CN112543203B - Terminal access method, device and system - Google Patents

Terminal access method, device and system Download PDF

Info

Publication number
CN112543203B
CN112543203B CN202011579724.8A CN202011579724A CN112543203B CN 112543203 B CN112543203 B CN 112543203B CN 202011579724 A CN202011579724 A CN 202011579724A CN 112543203 B CN112543203 B CN 112543203B
Authority
CN
China
Prior art keywords
terminal
legal
information
list
message information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011579724.8A
Other languages
Chinese (zh)
Other versions
CN112543203A (en
Inventor
李奉超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN202011579724.8A priority Critical patent/CN112543203B/en
Publication of CN112543203A publication Critical patent/CN112543203A/en
Application granted granted Critical
Publication of CN112543203B publication Critical patent/CN112543203B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Power Engineering (AREA)
  • Multimedia (AREA)
  • Alarm Systems (AREA)

Abstract

The disclosure relates to a terminal access method, a device, an electronic device and a computer readable medium in a video monitoring system. The method comprises the following steps: acquiring terminal information and message information of a terminal in a video monitoring system; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; and sending the legal terminal list to safety equipment in the video monitoring system. The terminal access method, the device, the electronic equipment and the computer readable medium in the video monitoring system are beneficial to increasing the security of terminal access in the video monitoring system, improving the convenience of controlling terminal access and improving the accuracy of controlling terminal access.

Description

Terminal access method, device and system
Technical Field
The disclosure relates to the field of computer information processing, and in particular relates to a terminal access method, a device, electronic equipment and a computer readable medium in a video monitoring system.
Background
With the rapid development of the Internet technology, the development speed of the urban video monitoring system also rapidly goes forward, and great contribution is made to the security and protection industry of the city and the living convenience of people. Video monitoring systems typically include access devices, transmission lines, monitoring devices, which may be, but are not limited to, network hard disk recorders (Network Video Recorder, NVR), network cameras (Internet Protocol Camera, IPC), personal computers Personal computer, PCs), and the like. While video monitoring systems are rapidly developing, security problems in video monitoring systems are becoming more and more important, especially in controlling legitimate terminal access.
The number and the variety of the access terminals in the video monitoring system are various, the access terminals can be used by people, the illegal terminals are accessed in the video monitoring system, illegal tampering and virus injection are carried out on legal terminals, and data are stolen, so that the normal operation of the video monitoring system can be influenced, and huge losses are more likely to be caused. It is therefore important to control the legal access of terminals in video surveillance systems.
Accordingly, there is a need for a new terminal access method, apparatus, electronic device, and computer readable medium in a video surveillance system.
The above information disclosed in the background section is only for enhancement of understanding of the background of the disclosure and therefore it may include information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present disclosure provides a terminal access method, apparatus, electronic device, and computer readable medium in a video monitoring system, which are beneficial to increasing the security of terminal access in the video monitoring system, improving the convenience of controlling terminal access, and improving the accuracy of controlling terminal access.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to an aspect of the present disclosure, a terminal access method in a video monitoring system is provided, which is applicable to a management platform, and the method includes: acquiring terminal information and message information of a terminal in a video monitoring system; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; and sending the legal terminal list to safety equipment in the video monitoring system.
In an exemplary embodiment of the present disclosure, further comprising: and generating the feature library based on the device information, the message rule and the quintuple information of the plurality of terminals.
In an exemplary embodiment of the present disclosure, acquiring terminal information and message information of a terminal in a video monitoring system includes: and acquiring terminal information and message information of the terminal by the safety equipment in the video monitoring system.
In an exemplary embodiment of the present disclosure, further comprising: and when the terminal is an illegal terminal, adding the IP address of the terminal into an illegal terminal list.
In one exemplary embodiment of the present disclosure, there is provided: when the terminal is an illegal terminal, judging whether the terminal exists in the legal terminal list; and when the terminal exists in the legal terminal list, updating the legal terminal list.
In an exemplary embodiment of the present disclosure, when the terminal is an illegal terminal, it includes: and when the number of illegal messages of the terminal meets a preset condition, determining that the terminal is an illegal terminal.
According to an aspect of the present disclosure, a terminal access method in a video monitoring system is provided, which is applicable to a security device, and the method includes: acquiring message information by a terminal in a video monitoring system; extracting the IP address of the terminal; judging the legitimacy of the IP address based on a preset legal terminal list; and when the terminal is a legal terminal, forwarding the message information to target equipment.
In an exemplary embodiment of the present disclosure, further comprising: and blocking the message information when the terminal is not a legal terminal.
In an exemplary embodiment of the present disclosure, further comprising: when the terminal is not a legal terminal, acquiring terminal information and message information of the terminal; and forwarding the terminal information and the message information to the management platform.
In an exemplary embodiment of the present disclosure, further comprising: and acquiring data by the management platform to update the legal terminal list in real time.
According to an aspect of the present disclosure, a terminal access device in a video monitoring system is provided, which is applicable to a management platform, and the device includes: the information module is used for acquiring terminal information and message information of the terminal in the video monitoring system; the judging module is used for comparing the terminal information with the message information and the feature library to determine the legality of the terminal; the adding module is used for adding the IP address of the terminal to a legal terminal list when the terminal is a legal terminal; and the sending module is used for sending the legal terminal list to safety equipment in the video monitoring system.
According to an aspect of the present disclosure, there is provided a terminal access device in a video monitoring system, applicable to a security apparatus, the device comprising: the message module is used for acquiring message information by a terminal in the video monitoring system; the address module is used for extracting the IP address of the terminal; the list module is used for judging the legitimacy of the IP address based on a preset legal terminal list; and the forwarding module is used for forwarding the message information to target equipment when the terminal is a legal terminal.
According to an aspect of the present disclosure, there is provided a terminal access system in a video monitoring system, the system comprising: the terminal is used for generating message information based on the real-time video data; the safety equipment is used for acquiring message information by the terminal; extracting the IP address of the terminal; judging the legitimacy of the IP address based on a preset legal terminal list; when the terminal is a legal terminal, forwarding the message information to target equipment; the management platform is used for acquiring terminal information and message information of the terminal; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; and sending the legal terminal list to safety equipment in the video monitoring system.
According to an aspect of the present disclosure, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the present disclosure, a computer-readable medium is presented, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the terminal access method, the device, the electronic equipment and the computer readable medium in the video monitoring system, terminal information and message information of a terminal are acquired in the video monitoring system; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; the mode of sending the legal terminal list to the safety equipment in the video monitoring system is beneficial to increasing the safety of terminal access in the video monitoring system, improving the convenience of terminal access control and improving the accuracy of terminal access control.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely examples of the present disclosure and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a system block diagram illustrating a method and apparatus for terminal access in a video surveillance system according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a method of terminal access in a video surveillance system, according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating a terminal access method in a video surveillance system according to another exemplary embodiment.
Fig. 4 is a flowchart illustrating a terminal access method in a video surveillance system according to another exemplary embodiment.
Fig. 5 is a block diagram illustrating a terminal access device in a video surveillance system according to an exemplary embodiment.
Fig. 6 is a block diagram illustrating a terminal access device in a video surveillance system according to another exemplary embodiment.
Fig. 7 is a block diagram illustrating a terminal access system in a video surveillance system according to another exemplary embodiment.
Fig. 8 is a block diagram of an electronic device, according to an example embodiment.
Fig. 9 is a block diagram of a computer-readable medium shown according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Accordingly, a first component discussed below could be termed a second component without departing from the teachings of the concepts of the present disclosure. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments and that the modules or flows in the drawings are not necessarily required to practice the present disclosure, and therefore, should not be taken to limit the scope of the present disclosure.
The inventor of the present disclosure finds that in the prior art, 2 terminal monitoring schemes exist, 1, all terminals in a video monitoring system are allowed to be accessed, the terminals are periodically checked manually, and the illegally replaced terminals are found to be processed; 2. and configuring a legal IP address list to control the access of the terminal in the video monitoring system. For scheme 1, the terminal is not safe to access, and the manual inspection mode has hysteresis in time and is not easy to inspect. Aiming at scheme 2, the access accuracy of the control terminal is not high by configuring the legal IP address, and misjudgment is possible, for example, illegal terminals configured with legal IP are tampered, viruses are injected, and the like.
The disclosure provides a terminal access method and device in a video monitoring system. The number and the variety of the access terminals in the video monitoring system are various, the access of the terminals is controlled by pre-configuring the characteristics of network communication of various terminals, the safety problem of the video monitoring system can be guaranteed, the legal terminals are judged by management software, compared with manual investigation, the operation is easy, the time and the accuracy are realized, and the access judgment of the terminals is more accurate by configuring the richer characteristics compared with the access judgment of the terminals controlled by the IP address. The following describes the contents of the present disclosure in detail by way of specific examples.
Fig. 1 is a system block diagram illustrating a terminal access method, apparatus, electronic device, and computer readable medium in a video monitoring system according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include terminal devices 101, 102, 103, a security device 104, a network 105, and a management platform 106. The network 105 is a medium used to provide a communication link between the terminal devices 101, 102, 103 and the secure device 104 management platform 106; the network 105 also serves as a medium to provide a communication link between the security device 104 management platforms and 106. The network 105 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the management platform 106 through the security device 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various video client applications, such as video surveillance class applications, image recognition class applications, instant messaging tools, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be various electronic devices having camera means and supporting network interconnection, including but not limited to smart cameras, intelligent monitoring means, and the like.
The management platform 106 may be a server providing various services, such as a background management server monitoring the message data sent by the terminal devices 101, 102, 103. The background management server may analyze the received message information and terminal information, and feedback the processing result (for example, a legal terminal list) to the security device 104.
Management software is installed on the management platform 106, and the management software can be management software in the video monitoring system and can manage security devices in the video monitoring system. By means of management software, a network administrator can manage the security devices, control access of the terminals in the video monitoring system by managing the security devices, and monitor states of the terminals in the video monitoring system.
The management platform 106 may, for example, obtain terminal information and message information of the terminal in the video monitoring system; the management platform 106 may, for example, compare the terminal information with the message information and a feature library to determine the legitimacy of the terminal; the management platform 106 may, for example, add the IP address of the terminal to a list of legitimate terminals when the terminal is a legitimate terminal; the management platform 106 may, for example, send the list of legitimate terminals to a security device in the video surveillance system.
The security device 104 refers to a security device in a video monitoring system, and can identify a terminal in the video monitoring system, control access of the terminal in the video monitoring system, and monitor a state of the terminal in the video monitoring system.
The security device 104 may obtain the message information, for example, by a terminal in a video surveillance system; the security device 104 may, for example, extract the IP address of the terminal; the security device 104 may determine the validity of the IP address, for example, based on a preset list of valid terminals; the security device 104 may forward the message information to the target device, for example, when the terminal is a legitimate terminal.
It should be noted that, the terminal access method in the video monitoring system provided in the embodiments of the present disclosure may be executed by the management platform 106 and the security device 104, and accordingly, the terminal access apparatus in the video monitoring system may be disposed in the management platform 106 and the security device 104. While the means provided for generating the message information are typically located in the terminal devices 101, 102, 103.
Fig. 2 is a flow chart illustrating a method of terminal access in a video surveillance system, according to an exemplary embodiment. The terminal access method 20 in the video monitoring system can be applied to a management platform, and at least includes steps S202 to S210.
As shown in fig. 2, in S202, terminal information and message information of a terminal are acquired in a video monitoring system. Terminal information and message information of the terminal can be acquired by the safety equipment in the video monitoring system. Where message (message) is a network communication term. Is the data unit exchanged and transmitted in the network, i.e. the data block to be transmitted by the station at one time. The message contains the complete data information to be sent, and the length of the message is not consistent, and the length of the message is unlimited and variable.
In S204, the terminal information and the message information are compared with a feature library to determine the validity of the terminal.
In one embodiment, further comprising: and generating the feature library based on the device information, the message rule and the quintuple information of the plurality of terminals. Wherein quintuple information is a network communication term. Refers to a source IP address, a source port, a destination IP address, a destination port, and a transport protocol. Each message in the network has corresponding five-tuple information.
Legal characteristics of various terminal network communications can be defined, and the characteristics of the terminal network communications include five tuples (including source IP, source port, destination IP, destination port, and transmission protocol), message content rules, and terminal model numbers. The roles of various terminals in the video monitoring system are different, and the various terminals have respective responsibilities, and the network communication of the various terminals accords with respective rules. For example, the IPC is responsible for video and picture transmission, the transmitted messages conform to the characteristics of the picture stream and video stream of the IPC, the NVR is responsible for storage, and the PC is responsible for monitoring other terminals. The characteristics of various terminal network communication messages are standardized, so that the safety of the access of the management terminal and the control terminal is facilitated, and illegal terminals and legal terminals possibly tampered and injected with viruses can be identified.
In S206, when the terminal is a legal terminal, the IP address of the terminal is added to a legal terminal list.
In S208, the legal terminal list is sent to a security device in the video monitoring system.
In S10, when the terminal is an illegal terminal, the IP address of the terminal is added to the illegal terminal list. When the terminal is an illegal terminal, judging whether the terminal exists in the legal terminal list; and when the terminal exists in the legal terminal list, updating the legal terminal list.
A handling policy for receiving illegal terminal messages may also be defined. The configuration of the handling policy of the illegal terminal message can determine when the system alarms and changes the legal terminal to be the illegal terminal.
And determining that the terminal is an illegal terminal when the illegal message quantity of the terminal meets a preset condition. More specifically, for example, the number of times that a certain terminal sends an illegal message reaches a configured threshold value within a period of time, or the total number of times that a certain terminal sends an illegal message reaches a configured threshold value, it may be considered that a preset condition is satisfied.
According to the terminal access method in the video monitoring system, terminal information and message information of a terminal are acquired from the video monitoring system; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; the mode of sending the legal terminal list to the safety equipment in the video monitoring system is beneficial to increasing the safety of terminal access in the video monitoring system, improving the convenience of terminal access control and improving the accuracy of terminal access control.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a terminal access method in a video surveillance system according to another exemplary embodiment. The terminal access method 30 in the video monitoring system is applicable to a security device and includes at least steps S302 to S310.
As shown in fig. 3, in S302, message information is acquired by a terminal in the video monitoring system.
In S304, the IP address of the terminal is extracted.
In S306, the validity of the IP address is determined based on a preset legal terminal list. Data may be acquired by the management platform to update the list of legitimate terminals in real time.
In S308, when the terminal is a legal terminal, the message information is forwarded to a target device. The security device controls the access of the terminal through the legal terminal list issued by the management software, puts through the message sent by the terminal of the legal terminal list, and blocks the message not sent by the terminal of the legal terminal list.
In S310, when the terminal is not a legal terminal, blocking the message information. Further comprises: when the terminal is not a legal terminal, acquiring terminal information and message information of the terminal; and forwarding the terminal information and the message information to the management platform. And the safety equipment forwards the message information to the management software when receiving the message sent by the illegal terminal in the video monitoring system. The management software compares the message information with the defined feature library, the management software judges the legal terminal IP and then sends the legal terminal IP to the safety equipment, the safety equipment controls the access of the terminal through the legal terminal IP sent by the management software, if the terminal is legal, the message is allowed to pass, otherwise, the terminal is directly blocked.
Fig. 4 is a flowchart illustrating a terminal access method in a video surveillance system according to another exemplary embodiment. The flow 40 shown in fig. 4 is a detailed description of the process performed on the video surveillance system.
As shown in fig. 4, in S401, the management software runs and configures a feature library. The feature library may store virus-related features for later use in judgment.
In S402, terminal message information sent by a security device is received.
In S403, whether the validity of the terminal is confirmed. The message information sent by the terminal may include message information that the terminal has judged to be legal, and the message information sent by the terminal may also include message information that the terminal has judged to be illegal, or message information that the terminal cannot judge the legal.
In S404, whether in the legal terminal list. And judging again according to the locally stored legal terminal list.
In S405, whether or not the feature library is matched. Whether the virus signature is matched.
In S406, whether a terminal list change condition is reached. When the message is not matched with the existing virus message Wen Pi, the message error number can be judged again, and if the message error number exceeds the threshold limit, the terminal is determined to be a dangerous terminal.
In S407, the list of legal terminals is deleted.
In S408, whether it matches the feature library. Whether or not to match virus characteristics
In S409, it is added to the illegal terminal list.
In S410, a list of legal terminals is added.
In S411, the secure device is issued.
The security device transmits the message information transmitted by the terminal to the management software, and the management software confirms the legal terminal. When the management software receives the message information of each terminal for the first time (the terminal is not in the legal terminal list and the illegal terminal list of the management software), the message information of the terminal is matched and compared with a defined feature library, if the matched legal message is confirmed to be a legal terminal, the terminal is added to the legal terminal list and is issued to the safety equipment, and otherwise, the terminal is added to the illegal terminal list.
The management software receives the message information of each terminal later (the terminal is in a legal terminal list or an illegal terminal list of the management software), and when the terminal is added to the legal terminal list and is an illegal message through comparing the feature library matching, the management software determines whether to change the terminal into the illegal terminal according to the configuration.
Confirming that the legal terminal is changed to the illegal terminal has two configuration decisions: the times of sending illegal messages reach the configured threshold value within a period of time, the total times of sending illegal messages reach the configured threshold value, and the illegal messages are confirmed to be illegal terminals only if one condition is met, and the management software deletes the illegal messages from a legal terminal list and sends the illegal messages to the safety equipment.
The terminal deletes the problem from the illegal terminal list, which must be determined by the administrator off line, and then is deleted from the illegal terminal list in the management software after the problem is solved, and when the management software receives the message information of the terminal next time, the terminal processes according to the condition that the message information of the terminal is received for the first time (the terminal is not in the legal terminal list and the illegal terminal list of the management software), and judges whether to add the terminal into the legal terminal list or the illegal terminal list.
The security device only judges whether the terminal is legal according to the legal terminal list stored by the security device. When the network flow is large, the security device only transmits the message data of the illegal terminal to the management platform, so that the network flow can be saved, and the message transmission speed can be increased. When the business is not busy, the safety device can send all message information to the management software, the management software is responsible for judging whether the legal terminal list is changed, and the management software can send updated terminals (newly added or deleted legal terminals) to the safety device only when the legal terminal list is changed. The security device can send all message information to the management software, so that the accuracy of a legal terminal list can be improved, and the security of the whole video monitoring system can be improved.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. The above-described functions defined by the above-described methods provided by the present disclosure are performed when the computer program is executed by a CPU. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are device embodiments of the present disclosure that may be used to perform method embodiments of the present disclosure. For details not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the method of the present disclosure.
Fig. 5 is a block diagram illustrating a terminal access device in a video surveillance system according to an exemplary embodiment. As shown in fig. 5, the terminal access device 50 in the video surveillance system may be used for a management platform, including: information module 502, determination module 504, addition module 506, and transmission module 508.
The information module 502 is used for acquiring terminal information and message information of a terminal in a video monitoring system;
the judging module 504 is configured to compare the terminal information with the message information and the feature library to determine validity of the terminal;
the adding module 506 is configured to add, when the terminal is a legal terminal, an IP address of the terminal to a legal terminal list;
the sending module 508 is configured to send the legal terminal list to a security device in the video monitoring system.
Fig. 6 is a block diagram illustrating a terminal access device in a video surveillance system according to another exemplary embodiment. As shown in fig. 6, a terminal access device 60 in a video surveillance system may be used for security equipment, including: message module 602, address module 604, list module 606, forwarding module 608.
The message module 602 is configured to obtain message information from a terminal in the video monitoring system;
the address module 604 is configured to extract an IP address of the terminal;
the list module 606 is configured to determine validity of the IP address based on a preset legal terminal list;
the forwarding module 608 is configured to forward the message information to a target device when the terminal is a legal terminal.
Fig. 7 is a block diagram illustrating a terminal access system in a video surveillance system, according to an exemplary embodiment. As shown in fig. 7, a terminal access device 70 in the video monitoring system includes: terminal 702, security device 704, management platform 706.
At least one terminal 702 for generating message information based on real-time video data;
at least one security device 704 for obtaining message information by the terminal; extracting the IP address of the terminal; judging the legitimacy of the IP address based on a preset legal terminal list; when the terminal is a legal terminal, forwarding the message information to target equipment;
the management platform 706 is configured to obtain terminal information and message information of a terminal; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; and sending the legal terminal list to safety equipment in the video monitoring system.
According to the terminal access device in the video monitoring system, terminal information and message information of a terminal are acquired in the video monitoring system; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; the mode of sending the legal terminal list to the safety equipment in the video monitoring system is beneficial to increasing the safety of terminal access in the video monitoring system, improving the convenience of terminal access control and improving the accuracy of terminal access control.
Fig. 8 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 800 according to such an embodiment of the present disclosure is described below with reference to fig. 8. The electronic device 800 shown in fig. 8 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 8, the electronic device 800 is embodied in the form of a general purpose computing device. Components of electronic device 800 may include, but are not limited to: at least one processing unit 810, at least one memory unit 820, a bus 830 that connects the different system components (including memory unit 820 and processing unit 810), a display unit 840, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 810 such that the processing unit 810 performs steps described in the present specification according to various exemplary embodiments of the present disclosure. For example, the processing unit 810 may perform the steps as shown in fig. 2, 3, and 4.
The storage unit 820 may include a readable medium in the form of a volatile memory unit, such as a random access memory unit (RAM) 8201 and/or a cache memory unit 8202, and may further include a read only memory unit (ROM) 8203.
The storage unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 830 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 800 may also communicate with one or more external devices 800' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 800, and/or any devices (e.g., routers, modems, etc.) that the electronic device 800 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 850. Also, electronic device 800 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 860. Network adapter 860 may communicate with other modules of electronic device 800 via bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 800, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 9, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiments of the present disclosure.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: acquiring terminal information and message information of a terminal in a video monitoring system; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list; and sending the legal terminal list to safety equipment in the video monitoring system. The computer readable medium may also implement the following functions: acquiring message information by a terminal in a video monitoring system; extracting the IP address of the terminal; judging the legitimacy of the IP address based on a preset legal terminal list; and when the terminal is a legal terminal, forwarding the message information to target equipment.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solutions according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and include several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Exemplary embodiments of the present disclosure are specifically illustrated and described above. It is to be understood that this disclosure is not limited to the particular arrangements, instrumentalities and methods of implementation described herein; on the contrary, the disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (5)

1. The terminal access method in the video monitoring system can be applied to a management platform and is characterized by comprising the following steps:
generating a feature library based on the device information, the message rule and the quintuple information of the plurality of terminals;
acquiring terminal information and message information of a terminal by a safety device in a video monitoring system;
comparing the terminal information with the message information and the feature library to determine the legality of the terminal;
when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list, and when the terminal is an illegal terminal, the IP address of the terminal is added into an illegal terminal list;
transmitting the legal terminal list to safety equipment in a video monitoring system;
the security equipment extracts an IP address of a terminal from terminal information and message information of the terminal, and judges the validity of the IP address based on a preset legal terminal list; and
the security device forwards the message information to the target device when the terminal is a legal terminal, blocks the message information from being forwarded to the target device when the terminal is not the legal terminal, only transmits the message data of the illegal terminal to the management platform when the network flow is large, and transmits all the message information to the management platform when the service is not busy, and the management platform judges whether the legal terminal list changes or not and only transmits the updated legal terminal list to the security device when the legal terminal list changes.
2. The method as claimed in claim 1, comprising:
when the terminal is an illegal terminal, judging whether the terminal exists in the legal terminal list;
and when the terminal exists in the legal terminal list, updating the legal terminal list.
3. The method of claim 2, wherein when the terminal is an illegal terminal, comprising:
and when the number of illegal messages of the terminal meets a preset condition, determining that the terminal is an illegal terminal.
4. The terminal access device in the video monitoring system can be applied to a management platform, and generates a feature library based on device information, message rules and quintuple information of a plurality of terminals, and is characterized by comprising the following components:
the information module is used for acquiring terminal information and message information of the terminal by a safety device in the video monitoring system;
the judging module is used for comparing the terminal information with the message information and the feature library to determine the legality of the terminal;
the adding module is used for adding the IP address of the terminal into a legal terminal list when the terminal is a legal terminal, and adding the IP address of the terminal into an illegal terminal list when the terminal is an illegal terminal;
the sending module is used for sending the legal terminal list to safety equipment in the video monitoring system;
the security device includes:
the address module is used for extracting the IP address of the terminal;
the list module is used for judging the legitimacy of the IP address based on a preset legal terminal list;
and the forwarding module is used for forwarding the message information to the target equipment when the terminal is a legal terminal, blocking the message information from being forwarded to the target equipment when the terminal is not the legal terminal, transmitting the message data of the illegal terminal to the management platform only when the network flow is large, and transmitting all the message information to the management platform when the service is not busy, so that the management platform judges whether the legal terminal list changes or not and only transmits the updated legal terminal list to the safety equipment when the legal terminal list changes.
5. A video surveillance system, comprising:
at least one terminal for generating message information based on real-time video data;
at least one safety device for obtaining message information by the terminal; extracting the IP address of the terminal; judging the legitimacy of the IP address based on a preset legal terminal list; when the terminal is a legal terminal, forwarding the message information to target equipment, when the terminal is not the legal terminal, blocking the message information from being forwarded to the target equipment, and when the network flow is large, transmitting the message data of only the illegal terminal to a management platform, and when the service is not busy, transmitting all the message information to the management platform;
the management platform is used for generating a feature library based on the equipment information, the message rule and the five-tuple information of the plurality of terminals and acquiring the terminal information and the message information of the terminals; comparing the terminal information with the message information and the feature library to determine the legality of the terminal; when the terminal is a legal terminal, the IP address of the terminal is added into a legal terminal list, and when the terminal is an illegal terminal, the IP address of the terminal is added into an illegal terminal list; transmitting the legal terminal list to safety equipment in a video monitoring system; the management platform judges whether the legal terminal list is changed or not, and only when the legal terminal list is changed, the management platform sends an updated legal terminal list to the safety equipment.
CN202011579724.8A 2020-12-28 2020-12-28 Terminal access method, device and system Active CN112543203B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011579724.8A CN112543203B (en) 2020-12-28 2020-12-28 Terminal access method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011579724.8A CN112543203B (en) 2020-12-28 2020-12-28 Terminal access method, device and system

Publications (2)

Publication Number Publication Date
CN112543203A CN112543203A (en) 2021-03-23
CN112543203B true CN112543203B (en) 2023-04-28

Family

ID=75017709

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011579724.8A Active CN112543203B (en) 2020-12-28 2020-12-28 Terminal access method, device and system

Country Status (1)

Country Link
CN (1) CN112543203B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109544870A (en) * 2018-12-20 2019-03-29 同方威视科技江苏有限公司 Alarm decision method and intelligent monitor system for intelligent monitor system
CN110708336A (en) * 2019-10-29 2020-01-17 杭州迪普科技股份有限公司 Video terminal authentication method and device, electronic equipment and storage medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103326882B (en) * 2013-05-16 2016-03-02 浙江宇视科技有限公司 A kind of video monitoring network management method and device
CN105024999B (en) * 2015-06-02 2018-08-28 江苏恒信和安电子科技有限公司 A kind of IP video surveillance networks safety access method
CN105491007B (en) * 2015-11-13 2018-11-13 浙江宇视科技有限公司 A kind of video monitoring system safety permission method and device
CN107343179B (en) * 2017-08-14 2019-11-29 华北电力大学 A kind of encryption of video information and video terminal safety certifying method
CN107948199B (en) * 2017-12-27 2021-05-25 北京奇安信科技有限公司 Method and device for rapidly detecting terminal shared access
CN108418806B (en) * 2018-02-05 2021-09-24 新华三信息安全技术有限公司 Message processing method and device
CN109067937B (en) * 2018-09-30 2021-08-17 锐捷网络股份有限公司 Terminal access control method, device, equipment, system and storage medium
CN111277421B (en) * 2018-11-16 2022-09-23 慧盾信息安全科技(苏州)股份有限公司 System and method for network camera access safety protection
CN110311809A (en) * 2019-06-12 2019-10-08 杭州迪普科技股份有限公司 The access terminal monitoring and managing method and device of video monitoring system
CN110290124B (en) * 2019-06-14 2022-09-30 杭州迪普科技股份有限公司 Switch input port blocking method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109544870A (en) * 2018-12-20 2019-03-29 同方威视科技江苏有限公司 Alarm decision method and intelligent monitor system for intelligent monitor system
CN110708336A (en) * 2019-10-29 2020-01-17 杭州迪普科技股份有限公司 Video terminal authentication method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN112543203A (en) 2021-03-23

Similar Documents

Publication Publication Date Title
US10432660B2 (en) Advanced cybersecurity threat mitigation for inter-bank financial transactions
Johnson et al. pwnpr3d: an attack-graph-driven probabilistic threat-modeling approach
US20220377093A1 (en) System and method for data compliance and prevention with threat detection and response
US20220201042A1 (en) Ai-driven defensive penetration test analysis and recommendation system
CN112953971B (en) Network security flow intrusion detection method and system
CN113704767A (en) Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system
US10389685B2 (en) Systems and methods for securely transferring selective datasets between terminals
CN111416811A (en) Unauthorized vulnerability detection method, system, equipment and storage medium
US11546295B2 (en) Industrial control system firewall module
CN111464528A (en) Network security protection method, system, computing device and storage medium
CN114598512A (en) Honeypot-based network security guarantee method and device and terminal equipment
US10931790B2 (en) Systems and methods for securely transferring selective datasets between terminals with multi-applications support
CN114169456A (en) Data processing method, device, equipment and medium based on 5G terminal security
CN112543203B (en) Terminal access method, device and system
EP3679506A2 (en) Advanced cybersecurity threat mitigation for inter-bank financial transactions
CN115208682A (en) High-performance network attack feature detection method and device based on snort
CN110868410B (en) Method and device for acquiring webpage Trojan horse connection password, electronic equipment and storage medium
CN113297241A (en) Method, device, equipment, medium and program product for judging network flow
WO2021003424A1 (en) Systems and methods for securely transferring selective datasets between terminals with multi-applications support
CN117494185B (en) Database access control method, device, system, equipment and storage medium
CN111984893B (en) System log configuration conflict reminding method, device and system
CN112788045B (en) Safety protection method and device for network camera
CN111628984B (en) Information processing method, device, equipment and medium
CN115174224B (en) Information security monitoring method and device suitable for industrial control network
CN114844691B (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant