CN113489765A - Method and system for video exchange identity authentication - Google Patents
Method and system for video exchange identity authentication Download PDFInfo
- Publication number
- CN113489765A CN113489765A CN202110704062.0A CN202110704062A CN113489765A CN 113489765 A CN113489765 A CN 113489765A CN 202110704062 A CN202110704062 A CN 202110704062A CN 113489765 A CN113489765 A CN 113489765A
- Authority
- CN
- China
- Prior art keywords
- camera
- identity
- platform
- middleware
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/561—Adding application-functional data or data for application control, e.g. adding metadata
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Library & Information Science (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention provides a method and a system for video exchange identity authentication. Wherein the method comprises: the camera needs to input user name and password information into the middleware; the middleware receives the Sip signaling request, and automatically matches an MD5 or SM4 encryption algorithm to encrypt the user name and the password of the camera; comparing the encrypted result with Sip identification information, and if the encrypted result is consistent with the Sip identification information, completing identity verification; sip signaling forwarding, namely, replacing identity information for the camera passing the identity verification of the middleware, forwarding the camera to a GB platform, receiving a response and forwarding the response to the camera; after the identity is verified, the GB platform performs platform identity authentication on the middleware; and after the platform identity authentication is completed, the camera and the GB platform transmit video data.
Description
Technical Field
The invention relates to the technical field of video data transmission, in particular to a method and a system for video exchange identity authentication.
Background
Generally, when video data transmission is performed, the GB platform first needs to perform identity authentication on a camera (device), and only after the identity authentication passes, signaling session establishment can be performed, and signaling interaction is completed to start video data transmission, which is a common direct (device and GB platform are directly connected).
gb28181 is an interface standard for ensuring the information transmission of a security video monitoring networking system, i.e., the application interface standard of network video in the security market, to have interoperability for network video products produced by different manufacturers in order to standardize the interconnection and intercommunication of equipment platforms in the security industry and thus to provide a standard for the platform.
GB platform: compatible with various video manufacturers, plays video data in the gb28181 protocol format, and has the functions of device registration and logout. And receiving the heartbeat sent by the equipment, and checking whether the equipment is offline or not. The system has the functions of real-time preview, video inquiry and video on demand. The system has the functions of video on demand control, play support, pause, rate control, positioning play and the like.
Sip (Session initiation Protocol) is a multimedia communication Protocol established by IETF (Internet Engineering Task Force), is a text-based application layer control Protocol used for creating, modifying and releasing sessions of one or more participants, is an IP voice Session control Protocol originated from the Internet, and has the characteristics of flexibility, easy implementation, convenient expansion and the like.
MD5 Message Digest Algorithm (MD5 Message-Digest Algorithm), which is a widely used cryptographic hash function to transform data (e.g. a segment of text) operation into another fixed length value, is the basic principle of hash Algorithm, and can generate a 128-bit (16-byte) hash value to ensure consistent information transmission.
SM4 original name SMS4.0 is a block cipher standard adopted by the government of the people's republic of China, belongs to a commercial cipher system, and is mainly used for data encryption. The algorithm is disclosed, the packet length and the character string length can be exchanged by 128 bits, the encryption algorithm and the key expansion algorithm adopt a 32-round nonlinear decomposition structure, and 8-bit input 8-bit output with fixed S box bits is adopted.
Equipment: the device herein includes a camera but is not limited to a camera, and may be referred to as a device as long as the gb28181 protocol number video data can be generated.
The publication number CN107846447A discloses a method for accessing a message middleware to a home terminal based on an MQTT protocol, which relates to the technical field of Internet of things and comprises the following steps: s1, importing the home terminal information; s2, the home terminal requests an authentication service platform, and calculation encryption is carried out to obtain a check code; s3, the home terminal sends the check code to the authentication service platform for comparison and verification, and if the check code is consistent with the check code, a security token is returned; s4, the home terminal carries a security token to request the authentication service platform to acquire message middleware connection information; and S5, the home terminal accesses the message middleware, and the middleware calls the authentication service platform interface to perform client identity authentication.
The prior art at present has the following defects:
1. the identity information of the camera (equipment) is not subjected to primary detection;
2. the identity information of the camera (equipment) can be counterfeited and registered;
3. identity information of the camera (equipment) can be cracked violently;
4. the direct connection between the identity information of the camera (equipment) and the GB platform is not blocked, which easily causes information leakage.
Disclosure of Invention
The invention aims to provide a method and a system for video exchange identity authentication to solve the technical problems in the prior art.
The invention provides a method for video exchange identity authentication, which comprises the following steps:
adding a middleware between the original camera and the GB platform;
adding a middleware to verify the identity of the camera before the original GB platform authenticates the identity of the camera;
after the GB platform performs identity authentication on the middleware and identity verification of the middleware on the camera, the camera and the GB platform perform video data transmission.
Preferably, the specific process of adding the middleware to verify the identity of the camera before the original GB platform authenticates the identity of the camera is as follows:
firstly, a camera and a GB platform need to input identity information into a middleware;
then, the middleware carries out identity verification on the camera;
after the identity is verified, replacing the verification information with GB platform identity information from the camera identity information, and performing platform identity authentication by the GB platform verification and middleware;
and finally, after the platform identity authentication is finished, the camera and the GB platform transmit video data.
Preferably, the identity information includes: a username and password.
Preferably, the verifying the identity of the camera by the middleware comprises:
inputting user names and passwords of a camera and a GB platform;
the middleware receives the signaling request, and the middleware automatically matches an encryption algorithm to encrypt a user name and a password of the camera;
and comparing the encrypted result with the signaling identification information, and if the result is consistent with the signaling identification information, completing identity verification.
Preferably, the signaling is Sip signaling.
Preferably, the signaling identification information is Sip identification information.
Preferably, the encryption algorithm is: MD5 or SM 4.
Preferably, the identity check does not distinguish between camera manufacturers.
Preferably, the GB platform includes well before carrying out platform identity authentication on the camera: and Sip signaling forwarding, namely, replacing identity information for the camera passing the identity verification of the middleware, forwarding the camera to the GB platform, receiving a response and forwarding the response to the camera.
Preferably, the system comprises:
a camera: a device that generates video data in the gb28181 protocol format;
a middleware: checking identity information and forwarding Sip signaling;
GB platform: receiving camera data for playing and authenticating identity;
the camera is connected with the middleware, and the middleware is connected with the GB platform;
the specific method for the middleware to verify the identity information comprises the following steps:
firstly, a camera needs to input a user name and a password into a middleware;
then, the middleware receives the Sip signaling request, automatically matches an MD5 or SM4 encryption algorithm to encrypt the user name and the password of the camera, compares the result of encryption completion with Sip identification information, and completes identity verification if the result of encryption completion is consistent with the Sip identification information;
the specific method for Sip signaling forwarding is as follows: and after replacing the identity information of the camera passing the identity verification of the middleware, forwarding the camera to the GB platform, receiving a response and forwarding the response to the camera.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
1. advanced architecture, stable technology and cost saving
2. The method is easy to implement, does not change the original process, and has low invasiveness
3. The mode is simple, and the security is high.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description in the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of a method for video exchange identity authentication used in the present invention;
fig. 2 is a block diagram of a video exchange identity authentication system employed in the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the present application provides a method for video exchange identity authentication, the method comprising:
firstly, a camera and a GB platform need to input user name and password information into a middleware;
then, the middleware receives the Sip signaling request, and the middleware automatically matches an MD5 or SM4 encryption algorithm to encrypt the user name and the password of the camera;
comparing the encrypted result with Sip identification information, and if the encrypted result is consistent with the Sip identification information, completing identity verification;
the identity verification does not distinguish camera manufacturers;
sip signaling forwarding, namely, replacing identity information for the camera passing the identity verification of the middleware, forwarding the camera to a GB platform, receiving a response and forwarding the response to the camera;
after the identity is verified, replacing the verification information with GB platform identity information from the camera identity information, and performing platform identity authentication by the GB platform verification and middleware;
and finally, after the platform identity authentication is finished, the camera and the GB platform transmit video data.
As shown in fig. 2, a second aspect of the present invention provides a system for video exchange identity authentication, where the system includes:
a camera: a device that generates video data in the gb28181 protocol format;
a middleware: checking identity information and forwarding Sip signaling;
GB platform: receiving camera data for playing and authenticating identity;
the camera is connected with the middleware, and the middleware is connected with the GB platform;
the specific method for the middleware to verify the identity information comprises the following steps:
firstly, a camera needs to input a user name and a password into a middleware;
then, the middleware receives the Sip signaling request, automatically matches an MD5 or SM4 encryption algorithm to encrypt the user name and the password of the camera, compares the result of encryption completion with Sip identification information, and completes identity verification if the result of encryption completion is consistent with the Sip identification information;
the specific method for Sip signaling forwarding is as follows: and after replacing the identity information of the camera passing the identity verification of the middleware, forwarding the camera to the GB platform, receiving a response and forwarding the response to the camera.
As shown in fig. 1, an embodiment
The precondition is that the video data format of the camera (equipment) conforms to the gb28181 standard.
1. The information of the camera (equipment) and the GB platform is input into the middleware, and an account and a password need to be filled in during input.
2. And (4) inputting the middleware information into the GB platform, and filling an account and a password when inputting.
3. After the entry is completed, before the video data transmission is started. The middleware automatically performs matching encryption (SM4, MD5) for comparison according to the information in the Sip signaling, and returns an error identifier if the comparison is inconsistent.
4. And after the middleware identity authentication is passed, checking corresponding GB platform information and replacing corresponding identity data in Sip signaling for message forwarding.
5. And after receiving the Sip request information, the GB platform encrypts the information, compares the encrypted result, consistently receives the message, returns a handshake establishment success identifier, and discordantly returns an error identifier to terminate Sip message establishment.
6. And after the middleware and the GB platform pass the full identity authentication, starting Sip session establishment to transmit video data.
Claims (10)
1. A method of video exchange identity authentication, the method comprising:
adding a middleware between the original camera and the GB platform;
adding a middleware to verify the identity of the camera before the original GB platform authenticates the identity of the camera;
after the GB platform performs identity authentication on the middleware and identity verification of the middleware on the camera, the camera and the GB platform perform video data transmission.
2. The method for video exchange identity authentication according to claim 1, wherein the specific process of adding the middleware to verify the identity of the camera before the original GB platform authenticates the identity of the camera is as follows:
firstly, a camera and a GB platform need to input identity information into a middleware;
then, the middleware carries out identity verification on the camera;
after the identity is verified, replacing the verification information with GB platform identity information from the camera identity information, and performing platform identity authentication by the GB platform verification and middleware;
and finally, after the platform identity authentication is finished, the camera and the GB platform transmit video data.
3. The method of video exchange identity authentication of claim 2, wherein the identity information comprises: a username and password.
4. The method of claim 3, wherein the middleware performing identity verification on the camera comprises:
inputting user names and passwords of a camera and a GB platform;
the middleware receives the signaling request, and the middleware automatically matches an encryption algorithm to encrypt a user name and a password of the camera;
and comparing the encrypted result with the signaling identification information, and if the result is consistent with the signaling identification information, completing identity verification.
5. The method of video exchange identity authentication according to claim 4, wherein the signaling is Sip signaling.
6. The method of claim 5, wherein the signaling identification information is Sip identification information.
7. The method of video exchange identity authentication according to claim 4, wherein the encryption algorithm is: MD5 or SM 4.
8. The method of video exchange identity authentication of claim 2, wherein the identity verification does not distinguish between camera vendors.
9. The method for video exchange identity authentication according to claim 5, wherein the GB platform performs the platform identity authentication on the camera before performing the platform identity authentication on the camera includes: and Sip signaling forwarding, namely, replacing identity information for the camera passing the identity verification of the middleware, forwarding the camera to the GB platform, receiving a response and forwarding the response to the camera.
10. A system for video exchange identity authentication, the system comprising:
a camera: a device that generates video data in the gb28181 protocol format;
a middleware: checking identity information and forwarding Sip signaling;
GB platform: receiving camera data for playing and authenticating identity;
the camera is connected with the middleware, and the middleware is connected with the GB platform;
the specific method for the middleware to verify the identity information comprises the following steps:
firstly, a camera needs to input a user name and a password into a middleware;
then, the middleware receives the Sip signaling request, automatically matches an MD5 or SM4 encryption algorithm to encrypt the user name and the password of the camera, compares the result of encryption completion with Sip identification information, and completes identity verification if the result of encryption completion is consistent with the Sip identification information;
the specific method for Sip signaling forwarding is as follows: and after replacing the identity information of the camera passing the identity verification of the middleware, forwarding the camera to the GB platform, receiving a response and forwarding the response to the camera.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110704062.0A CN113489765A (en) | 2021-06-24 | 2021-06-24 | Method and system for video exchange identity authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110704062.0A CN113489765A (en) | 2021-06-24 | 2021-06-24 | Method and system for video exchange identity authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113489765A true CN113489765A (en) | 2021-10-08 |
Family
ID=77936053
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110704062.0A Pending CN113489765A (en) | 2021-06-24 | 2021-06-24 | Method and system for video exchange identity authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113489765A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109492359A (en) * | 2018-10-11 | 2019-03-19 | 海南新软软件有限公司 | A kind of secure network middleware and its implementation and device for authentication |
| CN111711634A (en) * | 2020-06-23 | 2020-09-25 | 公安部第一研究所 | Card body information-based identity card reading system and method |
| CN112233262A (en) * | 2020-10-14 | 2021-01-15 | 南京奥拓电子科技有限公司 | Express cabinet system based on middleware and control method |
| CN112434276A (en) * | 2020-12-08 | 2021-03-02 | 武汉卓尔信息科技有限公司 | Self-adaptive identity recognition system based on UKEY |
-
2021
- 2021-06-24 CN CN202110704062.0A patent/CN113489765A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109492359A (en) * | 2018-10-11 | 2019-03-19 | 海南新软软件有限公司 | A kind of secure network middleware and its implementation and device for authentication |
| CN111711634A (en) * | 2020-06-23 | 2020-09-25 | 公安部第一研究所 | Card body information-based identity card reading system and method |
| CN112233262A (en) * | 2020-10-14 | 2021-01-15 | 南京奥拓电子科技有限公司 | Express cabinet system based on middleware and control method |
| CN112434276A (en) * | 2020-12-08 | 2021-03-02 | 武汉卓尔信息科技有限公司 | Self-adaptive identity recognition system based on UKEY |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347809B (en) | Application virtualization secure communication method oriented to autonomous controllable environment | |
| CN111327582B (en) | Authorization method, device and system based on OAuth protocol | |
| CN111050314B (en) | Client registration method, device and system | |
| US7325133B2 (en) | Mass subscriber management | |
| CN110290525A (en) | A kind of sharing method and system, mobile terminal of vehicle number key | |
| CN102868665A (en) | Method and device for data transmission | |
| EP3609152A1 (en) | Internet-of-things authentication system and internet-of-things authentication method | |
| JP2006025420A (en) | Device, process, and corresponding product for association of wireless local area network | |
| CN110808829B (en) | SSH authentication method based on key distribution center | |
| WO2011076008A1 (en) | System and method for transmitting files between wapi teminal and application sever | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| JP4838881B2 (en) | Method, apparatus and computer program product for encoding and decoding media data | |
| CN106534050A (en) | Method and device for realizing key agreement of virtual private network (VPN) | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| CN100544247C (en) | The negotiating safety capability method | |
| CN112399407B (en) | 5G network authentication method and system based on DH ratchet algorithm | |
| CN112242993B (en) | Bidirectional authentication method and system | |
| KR20090039451A (en) | Authentication method using secret keys derived from user password | |
| CN102694779B (en) | Combination attestation system and authentication method | |
| US8296558B1 (en) | Method and apparatus for securing communication between a mobile node and a network | |
| CN113660271B (en) | Security authentication method and device for Internet of vehicles | |
| CN115767527A (en) | Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency | |
| CN106162645B (en) | A kind of the quick of Mobile solution reconnects method for authenticating and system | |
| CN116233832A (en) | Verification information sending method and device | |
| CN113489765A (en) | Method and system for video exchange identity authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |