When a client machine requests a data stream (video, audio, metadata) from an encrypted camera, the Archiver sends a fusion stream containing all the information the client needs, and only what it needs.
Scenario setup
You want all video and audio from Camera-1 to be encrypted. You want Client A and Client B (workstations) to have access. First you request and install an encryption certificate on each of them. Then, you enable the encryption on the Archiver in charge of Camera-1, using the certificates you obtained for Client A and Client B.
The following diagram illustrates your setup with Client B requesting video from Camera-1.
What happens when encryption is enabled
- Motion detection by Archiver on Camera-1 is disabled.
- Multicast from Camera-1 is disabled.
- The Archiver generates a fusion stream for archiving, which includes (see illustration):
- One encrypted video stream.
- One client-specific key stream so Client A can decrypt the video stream.
- One client-specific key stream so Client B can decrypt the video stream.
- One encrypted audio stream.
- One client-specific key stream so Client A can decrypt the audio stream.
- One client-specific key stream so Client B can decrypt the audio stream.
Scenario: Client B requests only video from Camera-1
- Client B sends a request for video from Camera-1 to Archiver, with its encryption certificate.
- The Archiver responds by sending a fusion stream to Client B, which includes (see illustration):
- Encrypted video stream.
- Client-specific key stream for Client B to decrypt the video.
Scenario: Client B requests both video and audio from Camera-1
- Client B sends a request for video and audio from Camera-1 to Archiver, with its encryption certificate.
- The Archiver responds by sending a fusion stream to Client B, which includes:
- Encrypted video stream.
- Client-specific key stream for Client B to decrypt the video.
- Encrypted audio stream.
- Client-specific key stream for Client B to decrypt the audio.
