a schematic diagram of three-way communication between a central control center, a remote branch end, and a remote monitoring system according to an embodiment of the invention.

As shown in FIG. 1 , the remote monitoring system backup method of the embodiment of the present invention secures the image information stored in the remote monitoring system 120 through the central control center 110, the remote branch 130, and the remote monitoring system 120. Back up to the storage device.

In this embodiment, the central control center 110 can be set at the enterprise's head office, the remote branch 130 can be set at the enterprise branch, and the remote monitoring system 120 can include a network image recorder (NVR) or a digital device. Video Recorder (DVR) system.

Operationally, the embodiment of the present invention proposes a communication protocol set by the central control center 110, the remote branch end 130, and the remote monitoring system 120. First, at the central control center 110, the image captured by the remote monitoring system 120 is planned to be captured, and then the central control center 110 generates a secure authentication password and setting.

Then, the central control center 110 transmits the security authentication credentials and settings to the storage device (for example, a flash drive) through the second network to the employee of the remote branch 130, and carries the storage device to the remote monitoring. The system 120 is directly inserted into the USB port of the NVR, and the image can be brought back and then transmitted to the central control center 110 by the remote branch 130.

FIG. 2 is a flow chart showing a method for generating a symmetric key according to another embodiment of the present invention.

Referring to FIG. 1 and FIG. 2 together, first, a central key is used to generate a set of master keys together with the remote monitoring system 120, and are respectively stored to the central control center 110 and the remote end. Within monitoring system 120 (step 201).

In step 201, the primary key is a set of random numbers, which can be generated by manual input, barcode scanning, or by Diffie-Hellman key exchange algorithm, and mainly The key will only be generated once.

Next, the central control center 110 and the remote monitoring system 120 perform authentication (step 202), and then use the central control center 110 and the remote monitoring system 120 to jointly generate a set of symmetric keys according to the primary key (step 203). .

In step 201, the symmetric key is generated by a known algorithm such as a GPG session key generation algorithm or an SSL session key generation algorithm.

It should be noted that the symmetric key is used in the communication protocol between the central control center 110, the remote branch end 130 and the remote monitoring system 120 as a mechanism for data security encryption and decryption, thereby ensuring Data security is transmitted in three-way communication.

In addition, even if there is a human or non-human error in the transmission of the data, it can be detected by the above mechanism to further ensure the security of the data.

FIG. 3 is a flow chart showing a method for backing up a remote monitoring system according to an embodiment of the invention.

Please refer to FIG. 1 and FIG. 3 at the same time. First, the central control center 110 encrypts the data packet and the random number security token according to the session key, and then transmits the first network through the first network. The encrypted data packet and the secure authentication credentials are transmitted to the remote monitoring system 120 (step 301).

In step 301, when the central control center 110 finds an accident in a level crossing in a remote area, the central control center 110 initiates a backup mechanism of the secure remote monitoring system. First, the central control center 110 encrypts the data packet and the security authentication certificate according to the symmetric key, wherein the data packet includes a fixed string (for example: AVerMedia) and a strictly increasing number of conversations (for example, a session number). The encrypted data packets and security authentication credentials are then transmitted to the remote monitoring system 120 over the first network (eg, a low frequency wide network, the low frequency wide network can be an internet and a remote wireless network).

Second, the remote monitoring system 120 is utilized to receive the encrypted data packet and decrypt the encrypted data packet based on the symmetric key (step 302).

In step 302, after the remote monitoring system 120 receives the encrypted data packet transmitted from the central control center 110, the remote monitoring system 120 uses the same symmetric encryption method to encapsulate the encrypted data with symmetric gold. The key is unlocked.

Next, the remote monitoring system 120 is utilized to check whether the decrypted data packet is the aforementioned data packet (step 303). If so, the remote security monitoring system 120 is utilized to store the encrypted secure authentication credentials (step 304).

In detail, the remote monitoring system 120 checks whether the fixed strings are the same, and whether the strictly increasing number of conversations is greater than the known strictly increasing number of conversations. If the result of the check is yes, the remote monitoring system 120 is used for storage. Encrypted security certificate. If one of the check results is no, a warning signal is generated (step 311).

It should be noted that if the strictly increasing number of conversations is equal to or less than the known strictly increasing number of conversations, the data packet may be a malicious playback packet, and the recurring packet is discarded at this time.

The concept of re-creating packets and hackers to record user passwords on the Internet and using the user passwords recorded on the side to log in to the user's account is similar.

When the third party steals the image data in the remote monitoring system 120, even if the third party records the data packet, the backup mechanism of the secure remote monitoring system initiated by the central control center 110 has completed the loop once, assuming this time. The strictly increasing number of conversations generated by the loop is 2, and the strictly increasing number of conversations recorded by the third party to the aforementioned data packet is also 2.

Therefore, when the third party communicates with the remote monitoring system 120 using the strictly increasing dialog number 2 recorded on the side, the remote monitoring system 120 checks that the strictly increasing dialog number 2 is equal to that in the remote monitoring system 120. The strictly increasing number of conversations 2, at which point the remote monitoring system 120 will determine that this is a recurring packet and discard it. In this way, the security of data transmission can be ensured. The aforementioned third party refers to a person who intends to illegally steal, tamper with or destroy the image data in the remote monitoring system 120.

Then, the central control center 110 encrypts the data packet, the security authentication credential and the start and end time data according to the symmetric key, and transmits the data to the remote branch end 130 through the second network (step 305).

In step 305, the central control center 110 encrypts the same data packet, the same security authentication credential and the start and end time data according to the symmetric key in the remote monitoring system 120, and then passes through the second network (for example: The high frequency wide network, the high frequency wide network can be transmitted to the remote branch end 130 for the virtual private network (VPN) and the ADSL/fiber connection.

The so-called time-of-day data is used to record the required image data. For example, when the central control center 110 finds an accident in a remote area, the time of the accident is 15:30 on a certain day. The period of the image data can be from 15:00 to 16:00 on a certain day.

Then, the remote branch 130 stores the encrypted data packet, the encrypted security authentication credential and the encrypted start and end time data to the storage device (step 306), and then connects the storage device to the remote monitoring system 120 (step 307).

In steps 306 and 307, the employee of the remote branch 130 stores the encrypted data packet, the encrypted security authentication credential and the encrypted start and end time data in a storage device (eg, a flash drive), and then, The employee brings the storage device to the accident intersection and connects the storage device to the remote monitoring system 120.

The remote monitoring system 120 is used to check the encrypted data packet and the security authentication credential in the storage device, and determine whether the encrypted data packet and the security authentication credential in the remote monitoring system 120 are met (step 308). If so, the remote monitoring system 120 uses the start and end time data to encrypt the image data in the remote monitoring system 120 through the symmetric key and store it in the storage device (step 309).

As previously mentioned, the data packet contains a fixed string and a strictly increasing number of conversations, so in step 308, the remote monitoring system 120 checks the fixed string of encrypted data packets in the storage device and strictly increments the conversation number, if Step 309 is performed if the fixed string of the encrypted data packet in the remote monitoring system 120 matches the strictly increasing dialog number and the encrypted secure authentication certificate also matches.

In addition, the remote monitoring system 120 checks the fixed string in the encrypted data packet in the storage device, and generates a warning signal if the fixed string in the encrypted data packet in the remote monitoring system 120 does not match (step 311). ).

In another embodiment, the remote monitoring system 120 checks for strictly increasing dialog digits in the encrypted data packet in the storage device, and generates an alert signal if it does not match the strictly increasing dialog number in the remote monitoring system 120. (Step 311).

In yet another embodiment, the alert signal is generated when the remote monitoring system 120 checks that the encrypted secure authentication credentials in the storage device do not comply with the encrypted secure authentication credentials in the remote monitoring system (step 311).

In step 309, for example, if the period of time required to obtain the image data recorded by the time-of-day data is from 15:00 to 6:00, the remote monitoring system 120 transmits the remote monitoring system 120 through the symmetric key. The image data from 15:00 to 16:00 on a certain day is encrypted and stored in the storage device.

It should be noted that the symmetric key has an aging time. If the symmetric key exceeds the aging time, the remote monitoring system 120 cannot store the image data in the remote monitoring system 120 into the storage device.

For example, if the aging time set by the symmetric key is 6 hours, if the step 307 is not executed within 6 hours after the execution of step 306, the symmetric key will be invalid, and the remote monitoring system 120 will not be able to The image data in the remote monitoring system 120 is stored in the storage device.

After the remote monitoring system 120 stores the image data therein to the storage device, the remote branch terminal 130 transmits the encrypted image data to the central control center 110 through the second network (step 312). Then, the encrypted image data is decrypted according to the symmetric key by the central control center to securely acquire the image data (step 313).

In detail, to ensure that the image data is securely obtained, as shown in step 309, after the remote monitoring system 120 is used to store the image data in the remote monitoring system 120 into the storage device, the remote monitoring system 120 may use the image data according to the image data. A calculation is performed to generate a first hash signature and stored in a storage device.

Next, in step 313, the central control center 110 decrypts the encrypted image data according to the symmetric key, and the central control center 110 generates a second hash number based on the decrypted image data. Then, the central control center 110 determines whether the first number of hashes is equal to the second number of hashes: if yes, an image data valid signal is generated, which means that the image data is securely obtained; if not, an image data invalid signal is generated, representing the image. The information may have been tampered with.

The remote monitoring system backup method as described above can be performed by software, hardware and/or carcass. For example, if the execution speed and accuracy are the primary considerations, the hardware and/or the carcass may be mainly used; if the design flexibility is the primary consideration, the software may be mainly used; or At the same time, the software, hardware and carcass work together.

It should be understood that the above examples are not intended to limit the present invention, and are not intended to limit the present invention. Those skilled in the art will need to design elastically at that time.

Furthermore, those skilled in the art can understand that the steps in the remote monitoring system backup method are named according to the functions they perform, only to make the technology of the present invention more obvious and understandable, and not to limit the Wait for steps. It is still an embodiment of the present disclosure to integrate the steps into the same step or to split into multiple steps, or to replace any of the steps into another step.

It will be apparent from the above-described embodiments of the present invention that the application of the present invention has the following advantages. The embodiment of the present invention improves the time-consuming problem of obtaining an NVR or DVR image in a remote area by providing a remote monitoring system backup method.

In addition, through the communication protocol set by the central control center 110, the remote branch end 130 and the remote monitoring system 120, if the third party wants to perform any tampering action or the employee inadvertently damages the required image, etc. The remote monitoring system backup method of the embodiment of the present invention can be detected to ensure the security of the acquired image.

Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention, and the present invention can be modified and modified without departing from the spirit and scope of the present invention. The scope is subject to the definition of the scope of the patent application attached.

110. . . Central control center

120. . . Remote monitoring system

130. . . Remote branch

201～203. . . step

301~313. . . step

The above and other objects, features, advantages and embodiments of the present invention will become more apparent and understood.

FIG. 1 is a schematic diagram of three-way communication between a central control center end, a remote branch end, and a remote monitoring system according to an embodiment of the invention.

2 is a flow chart showing a method for generating a symmetric key according to still another embodiment of the present invention.

FIG. 3 is a flow chart showing a method for backing up a remote monitoring system according to another embodiment of the present invention.

301~313. . . step

Claims (10)

A method for backing up a remote monitoring system, which securely backs up image information stored in the remote monitoring system to a storage device through a central control center, a remote branch, and a remote monitoring system. The method includes the following steps: using the central control center to encrypt a data packet and a security authentication certificate according to a symmetric key, and transmitting the encrypted data packet and the security authentication certificate to the remote network through a first network End monitoring system; receiving, by the remote monitoring system, the encrypted data packet and decrypting the encrypted data packet according to the symmetric key; and using the remote monitoring system to check whether the decrypted data packet is the data packet If yes, the remote monitoring system is used to store the encrypted security authentication certificate; the central control center encrypts the data packet, the security authentication certificate and the time-out data according to the symmetric key, and transmits a second The network is transmitted to the remote branch; the remote branch is used to store the encrypted data packet, the encrypted security certificate Encrypting the encrypted start and end time data to the storage device; and using the remote monitoring system to check whether the encrypted data packet in the storage device and the encrypted security authentication certificate are in the remote monitoring system The encrypted data packet and the encrypted security authentication certificate; if yes, the remote monitoring system encrypts and stores an image data in the remote monitoring system through the symmetric key according to the start and end time data to the In the storage device. The remote monitoring system backup method of claim 1, wherein the symmetric key is generated by using a method comprising: using the central control center to generate a set of primary keys together with the remote monitoring system, And respectively stored in the central control center and the remote monitoring system; the central control center end authenticates with the remote monitoring system; and utilizes the central control center and the remote monitoring system according to the primary key Together, the set of symmetric keys is generated. The remote monitoring system backup method of claim 1, wherein the remote monitoring system encrypts and stores the image data in the remote monitoring system through the symmetric key according to the start and end time data to After the step in the storage device, the method further includes: transmitting, by the remote branch end, the encrypted image data to the central control center through the second network; and using the central control center according to the symmetry The key decrypts the encrypted image data to securely acquire the image data. The remote monitoring system backup method of claim 3, wherein the step of using the remote monitoring system to store the image data in the remote monitoring system into the storage device further comprises: utilizing the remote monitoring system A first hash number is generated based on the image data and stored in the storage device. The remote monitoring system backup method of claim 4, wherein the step of decrypting the encrypted image data according to the symmetric key by using the central control center further comprises: using the central control center according to the Decrypting the image data to generate a second hash number and determining whether the first hash number is equal to the second hash number; if so, generating an image data valid signal; and if not, generating an image data invalid signal. The remote monitoring system backup method of claim 1, wherein the symmetric key has an aging time, and if the symmetric key exceeds the aging time, the remote monitoring system cannot use the image data in the remote monitoring system. Stored in the storage device. The remote monitoring system backup method of claim 1, wherein the data packet comprises: a fixed string; and a strictly increasing dialog number. The remote monitoring system backup method of claim 7, wherein the remote monitoring system checks that the fixed string in the encrypted data packet in the storage device does not conform to the encrypted in the remote monitoring system A warning signal is generated when the fixed string in the data packet. The remote monitoring system backup method of claim 7, wherein the remote monitoring system checks that the strictly increasing number of conversations in the encrypted data packet in the storage device does not conform to the remote monitoring system A warning signal is generated when the strictly increasing number of conversations in the data packet is encrypted. The remote monitoring system backup method of claim 7, wherein when the remote monitoring system checks that the encrypted security authentication credential in the storage device does not meet the encrypted security authentication credential in the remote monitoring system, A warning signal.