CN110708336B - Video terminal authentication method and device, electronic equipment and storage medium - Google Patents
Video terminal authentication method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN110708336B CN110708336B CN201911039081.5A CN201911039081A CN110708336B CN 110708336 B CN110708336 B CN 110708336B CN 201911039081 A CN201911039081 A CN 201911039081A CN 110708336 B CN110708336 B CN 110708336B
- Authority
- CN
- China
- Prior art keywords
- video terminal
- authentication
- sip
- monitoring system
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The application provides an authentication method and device of a video terminal, electronic equipment and a storage medium; the method is applied to authentication equipment, the authentication equipment is accessed into a monitoring system, and video terminals contained in the monitoring system all support a GB28181 protocol; the method may include: the method comprises the steps of obtaining an SIP message sent by any video terminal, and reading IP information and an SIP identification field in the SIP message; searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field; and when the target table item is found, judging that any video terminal belongs to the monitoring system. According to the method and the device, when the video terminal supporting the GB28181 protocol is in the counterfeit monitoring system of the external equipment, the external equipment is identified and prevented from being accessed into the monitoring system, and potential safety hazards brought to the monitoring system by the external equipment are avoided.
Description
Technical Field
The present application relates to the field of network security, and in particular, to an authentication method and apparatus for a video terminal, an electronic device, and a storage medium.
Background
The video terminal devices produced by various manufacturers have different standards, so that the video terminals produced by various manufacturers have poor compatibility. For this reason, the scientific and technological information bureau of the ministry of public security proposes a GB28181 protocol (i.e., "transmission, exchange, and control technical requirements for security and video monitoring networking system information"), which is used to unify and standardize the standards of video terminal devices produced by various manufacturers, so that video terminal products produced by different manufacturers have interoperability.
However, there are still a lot of video terminals in the market that do not use the GB28181 protocol for communication, and when such video terminals access a monitoring system that uses GB28181 video terminals, a potential safety hazard is brought to the monitoring system. Therefore, in order to prevent the access of the video terminal which does not support the GB28181 protocol, it is generally required to first determine whether the video terminal requesting the access supports the GB28181 protocol.
In the related art, it is generally required to determine whether a video terminal conforms to the GB28181 protocol by three ways: 1. checking whether an option of GB28181 exists in a menu of the video terminal equipment; 2. visiting the official website of a video terminal manufacturer for viewing; 3. the manufacturer is directly contacted for inquiry. However, all the above methods require manual participation, have high authentication cost, and cannot identify the video terminal in the video terminal counterfeit monitoring system supporting the GB28181 protocol.
Disclosure of Invention
In view of this, the present application provides an authentication method and apparatus for a video terminal, an electronic device, and a storage medium, which are capable of identifying a foreign device and preventing the foreign device from accessing a monitoring system when the foreign device imitates the video terminal supporting the GB28181 protocol in the monitoring system.
In order to achieve the above purpose, the present application provides the following technical solutions:
according to a first aspect of the present application, an authentication method for a video terminal is provided, which is applied to an authentication device, where the authentication device is accessed to a monitoring system, and video terminals included in the monitoring system all support a GB28181 protocol; the method comprises the following steps:
the method comprises the steps of obtaining an SIP message sent by any video terminal, and reading IP information and an SIP identification field in the SIP message;
searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field;
and when the target table item is found, judging that any video terminal belongs to the monitoring system.
Optionally, the acquiring the SIP packet sent by any video terminal includes:
receiving a message sent by any video terminal;
selecting an SIP message from received messages in a preset monitoring period;
and when the received message in the preset monitoring period does not contain the SIP message, judging that any video terminal does not support the GB28181 protocol.
Optionally, the method further includes:
judging whether the SIP message carries an SIP identification field;
if the SIP identification field is not carried, judging that any video terminal does not support the GB28181 protocol;
otherwise, further executing the operation of searching the target table item.
Optionally, the list item of the authentication white list is obtained by the following method:
acquiring a table item configuration instruction sent by an administrator; the configuration instruction comprises at least one group of corresponding relation between IP information and SIP identification fields; recording the corresponding relation between the at least one group of IP information and the SIP identification field as an entry into the authentication white list; alternatively, the first and second electrodes may be,
in the video terminal configuration stage of the monitoring system, an SIP message sent by a video terminal contained in the monitoring system is obtained; and reading the IP information and the SIP identification field from the obtained SIP message, and recording the corresponding relation between the read IP information and the SIP identification field as an entry into the authentication white list.
Optionally, the method further includes:
receiving an updating instruction aiming at the authentication white list, wherein the updating instruction comprises the modification content aiming at the table entries in the authentication white list;
and updating the authentication white list according to the modified content in the updating instruction.
Optionally, the method further includes:
when the IP information of a sender of a received message belongs to an authentication blacklist, discarding the message sent by the sender;
and the IP information recorded by the authentication blacklist is the video terminal which is judged by the authentication equipment and does not belong to the monitoring system.
According to a second aspect of the present application, an authentication apparatus for a video terminal is provided, which is applied to an authentication device, where the authentication device accesses a monitoring system, and video terminals included in the monitoring system all support a GB28181 protocol; the device comprises:
the system comprises an acquisition unit, a processing unit and a display unit, wherein the acquisition unit is used for acquiring an SIP message sent by any video terminal and reading IP information and an SIP identification field in the SIP message;
the searching unit is used for searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field;
and the judging unit is used for judging that any video terminal belongs to the monitoring system when the target table item is found.
Optionally, the method further includes:
the device comprises a discarding unit, a judging unit and a judging unit, wherein the discarding unit discards a message sent by a sender when the IP information of the sender of the received message belongs to an authentication blacklist;
and the IP information recorded by the authentication blacklist is the video terminal which is judged by the authentication equipment and does not belong to the monitoring system.
According to a third aspect of the present application, there is provided an electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method as in any of the above embodiments by executing the executable instructions.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method as in any one of the above-mentioned embodiments.
According to the technical scheme, the authentication is carried out on the video terminal which requests to be accessed through the authentication white list which records the corresponding relation between the IP information of the video terminal in the monitoring system and the SIP identification field, so that the external equipment of the video terminal which supports the GB28181 protocol in the counterfeit monitoring system can be identified, and potential safety hazards brought to the monitoring system by the external equipment are prevented.
Drawings
Fig. 1 is a flowchart illustrating an authentication method of a video terminal according to an exemplary embodiment of the present application.
Fig. 2 is a flowchart illustrating a method for configuring an authentication white list entry according to an exemplary embodiment of the present application.
Fig. 3 is a flowchart illustrating another authentication white list entry configuration method according to an exemplary embodiment of the present application.
Fig. 4 is a flowchart illustrating another specific authentication method for a video terminal according to an exemplary embodiment of the present application.
Fig. 5 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present application.
Fig. 6 is a block diagram illustrating an authentication apparatus of a video terminal according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the related art, as the GB28181 protocol is released by the country, most of the video terminal devices in the monitoring system are video terminal devices conforming to the GB28181 protocol. However, a large number of video terminal devices which do not support the GB28181 protocol still flow in the market, and if such devices are connected to the monitoring system, a potential safety hazard is brought to the monitoring system. Secondly, in order to earn benefits, a lawless person adopts external equipment supporting the GB28181 protocol to imitate a video terminal in the monitoring system, and potential safety hazards are brought to the monitoring system.
Therefore, the authentication method of the video terminal is improved, and a new authentication method of the video terminal is provided.
Fig. 1 is a flowchart of an authentication method for a video terminal according to an exemplary embodiment of the present application, where the method is applied to an authentication device, the authentication device accesses a monitoring system, and video terminals included in the monitoring system all support GB28181 protocol; as shown in fig. 1, the method may include the steps of:
step S101, an SIP message sent by any video terminal is obtained, and IP information and an SIP identification field in the SIP message are read.
In this embodiment, the video terminal that sends the packet may be a video terminal that supports the GB28181 protocol, or may be a video terminal that does not support the GB28181 protocol. The messages sent by the video terminal supporting the GB28181 protocol contain SIP messages, and the SIP messages carry SIP identification fields. The length of the SIP id field is usually 20 bytes, which can be used as a basis for determining whether the protocol conforms to GB 28181. For example, the SIP identity field may be: 34020000002000000002. of course, this example is only exemplary, and how the SIP identity field is specifically composed, there may be differences between different video terminals, and no specific limitation is made herein.
In this step, the authentication device may set a monitoring period for screening whether the received message includes an SIP message, that is, when the authentication device receives a message sent by any video terminal, the authentication device may select the SIP message from the received message in the monitoring period; and when the received message does not contain the SIP message in the preset monitoring period, judging that any video terminal does not support the GB28181 protocol.
The advantage of setting the monitoring period to screen the received messages is that the conclusion whether the video terminal supports GB28181 can be obtained by judging the message type by using the characteristic that the SIP identification field is only carried in the SIP message, and a part of video terminals which do not support GB28181 protocol can be identified on the premise of not checking the message content.
In addition, after the SIP message is obtained, whether the video terminal supports the GB28181 protocol may be further determined. Because the video terminal supports the GB28181 protocol according to the SIP identification field, whether the SIP message carries the SIP identification field or not can be judged, and if the SIP message does not carry the SIP identification field, the video terminal is judged not to support the GB28181 protocol; otherwise, further searching the authentication white list to verify whether the video terminal is the video terminal in the monitoring system.
In this embodiment, the monitoring system may further include a platform server for managing each video terminal, and when it is determined that the video terminal that sends the packet is a video terminal that does not support the GB28181 protocol, the authentication device may send, to the platform server, an alarm log that the video terminal does not support the GB28181 protocol. Of course, the alarm mode sent when the video terminal does not support the GB28181 protocol may be determined according to actual conditions, and is not limited to sending the alarm log to the platform server.
For example, a process of determining that the video terminal does not support the GB28181 protocol may be recorded in a log file of the authentication apparatus so that an administrator can find an abnormal condition when reading the log file; or, the abnormal notification can be directly output on the display screen of the authentication device, so that the administrator can find the abnormal condition in time; or, an abnormal notification can be sent to the electronic equipment such as a mobile phone and a PC of an administrator bound and associated with the authentication equipment, so that the administrator can find the abnormal condition in any scene in time; of course, the application is not limited to the specific form of the alarm.
Step S102, searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; and the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field.
In this embodiment, the authentication white list is used to determine whether the video terminal sending the SIP packet is a video terminal supporting the GB28181 protocol in the monitoring system. The list items in the authentication white list are the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification fields.
In one case, the entries in the authentication white list may be obtained by manual configuration. As an exemplary embodiment, the administrator may create the entry configuration instruction by manually entering at least one set of correspondence of the IP information and the SIP identification field. Then, the authentication equipment acquires a table item configuration instruction sent by an administrator; and recording the corresponding relation between the at least one group of IP information and the SIP identification field in the configuration instruction as an entry into an authentication white list.
In another case, the authentication white list entries may also be learned autonomously by the authentication device. The method is usually executed at the video terminal configuration stage of a monitoring system, firstly, an authentication device acquires an SIP message sent by a video terminal in the monitoring system, then, IP information and an SIP identification field in the SIP message are read, and finally, the read corresponding relation between the IP information and the SIP identification field is recorded into an authentication white list as an entry. The authentication equipment autonomously learns the table entries, and the corresponding relation between the IP information and the SIP identification fields of all the video terminals in the monitoring system is automatically learned without manual operation.
In this embodiment, after the white list entry configuration is completed, the method may further include a step of updating the entry in the authentication white list, and the step may include: receiving an updating instruction aiming at the authentication white list, wherein the updating instruction comprises the modification content aiming at the table entries in the authentication white list; and updating the authentication white list according to the modified content in the updating instruction. It should be noted that the modification content may include deletion, addition, and modification of the entry.
For example, when an administrator needs to monitor an area, a camera is added, that is, a new video terminal in the monitoring system needs to be accessed. At this time, the correspondence between the IP information of the newly added video terminal and the SIP identifier field needs to be added to the authentication white list as an entry. Similarly, when the administrator no longer needs to monitor a certain area, the deletion of the entry needs to be performed; when a certain video terminal in the monitoring system is damaged and needs to be replaced, the list item needs to be modified.
The significance of updating the table entries in the authentication white list is to ensure that the table entries in the authentication white list all have corresponding video terminals, and simultaneously prevent invalid table entries from occupying storage equipment of the authentication equipment.
Step S103, when the target table entry is found, judging that any video terminal belongs to the monitoring system.
In this embodiment, when the target entry cannot be found, it is determined that the video terminal that sends the SIP packet does not belong to the monitoring system. At this time, the authentication device can also add the IP information of the video terminal into an authentication blacklist, and the IP information recorded in the authentication blacklist is used by the authentication device to determine the video terminal which does not belong to the monitoring system; and when the IP information of the sender of the received message belongs to the authentication blacklist, discarding the message sent by the sender.
It should be noted that not only the video terminal that fails to match in the authentication form is identified as a video terminal that does not belong to the monitoring system; video terminals determined not to support the GB28181 protocol also do not belong to the video terminals in the monitoring system, and IP information of these video terminals not supporting the GB28181 protocol will also be added to the authentication blacklist. The traffic of the video terminal corresponding to the IP information in the black list will be blocked at the authentication device.
According to the technical scheme, the video terminal which does not belong to the monitoring system can be identified, the video terminal is prevented from being accessed into the monitoring system, and potential safety hazards brought to the monitoring system by external equipment can be effectively avoided.
In order to implement the method for authenticating the video terminal, the application also provides an authentication white list item configuration method. Referring to fig. 2, fig. 2 is a flowchart illustrating a method for configuring an authentication white list entry according to an exemplary embodiment of the present application, and as shown in fig. 2, the method may include the following steps:
step S201, a white list item configuration instruction sent by an administrator is obtained.
In this embodiment, the administrator may obtain the SIP identifier fields of the video terminals in the monitoring system through other ways, for example, official website query, telephone inquiry manufacturers, and the like, then pair the obtained SIP identifier fields with the IP information of the video terminals to form the entry to be configured, and then write the entry to be configured as the authentication entry into the authentication white list by the authentication device.
The entry to be configured by the administrator may be transmitted to the authentication device in various ways. For example, the configuration page of the platform server in the monitoring system may be used to input the table entry to be configured, and the table entry is sent to the authentication device by the platform server; or directly inputting the table entry to be configured from the configuration page of the authentication equipment, and automatically monitoring the input table entry to be configured by the authentication equipment; the entry to be configured can also be input by other terminals configured with input equipment in the monitoring system, and then the entry to be configured is sent to the authentication equipment by the equipment. The specific manner of transmitting the entry to be configured to the authentication device may be determined according to actual conditions, and is not specifically limited herein.
Step S202, IP information and SIP identification fields in the configuration instruction are read.
Step S203, record the correspondence between the read IP information and the SIP identifier field as an entry in the authentication white list.
According to the technical scheme, the administrator can configure the entries in the authentication white list in a manual mode. The manual configuration has the advantages that an administrator can input the IP and SIP identification fields of each video terminal one by one and can repeatedly check the IP and SIP identification fields in the configuration process, and the condition that the entry corresponding to a certain video terminal in the monitoring system is omitted cannot occur.
In order to realize automatic configuration of the authentication white list items, the application also provides another authentication white list item configuration method. Referring to fig. 3, fig. 3 is a flowchart illustrating another authentication white list entry configuration method according to an exemplary embodiment of the present application, where the method is applied to a video terminal configuration stage of a monitoring device, as shown in fig. 2, the method may include the following steps:
step S301, an SIP message sent by the video terminal is obtained.
In this embodiment, the method for configuring the white list entry is performed in a video terminal configuration stage of the monitoring system. In the configuration stage of the video terminal, an administrator knows that the video terminals used for building the monitoring system are all video terminals supporting the GB28181 protocol, that is, SIP messages sent by all the video terminals in the monitoring system all carry SIP identification fields and are trusted devices, so that the configuration can be performed in an autonomous learning manner through authentication devices.
It should be noted that the video terminal configuration stage in this embodiment may include a process of monitoring the system to stop running and performing maintenance. For example, when a certain video terminal in the monitoring system is damaged and needs to be replaced or an administrator overhauls the monitoring system, the entry in the authentication white list can be configured in a manner of self-learning by the authentication device in this case.
Step S302, the IP information and the SIP identification field in the SIP message are read.
Step S303, the read IP information and SIP identification field are used as table items to be recorded in an authentication white list.
In this embodiment, a learning period may be set, and the duration of the learning period is usually long enough to learn the authentication entries corresponding to all the video terminals in the monitoring system. When the learning period is over, the learned entries can be verified, and whether the number of the learned entries is consistent with the number of the video terminals in the monitoring system or not is judged. If not, relearning may be performed or an alert may be issued to the administrator to be manually reviewed by the administrator and to assist in completing the configuration of the entries. Of course, how to issue the alarm to the administrator can be determined according to actual situations, and the application does not limit the specific form of the alarm.
According to the technical scheme, the authentication items corresponding to the video terminals in the monitoring system can be learned in an autonomous learning mode of the authentication equipment. The method has the advantages that the items in the authentication white list are automatically configured without manual intervention, and the configuration cost is reduced.
Referring to fig. 4, fig. 4 is a diagram illustrating another specific authentication method for a video terminal according to an exemplary embodiment of the present application. As shown in fig. 4, the method comprises the steps of:
step S401, receiving a message sent by any video terminal.
In this embodiment, when any video terminal sends a message to the authentication device, a large number of different types of messages are sent instead of only a single type of message. In general, the authentication device receives all messages sent by the video terminal, and then performs different processing according to the content of the messages.
Step S402, judging whether the received message in the preset monitoring period contains an SIP message; if yes, jumping to step S403; otherwise, the process jumps to step S409.
In this embodiment, the authentication device usually receives all messages sent by the video terminal, and in order to determine whether the video terminal belongs to a video terminal in the monitoring system, it needs to be verified whether the video terminal supports the GB28181 protocol. And the SIP identification field which conforms to the GB28181 protocol of the video terminal can be proved to be only possibly carried in the SIP message, so the step screens the received message and judges whether the message sent by the video terminal contains the SIP message.
When no SIP message exists, the video terminal is proved to not support the GB28181 protocol.
Step S403, judging whether the SIP message carries an SIP identification field; if the mobile phone is carried, jumping to the step S404; otherwise, it jumps to step S409.
In this embodiment, when a message sent by any video terminal includes an SIP message, the SIP message does not necessarily carry an SIP identifier field, and therefore, in this step, it is necessary to determine whether the obtained SIP message carries the SIP identifier field.
And when the obtained SIP message is determined to carry the SIP identification field, the video terminal is proved to support the GB28181 protocol. And when the obtained SIP message does not carry the SIP identification field, the video terminal is proved to not support the GB28181 protocol.
Step S404, reading the IP information and SIP identification field in the SIP message.
In this embodiment, it is not determined that any video terminal supports the GB28181 protocol, that is, that the video terminal is certified as being authenticated. In fact, a video terminal supporting the GB28181 protocol may also be a video terminal that a foreign device counterfeits in the monitoring system. In general, these counterfeit video terminals replace the video terminals in the original monitoring system and steal the IP information of the video terminals in the original monitoring system. However, it is used to prove that the SIP identity field supporting the GB28181 protocol is unique and cannot be stolen. Therefore, in this step, the IP information and the SIP identifier field in the SIP message are extracted for subsequently determining whether the video terminal is a video terminal in the monitoring system.
And S405, searching an authentication white list according to the read corresponding relation between the IP information and the SIP identification field.
In this embodiment, the authentication white list records the correspondence between the IP information of each video terminal in the monitoring device and the corresponding SIP identifier field, and when the correspondence between the IP information carried in the SIP message sent by any video terminal and the SIP identifier field matches with a certain entry in the authentication white list, it is proved that the video terminal belongs to a video terminal in the monitoring system. It should be noted that, in general, the IP information of the video terminal recorded in the authentication white list is the source IP address of the video terminal; the IP information carried in the SIP message sent by any video terminal is usually also the source IP address.
For example, the IP information of the video terminal is taken as the source IP address. It is assumed that entries corresponding to the video terminals in the monitoring system in the authentication white list of the authentication device are as shown in table 1 below.
| Video terminal | Source IP address | SIP identification field |
| A | 115.204.90.3 | 34020000002000000003 |
| B | 115.204.90.4 | 34020000002000000004 |
| C | 115.204.90.5 | 34020000002000000005 |
| D | 115.204.90.6 | 34020000002000000006 |
TABLE 1
When a certain external video terminal wants to imitate the video terminal B in the monitoring system, the video terminal B is replaced, and the source IP address of the video terminal B is stolen. Assume that the source IP address of the foreign video terminal is: 115.204.90.7, the SIP id field is 34020000002000000007, so that after the external video terminal steals the source IP address of the video terminal B, the corresponding relationship between the source IP address carried in the sent SIP message and the SIP id field is as shown in table 2 below.
| Source IP address | SIP identification field |
| 115.204.90.4 | 34020000002000000007 |
TABLE 2
Obviously, as can be seen from comparing table 1 and table 2, after the external device steals the source IP address of the video terminal B in the monitoring system, the corresponding relationship between the source IP address and the SIP identification field carried in the SIP message sent by the external device is not matched with the entry in the authentication white list, where the entry corresponding to the video terminal B is only matched with the source IP address, but the SIP identification field is not matched. In this case, the authentication device may determine, based on the matching result, that the video terminal that sent the SIP message is a foreign device.
Step S406, judging whether a target table item matched with the corresponding relation exists in the authentication white list; if yes, jumping to step S407; otherwise, it jumps to step S408.
Step S407, judging that the video terminal sending the message belongs to the monitoring system.
In this embodiment, when it is determined that the video terminal that sends the packet belongs to the monitoring system, the video terminal is allowed to access the monitoring system.
And step S408, judging that the video terminal sending the message does not belong to the monitoring system.
In this embodiment, due to system instability or tampering by other administrators, the SIP identifier field stored in the authentication white list may also be changed. Therefore, after the authentication white list is searched, when the fact that the list items which are matched with the IP information carried in the SIP message and not matched with the carried SIP identification field exist in the authentication white list is determined, the matched list items can be further verified.
The way of verification may be: and sending the searched list item and the IP information and the SIP identification field read from the SIP message to an administrator interface, manually verifying whether the list item is correct by the administrator, and judging whether the video terminal sending the message can pass the authentication according to the corresponding relation between the read IP information and the SIP identification field.
And when the found list item is determined to be wrong but the video terminal sending the message passes the authentication, updating the wrong list item in the authentication white list according to the corresponding relation between the read IP information and the SIP identification field. Otherwise, the video terminal is determined not to belong to the monitoring system.
Step S409, judging that the video terminal sending the message does not support the GB28181 protocol.
In this embodiment, when it is determined that the video terminal sending the message does not belong to the monitoring system (including that the GB28181 protocol is not supported and that the video terminal does not belong to the monitoring system in step S408), the IP information of the video terminal sending the message may be recorded in the authentication blacklist. When the video terminal in the authentication blacklist sends the message to the authentication equipment again, the authentication equipment conducts blocking processing on the message sent by the authentication equipment.
According to the technical scheme, whether the video terminal sending the message supports the GB28181 protocol or not is preferentially judged, and only when the video terminal is determined to support the GB28181 protocol, the video terminal is matched with the list item in the authentication white list. By means of the mode of multiple judgment, the number of the video terminals needing to be matched with the authentication white list is reduced, and the authentication efficiency is improved.
Further, in this way, the reason why the video terminal cannot pass the authentication can be clarified, that is, the video terminal does not support the GB28181 protocol or supports the GB28181 protocol but does not belong to the monitoring system. The advantage of specifying the reason for failure to pass authentication is that the administrator can do the corresponding processing for different foreign video terminals. For example, for a foreign video terminal that does not support the GB28181 protocol, all traffic from the video terminal is directly blocked; and for an external video terminal which supports the GB28181 protocol but does not belong to the monitoring system, whether the authentication list item is wrong can be further verified manually.
FIG. 5 shows a schematic block diagram of an electronic device according to an exemplary embodiment of the present application. Referring to fig. 5, at the hardware level, the electronic device includes a processor 502, an internal bus 504, a network interface 506, a memory 508 and a non-volatile memory 510, but may also include hardware required for other services. The processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and runs it, forming an authentication means of the video terminal on a logical level. Of course, besides the software implementation, the present application does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Corresponding to the embodiment of the authentication method of the video terminal, the application also provides an embodiment of an authentication device of the video terminal.
Referring to fig. 6, in a software implementation, the authentication apparatus of the video terminal may include:
an obtaining unit 601, configured to obtain an SIP message sent by any video terminal, and read IP information and an SIP identifier field in the SIP message;
a searching unit 602, configured to search a target entry matching the correspondence between the IP information and the SIP identifier field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field;
and the determining unit 603 is configured to determine that any video terminal belongs to the monitoring system when the target entry is found.
Optionally, the acquiring the SIP packet sent by any video terminal includes:
a receiving unit 604, configured to receive a message sent by any video terminal;
the obtaining unit 601 is further configured to select an SIP message from the received messages within a preset monitoring period;
the determining unit 603 is further configured to determine that any video terminal does not support the GB28181 protocol when the received message does not include an SIP message in the preset monitoring period.
Optionally, the method further includes:
the determining unit 603 is further configured to determine whether the SIP packet carries an SIP identifier field; if the SIP identification field is not carried, judging that any video terminal does not support the GB28181 protocol; otherwise, further executing the operation of searching the target table item.
Optionally, the list item of the authentication white list is obtained by the following method:
acquiring a table item configuration instruction sent by an administrator; the configuration instruction comprises at least one group of corresponding relation between IP information and SIP identification fields; recording the corresponding relation between the at least one group of IP information and the SIP identification field as an entry into the authentication white list; alternatively, the first and second electrodes may be,
in the video terminal configuration stage of the monitoring system, an SIP message sent by a video terminal contained in the monitoring system is obtained; and reading the IP information and the SIP identification field from the obtained SIP message, and recording the corresponding relation between the read IP information and the SIP identification field as an entry into the authentication white list.
Optionally, the method further includes:
the receiving unit 604 is further configured to receive an update instruction for the authentication white list, where the update instruction includes modified content for entries in the authentication white list; and updating the authentication white list according to the modified content in the updating instruction.
Optionally, the method further includes:
a discarding unit 605 configured to discard the message sent by the sender when the IP information of the sender of the received message belongs to the authentication blacklist; and the IP information recorded by the authentication blacklist is the video terminal which is judged by the authentication equipment and does not belong to the monitoring system.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
In an exemplary embodiment, there is also provided a non-transitory computer readable storage medium, e.g. a memory, comprising instructions executable by a processor of an authentication apparatus of a video terminal to implement a method as described in any of the above embodiments, such as the method may comprise: the method comprises the steps of obtaining an SIP message sent by any video terminal, and reading IP information and an SIP identification field in the SIP message; searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field; and when the target table item is found, judging that any video terminal belongs to the monitoring system.
The non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, etc., which is not limited in this application.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. The authentication method of the video terminal is characterized in that the authentication method is applied to authentication equipment, the authentication equipment is accessed to a monitoring system, and video terminals contained in the monitoring system all support a GB28181 protocol; the method comprises the following steps:
the method comprises the steps of obtaining an SIP message sent by any video terminal, and reading IP information and an SIP identification field in the SIP message; the SIP identification field is used for judging whether the video terminal supports the GB28181 protocol;
searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field;
and when the target table item is found, judging that any video terminal belongs to the monitoring system.
2. The method according to claim 1, wherein the acquiring the SIP message sent by any video terminal comprises:
receiving a message sent by any video terminal;
selecting an SIP message from received messages in a preset monitoring period;
and when the received message in the preset monitoring period does not contain the SIP message, judging that any video terminal does not support the GB28181 protocol.
3. The method of claim 1, further comprising:
judging whether the SIP message carries an SIP identification field;
if the SIP identification field is not carried, judging that any video terminal does not support the GB28181 protocol;
otherwise, further executing the operation of searching the target table item.
4. The method of claim 1, wherein the entries of the authentication white list are obtained by:
acquiring a table item configuration instruction sent by an administrator; the configuration instruction comprises at least one group of corresponding relation between IP information and SIP identification fields; recording the corresponding relation between the at least one group of IP information and the SIP identification field as an entry into the authentication white list; alternatively, the first and second electrodes may be,
in the video terminal configuration stage of the monitoring system, an SIP message sent by a video terminal contained in the monitoring system is obtained; and reading the IP information and the SIP identification field from the obtained SIP message, and recording the corresponding relation between the read IP information and the SIP identification field as an entry into the authentication white list.
5. The method of claim 1, further comprising:
receiving an updating instruction aiming at the authentication white list, wherein the updating instruction comprises the modification content aiming at the table entries in the authentication white list;
and updating the authentication white list according to the modified content in the updating instruction.
6. The method of claim 1, further comprising:
when the IP information of a sender of a received message belongs to an authentication blacklist, discarding the message sent by the sender;
and the IP information recorded by the authentication blacklist is the video terminal which is judged by the authentication equipment and does not belong to the monitoring system.
7. The authentication device of the video terminal is characterized by being applied to authentication equipment, wherein the authentication equipment is accessed into a monitoring system, and video terminals contained in the monitoring system all support a GB28181 protocol; the device comprises:
the system comprises an acquisition unit, a processing unit and a display unit, wherein the acquisition unit is used for acquiring an SIP message sent by any video terminal and reading IP information and an SIP identification field in the SIP message; the SIP identification field is used for judging whether the video terminal supports the GB28181 protocol;
the searching unit is used for searching a target table item matched with the corresponding relation between the IP information and the SIP identification field in an authentication white list; the list item of the authentication white list is used for recording the corresponding relation between the IP information of the video terminal in the monitoring system and the corresponding SIP identification field;
and the judging unit is used for judging that any video terminal belongs to the monitoring system when the target table item is found.
8. The apparatus of claim 7, further comprising:
the device comprises a discarding unit, a judging unit and a judging unit, wherein the discarding unit discards a message sent by a sender when the IP information of the sender of the received message belongs to an authentication blacklist;
and the IP information recorded by the authentication blacklist is the video terminal which is judged by the authentication equipment and does not belong to the monitoring system.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-6 by executing the executable instructions.
10. A computer-readable storage medium having stored thereon computer instructions, which, when executed by a processor, carry out the steps of the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911039081.5A CN110708336B (en) | 2019-10-29 | 2019-10-29 | Video terminal authentication method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911039081.5A CN110708336B (en) | 2019-10-29 | 2019-10-29 | Video terminal authentication method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110708336A CN110708336A (en) | 2020-01-17 |
| CN110708336B true CN110708336B (en) | 2022-03-01 |
Family
ID=69202744
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911039081.5A Active CN110708336B (en) | 2019-10-29 | 2019-10-29 | Video terminal authentication method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110708336B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314384A (en) * | 2020-03-23 | 2020-06-19 | 杭州迪普科技股份有限公司 | Terminal authentication method, device and equipment |
| CN112543203B (en) * | 2020-12-28 | 2023-04-28 | 杭州迪普科技股份有限公司 | Terminal access method, device and system |
| CN112788045B (en) * | 2021-01-21 | 2023-02-24 | 杭州迪普科技股份有限公司 | Safety protection method and device for network camera |
| CN112995608B (en) * | 2021-03-23 | 2023-04-28 | 杭州迪普科技股份有限公司 | Technical standard conversion method and device |
| CN113114704B (en) * | 2021-06-15 | 2021-09-21 | 杭州海康威视数字技术股份有限公司 | Video structured data one-way transmission method and device based on equipment attribute selection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929623A (en) * | 2014-04-29 | 2014-07-16 | 浙江宇视科技有限公司 | Method for processing video data in video monitoring system |
| CN105391744A (en) * | 2015-12-30 | 2016-03-09 | 浙江宇视科技有限公司 | Method and system for managing monitoring equipment |
| CN109474588A (en) * | 2018-11-02 | 2019-03-15 | 杭州迪普科技股份有限公司 | A kind of terminal authentication method and device |
| CN109561049A (en) * | 2017-09-26 | 2019-04-02 | 浙江宇视科技有限公司 | A kind of dynamic access method and device based on monitoring business |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9053063B2 (en) * | 2007-02-21 | 2015-06-09 | At&T Intellectual Property I, Lp | Method and apparatus for authenticating a communication device |
-
2019
- 2019-10-29 CN CN201911039081.5A patent/CN110708336B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929623A (en) * | 2014-04-29 | 2014-07-16 | 浙江宇视科技有限公司 | Method for processing video data in video monitoring system |
| CN105391744A (en) * | 2015-12-30 | 2016-03-09 | 浙江宇视科技有限公司 | Method and system for managing monitoring equipment |
| CN109561049A (en) * | 2017-09-26 | 2019-04-02 | 浙江宇视科技有限公司 | A kind of dynamic access method and device based on monitoring business |
| CN109474588A (en) * | 2018-11-02 | 2019-03-15 | 杭州迪普科技股份有限公司 | A kind of terminal authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110708336A (en) | 2020-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110708336B (en) | Video terminal authentication method and device, electronic equipment and storage medium | |
| JP7222036B2 (en) | Model training system and method and storage medium | |
| JP5395955B2 (en) | Terminal identifier in communication network | |
| US11096051B2 (en) | Connection establishment method, device, and system | |
| JP2016541082A (en) | Connection management method, apparatus, electronic equipment, program, and recording medium | |
| US11956382B2 (en) | Validating telephone calls by verifying entity identities using blockchains | |
| CN110121859B (en) | Information verification method and related equipment | |
| CN106060072B (en) | Authentication method and device | |
| CN104917749A (en) | Account registration method and device | |
| CN110855709A (en) | Access control method, device, equipment and medium for security access gateway | |
| WO2020042856A1 (en) | Security auditing system and method | |
| WO2017084456A1 (en) | Wifi hotspot processing method, device and system | |
| CN105744555A (en) | Terminal maintenance method, maintenance device and network management server | |
| GB2581105A (en) | Page accessing method and system for terminal | |
| CN106789987B (en) | Method and system for single sign-on of multi-service interconnection APP (application) of mobile terminal | |
| US20160105417A1 (en) | Computer network security management system and method | |
| CN113271299A (en) | Login method and server | |
| CN106790269B (en) | Recovery method and device for overtime login of application program | |
| CN109587121B (en) | Security policy control method and device | |
| CN114048457A (en) | Multi-platform user relationship creation method, device, system and storage medium | |
| CN108076009B (en) | Resource sharing method, device and system | |
| CN110022538B (en) | Method and device for identifying traffic type | |
| CN108809891B (en) | Server intrusion detection method and device | |
| CN116032889B (en) | IP address allocation method and device | |
| US11601422B2 (en) | Communication node, multi-hop network, equipment validity check method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |