CN113411545A - Control method of key line video monitoring equipment - Google Patents
Control method of key line video monitoring equipment Download PDFInfo
- Publication number
- CN113411545A CN113411545A CN202110520154.3A CN202110520154A CN113411545A CN 113411545 A CN113411545 A CN 113411545A CN 202110520154 A CN202110520154 A CN 202110520154A CN 113411545 A CN113411545 A CN 113411545A
- Authority
- CN
- China
- Prior art keywords
- server
- authentication
- asset
- access control
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
- H04N7/181—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast for receiving images from a plurality of remote sources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N17/00—Diagnosis, testing or measuring for television systems or their details
- H04N17/002—Diagnosis, testing or measuring for television systems or their details for television cameras
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention relates to a control method of a key line video monitoring device, which comprises the following steps: s1, configuring an authentication server A and a policy server B; configuring on a front-end switch to enable all authentication services to point to an authentication server A; s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and meanwhile updates an asset summary table in the policy server B; and S3, the strategy server B updates the asset general table according to the selection of the user, and the authentication server A executes the 'release' or 'blocking' operation on the video monitoring equipment connected with the switch by changing the authorization. The method comprises the steps of inquiring the state of video monitoring equipment of key places and key lines in special scenes, ensuring that the video monitoring equipment needing to be guaranteed works normally, carrying out network blocking on the video equipment needing to be guarded under necessary conditions, and preventing the position information or the traveling route of key personnel from being checked or leaked by irrelevant personnel.
Description
Technical Field
The invention relates to the technical field of video monitoring, in particular to a control method of key line video monitoring equipment.
Background
The video equipment on the guard line can timely return the conditions such as crowd gathering and the road information in front, and the guard task is guaranteed to be carried out orderly, so that the video equipment of the key line acquires the real-time working state, and the video equipment has great practical value for the public security traffic police industry.
The current technical means are mainly carried out manually, namely, a specially-assigned person needs to perform picture query on video equipment along the line one by one through a desktop terminal of a control center to judge which equipment is in a normal working state and which equipment needs emergency maintenance, and if some equipment along the line cannot be maintained, the command center may consider other routes as replacements.
In some special cases, in order to ensure privacy of the movement track of key personnel, video equipment along the line needs to be completely and temporarily offline, and at present, the requirement also needs to arrange a specially-assigned person to control by pulling out a camera connection on site or providing an opaque bag on a camera cover, and when the key personnel leave, the key personnel need to completely reconnect or remove the bag.
In order to solve the problems of large manpower waste and uncertainty caused by the current manual operation mode, the invention utilizes a network communication protocol to quickly solve the actual service requirements of key monitoring, one-key start-stop and the like.
Disclosure of Invention
The invention provides a control method of a key line video monitoring device aiming at the technical problems in the prior art, which is mainly used for inquiring the state of the key site and the key line video monitoring device in a special scene, ensuring that the video monitoring device needing to be ensured works normally, carrying out network blocking on the video device needing to be guarded under necessary conditions and preventing the position information or the traveling route of key personnel from being checked or leaked by irrelevant personnel.
The technical scheme for solving the technical problems is as follows: a control method of a key line video monitoring device comprises the following steps:
s1, configuring an authentication server A and a policy server B; configuring on a front-end switch to enable all authentication services to point to an authentication server A;
s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and meanwhile updates an asset summary table in the policy server B;
and S3, the strategy server B updates the asset general table according to the selection of the user, and the authentication server A executes the 'release' or 'blocking' operation on the video monitoring equipment connected with the switch by changing the authorization.
Further, the method further comprises:
and newly building an asset subset in the policy server B, wherein the asset subset is used for classifying the video equipment of different lines, and the policy server B scans the states of the video equipment in different subsets according to the set scanning frequency.
Further, the configuring on the front-end switch makes all authentication services point to the authentication server a, including:
starting MAC authentication, and pointing a Radius Server of the MAC authentication to an authentication Server A;
configuring an access control list 3001 and an access control list 3002;
the access control list 3001 is used to restrict any source IP from accessing only the authentication server a and the policy server B, and the access control list 3002 is used to restrict any source IP from accessing any destination IP.
Further, in step S2, the access control list ID returned by the authentication server a is the access control list 3001.
Further, the step S3 includes:
with respect to a certain video apparatus, it is,
if the user selects 'release', the policy server B changes the value of the access control list ID corresponding to the video equipment in the asset summary table to NULL, and transmits characteristic parameters to the authentication server A through an API (application program interface), the authentication server A triggers a radius coa packet, changes authorization and informs the switch to change the value of the access control list ID of the equipment to NULL;
if the user selects blocking, the policy server B changes the value of the access control list ID corresponding to the video device in the asset list to 3002, and transmits the characteristic parameters to the authentication server a through the API interface, and the authentication server a triggers the radius coa packet, changes the authorization, and notifies the switch to change the value of the access control list ID of the device to 3002.
The invention has the beneficial effects that: the method of the invention inquires the state of the video monitoring equipment of the key place and key line in a special scene, ensures that the video monitoring equipment needing to be ensured works normally, and blocks the network of the video equipment needing to be guarded under necessary conditions, thereby preventing the position information or the traveling route of key personnel from being checked or leaked by irrelevant personnel. The network communication protocol is utilized to quickly solve the actual service requirements of key monitoring, one-key start and stop and the like.
Drawings
Fig. 1 is a flowchart of a method provided in an embodiment of the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 1, an embodiment of the present invention provides a method for controlling a key line video monitoring device, including the following steps:
s1, configuring an authentication server A and a policy server B; the authentication server a and the policy server B may be the same device or different devices.
After the authentication server A and the policy server B are configured, configuration needs to be carried out on a front-end switch, so that all authentication services point to the authentication server A; this includes two parts:
1) configuration ACL3001 and ACL 3002; (ACL: access control list)
2) Starting MAC authentication, and directing the authentication service (radius server) of the MAC authentication to an authentication server A.
ACL3001 is used for limiting any source IP to access only A and B servers, and ACL3002 is used for limiting any source IP to prohibit access to other any target IP.
S2, the authentication server a returns an authentication accept message (radius accept) and an access control list ID "Filter ID ═ 3001" after receiving any authentication request (radius request), and synchronously updates an Asset table, i.e. an Asset total table, in the policy server B database according to the fields in the radius request message; the asset summary table has the following basic data:
Asset-ID | Asset-MAC | Asset-IP | Asset-ACL | Asset-Status | Asset-Group |
1 | 11:22:33:44:55:66 | 192.168.0.1 | 3001 | UP | |
2 | 11:22:33:44:55:67 | 192.168.0.2 | 3001 | UP | |
3 | 00:11:22:33:44:55 | 192.168.1.1 | 3001 | UP | |
4 | 00:11:22:33:44:56 | 192.168.1.2 | 3001 | UP |
the above is an example, Asset-ID is database increment, Asset-MAC and Asset-IP are from Calling-Station-ID and Frame-IP-Address in the Radius Request message. Asset-ACL, Asset-Status, Asset-Group are 3001, UP and null in sequence in the initial state.
And S3, the strategy server B updates the asset general table according to the selection of the user, and the authentication server A executes the 'release' or 'blocking' operation on the video monitoring equipment connected with the switch by changing the authorization.
After all devices are connected to the switch, in step S2, the IP of the a and B servers can only be accessed, and the video gateway or other platform IP addresses cannot be connected. The policy server B will provide Web services, show each line of Asset table content to the user, and provide menus of "let go", "block" and the like to the user for access control selection:
if the user selects "release" for the entry of "Asset-ID ═ 1", server B will adjust Asset-ACL to NULL and transmit to server a two parameters through API interface, where: "Asset-MAC ═ 11:22:33:44:55: 66" Policy ═ permit "corresponding to" Asset-ID ═ 1 "; after receiving the API transfer parameters, the server a triggers a radius coa packet to notify the switch to notify the device "Filter-ID ═ of the loading-station-ID ═ 11:22:33:44:55: 66"
If the user selects "block" for the entry of "Asset-ID ═ 2", server B will adjust Asset-ACL to 3002 and will transmit to server a two parameters through the API interface, where (11: 22:33:44:55:67 "Policy ═ dense" corresponding to "Asset-ID ═ 2"; after receiving the API transfer parameters, server a triggers a radius coa packet to notify the switch to "Filter-ID 3002" for the device having the loading-station-ID of 11:22:33:44:55: 67. As shown in the following table:
Asset-ID | Asset-MAC | Asset-IP | Asset-ACL | Asset-Status | Asset-Group |
1 | 11:22:33:44:55:66 | 192.168.0.1 | NULL | UP | |
2 | 11:22:33:44:55:67 | 192.168.0.2 | 3002 | UP | |
3 | 00:11:22:33:44:55 | 192.168.1.1 | 3001 | UP | |
4 | 00:11:22:33:44:56 | 192.168.1.2 | 3001 | UP |
as a preferred embodiment, the user may identify the homing of the subset of assets by self-creating a new Asset-Group (i.e., subset of assets) on policy server B and selectively sorting each Asset-ID of the Asset table (i.e., summary of assets). Such as newly created Asset-Group route1 and route2, Group video devices for different travel routes into different Asset subsets.
Asset-ID | Asset-MAC | Asset-IP | Asset-ACL | Asset-Status | Asset-Group |
1 | 11:22:33:44:55:66 | 192.168.0.1 | NULL | UP | route1 |
2 | 11:22:33:44:55:67 | 192.168.0.2 | 3002 | UP | route1 |
3 | 00:11:22:33:44:55 | 192.168.1.1 | 3001 | UP | route2 |
4 | 00:11:22:33:44:56 | 192.168.1.2 | 3001 | UP | route2 |
The administrator may initiate a fast online status scan of all devices within the asset subset route2 and set the scan frequency. After finishing the frequency setting, the server B will start fping to perform high-frequency ping test on route2 devices in all asset tables to confirm whether the network connection is normal, and present the result to the control center on the interface, which devices are in abnormal state.
If the administrator wishes to initiate an instant offline command for all the monitoring devices in the Asset subset route2, the server B will adjust "Asset-ACL" of all the route2 devices to 3002, and sequentially transmit "Asset-MAC" and "Policy-dense" of all the route2 devices to the server a through the API interface, and the server a will trigger the radius coa packet after receiving the parameters, and notify the switch to set "Filter-ID" of the device with the loading-ID to 3002 ", thereby implementing the offline processing of the corresponding device.
After the guard task is completed, if the administrator wants to bring the offline Asset back online, only an instant online instruction needs to be started, the server B will adjust "Asset-ACL" of all route2 devices to NULL, and sequentially transmit "Asset-MAC" and "Policy-permit" of all route2 devices to the server a through the API interface, the server a will trigger the radius coa packet after receiving the parameters, and notify the switch to put "Filter-ID" of the device with the loading-ID "on the server a, thereby implementing online processing of the corresponding device.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (5)
1. A control method of a key line video monitoring device is characterized by comprising the following steps:
s1, configuring an authentication server A and a policy server B; configuring on a front-end switch to enable all authentication services to point to an authentication server A;
s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and meanwhile updates an asset summary table in the policy server B;
and S3, the strategy server B updates the asset general table according to the selection of the user, and the authentication server A executes the 'release' or 'blocking' operation on the video monitoring equipment connected with the switch by changing the authorization.
2. The method of claim 1, further comprising:
and newly building an asset subset in the policy server B, wherein the asset subset is used for classifying the video equipment of different lines, and the policy server B scans the states of the video equipment in different subsets according to the set scanning frequency.
3. The method of claim 1, wherein configuring on a front-end switch such that all authentication services are directed to authentication server a comprises:
starting MAC authentication, and pointing a Radius Server of the MAC authentication to an authentication Server A;
configuring an access control list 3001 and an access control list 3002;
the access control list 3001 is used to restrict any source IP from accessing only the authentication server a and the policy server B, and the access control list 3002 is used to restrict any source IP from accessing any destination IP.
4. The method according to claim 3, wherein in step S2, the access control list ID returned by the authentication server A is the access control list 3001.
5. The method according to claim 3, wherein the step S3 comprises:
with respect to a certain video apparatus, it is,
if the user selects 'release', the policy server B changes the value of the access control list ID corresponding to the video equipment in the asset summary table to NULL, and transmits characteristic parameters to the authentication server A through an API (application program interface), the authentication server A triggers a radius coa packet, changes authorization and informs the switch to change the value of the access control list ID of the equipment to NULL;
if the user selects blocking, the policy server B changes the value of the access control list ID corresponding to the video device in the asset list to 3002, and transmits the characteristic parameters to the authentication server a through the API interface, and the authentication server a triggers the radius coa packet, changes the authorization, and notifies the switch to change the value of the access control list ID of the device to 3002.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110520154.3A CN113411545B (en) | 2021-05-12 | 2021-05-12 | Control method of key line video monitoring equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110520154.3A CN113411545B (en) | 2021-05-12 | 2021-05-12 | Control method of key line video monitoring equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113411545A true CN113411545A (en) | 2021-09-17 |
CN113411545B CN113411545B (en) | 2023-07-18 |
Family
ID=77678451
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110520154.3A Active CN113411545B (en) | 2021-05-12 | 2021-05-12 | Control method of key line video monitoring equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113411545B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008002102A1 (en) * | 2006-06-30 | 2008-01-03 | Posdata Co., Ltd. | Dvr server and method for controlling access to monitoring device in network-based dvr system |
CN101656874A (en) * | 2009-09-17 | 2010-02-24 | 杭州智傲科技有限公司 | Remote video monitoring method |
CN101867579A (en) * | 2010-06-09 | 2010-10-20 | 杭州华三通信技术有限公司 | Method and device for switching user network access authorities |
JP2014119962A (en) * | 2012-12-17 | 2014-06-30 | Mitsubishi Electric Corp | Information communication system, authentication device, access control method of information communication system, and access control program |
WO2014206945A1 (en) * | 2013-06-24 | 2014-12-31 | Telefonica Digital España, S.L.U. | A computer implemented method to improve security in authentication/authorization systems and computer programs products thereof |
CN106330886A (en) * | 2016-08-18 | 2017-01-11 | 浙江大华技术股份有限公司 | Method and equipment for protecting video privacy in remote monitoring |
CN106790134A (en) * | 2016-12-28 | 2017-05-31 | 浙江宇视科技有限公司 | The access control method and Security Policy Server of a kind of video monitoring system |
CN107770773A (en) * | 2016-08-19 | 2018-03-06 | 中兴通讯股份有限公司 | A kind of monitor video management method and system, terminal and server |
CN110611682A (en) * | 2019-09-27 | 2019-12-24 | 深信服科技股份有限公司 | Network access system, network access method and related equipment |
JP2021002736A (en) * | 2019-06-21 | 2021-01-07 | 株式会社東急コミュニティー | Monitoring camera system |
-
2021
- 2021-05-12 CN CN202110520154.3A patent/CN113411545B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008002102A1 (en) * | 2006-06-30 | 2008-01-03 | Posdata Co., Ltd. | Dvr server and method for controlling access to monitoring device in network-based dvr system |
CN101656874A (en) * | 2009-09-17 | 2010-02-24 | 杭州智傲科技有限公司 | Remote video monitoring method |
CN101867579A (en) * | 2010-06-09 | 2010-10-20 | 杭州华三通信技术有限公司 | Method and device for switching user network access authorities |
JP2014119962A (en) * | 2012-12-17 | 2014-06-30 | Mitsubishi Electric Corp | Information communication system, authentication device, access control method of information communication system, and access control program |
WO2014206945A1 (en) * | 2013-06-24 | 2014-12-31 | Telefonica Digital España, S.L.U. | A computer implemented method to improve security in authentication/authorization systems and computer programs products thereof |
CN106330886A (en) * | 2016-08-18 | 2017-01-11 | 浙江大华技术股份有限公司 | Method and equipment for protecting video privacy in remote monitoring |
CN107770773A (en) * | 2016-08-19 | 2018-03-06 | 中兴通讯股份有限公司 | A kind of monitor video management method and system, terminal and server |
CN106790134A (en) * | 2016-12-28 | 2017-05-31 | 浙江宇视科技有限公司 | The access control method and Security Policy Server of a kind of video monitoring system |
JP2021002736A (en) * | 2019-06-21 | 2021-01-07 | 株式会社東急コミュニティー | Monitoring camera system |
CN110611682A (en) * | 2019-09-27 | 2019-12-24 | 深信服科技股份有限公司 | Network access system, network access method and related equipment |
Also Published As
Publication number | Publication date |
---|---|
CN113411545B (en) | 2023-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101175078B (en) | Identification of potential network threats using a distributed threshold random walk | |
CN101340444B (en) | Fireproof wall and server policy synchronization method, system and apparatus | |
CN100544279C (en) | The method of monitoring illegal access point, equipment and system in the WLAN (wireless local area network) | |
CN100454836C (en) | Method and system for service tracking | |
CN109347784B (en) | Terminal access control method, controller, control equipment and system | |
CN102984031B (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
CN107135548B (en) | Method and device for updating BSSID and connecting network | |
CN105915550A (en) | SDN-based Portal/Radius authentication method | |
CN107769978A (en) | Management method, system, router and the server that a kind of terminal device networks | |
CN105142116B (en) | A kind of the communication network switching method and switching system of smart machine | |
CN104486764A (en) | Wireless network detection method, server and wireless network sensor | |
KR101117628B1 (en) | Wireless security system capable of detecting non-authorized access of wireless terminal and method thereof | |
CN106209799A (en) | A kind of method, system and dynamic firewall realizing dynamic network protection | |
CN109525620A (en) | A kind of message push system, method and device | |
CN104253798A (en) | Network security monitoring method and system | |
CN113411545B (en) | Control method of key line video monitoring equipment | |
CN103108302A (en) | Security policy issuing method, network element and system for achieving the same | |
KR102300124B1 (en) | video surveillance system by use of core VMS and edge VMS in mobile edge computing | |
CN114500175B (en) | Communication method for reversely dividing home VLAN based on IP address of user equipment | |
CN101031133B (en) | Method and apparatus for determining mobile-node home agent | |
CN103414648B (en) | A kind of communication flow rate control method and system | |
CN109886427A (en) | Method for inspecting is managed in power transformation lean work on the spot | |
CN103414653B (en) | A kind of flow control methods and system | |
CN103414652B (en) | A kind of communication message processing method and system | |
CN106712987A (en) | Network control processing method and device, and software defined network system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |