Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Master Update #504

Merged
merged 173 commits into from
Jan 2, 2025
Merged
Changes from 1 commit
Commits
Show all changes
173 commits
Select commit Hold shift + click to select a range
6a3ae06
Add media signing spec
svefredrik Aug 28, 2022
47e0062
Update MediaSigning.xml
axelks Aug 30, 2022
fe069db
Add frequency column to TLV tag table
svefredrik Aug 31, 2022
623a7f4
Remove tag for number of tags
svefredrik Sep 1, 2022
a15203e
Add signed video picture
svefredrik Sep 13, 2022
b7aba69
Update MediaSigning.xml
bjornvolcker Sep 13, 2022
8d68bdb
Update MediaSigning.xml
bjornvolcker Sep 14, 2022
96ebd48
Update MediaSigning.xml
bjornvolcker Sep 15, 2022
417f3ee
Update MediaSigning.xml
bjornvolcker Sep 16, 2022
3883bfe
Fix xml
svefredrik Sep 16, 2022
31728bd
Create MediaSigning.xml
bjornvolcker Sep 16, 2022
64a3276
Update MediaSigning.xml
bjornvolcker Sep 16, 2022
92db499
Update MediaSigning.xml
bjornvolcker Sep 16, 2022
d88ab55
Update MediaSigning.xml
bjornvolcker Sep 16, 2022
45caa3a
Update MediaSigning.xml
bjornvolcker Sep 17, 2022
0318c87
Update MediaSigning.xml
bjornvolcker Sep 18, 2022
c2d68ef
Fix xml
svefredrik Sep 19, 2022
e2b818c
Update MediaSigning.xml
bjornvolcker Sep 19, 2022
2b3cf95
Update MediaSigning.xml
bjornvolcker Sep 19, 2022
d988ee0
Make comments out of text within brackets
svefredrik Sep 19, 2022
eb4d048
Update MediaSigning.xml
bjornvolcker Sep 19, 2022
ff59d9c
One more comment
svefredrik Sep 20, 2022
c5a9118
Add meeting comments
svefredrik Sep 20, 2022
79ec517
Update MediaSigning.xml
axelks Sep 20, 2022
f5938e5
Update MediaSigning.xml
axelks Sep 20, 2022
34b91e8
Update MediaSigning.xml
axelks Sep 20, 2022
5fa08c0
Update MediaSigning.xml
axelks Sep 20, 2022
990764d
Update MediaSigning.xml
axelks Sep 20, 2022
e181f36
Update MediaSigning.xml
axelks Sep 20, 2022
6cd2ddc
Update MediaSigning.xml
axelks Sep 20, 2022
3d48644
Fix & usage
axelks Sep 20, 2022
78574fe
Updated UTC reference to match Export File Format
axelks Sep 20, 2022
abc42f0
Added note to comment to provide image
axelks Sep 20, 2022
7578636
Updated onvif vendor info tag
axelks Sep 21, 2022
e204d8f
Fixed reference to x.660 & ISO/IEC 9834
axelks Sep 21, 2022
dd22a6e
Updated OID wording to reflect
axelks Sep 21, 2022
47dfbe8
Set width for image
svefredrik Sep 21, 2022
9d3f5a1
Add more Dublin meetings comments
svefredrik Sep 22, 2022
23287d9
Reworked comments into swedish
axelks Oct 11, 2022
c7501e2
Added reference to AOM & removed comment
axelks Oct 13, 2022
55f221e
Encode illegal char
svefredrik Oct 17, 2022
7451953
Add comments from Casablanca meeting
svefredrik Nov 9, 2022
b09291c
Address github comments
svefredrik Nov 9, 2022
3c7cb2a
Update MediaSigning.xml
bjornvolcker Nov 21, 2022
2c0d139
Update MediaSigning.xml
bjornvolcker Nov 21, 2022
9ce5785
Update MediaSigning.xml
bjornvolcker Nov 22, 2022
b1ab332
Update MediaSigning.xml
bjornvolcker Nov 23, 2022
bd0bce5
Update MediaSigning.xml
bjornvolcker Nov 23, 2022
16589ac
Update MediaSigning.xml
bjornvolcker Nov 25, 2022
70d0c71
Update MediaSigning.xml
bjornvolcker Dec 6, 2022
9dc110f
Update MediaSigning.xml
bjornvolcker Dec 7, 2022
53c6dc4
Move client handling to an informative appendix
svefredrik Dec 8, 2022
a5a047a
Update MediaSigning.xml
bjornvolcker Dec 13, 2022
9244a3e
Update MediaSigning.xml
bjornvolcker Jan 2, 2023
5bacc65
Update MediaSigning.xml
bjornvolcker Jan 4, 2023
7ba5e32
Add linked hash picture. Add IDs for all sections.
svefredrik Jan 5, 2023
792b5eb
Add picture showing linked hashes one NALU per frame
svefredrik Jan 11, 2023
ebbf7b7
Update linked hashes figure
svefredrik Jan 12, 2023
8d98a67
Update year and release
svefredrik Jan 13, 2023
4f9565b
Update MediaSigning.xml
bjornvolcker Jan 17, 2023
9a8837d
Update MediaSigning.xml
bjornvolcker Jan 18, 2023
7f42d56
Rename reference hash to anchor hash
bjornvolcker Jan 19, 2023
a39dfbf
Update MediaSigning.xml
bjornvolcker Jan 24, 2023
ce00311
General text changes
bjornvolcker Jan 26, 2023
092acc9
Added info on how to handle an external key
bjornvolcker Jan 27, 2023
4319579
Add capabilities and operation for media signing
svefredrik Feb 7, 2023
2d62e29
Add media signing configuration and capabilities
svefredrik Feb 15, 2023
924207b
Minor updates to TLV tags
bjornvolcker Feb 16, 2023
c5c1ec5
Reword external key till user provisioned key
axelks Feb 23, 2023
3b0b7b0
Removes Public Key TLV
bjornvolcker Feb 27, 2023
c657fc1
Defines hash algorithm by OID node code
bjornvolcker Feb 28, 2023
1c47d7b
Minor clarifications in Security spec
svefredrik Feb 28, 2023
fc7c9de
Add missing </para>
svefredrik Feb 28, 2023
9792977
Reworked capabilities for media signing
svefredrik Feb 28, 2023
a50cb61
Use serialized OID format
bjornvolcker Feb 28, 2023
8be1bba
Adds redundancy information
bjornvolcker Mar 8, 2023
39cfdec
Remove SigningLatency and add MediaSigningSupported cap
svefredrik Mar 8, 2023
009cd6b
Update MediaSigning.xml
bjornvolcker Mar 31, 2023
be7d4c5
Update MediaSigning.xml
bjornvolcker Apr 3, 2023
355aa56
Fix xml errors
svefredrik Apr 6, 2023
8fa14b4
Update MediaSigning.xml
bjornvolcker Apr 27, 2023
6e72c63
Update MediaSigning.xml
bjornvolcker Apr 27, 2023
3b3601b
Updated Arbitrary data tag
bjornvolcker May 4, 2023
c801888
Update MediaSigning.xml
bjornvolcker May 9, 2023
3f33387
Add signing flow chart and example images for 3 cases.
svefredrik May 15, 2023
cff1b17
Remove Text is not SVG footer
svefredrik May 15, 2023
5a31aee
Update MediaSigning.xml
bjornvolcker May 22, 2023
dbde23e
Include SetSynchronizationPoint information
axelks May 23, 2023
7cfea75
Clarify SetSynchronizationPoint
axelks May 23, 2023
c1ff842
Fixed reference & bibliography comments
axelks May 23, 2023
910652d
Updated and included references
axelks May 24, 2023
75b937e
Updated references to media signing specification
axelks May 24, 2023
7413d77
Fix duplicate section ids
svefredrik May 24, 2023
5a330a9
Fixed version and revision info
axelks May 24, 2023
ec7e890
Update release month and revision history
svefredrik May 24, 2023
0b0d412
Update MediaSigning.xml
bjornvolcker Oct 25, 2023
fff2c0f
Added low bitrate mode
bjornvolcker Oct 26, 2023
9c98616
Updated Figure 1 to correctly link previous I-frame
Dec 11, 2023
6ee06ee
Renames "only need once"
bjornvolcker Feb 12, 2024
2eb3d39
Add hashing example with B-frames
bjornvolcker Apr 18, 2024
365d36c
Clarifies the use of Low Bitrate Mode
bjornvolcker Apr 18, 2024
2c477fd
Fixing a broken link ( linked -> linkend in an xml tag)
ocampana-videotec Apr 18, 2024
1ece513
Merge branch 'development' into signedvideo
bjornvolcker May 16, 2024
fe329b3
Name change and TLV update
bjornvolcker May 30, 2024
7c8d81a
Zeros for no linked hash
bjornvolcker May 31, 2024
4d35df1
Add field of view support to PTZ metadata streams (#305)
Ekmansoft Jul 25, 2024
fa071df
Add requirements for device supporting ICE candidates (#392)
jflevesque-genetec Jul 25, 2024
4a2de01
Extend LPR event to include Speed and Direction of the detected objec…
bsriramprasad Jul 25, 2024
e93648f
Extend ObjectStorageS3 configuration to include Token (#424)
bsriramprasad Jul 25, 2024
3ef7e72
Add commented out elements for use with visual studio. (#443)
HansBusch Jul 25, 2024
4e09ce2
Add CertPathValidationPolicyId to AuthorizationServer & StorageConfig…
jmelancongen Aug 8, 2024
08c2d85
Add RTCP & i-Frame requests requirements to WebRTC spec (#442)
jmelancongen Aug 12, 2024
fa3abb4
Remove duplicate pull point capability and mark it as deprecated. (#444)
HansBusch Aug 15, 2024
c915482
CreateEccKeyPair RFC updated and Curve name reference to IANA updated…
sujithhanwha Aug 15, 2024
6536f10
Add object attribute UUID. (#445)
HansBusch Aug 16, 2024
f1d22ee
Relax requirement for certificate duplicates. (#452)
HansBusch Aug 19, 2024
6043f42
Add section on configuration parameters including device requirements…
HansBusch Aug 19, 2024
792924b
Fix accidental omission by PR #426.
HansBusch Aug 19, 2024
25e1640
Merge branch 'development' of https://github.com/onvif/specs into dev…
HansBusch Aug 19, 2024
d2a4d4e
Update preview locations
HansBusch Aug 20, 2024
022847c
Fix xml syntax by adding missing para.
HansBusch Aug 20, 2024
2d4bae5
SEIs are hashed individually
bjornvolcker Aug 26, 2024
f8810ae
Rename golden SEI
bjornvolcker Sep 6, 2024
20711b6
Minor clarification for the setwebrtcconfigurations (#455)
sujithhanwha Sep 6, 2024
73a16d5
Fixed description regarding AuthorizationServer (#456)
bsriramprasad Sep 6, 2024
e138c19
Adds one byte in general tag
bjornvolcker Sep 10, 2024
0aa8983
CertPathValidationPolicy update (#451)
HansBusch Sep 18, 2024
d088a29
Added clarification for optional CertPathValidationPolicyID in WebRTC…
bsriramprasad Sep 18, 2024
7b6fc03
Security/update validation path (#460)
HansBusch Oct 1, 2024
4d17fa9
Align specification capability names to schema. (#471)
HansBusch Oct 1, 2024
c6efd0a
Update ISO reference URL (#466)
bsriramprasad Oct 4, 2024
01e02e7
Clarify delete interfaces for object storage (#478)
bsriramprasad Oct 22, 2024
6f793fe
wrap auth server apis with capability (#476)
bsriramprasad Oct 22, 2024
c6aab75
Allow only single list of trust anchors, as the list can already cont…
HansBusch Oct 22, 2024
6c9bf8c
Remove referencing WS PullPoint to avoid confusion with realtime pull…
HansBusch Oct 23, 2024
f32ced6
LensDescription present when Fisheye view mode is present (#465)
jflevesque-genetec Oct 23, 2024
40d79fc
Allow for both video audio depency of the metadata configuration
sujithhanwha Nov 5, 2024
b360310
Improve certificate verification policy and correct specification ref…
bsriramprasad Nov 5, 2024
945f3c8
Removed transport and onvif_host identifiers from ONVIF entry point
bsriramprasad Nov 6, 2024
a7837aa
Introduce hardware type in ServiceCapabilities (#441)
jflevesque-genetec Nov 13, 2024
a79a17d
Correct typo in FormalPants. (#487)
HansBusch Nov 22, 2024
24a0b3b
clarify optional uplink fields dependency on authentication mode (#486)
bsriramprasad Nov 22, 2024
d23f689
clarify rotation in video encoder configuration for issue 457 (#472)
sujithhanwha Nov 22, 2024
ff3e9c3
Add label and sign metadata entry. (#494)
HansBusch Nov 27, 2024
62656fd
Change 'a HTTP' to 'an HTTP' (onvif#492) (#493)
johado Nov 27, 2024
ec1b7d4
New revision number in Media2.xml
bjornvolcker Dec 6, 2024
7419aea
New revision number in Security.xml
bjornvolcker Dec 6, 2024
1922218
Merge pull request #372 from onvif/signedvideo
willysagefalk Dec 6, 2024
c00f9cd
Annex Cipher Reference ONVIF Advanced Security Specification (#484)
kieran242 Dec 9, 2024
95b4781
Update document revision information.
HansBusch Dec 10, 2024
064909d
Apply Axis review comments.
HansBusch Dec 10, 2024
b08a200
Update schema version numbers.
HansBusch Dec 12, 2024
249deaf
Update WebRTC example to use peer instead of DeviceId (#500)
jmelancongen Dec 12, 2024
907d2a0
Fix element insertion and move it before extension point.
HansBusch Dec 12, 2024
168e879
Merge branch 'development' of https://github.com/onvif/specs into dev…
HansBusch Dec 12, 2024
965a555
Fix revision history.
HansBusch Dec 16, 2024
667d946
Fix name typos
HansBusch Dec 16, 2024
6bea3a3
Fix according to JCI review comments.
HansBusch Dec 16, 2024
c8711ce
Fix typo
HansBusch Dec 16, 2024
e623221
Fix typo.
HansBusch Dec 16, 2024
4f07295
Apply Honeywell review comments.
HansBusch Dec 16, 2024
17319e7
Improve backward compatibility for the unlikely case of proprietary e…
HansBusch Dec 16, 2024
425cb94
Improve layout of first example.
HansBusch Dec 16, 2024
95daf73
Update four example svg.
HansBusch Dec 17, 2024
6b7dbdb
Improve index alignment
HansBusch Dec 17, 2024
da8534d
addressed Moto review feedback (#502)
bsriramprasad Dec 18, 2024
374a498
Improve layout of section on signing multiple gops.
HansBusch Dec 18, 2024
c8914f4
Merge branch 'development' of https://github.com/onvif/specs into dev…
HansBusch Dec 18, 2024
17fb051
Remove top GOP list from partial gop signing examples.
HansBusch Dec 18, 2024
0a271e9
Improve explanatory example text.
HansBusch Dec 18, 2024
2bf8eab
Add SetCertPath capability. (#501)
HansBusch Dec 19, 2024
323791a
Add titles and text to example on partial GOPs.
HansBusch Dec 19, 2024
d7f3684
Incorporate Honeywell review comment.
HansBusch Dec 20, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Create MediaSigning.xml
Details in tag section added
  • Loading branch information
bjornvolcker authored and svefredrik committed Aug 21, 2023
commit 31728bd088a7ed8894c59553368cf88e27c0405f
87 changes: 74 additions & 13 deletions doc/MediaSigning.xml
Original file line number Diff line number Diff line change
Expand Up @@ -181,10 +181,16 @@
transitions may be shorter than the time it takes to perform the signing. Hence, there is a
limit on how short GOPs a device can allow for to be able to sign a video in
real-time.</para>
<para><emphasis role="bold">Hashing algorithms</emphasis>. Hashing is used in two contexts.
One is to get a short representation of each NALU to put in a list, and the other serves as
a message digest to generate a signature. The same hashing algorithms have to be used both
on the device and in the client. For simplicity the standard specifies which to use, which
for example limits the ability to put extra security on some videos.</para>
<para><emphasis role="bold">Signing algorithm</emphasis>. There is a fixed list of algorithms
to choose from, which limits the scope somewhat since there may be variations within them.</para>
</section>
<section>
<title>Detailed description</title>
<para>SHOULD WE SPLIT THE DETAILED DESCRIPTION INTO ONE PART ON HOW TO GENERATE SEIS, ONE PART ON ADDING SEIS AND ONE PART ON VALIDATING SEIS/VIDEOS?</para>
<title>Detailed description on how the device generates a SEI including a signature</title>
<para>The H.264 and H.265 codec formats allow the user to add arbitrary data to a stream
through SEI frames of type user data unregistered. <emphasis>Signed Video</emphasis> puts
the produced signatures and additional metadata in such frames. These SEI frames are ignored
Expand Down Expand Up @@ -216,11 +222,10 @@
(<code>S</code>) and put just before a picture frame to follow the Access Unit (AU)
format. Each I-frame will trigger a signing procedure and ideally the SEI is generated and
available instantaneously and can be attached to the stream as
<code>SIPPPPSIPPPPSIPPPP</code>.</para>
<para>In practice signing in a Secure Element (SE) takes
<code>SIPPPPSIPPPPSIPPPP</code>.</para> In practice signing in a Secure Element (SE) takes
time and blocking the video stream while waiting adds jitter to the video stream. The camera
therefore has the option to add it to the video stream later, when signing has been completed.
In such a case the text-ified stream can look like <code>IPSPPPISPPPPIPPSPP</code>.</para>
In such a case the text-ified stream can look like <code>IPSPPPISPPPPIPPSPP</code>.
<para>Each NALU is hashed, but not in a straightforward manner. Since every
P-frame directly or indirectly refers to the I-frame starting the GOP they are linked
together. Let <code>h(F)</code> denote the hash of a frame <code>F</code>, and <code>href =
Expand Down Expand Up @@ -317,7 +322,9 @@
</section>
<section>
<title>TLV tags</title>
<para>Following is a list of possible TLV tags that can be part of a SEI payload.</para>
<para>Following is a list of possible TLV tags that can be part of a SEI payload. The length
field of some of these tags can be represented with only one byte, but for ease of use all
tags use 2 bytes for representing the length.</para>
<para>
<table frame="all">
<title>TLV tags</title>
Expand Down Expand Up @@ -385,24 +392,53 @@
<section>
<title>General GOP info</title>
<para>Includes GOP specific information like a GOP counter and a timestamp of the first frame.</para>
<itemizedlist>
<listitem>
<para>Tag version (1 byte)</para>
</listitem>
<listitem>
<para>GOP counter (4 bytes)</para>
</listitem>
<listitem>
<para>ONVIF Signed Media version (X bytes)</para>
<para>This will prevent version mismatch between device and client.</para>
</listitem>
<listitem>
<para>Unix epoch timestamp in UTC (8 bytes)</para>
</listitem>
<listitem>
<para>Flags (Y bytes)</para>
<para>Examples: emulation prevention bytes used</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Public key</title>
<para>This mandatory field contains the Public key used to sign the video. (IN PEM FORMAT?)</para>
<para>This mandatory field contains the Public key used to sign the video.</para>
<itemizedlist>
<listitem>
<para>Tag version (1 byte)</para>
</listitem>
<listitem>
<para>Signing algorithm (1 bytes)</para>
<para>Selected item in list of supported algorithms</para>
</listitem>
<listitem>
<para>Public key in PEM format (variable bytes)</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>ONVIF vendor info</title>
<para>Includes information that identifies the product and vendor. The
following fields are supported</para>
following fields are supported. These fields are only for easy parsing by a player.
The true device information is present in the certificate.</para>
<itemizedlist>
<listitem>
<para>Hardware ID</para>
</listitem>
<listitem>
<para>Firmware version (IS THIS NECESSARY)</para>
<para>Firmware version</para>
</listitem>
<listitem>
<para>Serial Number (CAN THIS BE COMBINED WITH HWID?)</para>
<para>Serial Number or similar</para>
</listitem>
<listitem>
<para>Manufacturer (who is the signer)</para>
Expand All @@ -415,10 +451,35 @@
<section>
<title>Hash list</title>
<para>This mandatory field contains the hash list, for a complete GOP I through P-frames and the linked I-frame of the succeeding GOP.</para>
<itemizedlist>
<listitem>
<para>Tag version (1 byte)</para>
</listitem>
<listitem>
<para>All hashes in one big chunk (variable bytes)</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Signature</title>
<para>This mandatory field contains the Signature of the document.</para>
<itemizedlist>
<listitem>
<para>Tag version (1 byte)</para>
</listitem>
<listitem>
<para>Message digest hash selected from a list of supported hashing algorithms (1 byte)</para>
</listitem>
<listitem>
<para>Actual size of signature (2 bytes)</para>
<para>Not all signing algorithms generate a fixed size.</para>
</listitem>
<listitem>
<para>The signature (max signature size bytes)</para>
<para>A fixed size is reserved to be able to determine the payload size of the SEI.
This is necessary to be able to hash the SEI and generate the message digest.</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Arbitrary data</title>
Expand Down