KR200358293Y1 - Unmanned video security and gateway system with supporting Virtual Private Network and Quality of Service support in the Broadband Convergence Network - Google Patents

Abstract

The present invention improves the network security function of the unmanned video security gateway system and provides the unmanned video security and gateway system supporting the virtual private network and service quality function in the broadband integrated network to secure various quality of service for data transmission and reception on the IP network. It is about.

To this end, the present invention, by transmitting a variety of information from one or more security sensors or surveillance cameras to the control server, or by transmitting control information from the control server to the user terminal that controls the security sensor or surveillance camera, etc. In the unmanned video security gateway system provided to perform a control function, the unmanned video security gateway system, Symmetric Key encryption (Data Encryption Standard (DES)) for data communication between the user terminal and the control server , Triple-DES and RC4 algorithms, public key cryptography and authentication (SHA-1 and MD5), and data compression (LZS and MPPC) to provide virtual private network (VPN) A processor (CO-Processor) is provided; Data communication by the co-processor for the virtual private network (VPN) and data communication by the queuing method of weighted fair queuing (WFQ) are supported.

Description

Unmanned video security and gateway system with supporting Virtual Private Network and Quality of Service support in the Broadband Convergence Network}

The present invention relates to an unmanned video surveillance and gateway system supporting a virtual private network and a service quality function in a broadband integrated network. More specifically, it is necessary to improve network security of an unmanned video surveillance gateway system and to transmit and receive data over an IP network. The present invention relates to an unmanned video surveillance and gateway system supporting a virtual private network and a service quality function in a broadband integrated network for securing various service qualities.

With the spread of the Internet and the advent of the wireless mobile communication era, digital security with cutting-edge technology is rapidly being applied to the unmanned security system, and furthermore, the unmanned security business has been changed due to the integration trend of home network and home security. Is occurring.

Such a new type of unmanned video surveillance system makes it easy to visually check visitors inside the home or office with video, and provides various home automation services and security services, which greatly enhances the convenience of life.

For example, the unmanned video surveillance system monitors visitors at the front door or joint doors and enables intergenerational video calls, so that the police station, security company, and customers can be notified in real time in case of crime or various accidents, and the relevant video footage Provided to store as.

In order to construct the unmanned video surveillance system, a gateway system, which is located between the Internet or a wide area service network and a home network constructed in a home or office, converts data transmitted between them into data suitable for each communication network and transmits the data. Entails.

However, most of the equipments applied to the unmanned video surveillance system currently use analog methods, so they can only be 'detected' but are vulnerable to actual 'content grasp', and there are device defects or simple mistakes of subscribers or mice or cats. Due to the high false alarm rate caused by false alarms, it does not provide adequate functions as a security system.

For example, the existing security system of the analog system simply installs a sensing device in the home or office, and transmits the relevant data signal to the central control center (control server) of the security company through a regular telephone line or a separate leased line. It is operated by watching and dispatching directly.

In addition, in recent years, digital unmanned video surveillance system has been introduced, but the home automation system and the security system operate independently and do not provide separate functions for network security and data transmission processing. There was a problem.

Accordingly, the present invention has been devised to solve the above problems, and supports a broadband integrated network, supports a virtual private network for network security, and provides a wide range of predefined quality of service on an IP network. The purpose is to provide an unmanned video surveillance and gateway system that supports the virtual private network and service quality functions.

The unmanned video surveillance and gateway system supporting the virtual private network and the service quality function in the broadband integrated network of the present invention for achieving the above object is to transmit various kinds of information from one or more security sensors or surveillance cameras to the control server. In the unmanned video security gateway system provided to perform a control function by transmitting or transmitting control information from the control server to the user terminal for controlling the security sensor or surveillance camera, the unmanned video security gateway system, the Symmetric Keyencryption (Data Encryption Standard (DES), Triple-DES and RC4 algorithm) and public key encryption and authentication (SHA-1 and MD5) for data communication between the user terminal and the control server. Service and data compression (LZS and MPPC) to provide temporary private network services. A lock virtual private network (VPN) co-processor; Data communication by a co-processor for the virtual private network (VPN) and data communication by a queuing method of weighted fair queuing (WFQ) are supported.

1 is a block diagram of an unmanned video surveillance and gateway system supporting a virtual private network and a service quality function in a broadband integrated network according to an embodiment of the present invention;

2 is a diagram illustrating a network to which an unmanned video guard and gateway system is applied according to the present invention;

3 is an internal block diagram of the VPN coprocessor of FIG. 1;

4 is a configuration diagram illustrating a tunneling setting process according to a layer 2 tunneling communication protocol between a user terminal and a control server using;

5 is a flowchart illustrating a tunneling setup process of FIG. 4;

6 is a schematic diagram showing a weighted pair queue process according to the present invention,

7 is a block diagram illustrating a communication path between a user terminal and a control server according to the present invention;

8A and 8B are flowcharts illustrating a data transmission process through a communication path formed between a user terminal and a control server according to the present invention.

* Description of the symbols for the main parts of the drawings *

100: embedded system module, 102: microprocessor,

104: VPN coprocessor, 110: wavelet codec,

200: network processing unit, 250: control server,

300: video signal processing unit, 340: surveillance camera,

400: user terminal, 410: network module unit,

412: notification signal transmission module, 414: video signal transmission module,

416: remote control receiving module, 420: control module,

422: control processing unit, 424: image processing unit,

426: data conversion processing unit, 428: system management unit.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Here, the unmanned video security and gateway system supporting the virtual private network and the service quality function in the broadband integrated network according to the embodiment of the present invention is described in the patent application No. 2003-74898 filed on October 25, 2003. Since the configuration is somewhat similar to that disclosed in the 'Automation and Online / Offline Integrated Security Gateway System', a detailed description thereof will be omitted and only limited to the components necessary for describing the embodiments.

1 is a block diagram of an unmanned video security and gateway system supporting a virtual private network and a service quality function in a broadband integrated network according to a preferred embodiment of the present invention.

As shown in the figure, it performs control and management of the entire system, processes the protocol stack for the network, processes the information received through the security sensor or surveillance camera by wireless and wired methods, and provides the Internet access function and network bridge function. Provided with the embedded system module unit 100, the network processing unit 200 for transmitting data to and from the control server by using a wired or wireless network device, and the image information transmitted from the monitoring camera 340 installed outside the M- Image information transmitted from the MPEG video decoder 310, the video encoder 320, and the surveillance camera 340 for compressing / decompressing the image information by Motion-Joint Picture Experts Group (JPEG) and H.264 methods. Image signal processing unit 300 is provided with a four-channel video multiplexer 330 to select, a fire sensor, infrared sensor and gas detection Sensor interface unit for interfacing the sensor detection signal from the sensor module unit 360 including a heat sensor and a heat ray sensor, a shock / vibration sensor, a temperature / humidity sensor, and a submersion sensor to the embedded system module unit 100. 370, and a fire extinguishing mechanism 372 for automatically driving a fire extinguisher located at a location where the fire is generated, according to the fire detection sensor of the sensor interface 370, and an external network device. And a serial input / output interface unit 390 for transmitting and receiving data.

The embedded system module unit 100, the microprocessor 102 is provided with a '185 MIPS ARM 9 processor' to operate the system to perform network communication, system management and data communication with the control server, and the control server 250 A VPN co-processor 104 that connects data communication with a reliable virtual private network (VPN) and uses multiple encryption protocols such as Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPsec); A flash memory 106 having a capacity of 16 megabytes (Mbyte) for storing a program related to the operation of the embedded system module unit 100, a program stored in the flash memory 106, and the wired and wireless network. 32 megabytes (Mbyte) or more for reading the packet data transmitted through the microprocessor's access drive and temporarily storing it at a predetermined address An SDRAM 108 having a capacity, a codec 110 for compressing the image information transmitted from the image signal processing unit 300 in a wavelet, JPEG2000, and H.264 scheme; Field Programmable Gate Array (FPGA) input / output unit 114 for receiving and sensing the sensor detection signal from the sensor module unit 360 through the analog multiplex 112, and the serial input / output interface unit Four asynchronous transceivers (UART) for transmitting various types of information from the V.92 modem, RS-485 (RF), RS-485 (expansion slot), and RS-232 provided at 390 116 and a font RAM 120 and an OSD RAM 122 for storing various fonts and messages so as to support output of short messages desired by a user in the image information transmitted from the image signal processing unit 300, and To improve screen quality An image function providing unit 124 providing a function of selecting a contrast correction function and a sharpness correction function, a screen magnification function, and a PIP function is configured in connection with the FPGA input / output unit 114 and the sensor module unit 360 The user terminal 400 which controls the security sensor and the surveillance camera 340 and the card reader provided in the serial input and output interface unit 390 in real time and communicates with the control server 250 is the field programmable gate It is connected to the array input / output section 114.

The VPN coprocessor 104 uses symmetric key encryption (Data Encryption Standard (DES), Triple-DES and RC4 algorithms) and public key encryption and authentication (SHA-1 and MD5) for network security. ), And data compression (LZS and MPPC).

In addition, the network processing unit 200 connected to the embedded system module unit 100 analyzes and monitors the signals detected from the sensor module unit 360 and various signals generated from the monitoring camera 340. 250 is connected.

In addition, the network processing unit 200 enables a wide area network interface 210 for using two wide area networks, the Internet connection, and supports services such as IP telephony or IP-VAN. The LAN interface 220 having four ports is provided to connect the wide area network interface 210 in a dual tone multifrequency (DTMF) method or a frequency shift keying (FSK) method through a PSTN backup line when a failure occurs. do.

Herein, the wide area network interface 210 is connected through a wide area network (WAN-I) 212 having a predetermined speed and a media independent interface (MII) bus, and has an asymmetric digital subscriber line (ADSL) and very high-data (VDSL). a wide area network (WAN-II) 214 that provides a network device for a rate digital subscriber line.

The wide area network (WAN-I) 212 and wide area network (WAN-II) 214 is a server failover function that enables continuous network connection in the event of network disconnection or network failure that may occur during network connection. Through the distribution of internal and external network traffic caused by abnormal and abnormal traffic, Load Balancing function is provided to improve the availability and stability of the system by distributing user requests most appropriately and reliably. The wide area network (WAN-II) 214 supports MII, an IEEE 802.11u standard interface, and supports various interfaces such as ADSL, VDSL, 10 / 1000M Tx, and 100M FX as described above to support a broadband network. to provide.

In addition, the LAN interface 220 is connected to the hard disk device (HDD) 222 to act as a digital video storage device (DVR) through the MAC address (MAC Address) from the surveillance camera 340 To save and output the transmitted video information.

In addition, the video decoder 310 of the image signal processing unit 300 is provided with a wireless FM transmitter 342 in the surveillance camera 340, in addition to receiving image information from the surveillance camera 340 by wire. The decoder 310 is provided with a wireless FM receiver 312 may be configured to receive the image information wirelessly. Here, the wireless FM transmitter and the wireless FM receiver are provided to the surveillance camera and the video decoder, respectively.

The fire extinguishing mechanism 372 has a structure in which the powder direction of the fire extinguisher (b) is automatically sprayed toward the hot spot of the fire occurrence point when a fire occurs according to the detection of the fire detection sensor. The fire extinguishing mechanism driving mechanism 372 receives a sensor detection signal from the fire detection sensor of the sensor module unit 360 through the sensor interface unit 370 and drives a fire extinguisher 372b having a mechanical structure installed at a predetermined place. The power relay 372a is configured in association.

On the other hand, the microprocessor 102 is connected to a public switched telephone network (PSTN) 260 for security signal processing when a failure occurs in the wide area network.

2 is a diagram illustrating a network to which an unmanned video guard and a gateway system are applied according to the present invention.

As shown, the unmanned video security gateway system 100 is a LAN interface 220 to which the wide area network interface 210 and the LAN network equipment 220a are connected through a wide area network packet network, and when a failure occurs in the wide area network. It is connected to the control server 250 in the DTMF method or the FSK method using the public telephone switching network 260 for security signal processing, IP network PBX (IP-based private exchange), van server (VAN Server) ), An application server (Application Server), a control server (Security Server) 250 is connected.

The operation of the present invention configured as described above will be described with reference to the accompanying drawings.

The unmanned video surveillance and gateway system of the present invention has a function of transmitting a sensor detection signal and image information applied from a security sensor or a surveillance camera 340 to the control server 250, and a function of a network gateway for users to access the Internet. It provides a variety of functions used as network bridges for network appliances such as IP telephony and IP-VAN, which transmit voice, data, and video together over LAN, WAN, and the Internet.

First, the image information applied from the surveillance camera 340 is transmitted to the control server 250, or the image information to the monitor 350 through the video encoder 320 by the control operation of the embedded system module unit 100. The process of displaying is explained.

When the video information is transmitted from the control server 250 or a real-time video information transmission request of the subscriber is generated, images are captured from approximately four surveillance cameras 340 installed at a desired place according to the control operation of the embedded system module 100. The received image information is applied to the four-channel video multiplexer 330 through each video decoder 310, and any image information selected from the image information by the four-channel video multiplexer 330 is embedded in the embedded system module unit ( According to the control operation of 100, it is transmitted to the control server 250 via the network processing unit 200.

At this time, the image information captured from the surveillance camera 340 is transmitted to the wireless FM receiver 312 mounted on the video decoder 310 side by the wireless FM transmitter 342, so that the image information is within a predetermined distance range. Can transmit and receive wirelessly.

As such, the transmitted image information is displayed on the display unit provided to the control server 250 so that the monitoring operation by the subscriber can be performed. In addition, the video information is stored in the hard disk device 222 via the LAN interface 220, and by accessing the hard disk device 222 by the Mac address method, the previously stored video information can be displayed on the display unit. have. That is, the hard disk device 222 performs one digital image storage device function.

Similarly, if a real-time video information transmission request of a subscriber is generated, any one of the video information is displayed on the monitor 350 through the video encoder 320 so that it can be checked.

Here, the image information transmitted through the broadband communication network is compressed and transmitted according to any one of a wavelet, a JPEG2000 MJPEG method, or an H.264 MPEG method.

When an error occurs in the wide area network (WAN-I, WAN-II) 212,214, the microprocessor 102 performs a network connection using the PSTN network in the DTMF method or the FSK method, and connects the PSTN network. Through the wide area network (WAN-I, WAN-II) (212, 214) until the error is cleared to perform the transmission operation.

Subsequently, the video signal processing unit 300 allows the user to arbitrarily set the display position and screen size for each channel when providing the video information through the video function providing unit 124, and divides several spaces. To print the screen.

In addition, a picture in picture (PIP) function may be provided to enlarge currently displayed image information or to simultaneously view image information of different channels on a single screen.

In addition, an OSD (On Screen Display) function is provided so that the user can access the desired short message and font RAM 120 from the OSD (On Screen Display) RAM 122 and output the desired size or font to display on the image information. .

On the other hand, when detecting the occurrence of a fire at a predetermined location by the fire detection sensor provided in the sensor module unit 360, the detection signal is transmitted to the embedded system module unit 100 via the sensor interface unit 370. Is sent. Then, the embedded system module 100 transmits a drive signal for driving the fire extinguisher to the fire extinguishing mechanism driving mechanism 372 located at the location where the fire is generated, and is connected with the fire extinguisher 372b according to the drive signal. Power relay 372a is turned on. Accordingly, the fire extinguisher 372b sprays the fire extinguishing powder at a fire occurrence point according to a remote control operation. In this case, since the fire extinguishing powder has a structure that is automatically sprayed in the hot spot direction, the spraying direction of the fire extinguisher 372b is in the hot spot direction. It may point to a different direction from.

3 is an internal block diagram of the VPN coprocessor of FIG.

As described above, the VPN coprocessor 104 is provided for network security using various encryption protocols.

The VPN coprocessor 104 stores a CPU interface 104a for transmitting packet data and command data from the microprocessor 102 and a register for storing binary information of a predetermined length transmitted through the CPU interface 104a. 104b, an internal packet memory unit 104c to which a memory map input / output method for storing packet data and command data transmitted through the CPU interface 104a is applied, and RNG (data message switch for routing data messages); radio network gateway 104d, a public key 104e for using a public key cryptographic system, and a packet engine unit 104f that provides compression, padding, and encryption schemes. .

The operation of such a VPN coprocessor 104 is that when packet data and instructions are transmitted from the microprocessor 102 via the CPU interface 104a, the packet data and instructions are stored in the internal packet memory section 104c.

The packet data stored in the internal packet memory unit 104c is executed by the command operation of the VPN coprocessor 104, and then stored in the internal packet memory unit 104c, and the microprocessor (through the CPU interface 104a). 102). Then, the microprocessor 102 performs a control operation according to the type of the packet data.

At this time, the VPN co-processor 104 performs network security when processing data through the network using a plurality of encryption protocols. As described above, the encryption protocol includes Symmetric Key encryption (DES: Data Encryption Standard, Triple-DES and RC4), public key encryption (Authentication (SHA-1 and MD5)), and data compression (LZS and MPPC). ) Function is provided.

Here, the protocol type, Internet standard cryptographic key exchange protocol (IKE) type, and processing capacity are shown in Tables 1 and 2 below.

TABLE 1

TABLE 2

Meanwhile, the VPN coprocessor 104 may provide network security according to a Layer 2 Tunneling Protocol (L2TP) function in addition to the encryption protocol.

FIG. 4 is a configuration diagram illustrating a tunneling setting process according to a layer 2 tunneling communication protocol between a user terminal and a control server. FIG. 5 is a flowchart illustrating the tunneling setting process of FIG. 4.

As shown in FIG. 4, the unmanned video surveillance and gateway system 100 of the present invention is connected to the Internet network through a DSLAM 130 which is a DSL multiplexing device and a NAS (Network Attached Storage) 132 which is a network connection storage. The router 134 and the switching (SW) means 136 are connected via the Internet network, and various servers (eg, a control server, a DB) according to the switching operation of the switching means (136). Server, web server, storage, console, etc.) are configured to run selectively.

In the system configured as described above, the information generated between the unmanned video guard and the gateway system 100 and the server connected to the user terminal is transmitted through tunneling provided for a virtual private network (VPN) connection.

In more detail, in order to transmit data and user information using the tunneling technique, a user authentication procedure, that is, a user ID verification process, must first be accompanied. In the user authentication, when a user inputs an ID and the input ID is transmitted to the control server 250 through the tunnel created by the L2TP network operation, the control server 250 checks whether the user ID is valid. Perform the authentication procedure.

When the user authentication procedure is completed, it is provided as a protocol between broadband communication networks, and communication can be performed by PPP (Point-to-Point Protocol) communication protocol that supports various protocols and provides strong negotiation capability. Accordingly, the tunnel setting is completed between the user terminal 400 and the control server 250.

In other words, if user authentication is not completed normally, it is impossible to form tunneling to transmit data and user information streams.

In this case, the tunnel configuration is for connecting a virtual private network (VPN) for network security, and is configured and operated by any one of a Layer 2 Tunneling Protocol (L2TP) scheme or a Generic Routing Encapsulation (GRE) scheme.

On the other hand, in performing data transmission processing through the network processing unit 200, the quality of service can be improved by a fair queuing technique such as weighted fair queuing (WFQ).

The weighted pair queuing (WFQ) identifies information in the form of traffic streams and separates and transmits packets belonging to each information, thereby automatically stabilizing network operation during congestion and increasing performance and reducing retransmission.

For example, referring to FIG. 6 illustrating a weighted pair queue process, when a packet data string A is provided between two 100-byte packet data and one 200-byte packet data is transmitted, the packet data string is transmitted. (A) is sent to the classifier 382 in the series of transmission buffers 380, the classifier 382 is the source source (Destination) address and destination (Destination) address, the protocol (Protocol), the session identifier of the socket and port ( And classify each packet by session identifier and store the packet data in the queue memory 384. When the separation is completed for the same packet information by the classification operation, the transmission scheduler 386 performs a dequeuing operation through a weighted pair queue processing (WFQ) in each of the queue memories 384 stored in the classification process. A packet data string A 'consisting of two 100-byte packet data is transmitted for every 200-byte packet data.

Through such a weighted pair queue process, it is possible to secure a quality of service by suppressing traffic delay or packet data loss rate generated on the network.

Meanwhile, the physical functions supported by the unmanned video guard and gateway system according to the present invention are as follows.

First, the initial setting function is an initial setting step for network connection of the unmanned video security gateway system of the present invention with a control server, which is connected to the serial input / output interface unit 390 or the network processing unit 200 of the unmanned video security gateway system. An initial function of the sensor, the surveillance camera 340, and the control information is set through a terminal connected to a network connection, for example, a personal PC or a notebook PC having a web browser and a setting program installed therein. In some cases, the system initial state can be set using a console device connected to the RS-232C serial I / O interface.

Secondly, the network connection function for network information configuration is to set up dynamic host configuration protocol (DHCP), IP setting, subnet MAC setting and gateway IP for wide area network so that unmanned video surveillance and gateway system can transmit data through network. The configuration is performed, and information setting for four LAN interfaces is supported.

Thirdly, a bypass connection function is provided by a public switched telephone network (PSTN) backup line for security signal processing in the event of a failure of the wide area network. The detour connection function attempts to connect three times at 5 second intervals once the connection with the control server 250 occurs because a failure occurs in the wide area network packet network during data transmission through the wide area network packet network. If the connection attempt is not made despite the connection attempt, the telephone number of the control server of the pre-registered public telephone exchange network 260 is bypassed to the public telephone exchange network, which is an auxiliary communication path, and attempts to connect to the control server 250.

At this time, when the connection with the control server 250 is successfully completed, the control is performed through the public telephone exchange network 260. If the connection is not made even with the continuous connection attempt with the public telephone exchange network 160, It considers the communication failure and backs up the detection information that failed to be transmitted. The backed up information is then transmitted to the control server 250 by re-request of the control server 250 when the network path is normally restored.

Fourth, the sensor connection function is performed by supporting a high active and a low active method to detect sensor detection information transmitted from a security sensor connected to the sensor interface unit 370.

Fifth, the boundary setting and release function refers to setting or releasing the unattended video surveillance and gateway system to the boundary state, using the password or the RF card to set / release the boundary state.

When the alert state is set using the password or the RF card, the information detected through the security sensor connected to the sensor interface unit 370 is recognized as an emergency situation to perform control and emergency zone for any sensor. When the state is set, even when the boundary state is released, when the sensing information is generated from the set sensor, it is regarded as an emergency situation.

In addition, during the initial registration process, the departure delay time or the entrance delay time may be set to allow the subscriber to set a boundary and move out smoothly for a certain area or to normally enter the room to release the boundary.

Sixth, the partial boundary setting and release function means setting only the security sensor installed in the area to perform the control function for a certain area among all areas, and performing the control function by the information detected from the security sensor.

Seventhly, the emergency function is to process the emergency situation by the detection information detected from the sensor corresponding to the emergency area regardless of the presence or absence of the alert state.

Eighth, the image information processing and transmission function, if the emergency situation occurs after the boundary setting of the unmanned video guard and gateway system to the control server 250, the image information captured from the surveillance camera 340 installed in the relevant area. To transmit.

Ninth, the remote control function of the image information is a function of transmitting and displaying the image information being captured from the surveillance camera 340 at the request of the control server 250 or the subscriber.

Tenth, the remote control function is performed by supporting the power relay port to remotely control the external equipment of the subscriber environment, such as opening and closing the door, emergency light or gas valve control.

Eleventh, it is a subscriber authentication function that manages password or RF card information so that only authorized subscribers can control unattended video security and gateway system.

Lastly, RS-232 type console connection port is provided to connect console devices such as laptop or personal computer equipped with console control program to monitor unattended video surveillance and gateway system operation status and to check internal status for system check. Supported console control function.

7 is a block diagram illustrating a communication path between a user terminal and a control server according to the present invention.

As shown, the user terminal 400 is a notification signal transmission module 412 and the image signal transmission module 414 and the remote control receiving module 416 used as a communication path to perform communication with the control server 250. The network module unit 410 and the user terminal 400 to process the control information obtained by itself or transmit to the control server 250 and the user terminal to process the response to the request of the control server 250 A data conversion processing unit for converting the protocol data structure transmitted and received by the control processing unit 422 for controlling the 400, the image processing unit 424 for transmitting real-time image information, and the network module unit 410 into an internal data format ( 426 and the control module module 420 is composed of a system management unit 428 for the overall processing of the functional module.

A control signal communication path, a video information communication path, a remote control communication path, and the like are formed between the user terminal 400 and the control server 250 configured as described above to process the corresponding data transmission process.

First, the operation through the control signal communication path will be described.

The user terminal 400 controls a security sensor, a surveillance camera, a card reader, and an input / output medium in real time, and the predetermined data such as a detection signal or an authentication signal from the security sensor, the surveillance camera, a card reader, and other input / output media are control signals. It is transmitted to the control server 250 through the communication path.

In addition, a signal for controlling the alert state or release state of the user terminal 400 and event information generated in the subscriber environment are also transmitted to the control server 250 through the control signal communication path.

At this time, various data transmitted to the control server 250 is converted into a data structure according to a predetermined communication protocol rule defined in the data conversion processing unit 426 and transmitted.

In the data transmission process, as shown in FIG. 8A, first, the user terminal requests a communication mode setting for connection with the control server 250 through the control signal communication path as the TCP client mode, and the control server 250. When the control signal communication path is established with), the message to be transmitted is transmitted to the control server 250. When the message transmission is completed, that is, when there are no more messages to transmit, the connection is released.

Secondly, a description will be given of the video information communication path, which is a communication path for converting a video signal of the surveillance camera 340 connected to the user terminal 400 and transmitting the compressed image data using the MJPEG method.

The video information is transmitted to the video receiving server 270. As shown in FIG. 8A, the user terminal 400 sets a communication mode for connection to the video receiving server 270 as a TCP client mode. When the video information communication path with the video receiving server 270 is established, the video information is transmitted to the video receiving server 270. If there is no more video information to be transmitted, the currently connected video information communication path is immediately released.

In addition, the process of controlling the remote control communication path, which is a communication path through which setting data transmitted from the control server 250 is transmitted in order to control the user terminal 400, is illustrated in FIG. 8B. Is operated in the TCP listen mode and the control server 250 is operated in the TCP client mode, the remote control communication path according to the connection setting request for the remote control communication path of the control server 250. If is set, the control server 250 transmits the setting information to the remote control receiving module unit 416 of the user terminal 400. When the setting information transmission is completed, the currently set remote control communication path is released.

Here, the remote control communication path is a one-way communication in which the control server 250 transmits the setting data to the user terminal 400 is applied, and may use a fixed TCP port to control one or more user terminals 400. do.

Meanwhile, a communication path for supporting time management and remote upgrade of the user terminal 400 in addition to the above-described control signal communication path, video information communication path, and remote control communication path between the user terminal 400 and the control server 250. Is applied independently.

As described above, according to the unmanned video surveillance and gateway system supporting the virtual private network and the service quality function in the broadband integrated network of the present invention, transmitting various types of information from a security sensor or a surveillance camera to a control server, Alternatively, when the control server transmits control information to the user terminal controlling the security sensor or surveillance camera, the security capability is further improved by encrypting various packet data and command data through tunneling technology by the VPN coprocessor. By using fair queuing techniques such as weighted fair queuing (WFQ), it is possible to improve the quality of service by reducing traffic delay or packet data loss rate.

On the other hand, the present invention is not limited to the above-described specific preferred embodiment, any person having ordinary knowledge in the field to which the present invention belongs without departing from the gist of the present invention claimed in the claims can be variously modified. will be.

Claims (10)

According to the control function of the embedded system module unit, various types of information from one or more security sensors or surveillance cameras are transmitted to the control server, or control information is transmitted to the user terminal controlling the security sensor or surveillance camera from the control server. In the unmanned video security gateway system provided to transmit and perform a control function, The unmanned video security gateway system, Symmetric Key encryption (Data Encryption Standard (DES), Triple-DES and RC4 algorithm) and public key encryption and authentication (SHA-1 and MD5) for data communication between the user terminal and the control server. Virtual private network (VPN) co-processor (CO-Processor) is provided to provide hypothetical private network services using LZS and MPPC functions; Virtual communication in a broadband converged network, characterized in that data communication by a co-processor (VPN) and data communication by a queuing method of weighted pair queuing (WFQ) are supported. Unmanned video surveillance and gateway system with private network and quality of service support. The method of claim 1, The virtual private network coprocessor, A CPU interface for transmitting packet data and command data from the microprocessor; A register to store binary information of a predetermined length transmitted through the CPU interface; An internal packet memory to which a memory map input / output method for storing packet data and command data transmitted through the CPU interface is applied; A radio network gateway (RNG), which is a data message switch for determining a message route of data stored in the internal packet memory; A public key for using the public key encryption system provided in the data transmission, and a packet engine unit for providing compression, padding, and encryption techniques; Packet data and command data between the user terminal and the control server through the tunnel established according to the Layer 2 Tunneling Communication Protocol (L2TP), unmanned video security that supports the virtual private network and service quality functions in a broadband integrated network And gateway systems. The method of claim 1, In order to transmit data with the control server, a network processing unit having wide area network (WAN-I, WAN-II) is connected to the embedded system module unit, The wide area network (WAN-Ⅰ, WAN-Ⅱ) is connected to the dual tone multifrequency (DTMF) or frequency shift keying (FSK) method using the PSTN network when a network disconnection or abnormality occurs when the network connection, Virtual private network and quality of service functions are supported in the broadband converged network, which provides a load balancing function that improves the availability and stability of the system by distributing user requests through the network through network traffic distribution. Unmanned video surveillance and gateway system. The method of claim 3, wherein The video information transmitted through the wide area network is compressed and transmitted by any one of a wavelet method, a JPEG2000 MJPEG method, and an H.264 MPEG method. Unmanned video surveillance and gateway system with virtual private network and quality of service support. The method of claim 3, wherein The embedded system module unit is connected to a LAN interface having a plurality of ports, the LAN interface is characterized in that the hard disk device (HDD) is connected to perform the function of the digital image storage device through the MAC address (MAC Address) Unmanned video surveillance and gateway system supporting virtual private network and service quality function in broadband integrated network. The method of claim 3, wherein The embedded system module unit, The fire extinguishing mechanism is connected to receive the detection signal of the fire detection sensor when a fire occurs at a predetermined location, and the fire extinguishing powder is automatically sprayed from the fire extinguisher installed at the fire site toward the heat source at the fire occurrence point by the detection signal. Unmanned video security and gateway system that supports virtual private network and service quality functions in a broadband integrated network. The method of claim 2, Tunnel formation for the virtual private network (VPN) connection for the network security, When the user ID of the user terminal is transmitted to the control server through a tunnel created by the Layer 2 Tunneling Protocol (L2TP) or Generic Routing Encapsulation (GRE) network operation, the control server checks whether the user ID is valid. Virtual private network and quality of service in a broadband integrated network, characterized in that it is set by the PPP (Point-to-Point Protocol) communication protocol that performs the authentication process, and provides negotiation capability (Negotiation) when the user authentication procedure is completed Unmanned video surveillance and gateway system with features. The method of claim 1, The weighted fair queuing (WFQ) is, A classifier which classifies packet data to be transmitted by source address, destination address, protocol, session identifier of socket and port, respectively; A queue memory for storing packet data classified by the classifier; Supported by the virtual private network and the service quality function in the broadband integrated network, characterized in that the transmission scheduler for performing a dequeuing (Dequeue) operation for the same packet information by the weighted pair queue processing (WFQ) from the queue memory and transmits the same. Unmanned video surveillance and gateway system. The method of claim 1, The user terminal and the control server mutually converts the information provided through the security sensor connected to the user terminal into a predetermined data structure and transmits the control signal communication path and the image information obtained from the surveillance camera to the control server image A remote control communication path for transmitting an information communication path and setting data for controlling the user terminal to the user terminal, and a communication path for time management and remote upgrade of the user terminal; The user terminal itself processes or controls the network module unit comprising a notification signal transmission module, an image signal transmission module and a remote control reception module for establishing a communication path with the control server, and the control information obtained by the user terminal. Control processing unit for user terminal user terminal, image processing unit for real-time video information transmission, and protocol data structure transmitted / received from the network module unit to transmit to the server and process the response to the request of the control server into internal data format Unattended video security and gateway system that supports a virtual private network and a service quality function in a broadband integrated network, characterized in that it comprises a control module comprising a data conversion processing unit and a system management unit for processing the function module as a whole. The method of claim 9, The control signal communication path and the image information communication path are unidirectional communication in which data is transmitted from the user terminal to the control server. The remote control communication path is a one-way communication in which data is transmitted from the control server to the user terminal is applied, The unmanned video security and gateway system supporting the virtual private network and the service quality function in the broadband integrated network, characterized in that the currently set communication path is released when the data transmission from the user terminal to the control server is completed.