CN105743925B - A kind of data transfer control method and video monitoring system - Google Patents
A kind of data transfer control method and video monitoring system Download PDFInfo
- Publication number
- CN105743925B CN105743925B CN201610247085.2A CN201610247085A CN105743925B CN 105743925 B CN105743925 B CN 105743925B CN 201610247085 A CN201610247085 A CN 201610247085A CN 105743925 B CN105743925 B CN 105743925B
- Authority
- CN
- China
- Prior art keywords
- data
- data transmission
- transmission controlling
- certificate server
- interchanger
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Abstract
The present invention provides a kind of data transfer control method and video monitoring system, which comprises when the VM determines that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;The VM determines corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and the Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certificate server and allows to pass through interchanger with the matched data of characteristic information of the data to be transmitted;The certificate server receives the Data Transmission Controlling rule, and carries out data transmission controlling according to the Data Transmission Controlling rule.Using the embodiment of the present invention safety of business in video monitoring networking can be improved in guaranteeing video monitoring networking while business normal operation.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of data transfer control method and video monitoring systems.
Background technique
With the development of video/audio encoding and decoding technology and Network storage technology, the image data of video camera is digitized, and
Digital video monitoring technology is formd in Internet (internet) transmission over networks, storage.
802.1X agreement is a kind of Network access control agreement (port based network access based on port
Control protocol), in the port of LAN access device this level-one to the user equipment accessed carry out certification and
Control.If the user equipment being connected on port can pass through certification, so that it may access the resource in local area network;If cannot lead to
Certification is crossed, then can not access the resource in local area network.
However practice discovery, when applying 802.1x agreement in video monitoring networking, if IPC (Internet
Protocol Camera, web camera) switch port that is connected is uncontrolled port, then industry in video monitoring networking
The safety of business will be unable to be guaranteed;Thus, due to safety concerns, the switch port that IPC is connected can be arranged to by
Control and unauthorized ports, at this point, normal live or other monitoring streams of IPC will be unable to issue, so as to cause entire monitoring business
It is unavailable.
Summary of the invention
The present invention provides a kind of data transfer control method and video monitoring system, to solve in existing video monitoring networking
Lead to monitoring business not available problem when application authorization agreement.
According to a first aspect of the embodiments of the present invention, a kind of data transfer control method is provided, applied to applying
The video monitoring system of 802.1x agreement, the video monitoring system include monitoring device, client, Video Manager VM, hand over
Change planes and certificate server, when system initialization is run, on the interchanger monitoring device side ports be all set to it is non-by
Port is controlled, after monitoring device succeeds in registration to VM, the VM notice certificate server exchange generator terminal that is connected the monitoring device
Mouth is revised as the controlled ports for allowing logon message and keep alive Packet to pass through, and media stream data is forbidden to pass through, the method packet
It includes:
When the VM determines that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;
The VM determines corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and will be described
Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certificate server
Allow to pass through interchanger with the matched data of characteristic information of the data to be transmitted;
The certificate server receives the Data Transmission Controlling rule, and is carried out according to the Data Transmission Controlling rule
Data Transmission Controlling.
According to a second aspect of the embodiments of the present invention, a kind of video monitoring system is provided, the system applies 802.1x
Agreement, the video monitoring system include monitoring device, client, Video Manager VM, interchanger and certificate server, are
When system initialization operation, monitoring device side ports are all set to uncontrolled port on the interchanger, when monitoring device is to VM
After succeeding in registration, VM notify certificate server by the switch port that the monitoring device is connected be revised as allow logon message and
Keep alive Packet passes through, and the controlled ports for forbidding media stream data to pass through, in which:
The VM, for when determining that target monitoring equipment there are when data transfer demands, determines the feature of data to be transmitted
Information;
The VM is also used to determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted,
And the Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule, which is used to indicate, recognizes
Card server allows to pass through interchanger with the matched data of characteristic information of the data to be transmitted;
The certificate server for receiving the Data Transmission Controlling rule, and is advised according to the Data Transmission Controlling
Then carry out data transmission controlling.
Using the embodiment of the present invention, determining that target monitoring equipment there are when data transfer demands, determines to be passed by VM
The characteristic information of transmission of data, and corresponding Data Transmission Controlling rule is determined according to the characteristic information of data to be transmitted, and then will
The Data Transmission Controlling rule is sent to certificate server, carries out data according to the Data Transmission Controlling rule by certificate server
Transmission control improves business in video monitoring networking while business operates normally in it ensure that video monitoring networking
Safety.
Detailed description of the invention
Fig. 1 is a kind of network architecture schematic diagram of Data Transmission Controlling provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of data transfer control method provided in an embodiment of the present invention;
Fig. 3 is a kind of configuration diagram of video monitoring system provided in an embodiment of the present invention.
Specific embodiment
Technical solution in embodiment in order to enable those skilled in the art to better understand the present invention, and make of the invention real
The above objects, features, and advantages for applying example can be more obvious and easy to understand, with reference to the accompanying drawing to technical side in the embodiment of the present invention
Case is described in further detail.
The network architecture being first applicable in below the embodiment of the present invention is described.
Referring to Figure 1, Fig. 1 is a kind of network architecture schematic diagram of Data Transmission Controlling provided in an embodiment of the present invention, such as
Shown in Fig. 1, which is suitable for applying the video monitoring system of 802.1x agreement, may include monitoring device (such as
IPC), client (such as monitor client), VM (Video Manager, Video Manager), interchanger and certificate server
(such as Remote Authentication Dial In User Service, remote customer dialing authentication system).
In the network architecture, can be pre-configured with VM can by monitoring protocol or proprietary protocol to certificate server into
Row management can include but is not limited to VM to certificate server and send Data Transmission Controlling rule, allows certificate server
The message of specific characteristic enters inside interchanger and local area network, and other messages are then prohibited from entering.
When system initialization operation, monitoring device side ports are all set to uncontrolled port on interchanger, work as monitoring
After equipment succeeds in registration to VM, the switch port which is connected is revised as allowing to infuse by VM notice certificate server
The controlled ports that volume message and keep alive Packet pass through, and media stream data forbidden to pass through.
When VM detects some monitoring device there are when data transfer demands, VM can determine the number of monitoring device transmission
According to characteristic information, generate the Data Transmission Controlling rule of corresponding this feature information, and the Data Transmission Controlling rule is sent
To certificate server, corresponding switch port is selectively awarded according to the data transmission rule by certificate server
Power while business operates normally in guaranteeing video monitoring networking, improves the safety of business in video monitoring networking.
Based on the network architecture shown in FIG. 1, the embodiment of the invention provides a kind of data transfer control methods, refer to figure
2, Fig. 2 be a kind of flow diagram of data transfer control method provided in an embodiment of the present invention, as shown in Fig. 2, the data pass
Transmission control method may comprise steps of:
Step 201, when VM determines target monitoring equipment, there are the feature letters for when data transfer demands, determining data to be transmitted
Breath.
In the embodiment of the present invention, when VM detects that (such as video monitoring is real there are data transfer demands in video monitoring networking
Condition data transfer demands) when, VM can determine the characteristic information of data to be transmitted.
As an alternative embodiment, in embodiments of the present invention, when VM determines target monitoring equipment, there are data
When transmission demand, determine that the characteristic information of data to be transmitted may include:
When the on-demand request for target monitoring equipment for receiving destination client transmission, determine that target monitoring equipment is sent out
Give the characteristic information of the monitoring data of destination client.
In this embodiment, destination client and it is not specific to the client of a certain fixation, but may refer to video prison
Control any client in networking;Target monitoring equipment also and is not specific to the monitoring device of a certain fixation, but may refer to video
Monitor any monitoring device in networking.Wherein, which can include but is not limited to IPC (Internet Protocol
Camera, web camera) etc..
In this embodiment, when VM, which receives destination client, is directed to the on-demand request of target monitoring equipment, VM is needed
Target monitoring equipment is notified to send monitoring data to destination client, at this point, VM can determine that target monitoring equipment is sent to
The characteristic information of the monitoring data of destination client, wherein the characteristic information of the monitoring data can include but is not limited to monitor
Five-tuple information, type of coding and data packet length of data etc..
As an example it is assumed that destination client is Client1, target monitoring equipment is IPC1, and the IP address of Client1 is
The IP address of IP1, IPC1 are IP2, realize data interaction by port a1 and port b1 respectively between IPC1 and Client1, then
The five-tuple information that IPC1 is sent to the video monitoring live data stream of Client1 can be (IP2, port b1, IP1, port
A1, transport layer protocol), type of coding can be the type of coding of common video monitoring live data, such as a kind of H.264 (number
Word video compression format) type of coding, data packet length can be video monitoring live data packet length.
Wherein, it is TCP (Transmission Control Protocol, transmission control that transport layer protocol, which is used to indicate data,
Agreement processed) data or UDP (User Datagram Protocol, User Datagram Protocol).
Further, in embodiments of the present invention, it determines the characteristic information of data to be transmitted, can also include:
When monitoring data is TCP data, determine that destination client returns to the spy of the back message of target monitoring equipment
Reference breath.
In this embodiment, it is contemplated that in Transmission Control Protocol, receiving device receives the data of sending ending equipment transmission
Afterwards, it needs to respond ACK (confirmation) message and has received data to confirm, thus, when VM determines that target monitoring equipment is sent to mesh
When the monitoring data for marking client is TCP data, VM is also it needs to be determined that destination client returns to the response of target monitoring equipment
The characteristic information of message (ACK message).Wherein, the characteristic information of back message can include but is not limited to five yuan of back message
Group information and data packet length etc..
Step 202, VM determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and should
Data Transmission Controlling rule is sent to certificate server;Wherein, which is used to indicate certificate server and permits
Perhaps pass through interchanger with the matched data of the characteristic information of data to be transmitted.
It, can be according to the spy of data to be transmitted after VM determines the characteristic information of data to be transmitted in the embodiment of the present invention
Reference breath determines corresponding Data Transmission Controlling rule, the Data Transmission Controlling rule be used to indicate certificate server allow with it is upper
The matched data of characteristic information for stating data to be transmitted pass through interchanger.
For example, still by taking examples cited in the associated description of above-mentioned steps 201 as an example, VM determines the spy of data to be transmitted
After reference breath, it can determine that the corresponding Data Transmission Controlling rule of this feature information, the Data Transmission Controlling rule can wrap
Including allows five-tuple information to be (IP2, port b1, IP1, port a1, transport layer protocol), and type of coding is the normal of live data stream
See type of coding (such as H.264 type of coding), data packet length is that the live data wrapped in long range pass through interchanger.
Further, in this example, if the data that IPC1 is sent to Client1 are TCP data, VM specified data
Transmission control rule can also include allowing five-tuple information (IP1, port a1, IP2, port b1, transport layer protocol (corresponding TCP
Agreement)), data packet length is that the data of the long range of ACK packet pass through interchanger.
As it can be seen that in embodiments of the present invention, for UDP message, corresponding Data Transmission Controlling rule is unidirectional access rule
Then, i.e., only monitoring device is allowed to be sent to client, and enters friendship with the data of corresponding Data Transmission Controlling rule match
Change planes and local area network inside;For TCP data, corresponding Data Transmission Controlling rule is two-way admittable regulation, in addition to allowing
Monitoring device is sent to client, and enters interchanger and local with the data of corresponding Data Transmission Controlling rule match
It nets except inside, the ACK message that also permission client is returned to monitoring device is forwarded by the corresponding port of interchanger.
Further, in this embodiment, when the monitoring data that target monitoring equipment is sent to destination client is TCP
When data, Data Transmission Controlling rule may be used to indicate that certificate server is decontroled in preset duration to target monitoring equipment
The control of the data interacted between destination client.
Specifically, in this embodiment, it is contemplated that target monitoring equipment needs to carry out TCP data friendship with destination client
When mutual, target monitoring equipment needs to establish TCP connection (including the three-way handshake stream in TCP establishment process with destination client
Journey), the interaction of both target monitoring equipment and destination client can be related to during being somebody's turn to do, thus, in order to guarantee target monitoring
TCP connection between equipment and destination client is successfully established, when VM is determined between target monitoring equipment and destination client
When carrying out TCP data interaction, VM needs to indicate certificate server, and (preset duration can be by administrator's root in preset duration
Set according to empirical value, such as 20 seconds, 30 seconds) control of the relieving to the data interacted between target monitoring equipment and destination client
System, establishes TCP connection with destination client to guarantee that target monitoring equipment can succeed.
It, can be by Data Transmission Controlling rule after VM has determined Data Transmission Controlling rule in the embodiment of the present invention
It is sent to certificate server;After certificate server receives Data Transmission Controlling rule, it can be transmitted and be controlled according to the data
Rule processed carries out data transmission controlling.
In order to achieve the above object, in embodiments of the present invention, needing to be pre-configured with VM can be by monitoring protocol or private
There is agreement to be managed certificate server, can include but is not limited to VM to certificate server and send Data Transmission Controlling rule
Then, make certificate server allow specific characteristic message enter inside interchanger and local area network, and other messages then forbid into
Enter.
Step 203, certificate server receive the Data Transmission Controlling rule that VM is sent, and are transmitted according to the data received
Control rule carries out data transmission controlling.
It, can basis after certificate server receives the Data Transmission Controlling rule of VM transmission in the embodiment of the present invention
The Data Transmission Controlling rule carries out data transmission controlling, such as the characteristic information for allowing with including in Data Transmission Controlling rule
The data matched are by interchanger, or, handing over decontroling in preset duration the data between specified monitoring device and given client end
Mutual control etc..
As an alternative embodiment, in embodiments of the present invention, certificate server is passed according to the data received
Defeated control rule carries out data transmission controlling, and may include:
Certificate server issues Data Transmission Controlling instruction to interchanger according to the Data Transmission Controlling rule received and enables;
Wherein, the Data Transmission Controlling instruction be used to indicate interchanger allow received from designated port with specific characteristic information matches
Data pass through interchanger;
Interchanger receives Data Transmission Controlling instruction, and carries out data transmission controlling according to Data Transmission Controlling instruction
System.
It in this embodiment, can basis after certificate server receives the Data Transmission Controlling rule that VM is sent
The Data Transmission Controlling rule generates corresponding Data Transmission Controlling instruction, and Data Transmission Controlling instruction is handed down to exchange
Machine is carried out data transmission controlling by interchanger according to Data Transmission Controlling instruction.Wherein, data are transmitted and are controlled by certificate server
The specific implementation that system instruction is handed down to interchanger can continue to use 802.1x EAPOL (Extensible Authentication
Protocol Over LAN (Local Area Network, local area network), the Extensible Authentication Protocol based on local area network) message into
Row issues.
In this embodiment, certificate server to interchanger issue Data Transmission Controlling instruct when, it is also necessary to indicate into
The port of row Data Transmission Controlling, thus, certificate server can also be into the Data Transmission Controlling instruction that interchanger issues
Carry the MAC (Media Access Control, media access control) that the Data Transmission Controlling instructs corresponding monitoring device
(MAC Address or port can be obtained by VM and be sent to certification clothes for the port that address or the monitoring device are connect with interchanger
Business device).
Wherein, carrying when certificate server into the Data Transmission Controlling instruction that interchanger issues is that corresponding monitoring is set
When standby MAC Address, interchanger needs to inquire the port that corresponding monitoring device is connected by MAC Address, specific implementation
Details are not described herein.
Correspondingly, in embodiments of the present invention, VM can collect the identification information of each monitoring device in video monitoring networking
(such as MAC Address or the port being connect with interchanger).Wherein, the identification information that VM collects each monitoring device can be set by monitoring
It is standby to be realized to mode of carrying when VM registration or keep-alive in logon message or keep alive Packet, it can also statically be existed by user
The mode configured on VM is realized.When VM detects the data transfer demands of certain monitoring device, and data to be transmitted is determined
When corresponding Data Transmission Controlling rule, which can be controlled rule and one starting of identification information of the monitoring device by VM
Give certificate server.
It in this embodiment, can be with after interchanger receives the Data Transmission Controlling instruction that certificate server issues
Corresponding Data Transmission Controlling rule is enabled on corresponding port, and when receiving data from the port, according to the spy of data
Levy the corresponding Data Transmission Controlling rule of information matches allows data logical if being matched to corresponding Data Transmission Controlling rule
It crosses;Otherwise, data are not allowed to pass through.
As an example it is assumed that the Data Transmission Controlling rule enabled on switch port a includes the view for allowing H.264 to encode
Frequency monitoring live data enters inside interchanger and local area network, then when interchanger receives data from port a, can pass through
Inspection IP/RTP (Real-time Transport Protocol, real-time transport protocol)/ H.264 wait the number after related encapsulation
According to by checking the respective offsets amount of IP packet (because using starting of the coded data in IP packet in the data packet H.264 encapsulated
Position is fixed), to check NAL (Network Abstract Layer, network abstract layer) data head of H.264 coding layer
Whether portion's information is 64 42, if so, the data for determining the IP packet are video monitoring live data, it is allowed to pass through;Otherwise,
Refuse it to pass through.
As another optional embodiment, in embodiments of the present invention, certificate server is according to the data received
Transmission control rule carries out data transmission controlling, and may include:
The data to be transmitted that certificate server desampler is sent;
Certificate server inquires the Data Transmission Controlling rule of itself storage according to the characteristic information of data to be transmitted;
If inquiring corresponding Data Transmission Controlling rule, and determine that permission is to be transmitted according to the Data Transmission Controlling rule
When data pass through interchanger, certificate server is issued to interchanger allows data to pass through instruction;
Otherwise, certificate server issues forbidden data to interchanger and passes through instruction.
In this embodiment, the data that can determine whether that interchanger is received by certificate server enter exchange
Inside machine and local area network.
Correspondingly, in this embodiment, when interchanger receives data, interchanger can be answered the data
System, and upload it to certificate server;It, can be according to the spy of data after certificate server receives the data of interchanger upload
The Data Transmission Controlling rule of reference breath inquiry itself storage, to judge whether there is and the matched number of the characteristic information of the data
According to transmission control rule, and if it exists, and the Data Transmission Controlling rule determines when the data being allowed to pass through, and certificate server can be with
The instruction for allowing data to be transmitted to pass through is issued to interchanger;Otherwise, certificate server can be issued to interchanger forbid it is to be passed
The instruction that transmission of data passes through.
By above description as can be seen that in embodiments of the present invention, by VM, determining target monitoring equipment, there are numbers
When according to transmission demand, the characteristic information of data to be transmitted is determined, and corresponding number is determined according to the characteristic information of data to be transmitted
According to transmission control rule, and then the Data Transmission Controlling rule is sent to certificate server, by certificate server according to the number
Carry out data transmission controlling according to transmission control rule, while business operates normally in it ensure that video monitoring networking, improve
The safety of business in video monitoring networking.
Fig. 3 is referred to, is a kind of configuration diagram of video monitoring system provided in an embodiment of the present invention, the system is answered
With 802.1x agreement, the video monitoring system includes monitoring device 310, client 320, Video Manager VM330, exchange
Machine 340 and certificate server 350, when system initialization is run, monitoring device side ports are set on the interchanger 340
For uncontrolled port, after monitoring device succeeds in registration to VM, friendship that VM notice certificate server is connected the monitoring device
Port modifications of changing planes are the controlled ports for allowing logon message and keep alive Packet to pass through, and media stream data is forbidden to pass through, in which:
The VM330, for when determining that target monitoring equipment there are when data transfer demands, determines the spy of data to be transmitted
Reference breath;
The VM330 is also used to determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted
Then, and by the Data Transmission Controlling rule it is sent to certificate server 350;Wherein, the Data Transmission Controlling rule is used for
Indicate that certificate server allows to pass through interchanger 340 with the matched data of characteristic information of the data to be transmitted;
The certificate server 350, for receiving the Data Transmission Controlling rule, and according to the Data Transmission Controlling
Rule carries out data transmission controlling.
In an alternative embodiment, the VM330, can be specifically used for when receive destination client transmission for target
The on-demand request of monitoring device determines that the target monitoring equipment is sent to the feature letter of the monitoring data of the destination client
Breath;The characteristic information of the monitoring data includes five-tuple information, type of coding and the data packet length of the monitoring data.
In an alternative embodiment, the VM330 can be also used for when the monitoring data being transmission control protocol TCP number
According to when, determine that the destination client returns to the characteristic information of the back message of the target monitoring equipment, the response report
The characteristic information of text includes the five-tuple information and data packet length of the back message;
Wherein, the Data Transmission Controlling rule is also used to indicate that certificate server is decontroled in preset duration to the mesh
The control of the data interacted between mark monitoring device and the destination client.
In an alternative embodiment, the certificate server 350 can be specifically used for according to the Data Transmission Controlling rule
Data Transmission Controlling instruction is issued to interchanger 340;Wherein, Data Transmission Controlling instruction be used to indicate interchanger allow from
What designated port received passes through interchanger with the data of specific characteristic information matches;
The interchanger 340 can be used for receiving the Data Transmission Controlling instruction, and according to the Data Transmission Controlling
Instruction carries out data transmission controlling;Wherein, the Data Transmission Controlling instruction is used to indicate interchanger permission and connects from designated port
It is receiving to pass through interchanger with specific characteristic information matches data.
In an alternative embodiment, the certificate server 350 can be used for the number to be transmitted of the transmission of desampler 340
According to;
The certificate server 350 can be also used for inquiring itself storage according to the characteristic information of the data to be transmitted
Data Transmission Controlling rule;
The certificate server 350, if can be also used for inquiring corresponding Data Transmission Controlling rule, and according to described
Data Transmission Controlling rule determines that Xiang Suoshu interchanger 340 issues permission when the data to be transmitted being allowed to pass through interchanger 340
Data pass through instruction;Otherwise, Xiang Suoshu interchanger 340 issues forbidden data and passes through instruction.
In an alternative embodiment, the VM330 may include:
First determination unit, for when determining that target monitoring equipment there are when data transfer demands, determines data to be transmitted
Characteristic information;
Second determination unit, for determining that corresponding Data Transmission Controlling is advised according to the characteristic information of the data to be transmitted
Then;
Transmission unit, for the Data Transmission Controlling rule to be sent to certificate server;Wherein, the data transmission
Control rule, which is used to indicate certificate server, to be allowed to pass through interchanger with the matched data of characteristic information of the data to be transmitted.
In an alternative embodiment, the certificate server 350 may include:
Receiving unit, for receiving the Data Transmission Controlling rule;
Control unit, for carrying out data transmission controlling according to the Data Transmission Controlling rule.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize the present invention program.Those of ordinary skill in the art are not paying
Out in the case where creative work, it can understand and implement.
As seen from the above-described embodiment, determining that target monitoring equipment there are when data transfer demands, determines to be passed by VM
The characteristic information of transmission of data, and corresponding Data Transmission Controlling rule is determined according to the characteristic information of data to be transmitted, and then will
The Data Transmission Controlling rule is sent to certificate server, carries out data according to the Data Transmission Controlling rule by certificate server
Transmission control improves business in video monitoring networking while business operates normally in it ensure that video monitoring networking
Safety.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or
Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (10)
1. a kind of data transfer control method, applied to the video monitoring system for applying 802.1x agreement, the video monitoring
System includes monitoring device, client, Video Manager VM, interchanger and certificate server, which is characterized in that system is initial
When changing operation, monitoring device side ports are all set to uncontrolled port on the interchanger, when monitoring device is registered to VM
After function, VM notifies certificate server to be revised as the switch port that the monitoring device is connected to allow logon message and keep-alive report
Text passes through, and the controlled ports for forbidding media stream data to pass through, which comprises
When the VM determines that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;
The VM determines corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and by the data
Transmission control rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certificate server permission
The matched data of characteristic information with the data to be transmitted are by interchanger, and the VM is with certificate server by matching in advance
It sets, be managed VM can by predetermined protocol to certificate server;
The certificate server receives the Data Transmission Controlling rule, and carries out data according to the Data Transmission Controlling rule
Transmission control.
2. the method according to claim 1, wherein described, when the VM determines target monitoring equipment, there are data
When transmission demand, the characteristic information of data to be transmitted is determined, comprising:
When the VM receive destination client transmission the on-demand request for target monitoring equipment, determine the target monitoring
Equipment is sent to the characteristic information of the monitoring data of the destination client;The characteristic information of the monitoring data includes the prison
Control five-tuple information, type of coding and the data packet length of data.
3. according to the method described in claim 2, it is characterized in that, the characteristic information of the determining data to be transmitted, further includes:
When the monitoring data is transmission control protocol TCP data, it is described that the VM determines that the destination client returns to
The characteristic information of the back message of target monitoring equipment, the characteristic information of the back message include five yuan of the back message
Group information and data packet length;
Wherein, the Data Transmission Controlling rule is also used to indicate that certificate server is decontroled in preset duration to target prison
The control of the data interacted between control equipment and the destination client.
4. the method according to claim 1, wherein the certificate server is advised according to the Data Transmission Controlling
Then carry out data transmission controlling, comprising:
The certificate server issues Data Transmission Controlling instruction to interchanger according to the Data Transmission Controlling rule;Wherein,
Data Transmission Controlling instruction be used to indicate that interchanger allows to receive from designated port with specific characteristic information matches
Data pass through interchanger;
The interchanger receives the Data Transmission Controlling instruction, and is carried out data transmission according to Data Transmission Controlling instruction
Control;Wherein, the Data Transmission Controlling instruction is used to indicate interchanger allows to receive from designated port and specific characteristic
The data of information matches pass through interchanger.
5. the method according to claim 1, wherein the certificate server is advised according to the Data Transmission Controlling
Then carry out data transmission controlling, comprising:
The data to be transmitted that the certificate server desampler is sent;
The certificate server inquires the Data Transmission Controlling rule of itself storage according to the characteristic information of the data to be transmitted;
If inquiring corresponding Data Transmission Controlling rule, and determine that permission is described to be passed according to the Data Transmission Controlling rule
When transmission of data passes through interchanger, the certificate server is issued to the interchanger allows data to pass through instruction;
Otherwise, the certificate server issues forbidden data to the interchanger and passes through instruction.
6. a kind of video monitoring system, the system applies 802.1x agreement, the video monitoring system include monitoring device,
Client, Video Manager VM, interchanger and certificate server, which is characterized in that when system initialization is run, the exchange
In-flight monitoring equipment side ports are all set to uncontrolled port, after monitoring device succeeds in registration to VM, VM notice certification clothes
The switch port that the monitoring device is connected is revised as that logon message and keep alive Packet is allowed to pass through by business device, and forbids media
The controlled ports that flow data passes through, in which:
The VM, for when determining that target monitoring equipment there are when data transfer demands, determines the characteristic information of data to be transmitted;
The VM is also used to determine corresponding Data Transmission Controlling rule according to the characteristic information of the data to be transmitted, and will
The Data Transmission Controlling rule is sent to certificate server;Wherein, the Data Transmission Controlling rule is used to indicate certification clothes
Business device allows to pass through interchanger, the VM and certificate server process with the matched data of characteristic information of the data to be transmitted
It is pre-configured with, be managed VM can by predetermined protocol to certificate server;
The certificate server, for receiving Data Transmission Controlling rule, and according to the Data Transmission Controlling rule into
Row Data Transmission Controlling.
7. system according to claim 6, which is characterized in that
The VM, specifically for determining institute when the on-demand request for target monitoring equipment for receiving destination client transmission
State the characteristic information that target monitoring equipment is sent to the monitoring data of the destination client;The characteristic information of the monitoring data
Five-tuple information, type of coding and data packet length including the monitoring data.
8. system according to claim 7, which is characterized in that
The VM is also used to determine that the destination client returns when the monitoring data is transmission control protocol TCP data
To the characteristic information of the back message of the target monitoring equipment, the characteristic information of the back message includes the back message
Five-tuple information and data packet length;
Wherein, the Data Transmission Controlling rule is also used to indicate that certificate server is decontroled in preset duration to target prison
The control of the data interacted between control equipment and the destination client.
9. system according to claim 6, which is characterized in that
The certificate server refers to specifically for issuing Data Transmission Controlling to interchanger according to the Data Transmission Controlling rule
It enables;Wherein, what Data Transmission Controlling instruction was used to indicate that interchanger allows to receive from designated port believes with specific characteristic
It ceases matched data and passes through interchanger;
The interchanger is counted for receiving the Data Transmission Controlling instruction, and according to Data Transmission Controlling instruction
It is controlled according to transmission;Wherein, Data Transmission Controlling instruction be used to indicate that interchanger allows to receive from designated port with finger
Determine the matched data of characteristic information and passes through interchanger.
10. system according to claim 9, which is characterized in that
The certificate server, the data to be transmitted sent for desampler;
The certificate server is also used to inquire the data transmission control of itself storage according to the characteristic information of the data to be transmitted
System rule;
The certificate server if being also used to inquire corresponding Data Transmission Controlling rule, and is transmitted according to the data and is controlled
System rule determines when the data to be transmitted being allowed to pass through interchanger that Xiang Suoshu interchanger, which issues, allows data to pass through instruction;It is no
Then, Xiang Suoshu interchanger issues forbidden data and passes through instruction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610247085.2A CN105743925B (en) | 2016-04-19 | 2016-04-19 | A kind of data transfer control method and video monitoring system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610247085.2A CN105743925B (en) | 2016-04-19 | 2016-04-19 | A kind of data transfer control method and video monitoring system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105743925A CN105743925A (en) | 2016-07-06 |
CN105743925B true CN105743925B (en) | 2019-04-12 |
Family
ID=56255554
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610247085.2A Active CN105743925B (en) | 2016-04-19 | 2016-04-19 | A kind of data transfer control method and video monitoring system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105743925B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107645480B (en) * | 2016-07-22 | 2021-04-30 | 阿里巴巴集团控股有限公司 | Data monitoring method, system and device |
CN106982355B (en) * | 2017-04-06 | 2019-11-05 | 浙江宇视科技有限公司 | A kind of video monitoring system and anti-leak server of anti-image leakage |
CN109802920A (en) * | 2017-11-16 | 2019-05-24 | 杭州中威电子股份有限公司 | A kind of equipment access hybrid authentication system for security industry |
CN110300136B (en) * | 2018-03-22 | 2021-12-24 | 杭州萤石软件有限公司 | Cloud deck control optimization method and system |
CN112039686B (en) * | 2019-06-03 | 2023-08-04 | 杭州海康威视系统技术有限公司 | Data stream transmission control method, device, monitoring equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101123498A (en) * | 2006-08-08 | 2008-02-13 | 华为技术有限公司 | A method, device and system for access authentication |
CN104113547A (en) * | 2014-07-23 | 2014-10-22 | 中国科学院信息工程研究所 | SIP (session initiation protocol) security protection video monitoring network access control system |
CN105407334A (en) * | 2015-12-29 | 2016-03-16 | 上海大学 | Self management method for multi-scenario monitoring videos |
-
2016
- 2016-04-19 CN CN201610247085.2A patent/CN105743925B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101123498A (en) * | 2006-08-08 | 2008-02-13 | 华为技术有限公司 | A method, device and system for access authentication |
CN104113547A (en) * | 2014-07-23 | 2014-10-22 | 中国科学院信息工程研究所 | SIP (session initiation protocol) security protection video monitoring network access control system |
CN105407334A (en) * | 2015-12-29 | 2016-03-16 | 上海大学 | Self management method for multi-scenario monitoring videos |
Also Published As
Publication number | Publication date |
---|---|
CN105743925A (en) | 2016-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105743925B (en) | A kind of data transfer control method and video monitoring system | |
JP6455780B2 (en) | Global real-time telecommunications equipment, software modules, and systems | |
US7561586B2 (en) | Method and apparatus for providing network VPN services on demand | |
CN109451264B (en) | Method and system for monitoring equipment conference entry | |
US8893248B2 (en) | Methods, systems, and computer readable media for media session policy compliance auditing and enforcement using a media relay and session initiation protocol (SIP) signaling | |
CN109462753B (en) | System and method for testing multiple video conferences | |
US9444792B2 (en) | Dynamic tunnel for real time data communication | |
CN108574818B (en) | Information display method and device and server | |
WO2012016536A1 (en) | Service communication method and system for access network apparatus | |
CN110022306B (en) | Method and device for calling conference of video conference | |
CN108023858B (en) | A kind of view networking network management safety certifying method and its system | |
CN108965227B (en) | Data processing method and video networking conference server | |
US20090089431A1 (en) | System and method for managing resources in access network | |
CN105828046B (en) | A kind of transmission method and device of data flow | |
CN109672664B (en) | Authentication method and system for video networking terminal | |
KR20080039880A (en) | Cable gateway for interfacing packet cable networks with ip multimedia subsystems | |
JP2002522955A (en) | Plug and play wireless architecture supporting packet data and IP voice / multimedia services | |
CN110335498A (en) | A kind of parking lot road brake system and information interacting method based on block chain | |
US7181532B1 (en) | Scalable policy server | |
CN110460469B (en) | System upgrading method and device and storage medium | |
CN110324678B (en) | Method and device for transmitting monitoring resource, electronic equipment and readable storage medium | |
CN103249091B (en) | A kind of HQoS control, RSG and HQoS control system | |
CN109347844B (en) | Method and device for accessing equipment to Internet | |
EP2403204B1 (en) | Method and system for handling security in an IP multimedia gateway | |
CN101304328A (en) | Multicast authentication method, authentication equipment and multicast authentication server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |