Fusion stream encryption scenarios - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

When a client machine requests a data stream (video, audio, metadata) from an encrypted camera, the Archiver sends a fusion stream containing all the information the client needs, and only what it needs.

Scenario setup

You want all video and audio from Camera-1 to be encrypted. You want Client A and Client B (workstations) to have access. First you request and install an encryption certificate on each of them. Then, you enable the encryption on the Archiver in charge of Camera-1, using the certificates you obtained for Client A and Client B.

The following diagram illustrates your setup with Client B requesting video from Camera-1.

What happens when encryption is enabled

  • Motion detection by Archiver on Camera-1 is disabled.
  • Multicast from Camera-1 is disabled.
  • The Archiver generates a fusion stream for archiving, which includes (see illustration):
    • One encrypted video stream.
    • One client-specific key stream so Client A can decrypt the video stream.
    • One client-specific key stream so Client B can decrypt the video stream.
    • One encrypted audio stream.
    • One client-specific key stream so Client A can decrypt the audio stream.
    • One client-specific key stream so Client B can decrypt the audio stream.

Scenario: Client B requests only video from Camera-1

  • Client B sends a request for video from Camera-1 to Archiver, with its encryption certificate.
  • The Archiver responds by sending a fusion stream to Client B, which includes (see illustration):
    • Encrypted video stream.
    • Client-specific key stream for Client B to decrypt the video.

Scenario: Client B requests both video and audio from Camera-1

  • Client B sends a request for video and audio from Camera-1 to Archiver, with its encryption certificate.
  • The Archiver responds by sending a fusion stream to Client B, which includes:
    • Encrypted video stream.
    • Client-specific key stream for Client B to decrypt the video.
    • Encrypted audio stream.
    • Client-specific key stream for Client B to decrypt the audio.