In the national standard GB28181 protocol, if cascading is required, the lower-level platform needs to log in to the upper-level platform to open the connection between the upper and lower levels. TSINGSEE Green Rhinoceros Video's national standard platform EasyGBS is connected with other platforms through the cascade mechanism of GB28181.
During the registration process, the superior may perform authentication verification on the subordinate. The authentication uses the digital digest authentication method of HTTP.
The process is as follows:
(1) First, the upper and lower levels need to negotiate the national standard id number used by the lower level and the password for registration and authentication.
The id number and password are usually filled in by the superior and informed to the subordinate.
(2) The next step is the authentication calculation. According to the rules of the national standard, the authentication calculation will be performed. The formula used is this:
HA1=md5(username:realm:password)
HA2=md5(Method:Uri)
RESPONSE=md5(HA1:nonce:HA2)
(3) Calculation After the RESPONSE is issued, it is carried by the lower level in the second REGISTER, and the upper level calculates RESPONSE2 independently according to the same steps and methods. Compare RESPONSE and RESPONSE2, if they are equal, the authentication succeeds, otherwise it fails.
The following keywords are involved:
username: the national standard id number.
realm: usually the first 10 digits of id (refer to section 6.1 of the document). The 401 message carried by the superior informs the subordinate.
password: Configure and negotiate in advance.
Method: REGISTER.
Uri: Carried by the subordinate in the second REGISTER.
Nonce: The 401 message carried by the superior informs the subordinate.
As mentioned earlier, the upper level may need to perform authentication verification on the lower level. It is possible because it is also unnecessary to perform authentication verification on the lower level. There are two ways to implement the registration process without authentication.
Compared with the registration process with authentication in section 9.1 of the GB28181 document, steps 2 and 3 are omitted. That is: the lower level sends the REGISTER method to the upper level, and the upper level directly returns 200 OK.
Compared with the registration process with authentication in section 9.1 of the GB28181 document, the steps have not changed, except that in step 3, regardless of the RESPONSE message sent by the lower level, the upper level will return 200 OK.
The two methods in the examples above are authentication implemented in different ways, and there are other ways to handle it.
This is why different upper and lower platforms are used for cascading access, and different situations will occur. Whether or not access authentication is required depends on the security definition of different platforms and on-site scenarios.
The national standard GB28181 protocol platform EasyGBS developed by TSINGSEE Qingxi Video supports access authentication, and provides RTSP, RTMP, HTTP-FLV, HLS and other protocol stream output, which can easily build a security video surveillance platform. In addition, EasyGBS external Provide server to obtain status, information, control HTTP API interface, freely call and secondary development.
