[go: up one dir, main page]

CN114286051B - A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol - Google Patents

A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol Download PDF

Info

Publication number
CN114286051B
CN114286051B CN202111554560.8A CN202111554560A CN114286051B CN 114286051 B CN114286051 B CN 114286051B CN 202111554560 A CN202111554560 A CN 202111554560A CN 114286051 B CN114286051 B CN 114286051B
Authority
CN
China
Prior art keywords
fdwsf
control signaling
protocol
proxy module
registration message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111554560.8A
Other languages
Chinese (zh)
Other versions
CN114286051A (en
Inventor
王聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Zhongzhi Digital Technology Co ltd
Original Assignee
Wuhan Zhongzhi Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Zhongzhi Digital Technology Co ltd filed Critical Wuhan Zhongzhi Digital Technology Co ltd
Priority to CN202111554560.8A priority Critical patent/CN114286051B/en
Publication of CN114286051A publication Critical patent/CN114286051A/en
Application granted granted Critical
Publication of CN114286051B publication Critical patent/CN114286051B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

一种基于GB35114协议的GB28181监控系统的升级改造方法及系统,所述系统包括协议代理模块以及基于GB28181协议的视频监控系统和FDWSF设备,所述视频监控系统与FDWSF设备通过所述协议代理模块进行通信,所述协议代理模块用于为视频监控系统与FDWSF设备之间的通信提供基于数字证书的设备身份认证和控制信令认证。可以在不改变原有软件架构的情况下,实现当前的网络视频监控系统改造和FDWSF的接入,方法操作简单高效、升级范围极小、成本低廉。

A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol, the system comprising a protocol proxy module, a video monitoring system based on the GB28181 protocol, and a FDWSF device, the video monitoring system and the FDWSF device communicate through the protocol proxy module, and the protocol proxy module is used to provide device identity authentication and control signaling authentication based on digital certificates for the communication between the video monitoring system and the FDWSF device. The current network video monitoring system transformation and FDWSF access can be realized without changing the original software architecture, and the method is simple and efficient to operate, with a minimal upgrade scope and low cost.

Description

GB35114 protocol-based upgrading and reforming method and system for GB28181 monitoring system
Technical Field
The invention relates to the technical field of communication, in particular to an upgrade and reconstruction method and system of a GB28181 monitoring system based on a GB35114 protocol.
Background
With the increasing requirement of public safety video monitoring networking systems on audio and video information security, the requirements of GB35114 public safety video monitoring networking information security technology are generated, wherein the network video monitoring system is required to realize the access to front-end equipment (hereinafter referred to as FDWSF) with a security function, namely the current network video monitoring system is required to have the security functions of equipment identity authentication, control signaling security authentication and the like based on digital certificates. How to modify the current GB28181 monitoring system to complete FDWSF access according to the GB35114 standard becomes a problem to be solved by each monitoring system.
Disclosure of Invention
In view of the technical defects and technical drawbacks existing in the prior art, the embodiment of the invention provides an upgrade and reconstruction method and system for a GB28181 monitoring system based on a GB35114 protocol, which overcomes or at least partially solves the above problems, and the specific scheme is as follows:
as a first aspect of the present invention, there is provided a method for upgrading and reforming a GB28181 monitoring system based on the GB35114 protocol, the method comprising:
step 1, adding a protocol agent module between a video monitoring system based on GB28181 protocol and FDWSF equipment;
and 2, providing equipment identity authentication and control signaling authentication based on a digital certificate for communication between the video monitoring system and FDWSF equipment through a protocol agent module.
Further, in step 2, the identity authentication process includes:
A registration message is sent to a protocol agent module through FDWSF equipment, wherein the registration message carries an Authorization header field of a GB35114 protocol, and the security item in the Authorization header field describes the security Capability of FDWSF equipment;
After receiving the registration message of FDWSF devices, the protocol agent module registers FDWSF devices based on the registration message to complete identity authentication.
Further, the method further comprises:
If the protocol agent module passes the identity authentication of FDWSF equipment, the protocol agent module copies the registration information and reforms the copied registration information, the security capability of FDWSF equipment carried in the registration information is removed, namely, the registration information is converted into GB28181 registration information, the reformed registration information is transmitted to an SIP server of a video monitoring system, the SIP server of the video monitoring system carries out data verification of the registration after receiving the reformed registration information, the current FDWSF equipment is recorded in the video monitoring system to register successfully, the online is prompted, the identity authentication of FDWSF equipment is completed, and the SIP server verifies the data of the registration through the ID of FDWSF equipment in the registration information.
Further, the method further comprises:
If the identity authentication between the protocol agent module and FDWSF equipment does not pass, the protocol agent module does not copy the registration message, replies authentication error information to FDWSF equipment, records the failure of the current FDWSF identity authentication in the monitoring system, and completes the identity authentication of the equipment.
Further, in step 2, the control signaling authentication includes:
And FDWSF after the equipment is successfully registered, sending control signaling with signaling safety to an SIP server of the video monitoring system through the client, such as video browsing, cradle head rotation, equipment parameter setting and the like. The control signaling enables a Date field, and adds Note information in the Date field, wherein the Note information carries a value obtained after hashing a message body.
After receiving the control signaling, the SIP server transmits the control signaling to a protocol agent module, and the protocol agent module checks the hash value in the received control signaling;
If the verification is passed, the protocol agent module copies the control signaling, reforms the copied control signaling, replaces the original hash value in the control signaling with the hash value corresponding to the SIP server, then transmits the reformed control signaling to FDWSF equipment, and FDWSF equipment verifies the hash value in the control signaling to finish the authentication of the control signaling and finish the record of the current operation in a monitoring system;
If the test is not passed, the protocol agent module replies error information to the SIP server to finish the authentication of the control signaling and finish the recording of the current operation in the monitoring system.
The specific steps of hash value verification include:
1) The SIP server sends a control signaling to a protocol agent module (the control signaling is transmitted to the SIP server by a client), a hash value 1 (hereinafter referred to as nonce 1) is carried in a message body of the control signaling, and the nonce1 is specifically produced by hashing a character string formed by [ method+from+to+ callid +date+ vkek1 +message body ] by an SM3 algorithm, and then encoding by Base 64. (vkek, above, periodically updating the generated video key encryption key for the protocol agent module, and notifying the client of a new value after each update);
2) After receiving the control signaling, the protocol agent module extracts key information in the control signaling, including Method, from, to, callid, date, a message body and nonce1, and generates a hash value 2 (nonce 2 hereinafter) by using a hash algorithm, wherein the specific production mode of the nonce2 value is that a hash of an SM3 algorithm is performed on a character string consisting of [ method+from+to+ callid +date+ vkek2 +message body ], and then the character string is generated after Base64 encoding. (vkek is the protocol agent module periodically updates the generated video key encryption key), the protocol agent module compares the values of nonce1 and nonce2, and if the values are equal, the verification is passed.
3) The protocol agent module transforms the control signaling after the control signaling is checked successfully, the transformed control signaling comprises key information including a Method, from1, to1, callid1, date and hash value 3 (hereinafter referred to as nonce 3), the concrete production mode of the nonce3 value is that the character string formed by [ method+from1+to1+ callid1+date+ vkek 2+message body ] is hashed by SM3 algorithm, and then is generated after Base64 encoding, and the transformed control signaling is sent to FDWSF equipment by the protocol agent module.
4) After FDWSF equipment receives the control signaling of the protocol agent module, key information in the control message including Method, from1, to1, callid1, date, message body and nonce3 is extracted, and FDWSF equipment generates a hash value 4 (nonce 4) by using a hash algorithm, wherein the specific production mode of the nonce4 value is that a character string formed by [ method+from1+to1+ callid1+date+ vkek3 +message body ] is hashed by an SM3 algorithm, and then is generated after being encoded by Base 64. (vkek, above, periodically updates the generated video key encryption key for the protocol agent module, and notifies FDWSF the new value after each update). FDWSF the device compares the values of nonce3 and nonce4, and if the values are equal, the check is passed.
It should be noted that, if the user and the device are legally connected to the GB35114 system, the VKEK value and the VKEK value of the server are kept consistent, and the values are synchronously updated, that is, if the values of vkek, vkek2 and vkek3 are equal after the authentication is successful.
As a second aspect of the present invention, an upgrade and reconstruction system of a GB28181 monitoring system based on GB35114 protocol is provided, where the system includes a protocol proxy module, a video monitoring system based on GB28181 protocol and FDWSF device, where the video monitoring system communicates with FDWSF device through the protocol proxy module, and the protocol proxy module is used to provide device identity authentication and control signaling authentication based on digital certificates for communication between the video monitoring system and FDWSF device.
Further, the identity authentication process includes:
A registration message is sent to a protocol agent module through FDWSF equipment, wherein the registration message carries an Authorization header field of a GB35114 protocol, and the security item in the Authorization header field describes the security Capability of FDWSF equipment;
After receiving the registration message of FDWSF devices, the protocol agent module registers FDWSF devices based on the registration message to complete identity authentication.
Further, the identity authentication process further includes:
If the protocol agent module passes the identity authentication of FDWSF equipment, the protocol agent module copies the registration information and reforms the copied registration information, the security capability of FDWSF equipment carried in the registration information is removed, namely, the registration information is converted into GB28181 registration information, the reformed registration information is transmitted to an SIP server of a video monitoring system, the SIP server of the video monitoring system carries out the data verification of the registration after receiving the reformed registration information, and records the successful registration of the current FDWSF equipment in the video monitoring system, prompts the online and completes the identity authentication of the FDWSF equipment;
If the identity authentication between the protocol agent module and FDWSF equipment does not pass, the protocol agent module does not copy the registration message, replies authentication error information to FDWSF equipment, records the failure of the current FDWSF identity authentication in the monitoring system, and completes the identity authentication of the equipment.
Further, the control signaling authentication includes:
And FDWSF after the equipment is successfully registered, sending control signaling with signaling safety to an SIP server of the video monitoring system through the client, such as video browsing, cradle head rotation, equipment parameter setting and the like. The control signaling enables a Date field, and adds Note information in the Date field, wherein the Note information carries a value obtained after hashing a message body.
After receiving the control signaling, the SIP server transmits the control signaling to a protocol agent module, and the protocol agent module checks the hash value in the received control signaling;
If the control signaling passes the verification, the protocol agent module copies the control signaling and reforms the copied control signaling, the original hash value in the control signaling is replaced by the hash value corresponding to the SIP server, then the reformed control signaling is transmitted to FDWSF equipment, FDWSF equipment checks the control signaling, then the authentication of the control signaling is completed, and the record of the current operation is completed in the monitoring system;
If the test is not passed, the protocol agent module replies error information to the SIP server to finish the authentication of the control signaling and finish the recording of the current operation in the monitoring system.
The invention has the following beneficial effects:
The invention provides an upgrade and reconstruction method of a GB28181 monitoring system based on a GB35114 protocol based on the requirements of the GB35114 protocol on the access and use of FDWSF equipment, which can realize the current network video monitoring system reconstruction and FDWSF access under the condition of not changing the original software architecture, and has the advantages of simple and efficient operation, extremely small upgrade range and low cost.
Drawings
FIG. 1 is a schematic deployment diagram of a protocol agent module according to an embodiment of the present invention;
fig. 2 is a schematic diagram of identity authentication of FDWSF devices by using a protocol proxy module according to an embodiment of the present invention;
fig. 3 is a schematic diagram of security authentication of control signaling by a protocol proxy module according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that, in the implementation of the protocol agent module, the protocol agent module is used as a pre-module and deployed between FDWSF and the SIP server, so as to realize the central signaling control function of the legacy system with the security function, and enable the GB35114 device to be accessed and used quickly.
Referring to fig. 1, a schematic deployment diagram of a protocol agent module provided by an embodiment of the present invention is provided, where the protocol agent module is deployed between FDWSF and a SIP server as a front module, so as to implement a central signaling control function of an old system with a security function, and enable quick access and use of GB35114 devices.
Specifically, the protocol agent module is used as a front-end module of the GB28181 video monitoring system and is responsible for connecting the GB28181 system and FDWSF 'bridge', and as shown in the figure, one set of protocol agent module can manage a plurality of SIP servers and a plurality of FDWSF devices, and can decide to specifically deploy a plurality of protocol agent modules according to the traffic of the system in practical application.
Referring to fig. 2, the identity authentication method of the protocol agent module pair FDWSF provided by the embodiment of the present invention includes the following steps:
The FDWSF equipment sends a Register registration message to the protocol agent module, wherein the registration message carries a security capability set of FDWSF equipment, the protocol agent module replies a random number R1 and identity data of the protocol agent module to the equipment after receiving the request, the FDWSF equipment generates a random number R2, the identity data of the R1+R2+ protocol agent module is used for carrying out digital signature according to an SM2 algorithm, signature results S1 and R2 are returned to the protocol agent module, the protocol agent module carries out digital signature production S2 according to the SM2 algorithm on the identity data of the R1+R2+ agent module, and the protocol agent module carries out identity authentication verification by comparing whether the values of S1 and S2 are equal or not;
If the values are equal, the identity authentication is successful, the protocol agent module changes the registration information into GB28181 information and then sends the GB28181 information to the SIP server, the SIP server authenticates FDWSF equipment information in the registration information, the state of the current FDWSF equipment is updated in a database after the authentication is successful, and the online state of FDWSF equipment is notified to a user and a management platform;
if the values are not equal, the identity authentication is represented to fail, the protocol agent module returns an error code to FDWSF equipment, and the identity authentication failure is recorded in a database;
Referring to fig. 3, a method for performing security authentication on control signaling by using a protocol agent module according to an embodiment of the present invention includes the following steps:
after receiving the equipment control signaling of the client, the SIP server transmits the control signaling to the protocol agent module;
After receiving the control signaling, the protocol agent module extracts the hash value n1 in the control message and checks the hash value, namely, the protocol agent module generates a hash value n2 after performing Base64 coding through SM3 according to the message header, the message body and the protocol agent module vkek, and if the values of n1 and n2 are equal, authentication is successful;
After successful authentication, the protocol agent module reforms the control signaling, modifies the from field, the to field and the hash value n1 to n3, wherein the n3 value is generated after the reformed message header, the message body and the protocol agent module vkek are subjected to Base64 coding through SM 3;
After FDWSF equipment receives the message, base64 encoding is carried out through SM3 according to the message header, the message body and vkek of FDWSF to generate n4, and FDWSF equipment compares whether the values of n3 and n4 are equal or not to carry out authentication of control signaling;
If the values of n3 and n4 are equal, the control signaling authentication is successful, FDWSF returns an authentication result 200ok which is successful in authentication and carries a hash value n5, the protocol proxy module receives the hash value n6 generated by 200ok according to the message header+message body+protocol proxy module vkek of 200ok, compares the values of n5 and n6, and reforms the 200ok message, namely modifies the from field, the to field and the hash value n5 into n7 if the values are equal, wherein the message header+message body+proxy module vkek after the n7 is reformed is generated after Base64 coding by SM 3;
If the values of n3 and n4 are not equal, the control signaling authentication fails, FDWSF equipment returns authentication failure information to the protocol proxy module, the protocol proxy module replies the SIP server that the control signaling operation fails, and the protocol proxy module records the control signaling authentication failure in a database.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (5)

1.一种基于GB35114协议的GB28181监控系统的升级改造方法,其特征在于,所述方法包括:1. A method for upgrading and reconstructing a GB28181 monitoring system based on the GB35114 protocol, characterized in that the method comprises: 步骤1,在基于GB28181协议的视频监控系统与FDWSF设备之间增加协议代理模块;Step 1, add a protocol proxy module between the video surveillance system based on GB28181 protocol and the FDWSF device; 步骤2,通过协议代理模块为视频监控系统与FDWSF设备之间的通信提供基于数字证书的设备身份认证和控制信令认证;Step 2: Provide digital certificate-based device identity authentication and control signaling authentication for the communication between the video surveillance system and the FDWSF device through the protocol proxy module; 其中,步骤2中,身份认证过程包括:Among them, in step 2, the identity authentication process includes: 通过FDWSF设备向协议代理模块发送注册消息,所述注册消息携带GB35114协议的Authorization头字段,所述Authorization头字段中的Capability项描述有FDWSF设备的安全能力;Send a registration message to the protocol proxy module through the FDWSF device, the registration message carries the Authorization header field of the GB35114 protocol, and the Capability item in the Authorization header field describes the security capability of the FDWSF device; 协议代理模块收到FDWSF设备的注册消息后,基于所述注册消息对FDWSF设备进行注册,完成身份认证;After receiving the registration message of the FDWSF device, the protocol proxy module registers the FDWSF device based on the registration message and completes the identity authentication; 其中,所述方法还包括:Wherein, the method further comprises: 如果协议代理模块与FDWSF设备的身份认证通过,协议代理模块拷贝所述注册消息,并对拷贝的注册消息进行改造,将注册消息中携带的FDWSF设备的安全能力去除,即把该注册消息转换成的GB28181注册消息,将改造后生成好的注册消息传递给视频监控系统的SIP服务器,视频监控系统的SIP服务器收到改造后的注册消息后进行该次注册的数据校验,并在视频监控系统中记录当前FDWSF设备注册成功,提示上线并完成本次FDWSF设备的身份认证。If the identity authentication between the protocol proxy module and the FDWSF device is passed, the protocol proxy module copies the registration message and modifies the copied registration message to remove the security capability of the FDWSF device carried in the registration message, that is, converts the registration message into a GB28181 registration message, and transmits the generated registration message after modification to the SIP server of the video surveillance system. After receiving the modified registration message, the SIP server of the video surveillance system performs data verification on the registration, and records the successful registration of the current FDWSF device in the video surveillance system, prompting the user to go online and complete the identity authentication of the FDWSF device. 2.根据权利要求1所述的基于GB35114协议的GB28181监控系统的升级改造方法,其特征在于,所述方法还包括:2. The upgrading and transformation method of the GB28181 monitoring system based on the GB35114 protocol according to claim 1, characterized in that the method further comprises: 如果协议代理模块与FDWSF设备的身份认证不通过,则协议代理模块不拷贝所述注册消息,给FDWSF设备回复认证错误信息,并在监控系统中记录当前FDWSF身份认证失败,完成本次设备的身份认证。If the identity authentication between the protocol proxy module and the FDWSF device fails, the protocol proxy module does not copy the registration message, replies with an authentication error message to the FDWSF device, and records the current FDWSF identity authentication failure in the monitoring system to complete the identity authentication of this device. 3.根据权利要求2所述的基于GB35114协议的GB28181监控系统的升级改造方法,其特征在于,步骤2中,控制信令认证包括:3. The upgrading and transformation method of the GB28181 monitoring system based on the GB35114 protocol according to claim 2 is characterized in that, in step 2, the control signaling authentication includes: FDWSF设备注册成功后,通过客户端发送带有信令安全的控制信令给视频监控系统的SIP服务器,所述控制信令启用Date字段,在Date字段中增加Note信息,所述Note信息携带对消息体进行杂凑之后的值;After the FDWSF device is successfully registered, a control signaling with signaling security is sent to the SIP server of the video surveillance system through the client. The control signaling enables the Date field and adds Note information to the Date field. The Note information carries the value after the message body is hashed. SIP服务器收到所述控制信令后,将所述控制信令透传发给协议代理模块,协议代理模块对收到的控制信令中的杂凑值进行校验;After receiving the control signaling, the SIP server transparently transmits the control signaling to the protocol proxy module, and the protocol proxy module verifies the hash value in the received control signaling; 如果检验通过,协议代理模块拷贝所述控制信令,并对拷贝的控制信令进行改造,将控制信令中原有的杂凑值替换成SIP服务器对应的杂凑值,然后将改造后的控制信令传给FDWSF设备,FDWSF设备对所述控制信令进行校验后,完成本次控制信令的认证;If the check passes, the protocol proxy module copies the control signaling, and transforms the copied control signaling, replaces the original hash value in the control signaling with the hash value corresponding to the SIP server, and then transmits the transformed control signaling to the FDWSF device. After the FDWSF device verifies the control signaling, the authentication of this control signaling is completed; 如果检验不通过,协议代理模块回复错误信息给SIP服务器,完成本次控制信令的认证。If the verification fails, the protocol proxy module replies with an error message to the SIP server to complete the authentication of this control signaling. 4.一种基于GB35114协议的GB28181监控系统的升级改造系统,其特征在于,所述系统包括协议代理模块以及基于GB28181协议的视频监控系统和FDWSF设备,所述视频监控系统与FDWSF设备通过所述协议代理模块进行通信,所述协议代理模块用于为视频监控系统与FDWSF设备之间的通信提供基于数字证书的设备身份认证和控制信令认证;4. An upgrading and transformation system of a GB28181 monitoring system based on the GB35114 protocol, characterized in that the system comprises a protocol proxy module and a video monitoring system and a FDWSF device based on the GB28181 protocol, wherein the video monitoring system and the FDWSF device communicate through the protocol proxy module, and the protocol proxy module is used to provide device identity authentication and control signaling authentication based on digital certificates for the communication between the video monitoring system and the FDWSF device; 其中,身份认证过程包括:The identity authentication process includes: 通过FDWSF设备向协议代理模块发送注册消息,所述注册消息携带GB35114协议的Authorization头字段,所述Authorization头字段中的Capability项描述有FDWSF设备的安全能力;Send a registration message to the protocol proxy module through the FDWSF device, the registration message carries the Authorization header field of the GB35114 protocol, and the Capability item in the Authorization header field describes the security capability of the FDWSF device; 协议代理模块收到FDWSF设备的注册消息后,基于所述注册消息对FDWSF设备进行注册,完成身份认证;After receiving the registration message of the FDWSF device, the protocol proxy module registers the FDWSF device based on the registration message and completes the identity authentication; 其中,身份认证过程还包括:The identity authentication process also includes: 如果协议代理模块与FDWSF设备的身份认证通过,协议代理模块拷贝所述注册消息,并对拷贝的注册消息进行改造,将注册消息中携带的FDWSF设备的安全能力去除,即把该注册消息转换成的GB28181注册消息,将改造后生成好的注册消息传递给视频监控系统的SIP服务器,视频监控系统的SIP服务器收到改造后的注册消息后进行该次注册的数据校验,并在视频监控系统中记录当前FDWSF设备注册成功,提示上线并完成本次FDWSF设备的身份认证;If the identity authentication between the protocol proxy module and the FDWSF device is successful, the protocol proxy module copies the registration message, and modifies the copied registration message, removes the security capability of the FDWSF device carried in the registration message, that is, converts the registration message into a GB28181 registration message, and transmits the registration message generated after the modification to the SIP server of the video surveillance system. After receiving the modified registration message, the SIP server of the video surveillance system performs data verification of the registration, and records the successful registration of the current FDWSF device in the video surveillance system, prompts the user to go online, and completes the identity authentication of the FDWSF device. 如果协议代理模块与FDWSF设备的身份认证不通过,则协议代理模块不拷贝所述注册消息,给FDWSF设备回复认证错误信息,并在监控系统中记录当前FDWSF身份认证失败,完成本次设备的身份认证。If the identity authentication between the protocol proxy module and the FDWSF device fails, the protocol proxy module does not copy the registration message, replies with an authentication error message to the FDWSF device, and records the current FDWSF identity authentication failure in the monitoring system to complete the identity authentication of this device. 5.根据权利要求4所述的基于GB35114协议的GB28181监控系统的升级改造系统,其特征在于,控制信令认证包括:5. According to the upgrading and transformation system of the GB28181 monitoring system based on the GB35114 protocol of claim 4, it is characterized in that the control signaling authentication includes: FDWSF设备注册成功后,通过客户端发送带有信令安全的控制信令给视频监控系统的SIP服务器,所述控制信令启用Date字段,在Date字段中增加Note信息,所述Note信息携带对消息体进行杂凑之后的值;After the FDWSF device is successfully registered, a control signaling with signaling security is sent to the SIP server of the video surveillance system through the client. The control signaling enables the Date field and adds Note information to the Date field. The Note information carries the value after the message body is hashed. SIP服务器收到所述控制信令后,将所述控制信令透传发给协议代理模块,协议代理模块对收到的控制信令中的杂凑值进行校验;After receiving the control signaling, the SIP server transparently transmits the control signaling to the protocol proxy module, and the protocol proxy module verifies the hash value in the received control signaling; 如果检验通过,协议代理模块拷贝所述控制信令,并对拷贝的控制信令进行改造,将控制信令中原有的杂凑值替换成SIP服务器对应的杂凑值,然后将改造后的控制信令传给FDWSF设备,FDWSF设备对所述控制信令进行校验后,完成本次控制信令的认证;If the check passes, the protocol proxy module copies the control signaling, and transforms the copied control signaling, replaces the original hash value in the control signaling with the hash value corresponding to the SIP server, and then transmits the transformed control signaling to the FDWSF device. After the FDWSF device verifies the control signaling, the authentication of this control signaling is completed; 如果检验不通过,协议代理模块回复错误信息给SIP服务器,完成本次控制信令的认证。If the verification fails, the protocol proxy module replies with an error message to the SIP server to complete the authentication of this control signaling.
CN202111554560.8A 2021-12-17 2021-12-17 A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol Active CN114286051B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111554560.8A CN114286051B (en) 2021-12-17 2021-12-17 A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111554560.8A CN114286051B (en) 2021-12-17 2021-12-17 A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol

Publications (2)

Publication Number Publication Date
CN114286051A CN114286051A (en) 2022-04-05
CN114286051B true CN114286051B (en) 2025-06-06

Family

ID=80872920

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111554560.8A Active CN114286051B (en) 2021-12-17 2021-12-17 A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol

Country Status (1)

Country Link
CN (1) CN114286051B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118659919B (en) * 2024-08-13 2024-12-03 山东中网云安智能科技有限公司 Data exchange system based on GB35114 standard on gateway equipment
CN121012962A (en) * 2025-10-24 2025-11-25 天翼视联科技股份有限公司 Security signaling integration methods, systems, electronic devices and storage media

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274578A (en) * 2018-11-20 2020-06-12 慧盾信息安全科技(苏州)股份有限公司 Data safety protection system and method for video monitoring system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7185364B2 (en) * 2001-03-21 2007-02-27 Oracle International Corporation Access system interface
US7421732B2 (en) * 2003-05-05 2008-09-02 Nokia Corporation System, apparatus, and method for providing generic internet protocol authentication
CN107343179B (en) * 2017-08-14 2019-11-29 华北电力大学 A kind of encryption of video information and video terminal safety certifying method
CN109842559B (en) * 2018-12-28 2021-04-09 中兴通讯股份有限公司 Network communication method and system
CN110312147B (en) * 2019-06-12 2021-11-30 高新兴科技集团股份有限公司 Method, system and storage medium for service data transmission

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274578A (en) * 2018-11-20 2020-06-12 慧盾信息安全科技(苏州)股份有限公司 Data safety protection system and method for video monitoring system

Also Published As

Publication number Publication date
CN114286051A (en) 2022-04-05

Similar Documents

Publication Publication Date Title
JP4673364B2 (en) Method for verifying first ID and second ID of entity
CN114286051B (en) A method and system for upgrading and transforming a GB28181 monitoring system based on the GB35114 protocol
CN113966625A (en) Techniques for certificate handling in a core network domain
CN112468571B (en) Intranet and extranet data synchronization method and device, electronic equipment and storage medium
JP2004206695A (en) Method and architecture to provide client session failover
US12483410B2 (en) Token node locking with fingerprints authenticated by digital certificates
WO2014173053A1 (en) Oma dm based terminal authentication method, terminal and server
CN115134154B (en) Authentication method, authentication device, method and system for remotely controlling vehicle
CN109412792A (en) Generation, authentication method, communication equipment and the storage medium of digital certificate
CN104767766B (en) Web Service interface verification method, Web Service server and client
CN116249113A (en) Verification authorization method and device for virtual image of meta-universe, electronic equipment and storage medium
CN105391705A (en) Method of carrying out authentication on application service and device
CN110933112A (en) A network access authentication method, device and storage medium
CN110213232B (en) fingerprint feature and key double verification method and device
CN115152258B (en) Method and apparatus for transmitting security information in a content distribution network
CN115334505A (en) 5G+Beidou-oriented multi-mode intelligent terminal secure communication method and system
CN111723347A (en) Identity authentication method, device, electronic device and storage medium
CN113766031B (en) Method and device for storing note resources and related equipment
CN117768144A (en) Service authentication method, device and distributed micro-service architecture
CN115801319A (en) Cluster authority authentication method, client, server and storage medium
CN116567024A (en) Method and device for confirming rights of highly sensitive personal Internet of Things data based on blockchain and NFT
CN115665451A (en) A video stream processing method, server and system
CN114944928A (en) Authentication method and system for algorithm model in edge computing device
CN118245093B (en) Method, device, computer equipment and storage medium for updating authorized client application
CN114244541B (en) Certificate transfer system and certificate transfer method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant