WO2022000261A1 - Method for starting and activating camera, camera and cradle head - Google Patents

Method for starting and activating camera, camera and cradle head Download PDF

Info

Publication number
WO2022000261A1
WO2022000261A1 PCT/CN2020/099245 CN2020099245W WO2022000261A1 WO 2022000261 A1 WO2022000261 A1 WO 2022000261A1 CN 2020099245 W CN2020099245 W CN 2020099245W WO 2022000261 A1 WO2022000261 A1 WO 2022000261A1
Authority
WO
WIPO (PCT)
Prior art keywords
camera
function key
encrypted
message
program
Prior art date
Application number
PCT/CN2020/099245
Other languages
French (fr)
Chinese (zh)
Inventor
马骏
黄晶晶
朱超
范庆鹤
Original Assignee
深圳市大疆创新科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市大疆创新科技有限公司 filed Critical 深圳市大疆创新科技有限公司
Priority to PCT/CN2020/099245 priority Critical patent/WO2022000261A1/en
Priority to CN202080006216.2A priority patent/CN113056726A/en
Publication of WO2022000261A1 publication Critical patent/WO2022000261A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Abstract

A method for activating a camera, comprising: loading ciphertext of at least one target program of the camera, wherein the at least one target program comprises at least one among a system program and an application program; acquiring at least one first functional secret key; using the at least one first functional secret key to convert the ciphertext of the at least one target program to plaintext of the at least one target program; and performing, for each target program, the following operations: verifying, on the basis of the plaintext of the target program, whether the target program meets a program start condition; and starting the target program in response to a verification result indicating that the target program meets the program start condition. Embodiments of the present application may prevent a camera software system from being cracked and thus prevent a camera product from being illegally copied, counterfeited, assembled, and packaged for sale, or even prevent the camera product from being illegally used due to circumvention of activation and authorization processes.

Description

用于相机的启动、激活的方法和相机、云台Method for starting and activating a camera, and a camera and a PTZ 技术领域technical field
本申请涉及相机技术领域,尤其涉及一种用于相机的启动方法、一种用于相机的激活方法、一种相机、一种云台、一种服务器、一种相机系统、一种计算机可读存储介质、一种包含指令的计算机程序产品。The present application relates to the technical field of cameras, and in particular, to a startup method for a camera, an activation method for a camera, a camera, a PTZ, a server, a camera system, and a computer-readable Storage medium, a computer program product containing instructions.
背景技术Background technique
现有的相机软件系统很容易被破解,使得相机产品极易被复制和仿冒,或者使得相机由于软件系统被篡改而极易规避激活、授权流程,进而使得相机可能被非法启动,或者使得通过拼装、组装、仿冒等手段获得非法相机产品成为可能。The existing camera software system is easy to be cracked, which makes the camera product very easy to be copied and counterfeited, or the camera can easily evade the activation and authorization process due to the tampering of the software system, so that the camera may be illegally activated, or the camera may be illegally activated. It is possible to obtain illegal camera products by means of , assembly, counterfeiting, etc.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种用于相机的启动、激活方法和相机、云台、相机系统以及服务器,可以避免相机软件系统被破解,进而避免相机产品被非法复制、仿冒、拼装和组装而被销售,甚至可以避免相机产品由于规避激活、授权流程而被非法使用。The embodiments of the present application provide a method for starting and activating a camera, a camera, a gimbal, a camera system, and a server, which can prevent the camera software system from being cracked, thereby preventing camera products from being illegally copied, counterfeited, assembled and assembled. Sales and even avoid illegal use of camera products by circumventing the activation and authorization process.
第一方面,本申请实施例提供了一种用于相机的启动方法,包括:加载所述相机的至少一个目标程序的密文,其中,所述至少一个目标程序包括系统程序和应用程序中的至少一种;获取至少一个第一功能秘钥;利用所述至少一个第一功能秘钥将所述至少一个目标程序的密文转换为所述至少一个目标程序的明文;针对每个目标程序,执行以下操作:基于目标程序的明文验证该目标程序是否符合程序启动条件;以及响应于验证结果表征该目标程序符合所述程序启动条件,启动该目标程序。In a first aspect, an embodiment of the present application provides a startup method for a camera, including: loading ciphertext of at least one target program of the camera, wherein the at least one target program includes a system program and an application program. at least one; obtain at least one first function key; use the at least one first function key to convert the ciphertext of the at least one target program into the plaintext of the at least one target program; for each target program, The following operations are performed: verifying whether the target program meets the program start condition based on the plaintext of the target program; and starting the target program in response to the verification result indicating that the target program meets the program start condition.
第二方面,本申请实施例还提供了一种用于相机的启动方法,包括:生成并存储至少一个第一功能秘钥;以及向所述相机发送所述至少一个第一功能秘钥,以便所述相机基于所述至少一个第一功能秘钥执行相机启动操作。In a second aspect, an embodiment of the present application further provides a method for starting a camera, including: generating and storing at least one first function key; and sending the at least one first function key to the camera, so that The camera performs a camera activation operation based on the at least one first function key.
第三方面,本申请实施例提供了一种用于相机的激活方法,包括:获取来自所述相机的用于请求激活所述相机的加密消息;对所述加密消息进行验证;以及基于针对所述加密消息的验证结果,确定是否激活所述相机。In a third aspect, an embodiment of the present application provides an activation method for a camera, including: acquiring an encrypted message from the camera for requesting to activate the camera; verifying the encrypted message; and The verification result of the encrypted message is used to determine whether to activate the camera.
第四方面,本申请实施例提供了一种相机,所述相机包括处理器,用于:加载所述相机的至少一个目标程序的密文,其中,所述至少一个目标程序包括系统程序和应用程序中的至少一种;获取至少一个第一功能秘钥;利用所述至少一个第一功能秘钥将所述至少一个目标程序的密文转换为所述至少一个目标程序的明文;针对每个目标程序,执行以下操作:基于目标程序的明文验证该目标程序是否符合程序启动条件;以及响应于验证结果表征该目标程序符合所述程序启动条件,启动该目标程序。In a fourth aspect, an embodiment of the present application provides a camera, where the camera includes a processor for: loading ciphertext of at least one target program of the camera, wherein the at least one target program includes a system program and an application at least one of the programs; obtain at least one first function key; use the at least one first function key to convert the ciphertext of the at least one target program into the plaintext of the at least one target program; for each The target program performs the following operations: verifying whether the target program meets the program start condition based on the plaintext of the target program; and starting the target program in response to the verification result indicating that the target program meets the program start condition.
第五方面,本申请实施例提供了一种云台,用于与相机配合使用,包括:处理器,用于生成并存储至少一个第一功能秘钥;以及消息发送器,用于向所述相机发送所述至少一个第一功能秘钥,以便所述相机基于所述至少一个第一功能秘钥执行相机启动操作。In a fifth aspect, an embodiment of the present application provides a pan/tilt for use with a camera, including: a processor for generating and storing at least one first function key; and a message transmitter for sending the The camera sends the at least one first function key, so that the camera performs a camera startup operation based on the at least one first function key.
第六方面,本申请实施例提供了一种服务器,包括:消息接收器,用于获取来自所述相机的用于请求激活所述相机的加密消息;处理器,用于对所述加密消息进行验证,以及基于针对所述加密消息的验证结果,确定是否激活所述相机。In a sixth aspect, an embodiment of the present application provides a server, including: a message receiver for acquiring an encrypted message from the camera for requesting activation of the camera; and a processor for processing the encrypted message verifying, and determining whether to activate the camera based on a result of the verification of the encrypted message.
第七方面,本申请实施例提供了一种相机系统,包括:本申请任一实施例的相机;以及本申请任一实施例的云台。In a seventh aspect, an embodiment of the present application provides a camera system, including: a camera according to any embodiment of the present application; and a pan/tilt according to any embodiment of the present application.
第八方面,本申请实施例提供了一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得所述计算机执行本申请任一实施例的方法。In an eighth aspect, an embodiment of the present application provides a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to execute the method of any embodiment of the present application.
第九方面,本申请实施例提供了一种包含指令的计算机程序产品,当所述指令在计算机上运行时,使得所述计算机执行本申请任一实施例的方法。In a ninth aspect, an embodiment of the present application provides a computer program product including instructions, which, when the instructions are executed on a computer, cause the computer to execute the method of any one of the embodiments of the present application.
本申请实施例提供了一种用于相机的启动、激活方法及相机、云台、服务器和相机系统,采用对相机的软件系统进行加密保护的安全方案,并在验证软件系统合法、完整、没有被篡改时再启动相机,由此可以避免相机软件系统被破解,进而避免相机产品被非法复制、仿冒、拼装和组装而销售,甚 至可以避免相机产品由于规避激活、授权流程而被非法使用。The embodiments of the present application provide a method for starting and activating a camera, a camera, a PTZ, a server, and a camera system. The security solution for encrypting and protecting the software system of the camera is adopted, and the software system is verified to be legal, complete, and non-existent. Restart the camera when it is tampered with, thereby preventing the camera software system from being cracked, thereby preventing camera products from being illegally copied, counterfeited, assembled and assembled for sale, and even preventing camera products from being illegally used due to circumvention of activation and authorization processes.
附图说明Description of drawings
图1示意性示出了根据本申请实施例的用于相机的启动、激活方法的系统架构;FIG. 1 schematically shows a system architecture of a method for starting and activating a camera according to an embodiment of the present application;
图2示意性示出了根据本申请实施例的用于相机的启动方法的流程图;FIG. 2 schematically shows a flowchart of a method for starting a camera according to an embodiment of the present application;
图3示意性示出了根据本申请另一实施例的用于相机的启动方法的流程图;FIG. 3 schematically shows a flowchart of a startup method for a camera according to another embodiment of the present application;
图4示意性示出了根据本申请用于相机的启动和激活方法的原理图;FIG. 4 schematically shows a schematic diagram of a method for starting and activating a camera according to the present application;
图5示意性示出了根据本申请另一实施例的用于相机的启动方法的流程图;FIG. 5 schematically shows a flowchart of a startup method for a camera according to another embodiment of the present application;
图6示意性示出了根据本申请实施例的用于相机的激活方法的流程图;FIG. 6 schematically shows a flowchart of an activation method for a camera according to an embodiment of the present application;
图7A~图7C示意性示出了根据本申请实施例的用于相机的启动、激活方法的流程图;7A to 7C schematically show a flowchart of a method for starting and activating a camera according to an embodiment of the present application;
图8示意性示出了根据本申请实施例的相机的框图。FIG. 8 schematically shows a block diagram of a camera according to an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application.
本申请实施例提供的用于相机的启动方法和相机可以应用于任何需要启动相机的应用场景(如首次加载系统程序和应用程序而启动相机,或者程序(包括系统程序和/或应用程序)升级后首次加载程序而启动相机等)。该用于相机的启动方法在相机侧具体可以由相机执行,更具体地可以由相机的处理器执行。该用于相机的启动方法在云台侧具体可以由云台执行,更具体地可以由云台的处理器执行。The startup method for a camera and the camera provided by the embodiments of the present application can be applied to any application scenario that needs to start the camera (for example, the camera is started by loading system programs and applications for the first time, or programs (including system programs and/or application programs) are upgraded. Start the camera after the program is loaded for the first time, etc.). The startup method for the camera may be specifically performed by the camera on the camera side, and more specifically, may be performed by the processor of the camera. The starting method for the camera can be specifically executed by the PTZ on the PTZ side, and more specifically can be executed by the processor of the PTZ.
同样,本申请实施例提供的用于相机的激活方法可以应用于任何需要激活相机的应用场景(如首次启动相机后需要激活相机)。该用于相机的激活方法在服务器侧具体可以由激活服务器执行,更具体地可以由激活服务器的处理器执行。Likewise, the activation method for a camera provided by the embodiments of the present application can be applied to any application scenario where the camera needs to be activated (for example, the camera needs to be activated after starting the camera for the first time). On the server side, the activation method for the camera may be specifically executed by an activation server, and more specifically, may be executed by a processor of the activation server.
本申请实施例提供的用于相机的启动、激活方法的系统架构可以如图1所示。The system architecture of the method for starting and activating the camera provided by the embodiment of the present application may be as shown in FIG. 1 .
如图1所示,该系统架构100包括固件服务器101、安全服务器102、激活服务器103和相机系统104。其中,相机系统104包括云台1041和相机1042。As shown in FIG. 1 , the system architecture 100 includes a firmware server 101 , a security server 102 , an activation server 103 and a camera system 104 . The camera system 104 includes a pan/tilt 1041 and a camera 1042 .
具体地,固件服务器101用于为相机1042提供首次启动时所要加载的系统程序和/或应用程序等固件,以及用于为相机1042提供程序升级后再次启动时所要加载的系统程序和/或应用程序等固件。Specifically, the firmware server 101 is used to provide the camera 1042 with firmware such as system programs and/or application programs to be loaded when it is started for the first time, and to provide the camera 1042 with system programs and/or applications to be loaded when the camera 1042 starts up again after a program upgrade. firmware, etc.
安全服务器102用于生成核心秘钥,并将生成的核心秘钥注入对应型号的云台。其中,核心秘钥是相机产品的底层秘钥,用来生成功能秘钥(包括启动秘钥和激活秘钥)以便实现相机启动和激活。换言之,核心秘钥为产品级别的秘钥,每个产品类型可以共享一个核心秘钥,功能秘钥则以核心秘钥为种子,通过添加每个相机自身的信息而生成。The security server 102 is used to generate a core key, and inject the generated core key into the corresponding model of the PTZ. Among them, the core key is the bottom key of the camera product, which is used to generate the function key (including the activation key and the activation key) in order to realize the activation and activation of the camera. In other words, the core key is a product-level key, each product type can share a core key, and the function key is generated by adding the information of each camera with the core key as the seed.
激活服务器103用于接收相机1042的激活请求,并验证相机1042是否符合激活条件,进而根据验证结果向相机1042返回激活应答。The activation server 103 is configured to receive the activation request of the camera 1042, verify whether the camera 1042 meets the activation conditions, and then return an activation response to the camera 1042 according to the verification result.
云台1041用于根据核心秘钥和相机1042自身的信息,生成相机1042的启动秘钥和激活秘钥等功能秘钥。此外,云台1041还用于获取并保存相机1042的状态信息,以及接收相机1042的状态查询请求,并验证相机1042是否合法,进而根据验证结果向相机1042返回状态查询结果。The PTZ 1041 is used to generate function keys such as the activation key and the activation key of the camera 1042 according to the core key and the information of the camera 1042 itself. In addition, the PTZ 1041 is also used to acquire and save the status information of the camera 1042, and to receive the status query request of the camera 1042, to verify whether the camera 1042 is legal, and to return the status query result to the camera 1042 according to the verification result.
相机1042可以从固件服务器101处加载固件,并从云台1041处获取启动秘钥以便执行相机启动操作。此外,相机1042还可以从云台1041处获取激活秘钥并向激活服务器103发送激活请求以便执行相机激活操作。The camera 1042 can load the firmware from the firmware server 101 and obtain the activation key from the PTZ 1041 to perform the camera activation operation. In addition, the camera 1042 can also obtain an activation key from the PTZ 1041 and send an activation request to the activation server 103 to perform a camera activation operation.
需要说明的是,图1仅为适于本申请实施例的系统架构的示意图,并不对系统架构的拓扑作限定。It should be noted that FIG. 1 is only a schematic diagram of a system architecture suitable for this embodiment of the present application, and does not limit the topology of the system architecture.
本申请实施例提供的用于相机的启动方法,可以采用对相机的软件系统进行加密保护的安全方案,并在验证软件系统合法、完整、没有被篡改时再启动相机,由此可以避免相机软件系统被轻易破解,进而避免相机产品被轻易非法复制、仿冒、拼装和组装而销售,甚至可以避免相机产品由于规避激活、授权流程而被非法使用。The startup method for a camera provided by the embodiment of the present application can adopt a security scheme for encrypting and protect the software system of the camera, and start the camera after verifying that the software system is legal, complete, and has not been tampered with, thereby avoiding camera software The system can be easily cracked, thereby preventing camera products from being easily and illegally copied, counterfeited, assembled and assembled for sale, and even prevent camera products from being illegally used by circumventing the activation and authorization process.
需要说明的是,本申请实施例提供的用于相机的启动、激活方法,可以用于对各类相机产品进行安全启动和激活认证,以便相机产品可以正常运行。It should be noted that the startup and activation methods for cameras provided in the embodiments of the present application can be used to perform secure startup and activation authentication for various types of camera products, so that the camera products can operate normally.
此外,需要说明的是,本申请实施例提供的用于相机的启动、激活方法, 可以应用于相机领域,以及具有相机功能的电子设备等领域。具体地,在本申请实施例中,相机可以是任何可以捕捉和记录影像的电子设备,本申请在此不做限定。In addition, it should be noted that the startup and activation methods for cameras provided by the embodiments of the present application can be applied to the field of cameras, electronic devices with camera functions, and other fields. Specifically, in this embodiment of the present application, the camera may be any electronic device that can capture and record images, which is not limited in this application.
下面结合附图,对本申请实施例的一些实施方式作详细说明。在不冲突的情况下,下述的实施例及实施例中的特征可以相互组合。Some implementations of the embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and features in the embodiments may be combined with each other without conflict.
本申请实施例提供了一种用于相机的启动方法,应用于相机侧。The embodiment of the present application provides a startup method for a camera, which is applied to the camera side.
图2示意性示出了根据本申请实施例的用于相机的启动方法的流程图,本实施例的执行主体可以为相机,具体可以为相机的处理器。如图2所示,本实施例的方法例如可以首次启动相机中的目标程序的场景,也可以用于程序升级后首次启动相机中的目标程序的场景,且该方法例如可以包括操作S210至操作S260。FIG. 2 schematically shows a flowchart of a method for starting a camera according to an embodiment of the present application. The execution body of this embodiment may be a camera, and specifically may be a processor of the camera. As shown in FIG. 2 , the method of this embodiment can be used, for example, in the scenario of starting the target program in the camera for the first time, or in the scenario of starting the target program in the camera for the first time after the program is upgraded, and the method can include, for example, operation S210 to operation S260.
操作S210,加载相机的至少一个目标程序的密文,其中,至少一个目标程序包括系统程序和应用程序中的至少一种。In operation S210, the ciphertext of at least one target program of the camera is loaded, wherein the at least one target program includes at least one of a system program and an application program.
操作S220,获取至少一个第一功能秘钥。In operation S220, at least one first function key is obtained.
操作S230,利用至少一个第一功能秘钥将至少一个目标程序的密文转换为至少一个目标程序的明文。In operation S230, the ciphertext of the at least one target program is converted into the plaintext of the at least one target program by using the at least one first function key.
操作S240,针对每个目标程序,执行以下操作S250和S260。Operation S240, for each target program, the following operations S250 and S260 are performed.
操作S250,基于目标程序的明文验证该目标程序是否符合程序启动条件。In operation S250, it is verified whether the target program meets the program startup condition based on the plaintext of the target program.
操作S260,响应于验证结果表征该目标程序符合程序启动条件,启动该目标程序。In operation S260, the target program is started in response to the verification result indicating that the target program meets the program start condition.
与相关技术中的相机没有关于软件系统的安全方案相比,本申请实施例增加了关于相机软件系统的安全方案。具体地,可以将相机软件系统中的部分或者全部加密后存储在如图1所示的固件服务器101中,以便相机加载时使用。Compared with the camera in the related art without the security solution related to the software system, the embodiment of the present application adds a security solution related to the software system of the camera. Specifically, part or all of the camera software system can be encrypted and stored in the firmware server 101 as shown in FIG. 1 , so that the camera can be used when loading.
显然,在本申请实施例中,通过对相机软件系统加密,可以防止相机软件系统被轻易破解,进而可以避免相机软件系统被复制、被篡改、被替换,由此可以避免仿冒、拼装和组装的相机产品由于能规避激活、授权流程而被非法销售和使用。Obviously, in the embodiment of the present application, by encrypting the camera software system, the camera software system can be prevented from being easily cracked, thereby preventing the camera software system from being copied, tampered, and replaced, thereby avoiding counterfeiting, assembly, and assembly. Camera products are illegally sold and used because they circumvent the activation and authorization process.
具体地,在操作S210,为了保障相机软件系统安全,对相机软件系统加密时,可以采用以下方案:方案1,可以仅加密系统程序;或者,方案2,可以仅加密应用程序(包括加密全部或者部分应用程序);或者,方案3,可以 同时加密系统程序和应用程序(包括加密全部或者部分应用程序)。Specifically, in operation S210, in order to ensure the security of the camera software system, when encrypting the camera software system, the following schemes may be adopted: scheme 1, only the system program may be encrypted; or, scheme 2, only the application program (including encrypting all or Part of the application program); or, scheme 3, the system program and the application program can be encrypted at the same time (including encryption of all or part of the application program).
对应地,在启动相机时,对于方案1,可以仅在启动相机的系统程序时执行操作S210至操作S260;对于方案2,可以先启动相机的系统程序,并在仅启动相机的涉及加密的应用程序时执行操作S210至操作S260;对于方案3,可以先启动相机的系统程序,再启动相机的应用程序,并在启动相机的系统程序和涉及加密的应用程序时执行操作S210至操作S260。Correspondingly, when starting the camera, for scheme 1, operations S210 to S260 may be performed only when the system program of the camera is started; for scheme 2, the system program of the camera may be started first, and only the applications involving encryption of the camera are started. During the program, operations S210 to S260 are performed; for scheme 3, the camera system program can be started first, and then the camera application program, and operations S210 to S260 are performed when the camera system program and the encryption-related application program are started.
可以理解,相比之下,采用方案3的相机,软件系统被破解的难度更高,因而安全性更高。采用方案1或方案2的相机,软件系统被破解的难度比方案3稍低,因而安全性稍低。在不同的实施例中,可根据安全性等实际需求来设置方案,本申请在此不做限定。It can be understood that, in contrast, with the camera of solution 3, the software system is more difficult to be cracked, and thus the security is higher. Using the camera of solution 1 or solution 2, the software system is slightly less difficult to crack than solution 3, so the security is slightly lower. In different embodiments, the solution may be set according to actual requirements such as security, which is not limited in this application.
具体地,在本申请实施例中,在操作S220,例如可以从与相机关联的云台获取至少一个第一功能秘钥。可以理解,在本申请实施例中,与相机关联的云台与相机本身是在一个相机系统中的。例如,返回参考图1,与相机1042关联的云台为云台1041,其中相机1042和云台1041都属于相机系统104。Specifically, in this embodiment of the present application, in operation S220, for example, at least one first function key may be obtained from a pan/tilt associated with the camera. It can be understood that in this embodiment of the present application, the pan/tilt associated with the camera and the camera itself are in a camera system. For example, referring back to FIG. 1 , the gimbal associated with camera 1042 is gimbal 1041 , where both camera 1042 and gimbal 1041 belong to camera system 104 .
在一个实施例中,对于同一个相机而言,被加密的系统程序和所有被加密的应用程序,可以共享一个启动秘钥(第一功能秘钥)来解密并启动。In one embodiment, for the same camera, the encrypted system program and all encrypted application programs can share a startup key (the first function key) to decrypt and activate.
或者,在另一个实施例中,对于同一个相机而言,被加密的系统程序和所有被加密的应用程序中的部分程序可以共享一个启动秘钥(第一功能秘钥)来解密并启动,而剩余程序中的每个则可以各自独享一个启动秘钥(第一功能秘钥)来解密并启动。Or, in another embodiment, for the same camera, the encrypted system program and some programs in all encrypted application programs may share a startup key (the first function key) to decrypt and activate, And each of the remaining programs can individually share an activation key (the first function key) to decrypt and activate.
或者,在另一个实施例中,对于同一个相机而言,其中每一个程序(包括被加密的系统程序和所有被加密的应用程序)都可以各自独享一个启动秘钥(第一功能秘钥)来解密并启动。Or, in another embodiment, for the same camera, each of the programs (including the encrypted system program and all encrypted application programs) can each have an exclusive activation key (the first function key) ) to decrypt and start.
可以理解,对于同一相机而言,其软件程序使用的启动秘钥(第一功能秘钥)的数量越多,则其软件程序被破解的难度越大,其安全性能越高;反之则反之。It can be understood that for the same camera, the greater the number of activation keys (first function keys) used by its software program, the more difficult the software program is to be cracked, and the higher its security performance; and vice versa.
具体地,在本申请实施例中,为了最大程度的提高相机软件系统的安全性,例如可以通过安全服务器为每个产品型号生成一个核心秘钥,使得一个产品型号下的所有相机产品可以共享一个核心秘钥。云台例如可以基于与其所在的相机系统内的相机的产品型号对应的核心秘钥,并基于该相机自身的信息为其每个功能软件(目标程序)单独生成一个秘钥(第一功能秘钥), 从而实现“一机一功能一秘钥”。因此,作为一种优选实施例,不同的功能秘钥可以对应于不同的目标程序,从而实现“一机一功能一秘钥”,以便最大程度地保障相机能够安全启动。Specifically, in this embodiment of the present application, in order to maximize the security of the camera software system, for example, a security server can generate a core key for each product model, so that all camera products under one product model can share one core key. For example, the PTZ can generate a key (the first function key) for each function software (target program) based on the core key corresponding to the product model of the camera in the camera system, and based on the camera's own information. ), so as to realize "one machine, one function and one secret key". Therefore, as a preferred embodiment, different function keys can correspond to different target programs, so as to realize "one machine, one function, one key", so as to ensure the safe startup of the camera to the greatest extent.
可以理解,在本申请实施例中,相机的所有软件程序可以共享一个第一功能秘钥进行加密,只是这种方案安全性不是很高,相当于一个第一功能秘钥被破解意味着所有的软件程序可能都不再安全。相比之下“一机一功能一秘钥”是更优的解决方案。It can be understood that, in this embodiment of the present application, all software programs of the camera can share a first function key for encryption, but this solution is not very secure, which is equivalent to a first function key being cracked means that all Software programs may no longer be safe. In contrast, "one machine, one function, one key" is a better solution.
此外,具体地,在本申请实施例中,在操作S220,为了防止第一功能秘钥在传输过程中被泄露或者被劫取,还可以先对用于传输第一功能秘钥的信道进行加密,再通过加密信道从与相机关联的云台获取至少一个第一功能秘钥。In addition, specifically, in the embodiment of the present application, in operation S220, in order to prevent the first function key from being leaked or hijacked during the transmission process, the channel for transmitting the first function key may also be encrypted first. , and then obtain at least one first function key from the PTZ associated with the camera through an encrypted channel.
此外,在本申请实施例中,为了防止第一功能秘钥被轻易破解,云台还可以通过加密算法基于对应的核心秘钥和相机自身的信息来生成加密功能秘钥。In addition, in this embodiment of the present application, in order to prevent the first function key from being easily cracked, the PTZ can also generate an encryption function key based on the corresponding core key and the camera's own information through an encryption algorithm.
具体地,在操作S220,相机可以从云台获取至少一个加密功能秘钥,其中,至少一个加密功能秘钥为对前述的至少一个第一功能秘钥中的至少之一进行加密而得到的秘钥。换言之,在本申请实施例中,可以加密所有的第一功能秘钥,也可以仅加密部分第一功能秘钥。相比之下,加密所有的第一功能秘钥则安全性更高。Specifically, in operation S220, the camera may obtain at least one encryption function key from the PTZ, wherein the at least one encryption function key is a key obtained by encrypting at least one of the aforementioned at least one first function key key. In other words, in this embodiment of the present application, all the first function keys may be encrypted, or only part of the first function keys may be encrypted. In contrast, encrypting all the first function keys is more secure.
此外,在本申请实施例中,云台在生成第一功能秘钥后,可以将其存储在内存中。由此,在操作S220,相机可以从与该相机关联的云台的内存中获取至少一个第一功能秘钥。由于内存中存储的信息是掉电易失的,并且任何第三方都无法读取云台内存中的信息,因此通过本申请实施例,可以防止第一功能秘钥泄漏。In addition, in this embodiment of the present application, after the PTZ generates the first function key, it can be stored in the memory. Thus, in operation S220, the camera may acquire at least one first function key from the memory of the gimbal associated with the camera. Since the information stored in the memory is volatile after power failure, and any third party cannot read the information in the memory of the PTZ, the embodiment of the present application can prevent the leakage of the first function key.
在本申请的一个实施例中,在操作S210和操作S220之后,可以先执行操作S230利用每个启动秘钥(第一功能秘钥)对对应的系统软件的密文进行解密,再执行操作S250基于解密后得到的软件程序明文验证能否启动相机,由此可以实现相机系统软件的安全启动。In an embodiment of the present application, after operation S210 and operation S220, operation S230 may be performed first to decrypt the ciphertext of the corresponding system software by using each startup key (first function key), and then operation S250 may be performed Whether the camera can be started is verified based on the plaintext of the software program obtained after decryption, so that the safe start of the camera system software can be realized.
需要说明的是,正常情况下,发布到固件服务器上的相机软件系统都是合法的、未被第三方恶意篡改和替换的软件。基于此,在操作S250,可以基于目标程序的明文验证该目标程序是否合法、是否未被第三方恶意篡改和替 换等。而在验证结果表明该目标程序是合法的、且是未被第三方恶意篡改和替换后,再执行操作S260,即启动并运行该目标程序,该方法可以拦截非法、篡改后的软件进入相机主控系统运行。It should be noted that under normal circumstances, the camera software systems released to the firmware server are legal software that has not been maliciously tampered or replaced by third parties. Based on this, in operation S250, it can be verified based on the plaintext of the target program whether the target program is legal, whether it has not been maliciously tampered or replaced by a third party, and the like. After the verification result shows that the target program is legal and has not been maliciously tampered or replaced by a third party, operation S260 is performed, that is, the target program is started and run. This method can intercept illegal and tampered software from entering the camera main body. control system operation.
作为一种可选的实施例,该方法还可以包括:针对所有的目标程序,先验证能否启动系统程序,再在启动系统程序后验证能否启动应用程序。As an optional embodiment, the method may further include: for all target programs, first verifying whether the system program can be started, and then verifying whether the application program can be started after the system program is started.
具体地,如图3所示,该方法例如可以包括如下操作。Specifically, as shown in FIG. 3 , the method may include the following operations, for example.
操作S310,加载相机的系统程序的密文。In operation S310, the ciphertext of the system program of the camera is loaded.
操作S320,获取用于解密系统程序的密文的第一功能秘钥。In operation S320, a first function key for decrypting the ciphertext of the system program is obtained.
操作S330,利用该第一功能秘钥将该系统程序的密文转换为对应的明文。In operation S330, the ciphertext of the system program is converted into corresponding plaintext by using the first function key.
操作S340,基于系统程序的明文验证该系统程序是否符合程序启动条件。In operation S340, based on the plaintext of the system program, it is verified whether the system program complies with the program startup condition.
操作S350,响应于验证结果表征该系统程序符合程序启动条件,启动该系统程序。In operation S350, in response to the verification result indicating that the system program meets the program startup condition, the system program is started.
操作S360,响应于该系统程序启动后,循环执行以下操作S370至操作S3110以便依次启动该相机中的加密应用程序。In operation S360, in response to the system program being started, the following operations S370 to S3110 are cyclically performed to sequentially start the encryption application program in the camera.
操作S370,加载相机的一应用程序的密文。In operation S370, the ciphertext of an application program of the camera is loaded.
操作S380,获取用于解密该应用程序的密文的第一功能秘钥。In operation S380, a first function key for decrypting the ciphertext of the application is obtained.
操作S390,利用该第一功能秘钥将该应用程序的密文转换为对应的明文。In operation S390, the ciphertext of the application is converted into corresponding plaintext by using the first function key.
操作S3100,基于该应用程序的明文验证该应用程序是否符合程序启动条件。Operation S3100, based on the plaintext of the application program, verify whether the application program meets the program startup condition.
操作S3110,响应于验证结果表征该应用程序符合程序启动条件,启动该应用程序。In operation S3110, in response to the verification result indicating that the application complies with the program startup condition, the application is started.
可以理解,上述系统程序和应用程序均可以是一个或多个,本申请在此不做限定。It can be understood that there may be one or more of the above system programs and application programs, which are not limited in this application.
作为一种可选的实施例,该方法还可以包括:响应于应用程序的启动,基于第二功能秘钥向激活服务器发送第一加密消息,以请求激活相机。As an optional embodiment, the method may further include: in response to the startup of the application, sending a first encrypted message to the activation server based on the second function key, so as to request to activate the camera.
图4示意性示出了根据本申请用于相机的启动和激活方法的原理图。如图4所示,该方法的实现原理例如可以如下:安全服务器402先生产一核心秘钥,并通过加密信道将其注入相机系统404中的云台4041。云台4041接收到来自安全服务器402的核心秘钥后,可以先通过加密通信算法对该核心秘钥进行处理,再发送至安全存储模块进行存储,待到需要启动相机系统404中的相机4042时或者在这之前,从安全存储模块读取该核心秘钥,并通过秘钥生成算法对该 核心秘钥进行处理,以生成至少一个第一功能秘钥和第二功能秘钥,并在将功能秘钥(包括至少一个第一功能秘钥和第二功能秘钥)发送至相机4042之前先通过加密通信算法对这些功能秘钥进行加密处理,再通过加密信道发送至相机4042。相机4042接收到来自云台4041的加密功能秘钥后,先进行加密功能秘钥的解密处理,再通过解密后的功能秘钥验证系统软件是否能够正常启动,响应于系统软件的验证通过,正常启动系统软件;再验证各应用软件是否能够正常启动,响应于应用软件的验证通过,例如,可以启动相机激活流程。在激活相机时,相机4042通过加密激活算法基于第二功能秘钥向激活服务器403发送第一加密消息,以请求激活相机,并接收来自激活服务器403的激活应答,进而基于该激活应答确定是否激活相机。FIG. 4 schematically shows a schematic diagram of a method for starting and activating a camera according to the present application. As shown in FIG. 4 , the implementation principle of this method can be, for example, as follows: the security server 402 first generates a core key, and injects it into the pan/tilt 4041 in the camera system 404 through an encrypted channel. After the PTZ 4041 receives the core key from the security server 402, it can first process the core key through an encrypted communication algorithm, and then send it to the security storage module for storage. When the camera 4042 in the camera system 404 needs to be activated Or before this, the core key is read from the secure storage module, and the core key is processed through a key generation algorithm to generate at least one first function key and second function key, and the function Before the secret keys (including at least one first function key and the second function key) are sent to the camera 4042, these function keys are encrypted through an encrypted communication algorithm, and then sent to the camera 4042 through an encrypted channel. After the camera 4042 receives the encryption function key from the PTZ 4041, it first decrypts the encryption function key, and then verifies whether the system software can be started normally through the decrypted function key. In response to the verification of the system software, it is normal. Start the system software; then verify whether each application software can be started normally, and in response to the verification of the application software passing, for example, the camera activation process can be started. When activating the camera, the camera 4042 sends a first encrypted message to the activation server 403 based on the second function key through an encrypted activation algorithm to request activation of the camera, and receives an activation response from the activation server 403, and then determines whether to activate based on the activation response camera.
在本申请实施例中,为了阻止非法组装、拼装的相机产品被正常销售、正常使用,可以使相机产品和激活服务器组成安全的激活系统,用户手中的相机产品需要经过激活、认证才可以正常使用。In the embodiment of the present application, in order to prevent illegally assembled and assembled camera products from being sold and used normally, the camera product and the activation server can be formed into a safe activation system, and the camera product in the user's hand needs to be activated and authenticated before it can be used normally. .
通过本申请实施例,对相机激活请求进行加密,可以实现相机安全激活,防止激活算法被破解,并防止非法组装、拼装的相机绕过激活流程而正常销售和使用。By encrypting the camera activation request through the embodiments of the present application, the camera can be activated safely, preventing the activation algorithm from being cracked, and preventing illegally assembled and assembled cameras from bypassing the activation process and being sold and used normally.
作为一种可选的实施例,为了防止激活请求在传输中泄露,例如可以通过加密信道向激活服务器发送第一加密消息。As an optional embodiment, in order to prevent the activation request from being leaked during transmission, for example, the first encrypted message may be sent to the activation server through an encrypted channel.
可以理解,相机激活请求中携带的信息可以被用来做秘钥猜测,因此,一旦相机激活请求被泄露,则激活秘钥被破解的机率会变高。作为一个安全系统,泄露出去的明文信息越少,整个系统的安全性越高,被破解的可能性越低。基于上述考虑,在本申请实施例中,使用加密信道传输第一加密消息。It can be understood that the information carried in the camera activation request can be used for secret key guessing. Therefore, once the camera activation request is leaked, the probability of the activation key being cracked will increase. As a security system, the less plaintext information is leaked, the higher the security of the entire system and the lower the possibility of being cracked. Based on the above considerations, in this embodiment of the present application, an encrypted channel is used to transmit the first encrypted message.
作为一种可选的实施例,该方法例如还可以包括:在向激活服务器发送第一加密消息之前,向与相机相关联的云台和/或向相机内部的控制装置发送第二加密消息,以请求查询相机的状态,其中,当查询结果表征相机尚未被激活时,启动相机的激活流程。As an optional embodiment, for example, the method may further include: before sending the first encrypted message to the activation server, sending a second encrypted message to the pan/tilt associated with the camera and/or to a control device inside the camera, In order to request to query the status of the camera, when the query result indicates that the camera has not been activated, the activation process of the camera is started.
具体地,在本申请中,作为一个实施例,可以将相机的状态信息单独存储在云台的固化存储器中。或者,作为另一个实施例,可以将相机的状态信息单独存储在与云台具有相同算力和安全存储能力的相机内部部件(控制装置)中。或者,作为另一个实施例,可以将相机的状态信息存储在云台和与云台具有相同算力和安全存储能力的相机内部部件(控制装置)中。例如, 上述控制装置可以包括但不限于镜头控制器、电池控制器,LCD驱动控制器中的至少之一。Specifically, in the present application, as an embodiment, the state information of the camera may be separately stored in the solidified memory of the PTZ. Or, as another embodiment, the state information of the camera may be separately stored in the camera's internal component (control device) that has the same computing power and safe storage capability as the PTZ. Or, as another embodiment, the state information of the camera may be stored in the gimbal and the camera internal component (control device) having the same computing power and safe storage capability as the gimbal. For example, the above-mentioned control device may include, but is not limited to, at least one of a lens controller, a battery controller, and an LCD drive controller.
在本申请的实施例中,可以做如下设置,即每个相机产品仅可以执行一次激活操作。具体地,可以在首次启动相机的过程中执行激活操作,而在其他情况下不执行激活操作。由此可以先查询相机当前是否处于尚未被激活的状态,如果相机尚未被激活,则启动相机激活流程。In the embodiment of the present application, the following settings can be made, that is, each camera product can only perform an activation operation once. Specifically, the activation operation may be performed in the process of starting the camera for the first time, and the activation operation may not be performed in other cases. In this way, it is possible to first query whether the camera is currently in a state that has not been activated, and if the camera has not been activated, start the camera activation process.
可以理解,对状态查询请求进行加密,也可以实现相机的安全激活,能够防止非法组装或拼装的相机被正常销售和使用。It can be understood that encrypting the status query request can also realize the safe activation of the camera, which can prevent illegally assembled or assembled cameras from being sold and used normally.
作为一种可选的实施例,可以通过加密信道向云台发送第二加密消息,以防止状态查询请求在传输中泄露。As an optional embodiment, the second encrypted message may be sent to the PTZ through an encrypted channel to prevent the status query request from being leaked during transmission.
作为一种可选的实施例,可以通过加密信道从云台获取查询结果,以防止状态查询结果在传输中泄露。As an optional embodiment, the query result may be obtained from the PTZ through an encrypted channel to prevent the status query result from being leaked during transmission.
可以理解,如果单台相机和云台之间在传输信息如状态查询请求、状态查询结果、各种功能秘钥(如启动秘钥和激活秘钥)等时发生泄露,则会直接导致该相机的激活、安全启动等功能秘钥被泄露,而安全启动以及激活等功能秘钥一旦被泄露,其他非法相机产品就可以伪装成该相机进行伪装激活、或者跳过激活、跳过安全启动,甚至加密固件被解密破解。因此,通过加密信道在相机和云台之间传输信息提高了相机启动、激活的安全性。It is understandable that if the information such as status query request, status query result, various function keys (such as startup key and activation key) are leaked when transmitting information between a single camera and the gimbal, it will directly cause the camera to leak. Activation, secure boot and other function keys are leaked, and once the function keys such as secure boot and activation are leaked, other illegal camera products can disguise as the camera for disguised activation, or skip activation, skip secure boot, or even The encrypted firmware is decrypted and cracked. Therefore, the security of camera startup and activation is improved by transmitting information between the camera and the gimbal through an encrypted channel.
本申请实施例还提供了另一种用于相机的启动方法,应用于云台侧。The embodiment of the present application also provides another startup method for a camera, which is applied to the PTZ side.
图5示意性示出了根据本申请另一实施例的用于相机的启动方法的流程图。本实施例的执行主体可以为云台,具体可以为云台的处理器。如图5所示,本实施例的方法例如可以首次启动相机中的目标程序的场景,也可以用于程序升级后首次启动相机中的目标程序的场景,且该方法例如可以包括操作S510和操作S520。FIG. 5 schematically shows a flowchart of a startup method for a camera according to another embodiment of the present application. The execution body of this embodiment may be a PTZ, specifically a processor of the PTZ. As shown in FIG. 5 , the method of this embodiment can be used, for example, in the scenario of starting the target program in the camera for the first time, or in the scenario of starting the target program in the camera for the first time after the program is upgraded, and the method can include, for example, operation S510 and operation S520.
在操作S510,生成并存储至少一个第一功能秘钥。In operation S510, at least one first function key is generated and stored.
在操作S520,向相机发送至少一个第一功能秘钥,以便相机基于至少一个第一功能秘钥执行相机启动操作。In operation S520, at least one first function key is sent to the camera, so that the camera performs a camera startup operation based on the at least one first function key.
如本申请前述实施例所述,可以通过对相机软件系统加密,防止相机软件系统被轻易破解,进而避免相机软件系统被复制、被篡改、被替换,由此可以避免仿冒、拼装和组装的相机产品由于能规避激活、授权流程而被非法销售和使用。As described in the foregoing embodiments of the present application, the camera software system can be encrypted to prevent the camera software system from being easily cracked, thereby preventing the camera software system from being copied, tampered with, and being replaced, thereby avoiding counterfeit, assembled and assembled cameras. Products are illegally sold and used because they circumvent the activation and authorization process.
可以理解,复制是指相机的固件明文被复制。如果固件明文被复制,则可以直接绕开安全启动功能而启动相机,甚至明文固件可以被用来反编译、破解,直接破解掉整个相机的安全系统,那么安全启动和激活就完全没有意义了。所以相机的软件系统(固件)是要加密存储的。但是,在启动相机时却需要基于明文固件验证并执行启动操作。It can be understood that copying means that the firmware of the camera is copied in plaintext. If the firmware plaintext is copied, the camera can be started directly bypassing the secure boot function, and even the plaintext firmware can be used to decompile, crack, and directly crack the security system of the entire camera, then secure boot and activation are completely meaningless. So the camera's software system (firmware) is encrypted and stored. However, when booting the camera, it needs to authenticate and perform boot operations based on the clear text firmware.
基于此,在本申请实施例中,可以通过云台生成并存储至少一个用于解密固件密文的第一功能秘钥,并在相机启动时,向相机提供对应的第一功能秘钥。Based on this, in the embodiment of the present application, at least one first function key for decrypting the firmware ciphertext can be generated and stored by the PTZ, and the camera is provided with the corresponding first function key when the camera is started.
需要说明的是,在本申请实施例中,云台生成并保存第一功能秘钥的方案与前述实施例中描述的相同或类似,在此不再赘述。It should be noted that, in the embodiment of the present application, the solution for generating and saving the first function key by the PTZ is the same as or similar to that described in the foregoing embodiment, and details are not repeated here.
通过本公开实施例,可以通过云台集成用于对明文固件加密以及对密文固件解密的安全算法并形成安全中心,无需额外添加专门安全芯片。并且,该安全算法可以通过自主、可定制、可灵活替换的安全技术实现,从而实现更高的安全性。自主、可定制、可灵活替换的相机安全启动和激活方案,可以适应外部环境变化,提升破解难度,因而可以提升相机软件系统、相机产品的安全等级,并且可以提升相机产品安全方案的灵活度。Through the embodiments of the present disclosure, a security algorithm for encrypting plaintext firmware and decrypting ciphertext firmware can be integrated through the PTZ to form a security center, without adding a special security chip. Moreover, the security algorithm can be implemented through autonomous, customizable, and flexibly replaceable security technologies, thereby achieving higher security. The autonomous, customizable, and flexibly replaceable camera security startup and activation solution can adapt to changes in the external environment and improve the difficulty of cracking, thus improving the security level of camera software systems and camera products, and improving the flexibility of camera product security solutions.
例如,将功能秘钥存储在云台,可以灵活调整加密方案,应对变化的外部环境。可以理解,例如如果出现了更好、更安全、性能消耗更低的加密算法,则可以灵活替换本申请使用的加密算法,即利用新的加密算法生成新的固件密文给相机升级即可实现灵活调整加密方案的目的。For example, by storing the function key in the PTZ, the encryption scheme can be flexibly adjusted to cope with the changing external environment. It can be understood that, for example, if a better, more secure, and lower performance-consuming encryption algorithm appears, the encryption algorithm used in this application can be flexibly replaced, that is, the new encryption algorithm is used to generate a new firmware ciphertext to upgrade the camera. Flexibility to adjust the purpose of the encryption scheme.
此外,需要说明的是,在本申请实施例中,云台中可以集成安全存储功能、各种功能秘钥导出算法、加密通信算法,以便实现破解难度极高的硬件安全中心,以用于:存储核心秘钥,确保核心秘钥不会被破解;导出安全启动秘钥、激活秘钥等功能秘钥,确保功能秘钥不会流出安全中心,同时确保各种功能秘钥导出算法难以被破解。另外,通过加密通道传递安全启动秘钥、激活秘钥等功能秘钥,确保功能秘钥不会在传输过程中泄露。并且,对应地,在相机侧也集成加密通信算法、加密信息验证算法,用于:与安全中心通过加密通信进行安全启动秘钥和激活秘钥的传递。In addition, it should be noted that, in the embodiment of the present application, a security storage function, various function key derivation algorithms, and encrypted communication algorithms can be integrated in the PTZ, so as to realize a hardware security center with extremely high cracking difficulty, which is used for: storage The core secret key ensures that the core secret key will not be cracked; the function secret key such as the secure startup key and the activation secret key is exported to ensure that the function secret key will not flow out of the security center, and at the same time to ensure that various function secret key export algorithms are difficult to crack. In addition, function keys such as secure startup keys and activation keys are transmitted through encrypted channels to ensure that the function keys will not be leaked during transmission. In addition, correspondingly, an encrypted communication algorithm and an encrypted information verification algorithm are also integrated on the camera side, which are used to transmit the secure activation key and the activation key with the security center through encrypted communication.
作为一种可选的实施例,该方法例如还可以包括:对至少一个第一功能秘钥中的至少之一进行加密,以生成并存储加密后的功能秘钥。As an optional embodiment, for example, the method may further include: encrypting at least one of the at least one first function key to generate and store the encrypted function key.
具体地,云台可以通过加密通信算法对部分或者全部第一功能秘钥进行 加密,并且云台可以通过安全存储功能存储第一功能秘钥,由此可以提升破解难度,进而可以提升相机软件系统、相机产品的安全等级。Specifically, the gimbal can encrypt part or all of the first function key through an encrypted communication algorithm, and the gimbal can store the first function key through a secure storage function, which can improve the difficulty of cracking and further improve the camera software system , The safety level of camera products.
作为一种可选的实施例,向相机发送至少一个第一功能秘钥例如可以包括:通过加密信道向相机发送加密后的功能秘钥,以防加密后的功能秘钥在传输中泄露。As an optional embodiment, sending the at least one first function key to the camera may include, for example, sending the encrypted function key to the camera through an encrypted channel to prevent the encrypted function key from being leaked during transmission.
作为一种可选的实施例,通过加密信道向相机发送加密后的功能秘钥例如可以包括:获取来自相机的用于请求获取加密后的功能秘钥的第一加密消息;对第一加密消息进行验证;以及响应于第一加密消息验证通过,通过加密信道向相机发送加密后的功能秘钥。由此可以防止功能秘钥被非法劫取。As an optional embodiment, sending the encrypted function key to the camera through an encrypted channel may include, for example: obtaining a first encrypted message from the camera for requesting to obtain the encrypted function key; performing verification; and sending the encrypted function key to the camera through an encrypted channel in response to the first encrypted message passing the verification. As a result, the function key can be prevented from being illegally hijacked.
作为一种可选的实施例,该方法例如还可以包括:获取并存储针对相机的状态信息;获取来自相机的用于请求查询相机状态的第二加密消息;对第二加密消息进行验证;以及响应于第二加密消息验证通过,向相机发送状态信息,以便相机确定是否启动相机激活流程。可以理解,通过验证可以防止相机状态被非法窃取,进而防止非法组装的相机被正常激活或者绕过激活流程而正常使用。As an optional embodiment, the method may further include, for example: acquiring and storing status information for the camera; acquiring a second encrypted message from the camera for requesting to query the camera status; verifying the second encrypted message; and In response to passing the verification of the second encrypted message, status information is sent to the camera, so that the camera can determine whether to start the camera activation process. It can be understood that the verification can prevent the camera state from being illegally stolen, thereby preventing the illegally assembled camera from being normally activated or bypassing the activation process and being used normally.
作为一种可选的实施例,向相机发送状态信息例如可以包括:通过加密信道向相机发送状态信息,以防止相机状态被非法截获。As an optional embodiment, sending the status information to the camera may include, for example, sending the status information to the camera through an encrypted channel, so as to prevent the camera status from being illegally intercepted.
作为一种可选的实施例,在与相机相关联的云台的存储器中存储状态信息。由于存储器可以固化存储信息,由此可以防止相机的状态信息掉电丢失。As an optional embodiment, the state information is stored in the memory of the pan/tilt associated with the camera. Since the memory can solidify the stored information, the state information of the camera can be prevented from being lost after power failure.
作为一种可选的实施例,在与相机相关联的云台的内存中存储至少一个第一功能秘钥。As an optional embodiment, at least one first function key is stored in the memory of the PTZ associated with the camera.
具体地,在本申请实施例中,云台在生成第一功能秘钥后,可以将其存储在内存中。由此,相机可以从与该相机关联的云台的内存中获取至少一个第一功能秘钥。由于内存中存储的信息是掉电易失的,并且任何第三方都无法读取云台内存中的信息,因此通过本申请实施例,可以防止第一功能秘钥泄漏。Specifically, in this embodiment of the present application, after the PTZ generates the first function key, it can be stored in the memory. Thus, the camera can obtain at least one first function key from the memory of the gimbal associated with the camera. Since the information stored in the memory is volatile after power failure, and any third party cannot read the information in the memory of the PTZ, the embodiment of the present application can prevent the leakage of the first function key.
本申请实施例还提供了一种用于相机的激活方法,应用于激活服务器侧。The embodiment of the present application also provides an activation method for a camera, which is applied to the activation server side.
图6示意性示出了根据本申请实施例的用于相机的激活方法的流程图。本实施例的执行主体可以为激活服务器,具体可以为激活服务器的处理器。如图6所示,本实施例的方法例如可以首次启动相机中的目标程序的场景,且该方法例如可以包括操作S610至操作S630。FIG. 6 schematically shows a flowchart of an activation method for a camera according to an embodiment of the present application. The execution body of this embodiment may be an activation server, and specifically may be a processor of the activation server. As shown in FIG. 6 , the method of this embodiment may, for example, start the scene of the target program in the camera for the first time, and the method may include, for example, operations S610 to S630 .
在操作S610,获取来自相机的用于请求激活相机的加密消息。In operation S610, an encrypted message from the camera for requesting activation of the camera is obtained.
在操作S620,对加密消息进行验证。In operation S620, the encrypted message is authenticated.
在操作S630,基于针对加密消息的验证结果,确定是否激活相机。In operation S630, it is determined whether to activate the camera based on the verification result with respect to the encrypted message.
具体地,在操作S620,可以验证相机的身份是否合法、以及加密消息是否合法。在验证通过后,向相机返回允许激活的应答报文。在验证没有通过时,向相机拒绝激活的应答报文。Specifically, in operation S620, it may be verified whether the identity of the camera is legal and whether the encrypted message is legal. After the verification is passed, a response message that allows activation is returned to the camera. If the verification fails, reject the active response message to the camera.
通过本申请实施例,响应于相机的应用程序的启动,可以使用集成的加密激活算法和激活服务通信以完成相机的加密激活过程。Through the embodiments of the present application, in response to the startup of the application program of the camera, the integrated encryption activation algorithm can be used to communicate with the activation service to complete the encryption activation process of the camera.
在本申请实施例中,为了阻止非法组装、拼装的相机产品被正常销售、正常使用,可以使相机产品和激活服务器组成安全的激活系统,用户手中的相机产品需要经过激活、认证才可以正常使用。In the embodiment of the present application, in order to prevent illegally assembled and assembled camera products from being sold and used normally, the camera product and the activation server can be formed into a safe activation system, and the camera product in the user's hand needs to be activated and authenticated before it can be used normally. .
通过本申请实施例,对相机激活请求进行加密,可以实现相机安全激活,防止激活算法被破解,并防止非法组装、拼装的相机绕过激活流程而正常销售和使用。By encrypting the camera activation request through the embodiments of the present application, the camera can be activated safely, preventing the activation algorithm from being cracked, and preventing illegally assembled and assembled cameras from bypassing the activation process and being sold and used normally.
在下文中以一个具体实施例详细阐述本申请的用于相机的启动、激活方法。Hereinafter, the startup and activation method for a camera of the present application will be described in detail with a specific embodiment.
在一个实施例中,如图7A~图7C所示,该相机启动、激活方法的流程可以包括以下操作。In one embodiment, as shown in FIGS. 7A to 7C , the flow of the camera startup and activation method may include the following operations.
云台先执行操作S710~操作S714。The PTZ first performs operations S710 to S714.
操作S710,云台安全启动;Operate S710, the gimbal starts safely;
操作S711,云台提取并保存相机的状态信息;In operation S711, the gimbal extracts and saves the state information of the camera;
操作S712,云台生成相机的安全启动秘钥;In operation S712, the PTZ generates the security startup key of the camera;
操作S713,云台初始化加密传输信道;In operation S713, the PTZ initializes the encrypted transmission channel;
操作S714,云台控制相机主控上电。Operate S714, the gimbal controls the camera master to power on.
相机上电后,相机主控执行操作S720和操作S721。After the camera is powered on, the camera master performs operations S720 and S721.
操作S720,加载系统启动器;Operate S720 to load the system launcher;
操作S721,运行系统启动器。Operation S721 is to run the system starter.
系统启动器运行后,与云台配合执行以下操作以启动相机的系统应用。After the system launcher is running, perform the following operations in conjunction with the gimbal to launch the camera's system application.
操作S730,系统启动器初始化;Operation S730, the system starter is initialized;
操作S731,系统启动器加密通信初始化;In operation S731, the encrypted communication of the system starter is initialized;
操作S732,系统启动器查询相机状态;Operation S732, the system starter queries the camera status;
操作S715,云台加密消息验证通过;Operation S715, the PTZ encrypted message verification is passed;
操作S716,云台应答相机状态查询请求;In operation S716, the PTZ responds to the camera status query request;
操作S733,系统启动器获取并存储相机的状态信息到内存;Operation S733, the system launcher obtains and stores the state information of the camera in the memory;
操作S734,系统启动器提取安全启动秘钥和激活秘钥;In operation S734, the system launcher extracts the secure boot key and the activation key;
操作S717,云台加密消息验证通过;Operation S717, the PTZ encrypted message verification is passed;
操作S718,云台反馈安全启动秘钥和激活秘钥;In operation S718, the PTZ feeds back the secure startup key and the activation key;
操作S735,系统启动器存储安全启动秘钥和激活秘钥至内存;Operation S735, the system launcher stores the secure boot key and the activation key to the memory;
操作S736,系统启动器配置系统程序1的安全启动秘钥;Operation S736, the system launcher configures the secure activation key of the system program 1;
操作S737,系统启动器加载系统程序1的密文固件至内存;Operation S737, the system launcher loads the ciphertext firmware of the system program 1 into the memory;
操作S738,系统启动器对系统程序1的密文进行解密、验证;In operation S738, the system launcher decrypts and verifies the ciphertext of the system program 1;
操作S739,系统启动器启动系统程序1。In operation S739, the system launcher starts the system program 1.
系统程序1启动并运行后,执行以下操作以启动系统程序2。After System Program 1 is up and running, do the following to start System Program 2.
操作S740,系统程序1运行;Operation S740, the system program 1 runs;
操作S741,系统程序1从内存提取相机的状态信息;Operation S741, the system program 1 extracts the status information of the camera from the memory;
操作S742,系统程序1从内存提取系统程序2的安全启动秘钥,并校验;In operation S742, the system program 1 extracts the secure boot key of the system program 2 from the memory, and verifies it;
操作S743,系统程序1配置系统程序2的安全启动秘钥;Operation S743, the system program 1 configures the secure startup key of the system program 2;
操作S744,系统程序1加载系统程序2到内存;Operation S744, the system program 1 loads the system program 2 into the memory;
操作S745,系统程序1对系统程序2进行解密、验证;Operation S745, the system program 1 decrypts and verifies the system program 2;
操作S746,系统程序1启动系统程序2;Operation S746, the system program 1 starts the system program 2;
操作S747,系统程序1加载激活秘钥;Operation S747, the system program 1 loads the activation key;
操作S748,系统程序1生成激活请求信息并发送给激活服务器验证;Operation S748, the system program 1 generates activation request information and sends it to the activation server for verification;
操作S750,激活服务器验证激活请求;In operation S750, the activation server verifies the activation request;
操作S751,激活服务器验证相机的合法性;Operate S751 to activate the server to verify the legitimacy of the camera;
操作S752,激活服务器应答激活请求;In operation S752, the activation server responds to the activation request;
操作S749,系统程序1验证激活应答并确认激活结果。In operation S749, the system program 1 verifies the activation response and confirms the activation result.
在上述实施例中,目标程序包括2个系统程序(即系统程序1、系统程序2)和1个应用程序(即激活程序)。可以理解,上述实施例只作为本申请的一个示意性实例,本申请在此不做限定。In the above embodiment, the target program includes two system programs (ie, system program 1 and system program 2) and one application program (ie, activation program). It can be understood that the above embodiment is only a schematic example of the present application, which is not limited herein.
本申请实施例还提供了一种用于相机,用于实现安全启动和激活操作。The embodiments of the present application also provide a camera for realizing safe startup and activation operations.
图8示意性示出了根据本申请实施例的相机的框图,如图8所示,该相机800例如可以包括:处理器810和存储器820。FIG. 8 schematically shows a block diagram of a camera according to an embodiment of the present application. As shown in FIG. 8 , the camera 800 may include, for example, a processor 810 and a memory 820 .
具体地,存储器820用于存储指令,处理器810调用存储器820中存储的指令,用于执行以下操作:加载相机的至少一个目标程序的密文,其中,至少一个目标程序包括系统程序和应用程序中的至少一种;获取至少一个第一功能秘钥;利用至少一个第一功能秘钥将至少一个目标程序的密文转换为至少一个目标程序的明文;针对每个目标程序,执行以下操作:基于目标程序的明文验证该目标程序是否符合程序启动条件;以及响应于验证结果表征该目标程序符合程序启动条件,启动该目标程序。Specifically, the memory 820 is used to store instructions, and the processor 810 calls the instructions stored in the memory 820 to perform the following operations: load the ciphertext of at least one target program of the camera, where the at least one target program includes a system program and an application program At least one of; obtain at least one first function key; use at least one first function key to convert the ciphertext of at least one target program into the plaintext of at least one target program; for each target program, perform the following operations: Based on the plaintext of the target program, verify whether the target program meets the program start condition; and start the target program in response to the verification result indicating that the target program meets the program start condition.
作为一个可选的实施例,不同的功能秘钥可以对应于不同的目标软件。As an optional embodiment, different function keys may correspond to different target software.
作为一个可选的实施例,该处理器还可以用于:针对所有的目标程序,先验证能否启动系统程序,再在启动系统程序后验证能否启动应用程序。As an optional embodiment, the processor may also be configured to: for all target programs, first verify whether the system program can be started, and then verify whether the application program can be started after the system program is started.
作为一个可选的实施例,该相机还可以包括:消息发送器,用于响应于应用程序的启动,第二功能秘钥向激活服务器发送第一加密消息,以请求激活相机。As an optional embodiment, the camera may further include: a message transmitter, configured to send a first encrypted message to the activation server by the second function key to request activation of the camera in response to the activation of the application program.
作为一个可选的实施例,该相机的消息发送器还可以用于:通过加密信道向激活服务器发送第一加密消息。As an optional embodiment, the message transmitter of the camera may also be configured to: send the first encrypted message to the activation server through an encrypted channel.
作为一个可选的实施例,该相机的消息发送器还可以用于:在向激活服务器发送第一加密消息之前,向与相机相关联的云台和/或向相机内部的控制装置发送第二加密消息,以请求查询相机的状态;以及处理器,还用于当查询结果表征相机尚未被激活时,启动相机的激活流程。As an optional embodiment, the message sender of the camera may also be configured to: before sending the first encrypted message to the activation server, send a second message to the pan/tilt associated with the camera and/or to a control device inside the camera The encrypted message is used to request to query the status of the camera; and the processor is further used for starting the activation process of the camera when the query result indicates that the camera has not been activated.
作为一个可选的实施例,该相机的消息发送器还可以用于:通过加密信道向云台发送第二加密消息。As an optional embodiment, the message transmitter of the camera may also be configured to: send a second encrypted message to the PTZ through an encrypted channel.
作为一个可选的实施例,该相机还可以包括消息接收器。该消息接收器用于:通过加密信道从云台获取查询结果。As an optional embodiment, the camera may further include a message receiver. The message receiver is used to obtain query results from the PTZ through an encrypted channel.
作为一个可选的实施例,该相机还可以包括消息接收器。消息接收器用于:从与相机关联的云台获取至少一个第一功能秘钥。As an optional embodiment, the camera may further include a message receiver. The message receiver is used for: obtaining at least one first function key from the PTZ associated with the camera.
作为一个可选的实施例,该相机的消息接收器还可以用于:通过加密信道从云台获取至少一个第一功能秘钥。As an optional embodiment, the message receiver of the camera may also be used to obtain at least one first function key from the PTZ through an encrypted channel.
作为一个可选的实施例,该相机的消息接收器还用于:从云台获取加密功能秘钥,其中,加密功能秘钥为对至少一个第一功能秘钥中的至少之一进行加密而得到的秘钥。As an optional embodiment, the message receiver of the camera is further configured to: obtain an encryption function key from the PTZ, wherein the encryption function key is used for encrypting at least one of the at least one first function key. obtained key.
作为一个可选的实施例,该相机的消息接收器还可以用于:从云台的内 存中获取至少一个第一功能秘钥。As an optional embodiment, the message receiver of the camera may also be used for: acquiring at least one first function key from the memory of the PTZ.
应该理解,本申请实施例提供的相机,可以用于执行前述相机侧的用于相机的启动方法实施例的技术方案,其实现原理和技术效果与方法实施例类似,在此不再赘述。It should be understood that the camera provided in this embodiment of the present application can be used to implement the technical solutions of the foregoing camera-side startup method for the camera, and its implementation principles and technical effects are similar to those of the method embodiments, which will not be repeated here.
本申请实施例还提供了一种云台,用于与相机配合使用,以便使得相机可以安全启动和激活。The embodiments of the present application also provide a pan/tilt head, which is used in cooperation with the camera, so that the camera can be started and activated safely.
具体地,该云台可以包括处理器和消息发送器。其中,处理器可以用于生成并存储至少一个第一功能秘钥。该云台的消息发送器可以用于向相机发送至少一个第一功能秘钥,以便相机基于至少一个第一功能秘钥执行相机启动操作。Specifically, the pan/tilt head may include a processor and a message transmitter. The processor may be configured to generate and store at least one first function key. The message transmitter of the gimbal can be configured to send at least one first function key to the camera, so that the camera can perform a camera startup operation based on the at least one first function key.
作为一个可选的实施例,该云台的处理器还可以用于:对至少一个第一功能秘钥中的至少之一进行加密,以生成并存储加密后的功能秘钥。As an optional embodiment, the processor of the PTZ may also be configured to: encrypt at least one of the at least one first function key, so as to generate and store the encrypted function key.
作为一个可选的实施例,该云台的消息发送器还可以用于:通过加密信道向相机发送加密后的功能秘钥。As an optional embodiment, the message transmitter of the PTZ can also be used to: send the encrypted function key to the camera through an encrypted channel.
作为一个可选的实施例,该云台还可以包括:消息接收器,用于获取来自相机的用于请求获取加密后的功能秘钥的第一加密消息。该云台的处理器还可以用于对第一加密消息进行验证。该云台的消息发送器还可以用于响应于第一加密消息验证通过,通过加密信道向相机发送加密后的功能秘钥。As an optional embodiment, the PTZ may further include: a message receiver, configured to obtain a first encrypted message from the camera for requesting to obtain the encrypted function key. The processor of the PTZ can also be used to authenticate the first encrypted message. The message transmitter of the PTZ can also be configured to send the encrypted function key to the camera through an encrypted channel in response to the first encrypted message being verified.
作为一个可选的实施例,该云台的消息接收器还可以用于获取针对相机的状态信息并获取来自相机的用于请求查询相机状态的第二加密消息。该云台还可以包括:存储器,用于存储针对相机的状态信息。该云台的处理器还可以用于对第二加密消息进行验证。该云台的消息发送器还可以用于响应于第二加密消息验证通过,向相机发送状态信息,以便相机确定是否启动相机激活流程。As an optional embodiment, the message receiver of the PTZ may also be configured to obtain status information for the camera and obtain a second encrypted message from the camera for requesting to query the camera status. The PTZ may further include: a memory for storing state information for the camera. The processor of the PTZ can also be used to authenticate the second encrypted message. The message transmitter of the gimbal can also be configured to send status information to the camera in response to the second encrypted message passing the verification, so that the camera can determine whether to start the camera activation process.
作为一个可选的实施例,该云台的消息发送器还可以用于通过加密信道向相机发送状态信息。As an optional embodiment, the message transmitter of the PTZ can also be used to send status information to the camera through an encrypted channel.
作为一个可选的实施例,该云台还可以包括:内存,用于存储至少一个第一功能秘钥。As an optional embodiment, the PTZ may further include: a memory for storing at least one first function key.
应该理解,本申请实施例提供的云台,可以用于执行前述云台侧的用于相机的启动方法实施例的技术方案,其实现原理和技术效果与方法实施例类似,在此不再赘述。It should be understood that the pan/tilt provided in the embodiments of the present application can be used to implement the technical solutions of the foregoing embodiments of the camera startup method on the pan/tilt side, and the implementation principles and technical effects thereof are similar to those of the method embodiments, which will not be repeated here. .
本申请实施例还提供了一种服务器(激活服务器),用于与相机配合使用,以便使得相机可以激活。具体地,该服务器例如可以包括:消息接收器和处理器。该消息接收器,用于获取来自相机的用于请求激活相机的加密消息。该处理器可以用于对加密消息进行验证,以及基于针对加密消息的验证结果,确定是否激活相机。The embodiment of the present application also provides a server (activation server), which is used in cooperation with the camera, so that the camera can be activated. Specifically, the server may include, for example, a message receiver and a processor. The message receiver is used to obtain an encrypted message from the camera for requesting activation of the camera. The processor may be used to authenticate the encrypted message and determine whether to activate the camera based on the result of the authentication for the encrypted message.
应该理解,本申请实施例提供的服务器,可以用于执行前述激活服务器侧的用于相机的激活方法实施例的技术方案,其实现原理和技术效果与方法实施例类似,在此不再赘述。It should be understood that the server provided in this embodiment of the present application can be used to execute the technical solution of the foregoing embodiment of the activation method for a camera on the server side, and its implementation principle and technical effect are similar to those of the method embodiment, and are not repeated here.
本申请实施例还提供了一种相机系统。该相机系统可以包括前述任一实施例中的相机以及前述任一实施例中的云台,本申请实施例在此不再赘述The embodiments of the present application also provide a camera system. The camera system may include the camera in any of the foregoing embodiments and the pan/tilt in any of the foregoing embodiments, which will not be repeated in this embodiment of the present application.
本申请实施例还提供了一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行本申请实施例任一项的方法,本申请在此不再赘述。The embodiments of the present application further provide a computer-readable storage medium, including instructions, which, when run on a computer, enable the computer to execute any method of any of the embodiments of the present application, which are not described herein again.
本申请实施例还提供了一种包含指令的计算机程序产品,当指令在计算机上运行时,使得计算机执行本申请实施例任一项的方法,本申请在此不再赘述。The embodiments of the present application also provide a computer program product including instructions, when the instructions are run on the computer, the computer executes the method of any one of the embodiments of the present application, and details are not described herein again.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行计算机程序指令时,全部或部分地产生按照本申请实施例的流程或功能。计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。计算机指令可以存储在计算机可读存储介质中,或者通过计算机可读存储介质进行传输。计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如,固态硬盘(solid state disk,SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. A computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions according to the embodiments of the present application are generated in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device. Computer instructions may be stored in or transmitted over a computer-readable storage medium. Computer instructions may be sent from one website site, computer, server, or data center to another website site, computer, via wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.) , server or data center for transmission. A computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, or the like that contains one or more of the available mediums integrated. Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.
最后应说明的是:以上各实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述各实施例对本申请进行了详细的说明,本领域的普通 技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present application. Scope.

Claims (44)

  1. 一种用于相机的启动方法,其特征在于,包括:A startup method for a camera, comprising:
    加载所述相机的至少一个目标程序的密文,其中,所述至少一个目标程序包括系统程序和应用程序中的至少一种;Load the ciphertext of at least one target program of the camera, wherein the at least one target program includes at least one of a system program and an application program;
    获取至少一个第一功能秘钥;Obtain at least one first function key;
    利用所述至少一个第一功能秘钥将所述至少一个目标程序的密文转换为所述至少一个目标程序的明文;Convert the ciphertext of the at least one target program into the plaintext of the at least one target program by using the at least one first function key;
    针对每个目标程序,执行以下操作:For each target program, do the following:
    基于目标程序的明文验证该目标程序是否符合程序启动条件;以及Verify that the target program meets the program launch conditions based on the plaintext of the target program; and
    响应于验证结果表征该目标程序符合所述程序启动条件,启动该目标程序。The target program is started in response to the verification result indicating that the target program meets the program start condition.
  2. 根据权利要求1所述的方法,其特征在于,不同的功能秘钥对应于不同的目标程序。The method according to claim 1, wherein different function keys correspond to different target programs.
  3. 根据权利要求1或2所述的方法,其特征在于,还包括:针对所有的目标程序,先验证能否启动系统程序,再在启动系统程序后验证能否启动应用程序。The method according to claim 1 or 2, further comprising: for all target programs, first verifying whether the system program can be started, and then verifying whether the application program can be started after starting the system program.
  4. 根据权利要求3所述的方法,其特征在于,还包括:The method of claim 3, further comprising:
    响应于应用程序的启动,基于第二功能秘钥向激活服务器发送第一加密消息,以请求激活所述相机。In response to the launch of the application, a first encrypted message is sent to the activation server based on the second function key to request activation of the camera.
  5. 根据权利要求4所述的方法,其特征在于,The method of claim 4, wherein:
    通过加密信道向所述激活服务器发送所述第一加密消息。The first encrypted message is sent to the activation server over an encrypted channel.
  6. 根据权利要求4所述的方法,其特征在于,还包括:在向激活服务器发送第一加密消息之前,The method of claim 4, further comprising: before sending the first encrypted message to the activation server,
    向与所述相机相关联的云台和/或向所述相机内部的控制装置发送第二加密消息,以请求查询所述相机的状态,sending a second encrypted message to the gimbal associated with the camera and/or to a control device inside the camera to request the status of the camera,
    其中,当查询结果表征所述相机尚未被激活时,启动所述相机的激活流程。Wherein, when the query result indicates that the camera has not been activated, the activation process of the camera is started.
  7. 根据权利要求6所述的方法,其特征在于,The method of claim 6, wherein:
    通过加密信道向所述云台发送所述第二加密消息。Send the second encrypted message to the PTZ through an encrypted channel.
  8. 根据权利要求6或7所述的方法,其特征在于,The method according to claim 6 or 7, wherein,
    通过加密信道从所述云台获取所述查询结果。The query result is obtained from the PTZ through an encrypted channel.
  9. 根据权利要求1所述的方法,其特征在于,所述获取至少一个第一功能秘钥,包括:The method according to claim 1, wherein the acquiring at least one first function key comprises:
    从与所述相机关联的云台获取所述至少一个第一功能秘钥。The at least one first function key is obtained from a gimbal associated with the camera.
  10. 根据权利要求9所述的方法,其特征在于,所述从与所述相机关联的云台获取所述至少一个第一功能秘钥,包括:The method according to claim 9, wherein the obtaining the at least one first function key from a PTZ associated with the camera comprises:
    通过加密信道从所述云台获取所述至少一个第一功能秘钥。The at least one first function key is obtained from the PTZ through an encrypted channel.
  11. 根据权利要求9或10所述的方法,其特征在于,The method according to claim 9 or 10, characterized in that,
    从所述云台获取至少一个加密功能秘钥,其中,所述至少一个加密功能秘钥为对所述至少一个第一功能秘钥中的至少之一进行加密而得到的秘钥。Obtain at least one encryption function key from the PTZ, wherein the at least one encryption function key is a key obtained by encrypting at least one of the at least one first function key.
  12. 根据权利要求9或10所述的方法,其特征在于,The method according to claim 9 or 10, characterized in that,
    从所述云台的内存中获取所述至少一个第一功能秘钥。The at least one first function key is obtained from the memory of the PTZ.
  13. 一种用于相机的启动方法,其特征在于,包括:A startup method for a camera, comprising:
    生成并存储至少一个第一功能秘钥;以及generating and storing at least one first function key; and
    向所述相机发送所述至少一个第一功能秘钥,以便所述相机基于所述至少一个第一功能秘钥执行相机启动操作。The at least one first function key is sent to the camera, so that the camera performs a camera startup operation based on the at least one first function key.
  14. 根据权利要求13所述的方法,其特征在于,还包括:The method of claim 13, further comprising:
    对所述至少一个第一功能秘钥中的至少之一进行加密,以生成并存储加密后的功能秘钥。Encrypting at least one of the at least one first function key to generate and store the encrypted function key.
  15. 根据权利要求14所述的方法,其特征在于,所述向所述相机发送所述至少一个第一功能秘钥,包括:The method according to claim 14, wherein the sending the at least one first function key to the camera comprises:
    通过加密信道向所述相机发送所述加密后的功能秘钥。Send the encrypted function key to the camera through an encrypted channel.
  16. 根据权利要求15所述的方法,其特征在于,所述通过加密信道向所述相机发送所述加密后的功能秘钥,包括:The method according to claim 15, wherein the sending the encrypted function key to the camera through an encrypted channel comprises:
    获取来自所述相机的用于请求获取所述加密后的功能秘钥的第一加密消息;obtaining a first encrypted message from the camera for requesting to obtain the encrypted function key;
    对所述第一加密消息进行验证;以及verifying the first encrypted message; and
    响应于所述第一加密消息验证通过,通过加密信道向所述相机发送所述加密后的功能秘钥。In response to the first encrypted message passing the verification, the encrypted function key is sent to the camera through an encrypted channel.
  17. 根据权利要求13所述的方法,其特征在于,还包括:The method of claim 13, further comprising:
    获取并存储针对所述相机的状态信息;obtain and store state information for the camera;
    获取来自所述相机的用于请求查询相机状态的第二加密消息;obtaining a second encrypted message from the camera for requesting to query the status of the camera;
    对所述第二加密消息进行验证;以及verifying the second encrypted message; and
    响应于所述第二加密消息验证通过,向所述相机发送所述状态信息,以便所述相机确定是否启动相机激活流程。In response to the verification of the second encrypted message being passed, the status information is sent to the camera, so that the camera can determine whether to initiate a camera activation process.
  18. 根据权利要求17所述的方法,其特征在于,所述向所述相机发送所述状态信息,包括:The method according to claim 17, wherein the sending the status information to the camera comprises:
    通过加密信道向所述相机发送所述状态信息。The status information is sent to the camera over an encrypted channel.
  19. 根据权利要求17所述的方法,其特征在于,The method of claim 17, wherein:
    在与所述相机相关联的云台的存储器中存储所述状态信息。The state information is stored in the memory of the gimbal associated with the camera.
  20. 根据权利要求13所述的方法,其特征在于,The method of claim 13, wherein:
    在与所述相机相关联的云台的内存中存储所述至少一个第一功能秘钥。The at least one first function key is stored in the memory of the gimbal associated with the camera.
  21. 一种用于相机的激活方法,其特征在于,包括:An activation method for a camera, comprising:
    获取来自所述相机的用于请求激活所述相机的加密消息;obtaining an encrypted message from the camera requesting activation of the camera;
    对所述加密消息进行验证;以及verifying the encrypted message; and
    基于针对所述加密消息的验证结果,确定是否激活所述相机。Whether to activate the camera is determined based on the result of the verification of the encrypted message.
  22. 一种相机,其特征在于,所述相机包括处理器,用于:A camera, characterized in that the camera includes a processor for:
    加载所述相机的至少一个目标程序的密文,其中,所述至少一个目标程序包括系统程序和应用程序中的至少一种;Load the ciphertext of at least one target program of the camera, wherein the at least one target program includes at least one of a system program and an application program;
    获取至少一个第一功能秘钥;Obtain at least one first function key;
    利用所述至少一个第一功能秘钥将所述至少一个目标程序的密文转换为所述至少一个目标程序的明文;Convert the ciphertext of the at least one target program into the plaintext of the at least one target program by using the at least one first function key;
    针对每个目标程序,执行以下操作:For each target program, do the following:
    基于目标程序的明文验证该目标程序是否符合程序启动条件;以及Verify that the target program meets the program launch conditions based on the plaintext of the target program; and
    响应于验证结果表征该目标程序符合所述程序启动条件,启动该目标程序。The target program is started in response to the verification result indicating that the target program meets the program start condition.
  23. 根据权利要求22所述的相机,其特征在于,不同的功能秘钥对应于不同的目标软件。The camera of claim 22, wherein different function keys correspond to different target software.
  24. 根据权利要求22或23所述的相机,其特征在于,所述处理器,还用于:针对所有的目标程序,先验证能否启动系统程序,再在启动系统程序后 验证能否启动应用程序。The camera according to claim 22 or 23, wherein the processor is further configured to: for all target programs, first verify whether the system program can be started, and then verify whether the application program can be started after the system program is started .
  25. 根据权利要求24所述的相机,其特征在于,所述相机还包括:The camera of claim 24, wherein the camera further comprises:
    消息发送器,用于响应于应用程序的启动,第二功能秘钥向激活服务器发送第一加密消息,以请求激活所述相机。A message sender, configured to send a first encrypted message to the activation server by the second function key to request activation of the camera in response to the activation of the application.
  26. 根据权利要求25所述的相机,其特征在于,所述消息发送器还用于:The camera of claim 25, wherein the message transmitter is further configured to:
    通过加密信道向所述激活服务器发送所述第一加密消息。The first encrypted message is sent to the activation server over an encrypted channel.
  27. 根据权利要求25所述的相机,其特征在于,The camera of claim 25, wherein
    所述消息发送器还用于:在向激活服务器发送第一加密消息之前,向与所述相机相关联的云台和/或向所述相机内部的控制装置发送第二加密消息,以请求查询所述相机的状态;以及The message sender is further configured to: before sending the first encrypted message to the activation server, send a second encrypted message to the pan/tilt associated with the camera and/or to a control device inside the camera to request an inquiry the status of the camera; and
    所述处理器,还用于当查询结果表征所述相机尚未被激活时,启动所述相机的激活流程。The processor is further configured to start the activation process of the camera when the query result indicates that the camera has not been activated.
  28. 根据权利要求27所述的相机,其特征在于,所述消息发送器还用于:The camera of claim 27, wherein the message transmitter is further configured to:
    通过加密信道向所述云台发送所述第二加密消息。Send the second encrypted message to the PTZ through an encrypted channel.
  29. 根据权利要求27或28所述的相机,其特征在于,所述相机还包括消息接收器,所述消息接收器用于:The camera according to claim 27 or 28, wherein the camera further comprises a message receiver for:
    通过加密信道从所述云台获取所述查询结果。The query result is obtained from the PTZ through an encrypted channel.
  30. 根据权利要求22所述的相机,其特征在于,所述相机还包括消息接收器,所述消息接收器用于:The camera of claim 22, wherein the camera further comprises a message receiver for:
    从与所述相机关联的云台获取所述至少一个第一功能秘钥。The at least one first function key is obtained from a gimbal associated with the camera.
  31. 根据权利要求30所述的相机,其特征在于,所述消息接收器还用于:The camera of claim 30, wherein the message receiver is further configured to:
    通过加密信道从所述云台获取所述至少一个第一功能秘钥。The at least one first function key is obtained from the PTZ through an encrypted channel.
  32. 根据权利要求30或31所述的相机,其特征在于,所述消息接收器还用于:The camera of claim 30 or 31, wherein the message receiver is further configured to:
    从所述云台获取加密功能秘钥,其中,所述加密功能秘钥为对所述至少一个第一功能秘钥中的至少之一进行加密而得到的秘钥。Obtain an encryption function key from the PTZ, wherein the encryption function key is a key obtained by encrypting at least one of the at least one first function key.
  33. 根据权利要求30或31所述的相机,其特征在于,所述消息接收器还用于:The camera of claim 30 or 31, wherein the message receiver is further configured to:
    从所述云台的内存中获取所述至少一个第一功能秘钥。The at least one first function key is obtained from the memory of the PTZ.
  34. 一种云台,用于与相机配合使用,其特征在于,包括:A pan/tilt, used in conjunction with a camera, is characterized in that it includes:
    处理器,用于生成并存储至少一个第一功能秘钥;以及a processor for generating and storing at least one first function key; and
    消息发送器,用于向所述相机发送所述至少一个第一功能秘钥,以便所述相机基于所述至少一个第一功能秘钥执行相机启动操作。A message transmitter, configured to send the at least one first function key to the camera, so that the camera performs a camera startup operation based on the at least one first function key.
  35. 根据权利要求34所述的云台,其特征在于,所述处理器还用于:The pan-tilt according to claim 34, wherein the processor is further configured to:
    对所述至少一个第一功能秘钥中的至少之一进行加密,以生成并存储加密后的功能秘钥。Encrypting at least one of the at least one first function key to generate and store the encrypted function key.
  36. 根据权利要求35所述的云台,其特征在于,所述消息发送器还用于:The PTZ according to claim 35, wherein the message transmitter is further used for:
    通过加密信道向所述相机发送所述加密后的功能秘钥。Send the encrypted function key to the camera through an encrypted channel.
  37. 根据权利要求36所述的云台,其特征在于,The pan/tilt according to claim 36, wherein,
    所述云台还包括:消息接收器,用于获取来自所述相机的用于请求获取所述加密后的功能秘钥的第一加密消息;The PTZ further includes: a message receiver, configured to obtain a first encrypted message from the camera for requesting to obtain the encrypted function key;
    所述处理器,还用于对所述第一加密消息进行验证;以及the processor, further configured to authenticate the first encrypted message; and
    所述消息发送器,还用于响应于所述第一加密消息验证通过,通过加密信道向所述相机发送所述加密后的功能秘钥。The message sender is further configured to send the encrypted function key to the camera through an encrypted channel in response to the first encrypted message passing the verification.
  38. 根据权利要求34所述的云台,其特征在于,The pan/tilt according to claim 34, wherein,
    所述消息接收器,还用于获取针对所述相机的状态信息并获取来自所述相机的用于请求查询相机状态的第二加密消息;the message receiver, further configured to obtain status information for the camera and obtain a second encrypted message from the camera for requesting to query the camera status;
    所述云台还包括:存储器,用于存储针对所述相机的状态信息;The pan/tilt also includes: a memory for storing state information for the camera;
    所述处理器,还用于对所述第二加密消息进行验证;以及the processor, further configured to authenticate the second encrypted message; and
    所述消息发送器,还用于响应于所述第二加密消息验证通过,向所述相机发送所述状态信息,以便所述相机确定是否启动相机激活流程。The message sender is further configured to send the status information to the camera in response to the second encrypted message passing the verification, so that the camera determines whether to start the camera activation process.
  39. 根据权利要求38所述的云台,其特征在于,所述消息发送器还用于:The PTZ according to claim 38, wherein the message transmitter is further used for:
    通过加密信道向所述相机发送所述状态信息。The status information is sent to the camera over an encrypted channel.
  40. 根据权利要求34所述的云台,其特征在于,所述云台还包括:内存,用于存储所述至少一个第一功能秘钥。The PTZ according to claim 34, wherein the PTZ further comprises: a memory for storing the at least one first function key.
  41. 一种服务器,其特征在于,包括:A server, characterized in that it includes:
    消息接收器,用于获取来自所述相机的用于请求激活所述相机的加密消息;a message receiver for obtaining an encrypted message from the camera for requesting activation of the camera;
    处理器,用于对所述加密消息进行验证,以及基于针对所述加密消息的验证结果,确定是否激活所述相机。A processor for verifying the encrypted message and determining whether to activate the camera based on a result of the verification of the encrypted message.
  42. 一种相机系统,其特征在于,包括:A camera system, characterized in that it includes:
    权利要求22-33中任意一项所述的相机;以及The camera of any of claims 22-33; and
    权利要求34-40中任意一项所述的云台。The pan/tilt according to any one of claims 34-40.
  43. 一种计算机可读存储介质,其特征在于,包括指令,当其在计算机上运行时,使得所述计算机执行如权利要求1-21中任一项所述的方法。A computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1-21.
  44. 一种包含指令的计算机程序产品,其特征在于,当所述指令在计算机上运行时,使得所述计算机执行如权利要求1-21中任一项所述的方法。A computer program product comprising instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1-21.
PCT/CN2020/099245 2020-06-30 2020-06-30 Method for starting and activating camera, camera and cradle head WO2022000261A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2020/099245 WO2022000261A1 (en) 2020-06-30 2020-06-30 Method for starting and activating camera, camera and cradle head
CN202080006216.2A CN113056726A (en) 2020-06-30 2020-06-30 Method for starting and activating camera, camera and holder

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/099245 WO2022000261A1 (en) 2020-06-30 2020-06-30 Method for starting and activating camera, camera and cradle head

Publications (1)

Publication Number Publication Date
WO2022000261A1 true WO2022000261A1 (en) 2022-01-06

Family

ID=76509774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/099245 WO2022000261A1 (en) 2020-06-30 2020-06-30 Method for starting and activating camera, camera and cradle head

Country Status (2)

Country Link
CN (1) CN113056726A (en)
WO (1) WO2022000261A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101673250A (en) * 2009-09-18 2010-03-17 中兴通讯股份有限公司 Method and device for protecting codes or data in mobile phone memory
CN102231115A (en) * 2011-06-07 2011-11-02 深圳市九洲电器有限公司 Method and system for safely starting set top box
CN107688746A (en) * 2017-08-30 2018-02-13 浪潮(北京)电子信息产业有限公司 The loading method and device of a kind of kernel file
US20180293385A1 (en) * 2017-04-05 2018-10-11 International Business Machines Corporation Securely exchanging information during application startup
CN109491716A (en) * 2018-10-19 2019-03-19 北京行易道科技有限公司 Start method and device, program storage method and device
CN110601852A (en) * 2019-09-16 2019-12-20 苏州思必驰信息科技有限公司 Authentication and authorization method and system for electronic equipment of voice conversation platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218263B (en) * 2017-07-04 2021-06-08 斑马智行网络(香港)有限公司 Control method and device
CN108154025A (en) * 2017-12-22 2018-06-12 北京四达时代软件技术股份有限公司 Method, the method and device of application program mirror image processing of embedded device startup

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101673250A (en) * 2009-09-18 2010-03-17 中兴通讯股份有限公司 Method and device for protecting codes or data in mobile phone memory
CN102231115A (en) * 2011-06-07 2011-11-02 深圳市九洲电器有限公司 Method and system for safely starting set top box
US20180293385A1 (en) * 2017-04-05 2018-10-11 International Business Machines Corporation Securely exchanging information during application startup
CN107688746A (en) * 2017-08-30 2018-02-13 浪潮(北京)电子信息产业有限公司 The loading method and device of a kind of kernel file
CN109491716A (en) * 2018-10-19 2019-03-19 北京行易道科技有限公司 Start method and device, program storage method and device
CN110601852A (en) * 2019-09-16 2019-12-20 苏州思必驰信息科技有限公司 Authentication and authorization method and system for electronic equipment of voice conversation platform

Also Published As

Publication number Publication date
CN113056726A (en) 2021-06-29

Similar Documents

Publication Publication Date Title
AU2017396530B2 (en) Addressing a trusted execution environment using encryption key
CN110120869B (en) Key management system and key service node
US10462114B2 (en) System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading
US10972265B2 (en) Addressing a trusted execution environment
US9281949B2 (en) Device using secure processing zone to establish trust for digital rights management
US20220366081A1 (en) Protection of privacy and data on smart edge devices
AU2017396531B2 (en) Addressing a trusted execution environment using signing key
CN110235134B (en) Addressing trusted execution environments using clean room provisioning
WO2022052665A1 (en) Wireless terminal and interface access authentication method for wireless terminal in uboot mode
US11216571B2 (en) Credentialed encryption
US11431514B1 (en) Systems for determining authenticated transmissions of encrypted payloads
US7966662B2 (en) Method and system for managing authentication and payment for use of broadcast material
WO2022000261A1 (en) Method for starting and activating camera, camera and cradle head
CN110740036A (en) Anti-attack data confidentiality method based on cloud computing
CN109117606B (en) DRM standard adaptation method and device for equipment client and hardware protection middleware
CN115510401A (en) Software authorization implementation method in cloud scene
NZ754540B2 (en) Addressing a trusted execution environment using signing key

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20942928

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20942928

Country of ref document: EP

Kind code of ref document: A1