CN105743925A - Data transmission control method and video monitoring system - Google Patents
Data transmission control method and video monitoring system Download PDFInfo
- Publication number
- CN105743925A CN105743925A CN201610247085.2A CN201610247085A CN105743925A CN 105743925 A CN105743925 A CN 105743925A CN 201610247085 A CN201610247085 A CN 201610247085A CN 105743925 A CN105743925 A CN 105743925A
- Authority
- CN
- China
- Prior art keywords
- data
- data transmission
- transmission controlling
- switch
- certificate server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a data transmission control method and a video monitoring system. The method comprises the following steps that: when a VM determines that target monitoring equipment has a data transmission request, characteristic information of data to be transmitted is determined; the VM determines a corresponding data transmission control rule according to the characteristic information of the data to be transmitted, and sends the data transmission control rule to an authentication server, wherein the data transmission control rule is used for indicating the authentication server to allow data matched with the characteristic information of the data to be transmitted to pass through a switch; and the authentication server receives the data transmission control rule, and performs data transmission control according to the data transmission control rule. By means of the embodiment in the invention, the security of services in a video monitoring network is improved while normal operation of the services in the video monitoring network is ensured.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of data transfer control method and video monitoring system.
Background technology
Along with the development of video/audio encoding and decoding technology and Network storage technology, by the view data digitized of video camera, and define digital video monitoring technology in Internet (the Internet) transmission over networks, storage.
802.1X agreement is a kind of Network access control agreement (portbasednetworkaccesscontrolprotocol) based on port, the subscriber equipment accessed is authenticated in this one-level of port of LAN Gateway and controls by it.If the subscriber equipment being connected on port can pass through certification, it is possible to access the resource in LAN;If certification can not be passed through, then cannot access the resource in LAN.
But practice finds, when applying 802.1x agreement in video monitoring networking, if the switch ports themselves that IPC (InternetProtocolCamera, web camera) connects is uncontrolled port, then in video monitoring networking, the safety of business will be unable to be guaranteed;Thus, for security consideration, the switch ports themselves that IPC connects can be set to controlled and unauthorized ports, and now, normal live or other monitoring stream of IPC will be unable to send, thus causing that whole monitoring business is unavailable.
Summary of the invention
The present invention provides a kind of data transfer control method and video monitoring system, causes monitoring business disabled problem during to solve application authorization agreement in existing video monitoring networking.
First aspect according to embodiments of the present invention, a kind of data transfer control method is provided, it is applied to apply the video monitoring system of 802.1x agreement, described video monitoring system includes monitoring device, client, Video Manager VM, switch and certificate server, when system initialization runs, on described switch, monitoring device side ports is all set to uncontrolled port, after monitoring device succeeds in registration to VM, VM notifies that the switch ports themselves that this monitoring device connects is revised as permission logon message by certificate server and keep-alive message passes through, and forbid the controlled ports that media stream data passes through, described method includes:
When described VM determines that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted;
Described VM determines the Data Transmission Controlling rule of correspondence according to the characteristic information of described data to be transmitted, and described Data Transmission Controlling rule is sent to certificate server;Wherein, the data that described Data Transmission Controlling rule is mated with the characteristic information of described data to be transmitted for indicating certificate server to allow pass through switch;
Described certificate server receives described Data Transmission Controlling rule, and carries out data transmission controlling according to described Data Transmission Controlling rule.
Second aspect according to embodiments of the present invention, a kind of video monitoring system is provided, described system applies 802.1x agreement, described video monitoring system includes monitoring device, client, Video Manager VM, switch and certificate server, when system initialization runs, on described switch, monitoring device side ports is all set to uncontrolled port, after monitoring device succeeds in registration to VM, VM notifies that the switch ports themselves that this monitoring device connects is revised as permission logon message by certificate server and keep-alive message passes through, and forbid the controlled ports that media stream data passes through, wherein:
Described VM, for when determining that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted;
Described VM, is additionally operable to the characteristic information according to described data to be transmitted and determines the Data Transmission Controlling rule of correspondence, and described Data Transmission Controlling rule is sent to certificate server;Wherein, the data that described Data Transmission Controlling rule is mated with the characteristic information of described data to be transmitted for indicating certificate server to allow pass through switch;
Described certificate server, is used for receiving described Data Transmission Controlling rule, and carries out data transmission controlling according to described Data Transmission Controlling rule.
The application embodiment of the present invention, by VM when determining that target monitoring equipment exists data transfer demands, determine the characteristic information of data to be transmitted, and the Data Transmission Controlling rule of correspondence is determined according to the characteristic information of data to be transmitted, and then this Data Transmission Controlling rule is sent to certificate server, carried out data transmission controlling according to this Data Transmission Controlling rule by certificate server, in ensure that video monitoring networking business properly functioning while, improve the safety of business in video monitoring networking.
Accompanying drawing explanation
Fig. 1 is the network architecture schematic diagram of a kind of Data Transmission Controlling that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of a kind of data transfer control method that the embodiment of the present invention provides;
Fig. 3 is the configuration diagram of a kind of video monitoring system that the embodiment of the present invention provides.
Detailed description of the invention
In order to make those skilled in the art be more fully understood that the technical scheme in the embodiment of the present invention, and it is understandable to enable the above-mentioned purpose of the embodiment of the present invention, feature and advantage to become apparent from, below in conjunction with accompanying drawing, technical scheme in the embodiment of the present invention is described in further detail.
The network architecture first embodiment of the present invention being suitable for below is described.
Refer to Fig. 1, the network architecture schematic diagram of a kind of Data Transmission Controlling that Fig. 1 provides for the embodiment of the present invention, as shown in Figure 1, this network architecture is applicable to apply the video monitoring system of 802.1x agreement, it can include monitoring device (such as IPC), client (such as monitor client), VM (VideoManager, Video Manager), switch and certificate server (such as RemoteAuthenticationDialInUserService, remote customer dialing authentication system).
In this network architecture, VM can be pre-configured with by monitoring protocol or proprietary protocol, certificate server can be managed, it can include but not limited to that VM sends Data Transmission Controlling rule to certificate server, making certificate server allow the message of specific characteristic to enter inside switch and LAN, other message is then prohibited from entering.
When system initialization runs; on switch, monitoring device side ports is all set to uncontrolled port; after monitoring device succeeds in registration to VM; VM notifies that the switch ports themselves that this monitoring device connects is revised as permission logon message by certificate server and keep-alive message passes through, and forbids the controlled ports that media stream data passes through.
When VM detects that certain monitoring device exists data transfer demands, VM may determine that the characteristic information of the data that this monitoring device transmits, generate to should characteristic information Data Transmission Controlling rule, and this Data Transmission Controlling rule is sent to certificate server, corresponding switch ports themselves is optionally authorized according to this data transmission rule by certificate server, while ensureing in video monitoring networking that business is properly functioning, improve the safety of business in video monitoring networking.
Based on the network architecture shown in Fig. 1, embodiments provide a kind of data transfer control method, refer to the schematic flow sheet of a kind of data transfer control method that Fig. 2, Fig. 2 provide for the embodiment of the present invention, as in figure 2 it is shown, this data transfer control method may comprise steps of:
Step 201, when VM determines that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted.
In the embodiment of the present invention, when VM detects and there is data transfer demands (as video monitoring live data transmits demand) in video monitoring networking, VM may determine that the characteristic information of data to be transmitted.
As the optional embodiment of one, in embodiments of the present invention, when VM determines that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted may include that
When receiving the order request for target monitoring equipment that destination client sends, it is determined that target monitoring equipment is sent to the characteristic information of the monitoring data of destination client.
In this embodiment, a certain fixing client is not refered in particular in destination client, but may refer to any client in video monitoring networking;Target monitoring equipment does not refer in particular to a certain fixing monitoring device yet, but may refer to any monitoring device in video monitoring networking.Wherein, this monitoring device can include but not limited to IPC (InternetProtocolCamera, web camera) etc..
In this embodiment, when VM receives destination client for the order request of target monitoring equipment, VM needs notice target monitoring equipment to send monitoring data to destination client, now, VM may determine that target monitoring equipment is sent to the characteristic information of the monitoring data of destination client, wherein, the characteristic information of these monitoring data can include but not limited to the monitoring five-tuple information of data, type of coding and data packet length etc..
For example, hypothetical target client is Client1, target monitoring equipment is IPC1, the IP address of Client1 is IP1, the IP address of IPC1 is IP2, data interaction is realized respectively through port a1 and port b1 between IPC1 and Client1, then IPC1 is sent to the five-tuple information of the video monitoring live data stream of Client1 can be (IP2, port b1, IP1, port a1, transport layer protocol), type of coding can be the type of coding of common video monitoring live data, such as H.264 (a kind of compression of digital video form) type of coding, data packet length can be the length of video monitoring live data bag.
Wherein, transport layer protocol is used for indicating data is TCP (TransmissionControlProtocol, transmission control protocol) data or UDP (UserDatagramProtocol, UDP).
Further, in embodiments of the present invention, it is determined that the characteristic information of data to be transmitted, it is also possible to including:
When monitoring data and being tcp data, it is determined that destination client returns to the characteristic information of the back message of target monitoring equipment.
In this embodiment, consider in Transmission Control Protocol, after receiving device receives the data that sending ending equipment sends, need to respond ACK (confirmation) message to confirm to have been received by data, thus, when VM determine target monitoring equipment be sent to the monitoring data of destination client be tcp data time, VM also needs to the characteristic information of the back message (ACK message) determining that destination client returns to target monitoring equipment.Wherein, the characteristic information of back message can include but not limited to five-tuple information and the data packet length etc. of back message.
Step 202, VM determine the Data Transmission Controlling rule of correspondence according to the characteristic information of this data to be transmitted, and this Data Transmission Controlling rule is sent to certificate server;Wherein, the data that this Data Transmission Controlling rule is mated with the characteristic information of data to be transmitted for indicating certificate server to allow pass through switch.
In the embodiment of the present invention, after VM determines the characteristic information of data to be transmitted, can determine the Data Transmission Controlling rule of correspondence according to the characteristic information of data to be transmitted, the data that this Data Transmission Controlling rule is mated with the characteristic information of above-mentioned data to be transmitted for indicating certificate server to allow pass through switch.
For example, still for examples cited in the associated description of above-mentioned steps 201, after VM determines the characteristic information of data to be transmitted, may determine that the Data Transmission Controlling rule that this characteristic information is corresponding, this Data Transmission Controlling rule can include allowing five-tuple information for (IP2, port b1, IP1, port a1, transport layer protocol), type of coding is the common type of coding (such as H.264 type of coding) of live data stream, and data packet length is that the live data wrapped in long scope pass through switch.
Further, in this example, if IPC1 is tcp data to the Client1 data sent, the Data Transmission Controlling rule that then VM specifies can also include allowing five-tuple information (IP1, port a1, IP2, port b1, transport layer protocol (corresponding Transmission Control Protocol)), the data that data packet length is the long scope of ACK bag pass through switch.
Visible, in embodiments of the present invention, for UDP message, corresponding Data Transmission Controlling rule is unidirectional admittable regulation, namely only allow monitoring device to be sent to client, and enter inside switch and LAN with the data of corresponding Data Transmission Controlling rule match;For tcp data, corresponding Data Transmission Controlling rule is two-way admittable regulation, except allowing monitoring device to be sent to client, and enter with the data of corresponding Data Transmission Controlling rule match outside switch and LAN inside, also allow for the ACK message that client returns to monitoring device and forwarded by the corresponding port of switch.
Further, in this embodiment, when the monitoring data that target monitoring equipment is sent to destination client are tcp data, Data Transmission Controlling rule may be used to indicate that certificate server decontrols the control to data mutual between target monitoring equipment and destination client in preset duration.
nullConcrete,In this embodiment,Consider target monitoring equipment need with destination client carry out tcp data mutual time,Target monitoring equipment needs to set up TCP with destination client and is connected (including the TCP three-way handshake flow process setting up in process),This process can relate to the mutual of target monitoring equipment and both destination clients,Thus,In order to ensure that what the TCP between target monitoring equipment and destination client was connected is successfully established,When VM determine to carry out between target monitoring equipment and destination client tcp data mutual time,VM needs instruction certificate server, and in preset duration, (this preset duration can be set based on experience value by manager,Such as 20 seconds、30 seconds etc.) decontrol the control to data mutual between target monitoring equipment and destination client,To ensure that target monitoring equipment successfully can be set up TCP with destination client and be connected.
In the embodiment of the present invention, after VM determines Data Transmission Controlling rule, it is possible to this Data Transmission Controlling rule is sent to certificate server;After certificate server receives this Data Transmission Controlling rule, it is possible to carry out data transmission controlling according to this Data Transmission Controlling rule.
In order to achieve the above object, in embodiments of the present invention, need to be pre-configured with VM by monitoring protocol or proprietary protocol, certificate server to be managed, it can include but not limited to that VM sends Data Transmission Controlling rule to certificate server, making certificate server allow the message of specific characteristic to enter inside switch and LAN, other message is then prohibited from entering.
Step 203, certificate server receive the VM Data Transmission Controlling sent rule, and carry out data transmission controlling according to the Data Transmission Controlling rule received.
In the embodiment of the present invention, after certificate server receives the VM Data Transmission Controlling rule sent, can carry out data transmission controlling according to this Data Transmission Controlling rule, as allowed the data that the characteristic information included with Data Transmission Controlling rule mates to pass through switch, or, in preset duration, decontrol the control etc. to the data interaction specified between monitoring device and given client end.
As the optional embodiment of one, in embodiments of the present invention, certificate server carries out data transmission controlling according to the Data Transmission Controlling rule received, it is possible to including:
Certificate server issues Data Transmission Controlling instruction order according to the Data Transmission Controlling rule received to switch;Wherein, the data with specific characteristic information matches that this Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch;
Switch receives this Data Transmission Controlling instruction, and carries out data transmission controlling according to this Data Transmission Controlling instruction.
In this embodiment, after certificate server receives the VM Data Transmission Controlling rule sent, corresponding Data Transmission Controlling instruction can be generated according to this Data Transmission Controlling rule, and this Data Transmission Controlling instruction is handed down to switch, switch carry out data transmission controlling according to this Data Transmission Controlling instruction.Wherein, Data Transmission Controlling instruction is handed down to implementing of switch by certificate server can continue to use 802.1xEAPOL (ExtensibleAuthenticationProtocolOverLAN (LocalAreaNetwork, LAN), based on the Extensible Authentication Protocol of LAN) message issues.
In this embodiment, certificate server to switch issue Data Transmission Controlling instruction time, also need to indicate the port carrying out data transmission controlling, thus, the port (this MAC Address or port can be obtained by VM and be sent to certificate server) that certificate server can also carry MAC (MediaAccessControl, the media interviews control) address of monitoring device corresponding to this Data Transmission Controlling instruction in the Data Transmission Controlling instruction issued to switch or this monitoring device is connected with switch.
Wherein, when the MAC Address of the monitoring device for correspondence carried in the Data Transmission Controlling instruction that certificate server issues to switch, switch requires over the port that monitoring device corresponding to MAC Address inquiry connects, and it implements and does not repeat them here.
Correspondingly, in embodiments of the present invention, VM can collect the identification information (such as MAC Address or the port that is connected with switch) of each monitoring device in video monitoring networking.Wherein, VM collects the identification information of each monitoring device and can pass through the mode that monitoring device registers to VM or carry in logon message or keep-alive message during keep-alive and realize, it is also possible to the mode being carried out statically by user configuring on VM is realized.When VM detects the data transfer demands of certain monitoring device, and when determining Data Transmission Controlling rule corresponding to data to be transmitted, this transmission can be controlled the identification information of rule and this monitoring device by VM send jointly to certificate server.
In this embodiment, after switch receives the Data Transmission Controlling instruction that certificate server issues, the Data Transmission Controlling rule of correspondence can be enabled on corresponding port, and when receiving data from this port, the Data Transmission Controlling rule of the characteristic information coupling correspondence according to data, if matching the Data Transmission Controlling rule of correspondence, then data are allowed to pass through;Otherwise, data are not allowed to pass through.
nullFor example,Assume that the Data Transmission Controlling rule enabled on switch ports themselves a includes allowing the video monitoring live data H.264 encoded to enter inside switch and LAN,Then when switch receives data from port a,Can pass through to check IP/RTP (Real-timeTransportProtocol,RTP)/the data after relevant encapsulation such as H.264,By checking the respective offsets amount (because it is fixing for adopting coding data original position in IP bag in the packet H.264 encapsulated) of IP bag,Check the NAL (NetworkAbstractLayer H.264 encoding layer,Network abstract layer) whether data header information be 6442,If,The data then determining this IP bag are video monitoring live data,Allow it to pass through;Otherwise, refuse it to pass through.
As the optional embodiment of another kind, in embodiments of the present invention, certificate server carries out data transmission controlling according to the Data Transmission Controlling rule received, it is possible to including:
The data to be transmitted that certificate server desampler sends;
Certificate server inquires about the Data Transmission Controlling rule of self storage according to the characteristic information of data to be transmitted;
If inquiring the Data Transmission Controlling rule of correspondence, and when determining permission data to be transmitted by switch according to this Data Transmission Controlling rule, certificate server issues permission data to switch and passes through instruction;
Otherwise, certificate server issues forbidden data to switch and passes through instruction.
In this embodiment, it is possible to determined whether that the data that switch receives enter inside switch and LAN by certificate server.
Correspondingly, in this embodiment, when switch receives data, these data can be replicated by switch, and is uploaded to certificate server;After certificate server receives the data that switch is uploaded, the Data Transmission Controlling rule of self storage can be inquired about according to the characteristic information of data, with the Data Transmission Controlling rule that the characteristic information judged whether with these data mates, if existing, and this Data Transmission Controlling rule determines that these data of permission are when passing through, certificate server can issue, to switch, the instruction allowing data to be transmitted to pass through;Otherwise, certificate server can issue the instruction forbidding that data to be transmitted is passed through to switch.
Be can be seen that by above description, in embodiments of the present invention, by VM when determining that target monitoring equipment exists data transfer demands, determine the characteristic information of data to be transmitted, and the Data Transmission Controlling rule of correspondence is determined according to the characteristic information of data to be transmitted, and then this Data Transmission Controlling rule is sent to certificate server, carried out data transmission controlling according to this Data Transmission Controlling rule by certificate server, in ensure that video monitoring networking business properly functioning while, improve the safety of business in video monitoring networking.
Refer to Fig. 3, configuration diagram for a kind of video monitoring system that the embodiment of the present invention provides, described system applies 802.1x agreement, described video monitoring system includes monitoring device 310, client 320, Video Manager VM330, switch 340 and certificate server 350, when system initialization runs, on described switch 340, monitoring device side ports is all set to uncontrolled port, after monitoring device succeeds in registration to VM, VM notifies that the switch ports themselves that this monitoring device connects is revised as permission logon message by certificate server and keep-alive message passes through, and forbid the controlled ports that media stream data passes through, wherein:
Described VM330, for when determining that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted;
Described VM330, is additionally operable to the characteristic information according to described data to be transmitted and determines the Data Transmission Controlling rule of correspondence, and described Data Transmission Controlling rule is sent to certificate server 350;Wherein, the data that described Data Transmission Controlling rule is mated with the characteristic information of described data to be transmitted for indicating certificate server to allow are by switch 340;
Described certificate server 350, is used for receiving described Data Transmission Controlling rule, and carries out data transmission controlling according to described Data Transmission Controlling rule.
In an alternative embodiment, described VM330, it is possible to specifically for when receiving the order request for target monitoring equipment that destination client sends, it is determined that described target monitoring equipment is sent to the characteristic information of the monitoring data of described destination client;The characteristic information of described monitoring data includes the five-tuple information of described monitoring data, type of coding and data packet length.
In an alternative embodiment, described VM330, can be also used for when described monitoring data are transmission control protocol TCP data, determining that described destination client returns to the characteristic information of the back message of described target monitoring equipment, the characteristic information of described back message includes five-tuple information and the data packet length of described back message;
Wherein, described Data Transmission Controlling rule is additionally operable to instruction certificate server and decontrols the control to data mutual between described target monitoring equipment and described destination client in preset duration.
In an alternative embodiment, described certificate server 350, it is possible to specifically for issuing Data Transmission Controlling instruction according to described Data Transmission Controlling rule to switch 340;Wherein, the data with specific characteristic information matches that described Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch;
Described switch 340, it is possible to be used for receiving described Data Transmission Controlling instruction, and carry out data transmission controlling according to described Data Transmission Controlling instruction;Wherein, the data with specific characteristic information matches that described Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch.
In an alternative embodiment, described certificate server 350, it is possible to for the data to be transmitted that desampler 340 sends;
Described certificate server 350, it is also possible to inquire about the Data Transmission Controlling rule of self storage for the characteristic information according to described data to be transmitted;
Described certificate server 350, it is also possible to if for the Data Transmission Controlling rule inquiring correspondence, and when determining the described data to be transmitted of permission by switch 340 according to described Data Transmission Controlling rule, issue permission data to described switch 340 and pass through instruction;Otherwise, issue forbidden data to described switch 340 and pass through instruction.
In an alternative embodiment, described VM330 may include that
First determines unit, for when determining that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted;
Second determines unit, for determining the Data Transmission Controlling rule of correspondence according to the characteristic information of described data to be transmitted;
Transmitting element, for being sent to certificate server by described Data Transmission Controlling rule;Wherein, the data that described Data Transmission Controlling rule is mated with the characteristic information of described data to be transmitted for indicating certificate server to allow pass through switch.
In an alternative embodiment, described certificate server 350 may include that
Receive unit, be used for receiving described Data Transmission Controlling rule;
Control unit, for carrying out data transmission controlling according to described Data Transmission Controlling rule.
What in said apparatus, the function of unit and the process that realizes of effect specifically referred in said method corresponding step realizes process, does not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part illustrates referring to the part of embodiment of the method.Device embodiment described above is merely schematic, the wherein said unit illustrated as separating component can be or may not be physically separate, the parts shown as unit can be or may not be physical location, namely may be located at a place, or can also be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs to realize the purpose of the present invention program.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
As seen from the above-described embodiment, by VM when determining that target monitoring equipment exists data transfer demands, determine the characteristic information of data to be transmitted, and the Data Transmission Controlling rule of correspondence is determined according to the characteristic information of data to be transmitted, and then this Data Transmission Controlling rule is sent to certificate server, carried out data transmission controlling according to this Data Transmission Controlling rule by certificate server, in ensure that video monitoring networking business properly functioning while, improve the safety of business in video monitoring networking.
Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to other embodiment of the present invention.The application is intended to any modification of the present invention, purposes or adaptations, and these modification, purposes or adaptations are followed the general principle of the present invention and include the undocumented known general knowledge in the art of the present invention or conventional techniques means.Description and embodiments is considered only as exemplary, and the true scope of the present invention and spirit are pointed out by claim below.
It should be appreciated that the invention is not limited in precision architecture described above and illustrated in the accompanying drawings, and various amendment and change can carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
Claims (10)
1. a data transfer control method, it is applied to apply the video monitoring system of 802.1x agreement, described video monitoring system includes monitoring device, client, Video Manager VM, switch and certificate server, it is characterized in that, when system initialization runs, on described switch, monitoring device side ports is all set to uncontrolled port, after monitoring device succeeds in registration to VM, VM notifies that the switch ports themselves that this monitoring device connects is revised as permission logon message by certificate server and keep-alive message passes through, and forbid the controlled ports that media stream data passes through, described method includes:
When described VM determines that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted;
Described VM determines the Data Transmission Controlling rule of correspondence according to the characteristic information of described data to be transmitted, and described Data Transmission Controlling rule is sent to certificate server;Wherein, the data that described Data Transmission Controlling rule is mated with the characteristic information of described data to be transmitted for indicating certificate server to allow pass through switch;
Described certificate server receives described Data Transmission Controlling rule, and carries out data transmission controlling according to described Data Transmission Controlling rule.
2. method according to claim 1, it is characterised in that described when described VM determines that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted, including:
When described VM receives the order request for target monitoring equipment that destination client sends, it is determined that described target monitoring equipment is sent to the characteristic information of the monitoring data of described destination client;The characteristic information of described monitoring data includes the five-tuple information of described monitoring data, type of coding and data packet length.
3. method according to claim 2, it is characterised in that the described characteristic information determining data to be transmitted, also includes:
When described monitoring data are transmission control protocol TCP data, described VM determines that described destination client returns to the characteristic information of the back message of described target monitoring equipment, and the characteristic information of described back message includes five-tuple information and the data packet length of described back message;
Wherein, described Data Transmission Controlling rule is additionally operable to instruction certificate server and decontrols the control to data mutual between described target monitoring equipment and described destination client in preset duration.
4. method according to claim 1, it is characterised in that described certificate server carries out data transmission controlling according to described Data Transmission Controlling rule, including:
Described certificate server issues Data Transmission Controlling instruction according to described Data Transmission Controlling rule to switch;Wherein, the data with specific characteristic information matches that described Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch;
Described switch receives described Data Transmission Controlling instruction, and carries out data transmission controlling according to described Data Transmission Controlling instruction;Wherein, the data with specific characteristic information matches that described Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch.
5. method according to claim 1, it is characterised in that described certificate server carries out data transmission controlling according to described Data Transmission Controlling rule, including:
The data to be transmitted that described certificate server desampler sends;
Described certificate server inquires about the Data Transmission Controlling rule of self storage according to the characteristic information of described data to be transmitted;
If inquiring the Data Transmission Controlling rule of correspondence, and when determining the described data to be transmitted of permission by switch according to described Data Transmission Controlling rule, described certificate server issues permission data to described switch and passes through instruction;
Otherwise, described certificate server issues forbidden data to described switch and passes through instruction.
6. a video monitoring system; described system applies 802.1x agreement; described video monitoring system includes monitoring device, client, Video Manager VM, switch and certificate server; it is characterized in that; when system initialization runs; on described switch, monitoring device side ports is all set to uncontrolled port; after monitoring device succeeds in registration to VM; VM notifies that the switch ports themselves that this monitoring device connects is revised as permission logon message by certificate server and keep-alive message passes through; and forbid the controlled ports that media stream data passes through, wherein:
Described VM, for when determining that target monitoring equipment exists data transfer demands, it is determined that the characteristic information of data to be transmitted;
Described VM, is additionally operable to the characteristic information according to described data to be transmitted and determines the Data Transmission Controlling rule of correspondence, and described Data Transmission Controlling rule is sent to certificate server;Wherein, the data that described Data Transmission Controlling rule is mated with the characteristic information of described data to be transmitted for indicating certificate server to allow pass through switch;
Described certificate server, is used for receiving described Data Transmission Controlling rule, and carries out data transmission controlling according to described Data Transmission Controlling rule.
7. system according to claim 6, it is characterised in that
Described VM, specifically for when receiving the order request for target monitoring equipment that destination client sends, it is determined that described target monitoring equipment is sent to the characteristic information of the monitoring data of described destination client;The characteristic information of described monitoring data includes the five-tuple information of described monitoring data, type of coding and data packet length.
8. system according to claim 7, it is characterised in that
Described VM, it is additionally operable to when described monitoring data are transmission control protocol TCP data, determining that described destination client returns to the characteristic information of the back message of described target monitoring equipment, the characteristic information of described back message includes five-tuple information and the data packet length of described back message;
Wherein, described Data Transmission Controlling rule is additionally operable to instruction certificate server and decontrols the control to data mutual between described target monitoring equipment and described destination client in preset duration.
9. system according to claim 6, it is characterised in that
Described certificate server, specifically for issuing Data Transmission Controlling instruction according to described Data Transmission Controlling rule to switch;Wherein, the data with specific characteristic information matches that described Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch;
Described switch, is used for receiving described Data Transmission Controlling instruction, and carries out data transmission controlling according to described Data Transmission Controlling instruction;Wherein, the data with specific characteristic information matches that described Data Transmission Controlling instruction receives from designated port for indicating switch to allow pass through switch.
10. system according to claim 9, it is characterised in that
Described certificate server, for the data to be transmitted that desampler sends;
Described certificate server, is additionally operable to the Data Transmission Controlling rule that the characteristic information inquiry according to described data to be transmitted stores self;
Described certificate server, if being additionally operable to inquire the Data Transmission Controlling rule of correspondence, and when determining the described data to be transmitted of permission by switch according to described Data Transmission Controlling rule, issuing permission data to described switch and passing through instruction;Otherwise, issue forbidden data to described switch and pass through instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610247085.2A CN105743925B (en) | 2016-04-19 | 2016-04-19 | A kind of data transfer control method and video monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610247085.2A CN105743925B (en) | 2016-04-19 | 2016-04-19 | A kind of data transfer control method and video monitoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105743925A true CN105743925A (en) | 2016-07-06 |
| CN105743925B CN105743925B (en) | 2019-04-12 |
Family
ID=56255554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610247085.2A Active CN105743925B (en) | 2016-04-19 | 2016-04-19 | A kind of data transfer control method and video monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105743925B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982355A (en) * | 2017-04-06 | 2017-07-25 | 浙江宇视科技有限公司 | The video monitoring system and anti-leak server of a kind of anti-image leakage |
| CN107645480A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Data monitoring method and system, device |
| CN109802920A (en) * | 2017-11-16 | 2019-05-24 | 杭州中威电子股份有限公司 | A kind of equipment access hybrid authentication system for security industry |
| CN110300136A (en) * | 2018-03-22 | 2019-10-01 | 杭州萤石软件有限公司 | A kind of cradle head control optimization method and system |
| CN112039686A (en) * | 2019-06-03 | 2020-12-04 | 杭州海康威视系统技术有限公司 | Data stream transmission control method and device, monitoring equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123498A (en) * | 2006-08-08 | 2008-02-13 | 华为技术有限公司 | A method, device and system for access authentication |
| CN104113547A (en) * | 2014-07-23 | 2014-10-22 | 中国科学院信息工程研究所 | SIP (session initiation protocol) security protection video monitoring network access control system |
| CN105407334A (en) * | 2015-12-29 | 2016-03-16 | 上海大学 | Self management method for multi-scenario monitoring videos |
-
2016
- 2016-04-19 CN CN201610247085.2A patent/CN105743925B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123498A (en) * | 2006-08-08 | 2008-02-13 | 华为技术有限公司 | A method, device and system for access authentication |
| CN104113547A (en) * | 2014-07-23 | 2014-10-22 | 中国科学院信息工程研究所 | SIP (session initiation protocol) security protection video monitoring network access control system |
| CN105407334A (en) * | 2015-12-29 | 2016-03-16 | 上海大学 | Self management method for multi-scenario monitoring videos |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107645480A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | Data monitoring method and system, device |
| CN107645480B (en) * | 2016-07-22 | 2021-04-30 | 阿里巴巴集团控股有限公司 | Data monitoring method, system and device |
| CN106982355A (en) * | 2017-04-06 | 2017-07-25 | 浙江宇视科技有限公司 | The video monitoring system and anti-leak server of a kind of anti-image leakage |
| CN109802920A (en) * | 2017-11-16 | 2019-05-24 | 杭州中威电子股份有限公司 | A kind of equipment access hybrid authentication system for security industry |
| CN110300136A (en) * | 2018-03-22 | 2019-10-01 | 杭州萤石软件有限公司 | A kind of cradle head control optimization method and system |
| CN112039686A (en) * | 2019-06-03 | 2020-12-04 | 杭州海康威视系统技术有限公司 | Data stream transmission control method and device, monitoring equipment and storage medium |
| CN112039686B (en) * | 2019-06-03 | 2023-08-04 | 杭州海康威视系统技术有限公司 | Data stream transmission control method, device, monitoring equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105743925B (en) | 2019-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105743925A (en) | Data transmission control method and video monitoring system | |
| US9112909B2 (en) | User and device authentication in broadband networks | |
| US7561586B2 (en) | Method and apparatus for providing network VPN services on demand | |
| JP4754964B2 (en) | Radio network control apparatus and radio network control system | |
| US8893248B2 (en) | Methods, systems, and computer readable media for media session policy compliance auditing and enforcement using a media relay and session initiation protocol (SIP) signaling | |
| KR101093902B1 (en) | Method and system for controlling the access authorisation for a user in a local administrative domain when said user connects to an ip network | |
| US7526641B2 (en) | IPsec communication method, communication control apparatus, and network camera | |
| US9008056B2 (en) | Remote network access via a visited network | |
| WO2008122963A2 (en) | Network service operational status monitoring | |
| KR20010085327A (en) | A plug and play wireless architecture supporting packet data and ip voice/multimedia services | |
| CN106789952B (en) | Method and system for serving local area network into internet | |
| CN110800271B (en) | Method for activating a process applied to a data session | |
| US10878678B2 (en) | Method and system for controlling cameras | |
| CN105227692A (en) | A kind of NAT through method and gateway device | |
| EP2403204B1 (en) | Method and system for handling security in an IP multimedia gateway | |
| WO2016066027A1 (en) | Media transmission method and device | |
| JP4965499B2 (en) | Authentication system, authentication device, communication setting device, and authentication method | |
| TWI270276B (en) | Network device, method of processing an exterior gateway protocol packet, and article of machine readable code containing instructions | |
| WO2008003214A1 (en) | Method, device and system for media flow traversing nat | |
| KR102335670B1 (en) | Method for video streaming via intermediate server using WebSocket | |
| JP3543767B2 (en) | Facsimile system | |
| JP5920891B2 (en) | Communication service authentication / connection system and method thereof | |
| WO2012097523A1 (en) | Process method, apparatus and system for controlling data stream | |
| WO2010028850A1 (en) | Method for supporting quality of service | |
| US20220201040A1 (en) | Over-the-top management in a communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |