[go: up one dir, main page]

CN111711836B - A data transmission method, device, terminal equipment and storage medium - Google Patents

A data transmission method, device, terminal equipment and storage medium Download PDF

Info

Publication number
CN111711836B
CN111711836B CN202010351695.3A CN202010351695A CN111711836B CN 111711836 B CN111711836 B CN 111711836B CN 202010351695 A CN202010351695 A CN 202010351695A CN 111711836 B CN111711836 B CN 111711836B
Authority
CN
China
Prior art keywords
terminal
virtual terminal
monitoring
master virtual
video
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010351695.3A
Other languages
Chinese (zh)
Other versions
CN111711836A (en
Inventor
李志明
方小帅
谢文龙
杨春晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visionvera Information Technology Co Ltd
Original Assignee
Visionvera Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visionvera Information Technology Co Ltd filed Critical Visionvera Information Technology Co Ltd
Priority to CN202010351695.3A priority Critical patent/CN111711836B/en
Publication of CN111711836A publication Critical patent/CN111711836A/en
Application granted granted Critical
Publication of CN111711836B publication Critical patent/CN111711836B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • H04L65/403Arrangements for multi-party communication, e.g. for conferences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/75Media network packet handling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/21Server components or server architectures
    • H04N21/218Source of audio or video content, e.g. local disk arrays
    • H04N21/2187Live feed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/237Communication with additional data server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/239Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests
    • H04N21/2393Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests involving handling client requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a data transmission method, a data transmission device, terminal equipment and a storage medium, wherein a monitoring video watching request sent by a third-party video scheduling terminal is received; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data to a video networking terminal corresponding to the video networking number by the monitoring access server, wherein the encrypted monitoring video data corresponds to the terminal number of the non-master virtual terminal and is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of a non-master virtual terminal corresponding to a private key of the non-master virtual terminal; and the video network terminal decrypts the encrypted monitoring video data through the public key, and processes the data in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.

Description

Data transmission method, device, terminal equipment and storage medium
Technical Field
The present invention relates to the field of data transmission technologies, and in particular, to a data transmission method, a data transmission device, a terminal device, and a storage medium.
Background
The video networking is a real-time large-bandwidth transmission network of Ethernet hardware and is a special network for high-speed transmission of high-definition videos and special protocols. At present, the video networking products increasingly tend to be stable and commercialized, and are widely applied in the commercial field, and particularly, the video networking products are increasingly related to the interaction with data in the internet, when the video networking is interacted with the data in the internet, some security problems are often generated, and if the data are transmitted in a plaintext or encrypted by weak encryption, the data can still be possibly leaked.
Disclosure of Invention
In view of the foregoing, embodiments of the present invention are directed to providing a data transmission method, apparatus, terminal device, and storage medium that overcome or at least partially solve the foregoing problems.
In a first aspect, an embodiment of the present invention provides a data transmission method, where the method is applied to a conference management server in a data security monitoring system, where the data security monitoring system further includes a third party video scheduling terminal and a monitoring access server, and the method includes:
Receiving a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video network terminal number and a terminal number of a non-master virtual terminal;
sending the monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal so that the monitoring access server sends encrypted monitoring video data to a video networking terminal corresponding to the video networking terminal number, wherein the encrypted monitoring video data corresponds to the terminal number of the non-master virtual terminal and is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance;
acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal;
and sending the public key of the non-master virtual terminal to the video network terminal corresponding to the video network terminal number, so that the video network terminal decrypts the encrypted monitoring video data through the public key of the non-master virtual terminal.
Optionally, an internet-of-view encryption device is installed in the monitoring access server, a primary virtual terminal and the non-primary virtual terminal are configured on the monitoring access server, the primary virtual terminal is used for managing the non-primary virtual terminal, the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-primary virtual terminal in advance, and the method includes:
The monitoring access server receives the monitoring video data sent by the monitoring equipment corresponding to the non-master virtual terminal through the non-master virtual terminal;
and the monitoring access server encrypts the monitoring video data through the private key of the non-master virtual terminal in the video networking encryption equipment.
Optionally, the data security monitoring system further includes a network device management server and a data security server, and before receiving the monitoring video watching request sent by the third-party video scheduling terminal, the method further includes:
the network equipment management server receives a first authentication request of the master virtual terminal sent by the monitoring access server, wherein the first authentication request comprises equipment information of the master virtual terminal, and the equipment information of the master virtual terminal at least comprises a terminal number of the master virtual terminal;
the network equipment management server matches terminal numbers in the equipment information of the main virtual terminal according to a pre-established equipment information table;
if the terminal number of the master virtual terminal is matched with the terminal number of the preset master virtual terminal in the pre-established device information table, the network device management server sends the device information of the master virtual terminal to the data security server so that the data security server generates a key pair of the master virtual terminal, wherein the key pair of the master virtual terminal comprises a public key of the master virtual terminal and a private key of the master virtual terminal.
Optionally, the data security server generates a key pair of the master virtual terminal, including:
the data security server generates a key pair of the main virtual terminal by adopting an SM4 grouping algorithm according to the terminal number and the root key of the main virtual terminal;
the data security server stores the terminal number of the main virtual terminal and the public key of the corresponding main virtual terminal in a database of the data security server;
and the data security server sends the private key of the master virtual terminal to the video networking encryption equipment in the monitoring access server through the network equipment management server.
Optionally, after the request for the first authentication by the network device management server passes, the method further includes:
the network equipment management server receives a second authentication request sent by the non-master virtual terminal and sent by the monitoring access server, wherein the second authentication request comprises equipment information of the non-master virtual terminal and a private key of the master virtual terminal, and the equipment information of the non-master virtual terminal comprises a terminal number of the non-master virtual terminal and monitoring equipment information corresponding to the non-master virtual terminal;
The network equipment management server matches terminal numbers in the equipment information of the non-master virtual terminal according to a pre-established equipment information table;
if the private key of the primary virtual terminal exists in the pre-established device information table and the terminal number of the non-primary virtual terminal is matched with the terminal number of the preset virtual terminal in the pre-established device information table, the network device management server sends the device information of the non-primary virtual terminal and the private key of the primary virtual terminal to the data security server so that the data security server generates a key pair of the non-primary virtual terminal, wherein the key pair of the non-primary virtual terminal comprises a public key of the non-primary virtual terminal and a private key of the non-primary virtual terminal.
Optionally, the data security server generates a key pair of the non-master virtual terminal, including:
the data security server generates a key pair of the non-master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number of the master virtual terminal, the terminal number of the non-master virtual terminal, the monitoring equipment information corresponding to the non-master virtual terminal and a root key;
The data security server stores the terminal number of the non-master virtual terminal and the public key of the corresponding non-master virtual terminal in a database of the data security server;
and the data security server sends the private key of the non-master virtual terminal to the video networking encryption equipment of the monitoring access server through the network equipment management server.
Optionally, the obtaining the public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal includes:
receiving an acquisition request of a public key sent by a viewing networking terminal, wherein the acquisition request comprises a terminal number of the non-master virtual terminal;
and acquiring a public key of the non-master virtual terminal corresponding to the terminal number of the non-master virtual terminal through the database of the data security server according to the terminal number of the non-master virtual terminal.
In a second aspect, an embodiment of the present invention provides a data transmission device, where the device is applied to a conference management server in a data security monitoring system, and the data security monitoring system further includes a third party video scheduling terminal and a monitoring access server, where the device includes:
The receiving module is used for receiving a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video network terminal number and a terminal number of a non-master virtual terminal;
the monitoring video data acquisition module is used for sending the monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal so that the monitoring access server sends encrypted monitoring video data to a video networking terminal corresponding to the video networking terminal number, wherein the encrypted monitoring video data corresponds to the terminal number of the non-master virtual terminal and is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance;
a public key obtaining module, configured to obtain a public key of a non-primary virtual terminal corresponding to the private key of the non-primary virtual terminal;
and the decryption module is used for sending the public key of the non-master virtual terminal to the video network terminal corresponding to the video network terminal number so that the video network terminal decrypts the encrypted monitoring video data through the public key of the non-master virtual terminal.
Optionally, an internet-of-view encryption device is installed in the monitoring access server, a primary virtual terminal and the non-primary virtual terminal are configured on the monitoring access server, the primary virtual terminal is used for managing the non-primary virtual terminal, the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-primary virtual terminal in advance, and the method includes:
the monitoring access server receives the monitoring video data sent by the monitoring equipment corresponding to the non-master virtual terminal through the non-master virtual terminal;
and the monitoring access server encrypts the monitoring video data through the private key of the non-master virtual terminal in the video networking encryption equipment.
Optionally, the data security monitoring system further includes a network device management server and a data security server, and before executing the receiving module, the network device management server includes a first verification module, where the first verification module includes:
a first receiving unit, configured to receive a first authentication request of the primary virtual terminal sent by the monitoring access server, where the first authentication request includes device information of the primary virtual terminal, and the device information of the primary virtual terminal includes at least a terminal number of the primary virtual terminal;
A first matching unit, configured to match terminal numbers in the device information of the master virtual terminal according to a device information table that is established in advance;
and the first verification unit is used for sending the equipment information of the master virtual terminal to the data security server if the terminal number of the master virtual terminal is matched with the terminal number of the preset master virtual terminal in the pre-established equipment information table so as to enable the data security server to generate a key pair of the master virtual terminal, wherein the key pair of the master virtual terminal comprises a public key of the master virtual terminal and a private key of the master virtual terminal.
Optionally, the data security server includes a first key pair generation module, where the first key pair generation module is configured to:
generating a key pair of the master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number and the root key of the master virtual terminal;
storing the terminal number of the main virtual terminal and the public key of the corresponding main virtual terminal in a database of a data security server;
and sending the private key of the master virtual terminal to the video networking encryption equipment in the monitoring access server through the network equipment management server.
Optionally, before executing the receiving module, the network device management server includes a second verification module, where the second verification module includes:
a second receiving unit, configured to receive a second authentication request sent by the non-primary virtual terminal and sent by the monitoring access server, where the second authentication request includes device information of the non-primary virtual terminal and a private key of the primary virtual terminal, and the device information of the non-primary virtual terminal includes a terminal number of the non-primary virtual terminal and the monitoring device information corresponding to the non-primary virtual terminal;
a second matching unit, configured to match terminal numbers in the device information of the non-master virtual terminal according to a device information table that is established in advance;
and the second verification unit is used for sending the equipment information of the non-master virtual terminal and the private key of the master virtual terminal to the data security server if the private key of the master virtual terminal exists in the pre-established equipment information table and the terminal number of the non-master virtual terminal is matched with the terminal number of the preset virtual terminal in the pre-established equipment information table, so that the data security server generates a key pair of the non-master virtual terminal, wherein the key pair of the non-master virtual terminal comprises the public key of the non-master virtual terminal and the private key of the non-master virtual terminal.
Optionally, the data security server includes a second key pair generation module, where the second key pair generation module is configured to:
generating a key pair of the non-master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number of the master virtual terminal, the terminal number of the non-master virtual terminal, the monitoring equipment information corresponding to the non-master virtual terminal and the root key;
storing the terminal number of the non-master virtual terminal and the corresponding public key of the non-master virtual terminal in a database of a data security server;
and sending the private key of the non-master virtual terminal to the video networking encryption equipment of the monitoring access server through the network equipment management server.
Optionally, the public key obtaining module is configured to:
receiving an acquisition request of a public key sent by a viewing networking terminal, wherein the acquisition request comprises a terminal number of the non-master virtual terminal;
and acquiring a public key of the non-master virtual terminal corresponding to the terminal number of the non-master virtual terminal through the database of the data security server according to the terminal number of the non-master virtual terminal.
In a third aspect, an embodiment of the present invention provides a terminal device, including: at least one processor and memory;
The memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the data transmission method provided in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium having stored therein a computer program which, when executed, implements the data transmission method provided in the first aspect.
The embodiment of the invention has the following advantages:
the data transmission method, the data transmission device, the terminal equipment and the storage medium provided by the embodiment of the invention receive a monitoring video watching request sent by a third-party video scheduling terminal through a conference management server, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video network terminal corresponding to the video network terminal number, the video network terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.
Drawings
FIG. 1 is a flow chart of steps of an embodiment of a data transmission method of the present invention;
FIG. 2 is a flow chart of steps of another embodiment of a data transmission method of the present invention;
fig. 3 is a block diagram of an embodiment of a data transmission device of the present invention;
fig. 4 is a block diagram of still another embodiment of a data transmission device of the present invention;
fig. 5 is a schematic structural view of a terminal device of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
The nouns are explained as follows:
visual networking: an Ethernet hardware-based real-time large-bandwidth transmission network is used for a special network for high-speed transmission of high-definition videos and special protocols.
Monitoring access service: the video network monitoring access service system is core equipment for accessing internet monitoring resources into the video network, and is an important tie of the video network in monitoring fusion application. The method supports access to monitoring front-end equipment, video monitoring systems and video monitoring networking platforms of different manufacturers, has low-delay video-audio protocol conversion capability, and realizes fusion, aggregation and real-time scheduling of monitoring resources in the video networking.
Data security service: the system adopts an independent key management system, and relies on the system to complete the whole process management (key generation, storage, distribution, downloading, use, backup, update, destruction and the like) of the whole life cycle of the main control key, the maintenance key and the service operation key used by the application system, the validity authentication of service transaction data and the like.
Confidentiality: the message is ensured not to be illegally leaked and spread, and unauthorized persons cannot access the message.
Symmetric encryption and decryption: encryption and decryption use the same key encryption mechanism.
Asymmetric encryption/decryption-asymmetric encryption algorithm requires two keys: public keys and private keys. The public key and the private key are a pair, and if the data is encrypted by the public key, the data can be decrypted only by the corresponding private key. Because two different keys are used for encryption and decryption, this algorithm is called asymmetric encryption and decryption.
SM4 cryptographic algorithm: the method is a grouping algorithm, the algorithm is designed and put in profile, the structure is characterized, and the method is safe and efficient. The data packet is 128 bits in length and the key is 128 bits in length. The encryption algorithm and the key expansion algorithm both adopt a 32-round iterative structure. The SM4 cryptographic algorithm performs data processing in units of bytes (8 bits) and bytes (32 bits). The SM4 cryptographic algorithm is a involution operation, so the decryption algorithm is the same as the encryption algorithm in structure, except that the round keys are used in reverse order, and the decryption round keys are in reverse order of the encryption round keys.
In the embodiment of the invention, the monitoring access service adopts the monitoring access server to execute the function, and the data security service adopts the data security server to execute the function.
An embodiment of the invention provides a data transmission method for encrypting a monitoring number and then transmitting the encrypted monitoring number. The execution body of the embodiment is a data transmission device and a conference management server arranged in the data security monitoring system.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data transmission method of the present invention is shown, where the method may be applied to a conference management server in a data security monitoring system, where the data security monitoring system further includes a third party video scheduling terminal and a monitoring access server, and specifically may include the following steps:
s101, receiving a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video network terminal number and a terminal number of a non-master virtual terminal;
specifically, scheduling software is installed in the third-party video scheduling terminal, a user can select a certain video network terminal to watch the monitoring video data of a certain monitoring device on the scheduling software, the third-party video scheduling terminal sends a monitoring video watching request to the conference management server, and the monitoring video watching request comprises the video network terminal number and the terminal number of a non-master virtual terminal corresponding to the monitoring device.
S102, sending the monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, so that the monitoring access server sends encrypted monitoring video data to a video network terminal corresponding to the video network terminal number, wherein the encrypted monitoring video data corresponds to the terminal number of the non-master virtual terminal and is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance;
specifically, the conference management server forwards the monitoring video watching request to the monitoring access server, and the monitoring access server searches the monitoring video data corresponding to the terminal number of the non-master virtual terminal according to the terminal number of the non-master virtual terminal, and the monitoring video data is encrypted by the monitoring access server by adopting a private key configured for the non-master virtual terminal in advance. And the monitoring access server sends the encrypted monitoring video data to the video network terminal corresponding to the video network terminal number.
S103, obtaining a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal;
and after the video network terminal receives the encrypted monitoring video data, sending a request for obtaining the public key to the conference management server, sending the request to the data security server by the conference management server, and sending the public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal to the conference management server by the data security server.
And S104, sending the public key of the non-master virtual terminal to the video network terminal corresponding to the video network terminal number, so that the video network terminal decrypts the encrypted monitoring video data through the public key of the non-master virtual terminal.
Specifically, the conference management server sends the public key of the non-master virtual terminal to the video networking terminal corresponding to the video networking terminal number, and the video networking terminal decrypts the encrypted monitoring video data according to the public key of the non-master virtual terminal, so that the security of data transmission is improved through asymmetric encryption and decryption.
According to the data transmission method provided by the embodiment of the invention, a conference management server receives a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video networking terminal corresponding to the video networking terminal number, the video networking terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved
A further embodiment of the present invention further provides a method according to the above embodiment.
FIG. 2 is a flowchart illustrating steps of another embodiment of a data transmission method of the present invention, as shown in FIG. 2, applied to a data security monitoring system, where the data security monitoring system includes a conference management server, a third party video scheduling terminal, a monitoring access server, a network device management server, and a data security server;
the monitoring access server is provided with a video network encryption device, a main virtual terminal and a non-main virtual terminal are configured on the monitoring access server, the main virtual terminal does not carry out monitoring video service and is used for managing the non-main virtual terminal, the non-main virtual terminal is used for receiving monitoring video data sent by the monitoring device, and the monitoring access server encrypts the monitoring video data through a private key in the video network encryption device.
The video network encryption equipment is connected with a data security server through a private key, and the data security server makes a public key and a private key through video network encryption equipment information and equipment information of the virtual terminal;
the data transmission method comprises the following steps:
step A: the network equipment management server firstly verifies the identity of the main virtual terminal, and specifically:
Receiving a request for monitoring first authentication of the master virtual terminal sent by an access server, wherein the request for first authentication comprises equipment information of the master virtual terminal;
the network equipment management server matches the terminal number in the equipment information of the main virtual terminal according to a pre-established equipment information table;
if the terminal number in the device information of the main virtual terminal is matched with the terminal number of the preset main virtual terminal in the pre-established device information table, the network device management server sends the device information of the main virtual terminal to the data security server;
and (B) step (B): the data security server generates a key pair of the main virtual terminal according to the equipment information of the main virtual terminal and the information of the video networking encryption equipment, and specifically, the data security server generates the key pair of the main virtual terminal by adopting an SM4 grouping algorithm according to the terminal number of the main virtual terminal, the information of the video networking encryption equipment and the root key; the key pair of the master virtual terminal comprises a public key of the master virtual terminal and a private key of the master virtual terminal;
the data security server stores the terminal number of the main virtual terminal and the public key of the corresponding main virtual terminal in a database of the data security server;
And the data security server sends the private key of the main virtual terminal to the video networking encryption equipment in the monitoring access server through the network equipment management server.
Step C: the network device management server firstly verifies the identity of the non-master virtual terminal, and specifically:
the network equipment management server receives a second authentication request sent by a non-master virtual terminal and sent by the monitoring access server, wherein the second authentication request comprises equipment information of the non-master virtual terminal and a private key of the master virtual terminal;
the network equipment management server matches the terminal number in the equipment information of the non-master virtual terminal according to a pre-established equipment information table;
if the private key of the master virtual terminal exists in the pre-established device information table and the terminal number in the device information of the non-master virtual terminal is matched with the device information of the pre-established virtual terminal in the pre-established device information table, the network device management server sends the device information of the non-master virtual terminal and the private key of the master virtual terminal to the data security server;
step D: the data security server generates a key pair of the non-master virtual terminal according to the equipment information of the non-master virtual terminal, the information of the video network encryption equipment and the private key of the master virtual terminal, and specifically, the data security server generates the key pair of the non-master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number of the master virtual terminal, the terminal number of the non-master virtual terminal, the monitoring equipment information corresponding to the non-master virtual terminal, the information of the video network encryption equipment and the root key, wherein the key pair of the non-master virtual terminal comprises the public key of the non-master virtual terminal and the private key of the non-master virtual terminal.
The data security server stores the terminal number of the non-master virtual terminal and the public key of the corresponding non-master virtual terminal in a database of the data security server;
and the data security server sends the private key of the non-master virtual terminal to the video networking encryption equipment of the monitoring access server through the network equipment management server.
During actual data transmission, the data transmission, in particular,
step E: the conference management server receives a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal;
the third-party video scheduling terminal is pre-provided with scheduling software, such as pamil software. The user can select the monitoring video data of a certain monitoring device to be watched on the pamil software, and the third-party video scheduling terminal sends a monitoring video watching request through the scheduling software.
Step F: sending the monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, so that the monitoring access server sends encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number;
Specifically, the monitoring access server receives monitoring video data sent by monitoring equipment corresponding to a non-master virtual terminal through the non-master virtual terminal;
the monitoring access server encrypts the monitoring video data through a private key of a non-master virtual terminal in the video networking encryption equipment.
And after receiving the monitoring video watching request, sending the encrypted monitoring video data to the video network.
Step G: acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal;
specifically, the conference management server receives an acquisition request of a public key sent by a video networking terminal, wherein the acquisition request comprises a terminal number of a non-master virtual terminal;
the conference management server sends the acquisition request to a data security server, the data security server searches a public key of a non-master virtual terminal corresponding to the terminal number of the non-master virtual terminal through a pre-established database according to the terminal number of the non-master virtual terminal, wherein the pre-established database stores the corresponding relation between the terminal number of the virtual terminal and the public key, and sends the found public key of the non-master virtual terminal to the conference management server, and then the conference management server sends the public key to the video networking terminal.
Step H: and sending the public key of the non-master virtual terminal to the video network terminal corresponding to the video network terminal number, so that the video network terminal decrypts the encrypted monitoring video data through the public key of the non-master virtual terminal.
Specifically, the conference management server sends the public key to the video networking terminal corresponding to the video networking terminal number, and the video networking terminal decrypts the encrypted monitoring video data according to the non-master virtual terminal public key.
Specifically, the data transmission method as shown in fig. 2 includes:
(1) The monitoring access server sends a main virtual terminal identity verification request to the network equipment management server;
(2) The network equipment management server verifies the identity of the main virtual terminal, and if the verification is passed, the equipment information of the main virtual terminal is sent to the data security server;
(3) The data security server generates a main virtual terminal key pair comprising a public key and a private key, namely a signature key, sends the signature key to the network equipment management server, and stores the public key in a database;
(4) The network equipment management server sends the signature key of the main virtual terminal to the video networking encryption equipment of the monitoring access server;
(5) The monitoring access server sends a non-master virtual terminal identity verification request to the network equipment management server;
(6) The network equipment management server verifies the identity of the non-master virtual terminal, and if the verification is passed, the equipment information of the master virtual terminal and the signature key of the master virtual terminal are sent to the data security server;
(7) The data security server generates a non-master virtual terminal key pair comprising a public key and a private key, namely a signature key, sends the signature key to the network equipment management server, and stores the public key in a database;
(8) The network equipment management server sends a non-master virtual terminal signing key, namely a private key, to the video networking encryption equipment of the monitoring access server;
(9) The monitoring access server sends an acquisition request of a private key of a non-master virtual terminal to the network equipment management server;
(10) The network equipment management server sends an acquisition request of a private key of a non-master virtual terminal to the data security server;
(11) The data security server sends the private key of the non-master virtual terminal to the network equipment management server;
(12) The network equipment management server sends the private key to the video network encryption equipment;
(13) The conference management server receives a request for watching the monitoring A, which is sent by the pamil converged video scheduling platform;
(14) The conference management server sends a request for acquiring the public key A to the data security server;
(15) The conference management server receives a public key A sent by the data security server;
(16) The conference management server sends the public key A to the video networking terminal;
(17) The conference management server sends a request for watching the monitoring video of the monitoring A to the monitoring access server;
(18) The monitoring access server sends the encrypted monitoring video to the video network, the video network terminal obtains the encrypted monitoring video from the video network, and the encrypted monitoring video is encrypted through the private key.
According to the data transmission method provided by the embodiment of the invention, the security in the process of monitoring video data transmission can be greatly improved through the identity authentication and hardware encryption of the virtual terminal.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
According to the data transmission method provided by the embodiment of the invention, a conference management server receives a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video network terminal corresponding to the video network terminal number, the video network terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.
Another embodiment of the present invention provides a data transmission apparatus for executing the data transmission method provided in the foregoing embodiment.
Referring to fig. 3, a block diagram of an embodiment of a data transmission device of the present invention is shown, where the device may be applied to a conference management server in a data security monitoring system, where the data security monitoring system further includes a third party video scheduling terminal and a monitoring access server, and specifically may include the following modules: a receiving module 301, a surveillance video data obtaining module 302, a public key obtaining module 303 and a decrypting module 304, wherein:
the receiving module 301 is configured to receive a surveillance video viewing request sent by a third party video scheduling terminal, where the surveillance video viewing request includes a terminal number of a video network and a terminal number of a non-master virtual terminal;
the monitor video data obtaining module 302 is configured to send the monitor video viewing request to a monitor access server corresponding to the terminal number of the non-primary virtual terminal, so that the monitor access server sends encrypted monitor video data to a video network terminal corresponding to the video network terminal number, where the encrypted monitor video data corresponds to the terminal number of the non-primary virtual terminal and is encrypted by the monitor access server through a private key configured in advance for the non-primary virtual terminal;
The public key obtaining module 303 is configured to obtain a public key of a non-primary virtual terminal corresponding to the private key of the non-primary virtual terminal;
the decryption module 304 is configured to send the public key of the non-primary virtual terminal to the internet-of-view terminal corresponding to the internet-of-view terminal number, so that the internet-of-view terminal decrypts the encrypted surveillance video data through the public key of the non-primary virtual terminal.
The data transmission device provided by the embodiment of the invention receives a monitoring video watching request sent by a third-party video scheduling terminal through a conference management server, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video network terminal corresponding to the video network terminal number, the video network terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.
A further embodiment of the present invention further provides a data transmission device provided in the above embodiment.
Fig. 4 is a block diagram of still another embodiment of a data transmission apparatus according to the present invention, as shown in fig. 4, applied to a data security monitoring system, where the data security monitoring system includes a conference management server, a third party video scheduling terminal, a monitoring access server, a network device management server, and a data security server, where a video network encryption device is installed in the monitoring access server, a primary virtual terminal and a non-primary virtual terminal are configured on the monitoring access server, the primary virtual terminal is used for managing the non-primary virtual terminal, the non-primary virtual terminal is used for receiving monitoring video data sent by the monitoring device, and the monitoring access server encrypts the monitoring video data through a private key in the video network encryption device.
Specifically, the conference management server includes a receiving module 301, a monitoring video data obtaining module 302, a public key obtaining module 303, and a decrypting module 304, where the decrypting module 304 is connected to a video network encrypting device 405 in the monitoring access server, which is not described herein again;
optionally, the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance, including:
The monitoring access server receives the monitoring video data sent by the monitoring equipment corresponding to the non-master virtual terminal through the non-master virtual terminal;
and the monitoring access server encrypts the monitoring video data through the private key of the non-master virtual terminal in the video networking encryption equipment.
Optionally, the network device management server includes a first verification module 401, and the first verification module 401 includes: the first receiving unit 4011, the first matching unit 4012, and the first verification unit 4013, and specifically:
the first receiving unit 4011 is configured to receive a first authentication request of the primary virtual terminal sent by the monitoring access server, where the first authentication request includes device information of the primary virtual terminal, and the device information of the primary virtual terminal includes at least a terminal number of the primary virtual terminal;
the first matching unit 4012 is configured to match terminal numbers in the device information of the primary virtual terminal according to a device information table that is established in advance;
the first verification unit 4013 is configured to send the device information of the primary virtual terminal to the data security server if the terminal number of the primary virtual terminal matches with a terminal number of a preset primary virtual terminal in the pre-established device information table, so that the data security server generates a key pair of the primary virtual terminal, where the key pair of the primary virtual terminal includes a public key of the primary virtual terminal and a private key of the primary virtual terminal.
Optionally, the network device management server includes a second authentication module 402, and the second authentication module 402 includes: a second receiving unit 4021, a second matching unit 4022, and a second verification unit 4023, specifically:
the second receiving unit 4021 is configured to receive a second authentication request sent by the non-primary virtual terminal and sent by the monitoring access server, where the second authentication request includes device information of the non-primary virtual terminal and a private key of the primary virtual terminal, and the device information of the non-primary virtual terminal includes a terminal number of the non-primary virtual terminal and the monitoring device information corresponding to the non-primary virtual terminal;
the second matching unit 4022 is configured to match terminal numbers in the device information of the non-primary virtual terminal according to a device information table that is established in advance;
the second verification unit 4023 is configured to send, if the private key of the primary virtual terminal exists in the pre-established device information table and the terminal number of the non-primary virtual terminal matches the terminal number of the preset virtual terminal in the pre-established device information table, the device information of the non-primary virtual terminal and the private key of the primary virtual terminal to the data security server, so that the data security server generates a key pair of the non-primary virtual terminal, where the key pair of the non-primary virtual terminal includes a public key of the non-primary virtual terminal and a private key of the non-primary virtual terminal.
Optionally, the data security server includes a first key pair generating module 403, connected to the first verification module 401, where the first key pair generating module 403 is configured to:
generating a key pair of the master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number and the root key of the master virtual terminal;
storing the terminal number of the main virtual terminal and the public key of the corresponding main virtual terminal in a database of a data security server;
and sending the private key of the master virtual terminal to the video networking encryption equipment in the monitoring access server through the network equipment management server.
Optionally, the data security server includes a second key pair generating module 404 connected to the second verification module 402, where the second key pair generating module 404 is configured to:
generating a key pair of the non-master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number of the master virtual terminal, the terminal number of the non-master virtual terminal, the monitoring equipment information corresponding to the non-master virtual terminal and the root key;
storing the terminal number of the non-master virtual terminal and the corresponding public key of the non-master virtual terminal in a database of a data security server;
And sending the private key of the non-master virtual terminal to the video networking encryption equipment of the monitoring access server through the network equipment management server.
Optionally, the public key obtaining module 303 is configured to:
receiving an acquisition request of a public key sent by a viewing networking terminal, wherein the acquisition request comprises a terminal number of the non-master virtual terminal;
and acquiring a public key of the non-master virtual terminal corresponding to the terminal number of the non-master virtual terminal through the database of the data security server according to the terminal number of the non-master virtual terminal.
It should be noted that, in this embodiment, each of the embodiments may be implemented separately, or may be implemented in any combination without conflict, without limiting the application.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
The data transmission device provided by the embodiment of the application receives a monitoring video watching request sent by a third-party video scheduling terminal through a conference management server, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video network terminal corresponding to the video network terminal number, the video network terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.
A further embodiment of the present invention provides a terminal device configured to perform the data transmission method provided in the foregoing embodiment.
Fig. 5 is a schematic structural view of a terminal device of the present invention, as shown in fig. 5, the terminal device includes: at least one processor 501 and memory 502;
the memory stores a computer program; the at least one processor executes the computer program stored in the memory to implement the data transmission method provided in the above embodiment.
The terminal device provided in this embodiment receives, through the conference management server, a surveillance video viewing request sent by a third-party video scheduling terminal, where the surveillance video viewing request includes a video network terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to a terminal number of a non-master virtual terminal, and obtaining encrypted monitoring video data corresponding to the terminal of the non-master virtual terminal, which is sent by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video network terminal corresponding to the video network terminal number, the video network terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.
A further embodiment of the present application provides a computer-readable storage medium having stored therein a computer program which, when executed, implements the data transmission method provided in any of the above embodiments.
According to the computer readable storage medium of the embodiment, a monitoring video watching request sent by a third-party video scheduling terminal is received through a conference management server, wherein the monitoring video watching request comprises a video networking terminal number and a terminal number of a non-master virtual terminal; sending a monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, and sending encrypted monitoring video data corresponding to the terminal number of the non-master virtual terminal to a video networking terminal corresponding to the video networking terminal number by the monitoring access server, wherein the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-master virtual terminal in advance; acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal; the public key is sent to the video network terminal corresponding to the video network terminal number, the video network terminal decrypts the encrypted monitoring video data through the public key, and the data are processed in an asymmetric encryption and decryption mode, so that the safety of data transmission is improved.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, electronic devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing electronic device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing electronic device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or electronic device that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or electronic device. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or electronic device that comprises the element.
The foregoing has described in detail a data transmission method and a data transmission device according to the present invention, and specific examples are provided herein to illustrate the principles and embodiments of the present invention, the above examples being provided only to assist in understanding the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (10)

1. The data transmission method is characterized by being applied to a conference management server in a data security monitoring system, wherein the data security monitoring system also comprises a third-party video scheduling terminal and a monitoring access server, and the method comprises the following steps:
receiving a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video network terminal number and a terminal number of a non-master virtual terminal;
the monitoring video watching request is sent to a monitoring access server corresponding to the terminal number of the non-master virtual terminal, so that the monitoring access server sends encrypted monitoring video data to a video network terminal corresponding to the video network terminal number, wherein the encrypted monitoring video data corresponds to the terminal number of the non-master virtual terminal, the monitoring access server encrypts the monitoring video data through a private key configured for the non-master virtual terminal in advance, a video network encryption device is installed in the monitoring access server, a master virtual terminal and a non-master virtual terminal are configured on the monitoring access server, the master virtual terminal does not conduct monitoring video service and is used for managing the non-master virtual terminal, the non-master virtual terminal is used for receiving the monitoring video data sent by the monitoring device, and the monitoring access server encrypts the monitoring video data through the private key in the video network encryption device;
Acquiring a public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal;
and sending the public key of the non-master virtual terminal to the video network terminal corresponding to the video network terminal number, so that the video network terminal decrypts the encrypted monitoring video data through the public key of the non-master virtual terminal.
2. The method according to claim 1, wherein a video networking encryption device is installed in the monitoring access server, a primary virtual terminal and the non-primary virtual terminal are configured on the monitoring access server, the primary virtual terminal is used for managing the non-primary virtual terminal, the encrypted monitoring video data is encrypted by the monitoring access server through a private key configured for the non-primary virtual terminal in advance, and the method includes:
the monitoring access server receives monitoring video data sent by monitoring equipment corresponding to the non-master virtual terminal through the non-master virtual terminal;
and the monitoring access server encrypts the monitoring video data through the private key of the non-master virtual terminal in the video networking encryption equipment.
3. The method of claim 2, wherein the data security monitoring system further comprises a network device management server and a data security server, the method further comprising, prior to receiving the surveillance video viewing request sent by the third party video scheduling terminal:
the network equipment management server receives a first authentication request of the master virtual terminal sent by the monitoring access server, wherein the first authentication request comprises equipment information of the master virtual terminal, and the equipment information of the master virtual terminal at least comprises a terminal number of the master virtual terminal;
the network equipment management server matches terminal numbers in the equipment information of the main virtual terminal according to a pre-established equipment information table;
if the terminal number of the master virtual terminal is matched with the terminal number of the preset master virtual terminal in the pre-established device information table, the network device management server sends the device information of the master virtual terminal to the data security server so that the data security server generates a key pair of the master virtual terminal, wherein the key pair of the master virtual terminal comprises a public key of the master virtual terminal and a private key of the master virtual terminal.
4. A method according to claim 3, wherein the data security server generates a key pair for the primary virtual terminal, comprising:
the data security server generates a key pair of the main virtual terminal by adopting an SM4 grouping algorithm according to the terminal number and the root key of the main virtual terminal;
the data security server stores the terminal number of the main virtual terminal and the public key of the corresponding main virtual terminal in a database of the data security server;
and the data security server sends the private key of the master virtual terminal to the video networking encryption equipment in the monitoring access server through the network equipment management server.
5. A method according to claim 3, wherein after the request for the first authentication by the network device management server passes, the method further comprises:
the network equipment management server receives a second authentication request sent by the non-master virtual terminal and sent by the monitoring access server, wherein the second authentication request comprises equipment information of the non-master virtual terminal and a private key of the master virtual terminal, and the equipment information of the non-master virtual terminal comprises a terminal number of the non-master virtual terminal and monitoring equipment information corresponding to the non-master virtual terminal;
The network equipment management server matches terminal numbers in the equipment information of the non-master virtual terminal according to a pre-established equipment information table;
if the private key of the primary virtual terminal exists in the pre-established device information table and the terminal number of the non-primary virtual terminal is matched with the terminal number of the preset virtual terminal in the pre-established device information table, the network device management server sends the device information of the non-primary virtual terminal and the private key of the primary virtual terminal to the data security server so that the data security server generates a key pair of the non-primary virtual terminal, wherein the key pair of the non-primary virtual terminal comprises a public key of the non-primary virtual terminal and a private key of the non-primary virtual terminal.
6. The method of claim 5, wherein the data security server generating a key pair for a non-master virtual terminal comprises:
the data security server generates a key pair of the non-master virtual terminal by adopting an SM4 grouping algorithm according to the terminal number of the master virtual terminal, the terminal number of the non-master virtual terminal, the monitoring equipment information corresponding to the non-master virtual terminal and a root key;
The data security server stores the terminal number of the non-master virtual terminal and the public key of the corresponding non-master virtual terminal in a database of the data security server;
and the data security server sends the private key of the non-master virtual terminal to the video networking encryption equipment of the monitoring access server through the network equipment management server.
7. The method of claim 6, wherein the obtaining the public key of the non-master virtual terminal corresponding to the private key of the non-master virtual terminal comprises:
receiving an acquisition request of a public key sent by a viewing networking terminal, wherein the acquisition request comprises a terminal number of the non-master virtual terminal;
and acquiring a public key of the non-master virtual terminal corresponding to the terminal number of the non-master virtual terminal through the database of the data security server according to the terminal number of the non-master virtual terminal.
8. The data transmission device is characterized in that the device is applied to a conference management server in a data security monitoring system, the data security monitoring system also comprises a third-party video scheduling terminal and a monitoring access server, and the device comprises:
The receiving module is used for receiving a monitoring video watching request sent by a third-party video scheduling terminal, wherein the monitoring video watching request comprises a video network terminal number and a terminal number of a non-master virtual terminal;
the monitoring video data acquisition module is used for sending the monitoring video watching request to a monitoring access server corresponding to the terminal number of the non-master virtual terminal so that the monitoring access server sends encrypted monitoring video data to a video network terminal corresponding to the video network terminal number, wherein the encrypted monitoring video data corresponds to the terminal number of the non-master virtual terminal, the monitoring access server encrypts the monitoring video data through a private key configured for the non-master virtual terminal in advance, a video network encryption device is installed in the monitoring access server, a master virtual terminal and a non-master virtual terminal are configured on the monitoring access server, the master virtual terminal does not conduct monitoring video service and is used for managing the non-master virtual terminal, the non-master virtual terminal is used for receiving the monitoring video data sent by the monitoring device, and the monitoring access server encrypts the monitoring video data through the private key in the video network encryption device;
A public key obtaining module, configured to obtain a public key of a non-primary virtual terminal corresponding to the private key of the non-primary virtual terminal;
and the decryption module is used for sending the public key of the non-master virtual terminal to the video network terminal corresponding to the video network terminal number so that the video network terminal decrypts the encrypted monitoring video data through the public key of the non-master virtual terminal.
9. A terminal device, comprising: at least one processor and memory;
the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the data transmission method of any one of claims 1-7.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when executed, implements the data transmission method of any one of claims 1-7.
CN202010351695.3A 2020-04-28 2020-04-28 A data transmission method, device, terminal equipment and storage medium Active CN111711836B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010351695.3A CN111711836B (en) 2020-04-28 2020-04-28 A data transmission method, device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010351695.3A CN111711836B (en) 2020-04-28 2020-04-28 A data transmission method, device, terminal equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111711836A CN111711836A (en) 2020-09-25
CN111711836B true CN111711836B (en) 2023-11-28

Family

ID=72536793

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010351695.3A Active CN111711836B (en) 2020-04-28 2020-04-28 A data transmission method, device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111711836B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079696A (en) * 2007-06-29 2007-11-28 中兴通讯股份有限公司 A stream media encryption system and method for industrial monitoring system
CN104270614A (en) * 2014-10-16 2015-01-07 浙江宇视科技有限公司 A video encryption and decryption method and device
CN109150502A (en) * 2018-09-19 2019-01-04 广州通达汽车电气股份有限公司 Data ciphering method, device, system, computer equipment and storage medium
CN109698935A (en) * 2017-10-24 2019-04-30 中国移动通信有限公司研究院 Monitor video encrypting and decrypting method and device, equipment, storage medium, system
CN109743536A (en) * 2018-11-29 2019-05-10 视联动力信息技术股份有限公司 A kind of method and apparatus of video data access
CN109842519A (en) * 2018-12-25 2019-06-04 视联动力信息技术股份有限公司 A kind of method and apparatus of preview video stream

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553951B (en) * 2015-12-08 2019-11-08 腾讯科技(深圳)有限公司 Data transmission method and device
KR101760092B1 (en) * 2016-05-09 2017-07-21 주식회사에스에이티 Apparatus for security enhancement in closed circuit television using hardware security module and the method by using the same

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079696A (en) * 2007-06-29 2007-11-28 中兴通讯股份有限公司 A stream media encryption system and method for industrial monitoring system
CN104270614A (en) * 2014-10-16 2015-01-07 浙江宇视科技有限公司 A video encryption and decryption method and device
CN109698935A (en) * 2017-10-24 2019-04-30 中国移动通信有限公司研究院 Monitor video encrypting and decrypting method and device, equipment, storage medium, system
CN109150502A (en) * 2018-09-19 2019-01-04 广州通达汽车电气股份有限公司 Data ciphering method, device, system, computer equipment and storage medium
CN109743536A (en) * 2018-11-29 2019-05-10 视联动力信息技术股份有限公司 A kind of method and apparatus of video data access
CN109842519A (en) * 2018-12-25 2019-06-04 视联动力信息技术股份有限公司 A kind of method and apparatus of preview video stream

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
浅析大规模可运营视频监控网络系统的安全机制;赵毅;;科技创新与应用(02);全文 *

Also Published As

Publication number Publication date
CN111711836A (en) 2020-09-25

Similar Documents

Publication Publication Date Title
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
US11831753B2 (en) Secure distributed key management system
CN108809953B (en) A method and device for anonymous identity authentication based on blockchain
CN104113409B (en) A key management method and system for a SIP video surveillance networking system
CN111104691A (en) Sensitive information processing method and device, storage medium and equipment
CN106878016A (en) Data is activation, method of reseptance and device
CN108809633B (en) Identity authentication method, device and system
CN103138939A (en) Secret key use time management method based on credible platform module under cloud storage mode
CN108809936B (en) A kind of intelligent mobile terminal identity verification method based on hybrid encryption algorithm and its implementation system
KR102298266B1 (en) Data access control method and system using attribute-based password for secure and efficient data sharing in cloud environment
CN107613316B (en) Live network push stream verification method and system
CN109547445A (en) A kind of method and system that verifying client network requests are legal
US11258601B1 (en) Systems and methods for distributed digital rights management with decentralized key management
CN104125239B (en) A kind of method for network authorization transmitted based on data link encryption and system
CN102957708A (en) Application encrypting and decrypting method, server and terminal
CN111080299B (en) Anti-repudiation method for transaction information, client and server
CN108881966B (en) Information processing method and related equipment
CN105868987B (en) A kind of method and system of shared information between devices
KR20070063534A (en) Regular content verification method, content transmission / reception system, transmitter and receiver
CN113259722B (en) Secure video Internet of things key management method, device and system
CN115484031A (en) SGX-based method and system for removing duplicate of cloud storage ciphertext without trusted third party
CN114710508A (en) A blockchain-based data synchronization method and related device
CN112039663B (en) Data transmission method and system
CN119995879A (en) End-to-end encrypted data key distribution method, electronic device and program product
CN111711836B (en) A data transmission method, device, terminal equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 33rd Floor, No.1 Huasheng Road, Yuzhong District, Chongqing 400013

Patentee after: VISIONVERA INFORMATION TECHNOLOGY Co.,Ltd.

Country or region after: China

Address before: 100000 Beijing Dongcheng District Qinglong Hutong 1 Song Hua Building A1103-1113

Patentee before: VISIONVERA INFORMATION TECHNOLOGY Co.,Ltd.

Country or region before: China

PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A data transmission method, device, terminal equipment, and storage medium

Granted publication date: 20231128

Pledgee: Chongqing Rural Commercial Bank Co.,Ltd. Yuzhong Branch

Pledgor: VISIONVERA INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2025500000214