CN113411545B - Control method of key line video monitoring equipment - Google Patents
Control method of key line video monitoring equipment Download PDFInfo
- Publication number
- CN113411545B CN113411545B CN202110520154.3A CN202110520154A CN113411545B CN 113411545 B CN113411545 B CN 113411545B CN 202110520154 A CN202110520154 A CN 202110520154A CN 113411545 B CN113411545 B CN 113411545B
- Authority
- CN
- China
- Prior art keywords
- server
- authentication
- asset
- access control
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
- H04N7/181—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast for receiving images from a plurality of remote sources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N17/00—Diagnosis, testing or measuring for television systems or their details
- H04N17/002—Diagnosis, testing or measuring for television systems or their details for television cameras
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a control method of a key line video monitoring device, which comprises the following steps: s1, configuring an authentication server A and a policy server B; configuring on the front-end switch such that all authentication services are directed to the authentication server a; s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and simultaneously updates an asset summary table in the policy server B; and S3, the policy server B updates the asset summary list according to the selection of the user, and meanwhile, the authentication server A executes a pass-through or block operation on video monitoring equipment connected with the switch by changing the authorization. The method aims at the video monitoring equipment of key places and key lines in a special scene to perform state inquiry, ensures that the video monitoring equipment to be ensured works normally, performs network blocking on the video equipment to be guarded under the necessary condition, and prevents the position information or the travelling route of key personnel from being checked or leaked by irrelevant personnel.
Description
Technical Field
The invention relates to the technical field of video monitoring, in particular to a control method of key line video monitoring equipment.
Background
The video equipment on the guard line can timely transmit back whether conditions such as crowd gathering and the road information in front of the guard line, and the guard task is guaranteed to be orderly carried out, so that the video equipment on the key line can acquire the real-time working state, and the system has great practical value for the public security traffic police industry.
The prior technical means is mainly carried out manually, namely, a special person needs to be arranged to inquire pictures of video equipment along the line one by one through a desktop terminal of a control center so as to judge which equipment is in a normal working state and which equipment needs emergency maintenance, and if some equipment along the line cannot be maintained, a command center possibly considers other routes as replacement.
In some special cases, in order to ensure the privacy of the action track of the key personnel, all the video equipment along the line needs to be temporarily offline, at present, the needs also need to arrange special persons to control by removing the camera connecting line on site or giving the camera an opaque bag, and when the key personnel leave, all the key personnel need to be reconnected or the bag needs to be removed.
In order to solve the problems of great manpower waste and uncertainty caused by the current manual operation mode, the invention utilizes a network communication protocol to rapidly solve the actual service demands such as key monitoring, one-key start-stop and the like.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a control method of a key line video monitoring device, which is mainly used for inquiring the state of the key places and the key line video monitoring devices in special scenes, ensuring that the video monitoring devices to be ensured work normally, and blocking the network of the video devices to be guarded under the necessary condition, so as to prevent the position information or the travelling route of key personnel from being checked or leaked by irrelevant personnel.
The technical scheme for solving the technical problems is as follows: a control method of a key line video monitoring device comprises the following steps:
s1, configuring an authentication server A and a policy server B; configuring on the front-end switch such that all authentication services are directed to the authentication server a;
s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and simultaneously updates an asset summary table in the policy server B;
and S3, the policy server B updates the asset summary list according to the selection of the user, and meanwhile, the authentication server A executes a pass-through or block operation on video monitoring equipment connected with the switch by changing the authorization.
Further, the method further comprises:
and newly establishing an asset subset in the strategy server B, wherein the asset subset is used for classifying video equipment of different lines, and the strategy server B performs state scanning on the video equipment in different subsets according to the set scanning frequency.
Further, the configuring on the front-end switch, so that all authentication services are directed to the authentication server a, includes:
starting MAC authentication, and directing a Radius Server of the MAC authentication to an authentication Server A;
configuring an access control list 3001 and an access control list 3002;
wherein the access control list 3001 is used to restrict any source IP to access only the authentication server a and the policy server B, and the access control list 3002 is used to restrict any source IP from accessing any target IP.
Further, in step S2, the access control list ID returned by the authentication server a is the access control list 3001.
Further, the step S3 includes:
for a certain video device,
if the user selects 'release', the policy server B changes the value of the access control list ID corresponding to the video equipment in the asset summary list into NULL, and transmits characteristic parameters to the authentication server A through an API interface, the authentication server A triggers a radius coa package, changes authorization, and informs a switch to change the value of the access control list ID of the equipment into a NULL value;
if the user selects "blocking", the policy server B changes the value of the access control list ID corresponding to the video device in the asset list table to 3002, and transmits the feature parameter to the authentication server a through the API interface, and the authentication server a triggers the radius coa package, changes the authorization, and notifies the switch to change the value of the access control list ID of the device to 3002.
The beneficial effects of the invention are as follows: the method of the invention aims at the video monitoring equipment of the key places and key lines in the special scene to perform state inquiry, ensures that the video monitoring equipment to be ensured works normally, performs network blocking on the video equipment to be guarded under the necessary condition, and prevents the position information or the travelling route of the key personnel from being checked or leaked by irrelevant personnel. The network communication protocol is utilized to rapidly solve the actual service demands such as key monitoring, one-key start-stop and the like.
Drawings
Fig. 1 is a flowchart of a method according to an embodiment of the present invention.
Detailed Description
The principles and features of the present invention are described below with reference to the drawings, the examples are illustrated for the purpose of illustrating the invention and are not to be construed as limiting the scope of the invention.
As shown in fig. 1, an embodiment of the present invention provides a control method for a video monitoring device for an important line, including the following steps:
s1, configuring an authentication server A and a policy server B; the authentication server a and the policy server B may be the same device or may be different devices.
After the authentication server A and the policy server B are configured, configuration is required on the front-end switch, so that all authentication services are directed to the authentication server A; here comprising two part of the content:
1) Configuring ACL3001 and ACL3002; (ACL: access control list, access control List)
2) And opening the MAC authentication, and directing an authentication service (radius server) of the MAC authentication to the authentication server A.
Where ACL3001 is intended to limit any source IP access to only a, B servers, ACL3002 is intended to limit any source IP access to any other target IP.
S2, after receiving any authentication request (radius request), the authentication server A returns an authentication acceptance message (radius accept) and an access control list ID of 'Filter ID= 3001', and synchronously updates an Asset table in a database of the policy server B, namely an Asset summary table according to a field in the radius request message; the asset summary table has the following basic data:
Asset-ID | Asset-MAC | Asset-IP | Asset-ACL | Asset-Status | Asset-Group |
1 | 11:22:33:44:55:66 | 192.168.0.1 | 3001 | UP | |
2 | 11:22:33:44:55:67 | 192.168.0.2 | 3001 | UP | |
3 | 00:11:22:33:44:55 | 192.168.1.1 | 3001 | UP | |
4 | 00:11:22:33:44:56 | 192.168.1.2 | 3001 | UP |
the above is an example where the Asset-ID is self-increment to the database, and Asset-MAC and Asset-IP are from the paging-Station-ID and Frame-IP-Address in the Radius Request message. Asset-ACL, asset-Status, asset-Group are 3001, UP and blank in this order in the initial state.
And S3, the policy server B updates the asset summary list according to the selection of the user, and meanwhile, the authentication server A executes a pass-through or block operation on video monitoring equipment connected with the switch by changing the authorization.
After all devices are connected to the switch, through step S2, only access to the a, B server IP is possible, but the video gateway or other platform IP addresses cannot be connected. The policy server B provides Web service, shows the contents of each row of the Asset table for the user, and provides menus such as release, blocking and the like for the user to select access control:
if the user selects "release" for the entry of "Asset-id=1", the server B will adjust Asset-ACL to NULL and transmit the parameters to the server a through the API interface, where "Asset-mac=11:22:33:44:55:66" (2) "policy=permission" corresponds to "1" Asset-id=1 "; after receiving the above API transfer parameters, the server a triggers a radius coa packet to notify the switch of the device "Filter-id=" of the rolling-station-id=11:22:33:44:55:66:
if the user selects "blocking" for the entry "Asset-id=2", the server B will adjust Asset-ACL to 3002 and will transmit the Asset-ACL to the server a through the API interface, and the "Asset-mac=11:22:33:44:55:67" (2) "corresponding to the" Asset-id=2 "; after receiving the above API transfer parameters, the server a triggers a radius coa packet to notify the switch of the device "Filter-id= 3002" of rolling-station-id=11:22:33:44:55:67. I.e. as shown in the following table:
Asset-ID | Asset-MAC | Asset-IP | Asset-ACL | Asset-Status | Asset-Group |
1 | 11:22:33:44:55:66 | 192.168.0.1 | NULL | UP | |
2 | 11:22:33:44:55:67 | 192.168.0.2 | 3002 | UP | |
3 | 00:11:22:33:44:55 | 192.168.1.1 | 3001 | UP | |
4 | 00:11:22:33:44:56 | 192.168.1.2 | 3001 | UP |
as a preferred embodiment, the user may create Asset-groups (i.e., asset subsets) on his own initiative at policy server B and select and sort the individual Asset-IDs of the Asset table (i.e., asset summary table) to confirm the hosting of the Asset subsets. Such as newly created Asset-Group route1 and route2, to generalize video devices of different travel routes into different subsets of assets.
Asset-ID | Asset-MAC | Asset-IP | Asset-ACL | Asset-Status | Asset-Group |
1 | 11:22:33:44:55:66 | 192.168.0.1 | NULL | UP | route1 |
2 | 11:22:33:44:55:67 | 192.168.0.2 | 3002 | UP | route1 |
3 | 00:11:22:33:44:55 | 192.168.1.1 | 3001 | UP | route2 |
4 | 00:11:22:33:44:56 | 192.168.1.2 | 3001 | UP | route2 |
An administrator may initiate a fast online status scan for all devices within asset subset route2 and set the scan frequency. After completing the frequency setting, the server B will start fping to perform high-frequency ping test on route2 devices in all the asset tables to confirm whether the network connection is normal, and present the interface to the control center which devices are abnormal.
If the administrator wants to start an instant offline command for all monitoring devices in the Asset subset route2, the server B will adjust "Asset-ACL" of all route2 devices to 3002, and sequentially transmit "Asset-MAC" and "policy=deny" of all route2 devices to the server a through the API interface, and after receiving the parameters, the server a will trigger a radius coa packet to notify the switch of the device "Filter-id= 3002" of the rolling-station-id= "Asset-MAC", thereby implementing the offline processing of the corresponding device.
When the guard task is completed, if an administrator wants to re-line the offline Asset, the administrator only needs to start an instant line-up instruction, then the server B will adjust "Asset-ACL" of all route2 devices to NULL, and sequentially transmit "Asset-MAC" and "policy=limit" of all route2 devices to the server a through the API interface, after receiving the parameters, the server a will trigger a radius coa packet, and notify the switch to perform line-up processing of the corresponding device by notifying the switch of the device "Filter-id=" of the Asset-MAC ".
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (4)
1. The control method of the key line video monitoring equipment is characterized by comprising the following steps of:
s1, configuring an authentication server A and a policy server B; configuring on the front-end switch such that all authentication services are directed to the authentication server a;
s2, the authentication server A returns an authentication acceptance message and an access control list ID after receiving any authentication request, and simultaneously updates an asset summary table in the policy server B;
s3, the policy server B updates the asset summary table according to the selection of the user, and meanwhile, the authentication server A executes 'release' or 'blocking' operation on video monitoring equipment connected with the switch by changing the authorization;
and newly establishing an asset subset in the strategy server B, wherein the asset subset is used for classifying video equipment of different lines, and the strategy server B performs state scanning on the video equipment in different subsets according to the set scanning frequency.
2. The method of claim 1, wherein the configuring at the head-end switch such that all authentication services are directed to the authentication server a comprises:
starting MAC authentication, and directing a radio Server of the MAC authentication to an authentication server A;
configuring an access control list 3001 and an access control list 3002;
wherein the access control list 3001 is used to restrict any source IP to access only the authentication server a and the policy server B, and the access control list 3002 is used to restrict any source IP from accessing any target IP.
3. The method according to claim 2, wherein in step S2, the access control list ID returned by the authentication server a is the access control list 3001.
4. The method according to claim 2, wherein said step S3 comprises:
for a certain video device,
if the user selects 'release', the policy server B changes the value of the access control list ID corresponding to the video equipment in the asset summary list into NULL, and transmits characteristic parameters to the authentication server A through an API interface, the authentication server A triggers a radius package, changes authorization, and informs a switch to change the value of the access control list ID of the equipment into a NULL value;
if the user selects "blocking", the policy server B changes the value of the access control list ID corresponding to the video device in the asset table to 3002, and transmits the feature parameter to the authentication server a through the API interface, and the authentication server a triggers the radius package, changes the authorization, and notifies the switch to change the value of the access control list ID of the device to 3002.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110520154.3A CN113411545B (en) | 2021-05-12 | 2021-05-12 | Control method of key line video monitoring equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110520154.3A CN113411545B (en) | 2021-05-12 | 2021-05-12 | Control method of key line video monitoring equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113411545A CN113411545A (en) | 2021-09-17 |
CN113411545B true CN113411545B (en) | 2023-07-18 |
Family
ID=77678451
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110520154.3A Active CN113411545B (en) | 2021-05-12 | 2021-05-12 | Control method of key line video monitoring equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113411545B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008002102A1 (en) * | 2006-06-30 | 2008-01-03 | Posdata Co., Ltd. | Dvr server and method for controlling access to monitoring device in network-based dvr system |
CN101656874A (en) * | 2009-09-17 | 2010-02-24 | 杭州智傲科技有限公司 | Remote video monitoring method |
JP2014119962A (en) * | 2012-12-17 | 2014-06-30 | Mitsubishi Electric Corp | Information communication system, authentication device, access control method of information communication system, and access control program |
CN106330886A (en) * | 2016-08-18 | 2017-01-11 | 浙江大华技术股份有限公司 | Method and equipment for protecting video privacy in remote monitoring |
CN107770773A (en) * | 2016-08-19 | 2018-03-06 | 中兴通讯股份有限公司 | A kind of monitor video management method and system, terminal and server |
JP2021002736A (en) * | 2019-06-21 | 2021-01-07 | 株式会社東急コミュニティー | Monitoring camera system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101867579B (en) * | 2010-06-09 | 2013-07-03 | 杭州华三通信技术有限公司 | Method and device for switching user network access authorities |
BR112015032258B1 (en) * | 2013-06-24 | 2023-01-31 | Telefonica Digital Espana, S.L.U. | METHOD IMPLEMENTED BY COMPUTER FOR SECURITY OF OPERATIONS IN AUTHENTICATION AND AUTHORIZATION SYSTEMS USING BIOMETRIC INFORMATION AND COMMUNICATION SYSTEM FOR SECURITY OF OPERATIONS IN AUTHENTICATION AND AUTHORIZATION SYSTEMS USING BIOMETRIC INFORMATION |
CN106790134B (en) * | 2016-12-28 | 2021-01-29 | 浙江宇视科技有限公司 | Access control method of video monitoring system and security policy server |
CN110611682A (en) * | 2019-09-27 | 2019-12-24 | 深信服科技股份有限公司 | Network access system, network access method and related equipment |
-
2021
- 2021-05-12 CN CN202110520154.3A patent/CN113411545B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008002102A1 (en) * | 2006-06-30 | 2008-01-03 | Posdata Co., Ltd. | Dvr server and method for controlling access to monitoring device in network-based dvr system |
CN101656874A (en) * | 2009-09-17 | 2010-02-24 | 杭州智傲科技有限公司 | Remote video monitoring method |
JP2014119962A (en) * | 2012-12-17 | 2014-06-30 | Mitsubishi Electric Corp | Information communication system, authentication device, access control method of information communication system, and access control program |
CN106330886A (en) * | 2016-08-18 | 2017-01-11 | 浙江大华技术股份有限公司 | Method and equipment for protecting video privacy in remote monitoring |
CN107770773A (en) * | 2016-08-19 | 2018-03-06 | 中兴通讯股份有限公司 | A kind of monitor video management method and system, terminal and server |
JP2021002736A (en) * | 2019-06-21 | 2021-01-07 | 株式会社東急コミュニティー | Monitoring camera system |
Also Published As
Publication number | Publication date |
---|---|
CN113411545A (en) | 2021-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101175078B (en) | Identification of potential network threats using a distributed threshold random walk | |
CN105516986B (en) | A kind of method, terminal, data processor and system detecting pseudo-base station | |
US9749337B2 (en) | System and apparatus for rogue VoIP phone detection and managing VoIP phone mobility | |
CN101411156B (en) | Automated containment of network intruder | |
CN101136922B (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
CN100454836C (en) | Method and system for service tracking | |
CN105915550A (en) | SDN-based Portal/Radius authentication method | |
CN1996893A (en) | Method, device and system for monitoring illegal access point in the wireless LAN | |
CN105207853A (en) | Local area network monitoring management method | |
CN101651537A (en) | Method and device for performing distributed security control in communication network system | |
CN112787836B (en) | Information security network topology system for rail transit and method for implementing information security for rail transit | |
CN107769978A (en) | Management method, system, router and the server that a kind of terminal device networks | |
CN101227339A (en) | Method for monitoring data traffic based on contents and/or IP address | |
CN104486764A (en) | Wireless network detection method, server and wireless network sensor | |
CN108206938B (en) | Video distribution method of public security information network | |
CN106790134B (en) | Access control method of video monitoring system and security policy server | |
CN113411545B (en) | Control method of key line video monitoring equipment | |
CN103108302A (en) | Security policy issuing method, network element and system for achieving the same | |
CN114500175B (en) | Communication method for reversely dividing home VLAN based on IP address of user equipment | |
CN107040507A (en) | Network blocking method and equipment | |
CN109886427A (en) | Method for inspecting is managed in power transformation lean work on the spot | |
CN104683326A (en) | Method for preventing hostile exhausting of DHCP (dynamic host configuration protocol) server address pool | |
CN109922058B (en) | Intranet protection method for preventing illegal access to intranet | |
CN104104532B (en) | A kind of information processing method, apparatus and system | |
CN106506495B (en) | Terminal online control method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |