CN101753963A - Authority control method and system of video monitoring system - Google Patents

Authority control method and system of video monitoring system Download PDF

Info

Publication number
CN101753963A
CN101753963A CN200810227557A CN200810227557A CN101753963A CN 101753963 A CN101753963 A CN 101753963A CN 200810227557 A CN200810227557 A CN 200810227557A CN 200810227557 A CN200810227557 A CN 200810227557A CN 101753963 A CN101753963 A CN 101753963A
Authority
CN
China
Prior art keywords
authority
user
equipment
key
video monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200810227557A
Other languages
Chinese (zh)
Other versions
CN101753963B (en
Inventor
高春东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mid Star Technology Ltd By Share Ltd
Vimicro Corp
Original Assignee
Vimicro Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vimicro Corp filed Critical Vimicro Corp
Priority to CN200810227557A priority Critical patent/CN101753963B/en
Publication of CN101753963A publication Critical patent/CN101753963A/en
Application granted granted Critical
Publication of CN101753963B publication Critical patent/CN101753963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses an authority control method and system of a video monitoring system. A plurality of roles and authorities rated to each role are arranged; and thus, if the authority related to some role conforms with an user, after the role is distributed to the user, the authority related to the gained role can be directly given to the user, and each authority conforming with the user does not need to be related to the users one by one, and then, to be given to the users one by one, so the efficiency of authority arrangement and authority giving in authority control is improved. However, for more users distributed with the same role, if all the authorities conforming with the users need to be corrected, only the authorities related to the roles need to be corrected, while the authority related to each user do not need to be corrected one by one, and thus, the efficiency of authority maintenance in the authority control is simplified.

Description

The authority control method of video monitoring system and system
Technical field
The present invention relates to control technology, particularly the authority control system of a kind of authority control method of video monitoring system and a kind of video monitoring system.
Background technology
The video monitoring system of existing IP based network, mainly comprise video monitoring video camera, digital video frequency server (Digital Video Server, DVS), digital video recorder (Digital VideoRecorder, headend equipment such as DVR) also comprises the IP transmission network that is used to realize video transmission, is used to the client that realizes the network video monitoring platform of equipment unified management and central store and be used for video data is presented at personal computer (PC) or TV.
Yet the headend equipment in the video monitoring system of above-mentioned existing IP based network and the all-IPization that is unrealized, especially this system is the equipment that DVS, DVR etc. do not connect by IP network, thereby has following problem:
1, equipment such as DVS, DVR then needs to link to each other with analog video camera by analog cable, difficult wiring and cost of equipment maintenance height;
2, video definition standard line-by-line inversion (the Phase Alternating Line of analog video camera, PAL) or national television system committee (National Television System Committee, NTSC) be the standard of the seventies in last century six, the high definition of its regulation only is (720 * 576), has hindered the development of video monitoring to HD video;
3, equipment such as DVS, DVR need be connected in the video system based on the port of self, and the port of equipment such as DVR, DVS is numerous, makes that the configuration of equipment is comparatively complicated, and very difficult discovery automatically and the automatic configuration feature realized;
4, equipment such as DVS, DVR uses hardware integrated circuit board standard, and the function difference of each manufacturer's customization is big, need formulate different access waies at the equipment of different vendor;
5, equipment such as DVS, DVR does not have the smart machine access interface, has hindered the development of video monitoring to intelligent video.
By the problems referred to above as seen, the video monitoring system and the all-IPization that is unrealized of existing IP based network, and then the difficulty that makes networking connect up versatility big, system configuration is relatively poor and realization is comparatively complicated, also hindered video monitoring to HD video and intelligentized development simultaneously.And, the video monitoring system and the all-IPization that is unrealized of existing IP based network, also make unintelligible, the disunity of system architecture, and the communication protocol confusion in the system, lack of standardization, the multistage multiple domain that can't realize a plurality of video monitoring systems especially interconnects, thereby can't unitize management and infinite cascade expansion.
In addition, the video monitoring system of existing IP based network also fails to realize control of authority efficiently.
Summary of the invention
In view of this, the invention provides a kind of authority control method of video monitoring system and a kind of authority control system of video monitoring system, can realize the video monitoring of all-IPization and improve the efficient of control of authority.
The authority control method of a kind of video monitoring system provided by the invention, described video monitoring system comprises: the first key-course equipment, the second key-course equipment that links to each other by IP network with the described first key-course equipment, first access layer equipment and first bearing layer equipment that link to each other by described IP network with the described first key-course equipment, the headend equipment that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively, and the client unit CE that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively;
This method is provided with the authority of the associated corresponding respective resources of a plurality of roles and each role in the described second key-course equipment, and be respectively described video monitoring system and use each user of described CE to distribute at least one role, and when arbitrary user logined to described video monitoring system by described CE, this method comprised:
A, the described first key-course equipment are retrieved as the authority of the associated corresponding respective resources of the role that the user distributed of login and this role from the described second key-course equipment;
B, the described first key-course equipment are given the authority of obtaining this user of login.
This method is further comprising before the described step a: the authority that the associated corresponding respective resources of each user is set respectively in the described second key-course equipment;
Described step a further comprises: the described first key-course equipment obtains the authority of the associated corresponding respective resources of the user of login from the described second key-course equipment;
Described step b further comprises: in the authority of the corresponding respective resources that the user of the login that the described first key-course equipment will obtain is associated, give the user of this login with the authority that the associated authority of the role who obtains is underlapped.
This method further was divided into different resource groups respectively with the part or all of resource in all resources of described video monitoring system before described step a,
And comprise at least one resource group in the described respective resources, then the authority of described corresponding respective resources comprises: respectively with described respective resources in arbitrary resource group at least one authority one to one.
Comprise in the described respective resources not being divided at least one resource of resource group, then the authority of described corresponding respective resources further comprises: respectively with described respective resources in arbitrary resource at least one authority one to one.
This method further comprised before described step a: the described first key-course equipment judges whether the user of login is leading subscriber, if, then all authorities of described all resources of video monitoring system of correspondence are given this user and the process ends of login, otherwise carry out described step a.
The authority control system of a kind of video monitoring system provided by the invention, this system comprises: the first key-course equipment, the second key-course equipment that links to each other by IP network with the described first key-course equipment, first access layer equipment that links to each other by described IP network with the described first key-course equipment and first bearing layer equipment, the headend equipment that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively and the client unit CE that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively;
Described first access layer equipment is based on the control of the described first key-course equipment, with described CE with described headend equipment accesses in the described system and the user in the described video monitoring system utilizes described CE to land;
Described first bearing layer equipment is realized the media flow transmission between described headend equipment and the described CE based on the control of the described first key-course equipment;
The described second key-course equipment is used to write down the authority that sets in advance the associated corresponding respective resources of a plurality of roles, each role, and is at least one role that each user of described video monitoring system distributes in advance;
And the first key-course equipment also is used to be retrieved as the authority of the associated corresponding respective resources of the role that the user distributed of login and this role, and gives this user with the authority of obtaining.
The described second key-course equipment is further used for storing the authority of the associated corresponding respective resources of each user;
The described first key-course equipment is further used for obtaining the authority of the associated corresponding respective resources of the user of login, and in the authority of the associated corresponding respective resources of the user of the login that will obtain, give the user of this login with the authority that the associated authority of the role who obtains is underlapped.
The described second key-course equipment is further used for storing by the part or all of resource in all resources of described video monitoring system divides the different resource group that forms respectively;
And comprise at least one resource group in the described respective resources, then the authority of described corresponding respective resources comprises: respectively with described respective resources in arbitrary resource group at least one authority one to one.
Comprise in the described respective resources not being divided at least one resource of resource group, then the authority of described corresponding respective resources further comprises: respectively with described respective resources in arbitrary resource at least one authority one to one.
When the user that the described first key-course equipment is further used in login is leading subscriber, then all authorities of described all resources of video monitoring system of correspondence are given this user of login.
As seen from the above technical solution, the present invention has realized the video monitoring of all-IPization, and be provided with a plurality of roles and the associated authority of each role, thereby, if the associated authority of certain role conforms to the user, after then giving this user with this role assignments, directly the authority that the role who obtains is associated is given this user, and need not each authority that will conform to this user one by one with this user related after, give this user one by one again, thereby improved the efficient that authority setting and authority are given in the control of authority; And, for a plurality of users that are assigned same role,, then only need to revise the associated authority of this role and get final product if all need to revise the authority that it conforms to, and need not to revise one by one the associated authority of each user, thereby simplified the efficient that authority is safeguarded in the control of authority.
Further, among the present invention in conjunction with the scheme of user and authority direct correlation, thereby make that the flexibility of control of authority is higher.
Description of drawings
Fig. 1 is the video monitoring system logical layer structure schematic diagram of IP based network among the present invention;
Fig. 2 is the system architecture schematic diagram of the video monitoring system of IP based network among the present invention;
Fig. 3 is the system interface schematic diagram of the video monitoring system of IP based network among the present invention;
Fig. 4 is the single domain networking structure schematic diagram of the video monitoring system of IP based network among the present invention;
Fig. 5 is a kind of schematic flow sheet of exchange method in the video monitoring system of IP based network among the present invention;
Fig. 6 is the another kind of schematic flow sheet of exchange method in the video monitoring system of IP based network among the present invention;
Fig. 7 is the functional module of video monitoring system carrying among the present invention and the schematic diagram of various operational motions;
Fig. 8 is the exemplary process diagram of authority control method in the embodiment of the invention one;
Fig. 9 is the exemplary block diagram of authority control system in the embodiment of the invention one;
Figure 10 is the model schematic diagram of control of authority in the embodiment of the invention two.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
At first, the video monitoring system that can realize all-IPization among the present invention is carried out general description.
Fig. 1 is the video monitoring system logical layer structure schematic diagram of IP based network among the present invention.As shown in Figure 1, in the video monitoring system of IP based network, can comprise 4 logical layers in an embodiment: Access Layer 101, bearing bed 102, key-course 103 and operation layer 104.
1) Access Layer 101 is supported IP agreement, transmission control protocol (Transmission ControlProtocol, TCP), User Datagram Protoco (UDP) (User Datagram Protocol, UDP) and session initiation protocol (Session Initiation Protocol, SIP) etc. transmission control protocol is used for the access of the various end points of video monitoring.Wherein, end points can comprise subscriber endpoints, Media Stream end points at least, can also comprise the alarm end points alternatively.
2) bearing bed 102, are used for carrying the Media Stream of video monitoring, comprise the forwarding distribution of Media Stream, the bottom transmission of Media Stream; Alternatively, bearing bed 102 can also be further used for the storage of Media Stream.
For the forwarding distribution of the Media Stream of bearing bed 102, can transmit distribution function by the medium that logically mark off in the bearing bed 102 and realize.Functions such as medium transmit that distribution function can be used for the duplicating of Media Stream, transmits, distributes, broadcasting, multicast and route.
Bottom transmission for the Media Stream of bearing bed 102 can be realized by the bottom transport function that logically marks off in the bearing bed 102.The bottom transport function can be used for controlling the transmission of signaling and notice signaling.Wherein, control signaling and notice signaling all can be the signaling of Session Initiation Protocol, and can use socket (Socket) connection and content among the TCP to carry extend markup language (eXtensibleMarkup Language, XML) message semantic definition of form.Wherein, notice signaling is for optionally signaling is nonessential.
Certainly, the bottom transport function also is used to realize the transmission of Media Stream.Specifically, transmission at Media Stream, the media stream formats that each logical layer equipment in can the employing system is supported, and H.264 selection is used, (the Moving Pictures Experts Group of dynamic image expert group, MPEG-4), (Audio and Video Coding Standard, AVS) etc. agreement encapsulates Media Stream digital audio/video encoding and decoding technique standard.
Storage for the Media Stream of bearing bed 102 can be realized by the media store functional module that logically marks off in the bearing bed 102.The media store functional module can be used for reception, the storage of Media Stream; This media store functional module can insert storage area network network (Storage Area Network, IP-SAN), network attached storage (Network Attached Storage, NAS), direct-connected mode is stored (DirectAttached Storage, DAS) memory device such as IP such as grade; And, the media store functional module can also be further used for storage plan management, storage medium management and playing back videos service etc., for example, formulate storage plan according to the characteristic of time, each logical layer equipment, alarm type etc., carry out for the media store functional module by the user.
3) key-course 103, be used for the session control of video monitoring system and audio frequency and video distribution management (Audioand Video Distribute Management, AVDM); Alternatively, key-course 103 can also be further used at least the audio frequency and video storage administration (Audio and Video Storage Management, AVSM), end points management, rights management etc.
For the session control of key-course 103, can realize by the session control function module that logically marks off in the key-course 103.Session control function module can be used for the control of interior all business of video monitoring system of IP based network among the present invention.And, operation layer 104 among the present invention can carry out professional foundation, uses and cancel operation by Session Initiation Protocol, thereby the session control function module in the key-course 103 is inner can set up professional controll block, time controll block and the resources control block etc. that be used for controlling this business at this business, and safeguards professional controll block, time controll block and the resources control block of being set up etc.
For the AVDM and the AVSM of key-course 103, can realize by AVDM functional module that logically marks off in the key-course 103 and AVSM functional module respectively.The AVDM functional module is used to carry out media flow transmission control, the control of controlling signaling and notice signaling and load balancing policy control, the needed sound mixing function of voice video conference; The AVSM functional module is used for the control to the media store functional module of bearing bed 102.
End points management for key-course 103 can be realized by the end points management function module that logically marks off in the key-course 103.End points management function module can be used in the video monitoring system to IP based network among the present invention, the equipment of each end points such as the subscriber endpoints of all accesses, Media Stream end points and alarm end points manages, by to the facility information of the said equipment and the abstract storage that is recorded in the user profile of system, by static configuration to the database in the system, carry out the configuration and the attribute management of each logical layer equipment by network management unit, make the video monitoring system of IP based network among the present invention have the ability of overall unified management and each logical layer equipment of planning.Wherein, the said equipment information can comprise information such as device identification, device attribute, and above-mentioned user profile then can comprise information such as user ID, user property; Database in the aforesaid system can be shared by each logical layer usually and use, thereby does not describe in conjunction with a certain logical layer separately in this article.
For the rights management of key-course 103, can realize by the rights management functional module that logically marks off in the key-course 103.The rights management functional module can be used for determining the rights of using of user to the various resources in the video monitoring system of IP based network among the embodiment.
4) operation layer 104, are used for realizing basic business in the video monitoring system of IP based network of the present invention at least, as the professional intellectual analysis of formulating reference etc.
For the basic business in the operation layer 104, can realize by the basic business functional module that logically marks off in the operation layer 104.The basic business functional module can be used for providing the basic service of the video monitoring system of IP based network among the present invention, for example monitoring in real time, on-demand playback, cradle head control, storage plan, access control, batch configuration etc.The user can use basic service by the CE client in the Access Layer.
For the intellectual analysis in the operation layer 104, can realize by the intellectual analysis functional module that logically marks off in the operation layer 104.The intellectual analysis functional module can be used for providing the IN service of the video monitoring system of IP based network among the present invention, by combining of intellectual technology and upper layer application, satisfies the demand of user to system.For example: object tracking (Motion Tracking), recognition of face (FacialDetection), vehicle identification (Vehicle Identification), illegal be detained (Object Persistence), pyrotechnics detects (Fire Detection), people flow rate statistical (People Counting), people's group control (FlowControl), human body behavioural analysis (Action Analyze), magnitude of traffic flow control (Traffic Flow), advanced video mobile detection (Advanced VMD), article lost or displacement detecting (MovingDetection) etc.
Need to prove that each functional module in the operation layer 104 mainly is in order to make among the present invention the video monitoring system of IP based network video monitoring function can be provided in the mode of business, and can further provide other business functions.Certainly, directly under the control of key-course 103, obtain and distribution media stream if break away from professional by Access Layer 101 by bearing bed 102, then also can realize video monitoring, thereby operation layer 104 is optional and nonessential for the video monitoring system of IP based network among the present invention.
The various functional modules of mentioning in the above-mentioned logical layer structure all can be realized by computer program by those skilled in the art, give unnecessary details no longer one by one at this.
Below, based on above-mentioned logical layer structure, the system architecture of the video monitoring system of IP based network among the present invention is elaborated.
Fig. 2 is the system architecture schematic diagram of the video monitoring system of IP based network among the present invention.As shown in Figure 2, in the present invention, the system architecture of the video monitoring system of IP based network comprises the access layer equipment of corresponding Access Layer 101, the bearing layer equipment of corresponding bearing bed 102, the key-course equipment of corresponding key-course 103.
1) access layer equipment of corresponding Access Layer 101 comprises: the client unit of respective user end points (Client Element, CE) 201, the headend equipment 202 of corresponding Media Stream end points or alarm end points and be used for CCF that CE 201, headend equipment 202 insert (Call Control Function, CCF) server 203.
Preferably, CCF server 203 can provide SIP gateway and safe access gateway.
Preferably, CE 201 can specifically be divided into client/server (Client/Serve, C/S) architecture mode and browser/server (Browser/Server, B/S) architecture mode is two kinds, and CE 201 can support real-time video, on-demand playback, Real-time Alarm, the alarm interlock, the round cut plan, group is cut plan, the group cuts plan, user's login, rights management, equipment control, batch configuration, track cruises, cradle head control, transparent channel, storage administration, storage plan, voice broadcast service, speech talkback, video recording is downloaded, management of video, the group Role Management, equipment incorporates into, (Geographic Information System GIS) waits the network video monitor and control system business to GIS-Geographic Information System.
Preferably, headend equipment 202 can be that for example medium stream information such as IP Camera, IP The Cloud Terrace equipment provides equipment, is used for the collection and the output of video information, audio-frequency information, data message, intellectual analysis information and warning information; Alternatively, headend equipment 202 can link to each other with smart machine 202 ' by for example electric connection mode such as analog line, embedding, perhaps also can link to each other with smart machine 202 ' by IP network, this smart machine 202 ' also links to each other by IP network with CCF server 203 simultaneously, so that access in the video monitoring system by CCF server 203; Certainly, for the system that comprises optional alarm end points, headend equipment 202 can also be safety-security area equipment such as gate inhibition's equipment, infrared equipment, smoke sensing equipment, intelligent alarm analytical equipment for example.
And, above-mentioned CE 201 and headend equipment 202 are supported the Session Initiation Protocol expansion, support RTP (Real-time Transport Protocol, RTP), RTCP Real-time Transport Control Protocol (Real-timeTransport Control Protocol, RTCP) and in real time fluidisation agreement (Real-time StreamingProtocol, media flow transmission control protocol such as RTSP).
2) bearing layer equipment of corresponding bearing bed 102 comprises: audio frequency and video distribution function (Audio and VideoDistribute Function, AVDF) (Audio andVideo Storage Function, AVSF) server 205 for server 204 and optional audio frequency and video memory function.Medium in the foregoing bearing bed 102 are transmitted distribution function and are carried in the AVDF server 204; Media store functional module in the foregoing bearing bed 102 is carried in the AVSF server 205.
3) the key-course equipment of corresponding key-course 103 comprises: (Service ManagerFunction, SMF) (User Authentication Function, UAF) server 207 for server 206 and subscription authentication function for service management function.Session control function module in the foregoing key-course 103 and AVDM functional module are carried in the SMF server 206; End points management function module, rights management functional module in the key-course 103 can be carried jointly by SMF server 206 and UAF server 207 as previously mentioned.
Still referring to Fig. 2, in the present embodiment in the video monitoring system of IP based network:
CE 201, headend equipment 202 link to each other by IP network with CCF server 203 respectively, access to by CCF server 203 in the video monitoring system of IP based network in the present embodiment;
CCF server 203 and SMF server 206 link to each other by IP network, based on the session control of SMF server 206, realize the access of CE 201, headend equipment 202;
CE 201, headend equipment 202 link to each other by IP network with AVDF server 204 respectively, by AVDF server 204 media streams;
AVDF server 204 and SMF server 206 link to each other by IP network, based on the session control of SMF server 206, realize the media flow transmission relevant treatment between headend equipment 202 and the CE 201.Specifically, AVDF server 204 be used for from the Media Stream between headend equipment and the CE receive, duplicate, transmit, distribution, route, multicast and broadcasting etc. transmit the distribution relevant treatment, realize the video monitoring of the video monitoring session of CE 201 and headend equipment 202, promptly realize video monitoring these headend equipment 202 place scenes; AVDF server 204 is further used for controlling bottoms such as the transmission transmission relevant treatment of signaling and notice signaling.
AVSF server 205 and AVDF server 204 are connected by IP network, also with AVDF server 204 between the media flow transmission interface set up as shown in Figure 9 be connected 414, it is the connection shown in the corresponding diagram 8 based on RTP or RTCP or RTSP protocol of I ds interface 310, thereby, realize the storage relevant treatment of the Media Stream that transmits via AVDF server 204 between headend equipment 202 and the CE 201 by IP network based on the session control of SMF server 206; The mode of setting up of this media flow transmission interface connection 414 can realize according to existing any logic interfacing establishment of connection flow process, does not repeat them here.
Specifically, AVSF server 205 is used to receive, store the Media Stream from AVDF server 204, and is further used for carrying out processing such as storage plan management, storage medium management and playing back videos service.As previously mentioned, AVSF server 205 is optional bearing layer equipment, if thereby not comprise AVSF server 205 only be can't media streams and can't realize not influencing the realization of video monitoring based on the further function of storage.
UAF server 207 links to each other with SMF server 206 by IP network, is used for the user who logins by the CE 201 that accesses to system is carried out authorization check.
For the user who newly lands to system, this user utilizes the CE 201 application logins by CCF server 203 connecting systems, CCF server 203 is forwarded to log messages the SMF server 206 of ownership by IP network, SMF server 206 is forwarded to UAF server 207 places with message by IP network, whether the authority set of obtaining this user according to login user ID, check code in database by UAF server 207, returning login user by IP network to SMF server 206 then is authorization (Licence) user's result.
SMF server 206 is used to realize above-mentioned session control.In the practical application, a SMF server 206 can connect a plurality of CCF servers 203 and carry out load balancing control; A plurality of CCF servers 203 can provide the access of any equipment that can connecting system of the CE 201, headend equipment 202 of broad range or other, and CCF server 203 can be further used as network address translation (Network Address Translation, NAT) gateway that gateway supports that wide area network is interior.
" linking to each other " mentioned herein by IP network, can adopt the existing concrete mode that connects by IP network arbitrarily, for example, each logical layer equipment can be connected same switching equipment in the IP network or be connected to different switching equipment in the IP network, and alternate manner is given unnecessary details no longer one by one at this.
In addition, for optionally the basic business functional module in the operation layer 104, intellectual analysis functional module etc. as previously mentioned, then can carry jointly by all access layer equipments that in the system of present embodiment, comprise, all bearing layer equipments, all key-course equipment.
Fig. 3 is the system interface schematic diagram of the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 3, in the present embodiment as shown in Figure 2 in the video monitoring system framework of IP based network:
Adopt Icc interface (Interface of CE and CCF) 301 between CE 201 and the CCF server 203, interface communication uses Session Initiation Protocol;
Adopt Icn interface (Interface of CCF andNE) 302a between headend equipment 202 and the CCF server 203, interface communication uses Session Initiation Protocol; Need to prove that " NE " in the related English full name of each english abbreviation only represents headend equipment 202 in this article herein;
The smart machine 202 ' that is electrically connected with headend equipment 202 adopts Ici interface (Interface of CCF and Intelligent Device) 302b then and between the CCF server 203, and interface communication uses Session Initiation Protocol;
Adopt Isc interface (Interface of SMFand CCF) 303 between CCF server 203 and the SMF server 206, interface communication uses Session Initiation Protocol;
Adopt Isd interface (Interface of SMFand AVDF) 304 between AVDF server 204 and the SMF server 206, interface communication uses the Socket agreement;
Adopt Iss interface (Interface of SMFand AVSF) 305 between AVSF server 205 and the SMF server 206, interface communication uses the Socket agreement;
Adopt Isu interface (Interface of SMFand UAF) 306 between UAF server 207 and the SMF server 206, interface communication uses Session Initiation Protocol;
Adopt Idc interface (Interface of AVDF andCE) 308 between CE 201 and the AVDF server 204, interface communication uses RTP or RTCP or RTSP agreement;
Adopt Ind interface (Interface of NE andAVDF) 309 between headend equipment 202 and the AVDF server 204, interface communication uses RTP or RTCP or RTSP agreement.
Fig. 4 is the single domain networking structure schematic diagram of the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 4, in the present embodiment in the video monitoring system of IP based network, for the situation that only comprises a SMF server 206, be referred to as the single domain networking structure, this system specifically comprises: CE 201, headend equipment 202, CCF server 203, AVDF server 204, AVSF server 205, SMF server 206 and UAF server 207.
Fig. 5 is a kind of schematic flow sheet of exchange method in the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 5, in as shown in Figure 4 the video monitoring system of IP based network, can carry out the mutual of media flow transmission control according to following flow process between CE 201, headend equipment 202, CCF server 203, AVDF server 204, the SMF server 206 in the present embodiment:
Step 501, CE 201 sends first request message that obtains Media Stream by IP network to CCF server 203, for example is called the message of " INVITE ", the Media Stream of the arbitrary headend equipment 202 of expression acquisition request;
Step 502, CCF server 203 are returned the session (Session) that for example is called first response message of " 100 " message and preserves this request correspondence according to first request message from CE 201 by IP network to CE 201;
Step 503, CCF server 203 is according to first request message from CE 201, the message etc. that sends for example " INVITE " by name by IP network to SMF server 206 is obtained second request message of Media Stream, is forwarded to SMF server 206 with the request with CE 201; Second request message described herein can be first request message of directly transmitting in the transparent transmission mode, also can be the request message that is generated separately by CCF server 203;
Step 504, SMF server 206 returns second response message by IP network to CCF server 203 according to second request message that obtains Media Stream from CCF server 203;
Step 505, SMF server 206 judge whether headend equipment 202 has been set up media flow transmission interface as shown in Figure 4 with AVDF server 204 and be connected 413; If, then direct execution in step 509, otherwise execution in step 506;
Step 506, SMF server 206 send the 5th request message of expression application ports such as " INVITE " message by name for example by IP network and forward end equipment 202, with 202 applications of forward end equipment can output media stream port;
Step 507, headend equipment 202 distributes corresponding port, returns the 5th response message that expression ports such as for example being called " 200OK " message has distributed by IP network and to SMF server 206;
Step 508, the 5th response message that the expression port that SMF server 206 is returned after the distribution corresponding port according to headend equipment 202 has distributed, send the 3rd ACK that confirms that port has distributed by IP network and forward end equipment 202, after this, headend equipment 202 promptly is connected 413 by the media flow transmission interface that IP network and AVDF server 204 are set up as shown in Figure 4;
Step 509, SMF server 206 returns the 3rd response message that for example expression video capable monitor sessions such as message of " 200OK " by name can be set up by IP network to CCF server 203;
Step 510, CCF server 203 are returned the 4th response message that for example expression video capable monitor sessions such as message of " 200OK " by name can be set up according to the 3rd response message from SMF server 206 to CE 201; Need to prove that the 4th response message described herein can be the 3rd response message of directly transmitting in the transparent transmission mode, also can be the response message that is generated separately by CCF server 203;
Step 511, CE 201 sends a ACK that expression confirm video monitoring session can set up by IP network to CCF server 203 according to the 4th response message from CCF server 203;
Step 512, CCF server 203 is confirmed the ACK that the video monitoring session can be set up according to the expression from CE 201, sends the 2nd ACK that expression confirms that the video monitoring session can be set up by IP network to SMF server 206; Need to prove that the 2nd ACK described herein can be an ACK who directly transmits in the transparent transmission mode, also can be the ACK that is generated separately by CCF server 203;
Step 513, SMF server 206 is confirmed the 2nd ACK that the video monitoring session can be set up according to the expression from CCF server 203, by the request message of IP network to AVDF server 204 transmission open media flow ports, for example PortOpenNotify request message;
Step 514, AVDF server 204 bases are from the request message of the open media flow port of SMF server 206, by its with corresponding headend equipment 202 between the media flow transmission interface of IP based network connect 413, open this headend equipment 202 can output media stream port, and by IP network and return the response message of opening of " Response " message by name for example to SMF server 206;
Step 515, CE 201 AVDF server 204 opened corresponding headend equipment 202 can the port of output media stream after, the media flow transmission interface of setting up as shown in Figure 4 by IP network and AVDF server 204 is connected 411, and by with AVDF server 204 between the media flow transmission interface of IP based network be connected 411, the media flow transmission interface of IP based network is connected 413 between AVDF server 204 and AVDF server 204 and the headend equipment 202, carries out the mutual of Media Stream based on video monitoring session and headend equipment 202.
So far, this flow process finishes.
In the above-mentioned flow process, step 502,504 is optional step, and step 503 can be carried out before step 502 or with step 502 simultaneously, and step 505 can be carried out before step 504 or with step 504 simultaneously; And be connected 413 situation by having set up the media flow transmission interface with AVDF server 204 for headend equipment 202, step 505~508 also are optional step.
Fig. 6 is the another kind of schematic flow sheet of exchange method in the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 6, based on the video monitoring system of IP based network in the present embodiment and after flow process as shown in Figure 5, in the present embodiment in as shown in Figure 4 the video monitoring system of IP based network, between CE 201, headend equipment 202, CCF server 203, AVDF server 204, the SMF server 206, can also further realize the mutual of media flow transmission control according to following flow process:
Step 601, CE 201 sends the 6th request message that for example expression of " BYE " message by name stops the video monitoring session, the video monitoring session between request termination and the headend equipment 202 by IP network to CCF server 203;
Step 602, CCF server 203 is according to the 6th request message from CE 201, by sending the 7th request message that expression stops the video monitoring session, be forwarded to SMF server 206 with request with the video monitoring session between CE 201 terminations and the headend equipment 202 to SMF server 206; Need to prove that the 7th request message described herein can be the 6th request message of directly transmitting in the transparent transmission mode, also can be the request message that CCF server 203 generates separately;
Step 603, SMF server 206 send the request message of closing Media Stream port, for example PortCloseNotify request message by IP network to AVDF server 204 according to the 7th request message from CCF server 203;
Step 604, AVDF server 204 bases are from the request message of the open media flow port of SMF server 206, by its with corresponding headend equipment 202 between the media flow transmission interface of IP based network connect 413, close the port that this headend equipment 202 can output media stream, and return the response message of closing of " Response " message by name for example by IP network to SMF server 206;
Step 605, SMF server 206 bases are closed the media flow transmission interface 411 between response message termination CE 201 and the ASDF server 204, and send the 6th response message that for example is called expression video monitoring session terminations such as " 200OK " message by IP network to CCF server 203;
Step 606, CCF server 203 is according to the 6th response message, send the 7th response message that expression video monitoring sessions such as for example being called " 200OK " message stops by IP network to CE 201, CE201 after receiving the 7th response message, disconnect with AVDF server 204 between the media flow transmission interface of IP based network be connected 411, thereby stop the video monitoring session with headend equipment 202; Need showing of explanation, above-mentioned the 7th response message can be the 6th response message of directly transmitting in the transparent transmission mode, also can be the message that is generated separately by CCF server 203;
Step 607, whether SMF server 206 is judged the video monitoring session of current termination, be last video monitoring session of corresponding front end interface 202, if, then continue execution in step 608, otherwise process ends;
Step 608, SMF server 206 sends the 8th request message that " BYE " message etc. for example by name is cancelled port by IP network and forward end equipment, with forward end equipment 202 cancel can output media stream port;
Step 609, when front end equipment 202 cancelling corresponding port, and the expression ports such as " 200OK " message for example by name that returned the 8th response message of having cancelled after, headend equipment 202 has disconnected by IP network and has been connected 413 with media flow transmission interface between the AVDF server 204.
So far, this flow process finishes.
In the above-mentioned flow process, step 605,606 is optional step, and step 607 can be carried out before step 605 or step 606, also can carry out simultaneously with step 605 or step 606; And, be connected also nonessentially with media flow transmission interface 413 between the AVDF server 204 owing to disconnect headend equipment 202, therefore, step 607~609 also are optional step.
As seen, among the present invention in the video monitoring system of IP based network, the connection between CE, headend equipment and each the logical layer equipment all realizes by IP network, thereby realized the all-IPization of video monitoring system.
More than, be detailed description to the video monitoring system of IP based network in the present embodiment.
In present embodiment video monitoring system as shown in Figure 4, headend equipment 102 and each logical layer equipment can be referred to as the resource of video monitoring system.
The user can login to video monitoring system by CE 201, and to utilize the operational motion to functional module be the may command respective resources.Wherein, the user can click corresponding button and initiate the aforesaid operations action in the video monitoring system visualization interface that CE 201 shows; Wherein, operational motion comprises at least: login, authentication, filtration, inquiry, increase, deletion, modification, visit, download, renewal, start, stop, playback, increase doubly speed, reduce doubly that a speed, The Cloud Terrace agreement, agreement issue, presetting bit, reception, interlock etc.In the video monitoring system of IP based network as shown in Figure 4, the functional module of carrying and the schematic diagram of various operational motions can be referring to Fig. 7.
In the practical application, the user of login is divided into leading subscriber and domestic consumer usually, and " user " as herein described is meant and utilizes CE 101 to land user to system.Leading subscriber is responsible, and operation manages and safeguards and can also be as the service object of miscellaneous service function in the system to system, domestic consumer is then mainly as the service object of miscellaneous service function in the system, that is to say, should control the authority of domestic consumer's utilization the operational motion control respective resources of the various functional modules of realization management function.And, even if between the domestic consumer, also may there be the different user rank that is determined by the practical application scene, other domestic consumer of so corresponding different user level, it utilizes resource and operational motion type that the operational motion of functional module is controlled also should there are differences.Thus, just need control the authority of video monitoring system.
This paper aforesaid " utilizing the authority of the operational motion of functional module being controlled respective resources ", abbreviate " authority of corresponding respective resources " hereinafter as, the resource that this user that described " respective resources " expression is determined by user place application scenarios can control; Authority can comprise multiple, and different types of authority can corresponding dissimilar operational motion, for example, starts this operational motion of authority correspondence " startups ", this operational motion of download authority correspondence " download ".
In the video monitoring system of IP based network as shown in Figure 4, can adopt following existing mode in the present embodiment for the control of authority:
If leading subscriber, then when this user logined to video monitoring system, SMF server 206 was given all authorities of corresponding all resources of video monitoring system this user of login;
If domestic consumer, then login to the video monitoring system the user, leading subscriber can utilize the CE 201 that accesses to video monitoring system, the authority of the associated corresponding respective resources of each user is set respectively in UAF server 207, the authority 1 and the authority 2 of user's 1 related corresponding resource 1 for example are set, the authority 1 of user's 2 related corresponding resources 2 is set, the authority 3 of user's 3 corresponding resources 1 and the authority 2 of resource 3 is set, i.e. authority setting; When arbitrary user logins to video monitoring system, in the authority of the corresponding respective resources that SMF server 206 all users from be arranged at UAF server 207 are associated, search and obtain the authority of the associated corresponding respective resources of this user of login one by one, the authority that to search and obtain is given this user one by one then, and promptly authority is given.
As seen, though above-mentioned control of authority mode can realize the control of authority to the user,, for domestic consumer, need be to each with carrying out the operation that associated permissions is set per family, it is lower to make authority in the control of authority that efficient is set; When the user logins to video monitoring system, need search and obtain the authority of the associated corresponding respective resources of this user of login one by one, it is lower to make authority in the control of authority give efficient; In addition, when authority is safeguarded, when revising the authority of user's association if desired,, also need the associated authority of these users is revised one by one, make that the authority maintenance efficiency in the control of authority is also lower even if the authority of a plurality of user's associations is identical.
Thus, present embodiment also further provides a kind of authority control method of video monitoring system and a kind of authority control system of video monitoring system based on as shown in Figure 4 video monitoring system.
Embodiment one
Fig. 8 is the exemplary process diagram of authority control method in the embodiment of the invention.As shown in Figure 8, the authority control method in the present embodiment comprises:
Step 800 is provided with the authority of the associated corresponding respective resources of a plurality of roles and each role in the UAF of video monitoring system server, and each user who is respectively described video monitoring system distributes at least one role.
In this step, " role " in fact can regard an abstract Virtual User as, its expression be to have a class user of the identical authority of corresponding same asset.Thus one, a plurality of users for identical authority with corresponding same asset, the authority that the associated corresponding respective resources of a role and this role only need be set gets final product, and when safeguarding, only needs the authority of the associated corresponding respective resources of role of modification.For example, suppose that user 1, user 2, user's 3 place application scenarioss have determined that these three users all should be based on operational motion a and operational motion b control resource 1 and resource 2, the associated corresponding resource 1 of a role 1 and role 1 and the authority a and the authority b of resource 2 then can be set in this step.
This step can be the CE execution that is accessed to video monitoring system by the leading subscriber utilization.
After this, when arbitrary user logins to video monitoring system, continue to carry out subsequent step.Alternatively, if the user of login is a leading subscriber, then all authorities of corresponding all resources of video monitoring system can be given this user and the process ends of login; Otherwise the user of login is a domestic consumer, then continues to carry out subsequent step.Certainly, no matter be leading subscriber or domestic consumer, also can all continue to carry out subsequent step.Whether the user is leading subscriber, can be judged according to existing mode by SMF server 206, does not repeat them here.
Step 801, SMF server are retrieved as the authority of the associated corresponding respective resources of the role that the user distributed of login and this role from the UAF server.
Step 802, the authority of the corresponding respective resources that the SMF server is associated with the role who obtains is given this user of login.
In above-mentioned steps 801~802, the authority of the corresponding respective resources that the role is associated, can be multiple authority or a kind of authority of corresponding a plurality of resources or the multiple authority of corresponding a plurality of respective resources of a corresponding respective resources, and no matter be any situation, owing to, thereby can once obtain and once give the user all with a role association.
So far, this flow process finishes.
By above-mentioned flow process as seen, in the present embodiment, owing to be provided with a plurality of roles and the associated authority of each role, thereby, if the associated authority of certain role conforms to the user, then give this user with this role assignments after, directly the authority that the role who obtains is associated be given this user, and need not each authority that will conform to this user one by one with this user related after, give this user one by one again, thereby improved the efficient that authority setting and authority are given in the control of authority; And, for a plurality of users that are assigned same role,, then only need to revise the associated authority of this role and get final product if all need to revise the authority that it conforms to, and need not to revise one by one the associated authority of each user, thereby simplified the efficient that authority is safeguarded in the control of authority.
In addition, in the above-mentioned flow process in the present embodiment, in the time of execution in step 800, before or after, can further the part or all of resource in all resources of video monitoring system be divided into different resource groups respectively, and the resource group that division obtains is arranged in the UAF server.Like this, if comprise at least one resource group in the related respective resources of arbitrary role, the authority of the associated corresponding respective resources of this role who is provided with in the UAF server then can comprise: respectively with above-mentioned respective resources in arbitrary resource group at least one authority one to one.That is to say that respective resources can be corresponding with authority in the mode of resource group with authority.
For example, suppose that user 1, user 2, user's 3 place application scenarioss have determined that these three users all should be based on operational motion a and operational motion b control resource 1 and resource 2, and resource 1 and resource 2 have constituted resource group 1 jointly, then be the role 1 that user 1, user 2, user 3 distributes, the authority a of role 1 and corresponding resource group 1 and the authority b of corresponding resource group 1 are related.
Thus, can further simplify the authority setting, thereby further improve the efficient that authority is provided with in the control of authority.
Certainly, in the present embodiment, respective resources also can be corresponding with authority in the mode of single resource with authority.Like this, if comprise in the related respective resources of arbitrary role and be not divided at least one resource of resource group, the authority of the associated corresponding respective resources of this role who is provided with in the UAF server then may further include: respectively with described respective resources in arbitrary resource at least one authority one to one.
For example, suppose that user 1, user 2, user's 3 place application scenarioss have determined that these three users all should be based on operational motion a and operational motion b control resource 1 and resource 2, and resource 1 and resource 2 have constituted resource group 1 jointly, then be the role 1 that user 1, user 2, user 3 distributes, the authority a of the authority a of role 1 and corresponding resource 1, the authority b of corresponding resource 1, corresponding resource 2 and the authority b of corresponding resource 2 are related.
Thus, do not support the video monitoring system of divide resource group, still can adopt the technical scheme in the present embodiment, thereby improved the versatility and the compatibility of technical scheme in the present embodiment for some.
Need to prove that the related equipment of each step mainly is the video monitoring system at as shown in Figure 4 in the above-mentioned flow process.Be different from other video monitoring systems of video monitoring system as shown in Figure 4 for structure so, those skilled in the art can expect existing needs to replace the situation of the related equipment of each step certainly, no longer at various video monitoring systems the equipment that each step may relate to are given unnecessary details one by one at this.
Fig. 9 is the exemplary block diagram of authority control system in the embodiment of the invention one.As shown in Figure 9, the authority control system in the present embodiment can be made of for example partial logic layer equipment in the video monitoring system shown in Fig. 4, specifically comprises: CCF server 203, SMF server 206, UAF server 207.
UAF server 207 is used to write down the authority that sets in advance the associated corresponding respective resources of a plurality of roles, each role, and is at least one role that each user of described video monitoring system distributes in advance; " role " described herein and basic identical described in the flow process as shown in Figure 3 do not repeat them here;
CCF server 203, the user who is used for video monitoring system is by accessing to the CE (not shown) login of this video monitoring system;
SMF server 206 is used to be retrieved as the authority of the associated corresponding respective resources of the role that the user distributed of login and this role, and gives this user with the authority of obtaining.Wherein, the authority of the corresponding respective resources that the role is associated, can be multiple authority or a kind of authority of corresponding a plurality of resources or the multiple authority of corresponding a plurality of respective resources of a corresponding respective resources, and no matter be any situation, owing to, thereby can once obtain and once give the user all with a role association.
In the practical application, when the user that SMF server 206 can also be further used in login is leading subscriber, then all authorities of described all resources of video monitoring system of correspondence is given this user of login, and need not to be retrieved as the role that this leading subscriber distributes; Certainly, if all related with all authorities of all resources for the role that leading subscriber distributed, then SMF server 206 also can adopt above-mentioned processing mode for leading subscriber.
Above-mentioned authority control system in the present embodiment, can realize by the above-mentioned logical layer equipment in the video monitoring system as shown in Figure 4, but need to improve in the said network element equipment original functional module or increase new functional module, so that these network element devices than the function of former video monitoring system, can further be realized authority control system.Wherein, the improvement of functional module or increase can utilize computer program to realize by those skilled in the art, do not repeat them here.
By said system as seen, in the present embodiment, owing to be provided with a plurality of roles and the associated authority of each role, thereby, if the associated authority of certain role conforms to the user, then give this user with this role assignments after, directly the authority that the role who obtains is associated be given this user, and need not each authority that will conform to this user one by one with this user related after, give this user one by one again, thereby improved the efficient that authority setting and authority are given in the control of authority; And, for a plurality of users that are assigned same role,, then only need to revise the associated authority of this role and get final product if all need to revise the authority that it conforms to, and need not to revise one by one the associated authority of each user, thereby simplified the efficient that authority is safeguarded in the control of authority.
In addition, in the present embodiment, the part or all of resource in all resources of video monitoring system can further be divided into different resource groups.Like this, for authority control system as shown in Figure 9, its UAF server 207 can be further used for storing by the part or all of resource in all resources of video monitoring system as shown in Figure 4 divides the different resource group that forms respectively, correspondingly, if comprise at least one resource group in the related respective resources of arbitrary role, the authority of the associated corresponding respective resources of this role of storage in the UAF server 207 then can comprise: respectively with above-mentioned respective resources in arbitrary resource group at least one authority one to one.That is to say that respective resources can be corresponding with authority in the mode of resource group with authority.
Certainly, in the present embodiment, respective resources also can be corresponding with authority in the mode of single resource with authority.Like this, if comprise in the respective resources not being divided at least one resource of resource group, then the authority of this correspondence respective resources of storage may further include in the UAF server 207: respectively with described respective resources in arbitrary resource at least one authority one to one.
Need to prove that related equipment in the above-mentioned authority control system in the present embodiment mainly is the video monitoring system at as shown in Figure 4.Be different from other video monitoring systems of video monitoring system as shown in Figure 4 for structure so, those skilled in the art can expect existing needs to replace the situation of network element device certainly, no longer at various video monitoring systems the equipment that the authority control system in the present embodiment may relate to are given unnecessary details one by one at this.
Embodiment two
Present embodiment is than embodiment one, further combined with the scheme of user with the authority direct correlation of corresponding respective resources, so that improve the flexibility of control of authority.
Figure 10 is the model schematic diagram of control of authority in the embodiment of the invention two.As shown in figure 10, in the present embodiment, not only be provided with the authority of the corresponding respective resources that role and role be associated, be provided with also that the user is associated respectively with the resource group one to one authority and user be associated respectively with respective resources authority one to one.Like this, when the user logins to video monitoring system, can be retrieved as the authority of the associated corresponding respective resources of role that the user distributes and this role, if also with respectively authority is related and/or with authority is related one to one with resource respectively one to one with the resource group for this user, then can also further obtain simultaneously this user associated respectively with the resource group one to one authority and/or respectively with resource authority one to one, promptly obtain the authority of the associated respective resources of this user simultaneously.
For example, suppose that user 1, user 2, user's 3 place application scenarioss have determined that user 1 should be based on operational motion a and operational motion b control resource 1, resource 2 and resource group 3, user 2 and user 3 should be based on operational motion a control resource 1, resource 2 and resource groups 3.Wherein, resource 1 and resource 2 have constituted resource group 1 jointly.Like this, be the role 1 that user 1, user 2, user 3 distribute, the authority a of role 1 and corresponding resource group 1, the authority a of corresponding resource 3 are related, and be simultaneously, also further that the authority b of the authority b of user 1 and corresponding resource group 1, corresponding resource 3 is related.
Thus, can get to occur simultaneously to a plurality of users' respective resources and obtain respective resources and occur simultaneously, and to these a plurality of users to respective resources occur simultaneously the operational motion that can carry out, be that the authority that corresponding respective resources is occured simultaneously is being got common factor, obtain authority and occur simultaneously; Occur simultaneously according to respective resources common factor and authority then and set up a role and distribute to this a plurality of users, simultaneously,, related with corresponding user respectively with each authority outside the authority common factor of each resource outside the corresponding common factor of correspondence.
As seen, combine the scheme of user and the authority direct correlation of corresponding respective resources, can improve the flexibility of control of authority.
Specifically, as shown in Figure 8 basic identical among authority control method in the present embodiment and the embodiment one, still:
Need in step 801, further obtain the authority of the associated corresponding respective resources of the user of login;
And, in the authority of the corresponding respective resources that the user of the login that need further will obtain in step 802 is associated, give the user of this login with the authority that the associated authority of the role who obtains is underlapped, the user 1 of i.e. hypothesis login is assigned role 1, and the authority a of role 1 and corresponding resource 1, the authority b association of corresponding resource 2, and this user 1 also with the authority a of corresponding resource 1, the authority a of corresponding resource 3 is associated, then in step 302, authority a except the corresponding resource 1 that role 1 is associated, the authority b of corresponding resource 2 gives user 1, also the authority a of corresponding resource 3 that should user 1 is associated also gives user 1, and for the authority a of the associated corresponding resource 1 of user 1, because related with role 1, thereby no longer repeat to give to avoid the operation in the practical application to make mistakes.
As shown in Figure 9 structure is basic identical among authority control system in the present embodiment and the embodiment one, still:
Corresponding interchangeable corresponding key-course equipment in UAF server 207 or other video monitoring system need be further used for storing the authority of the associated corresponding respective resources of each user;
And, the interchangeable corresponding key-course equipment of correspondence in SMF server 206 or other video monitoring system, need be further used for obtaining the authority of the associated corresponding respective resources of the user of login, and in the authority of the associated corresponding respective resources of the user of the login that will obtain, give the user of this login with the authority that the associated authority of the role who obtains is underlapped.
Need to prove that in the present embodiment, respective resources and authority can be according to modes identical among the embodiment one, and be corresponding with authority and/or corresponding with authority in the mode of single resource in the mode of resource group, do not repeat them here.
As seen, present embodiment not only can produce the beneficial effect that embodiment one is had, and further, present embodiment is owing to combine the scheme of user and authority direct correlation, thereby makes that the flexibility of control of authority is higher.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to and replace and improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. the authority control method of a video monitoring system, it is characterized in that described video monitoring system comprises: the first key-course equipment, the second key-course equipment that links to each other by IP network with the described first key-course equipment, first access layer equipment and first bearing layer equipment that link to each other by described IP network with the described first key-course equipment, the headend equipment that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively, and the client unit CE that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively;
This method is provided with the authority of the associated corresponding respective resources of a plurality of roles and each role in the described second key-course equipment, and be respectively described video monitoring system and use each user of described CE to distribute at least one role, and when arbitrary user logined to described video monitoring system by described CE, this method comprised:
A, the described first key-course equipment are retrieved as the authority of the associated corresponding respective resources of the role that the user distributed of login and this role from the described second key-course equipment;
B, the described first key-course equipment are given the authority of obtaining this user of login.
2. the method for claim 1 is characterized in that, this method is further comprising before the described step a: the authority that the associated corresponding respective resources of each user is set respectively in the described second key-course equipment;
Described step a further comprises: the described first key-course equipment obtains the authority of the associated corresponding respective resources of the user of login from the described second key-course equipment;
Described step b further comprises: in the authority of the corresponding respective resources that the user of the login that the described first key-course equipment will obtain is associated, give the user of this login with the authority that the associated authority of the role who obtains is underlapped.
3. method as claimed in claim 1 or 2 is characterized in that, this method further was divided into different resource groups respectively with the part or all of resource in all resources of described video monitoring system before described step a,
And comprise at least one resource group in the described respective resources, then the authority of described corresponding respective resources comprises: respectively with described respective resources in arbitrary resource group at least one authority one to one.
4. method as claimed in claim 3, it is characterized in that, comprise in the described respective resources not being divided at least one resource of resource group, then the authority of described corresponding respective resources further comprises: respectively with described respective resources in arbitrary resource at least one authority one to one.
5. method as claimed in claim 1 or 2, it is characterized in that, this method further comprised before described step a: the described first key-course equipment judges whether the user of login is leading subscriber, if, then all authorities of described all resources of video monitoring system of correspondence are given this user and the process ends of login, otherwise carry out described step a.
6. the authority control system of a video monitoring system, it is characterized in that this system comprises: the first key-course equipment, the second key-course equipment that links to each other by IP network with the described first key-course equipment, first access layer equipment that links to each other by described IP network with the described first key-course equipment and first bearing layer equipment, the headend equipment that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively and the client unit CE that links to each other by described IP network with described first access layer equipment and first bearing layer equipment respectively;
Described first access layer equipment is based on the control of the described first key-course equipment, with described CE with described headend equipment accesses in the described system and the user in the described video monitoring system utilizes described CE to land;
Described first bearing layer equipment is realized the media flow transmission between described headend equipment and the described CE based on the control of the described first key-course equipment;
The described second key-course equipment is used to write down the authority that sets in advance the associated corresponding respective resources of a plurality of roles, each role, and is at least one role that each user of described video monitoring system distributes in advance;
And the first key-course equipment also is used to be retrieved as the authority of the associated corresponding respective resources of the role that the user distributed of login and this role, and gives this user with the authority of obtaining.
7. authority control system as claimed in claim 6 is characterized in that, the described second key-course equipment is further used for storing the authority of the associated corresponding respective resources of each user;
The described first key-course equipment is further used for obtaining the authority of the associated corresponding respective resources of the user of login, and in the authority of the associated corresponding respective resources of the user of the login that will obtain, give the user of this login with the authority that the associated authority of the role who obtains is underlapped.
8. as claim 6 or 7 described authority control systems, it is characterized in that the described second key-course equipment is further used for storing by the part or all of resource in all resources of described video monitoring system divides the different resource group that forms respectively;
And comprise at least one resource group in the described respective resources, then the authority of described corresponding respective resources comprises: respectively with described respective resources in arbitrary resource group at least one authority one to one.
9. authority control system as claimed in claim 8, it is characterized in that, comprise in the described respective resources not being divided at least one resource of resource group, then the authority of described corresponding respective resources further comprises: respectively with described respective resources in arbitrary resource at least one authority one to one.
10. as claim 6 or 7 described authority control systems, it is characterized in that, when the user that the described first key-course equipment is further used in login is leading subscriber, then all authorities of described all resources of video monitoring system of correspondence are given this user of login.
CN200810227557A 2008-11-27 2008-11-27 Authority control method and system of video monitoring system Active CN101753963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810227557A CN101753963B (en) 2008-11-27 2008-11-27 Authority control method and system of video monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810227557A CN101753963B (en) 2008-11-27 2008-11-27 Authority control method and system of video monitoring system

Publications (2)

Publication Number Publication Date
CN101753963A true CN101753963A (en) 2010-06-23
CN101753963B CN101753963B (en) 2012-10-03

Family

ID=42480241

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810227557A Active CN101753963B (en) 2008-11-27 2008-11-27 Authority control method and system of video monitoring system

Country Status (1)

Country Link
CN (1) CN101753963B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521704A (en) * 2011-07-12 2012-06-27 武汉华工安鼎信息技术有限责任公司 RFID-based confidential carrier intelligent monitoring system and monitoring method of the same
CN103595960A (en) * 2013-11-06 2014-02-19 浙江宇视科技有限公司 Interesting information monitoring and pushing method and device
CN103595973A (en) * 2013-11-28 2014-02-19 惠州华阳通用电子有限公司 Real-time vehicle audio/video monitoring system and method
CN103685203A (en) * 2012-09-25 2014-03-26 苏州精易会信息技术有限公司 Method for controlling network address accessing by browser
CN103825894A (en) * 2014-02-21 2014-05-28 南京莱斯信息技术股份有限公司 Multi-screen application system based on browser B / S structure
CN106295265A (en) * 2015-05-22 2017-01-04 阿里巴巴集团控股有限公司 A kind of method and device of user authority management
CN109040703A (en) * 2018-09-17 2018-12-18 李瑶 A kind of monitoring security-protection management system
CN109743538A (en) * 2018-11-30 2019-05-10 与德科技有限公司 Monitor video checks control method
CN109933719A (en) * 2019-01-30 2019-06-25 维沃移动通信有限公司 A kind of searching method and terminal device
CN110084004A (en) * 2019-03-28 2019-08-02 南京维沃软件技术有限公司 A kind of authority configuring method and terminal device
CN110191321A (en) * 2019-05-30 2019-08-30 广东长盈科技股份有限公司 A kind of fusion intelligent video monitoring management application system
CN111193905A (en) * 2019-12-24 2020-05-22 视联动力信息技术股份有限公司 Monitoring resource allocation method and device and readable storage medium
US11006326B2 (en) * 2016-07-08 2021-05-11 Zte Corporation Method, device, and system for implementing session continuity
GB2620950A (en) * 2022-07-26 2024-01-31 Proximie Ltd Apparatus for and method of obscuring information

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1610315A (en) * 2003-10-20 2005-04-27 鸿富锦精密工业(深圳)有限公司 Network visual communication monitoring system and method
CN1558611A (en) * 2004-02-12 2004-12-29 上海交通大学 Administrative center based multiple spots interactive method for network video monitoring control
CN100466728C (en) * 2006-07-24 2009-03-04 华为技术有限公司 Long-distance monitoring business realizing method, system and terminal equipment between video information terminals

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521704A (en) * 2011-07-12 2012-06-27 武汉华工安鼎信息技术有限责任公司 RFID-based confidential carrier intelligent monitoring system and monitoring method of the same
CN102521704B (en) * 2011-07-12 2015-07-22 武汉华工安鼎信息技术有限责任公司 Monitoring method of RFID-based confidential carrier intelligent monitoring system
CN103685203A (en) * 2012-09-25 2014-03-26 苏州精易会信息技术有限公司 Method for controlling network address accessing by browser
CN103595960B (en) * 2013-11-06 2018-07-13 浙江宇视科技有限公司 A kind of monitoring concern information-pushing method and device
CN103595960A (en) * 2013-11-06 2014-02-19 浙江宇视科技有限公司 Interesting information monitoring and pushing method and device
CN103595973A (en) * 2013-11-28 2014-02-19 惠州华阳通用电子有限公司 Real-time vehicle audio/video monitoring system and method
CN103825894A (en) * 2014-02-21 2014-05-28 南京莱斯信息技术股份有限公司 Multi-screen application system based on browser B / S structure
CN103825894B (en) * 2014-02-21 2017-07-28 南京莱斯信息技术股份有限公司 A kind of application method of the multi-screen application system based on browser B/S structures
CN106295265A (en) * 2015-05-22 2017-01-04 阿里巴巴集团控股有限公司 A kind of method and device of user authority management
US11006326B2 (en) * 2016-07-08 2021-05-11 Zte Corporation Method, device, and system for implementing session continuity
CN109040703A (en) * 2018-09-17 2018-12-18 李瑶 A kind of monitoring security-protection management system
CN109743538A (en) * 2018-11-30 2019-05-10 与德科技有限公司 Monitor video checks control method
CN109933719A (en) * 2019-01-30 2019-06-25 维沃移动通信有限公司 A kind of searching method and terminal device
CN110084004A (en) * 2019-03-28 2019-08-02 南京维沃软件技术有限公司 A kind of authority configuring method and terminal device
CN110191321A (en) * 2019-05-30 2019-08-30 广东长盈科技股份有限公司 A kind of fusion intelligent video monitoring management application system
CN111193905A (en) * 2019-12-24 2020-05-22 视联动力信息技术股份有限公司 Monitoring resource allocation method and device and readable storage medium
CN111193905B (en) * 2019-12-24 2022-11-01 视联动力信息技术股份有限公司 Monitoring resource allocation method and device and readable storage medium
GB2620950A (en) * 2022-07-26 2024-01-31 Proximie Ltd Apparatus for and method of obscuring information

Also Published As

Publication number Publication date
CN101753963B (en) 2012-10-03

Similar Documents

Publication Publication Date Title
CN101753963B (en) Authority control method and system of video monitoring system
CN101741658B (en) Video monitoring system and interaction method in same
CN106331581B (en) Method and device for communication between mobile terminal and video network terminal
CN101472155B (en) Household network system for implementing IPTV business and implementing method thereof
CN101702722B (en) Multi-media system converging multiple services and control method
CN100493091C (en) Flow-media direct-broadcasting P2P network method based on conversation initialization protocol
CN109640029B (en) Method and device for displaying video stream on wall
CN102271099B (en) Networking method and system
CN110121059B (en) Monitoring video processing method, device and storage medium
CN109889780B (en) Data synchronization method and device
CN101159830A (en) Apparatus for receiving adaptive broadcast signal and method thereof
CN109660816B (en) Information processing method and device
CN105323628A (en) DLNA multi-screen playback method and system, browser-side device and playback device
CN113014885B (en) Railway video resource interconnection convergence system and method
CN101753985B (en) Video monitoring system, and medium flow transmitting control device and method in the video monitoring system
CN110113631A (en) A kind of video flowing sharing method and system
CN101431669A (en) Video monitoring system and control method for establishing media stream transmission connection in the same
CN111147859A (en) Video processing method and device
CN101583021A (en) Monitoring device used in video conferencing monitoring system
CN111147789B (en) Method, device and equipment for recording audio and video stream and storage medium
US9854276B2 (en) Information processing device, information processing method, and program
CN109525663B (en) Video data display method and system
CN114679497A (en) Video resource integrated scheduling system and method based on special traffic network
US20090144438A1 (en) Standards enabled media streaming
CN101753986B (en) Video monitoring system and wheel cutting control device and method in the video monitoring system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20171222

Address after: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee after: Vimicro Electronics Co., Ltd.

Patentee after: Zhongxing Technology Co., Ltd.

Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 35, Nanjing Ning building, 15 Floor

Co-patentee before: Vimicro Electronics Co., Ltd.

Patentee before: Beijing Vimicro Corporation

CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee after: Vimicro Electronics Co., Ltd.

Patentee after: Mid Star Technology Limited by Share Ltd

Address before: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee before: Vimicro Electronics Co., Ltd.

Patentee before: Zhongxing Technology Co., Ltd.