CN113411545B - Control method of key line video monitoring equipment - Google Patents

Control method of key line video monitoring equipment Download PDF

Info

Publication number
CN113411545B
CN113411545B CN202110520154.3A CN202110520154A CN113411545B CN 113411545 B CN113411545 B CN 113411545B CN 202110520154 A CN202110520154 A CN 202110520154A CN 113411545 B CN113411545 B CN 113411545B
Authority
CN
China
Prior art keywords
server
authentication
asset
access control
authentication server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110520154.3A
Other languages
Chinese (zh)
Other versions
CN113411545A (en
Inventor
方洋
李青
李磊
肖威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Zero Sense Network Technology Co ltd
Original Assignee
Wuhan Zero Sense Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Zero Sense Network Technology Co ltd filed Critical Wuhan Zero Sense Network Technology Co ltd
Priority to CN202110520154.3A priority Critical patent/CN113411545B/en
Publication of CN113411545A publication Critical patent/CN113411545A/en
Application granted granted Critical
Publication of CN113411545B publication Critical patent/CN113411545B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • H04N7/181Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast for receiving images from a plurality of remote sources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N17/00Diagnosis, testing or measuring for television systems or their details
    • H04N17/002Diagnosis, testing or measuring for television systems or their details for television cameras
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a control method of a key line video monitoring device, which comprises the following steps: s1, configuring an authentication server A and a policy server B; configuring on the front-end switch such that all authentication services are directed to the authentication server a; s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and simultaneously updates an asset summary table in the policy server B; and S3, the policy server B updates the asset summary list according to the selection of the user, and meanwhile, the authentication server A executes a pass-through or block operation on video monitoring equipment connected with the switch by changing the authorization. The method aims at the video monitoring equipment of key places and key lines in a special scene to perform state inquiry, ensures that the video monitoring equipment to be ensured works normally, performs network blocking on the video equipment to be guarded under the necessary condition, and prevents the position information or the travelling route of key personnel from being checked or leaked by irrelevant personnel.

Description

Control method of key line video monitoring equipment
Technical Field
The invention relates to the technical field of video monitoring, in particular to a control method of key line video monitoring equipment.
Background
The video equipment on the guard line can timely transmit back whether conditions such as crowd gathering and the road information in front of the guard line, and the guard task is guaranteed to be orderly carried out, so that the video equipment on the key line can acquire the real-time working state, and the system has great practical value for the public security traffic police industry.
The prior technical means is mainly carried out manually, namely, a special person needs to be arranged to inquire pictures of video equipment along the line one by one through a desktop terminal of a control center so as to judge which equipment is in a normal working state and which equipment needs emergency maintenance, and if some equipment along the line cannot be maintained, a command center possibly considers other routes as replacement.
In some special cases, in order to ensure the privacy of the action track of the key personnel, all the video equipment along the line needs to be temporarily offline, at present, the needs also need to arrange special persons to control by removing the camera connecting line on site or giving the camera an opaque bag, and when the key personnel leave, all the key personnel need to be reconnected or the bag needs to be removed.
In order to solve the problems of great manpower waste and uncertainty caused by the current manual operation mode, the invention utilizes a network communication protocol to rapidly solve the actual service demands such as key monitoring, one-key start-stop and the like.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a control method of a key line video monitoring device, which is mainly used for inquiring the state of the key places and the key line video monitoring devices in special scenes, ensuring that the video monitoring devices to be ensured work normally, and blocking the network of the video devices to be guarded under the necessary condition, so as to prevent the position information or the travelling route of key personnel from being checked or leaked by irrelevant personnel.
The technical scheme for solving the technical problems is as follows: a control method of a key line video monitoring device comprises the following steps:
s1, configuring an authentication server A and a policy server B; configuring on the front-end switch such that all authentication services are directed to the authentication server a;
s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and simultaneously updates an asset summary table in the policy server B;
and S3, the policy server B updates the asset summary list according to the selection of the user, and meanwhile, the authentication server A executes a pass-through or block operation on video monitoring equipment connected with the switch by changing the authorization.
Further, the method further comprises:
and newly establishing an asset subset in the strategy server B, wherein the asset subset is used for classifying video equipment of different lines, and the strategy server B performs state scanning on the video equipment in different subsets according to the set scanning frequency.
Further, the configuring on the front-end switch, so that all authentication services are directed to the authentication server a, includes:
starting MAC authentication, and directing a Radius Server of the MAC authentication to an authentication Server A;
configuring an access control list 3001 and an access control list 3002;
wherein the access control list 3001 is used to restrict any source IP to access only the authentication server a and the policy server B, and the access control list 3002 is used to restrict any source IP from accessing any target IP.
Further, in step S2, the access control list ID returned by the authentication server a is the access control list 3001.
Further, the step S3 includes:
for a certain video device,
if the user selects 'release', the policy server B changes the value of the access control list ID corresponding to the video equipment in the asset summary list into NULL, and transmits characteristic parameters to the authentication server A through an API interface, the authentication server A triggers a radius coa package, changes authorization, and informs a switch to change the value of the access control list ID of the equipment into a NULL value;
if the user selects "blocking", the policy server B changes the value of the access control list ID corresponding to the video device in the asset list table to 3002, and transmits the feature parameter to the authentication server a through the API interface, and the authentication server a triggers the radius coa package, changes the authorization, and notifies the switch to change the value of the access control list ID of the device to 3002.
The beneficial effects of the invention are as follows: the method of the invention aims at the video monitoring equipment of the key places and key lines in the special scene to perform state inquiry, ensures that the video monitoring equipment to be ensured works normally, performs network blocking on the video equipment to be guarded under the necessary condition, and prevents the position information or the travelling route of the key personnel from being checked or leaked by irrelevant personnel. The network communication protocol is utilized to rapidly solve the actual service demands such as key monitoring, one-key start-stop and the like.
Drawings
Fig. 1 is a flowchart of a method according to an embodiment of the present invention.
Detailed Description
The principles and features of the present invention are described below with reference to the drawings, the examples are illustrated for the purpose of illustrating the invention and are not to be construed as limiting the scope of the invention.
As shown in fig. 1, an embodiment of the present invention provides a control method for a video monitoring device for an important line, including the following steps:
s1, configuring an authentication server A and a policy server B; the authentication server a and the policy server B may be the same device or may be different devices.
After the authentication server A and the policy server B are configured, configuration is required on the front-end switch, so that all authentication services are directed to the authentication server A; here comprising two part of the content:
1) Configuring ACL3001 and ACL3002; (ACL: access control list, access control List)
2) And opening the MAC authentication, and directing an authentication service (radius server) of the MAC authentication to the authentication server A.
Where ACL3001 is intended to limit any source IP access to only a, B servers, ACL3002 is intended to limit any source IP access to any other target IP.
S2, after receiving any authentication request (radius request), the authentication server A returns an authentication acceptance message (radius accept) and an access control list ID of 'Filter ID= 3001', and synchronously updates an Asset table in a database of the policy server B, namely an Asset summary table according to a field in the radius request message; the asset summary table has the following basic data:
Asset-ID Asset-MAC Asset-IP Asset-ACL Asset-Status Asset-Group
1 11:22:33:44:55:66 192.168.0.1 3001 UP
2 11:22:33:44:55:67 192.168.0.2 3001 UP
3 00:11:22:33:44:55 192.168.1.1 3001 UP
4 00:11:22:33:44:56 192.168.1.2 3001 UP
the above is an example where the Asset-ID is self-increment to the database, and Asset-MAC and Asset-IP are from the paging-Station-ID and Frame-IP-Address in the Radius Request message. Asset-ACL, asset-Status, asset-Group are 3001, UP and blank in this order in the initial state.
And S3, the policy server B updates the asset summary list according to the selection of the user, and meanwhile, the authentication server A executes a pass-through or block operation on video monitoring equipment connected with the switch by changing the authorization.
After all devices are connected to the switch, through step S2, only access to the a, B server IP is possible, but the video gateway or other platform IP addresses cannot be connected. The policy server B provides Web service, shows the contents of each row of the Asset table for the user, and provides menus such as release, blocking and the like for the user to select access control:
if the user selects "release" for the entry of "Asset-id=1", the server B will adjust Asset-ACL to NULL and transmit the parameters to the server a through the API interface, where "Asset-mac=11:22:33:44:55:66" (2) "policy=permission" corresponds to "1" Asset-id=1 "; after receiving the above API transfer parameters, the server a triggers a radius coa packet to notify the switch of the device "Filter-id=" of the rolling-station-id=11:22:33:44:55:66:
if the user selects "blocking" for the entry "Asset-id=2", the server B will adjust Asset-ACL to 3002 and will transmit the Asset-ACL to the server a through the API interface, and the "Asset-mac=11:22:33:44:55:67" (2) "corresponding to the" Asset-id=2 "; after receiving the above API transfer parameters, the server a triggers a radius coa packet to notify the switch of the device "Filter-id= 3002" of rolling-station-id=11:22:33:44:55:67. I.e. as shown in the following table:
Asset-ID Asset-MAC Asset-IP Asset-ACL Asset-Status Asset-Group
1 11:22:33:44:55:66 192.168.0.1 NULL UP
2 11:22:33:44:55:67 192.168.0.2 3002 UP
3 00:11:22:33:44:55 192.168.1.1 3001 UP
4 00:11:22:33:44:56 192.168.1.2 3001 UP
as a preferred embodiment, the user may create Asset-groups (i.e., asset subsets) on his own initiative at policy server B and select and sort the individual Asset-IDs of the Asset table (i.e., asset summary table) to confirm the hosting of the Asset subsets. Such as newly created Asset-Group route1 and route2, to generalize video devices of different travel routes into different subsets of assets.
Asset-ID Asset-MAC Asset-IP Asset-ACL Asset-Status Asset-Group
1 11:22:33:44:55:66 192.168.0.1 NULL UP route1
2 11:22:33:44:55:67 192.168.0.2 3002 UP route1
3 00:11:22:33:44:55 192.168.1.1 3001 UP route2
4 00:11:22:33:44:56 192.168.1.2 3001 UP route2
An administrator may initiate a fast online status scan for all devices within asset subset route2 and set the scan frequency. After completing the frequency setting, the server B will start fping to perform high-frequency ping test on route2 devices in all the asset tables to confirm whether the network connection is normal, and present the interface to the control center which devices are abnormal.
If the administrator wants to start an instant offline command for all monitoring devices in the Asset subset route2, the server B will adjust "Asset-ACL" of all route2 devices to 3002, and sequentially transmit "Asset-MAC" and "policy=deny" of all route2 devices to the server a through the API interface, and after receiving the parameters, the server a will trigger a radius coa packet to notify the switch of the device "Filter-id= 3002" of the rolling-station-id= "Asset-MAC", thereby implementing the offline processing of the corresponding device.
When the guard task is completed, if an administrator wants to re-line the offline Asset, the administrator only needs to start an instant line-up instruction, then the server B will adjust "Asset-ACL" of all route2 devices to NULL, and sequentially transmit "Asset-MAC" and "policy=limit" of all route2 devices to the server a through the API interface, after receiving the parameters, the server a will trigger a radius coa packet, and notify the switch to perform line-up processing of the corresponding device by notifying the switch of the device "Filter-id=" of the Asset-MAC ".
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (4)

1. The control method of the key line video monitoring equipment is characterized by comprising the following steps of:
s1, configuring an authentication server A and a policy server B; configuring on the front-end switch such that all authentication services are directed to the authentication server a;
s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and simultaneously updates an asset summary table in the policy server B;
s3, the policy server B updates the asset summary table according to the selection of the user, and meanwhile, the authentication server A executes 'release' or 'blocking' operation on video monitoring equipment connected with the switch by changing the authorization;
and newly establishing an asset subset in the strategy server B, wherein the asset subset is used for classifying video equipment of different lines, and the strategy server B performs state scanning on the video equipment in different subsets according to the set scanning frequency.
2. The method of claim 1, wherein the configuring at the head-end switch such that all authentication services are directed to the authentication server a comprises:
starting MAC authentication, and directing a radio Server of the MAC authentication to an authentication server A;
configuring an access control list 3001 and an access control list 3002;
wherein the access control list 3001 is used to restrict any source IP to access only the authentication server a and the policy server B, and the access control list 3002 is used to restrict any source IP from accessing any target IP.
3. The method according to claim 2, wherein in step S2, the access control list ID returned by the authentication server a is the access control list 3001.
4. The method according to claim 2, wherein said step S3 comprises:
for a certain video device,
if the user selects 'release', the policy server B changes the value of the access control list ID corresponding to the video equipment in the asset summary list into NULL, and transmits characteristic parameters to the authentication server A through an API interface, the authentication server A triggers a radius package, changes authorization, and informs a switch to change the value of the access control list ID of the equipment into a NULL value;
if the user selects "blocking", the policy server B changes the value of the access control list ID corresponding to the video device in the asset table to 3002, and transmits the feature parameter to the authentication server a through the API interface, and the authentication server a triggers the radius package, changes the authorization, and notifies the switch to change the value of the access control list ID of the device to 3002.
CN202110520154.3A 2021-05-12 2021-05-12 Control method of key line video monitoring equipment Active CN113411545B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110520154.3A CN113411545B (en) 2021-05-12 2021-05-12 Control method of key line video monitoring equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110520154.3A CN113411545B (en) 2021-05-12 2021-05-12 Control method of key line video monitoring equipment

Publications (2)

Publication Number Publication Date
CN113411545A CN113411545A (en) 2021-09-17
CN113411545B true CN113411545B (en) 2023-07-18

Family

ID=77678451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110520154.3A Active CN113411545B (en) 2021-05-12 2021-05-12 Control method of key line video monitoring equipment

Country Status (1)

Country Link
CN (1) CN113411545B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008002102A1 (en) * 2006-06-30 2008-01-03 Posdata Co., Ltd. Dvr server and method for controlling access to monitoring device in network-based dvr system
CN101656874A (en) * 2009-09-17 2010-02-24 杭州智傲科技有限公司 Remote video monitoring method
JP2014119962A (en) * 2012-12-17 2014-06-30 Mitsubishi Electric Corp Information communication system, authentication device, access control method of information communication system, and access control program
CN106330886A (en) * 2016-08-18 2017-01-11 浙江大华技术股份有限公司 Method and equipment for protecting video privacy in remote monitoring
CN107770773A (en) * 2016-08-19 2018-03-06 中兴通讯股份有限公司 A kind of monitor video management method and system, terminal and server
JP2021002736A (en) * 2019-06-21 2021-01-07 株式会社東急コミュニティー Monitoring camera system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867579B (en) * 2010-06-09 2013-07-03 杭州华三通信技术有限公司 Method and device for switching user network access authorities
WO2014206946A1 (en) * 2013-06-24 2014-12-31 Telefonica Digital España, S.L.U. Method, communication system and computer program product for biometric authentication and authorization
CN106790134B (en) * 2016-12-28 2021-01-29 浙江宇视科技有限公司 Access control method of video monitoring system and security policy server
CN110611682A (en) * 2019-09-27 2019-12-24 深信服科技股份有限公司 Network access system, network access method and related equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008002102A1 (en) * 2006-06-30 2008-01-03 Posdata Co., Ltd. Dvr server and method for controlling access to monitoring device in network-based dvr system
CN101656874A (en) * 2009-09-17 2010-02-24 杭州智傲科技有限公司 Remote video monitoring method
JP2014119962A (en) * 2012-12-17 2014-06-30 Mitsubishi Electric Corp Information communication system, authentication device, access control method of information communication system, and access control program
CN106330886A (en) * 2016-08-18 2017-01-11 浙江大华技术股份有限公司 Method and equipment for protecting video privacy in remote monitoring
CN107770773A (en) * 2016-08-19 2018-03-06 中兴通讯股份有限公司 A kind of monitor video management method and system, terminal and server
JP2021002736A (en) * 2019-06-21 2021-01-07 株式会社東急コミュニティー Monitoring camera system

Also Published As

Publication number Publication date
CN113411545A (en) 2021-09-17

Similar Documents

Publication Publication Date Title
CN101175078B (en) Identification of potential network threats using a distributed threshold random walk
CN105516986B (en) A kind of method, terminal, data processor and system detecting pseudo-base station
US9749337B2 (en) System and apparatus for rogue VoIP phone detection and managing VoIP phone mobility
CN101411156B (en) Automated containment of network intruder
CN101136922B (en) Service stream recognizing method, device and distributed refusal service attack defending method, system
CN100454836C (en) Method and system for service tracking
CN105915550A (en) SDN-based Portal/Radius authentication method
CN1996893A (en) Method, device and system for monitoring illegal access point in the wireless LAN
CN105207853A (en) Local area network monitoring management method
CN112787836B (en) Information security network topology system for rail transit and method for implementing information security for rail transit
CN101227339A (en) Method for monitoring data traffic based on contents and/or IP address
CN102984031A (en) Method and device for allowing encoding equipment to be safely accessed to monitoring and control network
CN107769978A (en) Management method, system, router and the server that a kind of terminal device networks
CN104486764A (en) Wireless network detection method, server and wireless network sensor
CN108206938B (en) Video distribution method of public security information network
CN106790134B (en) Access control method of video monitoring system and security policy server
CN113411545B (en) Control method of key line video monitoring equipment
CN103108302A (en) Security policy issuing method, network element and system for achieving the same
CN114500175B (en) Communication method for reversely dividing home VLAN based on IP address of user equipment
CN107040507A (en) Network blocking method and equipment
CN109886427A (en) Method for inspecting is managed in power transformation lean work on the spot
CN104683326A (en) Method for preventing hostile exhausting of DHCP (dynamic host configuration protocol) server address pool
KR102318686B1 (en) Improved method for sequrity employing network
CN109922058B (en) Intranet protection method for preventing illegal access to intranet
CN104104532B (en) A kind of information processing method, apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant