CN114173332A - Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot - Google Patents
Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot Download PDFInfo
- Publication number
- CN114173332A CN114173332A CN202210120905.7A CN202210120905A CN114173332A CN 114173332 A CN114173332 A CN 114173332A CN 202210120905 A CN202210120905 A CN 202210120905A CN 114173332 A CN114173332 A CN 114173332A
- Authority
- CN
- China
- Prior art keywords
- encrypted data
- key
- data
- mark information
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007689 inspection Methods 0.000 title claims abstract description 91
- 238000000034 method Methods 0.000 title claims abstract description 84
- 230000005540 biological transmission Effects 0.000 title claims abstract description 66
- 230000008569 process Effects 0.000 claims abstract description 35
- 238000012216 screening Methods 0.000 claims description 37
- 238000004422 calculation algorithm Methods 0.000 claims description 33
- 230000007774 longterm Effects 0.000 claims description 31
- 239000000463 material Substances 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 abstract description 19
- 238000007726 management method Methods 0.000 abstract description 15
- 238000012544 monitoring process Methods 0.000 abstract description 8
- 230000002159 abnormal effect Effects 0.000 abstract description 2
- 238000012795 verification Methods 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 description 8
- 230000009466 transformation Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000006243 chemical reaction Methods 0.000 description 6
- 238000001514 detection method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 239000003999 initiator Substances 0.000 description 5
- 230000004044 response Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Manipulator (AREA)
Abstract
The invention provides a data encryption transmission method and device suitable for a 5G intelligent power grid inspection robot. The 5G intelligent power grid inspection robot can monitor the environment where the robot is located to obtain corresponding video data. In the process of encrypting video data, the encrypted data key is stored by the router key management method of keyable and ikev2, and the routing message is effectively prevented from being forged/tampered by an attacker due to the routing key management mechanism and the routing message verification. The collected real-time monitoring data can be protected from being transmitted to the monitoring background in real time, and the confidentiality of the video data is guaranteed. In addition, in the transmission process of the video data, different transmission modes can be adopted according to different video data, so that an administrator can monitor the abnormal video data in an important mode.
Description
Technical Field
The invention relates to the technical field of data encryption, in particular to a data encryption transmission method and device suitable for a 5G intelligent power grid inspection robot.
Background
With the application of 5G in the smart grid, the smart grid inspection robot is greatly improved. The current inspection robot for the requirements of comprehensive monitoring of the state of primary electric power equipment in a transformer substation range of 110kV and above, security inspection and the like mainly uses WIFI access, most of the inspected video information is kept in the local station, and the inspected video information cannot be transmitted back to a remote monitoring center in real time. With the development and application of the 5G in the intelligent power grid, based on the characteristics of large bandwidth and low time delay of the 5G, the intelligent power grid substation inspection robot can transmit monitoring data back to the remote monitoring center in real time. However, the current inspection robot cannot effectively encrypt data during data transmission, and cannot adopt different transmission modes according to data types.
Disclosure of Invention
The embodiment of the invention provides a data encryption transmission method and device suitable for a 5G intelligent power grid inspection robot, which can encrypt video data collected by the 5G intelligent power grid inspection robot and adopt different transmission and display modes according to different video data, so that the encrypted video data can be displayed as required.
In a first aspect of the embodiments of the present invention, a data encryption transmission method suitable for a 5G smart grid inspection robot is provided, including:
the 5G intelligent power grid inspection robots respectively identify and process video data acquired in the inspection process to obtain respective identification results;
if the identification result is that no preset target exists in the video data, encrypting the video data to obtain first encrypted data, adding first mark information to the first encrypted data, and sending the first encrypted data added with the first mark information to a server;
if the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to a server;
the server transmits the first encrypted data to a first database for storage according to the first mark information;
the server side judges the quantity of second encrypted data with second mark information at the current moment, and if the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, all the second encrypted data with the second mark information are transmitted to a display side to be displayed; and if the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, screening all the second encrypted data with the second mark information to obtain the second encrypted data with the second mark information, which has the same quantity as the first preset value, after screening, and transmitting the screened second encrypted data to a display end for display.
Optionally, in a possible implementation manner of the first aspect, the video data is processed by:
acquiring a key table at the current moment, and expanding the key table to obtain an expanded AlgID field, a KDF field and a key field;
a cryptographic algorithm used in a routing protocol SA and used for protecting the integrity of routing messages is stored in the AlgID field;
the KDF field stores an algorithm for generating a short-term key of a routing protocol according to a long-term key, and is used for enabling a key table to generate the short-term key from the long-term key of public key cryptography based on an ikev2 protocol;
the key field is used for storing a long-term key, if the key stored in the key field is judged to be a public key, the public key is allowed to be transmitted in the transmission process of the first encrypted data and/or the second encrypted data, and if the key stored in the key field is judged to be a private key, the private key is not transmitted in the transmission process of the first encrypted data and/or the second encrypted data;
and encrypting the first encrypted data and/or the second encrypted data based on the key table.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
if the long-term secret key configured in the secret key table is a public-private key mode in public key cryptography, namely the key field in the secret key table is a private key, and the key _ para is a public key and a corresponding cipher material, encryption transmission is carried out based on different gateways of the public key and the private key in the data transmission process;
if the long-term key configured in the key table is a shared key of symmetric cryptography, that is, the key field in the key table is the shared key, and the key _ para is empty, then encrypted transmission is performed based on different gateways of the shared key in the data transmission process.
Optionally, in a possible implementation manner of the first aspect, the identifying the video data acquired in the polling process by the multiple 5G smart grid polling robots to obtain respective identifying results includes:
at least one preset target is arranged in each 5G intelligent power grid inspection robot in advance;
if the preset target exists in the video data, the obtained identification result has the corresponding preset target;
and if the preset target does not exist in the video data, the obtained identification result does not have the corresponding preset target.
Optionally, in a possible implementation manner of the first aspect, if it is determined that the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second tag information to the second encrypted data, and sending the second encrypted data to which the second tag information is added to the server includes:
if the identification result is that the preset targets exist in the video data, acquiring the number of the preset targets, and generating second mark information based on the number of the preset targets and the ID of the 5G intelligent power grid inspection robot;
and adding second mark information to the second encrypted data, wherein the second mark information comprises the number of preset targets and the ID of the 5G intelligent power grid inspection robot, and sending the second encrypted data added with the second mark information to a server.
Optionally, in a possible implementation manner of the first aspect, if the server determines that the number of the second encrypted data with the second flag information at the current time is greater than a first preset value, the server filters all the second encrypted data with the second flag information to obtain second encrypted data with the second flag information, the number of the second encrypted data after filtering being the same as the first preset value, and the transmitting the second encrypted data after filtering to the display end for display includes:
the server side judges that the quantity of second encrypted data with second mark information at the current moment is larger than a first preset value, and obtains the quantity of preset targets in each second mark information;
extracting a target weight corresponding to the ID of each intelligent power grid inspection robot in a preset weight table, acquiring the target weight corresponding to each second mark information, obtaining the screening value of each second mark information through the following formula,
wherein,is as followsiA screening value corresponding to the second flag information,is as followsiThe number of preset targets in the second flag information,is as followsiThe target weight of the second label information,is as followsThe number of preset targets in the second flag information,is as followsA target weight of the second label information;
sorting all the screening values corresponding to the second mark information in a descending order to obtain a sorting result, screening the sorting result from front to back, screening second encrypted data with the same quantity as the first preset value in the sorting result, and transmitting the screened second encrypted data to a display terminal for displaying.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
the server acquires behavior data of an administrator, wherein the behavior data is any second encrypted data which is not screened and selected by the administrator and is displayed through the display end;
acquiring second encrypted data which are not screened in the behavior data, extracting second mark information corresponding to the second encrypted data, and acquiring target weight of the second mark information at the current moment;
the target weight at the current moment is adjusted through the following formula to obtain the adjusted target weight,
wherein,in order to achieve the adjusted target weight,the weight of the target at the current time instant,in order to be at the first preset value,is the first one screenedThe target weight of the second label information,is a preset adjustment coefficient.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
receiving selected data, and acquiring an ID (identity) corresponding to the 5G intelligent power grid inspection robot in the selected data, wherein the first mark information comprises the ID corresponding to the 5G intelligent power grid inspection robot;
and selecting first encrypted data in the first database based on the ID in the selected data, and displaying the first encrypted data through the display terminal.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
if the quantity of the second encrypted data with the second mark information at the current moment is smaller than a first preset value, obtaining a target weight corresponding to the ID of each intelligent power grid inspection robot in the weight table;
acquiring the quantity of all second encrypted data with second mark information at the current moment to obtain a first quantity value;
obtaining a second numerical value based on the first preset value and the first numerical value;
and selecting a target weight corresponding to the second numerical value in the weight table, and extracting first encrypted data corresponding to the target weight to display through a display end.
In a second aspect of the embodiments of the present invention, a data encryption transmission device suitable for a 5G smart grid inspection robot is provided, including:
the identification module is used for enabling the plurality of 5G intelligent power grid inspection robots to respectively identify and process the video data acquired in the inspection process to obtain respective identification results;
the first marking module is used for encrypting the video data to obtain first encrypted data if the identification result is that the preset target does not exist in the video data, adding first marking information to the first encrypted data, and sending the first encrypted data added with the first marking information to a server;
the second marking module is used for encrypting the video data to obtain second encrypted data if the identification result is that a preset target exists in the video data, adding second marking information to the second encrypted data, and sending the second encrypted data added with the second marking information to the server;
the first transmission module is used for enabling the server to transmit the first encrypted data to a first database for storage according to the first mark information;
the quantity judgment module is used for enabling the server to judge that the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, and transmitting all the second encrypted data with the second mark information to the display end for displaying;
and the second transmission module is used for enabling the server to screen all the second encrypted data with the second mark information when the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, obtaining the second encrypted data with the second mark information, which is the same as the first preset value in quantity after screening, and transmitting the screened second encrypted data to the display end for displaying.
In a second aspect of the embodiments of the present invention, a data encryption transmission device suitable for a 5G smart grid inspection robot is provided, including:
the identification module is used for enabling the plurality of 5G intelligent power grid inspection robots to respectively identify and process the video data acquired in the inspection process to obtain respective identification results;
the first marking module is used for encrypting the video data to obtain first encrypted data if the identification result is that the preset target does not exist in the video data, adding first marking information to the first encrypted data, and sending the first encrypted data added with the first marking information to a server;
the second marking module is used for encrypting the video data to obtain second encrypted data if the identification result is that a preset target exists in the video data, adding second marking information to the second encrypted data, and sending the second encrypted data added with the second marking information to the server;
the first transmission module is used for enabling the server to transmit the first encrypted data to a first database for storage according to the first mark information;
the quantity judgment module is used for enabling the server to judge that the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, and transmitting all the second encrypted data with the second mark information to the display end for displaying;
and the second transmission module is used for enabling the server to screen all the second encrypted data with the second mark information when the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, obtaining the second encrypted data with the second mark information, which is the same as the first preset value in quantity after screening, and transmitting the screened second encrypted data to the display end for displaying.
In a third aspect of the embodiments of the present invention, a readable storage medium is provided, in which a computer program is stored, which, when being executed by a processor, is adapted to carry out the method according to the first aspect of the present invention and various possible designs of the first aspect of the present invention.
The data encryption transmission method and device suitable for the 5G intelligent power grid inspection robot provided by the invention can encrypt video data collected by the 5G intelligent power grid inspection robot. And carry out the discernment analysis to video data, adopt different mark mode according to the difference of video data for the video data of transmission is encrypted after being transmitted to the service end, and video data storage or show according to the different mark of video data, make a plurality of 5G smart power grids patrol and examine the robot and can adopt different processing methods according to the difference of video data when gathering video data simultaneously, easily make the administrator monitor and manage the video data that a plurality of 5G smart power grids patrol and examine the robot and gather. In the process of transmitting the video data, the invention adopts different transmission modes according to the difference of the video data, so that an administrator can monitor the abnormal video data in a key way.
According to the technical scheme provided by the invention, in the process of encrypting and transmitting the video data through the key table, the key table is expanded to obtain the expanded AlgID field, KDF field and key field, and the AlgID field, KDF field and key field are modified to allow a public key cryptographic algorithm to be used in the data transmission process to protect the routing information of the 5G gateway used by the method provided by the invention, so that the information uploaded by the inspection robot is ensured to be correctly transmitted to the monitoring terminal.
According to the technical scheme provided by the invention, when the second encrypted data corresponding to the second marking information is larger than the first preset value, the screening value of each second marking information can be obtained according to the number of preset targets in each video data and the target weight preset by an administrator. And determining the video data displayed on the display terminal according to the screening value of each piece of second mark information, so that the video data displayed on the display terminal are relatively important and possibly dangerous video data, and further assisting an administrator to quickly determine a hazard occurrence place. When the second encrypted data corresponding to the second mark information is smaller than the first preset value, the first encrypted data with the second numerical value is screened from the plurality of first encrypted data according to the target weight of the first encrypted data and displayed. Through the mode, the display end can display the video data with the first preset value number simultaneously in various scenes, and an administrator can view the video data simultaneously.
Drawings
Fig. 1 is a schematic diagram of one application scenario of a data encryption transmission method suitable for a 5G smart grid inspection robot;
FIG. 2 is a distribution schematic diagram of a 5G smart grid inspection robot;
fig. 3 is a flowchart of a first embodiment of a data encryption transmission method suitable for a 5G smart grid inspection robot;
FIG. 4 is a diagram illustrating negotiation time of RIPv2 protocol and OSPFv2 protocol;
FIG. 5 is a schematic diagram of a routing protocol SA negotiation mechanism based on public key cryptography;
FIG. 6 is a diagram illustrating a routing protocol SA negotiation mechanism based on symmetric cryptography;
fig. 7 is a structural diagram of a first embodiment of a data encryption transmission device suitable for a 5G smart grid inspection robot.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.
It should be understood that in the present invention, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, and B can be determined from a. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
As shown in fig. 1, the schematic diagram of one application scenario of the data encryption transmission method applicable to the 5G smart grid inspection robot of the present invention includes the 5G smart grid inspection robot, and the 5G smart grid inspection robot may be provided with any one or more of a lighting device, an infrared camera, and a visible light camera. The 5G smart power grid inspection robot can illuminate the area where the robot is located through the illuminating device, the 5G smart power grid inspection robot can acquire images of the environment through the infrared camera and the visible light camera to obtain infrared images and visible light images, and video data are further formed based on the infrared images and the visible light images of a plurality of moments and a plurality of frames. The number of the 5G intelligent power grid inspection robots can be multiple, and the robots are respectively arranged in different areas, as shown in fig. 2.
The 5G intelligent power grid inspection robot can be connected with the 5G gateway in a wired or wireless mode, and the 5G gateway can be a router and other equipment with a data transmission function. The 5G gateway can be connected with the 5G base station, the 5G base station is connected with a target server, the server is connected with a display end, and a monitoring background is formed by at least one display end. The form of the display end is not limited in the invention, the display end can be a large screen, for example, the large screen is divided into nine-grid and four-grid forms, and the like, and the video data collected by the 5G intelligent power grid inspection robot at different positions and with different IDs can be displayed through different grids.
The invention provides a data encryption transmission method suitable for a 5G intelligent power grid inspection robot, which comprises the following steps of:
and S110, respectively identifying the video data acquired in the inspection process by the plurality of 5G intelligent power grid inspection robots to obtain respective identification results. The 5G intelligent power grid inspection robot can acquire images through the infrared camera and the visible light camera to obtain video data in the inspection process. And actively recognizing the video data to obtain a corresponding recognition result.
In the technical solution provided by the present invention, step S110 specifically includes:
at least one preset target is arranged in each 5G intelligent power grid inspection robot in advance. The preset target may be a human body, may be a flame temperature, or the like. By taking video data generated by an infrared image collected by an infrared camera of a 5G intelligent power grid inspection robot as an example, when a pixel point in the video data is identified to reach a preset pixel value interval through an image identification technology, the corresponding pixel point or a pixel area is judged to be flame, a preset target is considered to be in the video data at the moment, and the preset target is flame at the moment. By taking video data generated by visible light images collected by a visible light camera of the 5G intelligent power grid inspection robot as an example, when the image recognition technology is used for recognizing that pixel points in the video data have human-shaped images, the video data at the moment are considered to have preset targets, and the preset targets at the moment are human bodies. The method for recognizing the preset target of the infrared image and the visible light image belongs to the field of machine vision, can be the prior art, and is not repeated.
And if the preset target exists in the video data, the obtained identification result has the corresponding preset target. When the preset target exists in the video data, it is proved that an accident situation may occur at this time, the preset target exists in the recognition result, and the preset target can reflect the possible accident situation. For example, if there are two human bodies in the video data, the preset target at this time is a human body, and the number of the preset targets is 2. Namely, the corresponding preset target in the recognition result at this time is a human body, and the number of the human bodies is 2.
And if the preset target does not exist in the video data, the obtained identification result does not have the corresponding preset target. When the preset target does not exist in the video data, it is proved that no accident happens at the moment, and the recognition result does not have the preset target at the moment.
Step S120, if the identification result is that the preset target does not exist in the video data, encrypting the video data to obtain first encrypted data, adding first mark information to the first encrypted data, and sending the first encrypted data added with the first mark information to a server. After the video data is obtained, the video data is firstly encrypted, so that the video data is prevented from being leaked in the transmission process and being obtained by a malicious terminal. The method and the device can mark the video data, namely, different mark information is added according to whether the preset target exists in the video data, and when the identification result is that the preset target does not exist in the video data, the first mark information is added to the first encrypted data.
When the preset target does not exist in the video data, it is proved that no accident situation occurs in the environment corresponding to the video data at the current moment, at this time, first mark information is added to the first encrypted data, and the mark purpose of the first mark information is to add a label without the accident situation to the first encrypted data.
Step S130, if the identification result is that the preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to the server. After the video data is obtained, the video data is firstly encrypted, so that the video data is prevented from being leaked in the transmission process and being obtained by a malicious terminal. The method and the device can mark the video data, namely, different mark information is added according to whether the preset target exists in the video data, and when the identification result is that the preset target exists in the video data, second mark information is added to the second encrypted data.
When the preset target does not exist in the video data, it is proved that no accident situation occurs in the environment corresponding to the video data at the current moment, at this time, first mark information is added to the first encrypted data, and the mark purpose of the first mark information is to add a label without the accident situation to the first encrypted data.
In the technical solution provided by the present invention, step S130 specifically includes:
and if the identification result is that the preset targets exist in the video data, acquiring the number of the preset targets, and generating second mark information based on the number of the preset targets and the ID of the 5G intelligent power grid inspection robot. When the preset targets exist in the video data, the number of the preset targets needs to be obtained at the moment, and corresponding second mark information is obtained according to the number of the preset targets and the ID of the 5G intelligent power grid inspection robot.
And adding second mark information to the second encrypted data, wherein the second mark information comprises the number of preset targets and the ID of the 5G intelligent power grid inspection robot, and sending the second encrypted data added with the second mark information to a server. The present invention adds second tag information to the second encrypted data.
Step S140, the server transmits the first encrypted data to a first database for storage according to the first flag information. The server side can adopt different transmission modes for different first encrypted data and second encrypted data according to different marking information, when the video data are judged to be marked by the first marking information, the corresponding first encrypted data are directly transmitted to the first database for storage, and the first encrypted data are directly stored through the first database.
Step S150, the server determines that the number of the second encrypted data with the second mark information at the current time is less than or equal to the first preset value, and transmits all the second encrypted data with the second mark information to the display terminal for display. The first preset value in the present invention may be related to the number of the display end and the large screen, for example, if one display end and the large screen are divided into nine display forms, the first preset value at this time is 9, and one display form may be regarded as one split screen. For example, if a display end and a large screen are divided into 4 display forms, the first preset value at this time is 4. It can be understood that the display end and the large screen are divided into a plurality of grids, and at the moment, the administrator can check video data collected by the 5G intelligent power grid inspection robot in a corresponding quantity.
If the quantity of the second encrypted data with the second mark information at the current moment is smaller than or equal to a first preset value, the fact that all the second encrypted data can be displayed by the split screen of the current display end and the large screen is proved, and then the display end displays all the second encrypted data at the moment.
Step S160, if the server determines that the amount of the second encrypted data with the second flag information at the current time is greater than the first preset value, all the second encrypted data with the second flag information are screened to obtain the second encrypted data with the second flag information, which is the same as the first preset value in amount after screening, and the screened second encrypted data are transmitted to the display terminal for display. When the quantity of the second encrypted data with the second mark information is larger than the first preset value, the fact that all the second encrypted data cannot be displayed by split screens of the current display end and the large screen is proved, so that the method can screen all the second encrypted data with the second mark information, and the screened second encrypted data with the second mark information, which is the same as the first preset value in quantity, is displayed. Therefore, when the second encrypted data is more, the video data can be correspondingly displayed.
In the technical solution provided by the present invention, step S160 specifically includes:
the server side judges that the quantity of the second encrypted data with the second mark information at the current moment is larger than the first preset value, and obtains the quantity of preset targets in each second mark information. When the number of the second encrypted data with the second mark information is larger than the first preset value, the number of the preset targets in each second mark information is counted, and the higher the number of the preset targets is, the higher the possibility that an accident situation exists in the corresponding video data is proved to be.
Extracting a target weight corresponding to the ID of each intelligent power grid inspection robot in a preset weight table, acquiring the target weight corresponding to each second mark information, obtaining the screening value of each second mark information through the following formula,
wherein,is as followsiThe second flag information corresponds to the screening value,is as followsiThe number of preset targets of the second flag information,is as followsiThe target weight of the second label information,is as followsThe number of preset targets of the second flag information,is as followsA target weight of the second label information.
According to the screening value of each second mark information, the number and the target weight of the preset targets of each second mark information are compared with the sum of the number and the target weight of all the preset targets of the second mark information, and if the number and the target weight of the preset targets of the second mark information are more and higher, the screening value corresponding to the corresponding second mark information is higher.
Through the technical scheme, the number of the preset targets in each video data and the target weight can be comprehensively considered to obtain the corresponding screening value, so that the probability of accidents, the importance degree of the corresponding position and the like are comprehensively considered in the generation of the screening value, and the video data displayed through the display end and the large screen are videos which are suitable for being displayed.
Sorting all the screening values corresponding to the second mark information in a descending order to obtain a sorting result, screening the sorting result from front to back, screening second encrypted data with the same quantity as the first preset value in the sorting result, and transmitting the screened second encrypted data to a display terminal for displaying. The invention performs descending sorting on all the screening values corresponding to the second marking information, for example, the screening values are 1, 2 and 5 respectively, and then the sorting result of the descending sorting is 5-2-1. If the first preset value is 2, the second encrypted data with the same quantity as the first preset value at this time are the second encrypted data respectively corresponding to the screening values 5 and 2.
The technical scheme provided by the invention further comprises the following steps:
the server acquires the behavior data of the administrator, and the behavior data is any second encrypted data which is not screened and selected by the administrator and is displayed through the display end. And after the server obtains second encrypted data corresponding to the number of the first preset values in a screening mode, displaying the screened second encrypted data, wherein the mode belongs to a machine selection mode and may have a certain difference with an actual situation. At this time, the administrator can select any second encrypted data which is not screened according to needs to be displayed through the display end, and the importance degree of the corresponding position and the robot corresponding to the second encrypted data selected by the administrator is possibly higher.
When the administrator selects any second encrypted data which is not screened to be displayed through the display end, the displayed second encrypted data can be randomly selected to be deleted, and one of the displayed second encrypted data can be deleted according to the selection of the administrator.
Second encrypted data which are not screened in the behavior data are obtained, second mark information corresponding to the second encrypted data are extracted, and target weight of the second mark information at the current moment is obtained. The invention can acquire second encrypted data which is not screened in the behavior data, wherein the second encrypted data is actively selected by an administrator in the behavior data, and the invention can extract second mark information corresponding to the second encrypted data and the target weight of the second mark information at the current moment.
The target weight at the current moment is adjusted through the following formula to obtain the adjusted target weight,
wherein,in order to achieve the adjusted target weight,the weight of the target at the current time instant,in order to be at the first preset value,is the first one screenedThe target weight of the second label information,is a preset adjustment coefficient. Since the administrator will select the second encrypted data that is not screened, it is proved that the video data corresponding to the second encrypted data is relatively more important, so the invention will actively adjust the target weight corresponding to the second encrypted data selected by the administrator upwards, so that the adjustment is performedThe target after the integration is heavier, and has a relatively higher screening value when the second encrypted data of the corresponding area and the robot are calculated next time. According to the technical scheme, an active learning mode can be adopted, so that each second mark information and each video data have more proper and accurate target weight, and when the quantity of the second encrypted data is larger than a first preset value, the second encrypted data of a corresponding target area which a user wants to see can be screened out.
The technical scheme provided by the invention further comprises the following steps:
and receiving selected data, and acquiring the ID corresponding to the 5G intelligent power grid inspection robot in the selected data, wherein the first mark information comprises the ID corresponding to the 5G intelligent power grid inspection robot. In the technical scheme provided by the invention, each 5G intelligent power grid inspection machine has an ID which is uniquely corresponding to the inspection machine, and the ID can be a string of numbers and a string of characters. For example 1, 1A, etc. At least one 5G intelligent power grid inspection robot may be arranged in each area. For example, the area a1 is provided with a 5G smart grid inspection robot J11, and the area a2 is provided with a 5G smart grid inspection robot J12.
When the administrator wants to see the environmental condition of a certain area, the administrator actively inputs selected data, and the selected data can be the ID of the 5G intelligent power grid inspection robot corresponding to the area that the administrator wants to see. For example, if the administrator wants to view the environment of the area a1, the selected data input by the administrator is the ID number J11 of the 5G smart grid inspection robot.
And selecting first encrypted data in the first database based on the ID in the selected data, and displaying the first encrypted data through the display terminal. The invention can select the first encrypted data in the first database according to the ID in the selected data, and further control the corresponding first encrypted data to be displayed by the display terminal.
Through the technical scheme, the administrator can call the first encrypted data in the first database to display as required, so that the user can check the first encrypted data.
The technical scheme provided by the invention further comprises the following steps:
and if the quantity of the second encrypted data with the second mark information at the current moment is smaller than the first preset value, obtaining the target weight corresponding to the ID of each intelligent power grid inspection robot in the weight table. In the actual display process of the video data on the display side, the server can control the display side to preferentially display the video data in the second encrypted data, but in the actual working condition, the video data in the second encrypted data is smaller than the first preset value, at the moment, a certain amount of first encrypted data and second encrypted data need to be selected to be displayed simultaneously, and when a certain amount of first encrypted data is selected, the method can select the first encrypted data according to the weight table.
And acquiring the quantity of all second encrypted data with the second mark information at the current moment to obtain a first quantity value. The invention can obtain the quantity of all the second encrypted data with the second mark information when determining the quantity of the first encrypted data, so that the quantity of the video data displayed by the display end is fixed no matter how the value of the second encrypted data changes.
And obtaining a second numerical value based on the first preset value and the first numerical value. The invention can obtain the second numerical value by subtracting the first numerical value from the first preset value. For example, if the first preset value is 9 and the amount of the second encrypted data is 5, the first amount value is 5 and the second amount value is 4.
And selecting a target weight corresponding to the second numerical value in the weight table, and extracting first encrypted data corresponding to the target weight to display through a display end. After determining the second quantity value, the present invention extracts a corresponding quantity of the first encrypted data in the weight table, for example, the weight table has 5 target weights, which are 5, 4, 3, 2, and 1, respectively. At this time, the second quantity value is 4, and the first encrypted data corresponding to the first 4 target weights in the weight table is selected at this time. That is, the present invention selects the first encrypted data of the second numerical value that is ranked first in the weight table.
According to the technical scheme, after the quantity of the second encrypted data is smaller than the first preset value, the corresponding quantity of the first encrypted data can be determined, so that the corresponding quantity of video data can be displayed by the display end under various working conditions and scenes, and an administrator can monitor and view the environment conditions of multiple areas at the same time.
Modern data networks are mostly based on IP technology, and a router is a core device on the IP technology-based network, which maintains a set of routing tables through a routing protocol running thereon, and forwards received IP data packets according to the routing tables. The IP packet sent by the sender is forwarded by a plurality of routers and then transmitted to the destination. In order to maintain a set of routing tables, routing messages need to be interacted between routing protocols on different routers so as to realize the creating/updating/learning functions of routing table information. Because the routing message is transmitted in a public network, the channel of which is shared by a plurality of network nodes, an attacker can easily intercept and forge/tamper with the routing message. Upon accepting such an erroneous routing message, the router will generate an erroneous routing table. When the routing protocol forwards the IP packet according to the wrong routing table, the packet cannot be transmitted to the destination. To address this problem, an integrity protection mechanism must be provided for the routing protocol to prevent an attacker from forging/tampering with the routing message. The basic idea of the integrity protection mechanism is to use key material to generate a message authentication code for a routing message (this process usually uses a one-way function or a threshold one-way function), and send the message authentication code to a receiver along with the message, after the receiver receives the routing message and the authentication code, the receiver verifies the message and the authentication code thereof by using the corresponding key material, and only the routing message passing the verification is a correct message which is not tampered by an attacker. Since the attacker does not have the keying material, it will not be able to forge/tamper with the message and generate the correct message authentication code. This mechanism allows only router-generated routing messages that possess keying material to be validated, and attacker-generated routing messages without keying material will not be validated. Thereby effectively preventing an attacker from forging/tampering the routing message.
Currently, most routing protocols define an integrity protection mechanism. As previously mentioned, routing protocols must use a set of keying material, called the Security Association (SA), to generate the message authentication code. Different routing protocols define different SAs but generally include information such as message authentication code generation algorithms and keys. However, most routing protocols do not provide an automatic management mechanism for the SA, but rather are manually configured and updated by a person called an administrator (administrator). However, the human hand configuration and update has the following problems: firstly, manual configuration of a human is easy to make mistakes; secondly, the manual configuration speed is low, and the requirement of networking of a large number of modern routers is not met; thirdly, many routers may belong to different operators, cannot directly configure the shared secret key on the routers, and must use a common trusted third party, and manual configuration is very difficult. Therefore, a key management protocol is urgently needed by the integrity protection mechanism of the routing protocol to realize automatic management of the security alliance so as to solve the three problems. With the improvement of the computing power of attackers and the endless layering of attack technologies, the probability and frequency of the attack and destruction of the network are higher and higher, and the cost for the modern network with rapidly increased service value is larger and larger. Therefore, an automatic key management protocol is designed for the routing protocol, and the automatic configuration, updating and negotiation of the key material are more urgent.
IKEv2 is a protocol that provides SA negotiation for the data security mechanism (IPsec) at the IP layer. A total of four types of exchanges, i.e., IKE SA INIT Exchange, IKE AUTH Exchange, CREATE CHILD SA Exchange, and INFORMATIONAL Exchange, may be involved before and after the SA negotiation process of IKEv2, wherein the first two types of exchanges, collectively referred to as Initial Exchange (Initial Exchange), are required and fixed in order, and the second two types of exchanges are optional, as desired. The Exchange (Exchange) in the IKEv2 consists of one request (request) and one response (response) that occur between two network peers (peers), where the peer that initiates the request is called the Initiator (generally denoted by i) and the peer that responds is called the Responder (generally denoted by r).
IKE _ SA _ INIT exchange negotiates cryptographic algorithms (cryptograms), exchanges random numbers (nonces), performs Diffie-Hellman (D-H) exchanges, negotiates security parameters for the two peers to generate IKE _ SA, and provides a secure channel for subsequent exchanges. The IKE AUTH exchange authenticates the peer identity and negotiates to generate a first CHILD SA, which provides the SA for the Encapsulating Security Payload (ESP) or/and Authentication Header (AH) of the IPsec. The CREATE CHILD SA exchange generates other CHILD SAs for updating the SA generated by the exchange or for use by ESP or/and AH. The information exchange is used as transmission control information, including error reporting and event notification.
In the phase 1 exchange of the IKEv2, the IKEv2 protocol uses configuration information in the authorization database PAD, such as long-term keys, identities, etc., to complete the authentication process and establish a secure channel.
In the phase 2 exchange of IKEv2, the IKEv2 protocol generates an SA for IPSEC from PAD information (note: the key is generated using the DH algorithm, not based on the configuration in the PAD database), and stores the SA in the SAD database. The PAD also generates information in the policy database SPD. And IPSEC uses the SA in the SAD database according to the configuration of the policy database SPD. Note: PAD: IKEv2 works primarily based on PAD. SPD-generated by IKEv2, which IPSEC uses for access to the SAD repository. SAD: a security association database.
The IKEv2 protocol cannot be used directly for the management of the routing protocol SA for the following reasons:
(1) the routing protocol does not have an SPD database. IKEv2 is a key management protocol designed for IPSEC. IPSEC uses the SAD using the SPD database. For example, when a packet is received by the IPSEC, the traffic selector in the SPD is used to determine which SA in the SAD bank the packet should be used to process the IPSEC packet. The traffic selector here is usually information of IP address, port number, etc. However, the routing protocol does not define the SPD database, and the routing protocol stack is not based on the so-called traffic selector but on the KEYID when processing the routing packet. This KEYID is typically included in routing protocol packets.
(2) The SA definition of the routing protocol is different from that of IPSEC, and the SA definition of each routing protocol is also different. This makes the existing IKEv2 unable to generate different SAs as required by each routing protocol.
One solution to this problem is: the routing protocol standard is modified to support the SPD database and the SAD database. However, this would change the security mechanism defined by the existing protocol a lot, and the workload is huge. Furthermore, backward compatibility is not good, which may cause impact on the existing configured router, and is difficult to be accepted by the operator.
Another solution to this problem is: and modifying the existing SPD database, PAD database and SAD database to meet the requirement of the routing protocol. However, doing so can impact the existing configured IPSEC/IKEV2 system, causing incompatibility problems. Meanwhile, a unified data structure (i.e., a database) is defined forcibly to meet the needs of a plurality of different routing protocols SA, and the definition of the database is very complex and is easy to make mistakes.
To address these problems, the best approach is: the current situation of the existing routing protocol SA is kept, and the current situations of SAD, SPD and PAD databases of the existing IPSEC are also kept. Redefines a data structure and modifies the key management protocol on the basis of this data structure. Having the key management protocol generate different SAs for different routing protocols based on this data structure. This has the further advantage that: the IKEv2 protocol does not regenerate the data of the SPD database, as long as data in the SA format defined by the routing protocol is generated. Is much simpler to implement than the generation of ISPEC SAs.
However, the work of the karp working group still stays in the first step, and only one preliminary key table is defined. The key table draft also has the following problems:
(1) the existing key table draft lacks support for public key cryptography. The existing key table draft only defines a data structure based on a symmetric key, and does not define a data structure based on public key cryptography. Public key cryptography is an important branch of modern cryptography and is also a cryptography supported by most systems (currently, the PAD database like IPSEC indicates that it supports the mechanism of public key cryptography). The Sam Hartman et al also recommended public key cryptography techniques to the karp working group. Therefore, it is necessary for the routing table to support public key cryptography.
(2) The existing key table draft does not define a mechanism how to use the key table to generate the routing protocol SA. Key tables define a suite of keying material, however, the security associations for each routing protocol are different. How to convert from generic security material defined by the key table into security associations for each routing protocol is an important issue.
(2) The existing IKEv2 protocol generates a key for the CHILD SA based on the DH exchange. The key table expects that the key of the CHILD SA is generated from the key in the key table using KDF. There is a conflict between the two. Therefore, the existing IKEv2 protocol is also incompatible with the key table protocol in terms of key generation.
(3) The existing patent has extended the IKEv2 protocol to support the data related to the transport routing protocol SA, however, the existing patent completes the key table before the key table is accepted by IETF, and the interactive flow cannot meet the requirement of the key table.
In order to solve the problems, the invention expands the existing key table draft to support public key cryptography, simultaneously establishes a conversion mechanism from the key table to the routing protocol SA, and designs a negotiation flow of IKEv2 for creating the CHILD _ SA on the basis.
The technical scheme provided by the invention comprises the following steps of encrypting the video data:
and acquiring a key table at the current moment, and expanding the key table to obtain an expanded AlgID field, a KDF field and a key field.
The AlgID field is a cryptographic algorithm used in a routing protocol SA and used for protecting the integrity of routing messages;
the KDF field is an algorithm for generating a short-term key of a routing protocol based on a long-term key, and the KDF field is used for enabling a key table to generate the short-term key from the long-term key of public key cryptography based on an ikev2 protocol;
the key field is used for storing a long-term key, if the key stored in the key field is judged to be a public key, the public key is allowed to be transmitted in the transmission process of the first encrypted data and/or the second encrypted data, and if the key stored in the key field is judged to be a private key, the private key is not transmitted in the transmission process of the first encrypted data and/or the second encrypted data;
and encrypting the first encrypted data and/or the second encrypted data based on the key table.
The technical scheme provided by the invention further comprises the following steps:
judging that the long-term key configured in the key table is a public-private key mode in public key cryptography, namely, a key field in the key table is a private key, and key _ para is a public key and a corresponding cipher material, and carrying out encryption transmission according to different gateways based on the public key and the private key in the data transmission process;
and judging that the long-term key configured in the key table is a shared key of symmetric cryptography, namely, the key field in the key table is the shared key, and the key _ para is empty, and performing encryption transmission based on different gateways of the shared key in the data transmission process.
The example will extend the AlgID field, KDF field and key field, and add the key cryptography parameter field key _ para to make the key table support the configuration of keys based on public key cryptography. There are two implications for public key cryptography support here: one is that the long-term key may be a public key; secondly, the routing protocol can use the public key for integrity protection.
The algID field is a cryptographic algorithm used in the routing protocol SA for protecting the integrity of routing messages, and the key table draft specifies that the algorithm can only use a symmetric cryptographic algorithm and cannot use a public key cryptographic algorithm. Symmetric cryptographic algorithms are also mainly used in current routing protocols. However, public key cryptography has strong security features. It is also possible that the future routing protocol uses public key cryptography algorithms. The present invention modifies the description of the key table draft to the AlgID field, allowing the routing protocol to use public key cryptography to protect the integrity of the routing message.
The KDF field is an algorithm that generates a routing protocol short-term key from the long-term key. The current key table draft does not define a specific KDF algorithm, nor does it describe whether a public key cryptography mechanism can be used to generate a short-term key. The present invention modifies the description of the KDF field by the key table draft, allowing the ikev2 protocol to generate short-term keys from long-term keys of public key cryptography.
The Key field is a field that stores a long-term Key. The current key table draft only allows the key field to store the symmetric key. The invention modifies the description of the key table draft to the key field, allowing the router to store the private key of public key cryptography. When the field stores a private key, the field cannot be sent to other entities.
The Key _ para field is a newly added field for supplementary description of the Key field. Key _ para includes Cipher sut and Data. Wherein, the length of the Cipher sub field is 1 byte, which represents the selected Cipher system. The cryptosystem may be as shown in table 1,
the Data field length may vary. For the RSA1024 cipher system, this field holds two parameters: e, n. Where e is the public key, n = pq, p and q are two large prime numbers of 1024 bits. For elliptic curve cryptosystems, this field holds several parameters: p, a, b, G, n, h. Taking ECC192 as an example, p, a, b, n, h are 192 bits, G is a point on an elliptic curve, and both the x-coordinate and the y-coordinate are 192 bits.
The invention can also define two fields through the Key table: notbeforee and NotAfter, which perform the conversion of key life time to the key life time of the routing protocol, as shown in fig. 4, for example:
(1) for the RIPv2 protocol: start time = notbeform, Stop time = NotAfter.
(2) For the OSPFv2 protocol, Key start accept = notbeform, Key Stop accept = NotAfter, Key start generate = time of negotiation start, Key Stop generate = time of negotiation completion.
In the implementation method, the AlgID field, the KDF field and the key field are modified so as to allow the router key management method to use a public key cryptographic algorithm to protect the routing information of the 5G gateway, thereby ensuring that the uploading information of the inspection robot is correctly transmitted to the monitoring terminal.
The embodiment also provides a selection algorithm, so that the ikev2 protocol can select a corresponding record from the key table, establish connection, and be used for generating the routing protocol SA. The selection algorithm is as follows:
and the Kmp calls a corresponding detection program to traverse the interfaces field, the protocol field and the peers field in the key table. It is detected whether a corresponding routing protocol is running on it. The Key table draft does not define the format of the Interfaces, and the MAC address is used for identifying the fields of the Interfaces. The format of the Peers field is also not defined in the Key table draft, and the present invention identifies the Peers field using IP addresses. The Key table draft also has no specific content for defining the Protocol field, and the routing management method follows the definition of a routing Protocol Key management method and system based on IKEv 2. Since each routing Protocol runs on a different Protocol, the kmp detection procedure needs to associate the ID number of the Protocol field with the corresponding routing Protocol to perform the probing process. For example, the BGP protocol runs on port number 179 for TCP, the RIP protocol runs on port number 520 for UDP, and OSPF uses Raw IP transport with protocol number 89.
For example, assuming that peers are 172.21.111.1, protocol field value is RIPv2, and interfaces field is 00-eo-fc-82-4c-84, kmp detects whether the routing protocol is running on the UDP protocol 520 port on the machine with IP address 172.21.111.1 and MAC address 00-eo-fc-82-4 c-84. If a routing protocol is running, an IKE _ SA is established for it. If no routing protocol is running, then no security association may be established. In the invention, if two routers are in the same subnet, the detection of the interfaces field is taken as the main, and the peers field belongs to the optional detection direction; if the two routers are not in the same subnet, the detection peers field is taken as the main field, and the interfaces field belongs to the optional detection item.
One problem is that: if the routing protocol security association has not been established and the router has issued a routing message, this earlier routing message may be modified by the attacker. But this situation can be addressed by routing information updates after the security association is established. This safety issue is not critical.
If more sophisticated security is to be provided, the embodiment may not be run, and kmp establishes a security association directly for all entries in the key table. But the result of this may be reduced performance. The present embodiment provides a method of optimizing kmp performance: i.e. only records running the routing protocol are managed.
The present embodiment assumes that the long-term key configured in the key table is a public-private key of public key cryptography. That is, the key field in the key is the private key, and key _ para is the public key and associated cryptographic material. The routing protocol security association negotiation process in this case is shown in fig. 5. The SA negotiation between two routers has two stages, the SA negotiation in the first stage generates IKE _ SA for protecting the subsequent negotiation channel, and the second stage calculates Key ID, Authentication Algorithm and Life Time according to Key table. Finally, the routing protocol SA (CHILD SA) is negotiated using the calculation result. The Authentication Key can be generated by a D-H exchange algorithm, and can also directly use the Key in the Key table. The specific contents of the exchanges are shown in table 2:
wherein (1) the result of step X1, X2 is to generate an IKE _ SA for securing subsequent communications. The payload specification is the same as RFC 4306.
(2) Steps X3 and X4 generate the first CHILD _ SA. This is the SA generated by the IKEv2 protocol by default. The payload specification is the same as RFC 4306.
(3) Steps X5 and X6 generate CHILD SA of the routing protocol. The description of the key _ para load is as above, and the description of other loads is as same as RFC 4306.
(4) Before executing step X5, the responder first needs to find the corresponding entry in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA.
(5) Before the initiator executes step X6, it also needs to find the corresponding record item in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA. And comparing the SA with the received suggested SA, selecting the SA meeting the condition, and returning the SA to the responder, thereby generating a routing protocol security association.
(6) The initiator and the responder generate a key in the routing protocol SA according to the key _ para. The shared key is computed using the DH algorithm or the public key is used directly as the key for the routing protocol. The reason for transmitting Key _ para here is two points: firstly, the opposite side verifies whether the received information is consistent with the information in the database of the opposite side; and secondly, when the configuration of the peer database is incomplete, the received information can be directly used.
There are many Key generation methods, and the invention provides two methods: firstly, a DH algorithm is used for generating a symmetric key, secondly, a public key is directly sent to an opposite terminal, and the integrity of a routing protocol message is protected by adopting a public key digital signature method. When the step X5 is Key _ para in X6, the public Key is directly sent to the opposite end, and the integrity of the routing protocol message is protected by adopting a method of digital signature of the public Key. When the result in the step X5 and X6 is KE, a DH algorithm is used to generate a symmetric key, and the symmetric key is used to protect the integrity of the routing protocol message.
The present embodiment assumes that the long-term key configured in the key table is a shared key of symmetric cryptography. I.e. the key field in the key table is the shared key and key _ para is empty, the routing protocol security association negotiation process in this case is as shown in fig. 6. The SA negotiation between two routers has two stages, the SA negotiation in the first stage generates IKE _ SA for protecting the subsequent negotiation channel, the second stage calculates Key ID, Authentication Algorithm and Life Time, etc. according to Key table, and negotiates routing protocol SA (CHILD _ SA) by using the calculation result. The specific content of the exchanges is shown in the following table:
wherein (1) the result of step Y1, Y2 is to generate IKE _ SA for securing subsequent communication. The payload specification is the same as RFC 4306.
(2) Steps Y3 and Y4 generate the first CHILD _ SA. This is the SA generated by the IKEv2 protocol by default. The payload specification is the same as RFC 4306.
(3) Steps Y7 and Y8 generate CHILD _ SA of the routing protocol. The payload is described in RFC 4306.
(4) Before executing step Y8, the responder first needs to find the corresponding record item in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA.
(5) Before executing step Y8, the initiator also needs to find the corresponding record item in the key table according to the information such as the interfaces, peer and protocol IDs. Then, according to the first, third and fourth embodiments of the present invention, a key identifier, a life time and a key parameter are generated for the routing protocol SA. And comparing the SA with the received suggested SA, selecting the SA meeting the condition, and returning the SA to the responder, thereby generating a routing protocol security association.
(6) The initiator and responder generate keys according to the key in the key table and the specification of the KDF field.
In conclusion, the key table draft can support both symmetric cryptography and public key cryptography. The embodiment of the invention also provides a mechanism for converting the key table into the routing protocol SA, so that the IKEv2 protocol can generate the routing protocol SA by using the key table negotiation. The mechanisms can provide safety protection of modern public key cryptography for a routing protocol, and the router key management protocol can protect a routing table of the 5G gateway from being tampered and attacked, so that data collected by the inspection robot can be normally transmitted to the monitoring terminal.
(1) The embodiment of the invention provides a key table expansion method, which comprises the following steps:
and expanding the AlgID field, the KDF field and the key field, and adding a key cryptography parameter field key _ para to enable the key table to support the configuration of a key based on public key cryptography. The extended AlgID field and key field are used to hold cryptographic algorithms and keys. The added key _ para field is used to hold key-related parameters.
This embodiment enables the key table to support both long-term keys based on public key cryptography and long-term keys based on symmetric cryptography.
(2) The embodiment of the invention provides a method for selecting one record in a key table, which comprises the following steps:
the Ikev2 protocol selects corresponding records from the key table according to the information of protocol, interfaces, peers, etc. for performing SA negotiation with the opposite end. The selection method can well identify the other side.
This embodiment enables ikev2 to select an appropriate long-term key record from the key table for use in generating the routing protocol SA.
(3) The embodiment of the invention provides a key identifier conversion method, which comprises the following steps:
the key identifier definition of each routing protocol is different, while the key identifier definition in the key table is the same. The embodiment defines a transformation algorithm, so that the key identifier in the key table can be transformed into the key identifier of the routing protocol SA. The transformation algorithm can enable the ikev2 protocol to correspond the key identifier in the key table with the key identifier of the routing protocol SA. The transformation and inverse transformation algorithm can prevent the key identifiers of a plurality of routing protocols SA from conflicting after transformation.
This embodiment enables the key identifier in the key table and the key identifier of the routing protocol SA to be translated with each other without collision.
(4) The embodiment of the invention provides a method for converting key life time, which comprises the following steps:
the key life time definitions of each routing protocol are different, while the key life time definitions in the key table are the same. The present embodiment defines a transformation algorithm so that the key life time in the key table can be transformed into the key life time of the routing protocol SA. The transformation algorithm can make the ikev2 protocol correspond the key life time in the key table with the key life time of the routing protocol SA. And the transformed key life time is made to meet the requirements before transformation.
This embodiment enables the key life time in the key table and the key life time of the routing protocol SA to be converted to each other without causing a collision.
(5) The embodiment of the invention provides a key parameter transmission method, which comprises the following steps:
for the public key cryptosystem, one key corresponds to not only a key with the length of a character string, but also a series of related parameters. This embodiment defines a new payload in ikev2 for loading the parameters corresponding to the key of public key cryptography. The payload can be loaded with different key parameters defined by public key cryptography.
This embodiment enables public key cryptography-based keys defined by the key table to be used in the routing protocol in the true sense.
(6) The embodiment of the invention provides a routing protocol SA negotiation mechanism based on public key cryptography, which comprises the following steps:
and negotiating by using records based on public key cryptography in the key table, and finally generating the routing protocol SA. The process can realize the conversion from the record in the key table to the routing protocol SA, and can successfully negotiate out the routing protocol SA.
This embodiment enables the ikev2 protocol to generate a routing protocol SA from public key cryptography-based key negotiations as defined in the key table.
(7) The embodiment of the invention provides a routing protocol SA negotiation mechanism based on symmetric cryptography, which comprises the following steps:
and negotiating by adopting records based on symmetric cryptography in the key table, and finally generating the routing protocol SA. The process can realize the conversion from the record in the key table to the routing protocol SA, and can successfully negotiate out the routing protocol SA.
This embodiment enables the ikev2 protocol to generate a routing protocol SA from symmetric cryptography-based key negotiations defined in the key table.
The technical scheme provided by the embodiment of the invention shows that the routing protocol key management method can provide a uniform long-term key storage form for different routing protocols, and is convenient for uniformly managing the long-term trust relationship used by the routing protocols. Meanwhile, the key table and the routing protocol SA can be corresponded, and the conversion from the key table to the routing protocol SA is realized. This greatly simplifies the operator's work of managing long-term keys, so that the operator only needs to know the format of one long-term key, instead of defining one long-term key format for each routing protocol and managing different routing protocol long-term key formats. The mode protects the safety of the routing table, so that the returned data of the 5G intelligent power grid inspection robot can be safely transmitted to the monitoring center.
The technical scheme provided by the invention also provides a data encryption transmission device suitable for the 5G intelligent power grid inspection robot, as shown in fig. 7, comprising:
the identification module is used for enabling the plurality of 5G intelligent power grid inspection robots to respectively identify and process the video data acquired in the inspection process to obtain respective identification results;
the first marking module is used for encrypting the video data to obtain first encrypted data if the identification result is that the preset target does not exist in the video data, adding first marking information to the first encrypted data, and sending the first encrypted data added with the first marking information to a server;
the second marking module is used for encrypting the video data to obtain second encrypted data if the identification result is that a preset target exists in the video data, adding second marking information to the second encrypted data, and sending the second encrypted data added with the second marking information to the server;
the first transmission module is used for enabling the server to transmit the first encrypted data to a first database for storage according to the first mark information;
the quantity judgment module is used for enabling the server to judge that the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, and transmitting all the second encrypted data with the second mark information to the display end for displaying;
and the second transmission module is used for enabling the server to screen all the second encrypted data with the second mark information when the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, obtaining the second encrypted data with the second mark information, which is the same as the first preset value in quantity after screening, and transmitting the screened second encrypted data to the display end for displaying.
The readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the readable storage medium may also reside as discrete components in a communication device. The readable storage medium may be a read-only memory (ROM), a random-access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present invention also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the device may read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.
In the above embodiments of the terminal or the server, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. Data encryption transmission method suitable for 5G smart power grids patrols and examines robot, its characterized in that includes:
the 5G intelligent power grid inspection robots respectively identify and process video data acquired in the inspection process to obtain respective identification results;
if the identification result is that no preset target exists in the video data, encrypting the video data to obtain first encrypted data, adding first mark information to the first encrypted data, and sending the first encrypted data added with the first mark information to a server;
if the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to a server;
the server transmits the first encrypted data to a first database for storage according to the first mark information;
the server side judges the quantity of second encrypted data with second mark information at the current moment, and if the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, all the second encrypted data with the second mark information are transmitted to a display side to be displayed; and if the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, screening all the second encrypted data with the second mark information to obtain the second encrypted data with the second mark information, which has the same quantity as the first preset value, after screening, and transmitting the screened second encrypted data to a display end for display.
2. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 1, wherein the video data is encrypted through the following steps:
acquiring a key table at the current moment, and expanding the key table to obtain an expanded AlgID field, a KDF field and a key field;
a cryptographic algorithm used in a routing protocol SA and used for protecting the integrity of routing messages is stored in the AlgID field;
the KDF field stores an algorithm for generating a short-term key of a routing protocol according to a long-term key, and is used for enabling a key table to generate the short-term key from the long-term key of public key cryptography based on an ikev2 protocol;
the key field is used for storing a long-term key, if the key stored in the key field is judged to be a public key, the public key is allowed to be transmitted in the transmission process of the first encrypted data and/or the second encrypted data, and if the key stored in the key field is judged to be a private key, the private key is not transmitted in the transmission process of the first encrypted data and/or the second encrypted data;
and encrypting the first encrypted data and/or the second encrypted data based on the key table.
3. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 2, further comprising:
if the long-term secret key configured in the secret key table is a public-private key mode in public key cryptography, namely the key field in the secret key table is a private key, and the key _ para is a public key and a corresponding cipher material, encryption transmission is carried out based on different gateways of the public key and the private key in the data transmission process;
if the long-term key configured in the key table is a shared key of symmetric cryptography, that is, the key field in the key table is the shared key, and the key _ para is empty, then encrypted transmission is performed based on different gateways of the shared key in the data transmission process.
4. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 1,
a plurality of 5G smart power grids patrol and examine the video data that the robot was gathered to patrolling and examining the in-process and carry out identification processing respectively and obtain respective recognition result and include:
at least one preset target is arranged in each 5G intelligent power grid inspection robot in advance;
if the preset target exists in the video data, the obtained identification result has the corresponding preset target;
and if the preset target does not exist in the video data, the obtained identification result does not have the corresponding preset target.
5. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 1,
if the identification result is that a preset target exists in the video data, encrypting the video data to obtain second encrypted data, adding second mark information to the second encrypted data, and sending the second encrypted data added with the second mark information to a server side comprises the following steps:
if the identification result is that the preset targets exist in the video data, acquiring the number of the preset targets, and generating second mark information based on the number of the preset targets and the ID of the 5G intelligent power grid inspection robot;
and adding second mark information to the second encrypted data, wherein the second mark information comprises the number of preset targets and the ID of the 5G intelligent power grid inspection robot, and sending the second encrypted data added with the second mark information to a server.
6. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 5,
the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than a first preset value, then all the second encrypted data with the second mark information are screened to obtain the second encrypted data with the second mark information, the quantity of the second encrypted data after screening is the same as that of the second encrypted data with the second mark information of the first preset value, and the transmission of the second encrypted data after screening to the display end for display comprises the following steps:
the server side judges that the quantity of second encrypted data with second mark information at the current moment is larger than a first preset value, and obtains the quantity of preset targets in each second mark information;
extracting a target weight corresponding to the ID of each intelligent power grid inspection robot in a preset weight table, acquiring the target weight corresponding to each second mark information, obtaining the screening value of each second mark information through the following formula,
wherein,is as followsiA screening value corresponding to the second flag information,is as followsiThe number of preset targets in the second flag information,is as followsiThe target weight of the second label information,is as followsThe number of preset targets in the second flag information,is as followsA target weight of the second label information;
sorting all the screening values corresponding to the second mark information in a descending order to obtain a sorting result, screening the sorting result from front to back, screening second encrypted data with the same quantity as the first preset value in the sorting result, and transmitting the screened second encrypted data to a display terminal for displaying.
7. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 6, further comprising:
the server acquires behavior data of an administrator, wherein the behavior data is any second encrypted data which is not screened and selected by the administrator and is displayed through the display end;
acquiring second encrypted data which are not screened in the behavior data, extracting second mark information corresponding to the second encrypted data, and acquiring target weight of the second mark information at the current moment;
the target weight at the current moment is adjusted through the following formula to obtain the adjusted target weight,
8. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 6, further comprising:
receiving selected data, and acquiring an ID (identity) corresponding to the 5G intelligent power grid inspection robot in the selected data, wherein the first mark information comprises the ID corresponding to the 5G intelligent power grid inspection robot;
and selecting first encrypted data in the first database based on the ID in the selected data, and displaying the first encrypted data through the display terminal.
9. The data encryption transmission method suitable for the 5G smart grid inspection robot according to claim 8, further comprising:
if the quantity of the second encrypted data with the second mark information at the current moment is smaller than a first preset value, obtaining a target weight corresponding to the ID of each intelligent power grid inspection robot in the weight table;
acquiring the quantity of all second encrypted data with second mark information at the current moment to obtain a first quantity value;
obtaining a second numerical value based on the first preset value and the first numerical value;
and selecting a target weight corresponding to the second numerical value in the weight table, and extracting first encrypted data corresponding to the target weight to display through a display end.
10. Data encryption transmission device suitable for robot is patrolled and examined to 5G smart power grids, its characterized in that includes:
the identification module is used for enabling the plurality of 5G intelligent power grid inspection robots to respectively identify and process the video data acquired in the inspection process to obtain respective identification results;
the first marking module is used for encrypting the video data to obtain first encrypted data if the identification result is that the preset target does not exist in the video data, adding first marking information to the first encrypted data, and sending the first encrypted data added with the first marking information to a server;
the second marking module is used for encrypting the video data to obtain second encrypted data if the identification result is that a preset target exists in the video data, adding second marking information to the second encrypted data, and sending the second encrypted data added with the second marking information to the server;
the first transmission module is used for enabling the server to transmit the first encrypted data to a first database for storage according to the first mark information;
the quantity judgment module is used for enabling the server to judge that the quantity of the second encrypted data with the second mark information at the current moment is less than or equal to a first preset value, and transmitting all the second encrypted data with the second mark information to the display end for displaying;
and the second transmission module is used for enabling the server to screen all the second encrypted data with the second mark information when the server judges that the quantity of the second encrypted data with the second mark information at the current moment is greater than the first preset value, obtaining the second encrypted data with the second mark information, which is the same as the first preset value in quantity after screening, and transmitting the screened second encrypted data to the display end for displaying.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210120905.7A CN114173332B (en) | 2022-02-09 | 2022-02-09 | Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210120905.7A CN114173332B (en) | 2022-02-09 | 2022-02-09 | Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114173332A true CN114173332A (en) | 2022-03-11 |
CN114173332B CN114173332B (en) | 2022-04-19 |
Family
ID=80489641
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210120905.7A Active CN114173332B (en) | 2022-02-09 | 2022-02-09 | Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114173332B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114584403A (en) * | 2022-05-07 | 2022-06-03 | 中国长江三峡集团有限公司 | Power plant inspection equipment authentication management system and method |
CN117748745A (en) * | 2024-02-19 | 2024-03-22 | 国网浙江省电力有限公司宁波供电公司 | Method and system for optimizing and enhancing reliability of power distribution network |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7792295B2 (en) * | 2005-04-25 | 2010-09-07 | Panasonic Corporation | Monitoring camera system, imaging device, and video display device |
CN104883540A (en) * | 2015-05-13 | 2015-09-02 | 成都三零凯天通信实业有限公司 | Video monitoring client system based on NeoKylin operation system |
CN106209872A (en) * | 2016-07-18 | 2016-12-07 | 西安建筑科技大学 | A kind of safety video monitoring equipment based on SOC and monitoring method |
CN107277456A (en) * | 2017-07-26 | 2017-10-20 | 北京计算机技术及应用研究所 | A kind of video security monitoring system based on Android device |
CN107426533A (en) * | 2017-05-19 | 2017-12-01 | 国网天津市电力公司 | A kind of video monitoring image recognition system based on video-encryption compression and image identification |
CN108039008A (en) * | 2017-12-29 | 2018-05-15 | 英华达(南京)科技有限公司 | Intelligent video monitoring method, apparatus and system |
CN110062206A (en) * | 2019-04-16 | 2019-07-26 | 阜阳师范学院 | A kind of video monitoring system resolves safely method and Video Monitor System |
CN110446105A (en) * | 2019-09-20 | 2019-11-12 | 网易(杭州)网络有限公司 | Video-encryption, decryption method and device |
CN111083699A (en) * | 2018-10-19 | 2020-04-28 | 电信科学技术研究院有限公司 | Key generation method and device, first network entity and base station equipment |
CN111274578A (en) * | 2018-11-20 | 2020-06-12 | 慧盾信息安全科技(苏州)股份有限公司 | Data safety protection system and method for video monitoring system |
CN111935349A (en) * | 2020-08-07 | 2020-11-13 | 闻泰通讯股份有限公司 | Terminal-based information display method and device, terminal and storage medium |
CN112165596A (en) * | 2020-09-03 | 2021-01-01 | 视联动力信息技术股份有限公司 | Monitoring video data transmission method and device, terminal equipment and storage medium |
CN112636913A (en) * | 2021-03-05 | 2021-04-09 | 广东睿江云计算股份有限公司 | Networking method for key sharing |
WO2021217899A1 (en) * | 2020-04-30 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Method, apparatus, and device for encrypting display information, and storage medium |
CN114005244A (en) * | 2021-10-25 | 2022-02-01 | 温州职业技术学院 | Building engineering management video acquisition system |
-
2022
- 2022-02-09 CN CN202210120905.7A patent/CN114173332B/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7792295B2 (en) * | 2005-04-25 | 2010-09-07 | Panasonic Corporation | Monitoring camera system, imaging device, and video display device |
CN104883540A (en) * | 2015-05-13 | 2015-09-02 | 成都三零凯天通信实业有限公司 | Video monitoring client system based on NeoKylin operation system |
CN106209872A (en) * | 2016-07-18 | 2016-12-07 | 西安建筑科技大学 | A kind of safety video monitoring equipment based on SOC and monitoring method |
CN107426533A (en) * | 2017-05-19 | 2017-12-01 | 国网天津市电力公司 | A kind of video monitoring image recognition system based on video-encryption compression and image identification |
CN107277456A (en) * | 2017-07-26 | 2017-10-20 | 北京计算机技术及应用研究所 | A kind of video security monitoring system based on Android device |
CN108039008A (en) * | 2017-12-29 | 2018-05-15 | 英华达(南京)科技有限公司 | Intelligent video monitoring method, apparatus and system |
CN111083699A (en) * | 2018-10-19 | 2020-04-28 | 电信科学技术研究院有限公司 | Key generation method and device, first network entity and base station equipment |
CN111274578A (en) * | 2018-11-20 | 2020-06-12 | 慧盾信息安全科技(苏州)股份有限公司 | Data safety protection system and method for video monitoring system |
CN110062206A (en) * | 2019-04-16 | 2019-07-26 | 阜阳师范学院 | A kind of video monitoring system resolves safely method and Video Monitor System |
CN110446105A (en) * | 2019-09-20 | 2019-11-12 | 网易(杭州)网络有限公司 | Video-encryption, decryption method and device |
WO2021217899A1 (en) * | 2020-04-30 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Method, apparatus, and device for encrypting display information, and storage medium |
CN111935349A (en) * | 2020-08-07 | 2020-11-13 | 闻泰通讯股份有限公司 | Terminal-based information display method and device, terminal and storage medium |
CN112165596A (en) * | 2020-09-03 | 2021-01-01 | 视联动力信息技术股份有限公司 | Monitoring video data transmission method and device, terminal equipment and storage medium |
CN112636913A (en) * | 2021-03-05 | 2021-04-09 | 广东睿江云计算股份有限公司 | Networking method for key sharing |
CN114005244A (en) * | 2021-10-25 | 2022-02-01 | 温州职业技术学院 | Building engineering management video acquisition system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114584403A (en) * | 2022-05-07 | 2022-06-03 | 中国长江三峡集团有限公司 | Power plant inspection equipment authentication management system and method |
CN114584403B (en) * | 2022-05-07 | 2022-07-19 | 中国长江三峡集团有限公司 | Power plant inspection equipment authentication management system and method |
CN117748745A (en) * | 2024-02-19 | 2024-03-22 | 国网浙江省电力有限公司宁波供电公司 | Method and system for optimizing and enhancing reliability of power distribution network |
CN117748745B (en) * | 2024-02-19 | 2024-05-10 | 国网浙江省电力有限公司宁波供电公司 | Method and system for optimizing and enhancing reliability of power distribution network |
Also Published As
Publication number | Publication date |
---|---|
CN114173332B (en) | 2022-04-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yang et al. | Faster authenticated key agreement with perfect forward secrecy for industrial internet-of-things | |
CN114173332B (en) | Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot | |
US8281127B2 (en) | Method for digital identity authentication | |
US7823194B2 (en) | System and methods for identification and tracking of user and/or source initiating communication in a computer network | |
US9306936B2 (en) | Techniques to classify virtual private network traffic based on identity | |
EP3432523A1 (en) | Method and system for connecting virtual private network by terminal, and related device | |
US8327129B2 (en) | Method, apparatus and system for internet key exchange negotiation | |
US20160269421A1 (en) | Method for network security using statistical object identification | |
EP1093254A2 (en) | Virtual private network management system | |
CN111064755B (en) | Data protection method and device, computer equipment and storage medium | |
CA2506418C (en) | Systems and apparatuses using identification data in network communication | |
CN112769568B (en) | Security authentication communication system and method in fog computing environment and Internet of things equipment | |
CN110191052A (en) | Across the protocol network transmission method of one kind and system | |
US20020178356A1 (en) | Method for setting up secure connections | |
CN114143068A (en) | Electric power internet of things gateway equipment container safety protection system and method thereof | |
CN116321147A (en) | Zero trust-based multi-attribute terminal identity authentication method and system | |
CN110839036B (en) | Attack detection method and system for SDN (software defined network) | |
CN109936515A (en) | Access configuration method, information providing method and device | |
US20110055571A1 (en) | Method and system for preventing lower-layer level attacks in a network | |
CN100499649C (en) | Method for realizing safety coalition backup and switching | |
US8031596B2 (en) | Router associated to a secure device | |
CN109150661A (en) | A kind of method for discovering equipment and device | |
CN108282337A (en) | A kind of Routing Protocol reinforcement means based on trusted cryptography's card | |
JP2009031848A (en) | Authentication transferring device | |
CN114915536A (en) | Network architecture based on SDP component and terminal equipment safety protection method facing novel network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |