CN109756477B - Access authority setting method and device based on video network - Google Patents
Access authority setting method and device based on video network Download PDFInfo
- Publication number
- CN109756477B CN109756477B CN201811429284.0A CN201811429284A CN109756477B CN 109756477 B CN109756477 B CN 109756477B CN 201811429284 A CN201811429284 A CN 201811429284A CN 109756477 B CN109756477 B CN 109756477B
- Authority
- CN
- China
- Prior art keywords
- video
- terminal
- access
- video networking
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides an access authority setting method and device based on a video network. Through this application, through combining the terminal identification of two at least video networking terminals into a video networking permission group, then only need set up the access permission to the video networking supervisory equipment for video networking permission group, can realize all setting up the access permission to the video networking supervisory equipment to two at least video networking terminals to can improve and set up efficiency.
Description
Technical Field
The present application relates to the field of video networking technologies, and in particular, to a method and an apparatus for setting an access right based on video networking.
Background
Nowadays, in order to provide safety prevention and guarantee for people's work and life, often be provided with surveillance camera head in important position department, record the surveillance video stream of important position department through surveillance camera head, later, arrange the viewing personnel to see whether there is suspicious personage in the surveillance video stream that surveillance camera head recorded, for example, see whether there is escaping personnel etc..
For example, the surveillance camera sends the recorded surveillance video stream to the terminal, the terminal receives the surveillance video stream sent by the surveillance camera and plays the surveillance video stream on a screen, and the viewer can view the surveillance video stream played by the terminal on the screen.
However, the security of the surveillance videos recorded by different surveillance cameras at different positions is different, and therefore, the security of the surveillance videos recorded by different surveillance cameras at different positions is different, and a plurality of viewers need to be arranged to view the surveillance videos recorded by the surveillance cameras, and therefore, it is necessary to set the surveillance videos recorded by which surveillance cameras can be viewed and the surveillance videos recorded by which surveillance cameras cannot be viewed for each viewer in sequence.
However, when the number of the monitoring cameras is very large, it will take a long time to set the viewing permission for each viewer, and the setting efficiency is low.
Disclosure of Invention
In order to solve the above problems, the present application shows a method and an apparatus for setting access rights based on a video network.
In a first aspect, the present application shows a method for setting access permissions based on a video network, where the video network includes a video network server, a plurality of video network terminals, and a plurality of video network monitoring devices; the video networking server is respectively in communication connection with each video networking terminal based on a video networking protocol, the video networking server is respectively in communication connection with each video networking monitoring device based on the video networking protocol, the method is applied to the video networking server, and the method comprises the following steps:
when the access rights for accessing the same video networking monitoring equipment need to be set for at least two video networking terminals, detecting whether a video networking permission group with the access rights is set exists;
if the video networking permission group with the access permission is set, adding the terminal identifications of the at least two video networking terminals to the video networking permission group with the access permission;
and if the access authority group does not exist, establishing a video networking authority group, adding the terminal identifications of the at least two video networking terminals to the established video networking authority group, and setting the access authority for the established video networking authority group.
Wherein, the setting of the access authority for the created video networking authority group comprises:
respectively acquiring a terminal grade of each of the at least two video networking terminals;
determining the video network monitoring equipment which is forbidden to access according to the obtained terminal level;
determining, in an out-of-access-prohibited one of the plurality of out-of-view-network monitoring devices, an out-of-view-network monitoring device accessible by the created out-of-view-network privilege group;
and binding the created video networking permission group with the device identification of the accessible video networking monitoring device.
The video networking monitoring equipment for determining the access prohibition according to the acquired terminal level comprises the following steps:
acquiring a corresponding relation between a terminal level and an equipment identifier of the video network monitoring equipment which is forbidden to access;
respectively searching for equipment identifiers corresponding to each terminal grade in the corresponding relation;
and determining the video network equipment corresponding to the searched equipment identifier as the video network monitoring equipment which is forbidden to access.
Wherein the method further comprises:
when a target video network terminal in the plurality of video network terminals needs to access a target video network monitoring device in the plurality of video network monitoring devices, determining a target video network authority group where a terminal identifier of the target video network terminal is located;
acquiring a target access permission of the target video networking permission group;
determining whether the target video network terminal has the access right to the target video network monitoring equipment according to the target access right;
and if the target video network terminal has access authority to the target video network monitoring equipment, establishing communication connection between the target video network terminal and the target video network monitoring equipment based on a video network protocol.
And if the target video network terminal does not have the access authority to the target video network monitoring equipment, sending an access refusing notice to the target video network terminal, wherein the access refusing notice is used for indicating that the target video network terminal does not have the access authority to the target video network monitoring equipment.
Wherein, the establishing of the communication connection based on the video networking protocol between the target video networking terminal and the target video networking monitoring equipment comprises the following steps:
and associating a first communication connection and a second communication connection, wherein the first communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision terminal and the internet of vision server, and the second communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision monitoring equipment and the internet of vision server.
In a second aspect, the present application shows an apparatus for setting access permissions based on a video network, where the video network includes a video network server, a plurality of video network terminals, and a plurality of video network monitoring devices; the video networking server possesses communication connection based on the video networking protocol with each video networking terminal respectively, possess communication connection based on the video networking protocol between the video networking server and each video networking supervisory equipment respectively, the device is applied to in the video networking server, the device includes:
the device comprises a detection module, a monitoring module and a control module, wherein the detection module is used for detecting whether an access authority group with the access authority is set when the access authority for accessing the same video network monitoring equipment is required to be set for at least two video network terminals;
the first adding module is used for adding the terminal identifications of the at least two video networking terminals to the video networking permission group with the access permission if the video networking permission group with the access permission is set;
the device comprises a creating module used for creating a video networking authority group if the authority group with the access authority is not set, a first adding module used for adding the terminal identifications of at least two video networking terminals to the created video networking authority group, and a setting module used for setting the access authority for the created video networking authority group.
Wherein the setting module includes:
the acquisition unit is used for respectively acquiring the terminal grade of each of the at least two video networking terminals;
the first determining unit is used for determining the video network monitoring equipment which is forbidden to access according to the acquired terminal level;
a second determining unit, configured to determine, in an out-of-view networking monitoring device of the plurality of out-of-view networking monitoring devices other than the access-prohibited out-of-view networking monitoring device, an out-of-view networking monitoring device accessible by the created out-of-view networking privilege group;
and the binding unit is used for binding the created video networking permission group with the device identification of the accessible video networking monitoring device.
Wherein the first determination unit includes:
the acquisition subunit is used for acquiring the corresponding relation between the terminal level and the equipment identifier of the video network monitoring equipment which is forbidden to access;
a searching subunit, configured to search, in the correspondence, device identifiers respectively corresponding to each terminal class;
and the determining subunit is used for determining the video network equipment corresponding to the searched equipment identifier as the video network monitoring equipment which is prohibited to access.
Wherein the apparatus further comprises:
the determining module is used for determining a target video networking authority group where a terminal identifier of a target video networking terminal is located when the target video networking terminal in the plurality of video networking terminals needs to access the target video networking monitoring equipment in the plurality of video networking monitoring equipment;
the acquisition module is used for acquiring the target access permission of the target video networking permission group;
the determining module is used for determining whether the target video network terminal has the access authority or not according to the target access authority;
and the establishing module is used for establishing communication connection based on an internet of vision protocol between the target internet of vision terminal and the target internet of vision monitoring equipment if the target internet of vision terminal has access authority to the target internet of vision monitoring equipment.
And the sending module is used for sending an access denial notification to the target video network terminal if the target video network terminal does not have the access authority to the target video network monitoring equipment, wherein the access denial notification is the same as indicating that the target video network terminal does not have the access authority to the target video network monitoring equipment.
Wherein the establishing module is specifically configured to: and associating a first communication connection and a second communication connection, wherein the first communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision terminal and the internet of vision server, and the second communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision monitoring equipment and the internet of vision server.
The application includes the following advantages:
through this application, through combining the terminal identification of two at least video networking terminals into a video networking permission group, then only need set up the access permission to the video networking supervisory equipment for video networking permission group, can realize all setting up the access permission to the video networking supervisory equipment to two at least video networking terminals to can improve and set up efficiency.
Drawings
FIG. 1 is a networking schematic of a video network of the present application;
FIG. 2 is a schematic diagram of a hardware architecture of a node server according to the present application;
fig. 3 is a schematic diagram of a hardware architecture of an access switch of the present application;
fig. 4 is a schematic diagram of a hardware structure of an ethernet protocol conversion gateway according to the present application;
FIG. 5 is a block diagram of a system for setting access rights based on a video network according to the present application;
FIG. 6 is a flowchart illustrating the steps of a method for setting access rights based on a video network according to the present application;
FIG. 7 is a flow chart of the steps of a method of setting access rights of the present application;
fig. 8 is a block diagram illustrating a structure of an access right setting apparatus based on a video network according to the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other.
The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like on a system platform on a network platform, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, Personal Video Recorder (PVR), intranet (self-office) channels, intelligent video broadcast control, information distribution and the like, and realizes high-definition quality video broadcast through a television or a computer.
To better understand the present application, the following description refers to the internet of view:
some of the technologies applied in the video networking are as follows:
network Technology (Network Technology)
Network technology innovation in video networking has improved over traditional Ethernet (Ethernet) to face the potentially enormous video traffic on the network. Unlike pure network Packet Switching (Packet Switching) or network Circuit Switching (Circuit Switching), the Packet Switching is adopted by the technology of the video networking to meet the Streaming requirement. The video networking technology has the advantages of flexibility, simplicity and low price of packet switching, and simultaneously has the quality and safety guarantee of circuit switching, thereby realizing the seamless connection of the whole network switching type virtual circuit and the data format.
Switching Technology (Switching Technology)
The video network adopts two advantages of asynchronism and packet switching of the Ethernet, eliminates the defects of the Ethernet on the premise of full compatibility, has end-to-end seamless connection of the whole network, is directly communicated with a user terminal, and directly bears an IP data packet. The user data does not require any format conversion across the entire network. The video networking is a higher-level form of the Ethernet, is a real-time exchange platform, can realize the real-time transmission of the whole-network large-scale high-definition video which cannot be realized by the existing Internet, and pushes a plurality of network video applications to high-definition and unification.
Server Technology (Server Technology)
The server technology on the video networking and unified video platform is different from the traditional server, the streaming media transmission of the video networking and unified video platform is established on the basis of connection orientation, the data processing capacity of the video networking and unified video platform is independent of flow and communication time, and a single network layer can contain signaling and data transmission. For voice and video services, the complexity of video networking and unified video platform streaming media processing is much simpler than that of data processing, and the efficiency is greatly improved by more than one hundred times compared with that of a traditional server.
Storage Technology (Storage Technology)
The super-high speed storage technology of the unified video platform adopts the most advanced real-time operating system in order to adapt to the media content with super-large capacity and super-large flow, the program information in the server instruction is mapped to the specific hard disk space, the media content is not passed through the server any more, and is directly sent to the user terminal instantly, and the general waiting time of the user is less than 0.2 second. The optimized sector distribution greatly reduces the mechanical motion of the magnetic head track seeking of the hard disk, the resource consumption only accounts for 20% of that of the IP internet of the same grade, but concurrent flow which is 3 times larger than that of the traditional hard disk array is generated, and the comprehensive efficiency is improved by more than 10 times.
Network Security Technology (Network Security Technology)
The structural design of the video network completely eliminates the network security problem troubling the internet structurally by the modes of independent service permission control each time, complete isolation of equipment and user data and the like, generally does not need antivirus programs and firewalls, avoids the attack of hackers and viruses, and provides a structural carefree security network for users.
Service Innovation Technology (Service Innovation Technology)
The unified video platform integrates services and transmission, and is not only automatically connected once whether a single user, a private network user or a network aggregate. The user terminal, the set-top box or the PC are directly connected to the unified video platform to obtain various multimedia video services in various forms. The unified video platform adopts a menu type configuration table mode to replace the traditional complex application programming, can realize complex application by using very few codes, and realizes infinite new service innovation.
Networking of the video network is as follows:
the video network is a centralized control network structure, and the network can be a tree network, a star network, a ring network and the like, but on the basis of the centralized control node, the whole network is controlled by the centralized control node in the network.
As shown in fig. 1, the video network is divided into an access network and a metropolitan network.
The devices of the access network part can be mainly classified into 3 types: node server, access switch, terminal (including various set-top boxes, coding boards, memories, etc.). The node server is connected to an access switch, which may be connected to a plurality of terminals and may be connected to an ethernet network.
The node server is a node which plays a centralized control function in the access network and can control the access switch and the terminal. The node server can be directly connected with the access switch or directly connected with the terminal.
Similarly, devices of the metropolitan network portion may also be classified into 3 types: a metropolitan area server, a node switch and a node server. The metro server is connected to a node switch, which may be connected to a plurality of node servers.
The node server is a node server of the access network part, namely the node server belongs to both the access network part and the metropolitan area network part.
The metropolitan area server is a node which plays a centralized control function in the metropolitan area network and can control a node switch and a node server. The metropolitan area server can be directly connected with the node switch or directly connected with the node server.
Therefore, the whole video network is a network structure controlled by a layered centralized way, and the network controlled by the node server and the metropolitan area server can be in various structures such as a tree, a star, a ring and the like.
The access network part can form a unified video platform (the part in the dotted circle), and a plurality of unified video platforms can form a video network; each unified video platform may be interconnected via metropolitan area and wide area video networking.
Video networking device classification
1.1 devices in the video network of the present application can be largely classified into 3 types: servers, switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.). The video network as a whole can be divided into a metropolitan area network (or national network, global network, etc.) and an access network.
1.2 wherein the devices of the access network part can be mainly classified into 3 types: node servers, access switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.).
The specific hardware structure of each access network device is as follows:
a node server:
as shown in fig. 2, the system mainly includes a network interface module 201, a switching engine module 202, a CPU module 203, and a disk array module 204;
the network interface module 201, the CPU module 203, and the disk array module 204 all enter the switching engine module 202; the switching engine module 202 performs an operation of looking up the address table 205 on the incoming packet, thereby obtaining the direction information of the packet; and stores the packet in a queue of the corresponding packet buffer 206 based on the packet's steering information; if the queue of the packet buffer 206 is nearly full, it is discarded; the switching engine module 202 polls all packet buffer queues for forwarding if the following conditions are met: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero. The disk array module 204 mainly implements control over the hard disk, including initialization, read-write, and other operations on the hard disk; the CPU module 203 is mainly responsible for protocol processing with an access switch and a terminal (not shown in the figure), configuring an address table 205 (including a downlink protocol packet address table, an uplink protocol packet address table, and a data packet address table), and configuring the disk array module 204.
The access switch:
as shown in fig. 3, the network interface module mainly includes a network interface module (a downlink network interface module 301 and an uplink network interface module 302), a switching engine module 303 and a CPU module 304;
wherein, the packet (uplink data) coming from the downlink network interface module 301 enters the packet detection module 305; the packet detection module 305 detects whether the Destination Address (DA), the Source Address (SA), the packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id) and enters the switching engine module 303, otherwise, discards the stream identifier; the packet (downstream data) coming from the upstream network interface module 302 enters the switching engine module 303; the incoming data packet of the CPU module 304 enters the switching engine module 303; the switching engine module 303 performs an operation of looking up the address table 306 on the incoming packet, thereby obtaining the direction information of the packet; if the packet entering the switching engine module 303 is from the downstream network interface to the upstream network interface, the packet is stored in the queue of the corresponding packet buffer 307 in association with the stream-id; if the queue of the packet buffer 307 is nearly full, it is discarded; if the packet entering the switching engine module 303 is not from the downlink network interface to the uplink network interface, the data packet is stored in the queue of the corresponding packet buffer 307 according to the guiding information of the packet; if the queue of the packet buffer 307 is nearly full, it is discarded.
The switching engine module 303 polls all packet buffer queues, in this application two cases:
if the queue is from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queued packet counter is greater than zero; 3) obtaining a token generated by a code rate control module;
if the queue is not from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero.
The rate control module 308 is configured by the CPU module 304, and generates tokens for packet buffer queues from all downstream network interfaces to upstream network interfaces at programmable intervals to control the rate of upstream forwarding.
The CPU module 304 is mainly responsible for protocol processing with the node server, configuration of the address table 306, and configuration of the code rate control module 308.
Ethernet protocol conversion gateway:
As shown in fig. 4, the apparatus mainly includes a network interface module (a downlink network interface module 401 and an uplink network interface module 402), a switching engine module 403, a CPU module 404, a packet detection module 405, a rate control module 408, an address table 406, a packet buffer 407, a MAC adding module 409, and a MAC deleting module 410.
Wherein, the data packet coming from the downlink network interface module 401 enters the packet detection module 405; the packet detection module 405 detects whether the ethernet MAC DA, the ethernet MAC SA, the ethernet length or frame type, the video network destination address DA, the video network source address SA, the video network packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id); then, the MAC deletion module 410 subtracts MAC DA, MAC SA, length or frame type (2 byte) and enters the corresponding receiving buffer, otherwise, discards it;
the downlink network interface module 401 detects the sending buffer of the port, and if there is a packet, obtains the ethernet MAC DA of the corresponding terminal according to the video networking destination address DA of the packet, adds the ethernet MAC DA of the terminal, the MAC SA of the ethernet coordination gateway, and the ethernet length or frame type, and sends the packet.
The other modules in the ethernet protocol gateway function similarly to the access switch.
A terminal:
the system mainly comprises a network interface module, a service processing module and a CPU module; for example, the set-top box mainly comprises a network interface module, a video and audio coding and decoding engine module and a CPU module; the coding board mainly comprises a network interface module, a video and audio coding engine module and a CPU module; the memory mainly comprises a network interface module, a CPU module and a disk array module.
1.3 devices of the metropolitan area network part can be mainly classified into 2 types: node server, node exchanger, metropolitan area server. The node switch mainly comprises a network interface module, a switching engine module and a CPU module; the metropolitan area server mainly comprises a network interface module, a switching engine module and a CPU module.
2. Video networking packet definition
2.1 Access network packet definition
The data packet of the access network mainly comprises the following parts: destination Address (DA), Source Address (SA), reserved bytes, payload (pdu), CRC.
As shown in the following table, the data packet of the access network mainly includes the following parts:
| DA | SA | Reserved | Payload | CRC |
wherein:
the Destination Address (DA) is composed of 8 bytes (byte), the first byte represents the type of the data packet (such as various protocol packets, multicast data packets, unicast data packets, etc.), there are 256 possibilities at most, the second byte to the sixth byte are metropolitan area network addresses, and the seventh byte and the eighth byte are access network addresses;
the Source Address (SA) is also composed of 8 bytes (byte), defined as the same as the Destination Address (DA);
the reserved byte consists of 2 bytes;
the payload part has different lengths according to the types of different datagrams, and is 64 bytes if the datagram is various protocols, and is 32 + 1024 = 1056 bytes if the datagram is a unicast datagram, and is of course not limited to the above 2 types;
the CRC consists of 4 bytes and is calculated in accordance with the standard ethernet CRC algorithm.
2.2 metropolitan area network packet definition
The topology of a metropolitan area network is a graph and there may be 2, or even more than 2, connections between two devices, i.e., there may be more than 2 connections between a node switch and a node server, a node switch and a node switch, and a node switch and a node server. However, the metro network address of the metro network device is unique, and in order to accurately describe the connection relationship between the metro network devices, parameters are introduced in the present application: a label to uniquely describe a metropolitan area network device.
In this specification, the definition of the Label is similar to that of the Label of MPLS (Multi-Protocol Label Switch), and assuming that there are two connections between the device a and the device B, there are 2 labels for the packet from the device a to the device B, and 2 labels for the packet from the device B to the device a. The label is classified into an incoming label and an outgoing label, and assuming that the label (incoming label) of the packet entering the device a is 0x0000, the label (outgoing label) of the packet leaving the device a may become 0x 0001. The network access process of the metro network is a network access process under centralized control, that is, address allocation and label allocation of the metro network are both dominated by the metro server, and the node switch and the node server are both passively executed, which is different from label allocation of MPLS, and label allocation of MPLS is a result of mutual negotiation between the switch and the server.
As shown in the following table, the data packet of the metro network mainly includes the following parts:
| DA | SA | Reserved | label (R) | Payload | CRC |
Namely Destination Address (DA), Source Address (SA), Reserved byte (Reserved), tag, payload (pdu), CRC. The format of the tag may be defined by reference to the following: the tag is 32 bits with the upper 16 bits reserved and only the lower 16 bits used, and its position is between the reserved bytes and payload of the packet.
Based on the characteristics of the video network, one of the core concepts of the application is provided, the protocol of the video network is followed, the terminal identifications of at least two video network terminals are combined into a video network authority group, and then the access authority of the video network monitoring equipment is set for the video network authority group, so that the access authority of the video network monitoring equipment can be set for at least two video network terminals, and the setting efficiency can be improved.
Referring to fig. 5, a block diagram of a system for setting access permissions based on video networking according to the present application is shown, the system includes a video networking server 01, a plurality of video networking terminals 02 and a plurality of video networking monitoring devices 03; the video networking server 01 is respectively connected with each video networking terminal 02 through communication based on a video networking protocol, the video networking server 01 is respectively connected with each video networking monitoring device 03 through communication based on the video networking protocol, the method is applied to the video networking server, and the method comprises the following steps:
referring to fig. 6, a flowchart illustrating steps of a method for setting access permissions based on a video network according to the present application is shown, where the method may be applied to the video network server 01 shown in fig. 5, and the method may specifically include the following steps:
in step S101, when access rights for accessing the same video network monitoring device need to be set for at least two video network terminals, detecting whether a video network permission group in which the access rights are set exists;
in the present application, an accessible video network monitoring device corresponding to the video network permission group may already have a plurality of video network permission groups, each video network permission group includes a device identifier of at least one video network monitoring device, and it may be found whether there is a video network permission group including a device identifier identical to the device identifier of the same video network monitoring device among the plurality of video network permission groups that already exist, and if there is a video network permission group including a device identifier identical to the device identifier of the same video network monitoring device, the video network permission group including a device identifier identical to the device identifier of the same video network monitoring device is determined as the video network permission group in which the access permission is set, and if there is no video network permission group including a device identifier identical to the device identifier of the same video network monitoring device, it is determined that there is no permission group in which the access permission is set.
If the video networking permission group with the access permission is set, in step S102, adding terminal identifications of at least two video networking terminals to the video networking permission group with the access permission;
so that at least two video network terminals can have access to the same video network monitoring equipment.
If the access right set does not exist, in step S103, a video networking right set is created, the terminal identifiers of at least two video networking terminals are added to the created video networking right set, and the access right is set for the created video networking right set.
So that at least two video network terminals can have access to the same video network monitoring equipment.
Through this application, through combining the terminal identification of two at least video networking terminals into a video networking permission group, then only need set up the access permission to the video networking supervisory equipment for video networking permission group, can realize all setting up the access permission to the video networking supervisory equipment to two at least video networking terminals to can improve and set up efficiency.
Then when a target video network terminal in the plurality of video network terminals needs to access a target video network monitoring device in the plurality of video network monitoring devices, determining a target video network authority group where a terminal identifier of the target video network terminal is located; acquiring a target access authority of a target video networking authority group; determining whether the target video network terminal has the access authority or not according to the target access authority; and if the target video network terminal has access authority to the target video network monitoring equipment, establishing communication connection based on a video network protocol between the target video network terminal and the target video network monitoring equipment. And associating a first communication connection and a second communication connection, wherein the first communication connection comprises a communication connection based on the video networking protocol between the target video networking terminal and the video networking server, and the second communication connection comprises a communication connection based on the video networking protocol between the target video networking monitoring equipment and the video networking server.
And if the target video network terminal does not have the access authority to the target video network monitoring equipment, sending an access refusing notice to the target video network terminal, wherein the access refusing notice is used for indicating that the target video network terminal does not have the access authority to the target video network monitoring equipment so as to prompt the user that the target video network terminal does not have the access authority to the target video network monitoring equipment.
When the access right is set for the created video networking right group, referring to fig. 7, the following process may be implemented, including:
in step S201, a terminal level of each of at least two video networking terminals is obtained;
wherein, the corresponding relation between the terminal identification of the terminal and the terminal grade of the terminal can be obtained; then, for any one of the at least two video network terminals, respectively searching the terminal grade corresponding to the terminal identification of the video network terminal in the corresponding relation; and as the terminal grade of the video network terminal, aiming at each other video network terminal in at least two video network terminals.
In step S202, determining a video network monitoring device which is prohibited from accessing according to the obtained terminal level;
the method comprises the steps that the corresponding relation between a terminal level and an equipment identifier of the video network monitoring equipment which is forbidden to access can be obtained; respectively searching for equipment identifications respectively corresponding to each terminal grade in the corresponding relation; and determining the video network equipment corresponding to the searched equipment identifier as the video network monitoring equipment which is forbidden to access.
The monitoring equipment of the video network which is corresponding to different terminal levels and is forbidden to access can be repeated, and if the monitoring equipment of the video network is repeated, the monitoring equipment of the video network is not repeated.
In step S203, determining, among the video networking monitoring devices other than the video networking monitoring device which is prohibited from accessing, a video networking monitoring device which is accessible by the created video networking right group;
in step S204, the created video networking permission group is bound with the device identification of the accessible video networking monitoring device.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
Referring to fig. 8, a block diagram of an access right setting apparatus based on a video network according to the present application is shown, where the video network includes a video network server, a plurality of video network terminals, and a plurality of video network monitoring devices; the video networking server possesses communication connection based on the video networking protocol with each video networking terminal respectively, possess communication connection based on the video networking protocol between the video networking server and each video networking supervisory equipment respectively, the device is applied to in the video networking server, the device includes:
the detection module 11 is configured to detect whether there is an access right group in which the access right is set when access rights for accessing the same video networking monitoring device need to be set for at least two video networking terminals;
a first adding module 12, configured to add, if there is a video networking permission group in which the access permission is set, the terminal identifiers of the at least two video networking terminals to the video networking permission group in which the access permission is set;
a creating module 13, configured to create a video networking permission group if there is no permission group in which the access permission is set, a first adding module 14, configured to add the terminal identifiers of the at least two video networking terminals to the created video networking permission group, and a setting module 15, configured to set the access permission for the created video networking permission group.
Wherein the setting module 15 includes:
the acquisition unit is used for respectively acquiring the terminal grade of each of the at least two video networking terminals;
the first determining unit is used for determining the video network monitoring equipment which is forbidden to access according to the acquired terminal level;
a second determining unit, configured to determine, in an out-of-view networking monitoring device of the plurality of out-of-view networking monitoring devices other than the access-prohibited out-of-view networking monitoring device, an out-of-view networking monitoring device accessible by the created out-of-view networking privilege group;
and the binding unit is used for binding the created video networking permission group with the device identification of the accessible video networking monitoring device.
Wherein the first determination unit includes:
the acquisition subunit is used for acquiring the corresponding relation between the terminal level and the equipment identifier of the video network monitoring equipment which is forbidden to access;
a searching subunit, configured to search, in the correspondence, device identifiers respectively corresponding to each terminal class;
and the determining subunit is used for determining the video network equipment corresponding to the searched equipment identifier as the video network monitoring equipment which is prohibited to access.
Wherein the apparatus further comprises:
the determining module is used for determining a target video networking authority group where a terminal identifier of a target video networking terminal is located when the target video networking terminal in the plurality of video networking terminals needs to access the target video networking monitoring equipment in the plurality of video networking monitoring equipment;
the acquisition module is used for acquiring the target access permission of the target video networking permission group;
the determining module is used for determining whether the target video network terminal has the access authority or not according to the target access authority;
and the establishing module is used for establishing communication connection based on an internet of vision protocol between the target internet of vision terminal and the target internet of vision monitoring equipment if the target internet of vision terminal has access authority to the target internet of vision monitoring equipment.
And the sending module is used for sending an access denial notification to the target video network terminal if the target video network terminal does not have the access authority to the target video network monitoring equipment, wherein the access denial notification is the same as indicating that the target video network terminal does not have the access authority to the target video network monitoring equipment.
Wherein the establishing module is specifically configured to: and associating a first communication connection and a second communication connection, wherein the first communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision terminal and the internet of vision server, and the second communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision monitoring equipment and the internet of vision server.
Through this application, through combining the terminal identification of two at least video networking terminals into a video networking permission group, then only need set up the access permission to the video networking supervisory equipment for video networking permission group, can realize all setting up the access permission to the video networking supervisory equipment to two at least video networking terminals to can improve and set up efficiency.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one of skill in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method and the device for setting the access right based on the video network are introduced in detail, and a specific example is applied in the method to explain the principle and the implementation of the method, and the description of the embodiment is only used for helping to understand the method and the core idea of the method; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (6)
1. The method for setting the access authority based on the video network is characterized in that the video network comprises a video network server, a plurality of video network terminals and a plurality of video network monitoring devices; the video networking server is respectively in communication connection with each video networking terminal based on a video networking protocol, the video networking server is respectively in communication connection with each video networking monitoring device based on the video networking protocol, the method is applied to the video networking server, and the method comprises the following steps:
when the access rights for accessing the same video networking monitoring equipment need to be set for at least two video networking terminals, detecting whether a video networking permission group with the access rights is set exists;
if the video networking permission group with the access permission is set, adding the terminal identifications of the at least two video networking terminals to the video networking permission group with the access permission;
if the authority group with the access authority is not set, establishing a video networking authority group, adding the terminal identifications of the at least two video networking terminals to the established video networking authority group, and setting the access authority for the established video networking authority group according to the terminal grade of each video networking terminal in the at least two video networking terminals;
wherein, the setting of the access authority for the created video networking authority group according to the terminal grade of each video networking terminal in the at least two video networking terminals comprises:
respectively acquiring the terminal grade of each video network terminal;
acquiring a corresponding relation between a terminal level and an equipment identifier of the video network monitoring equipment which is forbidden to access;
respectively searching for equipment identifiers corresponding to each terminal grade in the corresponding relation;
determining the video network monitoring equipment corresponding to the searched equipment identifier as the video network monitoring equipment which is forbidden to access;
determining, in an out-of-access-prohibited one of the plurality of out-of-view-network monitoring devices, an out-of-view-network monitoring device accessible by the created out-of-view-network privilege group;
and binding the created video networking permission group with the device identification of the accessible video networking monitoring device.
2. The method of claim 1, further comprising:
when a target video network terminal in the plurality of video network terminals needs to access a target video network monitoring device in the plurality of video network monitoring devices, determining a target video network authority group where a terminal identifier of the target video network terminal is located;
acquiring a target access permission of the target video networking permission group;
determining whether the target video network terminal has the access right to the target video network monitoring equipment according to the target access right;
if the target video network terminal has access authority to the target video network monitoring equipment, establishing communication connection between the target video network terminal and the target video network monitoring equipment based on a video network protocol;
and if the target video network terminal does not have the access authority to the target video network monitoring equipment, sending an access refusing notice to the target video network terminal, wherein the access refusing notice is used for indicating that the target video network terminal does not have the access authority to the target video network monitoring equipment.
3. The method of claim 2, wherein establishing the communication connection between the target video networking terminal and the target video networking monitoring device based on the video networking protocol comprises:
and associating a first communication connection and a second communication connection, wherein the first communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision terminal and the internet of vision server, and the second communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision monitoring equipment and the internet of vision server.
4. An access authority setting device based on a video network is characterized in that the video network comprises a video network server, a plurality of video network terminals and a plurality of video network monitoring devices; the video networking server possesses communication connection based on the video networking protocol with each video networking terminal respectively, possess communication connection based on the video networking protocol between the video networking server and each video networking supervisory equipment respectively, the device is applied to in the video networking server, the device includes:
the device comprises a detection module, a monitoring module and a control module, wherein the detection module is used for detecting whether an access authority group with the access authority is set when the access authority for accessing the same video network monitoring equipment is required to be set for at least two video network terminals;
the first adding module is used for adding the terminal identifications of the at least two video networking terminals to the video networking permission group with the access permission if the video networking permission group with the access permission is set;
the device comprises a creating module, a first adding module and a setting module, wherein the creating module is used for creating a video networking permission group if the permission group with the access permission is not set, the first adding module is used for adding terminal identifications of at least two video networking terminals to the created video networking permission group, and the setting module is used for setting the access permission for the created video networking permission group according to the terminal level of each of the at least two video networking terminals;
wherein the setting module includes:
the acquisition unit is used for respectively acquiring the terminal grade of each video network terminal;
the first determination unit includes: acquiring a subunit, searching the subunit and determining the subunit;
the acquisition subunit is used for acquiring the corresponding relation between the terminal level and the equipment identifier of the video network monitoring equipment which is forbidden to access;
the searching subunit is configured to search, in the correspondence, device identifiers respectively corresponding to each terminal class;
the determining subunit is configured to determine, as the access-prohibited video networking monitoring device, the video networking monitoring device corresponding to the found device identifier;
a second determining unit, configured to determine, in an out-of-view networking monitoring device of the plurality of out-of-view networking monitoring devices other than the access-prohibited out-of-view networking monitoring device, an out-of-view networking monitoring device accessible by the created out-of-view networking privilege group;
and the binding unit is used for binding the created video networking permission group with the device identification of the accessible video networking monitoring device.
5. The apparatus of claim 4, further comprising:
the determining module is used for determining a target video networking authority group where a terminal identifier of a target video networking terminal is located when the target video networking terminal in the plurality of video networking terminals needs to access the target video networking monitoring equipment in the plurality of video networking monitoring equipment;
the acquisition module is used for acquiring the target access permission of the target video networking permission group;
the determining module is used for determining whether the target video network terminal has the access authority or not according to the target access authority;
the establishing module is used for establishing communication connection based on an internet of vision protocol between the target internet of vision terminal and the target internet of vision monitoring equipment if the target internet of vision terminal has access authority to the target internet of vision monitoring equipment;
and the sending module is used for sending an access denial notification to the target video network terminal if the target video network terminal does not have the access authority to the target video network monitoring equipment, wherein the access denial notification is the same as indicating that the target video network terminal does not have the access authority to the target video network monitoring equipment.
6. The apparatus of claim 5, wherein the establishing module is specifically configured to: and associating a first communication connection and a second communication connection, wherein the first communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision terminal and the internet of vision server, and the second communication connection comprises a communication connection based on an internet of vision protocol between the target internet of vision monitoring equipment and the internet of vision server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811429284.0A CN109756477B (en) | 2018-11-27 | 2018-11-27 | Access authority setting method and device based on video network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811429284.0A CN109756477B (en) | 2018-11-27 | 2018-11-27 | Access authority setting method and device based on video network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109756477A CN109756477A (en) | 2019-05-14 |
| CN109756477B true CN109756477B (en) | 2021-02-02 |
Family
ID=66402545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811429284.0A Active CN109756477B (en) | 2018-11-27 | 2018-11-27 | Access authority setting method and device based on video network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109756477B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101661281A (en) * | 2008-08-28 | 2010-03-03 | 上海宝信软件股份有限公司 | Method for handing over control authority in distributed monitoring system |
| CN106161335A (en) * | 2015-03-25 | 2016-11-23 | 北京视联动力国际信息技术有限公司 | A kind for the treatment of method and apparatus of network packet |
| CN108632238A (en) * | 2017-09-18 | 2018-10-09 | 北京视联动力国际信息技术有限公司 | A kind of method and apparatus of permission control |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100466728C (en) * | 2006-07-24 | 2009-03-04 | 华为技术有限公司 | Long-distance monitoring business realizing method, system and terminal equipment between video information terminals |
| US20080307486A1 (en) * | 2007-06-11 | 2008-12-11 | Microsoft Corporation | Entity based access management |
| CN101184214B (en) * | 2007-12-07 | 2012-12-19 | 中兴通讯股份有限公司 | Method of managing user authority in monitoring system |
| JP6092533B2 (en) * | 2012-06-29 | 2017-03-08 | キヤノン株式会社 | Image forming apparatus, control method therefor, and program |
| CN108023910B (en) * | 2016-11-01 | 2019-03-12 | 视联动力信息技术股份有限公司 | A kind of terminal monitoring method and system based on view networking |
-
2018
- 2018-11-27 CN CN201811429284.0A patent/CN109756477B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101661281A (en) * | 2008-08-28 | 2010-03-03 | 上海宝信软件股份有限公司 | Method for handing over control authority in distributed monitoring system |
| CN106161335A (en) * | 2015-03-25 | 2016-11-23 | 北京视联动力国际信息技术有限公司 | A kind for the treatment of method and apparatus of network packet |
| CN108632238A (en) * | 2017-09-18 | 2018-10-09 | 北京视联动力国际信息技术有限公司 | A kind of method and apparatus of permission control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109756477A (en) | 2019-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111193788A (en) | Audio and video stream load balancing method and device | |
| CN109617956B (en) | Data processing method and device | |
| CN110190973B (en) | Online state detection method and device | |
| CN109788247B (en) | Method and device for identifying monitoring instruction | |
| CN109587002B (en) | State detection method and system for video network monitoring equipment | |
| CN108965930B (en) | Video data processing method and device | |
| CN109743555B (en) | Information processing method and system based on video network | |
| CN109743284B (en) | Video processing method and system based on video network | |
| CN109768957B (en) | Method and system for processing monitoring data | |
| CN110740295B (en) | Round-robin playing method and device for video stream monitored by video network | |
| CN110022500B (en) | Packet loss processing method and device | |
| CN110493149B (en) | Message processing method and device | |
| CN109698953B (en) | State detection method and system for video network monitoring equipment | |
| CN110012316B (en) | Method, device, equipment and storage medium for processing video networking service | |
| CN109768964B (en) | Audio and video display method and device | |
| CN111447407A (en) | Monitoring resource transmission method and device | |
| CN108965219B (en) | Data processing method and device based on video network | |
| CN108574655B (en) | Conference monitoring and broadcasting method and device | |
| CN110213533B (en) | Method and device for acquiring video stream monitored by video network | |
| CN109688073B (en) | Data processing method and system based on video network | |
| CN110096854B (en) | Resource permission sharing method and device and readable storage medium | |
| CN109714641B (en) | Data processing method and device based on video network | |
| CN110620936B (en) | Video network video backup method and device, electronic equipment and storage medium | |
| CN110493311B (en) | Service processing method and device | |
| CN109587436B (en) | Video networking conference management platform login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |