SecurityCap capability message in XML format
<SecurityCap version="2.0" xmlns="http://www.isapi.org/ver20/XMLSchema"> <supportUserNums><!--optional, xs:integer, number of supported users--></supportUserNums> <userBondIpNums><!--optional, xs:integer, number of bound IP addresses supported by the user--></userBondIpNums> <userBondMacNums><!--optional, xs:integer, number of bound MAC addresses supported by the user--></userBondMacNums> <isSupCertificate><!--optional, xs:boolean, whether it supports certification: "true", "false"--></isSupCertificate> <issupIllegalLoginLock><!--optional, xs: boolean, whether it supports locking illegal login: "true,false"--><issupIllegalLoginLock> <isSupportOnlineUser><!--optional, xs: boolean, "true,false"--><isSupportOnlineUser> <isSupportAnonymous><!--optional, xs: boolean, "true,false"--><isSupportAnonymous> <isSupportStreamEncryption><!--optional, xs:boolean, whether it supports stream encryption: "true", "false"--></isSupportStreamEncryption> <securityVersion opt="1,2"/><!--optional, xs:interger, encryption capability, each version contains encryption algorithm and node range to be encrypted. "1"-encrypt by AES128, "2"-encrypt by AES256--> <keyIterateNum> <!--dependent xs:integer, iteration times, this node depends on securityVersion, and the value is usually between 100 and 1000--> </keyIterateNum> <isSupportUserCheck> <!--dependent optional, xs:boolean, whether it supports verifying password when editing/adding/deleting user parameters, this node depends on securityVersion--> </isSupportUserCheck> <isSupportGUIDFileDataExport><!--optional, xs:boolean, "true,false"--></isSupportGUIDFileDataExport> <isSupportSecurityQuestionConfig><!--optional, xs:boolean, "true,false"--></isSupportSecurityQuestionConfig> <supportSecurityNode opt="wirelessServer,wirelessDial"><!--optional, xs:string, "true,false"--></supportSecurityNode> <isSupportGetOnlineUserListSC><!--optional, xs:boolean, "true,false"--></isSupportGetOnlineUserListSC> <SecurityLimits><!--optional--> <LoginPasswordLenLimit min="1" max="16"><!--opt--></LoginPasswordLenLimit> <SecurityAnswerLenLimit min="1" max="128"><!--opt--></SecurityAnswerLenLimit> </SecurityLimits> <RSAKeyLength opt="512,1024,2048" def=2048/><!--optional, RSA key length of the HTTPS certificate--> <isSupportONVIFUserManagement><!--optional, xs:boolean, whether it supports user management by ONVIF protocol: "true", "false"--><isSupportONVIFUserManagement> <WebCertificateCap><!--opt--> <CertificateType opt="basic, digest, digest/basic"><!--required, xs:string--></CertificateType> <SecurityAlgorithm><!--dependent, this node is valid when certificateType is "digest" or "digest/basic"--> <algorithmType opt="MD5,SHA256,MD5/SHA256"><!--optional, xs:string, algorithm type: "MD5", "SHA256", "MD5/SHA256"--></algorithmType> </SecurityAlgorithm> </WebCertificateCap> <isSupportConfigFileImport> <!--optional, xs: boolean, whether it supports importing configuration files securely: "true"-yes. If it is not supported, this node will not be returned--> </isSupportConfigFileImport> <isSupportConfigFileExport> <!-- optional, xs:boolean, whether it supports exporting configuration files securely: "true"-yes. If it is not supported, this node will not be returned--> </isSupportConfigFileExport> <cfgFileSecretKeyLenLimit min="0" max="16"> <!--optional, length limit of the configuration files' encryption key--> </cfgFileSecretKeyLenLimit> <isSupportDeviceCertificatesManagement> <!--optional, xs: boolean, whether it supports device certificate management: true-yes, if not support, this node will not be returned--> </isSupportDeviceCertificatesManagement> <supportIPCActivatePassword><!--optional, xs:boolean, whether it supports configuring password for activating the network camera--></supportIPCActivatePassword> <isIrreversible> <!--dependent optional, xs:boolean, whether it supports irreversible password storage. If this node does not exist, irreversible password storage is not supported--> </isIrreversible> <salt><!--optional, xs:string, salt of user name--></salt> <keypadPassword min="1" max=""/><!--optional, xs:string, keypad password length. If different types of users have different keypad password length, this node only indicates the administrator's keypad password length, otherwise this node indicates that all types of users have the same keypad password length--> <installerKeypadPassword min="1" max=""/><!--optional, xs:string, installer's keypad password length--> <operatorKeypadPassword min="1" max=""/><!--optional, xs:string, operator's keypad password length--> <userOperateType opt="1,2,3"> <!--optional, xs:string, user operation type: "1"-network user, "2"-keypad user, "3"-network user and keypad user--> </userOperateType> <isSupportOnvifInfo><!--optional, xs:boolean, whether it supports the API of getting ONVIF protocol information. If this node is returned and its value is "true", in indicates supporting this funcion; if this node is not returned, it indicates that this function is not supported--></isSupportOnvifInfo> <isSupportPictureURlCertificate opt="true,false"><!--optional, xs:boolean, whether it supports configuring picture URL authentication. If this node is not returned, it indicates that the default picture authentication method of the device is digest--></isSupportPictureURlCertificate> <isSupportUnloggedUserPermissionConfig opt="true,false"><!--optional, xs:boolean, whether it supports configuring permissions for users that have not logged in--></isSupportUnloggedUserPermissionConfig> <isSupportUserNamePasswordCheckUpgrade><!--optional, xs:boolean, whether it supports upgrading user name and password verification. If this node is not returned, it indicates that this function is not supported--></isSupportUserNamePasswordCheckUpgrade> <isSupportDeviceSelfSignCertExport><!--optional, xs:boolean--></isSupportDeviceSelfSignCertExport> <isSupportSecurityEmail><!--optional, xs:boolean, whether it supports configuring security E-mail address. If this node is not returned, it indicates that this function is not supported--></isSupportSecurityEmail> <isSupportRTSPCertificate opt="true,false"><!--optional, xs:boolean--></isSupportRTSPCertificate> <isSptUserEnabled><!--optional, xs:boolean, whether it supports configuration of enabling user: "true"-yes, "false"-no--></isSptUserEnabled> <isSptAdminCap><!--optional, xs:boolean, whether it supports getting administrator permission capability: "true"-yes, "false"-no--></isSptAdminCap> <DoubleVerificationCap><!--optional, double verification capability--> <isSupportUsersConfig> <!--optional, xs: boolean, "true,false", whether it supports configuring double verification user--> </isSupportUsersConfig> <isSupportUsersPermissionConfig> <!--optional, xs: boolean, "true,false", whether it supports configuring the permission of double verification user--> </isSupportUsersPermissionConfig> </DoubleVerificationCap> <isSupportCertificateCustomID><!--optional, xs:Boolean, whether it supports certificate configuration with custom ID--></isSupportCertificateCustomID> <maxIllegalLoginTimes min="3" max="20"def="5"> <!--dependentxs:integer,"maximum illegal login attempts" --> </maxIllegalLoginTimes> <SecurityAdvanced> <securityEnhanced> <!--optional,xs:boolean,security reinforcement--> </securityEnhanced> <noOperationEnabled><!—required, xs:Boolean, whether to enable the timeout of no operation--></noOperationEnabled> <noOperationTime min="1" max="60"def="15"><!—required, xs:integer,timeout of no operation, unit: minute--></noOperationTime> <isSupportDigestStatus><!—optional, Boolean—digest status></isSupportDigestStatus> </SecurityAdvanced> <LoginLinkNum><maxLinkNum min="1" max="128"def="50"><!—required, xs:integer,maximum number of logged in accounts--></maxLinkNum><LoginLinkNum> <isSupportCCClientCertificate><!—optional,Boolean—whether to enable the CC client certificate></isSupportCCClientCertificate> <passwordValidity min="0" max="365"><!--optional, xs:string, password validity period, unit: day. If this node is returned, it indicates supporting configuring password validity period. The password validity period can only be edited by the administrator user--></passwordValidity> <maxIllegalLoginLockTime min="1" max="120" def="30"><!--optional, xs:integer, the lock duration when maximum illegal login attempts reached the upper limit; unit: minute--></maxIllegalLoginLockTime> </SecurityCap>