By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION Materials License Agreement. If you don’t agree to these terms, you may not download or use any of those materials.If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the Materials License Agreement above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).
“The rapid growth in the size and complexity of networks and Internet of Things (IoT) connected devices presents new opportunities – namely interaction between people and devices on a global scale. But at the same time, it also amplifies the risks of security breaches and other malicious attacks, especially in the process of data transmission.”
The question is how to ensure that the data transmission process is not compromised by malicious attacks, and the answer comes with HTTPS.
HyperText Transfer Protocol Secure (HTTPS) is the secure version of HTTP for the World Wide Web, over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.
What kind of security does HTTPS provide for you?
Simply put, HTTPS protects all the information (even parts of the URL) you send and receive from the site, from opening the webpage to closing it.
How specifically does HTTPS protect the security of data transmission? We will address some common concerns by answering the following questions.
1. How can users be sure that the website is legitimate?
A legitimate website will have a certificate, issued by a certificate authority (CA). For each link, the site will send this certificate to the client to prove its legitimacy.
2. How can users ensure confidentiality of the data transmitted between the website and users?
After verification, the website will negotiate the encryption with the user. And this process is automatically conducted between the site and the browser, which will together determine the cipher suite (including the encryption algorithm and the message authentication code algorithm, etc.) and the SSL/TLS protocol version. After that, the data transmitted between the site and users will be encrypted based on the concerted algorithm.
3. How can users ensure the integrity of the data transmitted between the website and the users?
A cryptographic “Message Authentication Code Algorithm” can be applied to make sure that your data has not been tampered with. This algorithm can transform data of arbitrary size to data of fixed size, and even when there is a one bit of change to the input data, the transformed data is completely different. These characteristics go far to ensure the integrity of the data.
If an organization wants to have a secure website that uses HTTPS, it needs to obtain a site, or host certificate.
What are legitimate certificates?
To put it simply, anyone who needs this certificate is required to apply for it from legitimate certificate authorities, and the process involves distribution of private keys.
If the website you visit doesn’t have a legitimate certificate, the browser will display a prompt with a message such as：
This suggests that the server you visit has not yet had a legitimate certificate. However, this does not necessarily suggest that the server is unsecure. To fix this, the owner of the server needs to apply for the certificate from a CA organization. GlobalSign, Verisign, Thawte, and Geotrust, are some of the leading server certification brands.
Who should apply for the certificate?
Generally, to ensure the availability of HTTPS on the server side (VMS platform or front-end and back-end device), the manufacturer needs to generate a temporary certificate for the server side before the delivery. The certificate installed by default on the camera is called a "self-signed" certificate - it is not issued by a certificate authority, and in fact it cannot be.
Unfortunately, Hikvision cannot provide CA certificates for users, who need to acquire it by themselves (proving that they own the domain name), based on their decision on which domain name they will use.
Currently, most of Hikvision’s products, including front-end and back-end device or VMS platforms, support HTTPS. Users can also check the “Enable HTTPS Browsing” checkbox, which will automatically switch to HTTPS when they try to access a web page over HTTP.
Find out more about boosting your cybersecurity with Hikvision
For more information about how Hikvision can help you optimize cybersecurity in the IoT era, read our product security white paper or contact us.