The method of intelligent video camera head security control and data confidentiality based on id passwordTechnical field
The present invention relates to the data safeties and time slot scrambling of a kind of intelligent and safe camera using identification cipher technology, belong toIn field of information security technology.
Background technique
Identification cipher technology is similar with CA, is all Public Key Infrastructure.CA represents personal identification using digital certificate, numberCertificate is signed and issued by authoritative institution, and private key is protected by carrier;Identification cipher technology does not have digital certificate, uses user(Or object)IDAnd its public key mark represents user identity, User ID is registered in authoritative institution, and public key mark is common by user and root private keyIt generates, and is generated by authoritative institution, private key is also protected by carrier.Id password also uses public private key pair and general-purpose algorithm to realizeThe functions such as authentication, digital signature authentication, data encrypting and deciphering, key exchange.Identification cipher technology is a benefit of CA applicationIt fills, occupancy resource conditional application huge particularly suitable for user volume.
Summary of the invention
The technical problem to be solved by the present invention is to overcome the deficiencies of existing technologies, a kind of intelligence based on id password is providedThe method of energy camera security control and data confidentiality, avoids the audio, video data of camera from revealing, enhances safety.
In order to solve the above technical problems, the technical solution adopted by the present invention is as follows:
A method of intelligent video camera head security control and data confidentiality based on id password, characterized in that including following stepSuddenly:
Step 1, intelligent video camera head and user terminal distinguish preset public private key pair;
Preset public private key pair generates public private key pair using end data as mark, with the mark, makes have equipment in the public private key pairOr unique ID feature of user;
Step 2, intelligent video camera head are stored to allowing to match public key, by the way of hash algorithm and signature, to user terminalIn public key signed;
Its address Mac and ID relevant information are sent to server by step 3, intelligent video camera head, and keep heartbeat with server;
Step 4, user terminal are addressed by unique ID of the address Mac or corresponding intelligent video camera head to server;
It after step 5, user terminal are addressed, is signed with public key of the private key to oneself, and sends the public key of its signature to intelligenceIt can camera application connection;
Step 6, intelligent video camera head carry out sign test to the data received, restore public key, and carry out Hash to stored public keyVerifying;Then it is compared with the public key for being stored in intelligent video camera head with the public key of application connection, use is then responded after comparing successfullyThe connection application that family end issues carries out audio-video connection, otherwise refusal access;
After step 7, intelligent video camera head compare successfully, random number is generated using built-in randomizer, and using number letterThe mode of envelope carries out encrypting and transmitting to user terminal to random number;
The acquisition of step 8, intelligent video camera head starting audio-video, and the audio, video data for using random number as key pair and acquiring intoRow encryption, is sent to user terminal;
The encrypted random number that step 9, user terminal will acquire is decrypted using private key, using the random number decrypted as closeKey is decrypted the audio, video data of the encryption received, obtains audio, video data.
End data is the user's characteristic information of intelligent video camera head equipment ID number or user terminal.
User's characteristic information includes user's birthday and home address.
When user terminal, which issues, closes audio-video collection instruction, user terminal and intelligent video camera head remove it is data cached and withMachine number key.
User terminal is the mobile terminal App of user, such as mobile phone A pp.
National secret algorithm encryption chip USBKey is used in intelligent video camera head.
Randomizer is built in national secret algorithm encryption chip USBKey.
The beneficial effects obtained by the present invention are as follows:
1, it does not need to carry out certificate management, take up less resources;Without using Bilinear map operation, computational efficiency is high;Using dual keyMechanism, user key are divided into encryption key and signature key two types, meet national Password Management policy;User's signature keyIt is generated jointly by user and key generation centre, signature has legal effect;User key can be cancelled and be replaced.
2, high-intensitive identity identifying and authenticating mode.User key safety is mainly reflected in other people cannot be from user's public affairsKey releases private key for user, can not forge user key, implement public key substitution attack or forgery attack to user.
Using public and private key cipher authentication, current account/cipher authentication mode is substituted.High-intensitive public affairs private key cryptographic enhancingThe intensity and complexity of identity identifying and authenticating, avoid between conventional intelligent video camera head and user mobile phone App simply by accountNumber+presence of the insecurity factors such as intensity that the mode of password is caused cracks, default password, lead to the audio/video information of userThe case where being leaked.
3, the circuit application model of the close chip of state is used using both sides, enhances the retarded capability attacked illegal invasion.ByIn the cryptographic algorithm promulgated using country, there is the guarantee of highest level business application in terms of Cipher Strength, safety.
Detailed description of the invention
Fig. 1 is flow chart of the method for the present invention.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.Following embodiment is only used for clearly illustrating the present inventionTechnical solution, and not intended to limit the protection scope of the present invention.
It is symmetrical, asymmetric close to refer to that the world/authorized by state can promote and apply for " cryptographic algorithm " that this patent definesCode algorithm and hash algorithm etc..
The method of this patent, refers to the framework using cryptographic algorithm, construct intelligent video camera head and control terminal identification,Security control, data confidentiality overall process architectural schemes.The end and end of this patent use hardware cryptographic module for optimized integration,Hardware cryptographic module+periodicity temporary key must be used in user terminal using hardware cryptographic module as main support by imaging head endFor application foundation, while increasing the property easy to use of user, it is ensured that protection intensity of the key within safety period.
As shown in connection with fig. 1, the method for intelligent video camera head security control of the invention and data confidentiality mainly includes following stepSuddenly:
1, intelligent video camera head and user mobile phone App there is the user of ownership to distinguish preset public private key pair the camera.
Public private key pair can be end data(Camera device ID number, user's birthday of user terminal, home address etc.)AsMark generates public private key pair with the mark, so that having the unique ID feature of equipment/user in the public private key pair intension;
2, intelligent video camera head completes the storage and protection for allowing to match public key, by the way of hash algorithm and signature, to userPublic key in mobile phone A pp is signed and anti-repudiation, to ensure that user mobile phone App public key is not distorted illegally.
3, according to common intelligent video camera head and user mobile phone APP communications and liaison rule, in the present invention intelligent video camera head by its Mac andRelated other information is sent to server, and keeps heartbeat, has ensured that and implements to send the IP address after change, so as to user mobile phoneApp is addressed.
4, user mobile phone App passes through Mac first or unique ID of corresponding intelligent video camera head is addressed to server.
5, it after user mobile phone App is addressed, is signed with public key of the private key to oneself, and send its public signature key extremelyIntelligent and safe camera.
6, intelligent video camera head carries out sign test to the data received, restores public key, and carry out Hash to stored public keyVerifying is to prevent malicious attack, counterfeit and distort.Then it is carried out with the public key of the public key and application connection that are stored in camera shooting head endIt compares, the application of user mobile phone App sending is then responded after comparing successfully, carry out audio-video connection, otherwise refusal access.
7, after camera shooting head end compares successfully, random number is generated using the randomizer of the close built-in chip type of state, and useThe mode of digital envelope carries out encryption to random number and is sent to user mobile phone App.
8, the acquisition of intelligent video camera head starting audio-video, and random number is used to be encrypted as key, it is sent to userApp。
9, user mobile phone App will acquire and is decrypted using its private key, and the random number decrypted regards sound as keyFrequency evidence is decrypted, and presents to user.
10, when user issues the control instruction for closing audio-video collection, user mobile phone App and intelligent video camera head are removed and are delayedDeposit data and random number key complete the control and use of intelligent and safe camera.
The principle of the encryption and decryption audiovisual data encrypting and deciphering of control instruction data is consistent, is mainly initiated by user App,Camera passively receives and executes instruction.
Using identification cipher technology, the key chip ID of cipher machine pair and equipment is used(Or other can be identified as uniquelySerial number)The common generation of public private key pair is carried out, so that public and private key has anti-repudiation to the particular community for implying the productFunction(Or unique sexual function)
User does not use account and password in registration, login and communication, and uses the side of the calculating verifying to public private key pairMethod avoids the possibility that account password is cracked, and realizes the trusted identity identification of intelligent and safe camera conscientiously.
It using nonnumeric certificate mode, therefore does not need to carry out certificate management, take up less resources;And it is transported without using Bilinear mapIt calculates, computational efficiency is high;
Using the close chip USBKey of the state that can be protected to key, using identification cipher technology, to public key progress from card and mutuallyCard, improves the security level of application.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the artFor member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformationsAlso it should be regarded as protection scope of the present invention.