CN101753963B - Authority control method and system of video monitoring system - Google Patents

Authority control method and system of video monitoring system Download PDF

Info

Publication number
CN101753963B
CN101753963B CN200810227557A CN200810227557A CN101753963B CN 101753963 B CN101753963 B CN 101753963B CN 200810227557 A CN200810227557 A CN 200810227557A CN 200810227557 A CN200810227557 A CN 200810227557A CN 101753963 B CN101753963 B CN 101753963B
Authority
CN
China
Prior art keywords
authority
equipment
user
key
video monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200810227557A
Other languages
Chinese (zh)
Other versions
CN101753963A (en
Inventor
高春东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mid Star Technology Ltd By Share Ltd
Vimicro Corp
Original Assignee
Vimicro Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vimicro Corp filed Critical Vimicro Corp
Priority to CN200810227557A priority Critical patent/CN101753963B/en
Publication of CN101753963A publication Critical patent/CN101753963A/en
Application granted granted Critical
Publication of CN101753963B publication Critical patent/CN101753963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses an authority control method and system of a video monitoring system. A plurality of roles and authorities rated to each role are arranged; and thus, if the authority related to some role conforms with an user, after the role is distributed to the user, the authority related to the gained role can be directly given to the user, and each authority conforming with the user does not need to be related to the users one by one, and then, to be given to the users one by one, so the efficiency of authority arrangement and authority giving in authority control is improved. However, for more users distributed with the same role, if all the authorities conforming with the users need to be corrected, only the authorities related to the roles need to be corrected, while the authority related to each user do not need to be corrected one by one, and thus, the efficiency of authority maintenance in the authority control is simplified.

Description

The authority control method of video monitoring system and system
Technical field
The present invention relates to control technology, particularly the authority control system of a kind of authority control method of video monitoring system and a kind of video monitoring system.
Background technology
The video monitoring system of existing IP based network; Mainly comprise video monitoring video camera, digital video frequency server (Digital Video Server; DVS), digital video recorder (Digital VideoRecorder; Headend equipment such as DVR) also comprises the IP transmission network that is used to realize video transmission, is used to the client that realizes the network video monitoring platform of equipment unified management and central store and be used for video data is presented at personal computer (PC) or TV.
Yet the headend equipment in the video monitoring system of above-mentioned existing IP based network and the all-IPization that is unrealized, especially this system is the equipment that DVS, DVR etc. do not connect through IP network, thereby has following problem:
1, equipment such as DVS, DVR then need link to each other with analog video camera through analog cable, and difficult wiring and cost of equipment maintenance are high;
2, video definition standard line-by-line inversion (the Phase Alternating Line of analog video camera; PAL) or national television system committee (National Television System Committee; NTSC) be the standard of the seventies in last century six; The high definition of its regulation is merely (720 * 576), has hindered the development of video monitoring to HD video;
3, equipment such as DVS, DVR need be connected in the video system based on the port of self, and the port of equipment such as DVR, DVS is numerous, makes configuration of devices comparatively complicated, and very difficult discovery automatically and the automatic configuration feature realized;
4, equipment such as DVS, DVR uses hardware integrated circuit board standard, and the function difference of each manufacturer's customization is big, needs to formulate different access waies to the equipment of different vendor;
5, equipment such as DVS, DVR does not have the smart machine access interface, has hindered the development of video monitoring to intelligent video.
Visible by the problems referred to above; The video monitoring system and the all-IPization that is unrealized of existing IP based network, and then the difficulty that makes networking connect up versatility big, system configuration is relatively poor and realization is comparatively complicated, also hindered video monitoring to HD video and intelligentized development simultaneously.And; The video monitoring system and the all-IPization that is unrealized of existing IP based network; Also make unintelligible, the disunity of system architecture; And the communication protocol in the system is chaotic, lack of standardization, can't realize that especially the multistage multiple domain of a plurality of video monitoring systems interconnects, thereby can't unitize management and infinite cascade expansion.
In addition, the video monitoring system of existing IP based network also fails to realize control of authority efficiently.
Summary of the invention
In view of this, the invention provides a kind of authority control method of video monitoring system and a kind of authority control system of video monitoring system, can realize the video monitoring of all-IPization and improve the efficient of control of authority.
The authority control method of a kind of video monitoring system provided by the invention, said video monitoring system comprises: the first key-course equipment, the second key-course equipment that links to each other through IP network with the said first key-course equipment, first access layer equipment that links to each other through said IP network with the said first key-course equipment and first bearing layer equipment, the headend equipment that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively and the client unit CE that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively;
This method in the said second key-course equipment, be provided with a plurality of roles and each role the authority of related corresponding respective resources; And be respectively said video monitoring system and use each user of said CE to distribute at least one role; And when arbitrary user logined to said video monitoring system through said CE, this method comprised:
A, the said first key-course equipment from the said second key-course equipment, be retrieved as login the role that the user distributed and this role the authority of related corresponding respective resources;
B, the said first key-course equipment are given the authority of obtaining this user of login.
This method further comprises before the said step a: in the said second key-course equipment, be provided with respectively each user the authority of related corresponding respective resources;
Said step a further comprises: the said first key-course equipment from the said second key-course equipment, obtain login the user the authority of related corresponding respective resources;
Said step b further comprises: the user of the login that the said first key-course equipment will obtain in the authority of related corresponding respective resources, with the role who obtains the related underlapped authority of authority give the user of this login.
This method further was divided into the different resources group respectively with the part or all of resource in all resources of said video monitoring system before said step a,
And comprise at least one resource group in the said respective resources, then the authority of said corresponding respective resources comprises: respectively with said respective resources in arbitrary resource group at least one authority one to one.
Comprise in the said respective resources not being divided at least one resource of resource group, then the authority of said corresponding respective resources further comprises: respectively with said respective resources in arbitrary resource at least one authority one to one.
This method further comprised before said step a: the said first key-course equipment judges whether the user of login is leading subscriber; If; Then all authorities of said all resources of video monitoring system of correspondence are given this user and the process ends of login, otherwise carry out said step a.
The authority control system of a kind of video monitoring system provided by the invention, this system comprises: the first key-course equipment, the second key-course equipment that links to each other through IP network with the said first key-course equipment, first access layer equipment that links to each other through said IP network with the said first key-course equipment and first bearing layer equipment, the headend equipment that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively and the client unit CE that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively;
Said first access layer equipment is based on the control of the said first key-course equipment, with said CE with said headend equipment accesses in the said system and the user in the said video monitoring system utilizes said CE to land;
Said first bearing layer equipment is realized the media flow transmission between said headend equipment and the said CE based on the control of the said first key-course equipment;
The said second key-course equipment, be used to write down be provided with in advance a plurality of roles, each role the authority of related corresponding respective resources, and be at least one role that each user of said video monitoring system distributes in advance;
And, the first key-course equipment, also be used to be retrieved as login the role that the user distributed and this role the authority of related corresponding respective resources, and give this user with the authority of obtaining.
The said second key-course equipment be further used for storing each user the authority of related corresponding respective resources;
The said first key-course equipment be further used for obtaining login the user the authority of related corresponding respective resources; And the user of the login that will obtain in the authority of related corresponding respective resources, with the role who obtains the related underlapped authority of authority give the user of this login.
The said second key-course equipment is further used for storing by the part or all of resource in all resources of said video monitoring system divides the different resource group that forms respectively;
And comprise at least one resource group in the said respective resources, then the authority of said corresponding respective resources comprises: respectively with said respective resources in arbitrary resource group at least one authority one to one.
Comprise in the said respective resources not being divided at least one resource of resource group, then the authority of said corresponding respective resources further comprises: respectively with said respective resources in arbitrary resource at least one authority one to one.
When the user that the said first key-course equipment is further used in login is leading subscriber, then all authorities of said all resources of video monitoring system of correspondence are given this user of login.
Visible by technique scheme; The present invention has realized the video monitoring of all-IPization; And be provided with a plurality of roles and each role related authority, thereby, if certain role related authority conform to the user; After then giving this user with this role assignments; Can be directly with the role who obtains related authority give this user, and need not each authority that conforms to this user one by one with this user related after, give this user one by one again, thereby improved the efficient that authority setting and authority are given in the control of authority; And; For a plurality of users that are assigned same role, if all need revise the authority that it conforms to, then only need to revise this role related authority get final product; And need not to revise one by one each user related authority, thereby simplified the efficient that authority is safeguarded in the control of authority.
Further, combine the scheme of user and authority direct correlation among the present invention, thereby make that the flexibility of control of authority is higher.
Description of drawings
Fig. 1 is the video monitoring system logical layer structure sketch map of IP based network among the present invention;
Fig. 2 is the system architecture sketch map of the video monitoring system of IP based network among the present invention;
Fig. 3 is the system interface sketch map of the video monitoring system of IP based network among the present invention;
Fig. 4 is the single domain networking structure sketch map of the video monitoring system of IP based network among the present invention;
Fig. 5 is a kind of schematic flow sheet of exchange method in the video monitoring system of IP based network among the present invention;
Fig. 6 is the another kind of schematic flow sheet of exchange method in the video monitoring system of IP based network among the present invention;
Fig. 7 is the functional module of video monitoring system carrying among the present invention and the sketch map of various operational motions;
Fig. 8 is the exemplary process diagram of authority control method in the embodiment of the invention one;
Fig. 9 is the exemplary block diagram of authority control system in the embodiment of the invention one;
Figure 10 is the model sketch map of control of authority in the embodiment of the invention two.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, to further explain of the present invention.
At first, the video monitoring system that can realize all-IPization among the present invention is carried out general description.
Fig. 1 is the video monitoring system logical layer structure sketch map of IP based network among the present invention.As shown in Figure 1, in the video monitoring system of IP based network, can comprise 4 logical layers in an embodiment: Access Layer 101, bearing bed 102, key-course 103 and operation layer 104.
1) Access Layer 101 is supported IP agreement, transmission control protocol (Transmission ControlProtocol; TCP), UDP (User Datagram Protocol; UDP) and session initiation protocol (Session Initiation Protocol; SIP) etc. transmission control protocol is used for the access of the various end points of video monitoring.Wherein, end points can comprise subscriber endpoints, Media Stream end points at least, can also comprise the alarm end points alternatively.
2) bearing bed 102, are used for carrying the Media Stream of video monitoring, comprise the forwarding distribution of Media Stream, the bottom transmission of Media Stream; Alternatively, bearing bed 102 can also be further used for the storage of Media Stream.
For the forwarding distribution of the Media Stream of bearing bed 102, can transmit distribution function by the medium that logically mark off in the bearing bed 102 and realize.Functions such as medium transmit that distribution function can be used for the duplicating of Media Stream, transmits, distributes, broadcasting, multicast and route.
Bottom transmission for the Media Stream of bearing bed 102 can be realized by the bottom transport function that logically marks off in the bearing bed 102.The bottom transport function can be used for controlling the transmission of signaling and notice signaling.Wherein, control signaling and notice signaling all can be the signaling of Session Initiation Protocol, and can use socket (Socket) connection and content among the TCP to carry extend markup language (eXtensibleMarkup Language, XML) message semantic definition of form.Wherein, notice signaling is an optional signaling and nonessential.
Certainly, the bottom transport function also is used to realize the transmission of Media Stream.Specifically; Transmission to Media Stream; The media stream formats that each logical layer equipment in can the employing system is supported; And select to use H.264, dynamic image expert group (Moving Pictures Experts Group, MPEG-4), (Audio and Video Coding Standard, AVS) etc. agreement encapsulates Media Stream digital audio/video encoding and decoding technique standard.
Storage for the Media Stream of bearing bed 102 can be realized by the media store functional module that logically marks off in the bearing bed 102.The media store functional module can be used for reception, the storage of Media Stream; This media store functional module can insert storage area network network (Storage Area Network; IP-SAN), network attached storage (Network Attached Storage; NAS), direct-connected mode is stored (DirectAttached Storage, DAS) memory device such as IP such as grade; And; The media store functional module can also be further used for storage plan management, storage medium management and playing back videos service etc.; For example, formulate storage plan according to the characteristic of time, each logical layer equipment, alarm type etc., supply the media store functional module to carry out by the user.
3) key-course 103, be used for video monitoring system session control and audio frequency and video distribution management (Audioand Video Distribute Management, AVDM); Alternatively, key-course 103 can also be further used at least the audio frequency and video storage administration (Audio and Video Storage Management, AVSM), end points management, rights management etc.
For the session control of key-course 103, can realize by the session control function module that logically marks off in the key-course 103.Session control function module can be used for interior all professional controls of video monitoring system of IP based network among the present invention.And; Operation layer 104 among the present invention can carry out professional foundation, uses and cancel operation through Session Initiation Protocol; Thereby the session control function module in the key-course 103 is inner can set up professional controll block, time controll block and the resources control block etc. that be used for controlling this business to this business, and safeguards professional controll block, time controll block and the resources control block of being set up etc.
For the AVDM and the AVSM of key-course 103, can realize by AVDM functional module that logically marks off in the key-course 103 and AVSM functional module respectively.The AVDM functional module is used to carry out media flow transmission control, the control of controlling signaling and notice signaling and load balancing policy control, the needed sound mixing function of voice video conference; The AVSM functional module is used for the control to the media store functional module of bearing bed 102.
End points management for key-course 103 can be realized by the end points management function module that logically marks off in the key-course 103.End points management function module can be used in the video monitoring system to IP based network among the present invention; The equipment of each end points such as the subscriber endpoints of all accesses, Media Stream end points and alarm end points is managed; Through to the facility information of the said equipment and the abstract storage that is recorded in the user profile of system; Through static configuration to the database in the system; Carry out each logical layer configuration of devices and attribute management through network management unit, make the video monitoring system of IP based network among the present invention have the ability of overall unified management and each logical layer equipment of planning.Wherein, the said equipment information can comprise information such as device identification, device attribute, and above-mentioned user profile then can comprise information such as ID, user property; Database in the aforesaid system can be shared by each logical layer usually and use, thereby does not combine a certain logical layer to describe in this article separately.
For the rights management of key-course 103, can realize by the rights management functional module that logically marks off in the key-course 103.The rights management functional module can be used for confirming the rights of using of user to the various resources in the video monitoring system of IP based network among the embodiment.
4) operation layer 104, are used for realizing basic business in the video monitoring system of IP based network of the present invention at least, as the professional intellectual analysis of formulating reference etc.
For the basic business in the operation layer 104, can realize by the basic business functional module that logically marks off in the operation layer 104.The basic business functional module can be used for providing the basic service of the video monitoring system of IP based network among the present invention, for example monitoring in real time, on-demand playback, cradle head control, storage plan, access control, batch configuration etc.The user can use basic service through the CE client in the Access Layer.
For the intellectual analysis in the operation layer 104, can realize by the intellectual analysis functional module that logically marks off in the operation layer 104.The intellectual analysis functional module can be used for providing the IN service of the video monitoring system of IP based network among the present invention, through combining of intellectual technology and upper layer application, satisfies the demand of user to system.For example: object tracking (Motion Tracking); Recognition of face (FacialDetection); Vehicle identification (Vehicle Identification); Illegal be detained (Object Persistence); Pyrotechnics detects (Fire Detection); People flow rate statistical (People Counting); People's group control (FlowControl); Human body behavioural analysis (Action Analyze); Magnitude of traffic flow control (Traffic Flow); Advanced video mobile detection (Advanced VMD); Article lost or displacement detecting (MovingDetection) etc.
Need to prove that each functional module in the operation layer 104 mainly is in order to make among the present invention the video monitoring system of IP based network video monitoring function can be provided with the mode of business, and other business functions can be provided further.Certainly; Directly under the control of key-course 103, obtain and distribution media stream if break away from professional through Access Layer 101 by bearing bed 102; Then also can realize video monitoring, thereby operation layer 104 is optional and nonessential for the video monitoring system of IP based network among the present invention.
The various functional modules of mentioning in the above-mentioned logical layer structure all can be realized through computer program by those skilled in the art, give unnecessary details no longer one by one at this.
Below, based on above-mentioned logical layer structure, the system architecture of the video monitoring system of IP based network among the present invention is elaborated.
Fig. 2 is the system architecture sketch map of the video monitoring system of IP based network among the present invention.As shown in Figure 2, in the present invention, the system architecture of the video monitoring system of IP based network comprises the access layer equipment of corresponding Access Layer 101, the bearing layer equipment of corresponding bearing bed 102, the key-course equipment of corresponding key-course 103.
1) access layer equipment of corresponding Access Layer 101 comprises: the client unit of respective user end points (Client Element; CE) 201, the headend equipment 202 of corresponding Media Stream end points or alarm end points and be used for CCF that CE201, headend equipment 202 insert (Call Control Function, CCF) server 203.
Preferably, CCF server 203 can provide SIP gateway and safe access gateway.
Preferably; CE 201 can specifically be divided into client/server (Client/Serve; C/S) architecture mode and browser/server (Browser/Server; B/S) architecture mode is two kinds; And CE 201 can support that real-time video, on-demand playback, Real-time Alarm, alarm interlock, round cut plan, the group plan of cutting, crowd's plan of cutting, user's login, rights management, equipment control, batch configuration, the track that cruises, cradle head control, transparent channel, storage administration, storage plan, voice broadcast service, speech talkback, video recording download, management of video, group Role Management, equipment incorporate into, (Geographic Information System GIS) waits network video monitor and control system professional to GIS-Geographic Information System.
Preferably, headend equipment 202 can be that for example medium stream information such as IP Camera, IP The Cloud Terrace equipment provides equipment, is used for the collection and the output of video information, audio-frequency information, data message, intellectual analysis information and warning information; Alternatively; Headend equipment 202 can link to each other with smart machine 202 ' through for example electric connection mode such as analog line, embedding; Perhaps also can link to each other with smart machine 202 ' through IP network; This smart machine 202 ' also links to each other through IP network with CCF server 203 simultaneously, so that access in the video monitoring system through CCF server 203; Certainly, for the system that comprises optional alarm end points, headend equipment 202 can also be safety-security area equipment such as gate inhibition's equipment, infrared equipment, smoke sensing equipment, intelligent alarm analytical equipment for example.
And; Above-mentioned CE 201 supports the Session Initiation Protocol expansion with headend equipment 202; Support RTP (Real-time Transport Protocol; RTP), (Real-timeTransport Control Protocol is RTCP) with real-time fluidisation agreement (Real-time StreamingProtocol, media flow transmission control protocol such as RTSP) for RTCP Real-time Transport Control Protocol.
2) bearing layer equipment of corresponding bearing bed 102 comprises: audio frequency and video distribution function (Audio and VideoDistribute Function; AVDF) (Audio andVideo Storage Function, AVSF) server 205 with optional audio frequency and video memory function for server 204.Medium in the foregoing bearing bed 102 are transmitted distribution function and are carried in the AVDF server 204; Media store functional module in the foregoing bearing bed 102 is carried in the AVSF server 205.
3) the key-course equipment of corresponding key-course 103 comprises: (Service ManagerFunction, SMF) (User Authentication Function, UAF) server 207 with the subscription authentication function for server 206 for service management function.Session control function module in the foregoing key-course 103 and AVDM functional module are carried in the SMF server 206; End points management function module, rights management functional module in the key-course 103 can be carried by SMF server 206 and UAF server 207 jointly as previously mentioned.
Still referring to Fig. 2, in the present embodiment in the video monitoring system of IP based network:
CE 201, headend equipment 202 link to each other through IP network with CCF server 203 respectively, access to through CCF server 203 in the video monitoring system of IP based network in the present embodiment;
CCF server 203 and SMF server 206 link to each other through IP network, based on the session control of SMF server 206, realize the access of CE 201, headend equipment 202;
CE 201, headend equipment 202 link to each other through IP network with AVDF server 204 respectively, through AVDF server 204 media streams;
AVDF server 204 and SMF server 206 link to each other through IP network, based on the session control of SMF server 206, realize the media flow transmission relevant treatment between headend equipment 202 and the CE 201.Specifically; AVDF server 204 be used for from the Media Stream between headend equipment and the CE receive, duplicate, transmit, distribution, route, multicast and broadcasting etc. transmit the distribution relevant treatment; Realize the video monitoring of the video monitoring session of CE 201 and headend equipment 202, promptly realize video monitoring this headend equipment 202 place scenes; AVDF server 204 is further used for controlling bottoms such as the transmission transmission relevant treatment of signaling and notice signaling.
AVSF server 205 and AVDF server 204 are connected through IP network; Also with between the AVDF server 204 set up media flow transmission interface as shown in Figure 9 and be connected 414; It is the connection shown in the corresponding diagram 8 based on RTP or RTCP or RTSP protocol of I ds interface 310; Thereby based on the session control of SMF server 206, the storage relevant treatment of the Media Stream of realizing through IP network transmitting via AVDF server 204 between headend equipment 202 and the CE 201; The mode of setting up of this media flow transmission interface connection 414 can realize according to existing any logic interfacing establishment of connection flow process, repeats no more at this.
Specifically, AVSF server 205 is used to receive, store the Media Stream from AVDF server 204, and is further used for carrying out processing such as storage plan management, storage medium management and playing back videos service.As previously mentioned, AVSF server 205 is optional bearing layer equipment, if thereby not comprise AVSF server 205 only be can't media streams and can't realize not influencing the realization of video monitoring based on the further function of storage.
UAF server 207 links to each other with SMF server 206 through IP network, is used for the user who logins through the CE 201 that accesses to system is carried out authorization check.
For the user who newly lands to system; This user utilizes the CE 201 application logins through CCF server 203 connecting systems; CCF server 203 is forwarded to log messages the SMF server 206 of ownership through IP network; SMF server 206 is forwarded to UAF server 207 places with message through IP network; Whether the authority set of in database, obtaining this user according to login user ID, check code by UAF server 207, returning login user through IP network to SMF server 206 then is authorization (Licence) user's result.
SMF server 206 is used to realize above-mentioned session control.In the practical application, a SMF server 206 can connect a plurality of CCF servers 203 and carry out load balancing control; A plurality of CCF servers 203 can provide the access of any equipment that can connecting system of CE 201, headend equipment 202 or other of broad range; And CCF server 203 can further be supported network address translation (Network Address Translation, NAT) gateway in the wide area network as gateway.
Mentioned among this paper " linking to each other " through IP network; Can adopt the existing concrete mode that connects through IP network arbitrarily; For example; Each logical layer equipment can be connected same switching equipment in the IP network or be connected to the different switching equipment in the IP network, and alternate manner is given unnecessary details at this no longer one by one.
In addition; For the basic business functional module in the optional as previously mentioned operation layer 104, intellectual analysis functional module etc., then can carry jointly by all access layer equipments that in the system of present embodiment, comprise, all bearing layer equipments, all key-course equipment.
Fig. 3 is the system interface sketch map of the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 3, in the present embodiment in the video monitoring system framework of IP based network as shown in Figure 2:
Adopt Icc interface (Interface of CE and CCF) 301 between CE 201 and the CCF server 203, interface communication uses Session Initiation Protocol;
Adopt Icn interface (Interface of CCF andNE) 302a between headend equipment 202 and the CCF server 203, interface communication uses Session Initiation Protocol; Need to prove that " NE " among this paper in the related English full name of each english abbreviation only representes headend equipment 202 in this article;
The smart machine 202 ' that is electrically connected with headend equipment 202 adopts Ici interface (Interface of CCF and Intelligent Device) 302b then and between the CCF server 203, and interface communication uses Session Initiation Protocol;
Adopt Isc interface (Interface of SMFand CCF) 303 between CCF server 203 and the SMF server 206, interface communication uses Session Initiation Protocol;
Adopt Isd interface (Interface of SMFand AVDF) 304 between AVDF server 204 and the SMF server 206, interface communication uses the Socket agreement;
Adopt Iss interface (Interface of SMFand AVSF) 305 between AVSF server 205 and the SMF server 206, interface communication uses the Socket agreement;
Adopt Isu interface (Interface of SMFand UAF) 306 between UAF server 207 and the SMF server 206, interface communication uses Session Initiation Protocol;
Adopt Idc interface (Interface of AVDF andCE) 308 between CE 201 and the AVDF server 204, interface communication uses RTP or RTCP or RTSP agreement;
Adopt Ind interface (Interface ofNE andAVDF) 309 between headend equipment 202 and the AVDF server 204, interface communication uses RTP or RTCP or RTSP agreement.
Fig. 4 is the single domain networking structure sketch map of the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 4; In the present embodiment in the video monitoring system of IP based network; For the situation that only comprises a SMF server 206; Be referred to as the single domain networking structure, this system specifically comprises: CE 201, headend equipment 202, CCF server 203, AVDF server 204, AVSF server 205, SMF server 206 and UAF server 207.
Fig. 5 is a kind of schematic flow sheet of exchange method in the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 5; In the video monitoring system of IP based network as shown in Figure 4, can carry out the mutual of media flow transmission control according to following flow process between CE 201, headend equipment 202, CCF server 203, AVDF server 204, the SMF server 206 in the present embodiment:
Step 501, CE 201 sends first request message that obtains Media Stream through IP network to CCF server 203, for example is called the message of " INVITE ", the Media Stream of the arbitrary headend equipment 202 of expression acquisition request;
Step 502, CCF server 203 are returned the session (Session) that for example is called first response message of " 100 " message and preserves this request correspondence according to first request message from CE 201 through IP network to CE 201;
Step 503; CCF server 203 is according to first request message from CE 201; The message etc. of sending for example " INVITE " by name through IP network to SMF server 206 is obtained second request message of Media Stream, is forwarded to SMF server 206 with the request with CE 201; Second request message described herein can be first request message of directly transmitting with the transparent transmission mode, also can be the request message that is generated separately by CCF server 203;
Step 504, SMF server 206 returns second response message through IP network to CCF server 203 according to second request message that obtains Media Stream from CCF server 203;
Step 505, SMF server 206 judge whether headend equipment 202 has been set up media flow transmission interface as shown in Figure 4 with AVDF server 204 and be connected 413; If, then direct execution in step 509, otherwise execution in step 506;
Step 506, SMF server 206 are sent the 5th request message of expression application ports such as " INVITE " message by name for example through IP network and forward end equipment 202, with 202 applications of forward end equipment can output media stream port;
Step 507, headend equipment 202 distributes corresponding port, returns the 5th response message that expression ports such as for example being called " 200OK " message has distributed through IP network and to SMF server 206;
Step 508; The 5th response message that the expression port that SMF server 206 is returned after the distribution corresponding port according to headend equipment 202 has distributed; Send the 3rd ACK that confirms that port has distributed through IP network and forward end equipment 202; After this, headend equipment 202 is promptly set up media flow transmission interface as shown in Figure 4 through IP network and AVDF server 204 and is connected 413;
Step 509, SMF server 206 returns the 3rd response message that the for example expression video capable monitor sessions such as message of " 200 OK " by name can be set up through IP network to CCF server 203;
Step 510, CCF server 203 are returned the 4th response message that the for example expression video capable monitor sessions such as message of " 200 OK " by name can be set up according to the 3rd response message from SMF server 206 to CE 201; Need to prove that the 4th response message described herein can be the 3rd response message of directly transmitting with the transparent transmission mode, also can be the response message that is generated separately by CCF server 203;
Step 511, CE 201 sends a ACK that expression confirm video monitoring session can set up through IP network to CCF server 203 according to the 4th response message from CCF server 203;
Step 512, CCF server 203 is confirmed the ACK that the video monitoring session can be set up according to the expression from CE 201, sends the 2nd ACK that expression confirms that the video monitoring session can be set up through IP network to SMF server 206; Need to prove that the 2nd ACK described herein can be an ACK who directly transmits with the transparent transmission mode, also can be the ACK that is generated separately by CCF server 203;
Step 513; SMF server 206 is confirmed the 2nd ACK that the video monitoring session can be set up according to the expression from CCF server 203; Through the request message of IP network to AVDF server 204 transmission open media flow ports, for example PortOpenNotify request message;
Step 514; AVDF server 204 bases are from the request message of the open media flow port of SMF server 206; Through its with corresponding headend equipment 202 between the media flow transmission interface of IP based network connect 413; Open this headend equipment 202 can output media stream port, and return the response message of opening of " Response " message by name for example through IP network and to SMF server 206;
Step 515; CE 201 AVDF server 204 opened corresponding headend equipment 202 can the port of output media stream after; Set up media flow transmission interface as shown in Figure 4 through IP network and AVDF server 204 and be connected 411; And through with AVDF server 204 between the media flow transmission interface of IP based network be connected 411, the media flow transmission interface of IP based network is connected 413 between AVDF server 204 and AVDF server 204 and the headend equipment 202, carries out the mutual of Media Stream based on video monitoring session and headend equipment 202.
So far, this flow process finishes.
In the above-mentioned flow process, step 502,504 is optional step, and step 503 can be carried out before step 502 or with step 502 simultaneously, and step 505 can be carried out before step 504 or with step 504 simultaneously; And be connected 413 situation through having set up the media flow transmission interface with AVDF server 204 for headend equipment 202, step 505~508 also are optional step.
Fig. 6 is the another kind of schematic flow sheet of exchange method in the video monitoring system of IP based network in the embodiment of the invention.As shown in Figure 6; Based on the video monitoring system of IP based network in the present embodiment and after flow process as shown in Figure 5; In the present embodiment in the video monitoring system of IP based network as shown in Figure 4; Between CE 201, headend equipment 202, CCF server 203, AVDF server 204, the SMF server 206, can also further realize the mutual of media flow transmission control according to following flow process:
Step 601, CE 201 passes through IP network and sends the 6th request message that the for example expression of " BYE " message by name stops the video monitoring session, the video monitoring session between request termination and the headend equipment 202 to CCF server 203;
Step 602; CCF server 203 is according to the 6th request message from CE 201; Through sending the 7th request message that expression stops the video monitoring session, be forwarded to SMF server 206 with request with the video monitoring session between CE 201 terminations and the headend equipment 202 to SMF server 206; Need to prove that the 7th request message described herein can be the 6th request message of directly transmitting with the transparent transmission mode, also can be the request message that CCF server 203 generates separately;
Step 603, SMF server 206 are sent the request message of closing Media Stream port, for example PortCloseNotify request message through IP network to AVDF server 204 according to the 7th request message from CCF server 203;
Step 604; AVDF server 204 bases are from the request message of the open media flow port of SMF server 206; Through its with corresponding headend equipment 202 between the media flow transmission interface of IP based network connect 413; Close the port that this headend equipment 202 can output media stream, and return the for example response closing message of " Response " message by name to SMF server 206 through IP network;
Step 605; SMF server 206 stops the media flow transmission interface 411 between CE 201 and the ASDF server 204 according to response closing message, and sends the 6th response message that expression video monitoring sessions such as for example being called " 200OK " message stops through IP network to CCF server 203;
Step 606; CCF server 203 is according to the 6th response message; Send the 7th response message that expression video monitoring sessions such as for example being called " 200OK " message stops through IP network to CE 201; CE201 after receiving the 7th response message, break off with AVDF server 204 between the media flow transmission interface of IP based network be connected 411, thereby stop the video monitoring session with headend equipment 202; Need showing of explanation, above-mentioned the 7th response message can be the 6th response message of directly transmitting with the transparent transmission mode, also can be the message that is generated separately by CCF server 203;
Step 607, whether SMF server 206 is judged the video monitoring session of current termination, be last video monitoring session of corresponding front end interface 202, if, then continue execution in step 608, otherwise process ends;
Step 608, SMF server 206 sends the 8th request message that " BYE " message etc. for example by name is cancelled port through IP network and forward end equipment, with forward end equipment 202 cancel can output media stream port;
Step 609; When front end equipment 202 cancelling corresponding port, and the expression ports such as " 200OK " message for example by name that returned the 8th response message of having cancelled after, headend equipment 202 has broken off and has passed through IP network and be connected 413 with media flow transmission interface between the AVDF server 204.
So far, this flow process finishes.
In the above-mentioned flow process, step 605,606 is optional step, and step 607 can be carried out before step 605 or step 606, also can carry out simultaneously with step 605 or step 606; And, be connected also nonessentially with media flow transmission interface 413 between the AVDF server 204 owing to break off headend equipment 202, therefore, step 607~609 also are optional step.
It is thus clear that among the present invention in the video monitoring system of IP based network, the connection between CE, headend equipment and each the logical layer equipment all realizes through IP network, thereby realized the all-IPization of video monitoring system.
More than, be detailed description to the video monitoring system of IP based network in the present embodiment.
In present embodiment video monitoring system as shown in Figure 4, headend equipment 102 and each logical layer equipment can be referred to as the resource of video monitoring system.
The user can login to video monitoring system through CE 201, and to utilize the operational motion to functional module be the may command respective resources.Wherein, the user can click corresponding button and initiate the aforesaid operations action in the video monitoring system visualization interface that CE 201 shows; Wherein, operational motion comprises at least: login, authentication, filtration, inquiry, increase, deletion, modification, visit, download, renewal, start, stop, playback, increase doubly speed, reduce doubly that a speed, The Cloud Terrace agreement, agreement issue, presetting bit, reception, interlock etc.In the video monitoring system of IP based network as shown in Figure 4, the functional module of carrying and the sketch map of various operational motions can be referring to Fig. 7.
In the practical application, the user of login is divided into leading subscriber and domestic consumer usually, and " user " as herein described is meant and utilizes CE 101 to land the user to system.Leading subscriber is responsible, and operation administers and maintains and can also be as the service object of miscellaneous service function in the system to system; Domestic consumer is then mainly as the service object of miscellaneous service function in the system; That is to say, should control the authority of domestic consumer's utilization the operational motion control respective resources of the various functional modules of realization management function.And; Even if between the domestic consumer; Also possibly there is the different user rank that is determined by the practical application scene, other domestic consumer of so corresponding different user level, it utilizes resource and operational motion type that the operational motion of functional module is controlled also should there are differences.Thus, just need control the authority of video monitoring system.
This paper aforesaid " utilizing the authority of the operational motion of functional module being controlled respective resources "; Abbreviate " authority of corresponding respective resources " hereinafter as, said " respective resources " expression belongs to the resource that this user of application scenarios decision can control by the user; Authority can comprise multiple, and different types of authority can corresponding dissimilar operational motion, for example, starts corresponding " startups " this operational motion of authority, downloads authority correspondence " download " this operational motion.
In the video monitoring system of IP based network as shown in Figure 4 in the present embodiment, can adopt following existing mode for the control of authority:
If leading subscriber, then when this user logined to video monitoring system, SMF server 206 was given all authorities of corresponding all resources of video monitoring system this user of login;
If domestic consumer; Then login to the video monitoring system the user, the leading subscriber CE 201 that accesses to video monitoring system capable of using, in UAF server 207, be provided with respectively each user the authority of related corresponding respective resources; The authority 1 and authority 2 of user's 1 related corresponding resource 1 for example are set; The authority 1 of user's 2 related corresponding resources 2 is set, the authority 3 of user's 3 corresponding resources 1 and the authority 2 of resource 3 is set, i.e. authority setting; When arbitrary user logins to video monitoring system; SMF server 206 all users from be arranged at UAF server 207 in the authority of related corresponding respective resources; Search one by one and obtain login this user the authority of related corresponding respective resources; The authority that to search and obtain is then given this user one by one, and promptly authority is given.
It is thus clear that, though above-mentioned control of authority mode can realize the control of authority to the user,, for domestic consumer, need be to each with carrying out the operation that associated permissions is set per family, it is lower to make authority in the control of authority that efficient is set; When the user logins to video monitoring system, need search one by one and obtain login this user the authority of related corresponding respective resources, it is lower to make authority in the control of authority give efficient; In addition, when authority is safeguarded, when revising the related authority of user if desired, even if the related authority of a plurality of user is identical, also need to these users related authority revise one by one, make that the authority maintenance efficiency in the control of authority is also lower.
Thus, present embodiment also further provides a kind of authority control method of video monitoring system and a kind of authority control system of video monitoring system based on video monitoring system as shown in Figure 4.Embodiment one
Fig. 8 is the exemplary process diagram of authority control method in the embodiment of the invention.As shown in Figure 8, the authority control method in the present embodiment comprises:
Step 800, in the UAF of video monitoring system server, be provided with a plurality of roles and each role the authority of related corresponding respective resources, and each user who is respectively said video monitoring system distributes at least one role.
In this step, " role " in fact can regard an abstract Virtual User as, its expression be to have one type of user of the identical authority of corresponding same asset.Thus one; A plurality of users for identical authority with corresponding same asset; Only need be provided with a role and this role the authority of related corresponding respective resources get final product, and when safeguarding, only need a role of modification the authority of related corresponding respective resources.For example; Suppose that user 1, user 2, user 3 place application scenarioss have determined that these three users all should be based on operational motion a and operational motion b control resource 1 and resource 2, then in this step, can be provided with a role 1 and role 1 related corresponding resource 1 and the authority a and the authority b of resource 2.
This step can be the CE execution that is accessed to video monitoring system by the leading subscriber utilization.
After this, when arbitrary user logins to video monitoring system, continue to carry out subsequent step.Alternatively, if the user of login is a leading subscriber, then can all authorities of corresponding all resources of video monitoring system be given this user and the process ends of login; Otherwise the user of login is a domestic consumer, then continues to carry out subsequent step.Certainly, no matter be leading subscriber or domestic consumer, also can all continue to carry out subsequent step.Whether the user is leading subscriber, can be judged according to existing mode by SMF server 206, repeats no more at this.
Step 801, SMF server from the UAF server, be retrieved as login the role that the user distributed and this role the authority of related corresponding respective resources.
Step 802, the SMF server with the role who obtains the authority of related corresponding respective resources give this user of login.
In above-mentioned steps 801~802; The role the authority of related corresponding respective resources; Can be multiple authority or a kind of authority of corresponding a plurality of resources or the multiple authority of corresponding a plurality of respective resources of a corresponding respective resources; And no matter be any situation since all with a role association, thereby can once obtain and once give the user.
So far, this flow process finishes.
Visible by above-mentioned flow process, in the present embodiment since be provided with a plurality of roles and each role related authority; Thereby; If certain role related authority conform to the user, then give this user with this role assignments after, can be directly with the role who obtains related authority give this user; And need not each authority that conforms to this user one by one with this user related after, give this user one by one again, thereby improved the efficient that authority setting and authority are given in the control of authority; And; For a plurality of users that are assigned same role, if all need revise the authority that it conforms to, then only need to revise this role related authority get final product; And need not to revise one by one each user related authority, thereby simplified the efficient that authority is safeguarded in the control of authority.
In addition; In the above-mentioned flow process in the present embodiment; In the time of execution in step 800, before or after, can further the part or all of resource in all resources of video monitoring system be divided into the different resources group respectively, and the resource group that division obtains is arranged in the UAF server.Like this; If comprise at least one resource group in the related respective resources of arbitrary role; This role who then is provided with in the UAF server the authority of related corresponding respective resources, can comprise: respectively with above-mentioned respective resources in arbitrary resource group at least one authority one to one.That is to say that respective resources can be corresponding with authority with the mode of resource group with authority.
For example; Suppose that user 1, user 2, user's 3 place application scenarioss have determined that these three users all should be based on operational motion a and operational motion b control resource 1 and resource 2; And resource 1 has constituted resource group 1 jointly with resource 2; Then be the role 1 that user 1, user 2, user 3 distributes, the authority a of role 1 and corresponding resource group 1 and the authority b of corresponding resource group 1 are related.
Thus, can further simplify the authority setting, thereby further improve the efficient that authority is provided with in the control of authority.
Certainly, in the present embodiment, respective resources also can be corresponding with authority with the mode of single resource with authority.Like this; If comprise in the related respective resources of arbitrary role and be not divided at least one resource of resource group; This role who then is provided with in the UAF server the authority of related corresponding respective resources, may further include: respectively with said respective resources in arbitrary resource at least one authority one to one.
For example; Suppose that user 1, user 2, user's 3 place application scenarioss have determined that these three users all should be based on operational motion a and operational motion b control resource 1 and resource 2; And resource 1 has constituted resource group 1 jointly with resource 2; Then be the role 1 that user 1, user 2, user 3 distributes, the authority a of the authority a of role 1 and corresponding resource 1, the authority b of corresponding resource 1, corresponding resource 2 and the authority b of corresponding resource 2 are related.
Thus, do not support the video monitoring system of divide resource group, still can adopt the technical scheme in the present embodiment, thereby improved the versatility and the compatibility of technical scheme in the present embodiment for some.
Need to prove that the related equipment of each step mainly is to video monitoring system as shown in Figure 4 in the above-mentioned flow process.Other video monitoring systems that are different from video monitoring system as shown in Figure 4 so for structure; Those skilled in the art can expect existing the situation of the related equipment of each step of needs replacement certainly, no longer to various video monitoring systems the equipment that each step possibly relate to are given unnecessary details one by one at this.
Fig. 9 is the exemplary block diagram of authority control system in the embodiment of the invention one.As shown in Figure 9, the authority control system in the present embodiment can be made up of the for example partial logic layer equipment in the video monitoring system shown in Fig. 4, specifically comprises: CCF server 203, SMF server 206, UAF server 207.
UAF server 207, be used to write down be provided with in advance a plurality of roles, each role the authority of related corresponding respective resources, and be at least one role that each user of said video monitoring system distributes in advance; Basic identical described in " role " described herein and the flow process as shown in Figure 3 repeats no more at this;
CCF server 203, the user who is used for video monitoring system is through accessing to the CE (not shown) login of this video monitoring system;
SMF server 206, be used to be retrieved as login the role that the user distributed and this role the authority of related corresponding respective resources, and give this user with the authority of obtaining.Wherein, The role the authority of related corresponding respective resources; Can be multiple authority or a kind of authority of corresponding a plurality of resources or the multiple authority of corresponding a plurality of respective resources of a corresponding respective resources; And no matter be any situation since all with a role association, thereby can once obtain and once give the user.
In the practical application, when the user that SMF server 206 can also be further used in login is leading subscriber, then all authorities of said all resources of video monitoring system of correspondence is given this user of login, and need not to be retrieved as the role that this leading subscriber distributes; Certainly, if all related with all authorities of all resources for the role that leading subscriber distributed, then SMF server 206 also can adopt above-mentioned processing mode for leading subscriber.
Above-mentioned authority control system in the present embodiment; Can realize by the above-mentioned logical layer equipment in the video monitoring system as shown in Figure 4; But need to improve in the said network element equipment original functional module or increase new functional module; So that these network element devices than the function of former video monitoring system, can further be realized authority control system.Wherein, the improvement of functional module or increase can utilize computer program to realize by those skilled in the art, repeat no more at this.
Visible by said system, in the present embodiment since be provided with a plurality of roles and each role related authority; Thereby; If certain role related authority conform to the user, then give this user with this role assignments after, can be directly with the role who obtains related authority give this user; And need not each authority that conforms to this user one by one with this user related after, give this user one by one again, thereby improved the efficient that authority setting and authority are given in the control of authority; And; For a plurality of users that are assigned same role, if all need revise the authority that it conforms to, then only need to revise this role related authority get final product; And need not to revise one by one each user related authority, thereby simplified the efficient that authority is safeguarded in the control of authority.
In addition, in the present embodiment, the part or all of resource in all resources of video monitoring system can further be divided into the different resources group.Like this; For authority control system as shown in Figure 9; Its UAF server 207 can be further used for storing by the part or all of resource in all resources of video monitoring system as shown in Figure 4 divides the different resource group that forms respectively; Correspondingly; If comprise at least one resource group in the related respective resources of arbitrary role, then in the UAF server 207 this role of storage the authority of related corresponding respective resources, can comprise: respectively with above-mentioned respective resources in arbitrary resource group at least one authority one to one.That is to say that respective resources can be corresponding with authority with the mode of resource group with authority.
Certainly, in the present embodiment, respective resources also can be corresponding with authority with the mode of single resource with authority.Like this; If comprise in the respective resources not being divided at least one resource of resource group, then the authority of this correspondence respective resources of storage may further include in the UAF server 207: respectively with said respective resources in arbitrary resource at least one authority one to one.
Need to prove that related equipment in the above-mentioned authority control system in the present embodiment mainly is to video monitoring system as shown in Figure 4.Other video monitoring systems that are different from video monitoring system as shown in Figure 4 so for structure; Those skilled in the art can expect existing the situation of needs replacement network element device certainly, no longer to various video monitoring systems the equipment that the authority control system in the present embodiment possibly relate to are given unnecessary details one by one at this.
Embodiment two
Present embodiment has further combined the scheme of user with the authority direct correlation of corresponding respective resources than embodiment one, so that improve the flexibility of control of authority.
Figure 10 is the model sketch map of control of authority in the embodiment of the invention two.Shown in figure 10; In the present embodiment; Not only be provided with the authority of the corresponding respective resources that role and role be associated, be provided with also that the user is associated respectively with the resource group one to one authority and user be associated respectively with respective resources authority one to one.Like this; When the user logins to video monitoring system; Can be retrieved as role that the user distributes and this role the authority of related corresponding respective resources; If also with respectively authority is related and/or with authority is related one to one with resource respectively one to one with the resource group for this user; Then can also further obtain simultaneously this user related respectively with the resource group one to one authority and/or respectively with resource authority one to one, promptly obtain simultaneously this user the authority of related respective resources.
For example; Suppose that user 1, user 2, user's 3 place application scenarioss have determined that user 1 should be based on operational motion a and operational motion b control resource 1, resource 2 and resource group 3, user 2 and user 3 should be based on operational motion a control resource 1, resource 2 and resource groups 3.Wherein, resource 1 has constituted resource group 1 jointly with resource 2.Like this, be the role 1 that user 1, user 2, user 3 distribute, the authority a of role 1 and corresponding resource group 1, the authority a of corresponding resource 3 are related, and be simultaneously, also further that the authority b of the authority b of user 1 and corresponding resource group 1, corresponding resource 3 is related.
Thus, can get to occur simultaneously to a plurality of users' respective resources and obtain respective resources and occur simultaneously, and to these a plurality of users to respective resources occur simultaneously the operational motion that can carry out, be that the authority that corresponding respective resources is occured simultaneously is being got common factor, obtain authority and occur simultaneously; Occur simultaneously according to respective resources common factor and authority then and set up a role and distribute to this a plurality of users, simultaneously,, related with corresponding user respectively with each authority outside the authority common factor of each resource outside the corresponding common factor of correspondence.
Thus it is clear that,, can improve the flexibility of control of authority in conjunction with the scheme of user with the authority direct correlation of corresponding respective resources.
Specifically, as shown in Figure 8 basic identical among authority control method in the present embodiment and the embodiment one, still:
Need in step 801, further obtain login the user the authority of related corresponding respective resources;
And; The user of the login that need in step 802, further will obtain in the authority of related corresponding respective resources, with the role who obtains the related underlapped authority of authority give the user of this login, i.e. the user 1 of hypothesis login is assigned role 1; And the authority b of the authority a of role 1 and corresponding resource 1, corresponding resource 2 is related; And this user 1 also is associated with the authority a of corresponding resource 1, the authority a of corresponding resource 3, then in step 302, except with role 1 the authority a, the authority b of corresponding resource 2 of related corresponding resource 1 give user 1; Also should with user 1 the authority a of related corresponding resource 3 also give user 1; And for user 1 the authority a of related corresponding resource 1 because related with role 1, thereby no longer repeat to give to avoid the operation in the practical application to make mistakes.
Structure as shown in Figure 9 among authority control system in the present embodiment and the embodiment one is basic identical, still:
Corresponding interchangeable corresponding key-course equipment in UAF server 207 or other video monitoring system, need be further used for storing each user the authority of related corresponding respective resources;
And; The interchangeable corresponding key-course equipment of correspondence in SMF server 206 or other video monitoring system; Need be further used for obtaining login the user the authority of related corresponding respective resources; And the user of the login that will obtain in the authority of related corresponding respective resources, with the role who obtains the related underlapped authority of authority give the user of this login.
Need to prove that in the present embodiment, respective resources and authority can be according to modes identical among the embodiment one, and be corresponding with authority and/or corresponding with authority with the mode of single resource with the mode of resource group, repeats no more at this.
It is thus clear that present embodiment not only can produce the beneficial effect that embodiment one is had, further, present embodiment has been owing to combined the scheme of user and authority direct correlation, thereby makes that the flexibility of control of authority is higher.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.All within spirit of the present invention and principle, any modification of being done, be equal to replacement and improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. the authority control method of a video monitoring system; It is characterized in that said video monitoring system comprises: the first key-course equipment, the second key-course equipment that links to each other through IP network with the said first key-course equipment, first access layer equipment that links to each other through said IP network with the said first key-course equipment and first bearing layer equipment, the headend equipment that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively and the client unit CE that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively;
This authority control method in the said second key-course equipment, be provided with a plurality of roles and each role the authority of related corresponding respective resources; And be respectively said video monitoring system and use each user of said CE to distribute at least one role; And when arbitrary user logined to said video monitoring system through said CE, this authority control method comprised:
A, the said first key-course equipment from the said second key-course equipment, be retrieved as login the role that the user distributed and this role the authority of related corresponding respective resources;
B, the said first key-course equipment are given the authority of obtaining this user of login.
2. authority control method as claimed in claim 1 is characterized in that, this authority control method further comprises before the said step a: in the said second key-course equipment, be provided with respectively each user the authority of related corresponding respective resources;
Said step a further comprises: the said first key-course equipment from the said second key-course equipment, obtain login the user the authority of related corresponding respective resources;
Said step b further comprises: the user of the login that the said first key-course equipment will obtain in the authority of related corresponding respective resources, with the role who obtains the related underlapped authority of authority give the user of this login.
3. according to claim 1 or claim 2 authority control method is characterized in that, this authority control method further was divided into the different resources group respectively with the part or all of resource in all resources of said video monitoring system before said step a,
And comprise at least one resource group in the said respective resources, then the authority of said corresponding respective resources comprises: respectively with said respective resources in arbitrary resource group at least one authority one to one.
4. authority control method as claimed in claim 3; It is characterized in that; Comprise in the said respective resources not being divided at least one resource of resource group, then the authority of said corresponding respective resources further comprises: respectively with said respective resources in arbitrary resource at least one authority one to one.
5. according to claim 1 or claim 2 authority control method; It is characterized in that; This authority control method further comprised before said step a: the said first key-course equipment judges whether the user of login is leading subscriber; If then all authorities of said all resources of video monitoring system of correspondence are given this user and the process ends of login, otherwise carry out said step a.
6. the authority control system of a video monitoring system; It is characterized in that this video monitoring system system comprises: the first key-course equipment, the second key-course equipment that links to each other through IP network with the said first key-course equipment, first access layer equipment that links to each other through said IP network with the said first key-course equipment and first bearing layer equipment, the headend equipment that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively and the client unit CE that links to each other through said IP network with said first access layer equipment and first bearing layer equipment respectively;
Said first access layer equipment is based on the control of the said first key-course equipment, with said CE with said headend equipment accesses in the said video monitoring system and the user in the said video monitoring system utilizes said CE to land;
Said first bearing layer equipment is realized the media flow transmission between said headend equipment and the said CE based on the control of the said first key-course equipment;
This authority control system comprises said first access layer equipment, the said first key-course equipment and the said second key-course equipment;
The said second key-course equipment, be used to write down be provided with in advance a plurality of roles, each role the authority of related corresponding respective resources, and be at least one role that each user of said video monitoring system distributes in advance;
And, the said first key-course equipment, also be used to be retrieved as login the role that the user distributed and this role the authority of related corresponding respective resources, and give this user with the authority of obtaining.
7. authority control system as claimed in claim 6 is characterized in that, the said second key-course equipment be further used for storing each user the authority of related corresponding respective resources;
The said first key-course equipment be further used for obtaining login the user the authority of related corresponding respective resources; And the user of the login that will obtain in the authority of related corresponding respective resources, with the role who obtains the related underlapped authority of authority give the user of this login.
8. like claim 6 or 7 described authority control systems, it is characterized in that the said second key-course equipment is further used for storing by the part or all of resource in all resources of said video monitoring system divides the different resource group that forms respectively;
And comprise at least one resource group in the said respective resources, then the authority of said corresponding respective resources comprises: respectively with said respective resources in arbitrary resource group at least one authority one to one.
9. authority control system as claimed in claim 8; It is characterized in that; Comprise in the said respective resources not being divided at least one resource of resource group, then the authority of said corresponding respective resources further comprises: respectively with said respective resources in arbitrary resource at least one authority one to one.
10. like claim 6 or 7 described authority control systems; It is characterized in that; When the user that the said first key-course equipment is further used in login is leading subscriber, then all authorities of said all resources of video monitoring system of correspondence are given this user of login.
CN200810227557A 2008-11-27 2008-11-27 Authority control method and system of video monitoring system Active CN101753963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810227557A CN101753963B (en) 2008-11-27 2008-11-27 Authority control method and system of video monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810227557A CN101753963B (en) 2008-11-27 2008-11-27 Authority control method and system of video monitoring system

Publications (2)

Publication Number Publication Date
CN101753963A CN101753963A (en) 2010-06-23
CN101753963B true CN101753963B (en) 2012-10-03

Family

ID=42480241

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810227557A Active CN101753963B (en) 2008-11-27 2008-11-27 Authority control method and system of video monitoring system

Country Status (1)

Country Link
CN (1) CN101753963B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521704B (en) * 2011-07-12 2015-07-22 武汉华工安鼎信息技术有限责任公司 Monitoring method of RFID-based confidential carrier intelligent monitoring system
CN103685203A (en) * 2012-09-25 2014-03-26 苏州精易会信息技术有限公司 Method for controlling network address accessing by browser
CN103595960B (en) * 2013-11-06 2018-07-13 浙江宇视科技有限公司 A kind of monitoring concern information-pushing method and device
CN103595973A (en) * 2013-11-28 2014-02-19 惠州华阳通用电子有限公司 Real-time vehicle audio/video monitoring system and method
CN103825894B (en) * 2014-02-21 2017-07-28 南京莱斯信息技术股份有限公司 A kind of application method of the multi-screen application system based on browser B/S structures
CN106295265A (en) * 2015-05-22 2017-01-04 阿里巴巴集团控股有限公司 A kind of method and device of user authority management
CN107592331B (en) * 2016-07-08 2021-11-02 中兴通讯股份有限公司 Method, device and system for realizing session continuity
CN109040703A (en) * 2018-09-17 2018-12-18 李瑶 A kind of monitoring security-protection management system
CN109743538A (en) * 2018-11-30 2019-05-10 与德科技有限公司 Monitor video checks control method
CN109933719B (en) * 2019-01-30 2021-08-31 维沃移动通信有限公司 Searching method and terminal equipment
CN110084004B (en) * 2019-03-28 2021-06-04 南京维沃软件技术有限公司 Permission configuration method and terminal equipment
CN110191321A (en) * 2019-05-30 2019-08-30 广东长盈科技股份有限公司 A kind of fusion intelligent video monitoring management application system
CN111193905B (en) * 2019-12-24 2022-11-01 视联动力信息技术股份有限公司 Monitoring resource allocation method and device and readable storage medium
GB2620950A (en) * 2022-07-26 2024-01-31 Proximie Ltd Apparatus for and method of obscuring information

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558611A (en) * 2004-02-12 2004-12-29 上海交通大学 Administrative center based multiple spots interactive method for network video monitoring control
CN1610315A (en) * 2003-10-20 2005-04-27 鸿富锦精密工业(深圳)有限公司 Network visual communication monitoring system and method
CN1889684A (en) * 2006-07-24 2007-01-03 华为技术有限公司 Long-distance monitoring business realizing method, system and terminal equipment between video information terminals

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1610315A (en) * 2003-10-20 2005-04-27 鸿富锦精密工业(深圳)有限公司 Network visual communication monitoring system and method
CN1558611A (en) * 2004-02-12 2004-12-29 上海交通大学 Administrative center based multiple spots interactive method for network video monitoring control
CN1889684A (en) * 2006-07-24 2007-01-03 华为技术有限公司 Long-distance monitoring business realizing method, system and terminal equipment between video information terminals

Also Published As

Publication number Publication date
CN101753963A (en) 2010-06-23

Similar Documents

Publication Publication Date Title
CN101753963B (en) Authority control method and system of video monitoring system
CN101741658B (en) Video monitoring system and interaction method in same
CN101702722B (en) Multi-media system converging multiple services and control method
CN101472155B (en) Household network system for implementing IPTV business and implementing method thereof
CN109640029B (en) Method and device for displaying video stream on wall
CN102271099B (en) Networking method and system
CN110121059B (en) Monitoring video processing method, device and storage medium
CN109889780B (en) Data synchronization method and device
CN109040658B (en) Conference control method and device
CN110460878B (en) Switching method and device of video communication link
CN109660816B (en) Information processing method and device
CN110113566B (en) Method and device for calling video stream
CN105323628A (en) DLNA multi-screen playback method and system, browser-side device and playback device
CN113014885B (en) Railway video resource interconnection convergence system and method
CN101753985B (en) Video monitoring system, and medium flow transmitting control device and method in the video monitoring system
CN110138728B (en) Video data sharing method and device
CN109922351B (en) Method and device for releasing live broadcast service
CN110113631A (en) A kind of video flowing sharing method and system
CN101431669A (en) Video monitoring system and control method for establishing media stream transmission connection in the same
CN101583021A (en) Monitoring device used in video conferencing monitoring system
CN111147859A (en) Video processing method and device
CN111147789B (en) Method, device and equipment for recording audio and video stream and storage medium
CN110049280B (en) Method and device for processing monitoring data
US9854276B2 (en) Information processing device, information processing method, and program
CN109151519B (en) Configuration distribution method and system based on video network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20171222

Address after: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee after: Vimicro Electronics Co., Ltd.

Patentee after: Zhongxing Technology Co., Ltd.

Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 35, Nanjing Ning building, 15 Floor

Co-patentee before: Vimicro Electronics Co., Ltd.

Patentee before: Beijing Vimicro Corporation

TR01 Transfer of patent right
CP01 Change in the name or title of a patent holder

Address after: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee after: Vimicro Electronics Co., Ltd.

Patentee after: Mid Star Technology Limited by Share Ltd

Address before: 100083 Haidian District, Xueyuan Road, No. 35, the world building, the second floor of the building on the ground floor, No. 16

Co-patentee before: Vimicro Electronics Co., Ltd.

Patentee before: Zhongxing Technology Co., Ltd.

CP01 Change in the name or title of a patent holder