This standard specifies the technical requirements for security protection of the video information in video surveillance network for public security and the control signaling information, including interconnection structure, certificate and key requirements, basic functional requirements, performance requirements and other technical requirements of the information security system in video surveillance network in public security use.
This standard is applicable to the information security scheme design of video surveillance system for public security, system testing and acceptance, as well as related equipment development and testing.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 2260-2007 Codes for the administrative divisions of the People’s Republic of China
GB/T 2659-2000 Codes for the representation of names of countries and regions
GB/T 7408-2005 Data elements and interchange formats—Information interchange—Representation of dates and times
GB/T 15843.3-2008 Information technology—Security techniques—Entity authentication—Part 3: Mechanisms using digital signature techniques
GB/T 25724-2017 Technical specifications for surveillance video and audio coding for public security
GB/T 28181-2016 Technical requirements for information transport, switch and control in video surveillance network system for public security
GM/T 0005-2012 Randomness test specification
GM/T 0014-2012 Digital certificate authentication system cryptography protocol specification
GM/T 0015-2012 Digital certificate format based on SM2 algorithm
GM/T 0034-2014 Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm
IETF RFC 2976 The SIP INFO Method
IETF RFC 3261 SIP: Session Initiation Protocol
IETF RFC 3548 The Base16, Base32, and Base64 Data Encodings
IETF RFC 3550 RTP: A Transport Protocol for Real-Time Applications
IETF RFC 3725 Best Current Practices for Third Party Call Control (3PCC) in the Session Initiation Protocol (SIP)
IETF RFC 4566 Session Description Protocol
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 28181- 2016 and the following apply.
3.1.1
video encryption key
a symmetric key randomly generated by a front-end device with safety function (FDWSF), which changes according to a certain rule and is used for directly encrypting the video content to realize confidentiality protection of video transmission
3.1.2
video key encryption key
a symmetric key generated by security management platform in video surveillance and distributed to a front-end device with safety function (FDWSF), which changes according to a certain rule and is used for encrypting the video encryption key to realize confidentiality protection of its transmission
Foreword i 1 Scope 2 Normative references 3 Terms, definitions and abbreviations 3.1 Terms and definitions 3.2 Abbreviations 4 Interconnection structure of information security system in video surveillance network in public security use 4.1 Interconnection structure 4.2 In-system networking 4.3 Inter-system networking 4.4 Networking mode 5 Certificate and key requirements 5.1 Cryptographic algorithm 5.2 Digital certificate type 5.3 Digital certificate format 5.4 Key type 6 Basic functional requirements 6.1 Unified encoding rule 6.2 User identity authentication 6.3 Front-end device grading 6.4 Device ID authentication 6.5 Authentication between management platforms 6.6 Authorization and access control 6.7 Control signaling authentication 6.8 Video source signature and integrity verification 6.9 Video/audio encryption 6.10 Device exception management alarm 6.11 Security management 6.12 Log management 6.13 Asymmetric key management 6.14 Symmetric key management 7 Performance requirements 7.1 Device ID authentication 7.2 Video data signature 7.3 Video encryption/decryption Annex A (Normative) Digital certificate format Annex B (Normative) Encoding rules of cryptographic module Annex C (Normative) Process and protocol Annex D (Informative) Examples of signaling messages Annex E (Informative) Export of encrypted video Bibliography
1 Scope
This standard specifies the technical requirements for security protection of the video information in video surveillance network for public security and the control signaling information, including interconnection structure, certificate and key requirements, basic functional requirements, performance requirements and other technical requirements of the information security system in video surveillance network in public security use.
This standard is applicable to the information security scheme design of video surveillance system for public security, system testing and acceptance, as well as related equipment development and testing.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 2260-2007 Codes for the administrative divisions of the People’s Republic of China
GB/T 2659-2000 Codes for the representation of names of countries and regions
GB/T 7408-2005 Data elements and interchange formats—Information interchange—Representation of dates and times
GB/T 15843.3-2008 Information technology—Security techniques—Entity authentication—Part 3: Mechanisms using digital signature techniques
GB/T 25724-2017 Technical specifications for surveillance video and audio coding for public security
GB/T 28181-2016 Technical requirements for information transport, switch and control in video surveillance network system for public security
GM/T 0005-2012 Randomness test specification
GM/T 0014-2012 Digital certificate authentication system cryptography protocol specification
GM/T 0015-2012 Digital certificate format based on SM2 algorithm
GM/T 0034-2014 Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm
IETF RFC 2976 The SIP INFO Method
IETF RFC 3261 SIP: Session Initiation Protocol
IETF RFC 3548 The Base16, Base32, and Base64 Data Encodings
IETF RFC 3550 RTP: A Transport Protocol for Real-Time Applications
IETF RFC 3725 Best Current Practices for Third Party Call Control (3PCC) in the Session Initiation Protocol (SIP)
IETF RFC 4566 Session Description Protocol
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 28181- 2016 and the following apply.
3.1.1
video encryption key
a symmetric key randomly generated by a front-end device with safety function (FDWSF), which changes according to a certain rule and is used for directly encrypting the video content to realize confidentiality protection of video transmission
3.1.2
video key encryption key
a symmetric key generated by security management platform in video surveillance and distributed to a front-end device with safety function (FDWSF), which changes according to a certain rule and is used for encrypting the video encryption key to realize confidentiality protection of its transmission
Contents of GB 35114-2017
Foreword i
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
3.1 Terms and definitions
3.2 Abbreviations
4 Interconnection structure of information security system in video surveillance network in public security use
4.1 Interconnection structure
4.2 In-system networking
4.3 Inter-system networking
4.4 Networking mode
5 Certificate and key requirements
5.1 Cryptographic algorithm
5.2 Digital certificate type
5.3 Digital certificate format
5.4 Key type
6 Basic functional requirements
6.1 Unified encoding rule
6.2 User identity authentication
6.3 Front-end device grading
6.4 Device ID authentication
6.5 Authentication between management platforms
6.6 Authorization and access control
6.7 Control signaling authentication
6.8 Video source signature and integrity verification
6.9 Video/audio encryption
6.10 Device exception management alarm
6.11 Security management
6.12 Log management
6.13 Asymmetric key management
6.14 Symmetric key management
7 Performance requirements
7.1 Device ID authentication
7.2 Video data signature
7.3 Video encryption/decryption
Annex A (Normative) Digital certificate format
Annex B (Normative) Encoding rules of cryptographic module
Annex C (Normative) Process and protocol
Annex D (Informative) Examples of signaling messages
Annex E (Informative) Export of encrypted video
Bibliography
