CN105743925B - A kind of data transfer control method and video monitoring system - Google Patents

A kind of data transfer control method and video monitoring system Download PDF

Info

Publication number
CN105743925B
CN105743925B CN201610247085.2A CN201610247085A CN105743925B CN 105743925 B CN105743925 B CN 105743925B CN 201610247085 A CN201610247085 A CN 201610247085A CN 105743925 B CN105743925 B CN 105743925B
Authority
CN
China
Prior art keywords
data
data transmission
transmission controlling
certificate server
interchanger
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610247085.2A
Other languages
Chinese (zh)
Other versions
CN105743925A (en
Inventor
周迪
余剑声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Uniview Technologies Co Ltd
Original Assignee
Zhejiang Uniview Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Uniview Technologies Co Ltd filed Critical Zhejiang Uniview Technologies Co Ltd
Priority to CN201610247085.2A priority Critical patent/CN105743925B/en
Publication of CN105743925A publication Critical patent/CN105743925A/en
Application granted granted Critical
Publication of CN105743925B publication Critical patent/CN105743925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Abstract

The present invention provides a kind of data transfer control method and video monitoring system, which comprises when the VM determines that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;The VM determines corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and the Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certificate server and allows to pass through interchanger with the matched data of characteristic information of the data to be transmitted;The certificate server receives the Data Transmission Controlling rule, and carries out data transmission controlling according to the Data Transmission Controlling rule.Using the embodiment of the present invention safety of business in video monitoring networking can be improved in guaranteeing video monitoring networking while business normal operation.

Description

A kind of data transfer control method and video monitoring system
Technical field
The present invention relates to field of communication technology more particularly to a kind of data transfer control method and video monitoring systems.
Background technique
With the development of video/audio encoding and decoding technology and Network storage technology, the image data of video camera is digitized, and Digital video monitoring technology is formd in Internet (internet) transmission over networks, storage.
802.1X agreement is a kind of Network access control agreement (port based network access based on port Control protocol), in the port of LAN access device this level-one to the user equipment accessed carry out certification and Control.If the user equipment being connected on port can pass through certification, so that it may access the resource in local area network;If cannot lead to Certification is crossed, then can not access the resource in local area network.
However practice discovery, when applying 802.1x agreement in video monitoring networking, if IPC (Internet Protocol Camera, web camera) switch port that is connected is uncontrolled port, then industry in video monitoring networking The safety of business will be unable to be guaranteed;Thus, due to safety concerns, the switch port that IPC is connected can be arranged to by Control and unauthorized ports, at this point, normal live or other monitoring streams of IPC will be unable to issue, so as to cause entire monitoring business It is unavailable.
Summary of the invention
The present invention provides a kind of data transfer control method and video monitoring system, to solve in existing video monitoring networking Lead to monitoring business not available problem when application authorization agreement.
According to a first aspect of the embodiments of the present invention, a kind of data transfer control method is provided, applied to applying The video monitoring system of 802.1x agreement, the video monitoring system include monitoring device, client, Video Manager VM, hand over Change planes and certificate server, when system initialization is run, on the interchanger monitoring device side ports be all set to it is non-by Port is controlled, after monitoring device succeeds in registration to VM, the VM notice certificate server exchange generator terminal that is connected the monitoring device Mouth is revised as the controlled ports for allowing logon message and keep alive Packet to pass through, and media stream data is forbidden to pass through, the method packet It includes:
When the VM determines that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;
The VM determines corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and will be described Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certificate server Allow to pass through interchanger with the matched data of characteristic information of the data to be transmitted;
The certificate server receives the Data Transmission Controlling rule, and is carried out according to the Data Transmission Controlling rule Data Transmission Controlling.
According to a second aspect of the embodiments of the present invention, a kind of video monitoring system is provided, the system applies 802.1x Agreement, the video monitoring system include monitoring device, client, Video Manager VM, interchanger and certificate server, are When system initialization operation, monitoring device side ports are all set to uncontrolled port on the interchanger, when monitoring device is to VM After succeeding in registration, VM notify certificate server by the switch port that the monitoring device is connected be revised as allow logon message and Keep alive Packet passes through, and the controlled ports for forbidding media stream data to pass through, in which:
The VM, for when determining that target monitoring equipment there are when data transfer demands, determines the feature of data to be transmitted Information;
The VM is also used to determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, And the Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule, which is used to indicate, recognizes Card server allows to pass through interchanger with the matched data of characteristic information of the data to be transmitted;
The certificate server for receiving the Data Transmission Controlling rule, and is advised according to the Data Transmission Controlling Then carry out data transmission controlling.
Using the embodiment of the present invention, determining that target monitoring equipment there are when data transfer demands, determines to be passed by VM The characteristic information of transmission of data, and corresponding Data Transmission Controlling rule is determined according to the characteristic information of data to be transmitted, and then will The Data Transmission Controlling rule is sent to certificate server, carries out data according to the Data Transmission Controlling rule by certificate server Transmission control improves business in video monitoring networking while business operates normally in it ensure that video monitoring networking Safety.
Detailed description of the invention
Fig. 1 is a kind of network architecture schematic diagram of Data Transmission Controlling provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of data transfer control method provided in an embodiment of the present invention;
Fig. 3 is a kind of configuration diagram of video monitoring system provided in an embodiment of the present invention.
Specific embodiment
Technical solution in embodiment in order to enable those skilled in the art to better understand the present invention, and make of the invention real The above objects, features, and advantages for applying example can be more obvious and easy to understand, with reference to the accompanying drawing to technical side in the embodiment of the present invention Case is described in further detail.
The network architecture being first applicable in below the embodiment of the present invention is described.
Referring to Figure 1, Fig. 1 is a kind of network architecture schematic diagram of Data Transmission Controlling provided in an embodiment of the present invention, such as Shown in Fig. 1, which is suitable for applying the video monitoring system of 802.1x agreement, may include monitoring device (such as IPC), client (such as monitor client), VM (Video Manager, Video Manager), interchanger and certificate server (such as Remote Authentication Dial In User Service, remote customer dialing authentication system).
In the network architecture, can be pre-configured with VM can by monitoring protocol or proprietary protocol to certificate server into Row management can include but is not limited to VM to certificate server and send Data Transmission Controlling rule, allows certificate server The message of specific characteristic enters inside interchanger and local area network, and other messages are then prohibited from entering.
When system initialization operation, monitoring device side ports are all set to uncontrolled port on interchanger, work as monitoring After equipment succeeds in registration to VM, the switch port which is connected is revised as allowing to infuse by VM notice certificate server The controlled ports that volume message and keep alive Packet pass through, and media stream data forbidden to pass through.
When VM detects some monitoring device there are when data transfer demands, VM can determine the number of monitoring device transmission According to characteristic information, generate the Data Transmission Controlling rule of corresponding this feature information, and the Data Transmission Controlling rule is sent To certificate server, corresponding switch port is selectively awarded according to the data transmission rule by certificate server Power while business operates normally in guaranteeing video monitoring networking, improves the safety of business in video monitoring networking.
Based on the network architecture shown in FIG. 1, the embodiment of the invention provides a kind of data transfer control methods, refer to figure 2, Fig. 2 be a kind of flow diagram of data transfer control method provided in an embodiment of the present invention, as shown in Fig. 2, the data pass Transmission control method may comprise steps of:
Step 201, when VM determines target monitoring equipment, there are the feature letters for when data transfer demands, determining data to be transmitted Breath.
In the embodiment of the present invention, when VM detects that (such as video monitoring is real there are data transfer demands in video monitoring networking Condition data transfer demands) when, VM can determine the characteristic information of data to be transmitted.
As an alternative embodiment, in embodiments of the present invention, when VM determines target monitoring equipment, there are data When transmission demand, determine that the characteristic information of data to be transmitted may include:
When the on-demand request for target monitoring equipment for receiving destination client transmission, determine that target monitoring equipment is sent out Give the characteristic information of the monitoring data of destination client.
In this embodiment, destination client and it is not specific to the client of a certain fixation, but may refer to video prison Control any client in networking;Target monitoring equipment also and is not specific to the monitoring device of a certain fixation, but may refer to video Monitor any monitoring device in networking.Wherein, which can include but is not limited to IPC (Internet Protocol Camera, web camera) etc..
In this embodiment, when VM, which receives destination client, is directed to the on-demand request of target monitoring equipment, VM is needed Target monitoring equipment is notified to send monitoring data to destination client, at this point, VM can determine that target monitoring equipment is sent to The characteristic information of the monitoring data of destination client, wherein the characteristic information of the monitoring data can include but is not limited to monitor Five-tuple information, type of coding and data packet length of data etc..
As an example it is assumed that destination client is Client1, target monitoring equipment is IPC1, and the IP address of Client1 is The IP address of IP1, IPC1 are IP2, realize data interaction by port a1 and port b1 respectively between IPC1 and Client1, then The five-tuple information that IPC1 is sent to the video monitoring live data stream of Client1 can be (IP2, port b1, IP1, port A1, transport layer protocol), type of coding can be the type of coding of common video monitoring live data, such as a kind of H.264 (number Word video compression format) type of coding, data packet length can be video monitoring live data packet length.
Wherein, it is TCP (Transmission Control Protocol, transmission control that transport layer protocol, which is used to indicate data, Agreement processed) data or UDP (User Datagram Protocol, User Datagram Protocol).
Further, in embodiments of the present invention, it determines the characteristic information of data to be transmitted, can also include:
When monitoring data is TCP data, determine that destination client returns to the spy of the back message of target monitoring equipment Reference breath.
In this embodiment, it is contemplated that in Transmission Control Protocol, receiving device receives the data of sending ending equipment transmission Afterwards, it needs to respond ACK (confirmation) message and has received data to confirm, thus, when VM determines that target monitoring equipment is sent to mesh When the monitoring data for marking client is TCP data, VM is also it needs to be determined that destination client returns to the response of target monitoring equipment The characteristic information of message (ACK message).Wherein, the characteristic information of back message can include but is not limited to five yuan of back message Group information and data packet length etc..
Step 202, VM determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and should Data Transmission Controlling rule is sent to certificate server;Wherein, which is used to indicate certificate server and permits Perhaps pass through interchanger with the matched data of the characteristic information of data to be transmitted.
It, can be according to the spy of data to be transmitted after VM determines the characteristic information of data to be transmitted in the embodiment of the present invention Reference breath determines corresponding Data Transmission Controlling rule, the Data Transmission Controlling rule be used to indicate certificate server allow with it is upper The matched data of characteristic information for stating data to be transmitted pass through interchanger.
For example, still by taking examples cited in the associated description of above-mentioned steps 201 as an example, VM determines the spy of data to be transmitted After reference breath, it can determine that the corresponding Data Transmission Controlling rule of this feature information, the Data Transmission Controlling rule can wrap Including allows five-tuple information to be (IP2, port b1, IP1, port a1, transport layer protocol), and type of coding is the normal of live data stream See type of coding (such as H.264 type of coding), data packet length is that the live data wrapped in long range pass through interchanger.
Further, in this example, if the data that IPC1 is sent to Client1 are TCP data, VM specified data Transmission control rule can also include allowing five-tuple information (IP1, port a1, IP2, port b1, transport layer protocol (corresponding TCP Agreement)), data packet length is that the data of the long range of ACK packet pass through interchanger.
As it can be seen that in embodiments of the present invention, for UDP message, corresponding Data Transmission Controlling rule is unidirectional access rule Then, i.e., only monitoring device is allowed to be sent to client, and enters friendship with the data of corresponding Data Transmission Controlling rule match Change planes and local area network inside;For TCP data, corresponding Data Transmission Controlling rule is two-way admittable regulation, in addition to allowing Monitoring device is sent to client, and enters interchanger and local with the data of corresponding Data Transmission Controlling rule match It nets except inside, the ACK message that also permission client is returned to monitoring device is forwarded by the corresponding port of interchanger.
Further, in this embodiment, when the monitoring data that target monitoring equipment is sent to destination client is TCP When data, Data Transmission Controlling rule may be used to indicate that certificate server is decontroled in preset duration to target monitoring equipment The control of the data interacted between destination client.
Specifically, in this embodiment, it is contemplated that target monitoring equipment needs to carry out TCP data friendship with destination client When mutual, target monitoring equipment needs to establish TCP connection (including the three-way handshake stream in TCP establishment process with destination client Journey), the interaction of both target monitoring equipment and destination client can be related to during being somebody's turn to do, thus, in order to guarantee target monitoring TCP connection between equipment and destination client is successfully established, when VM is determined between target monitoring equipment and destination client When carrying out TCP data interaction, VM needs to indicate certificate server, and (preset duration can be by administrator's root in preset duration Set according to empirical value, such as 20 seconds, 30 seconds) control of the relieving to the data interacted between target monitoring equipment and destination client System, establishes TCP connection with destination client to guarantee that target monitoring equipment can succeed.
It, can be by Data Transmission Controlling rule after VM has determined Data Transmission Controlling rule in the embodiment of the present invention It is sent to certificate server;After certificate server receives Data Transmission Controlling rule, it can be transmitted and be controlled according to the data Rule processed carries out data transmission controlling.
In order to achieve the above object, in embodiments of the present invention, needing to be pre-configured with VM can be by monitoring protocol or private There is agreement to be managed certificate server, can include but is not limited to VM to certificate server and send Data Transmission Controlling rule Then, make certificate server allow specific characteristic message enter inside interchanger and local area network, and other messages then forbid into Enter.
Step 203, certificate server receive the Data Transmission Controlling rule that VM is sent, and are transmitted according to the data received Control rule carries out data transmission controlling.
It, can basis after certificate server receives the Data Transmission Controlling rule of VM transmission in the embodiment of the present invention The Data Transmission Controlling rule carries out data transmission controlling, such as the characteristic information for allowing with including in Data Transmission Controlling rule The data matched are by interchanger, or, handing over decontroling in preset duration the data between specified monitoring device and given client end Mutual control etc..
As an alternative embodiment, in embodiments of the present invention, certificate server is passed according to the data received Defeated control rule carries out data transmission controlling, and may include:
Certificate server issues Data Transmission Controlling instruction to interchanger according to the Data Transmission Controlling rule received and enables; Wherein, the Data Transmission Controlling instruction be used to indicate interchanger allow received from designated port with specific characteristic information matches Data pass through interchanger;
Interchanger receives Data Transmission Controlling instruction, and carries out data transmission controlling according to Data Transmission Controlling instruction System.
It in this embodiment, can basis after certificate server receives the Data Transmission Controlling rule that VM is sent The Data Transmission Controlling rule generates corresponding Data Transmission Controlling instruction, and Data Transmission Controlling instruction is handed down to exchange Machine is carried out data transmission controlling by interchanger according to Data Transmission Controlling instruction.Wherein, data are transmitted and are controlled by certificate server The specific implementation that system instruction is handed down to interchanger can continue to use 802.1x EAPOL (Extensible Authentication Protocol Over LAN (Local Area Network, local area network), the Extensible Authentication Protocol based on local area network) message into Row issues.
In this embodiment, certificate server to interchanger issue Data Transmission Controlling instruct when, it is also necessary to indicate into The port of row Data Transmission Controlling, thus, certificate server can also be into the Data Transmission Controlling instruction that interchanger issues Carry the MAC (Media Access Control, media access control) that the Data Transmission Controlling instructs corresponding monitoring device (MAC Address or port can be obtained by VM and be sent to certification clothes for the port that address or the monitoring device are connect with interchanger Business device).
Wherein, carrying when certificate server into the Data Transmission Controlling instruction that interchanger issues is that corresponding monitoring is set When standby MAC Address, interchanger needs to inquire the port that corresponding monitoring device is connected by MAC Address, specific implementation Details are not described herein.
Correspondingly, in embodiments of the present invention, VM can collect the identification information of each monitoring device in video monitoring networking (such as MAC Address or the port being connect with interchanger).Wherein, the identification information that VM collects each monitoring device can be set by monitoring It is standby to be realized to mode of carrying when VM registration or keep-alive in logon message or keep alive Packet, it can also statically be existed by user The mode configured on VM is realized.When VM detects the data transfer demands of certain monitoring device, and data to be transmitted is determined When corresponding Data Transmission Controlling rule, which can be controlled rule and one starting of identification information of the monitoring device by VM Give certificate server.
It in this embodiment, can be with after interchanger receives the Data Transmission Controlling instruction that certificate server issues Corresponding Data Transmission Controlling rule is enabled on corresponding port, and when receiving data from the port, according to the spy of data Levy the corresponding Data Transmission Controlling rule of information matches allows data logical if being matched to corresponding Data Transmission Controlling rule It crosses;Otherwise, data are not allowed to pass through.
As an example it is assumed that the Data Transmission Controlling rule enabled on switch port a includes the view for allowing H.264 to encode Frequency monitoring live data enters inside interchanger and local area network, then when interchanger receives data from port a, can pass through Inspection IP/RTP (Real-time Transport Protocol, real-time transport protocol)/ H.264 wait the number after related encapsulation According to by checking the respective offsets amount of IP packet (because using starting of the coded data in IP packet in the data packet H.264 encapsulated Position is fixed), to check NAL (Network Abstract Layer, network abstract layer) data head of H.264 coding layer Whether portion's information is 64 42, if so, the data for determining the IP packet are video monitoring live data, it is allowed to pass through;Otherwise, Refuse it to pass through.
As another optional embodiment, in embodiments of the present invention, certificate server is according to the data received Transmission control rule carries out data transmission controlling, and may include:
The data to be transmitted that certificate server desampler is sent;
Certificate server inquires the Data Transmission Controlling rule of itself storage according to the characteristic information of data to be transmitted;
If inquiring corresponding Data Transmission Controlling rule, and determine that permission is to be transmitted according to the Data Transmission Controlling rule When data pass through interchanger, certificate server is issued to interchanger allows data to pass through instruction;
Otherwise, certificate server issues forbidden data to interchanger and passes through instruction.
In this embodiment, the data that can determine whether that interchanger is received by certificate server enter exchange Inside machine and local area network.
Correspondingly, in this embodiment, when interchanger receives data, interchanger can be answered the data System, and upload it to certificate server;It, can be according to the spy of data after certificate server receives the data of interchanger upload The Data Transmission Controlling rule of reference breath inquiry itself storage, to judge whether there is and the matched number of the characteristic information of the data According to transmission control rule, and if it exists, and the Data Transmission Controlling rule determines when the data being allowed to pass through, and certificate server can be with The instruction for allowing data to be transmitted to pass through is issued to interchanger;Otherwise, certificate server can be issued to interchanger forbid it is to be passed The instruction that transmission of data passes through.
By above description as can be seen that in embodiments of the present invention, by VM, determining target monitoring equipment, there are numbers When according to transmission demand, the characteristic information of data to be transmitted is determined, and corresponding number is determined according to the characteristic information of data to be transmitted According to transmission control rule, and then the Data Transmission Controlling rule is sent to certificate server, by certificate server according to the number Carry out data transmission controlling according to transmission control rule, while business operates normally in it ensure that video monitoring networking, improve The safety of business in video monitoring networking.
Fig. 3 is referred to, is a kind of configuration diagram of video monitoring system provided in an embodiment of the present invention, the system is answered With 802.1x agreement, the video monitoring system includes monitoring device 310, client 320, Video Manager VM330, exchange Machine 340 and certificate server 350, when system initialization is run, monitoring device side ports are set on the interchanger 340 For uncontrolled port, after monitoring device succeeds in registration to VM, friendship that VM notice certificate server is connected the monitoring device Port modifications of changing planes are the controlled ports for allowing logon message and keep alive Packet to pass through, and media stream data is forbidden to pass through, in which:
The VM330, for when determining that target monitoring equipment there are when data transfer demands, determines the spy of data to be transmitted Reference breath;
The VM330 is also used to determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted Then, and by the Data Transmission Controlling rule it is sent to certificate server 350;Wherein, the Data Transmission Controlling rule is used for Indicate that certificate server allows to pass through interchanger 340 with the matched data of characteristic information of the data to be transmitted;
The certificate server 350, for receiving the Data Transmission Controlling rule, and according to the Data Transmission Controlling Rule carries out data transmission controlling.
In an alternative embodiment, the VM330, can be specifically used for when receive destination client transmission for target The on-demand request of monitoring device determines that the target monitoring equipment is sent to the feature letter of the monitoring data of the destination client Breath;The characteristic information of the monitoring data includes five-tuple information, type of coding and the data packet length of the monitoring data.
In an alternative embodiment, the VM330 can be also used for when the monitoring data being transmission control protocol TCP number According to when, determine that the destination client returns to the characteristic information of the back message of the target monitoring equipment, the response report The characteristic information of text includes the five-tuple information and data packet length of the back message;
Wherein, the Data Transmission Controlling rule is also used to indicate that certificate server is decontroled in preset duration to the mesh The control of the data interacted between mark monitoring device and the destination client.
In an alternative embodiment, the certificate server 350 can be specifically used for according to the Data Transmission Controlling rule Data Transmission Controlling instruction is issued to interchanger 340;Wherein, Data Transmission Controlling instruction be used to indicate interchanger allow from What designated port received passes through interchanger with the data of specific characteristic information matches;
The interchanger 340 can be used for receiving the Data Transmission Controlling instruction, and according to the Data Transmission Controlling Instruction carries out data transmission controlling;Wherein, the Data Transmission Controlling instruction is used to indicate interchanger permission and connects from designated port It is receiving to pass through interchanger with specific characteristic information matches data.
In an alternative embodiment, the certificate server 350 can be used for the number to be transmitted of the transmission of desampler 340 According to;
The certificate server 350 can be also used for inquiring itself storage according to the characteristic information of the data to be transmitted Data Transmission Controlling rule;
The certificate server 350, if can be also used for inquiring corresponding Data Transmission Controlling rule, and according to described Data Transmission Controlling rule determines that Xiang Suoshu interchanger 340 issues permission when the data to be transmitted being allowed to pass through interchanger 340 Data pass through instruction;Otherwise, Xiang Suoshu interchanger 340 issues forbidden data and passes through instruction.
In an alternative embodiment, the VM330 may include:
First determination unit, for when determining that target monitoring equipment there are when data transfer demands, determines data to be transmitted Characteristic information;
Second determination unit, for determining that corresponding Data Transmission Controlling is advised according to the characteristic information of the data to be transmitted Then;
Transmission unit, for the Data Transmission Controlling rule to be sent to certificate server;Wherein, the data transmission Control rule, which is used to indicate certificate server, to be allowed to pass through interchanger with the matched data of characteristic information of the data to be transmitted.
In an alternative embodiment, the certificate server 350 may include:
Receiving unit, for receiving the Data Transmission Controlling rule;
Control unit, for carrying out data transmission controlling according to the Data Transmission Controlling rule.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize the present invention program.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
As seen from the above-described embodiment, determining that target monitoring equipment there are when data transfer demands, determines to be passed by VM The characteristic information of transmission of data, and corresponding Data Transmission Controlling rule is determined according to the characteristic information of data to be transmitted, and then will The Data Transmission Controlling rule is sent to certificate server, carries out data according to the Data Transmission Controlling rule by certificate server Transmission control improves business in video monitoring networking while business operates normally in it ensure that video monitoring networking Safety.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.

Claims (10)

1. a kind of data transfer control method, applied to the video monitoring system for applying 802.1x agreement, the video monitoring System includes monitoring device, client, Video Manager VM, interchanger and certificate server, which is characterized in that system is initial When changing operation, monitoring device side ports are all set to uncontrolled port on the interchanger, when monitoring device is registered to VM After function, VM notifies certificate server to be revised as the switch port that the monitoring device is connected to allow logon message and keep-alive report Text passes through, and the controlled ports for forbidding media stream data to pass through, which comprises
When the VM determines that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;
The VM determines corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and by the data Transmission control rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certificate server permission The matched data of characteristic information with the data to be transmitted are by interchanger, and the VM is with certificate server by matching in advance It sets, be managed VM can by predetermined protocol to certificate server;
The certificate server receives the Data Transmission Controlling rule, and carries out data according to the Data Transmission Controlling rule Transmission control.
2. the method according to claim 1, wherein described, when the VM determines target monitoring equipment, there are data When transmission demand, the characteristic information of data to be transmitted is determined, comprising:
When the VM receive destination client transmission the on-demand request for target monitoring equipment, determine the target monitoring Equipment is sent to the characteristic information of the monitoring data of the destination client;The characteristic information of the monitoring data includes the prison Control five-tuple information, type of coding and the data packet length of data.
3. according to the method described in claim 2, it is characterized in that, the characteristic information of the determining data to be transmitted, further includes:
When the monitoring data is transmission control protocol TCP data, it is described that the VM determines that the destination client returns to The characteristic information of the back message of target monitoring equipment, the characteristic information of the back message include five yuan of the back message Group information and data packet length;
Wherein, the Data Transmission Controlling rule is also used to indicate that certificate server is decontroled in preset duration to target prison The control of the data interacted between control equipment and the destination client.
4. the method according to claim 1, wherein the certificate server is advised according to the Data Transmission Controlling Then carry out data transmission controlling, comprising:
The certificate server issues Data Transmission Controlling instruction to interchanger according to the Data Transmission Controlling rule;Wherein, Data Transmission Controlling instruction be used to indicate that interchanger allows to receive from designated port with specific characteristic information matches Data pass through interchanger;
The interchanger receives the Data Transmission Controlling instruction, and is carried out data transmission according to Data Transmission Controlling instruction Control;Wherein, the Data Transmission Controlling instruction is used to indicate interchanger allows to receive from designated port and specific characteristic The data of information matches pass through interchanger.
5. the method according to claim 1, wherein the certificate server is advised according to the Data Transmission Controlling Then carry out data transmission controlling, comprising:
The data to be transmitted that the certificate server desampler is sent;
The certificate server inquires the Data Transmission Controlling rule of itself storage according to the characteristic information of the data to be transmitted;
If inquiring corresponding Data Transmission Controlling rule, and determine that permission is described to be passed according to the Data Transmission Controlling rule When transmission of data passes through interchanger, the certificate server is issued to the interchanger allows data to pass through instruction;
Otherwise, the certificate server issues forbidden data to the interchanger and passes through instruction.
6. a kind of video monitoring system, the system applies 802.1x agreement, the video monitoring system include monitoring device, Client, Video Manager VM, interchanger and certificate server, which is characterized in that when system initialization is run, the exchange In-flight monitoring equipment side ports are all set to uncontrolled port, after monitoring device succeeds in registration to VM, VM notice certification clothes The switch port that the monitoring device is connected is revised as that logon message and keep alive Packet is allowed to pass through by business device, and forbids media The controlled ports that flow data passes through, in which:
The VM, for when determining that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;
The VM is also used to determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and will The Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certification clothes Business device allows to pass through interchanger, the VM and certificate server process with the matched data of characteristic information of the data to be transmitted It is pre-configured with, be managed VM can by predetermined protocol to certificate server;
The certificate server, for receiving Data Transmission Controlling rule, and according to the Data Transmission Controlling rule into Row Data Transmission Controlling.
7. system according to claim 6, which is characterized in that
The VM, specifically for determining institute when the on-demand request for target monitoring equipment for receiving destination client transmission State the characteristic information that target monitoring equipment is sent to the monitoring data of the destination client;The characteristic information of the monitoring data Five-tuple information, type of coding and data packet length including the monitoring data.
8. system according to claim 7, which is characterized in that
The VM is also used to determine that the destination client returns when the monitoring data is transmission control protocol TCP data To the characteristic information of the back message of the target monitoring equipment, the characteristic information of the back message includes the back message Five-tuple information and data packet length;
Wherein, the Data Transmission Controlling rule is also used to indicate that certificate server is decontroled in preset duration to target prison The control of the data interacted between control equipment and the destination client.
9. system according to claim 6, which is characterized in that
The certificate server refers to specifically for issuing Data Transmission Controlling to interchanger according to the Data Transmission Controlling rule It enables;Wherein, what Data Transmission Controlling instruction was used to indicate that interchanger allows to receive from designated port believes with specific characteristic It ceases matched data and passes through interchanger;
The interchanger is counted for receiving the Data Transmission Controlling instruction, and according to Data Transmission Controlling instruction It is controlled according to transmission;Wherein, Data Transmission Controlling instruction be used to indicate that interchanger allows to receive from designated port with finger Determine the matched data of characteristic information and passes through interchanger.
10. system according to claim 9, which is characterized in that
The certificate server, the data to be transmitted sent for desampler;
The certificate server is also used to inquire the data transmission control of itself storage according to the characteristic information of the data to be transmitted System rule;
The certificate server if being also used to inquire corresponding Data Transmission Controlling rule, and is transmitted according to the data and is controlled System rule determines when the data to be transmitted being allowed to pass through interchanger that Xiang Suoshu interchanger, which issues, allows data to pass through instruction;It is no Then, Xiang Suoshu interchanger issues forbidden data and passes through instruction.
CN201610247085.2A 2016-04-19 2016-04-19 A kind of data transfer control method and video monitoring system Active CN105743925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610247085.2A CN105743925B (en) 2016-04-19 2016-04-19 A kind of data transfer control method and video monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610247085.2A CN105743925B (en) 2016-04-19 2016-04-19 A kind of data transfer control method and video monitoring system

Publications (2)

Publication Number Publication Date
CN105743925A CN105743925A (en) 2016-07-06
CN105743925B true CN105743925B (en) 2019-04-12

Family

ID=56255554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610247085.2A Active CN105743925B (en) 2016-04-19 2016-04-19 A kind of data transfer control method and video monitoring system

Country Status (1)

Country Link
CN (1) CN105743925B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645480B (en) * 2016-07-22 2021-04-30 阿里巴巴集团控股有限公司 Data monitoring method, system and device
CN106982355B (en) * 2017-04-06 2019-11-05 浙江宇视科技有限公司 A kind of video monitoring system and anti-leak server of anti-image leakage
CN109802920A (en) * 2017-11-16 2019-05-24 杭州中威电子股份有限公司 A kind of equipment access hybrid authentication system for security industry
CN110300136B (en) * 2018-03-22 2021-12-24 杭州萤石软件有限公司 Cloud deck control optimization method and system
CN112039686B (en) * 2019-06-03 2023-08-04 杭州海康威视系统技术有限公司 Data stream transmission control method, device, monitoring equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123498A (en) * 2006-08-08 2008-02-13 华为技术有限公司 A method, device and system for access authentication
CN104113547A (en) * 2014-07-23 2014-10-22 中国科学院信息工程研究所 SIP (session initiation protocol) security protection video monitoring network access control system
CN105407334A (en) * 2015-12-29 2016-03-16 上海大学 Self management method for multi-scenario monitoring videos

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123498A (en) * 2006-08-08 2008-02-13 华为技术有限公司 A method, device and system for access authentication
CN104113547A (en) * 2014-07-23 2014-10-22 中国科学院信息工程研究所 SIP (session initiation protocol) security protection video monitoring network access control system
CN105407334A (en) * 2015-12-29 2016-03-16 上海大学 Self management method for multi-scenario monitoring videos

Also Published As

Publication number Publication date
CN105743925A (en) 2016-07-06

Similar Documents

Publication Publication Date Title
CN105743925B (en) A kind of data transfer control method and video monitoring system
JP6455780B2 (en) Global real-time telecommunications equipment, software modules, and systems
US7561586B2 (en) Method and apparatus for providing network VPN services on demand
CN109451264B (en) Method and system for monitoring equipment conference entry
US8893248B2 (en) Methods, systems, and computer readable media for media session policy compliance auditing and enforcement using a media relay and session initiation protocol (SIP) signaling
CN109462753B (en) System and method for testing multiple video conferences
US9444792B2 (en) Dynamic tunnel for real time data communication
CN108574818B (en) Information display method and device and server
WO2012016536A1 (en) Service communication method and system for access network apparatus
CN110022306B (en) Method and device for calling conference of video conference
CN108023858B (en) A kind of view networking network management safety certifying method and its system
CN108965227B (en) Data processing method and video networking conference server
US20090089431A1 (en) System and method for managing resources in access network
CN105828046B (en) A kind of transmission method and device of data flow
CN109672664B (en) Authentication method and system for video networking terminal
KR20080039880A (en) Cable gateway for interfacing packet cable networks with ip multimedia subsystems
JP2002522955A (en) Plug and play wireless architecture supporting packet data and IP voice / multimedia services
CN110335498A (en) A kind of parking lot road brake system and information interacting method based on block chain
US7181532B1 (en) Scalable policy server
CN110460469B (en) System upgrading method and device and storage medium
CN110324678B (en) Method and device for transmitting monitoring resource, electronic equipment and readable storage medium
CN103249091B (en) A kind of HQoS control, RSG and HQoS control system
CN109347844B (en) Method and device for accessing equipment to Internet
EP2403204B1 (en) Method and system for handling security in an IP multimedia gateway
CN101304328A (en) Multicast authentication method, authentication equipment and multicast authentication server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant