JP2003061078A - Supervisory system for specified area - Google Patents

Abstract

PROBLEM TO BE SOLVED: To acquire a supervisory image, even if a global IP address assigned on the Internet is dynamically changed. SOLUTION: The supervisory system for collecting a supervisory image photographed by an imaging means 1 through the Internet, is provided with first communication means provided to the imaging means 1 and second communication means placed at a collection means. The first communication means 2, 3 inform particular global IP addresses on the Internet, having been assigned in advance to the second communication means about identification information provided in advance to the first communication means 2, 3 and also global IP addresses on the Internet assigned to themselves dynamically at every revision, and the second communication 3, 7 update and register their global IP addresses specified by the identification information and having been registered in cross-reference with the first communication means 2, 3 into notified new global IP addresses.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention makes it possible to monitor a specific area in which an image pickup means such as a surveillance camera is installed using an internet network, using an information terminal such as a personal computer owned by a user. A monitoring system for a specific area.

[0002]

2. Description of the Related Art In recent years, as security information has deteriorated and the importance of security has expanded, surveillance cameras have been installed in stores, offices, homes, etc. Computers have been used to monitor each store and the like.

In a surveillance system for accessing these surveillance cameras from a surveillance computer to obtain surveillance images for surveillance, conventionally, a store or office in which the surveillance cameras are installed and a surveillance computer are installed. In addition, a system is used in which head offices and the like are connected by a telephone line, and if necessary, a communication device to which a surveillance camera is connected is dialed up to obtain a surveillance image.

[0004]

However, in these conventional surveillance systems, a call charge is charged each time a call is made to obtain a surveillance image, or even if the flat-rate system is used, the transmission rate is reduced. However, there is a problem in that it takes a long time to transmit the monitoring image.

Therefore, as a method for solving these problems, along with the recent spread of the transmission band to broadband, a high-speed constant connection environment, for example, a high-speed constant connection using a communication line of a cable TV or ADSL ( Asymmetric D
igital Subscriber Line), a high-speed constant connection using a telephone line, and a method of acquiring images of each surveillance camera by using the Internet network are conceivable. If these high-speed constant connections are used, Although inexpensive and high-speed image transmission is possible, in these high-speed constant connection services, in order for the providers who carry out these services to carry out connection services at low cost, it is normal for each connection terminal to be connected to the Internet network. Since a dynamic global IP address that dynamically changes is assigned as the address of the monitor, the global IP address is changed when these high-speed constant connections are used, making it difficult to obtain the monitoring image. There was a problem that it would end up.

Therefore, the present invention has been made by paying attention to the above-mentioned problems, and makes it possible to obtain a monitoring image even if the global IP address assigned on the Internet network changes dynamically. Therefore, it is an object of the present invention to provide a monitoring system for a specific area that can utilize a high-speed constant connection environment to which these dynamic global IP addresses are assigned.

[0007]

In order to achieve the above-mentioned object, a monitoring system for a specific area of the present invention comprises an image pickup means for photographing a specific area and an open computer for monitoring images photographed by the image pickup means. At least the collecting means for collecting through the internet network, which is a network, and the outputting means for outputting the collected monitoring image, the specific area photographed by the imaging means can be monitored by the outputting means. A monitoring system for a specific area, wherein the collecting means has a first communication means provided on the imaging means side and a second communication means provided on the output means side across the Internet network. , The first communication means, with respect to a unique global IP address on the Internet network previously assigned to the second communication means,
The global IP address dynamically assigned to itself along with the identification information assigned to the first communication means in advance is notified each time the change is made, and the second communication means is specified by the identification information. The global IP address registered in association with the first communication means is updated and registered in the notified new global IP address. According to this feature, even if the global IP address on the Internet network assigned to the first communication unit provided on the image pickup unit side is dynamically changed, the changed new global IP address is Since the second communication means on the output means side is notified to the global IP address fixedly assigned in advance, the second communication means accesses the first communication means to access the imaging means. It is possible to obtain the monitoring image photographed by, and thus it is possible to use the high-speed constant connection environment in which the global IP address is dynamically assigned.

In the monitoring system for a specific area of the present invention, the first communication means and the second communication means are preliminarily provided with the second communication means.
To establish a communication path between the unique global IP address on the Internet network assigned to the communication means and the dynamic global IP address on the Internet network assigned to the notified and registered first communication means. A global IP route establishing means, and a local IP packet transmitting / receiving means for transmitting / receiving an IP packet to which a local IP address is given, within the global IP communication route on the Internet network established by the global IP route establishing means. It is preferable to provide. With this configuration, the local area networks (LANs) formed ahead of the communication means are pseudo-connected to each other through the Internet network, and the first communication means includes a plurality of image pickup means. Is connected to the LAN,
When a plurality of output means corresponding to a plurality of first communication means are LAN-connected to the second communication means, it is not necessary to install a plurality of communication means, and the system can be constructed at low cost.

In the monitoring system for a specific area of the present invention, it is preferable that the first communication means and the second communication means include an authentication means for authenticating each other's communication means. By doing so, it is possible to prevent the surveillance image from being stolen due to unauthorized access.

The monitoring system for a specific area of the present invention includes an encryption means for encrypting the transmission packet to which each IP address is added, and a decryption for decrypting the transmission packet encrypted by the encryption means. It is preferable to include means. This makes it possible to prevent the contents of the transmission packet from being stolen even if the transmission packet transmitted on the Internet network is illegally exploited.

The monitoring system for a specific area of the present invention comprises image compression means for compressing the monitoring image photographed by the image pickup means, the compressed monitoring image is collected by the collecting means, and the output means is provided. Preferably comprises decompression means for decompressing the compression monitoring image. By doing so, not only the transmission time of the monitoring image can be shortened but also the communication load in the transmission of the monitoring image can be reduced.

[0012]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. (Embodiment) First, FIG. 1 is a block diagram showing a configuration of a monitoring system for a specific area of this embodiment, and FIG. 2 is a configuration of an image transmission device 2 used in the monitoring system for a specific area of this embodiment. 3 is an explanatory diagram showing a data flow in each processing unit inside the image transmission device 2 of the present embodiment, and FIG. 4 is used for a monitoring system of a specific area of the present embodiment. FIG. 3 is a diagram showing the configuration of the VPN device
FIG. 5 is an explanatory diagram showing a data flow in each processing unit in the VPN apparatus of this embodiment, and FIG. 6 is an image transmission apparatus DB registered in the VPN apparatus used in this embodiment.
7 is a diagram showing the transmission status of an IP packet in the monitoring system of the specific area of this embodiment, and FIG. 8 is a processing content of transmission / reception processing in the image transmission device of this embodiment. FIG. 9 is a diagram showing the exchange of data between the image transmission device 2 used in the surveillance system of the specific area of this embodiment and the VPN server which is the collecting means, and FIG. V in the example image transmission device
It is a flowchart which shows the monitoring processing content of PN connection.

First, the monitoring system for a specific area of the present embodiment is configured as shown in FIG. 1, and is installed in each of the monitoring areas, stores ac, and through the ADSL modem 3 and the Internet provider (ISP). Image transmission device 2 connected to the Internet network 5, the surveillance camera 1 as an image pickup device connected to the image transmission device 2, and installed at the head office side through the ADSL modem 3 and the Internet provider (ISP). Is mainly composed of a VPN device 7 connected to the Internet network 5 and monitoring computers 6 and 6 connected to the VPN device 7 via a hub 8 via a LAN. The device 2, the ADSL modem 3, the VPN device 7, and the monitoring computer 6 form monitoring image collecting means, and Output means at the viewing computer 6 is formed, the first communication means by said image transmitting device 2 and the ADSL modem 3, the ADSL modem 3 and VPN
The device 7 forms the second communication means.

Further, in this embodiment, a VPN connection to be described later is formed between the image transmission device 2 installed in each of the stores a to c and the VPN device 7 installed in the head office. This image transmission device 2
And the VPN device 7 form a global IP route establishing means.

The ADSL modems 3 of the stores a to c are connected to the Internet network 5 by the ADSL constant connection service to which a dynamic global IP is given by the Internet provider (ISP), and the ADSL installed at the head office side. The modem 3 uses the ADSL constant connection service to which the fixed global IP which is not changed by the Internet provider (ISP) is given, and the Internet 5
It is connected to the.

First, the image transmission device 2 used in this embodiment.
2 has a configuration as shown in FIG. 2, and is stored in a flash memory 23, which will be described later, in a data bus 20 for transmitting and receiving data at a relatively high speed inside the image transmission device 2. An image compression process, a transmission process of the compressed image, a conversion process between a global IP address and a local IP address given to an IP packet to be transmitted and received, and an IP to be transmitted based on various module programs A central processing unit (CPU) 21 that performs packet encryption processing, received IP packet decryption processing, authentication processing at the time of establishing a VPN connection, control processing based on control information of the received camera, etc.,
The work memory of the CPU 21, the RAM 22 used for temporarily storing the captured monitoring image, the A
The communication unit 24 that performs bidirectional data communication with the DSL modem 3 according to a predetermined communication protocol, IEEE802.3 / 10baseT, and the monitoring camera 1 that is an image capturing unit can be connected up to four. An image capturing unit 27 which is an image input unit for digitizing a surveillance image signal output from each connected surveillance camera and capturing it as surveillance image data, and transmitting and receiving control data and the like to and from each surveillance camera 1. A serial input / output unit 25, a sound input / output unit 26 for inputting / outputting sound, and a digital input / output unit 28 to which various sensors such as a smoke sensor and an infrared sensor, and a lock switch and an operation switch are connected. , The CP
An image transmission program having various processing module programs executed by U21, and the ADSL modem 3 at the head office
A setting file in which setting data such as fixed IP address and encryption key data given to the server and a local IP address corresponding to the global IP address are registered and used for the IP address conversion process. And a flash memory 23, which is a non-volatile memory for storing, are connected to each other, and as shown in FIG. 3, each processing section is formed by various module programs stored in the flash memory 23. There is.

As these processing units, the captured image temporarily stored in the RAM 22 is a known image compression method J.
An image compression processing section 30 as an image compression means for compressing in the PEG system is formed by the image compression processing module program stored in the flash memory 23.

An image transmission processing section 31 for outputting the compressed image compressed by the image compression processing section 30 to a local IP device 32 which is a local IP packet transmitting / receiving means virtually formed by a virtual local IP device module program. Are formed by the image transmission processing module program.

The image transmission processing section 31 is connected to each monitor by using a Web browser as a decompressing means capable of decompressing the JPEG data compressed from the monitoring computers 6 and 6 installed in the head office. The CGI program of the HTTP server operating on the image transmission device 2 is activated so that the image of the camera 1 can be viewed. When activated, the image transmission processing unit 31 sends the camera number, the image size, and the image quality included in the control data output from the monitoring computers 6 and 6 to the image capturing unit 27 as CGI parameters. Output as a capture request. After this request is output, a predetermined address area of the RAM 22, which is an image storage unit, is searched, and the image of the requested camera number, size, and image quality is fetched and output to the local IP device 32.

Also, an authentication processing module 33 is formed by an authentication processing module program as an authentication means for executing the authentication processing at the time of establishing a VPN connection, which will be described later.

The IEEE 8 in the communication unit 24
A global IP device composed of a communication device for controlling communication of 02.3 / 10 baseT and the local IP
An IP address conversion processing unit 34 that performs conversion processing from the global IP to the local IP or from the local IP to the global IP is formed by the IP address conversion processing module program with the device 32, and the IP address conversion processing unit 34 and Local I
An encryption processing unit 3 as an encryption unit that encrypts an IP packet to be transmitted with the P device 32 based on the encryption key data registered in advance in the setting file.
5 and a decryption processing unit 36 as decryption means for decrypting the received IP packet based on the encryption key data, and these processing units are provided with an encryption processing module program and a decryption processing module. It is formed by a program.

Further, based on the control data contained in these decrypted received IP packets, operation control of each connected surveillance camera, signal output from the digital input / output unit 28, selection of a surveillance image to be transmitted, etc. A control processing unit 37 for performing the above is formed by a control processing module program.

Each of these processing units is formed by the central processing unit (CPU) 21 executing each module program of the image transmission program, and each processing unit receives image data transmitted or received. The control data and the like are transmitted as shown in FIG.

The image capturing section 27 used in this embodiment is
Is designed to digitize an image signal (analog signal) from the surveillance camera 1 designated from the connected surveillance cameras 1, and the process of capturing these images is requested by the image transmission unit. Is started by. For example, the image transmission processing unit issues to the image capturing unit 27 a request such as “capture the image of the No. 1 surveillance camera 1 with a size of 320 × 240 with high image quality”.

Further, the RAM 22 as the image storage section
Holds the image digitized by the image capturing unit 27 temporarily, and compresses it by the image compression processing unit 30 (J
It is also used as a work memory for PEG).
The compressed monitoring image data is the camera number,
It is stored with the image size, compression rate, and capture time.

On the other hand, the configuration of the VPN device 7 installed on the head office side in this embodiment is as shown in FIG.
The basic configuration is similar to that of the image transmission device 2, and a data bus 70 for transmitting / receiving data at a relatively high speed inside the VPN device 7 has a storage device 75 described later. Based on various module programs in the global IP route establishment program stored in the hard disk (HDD), which is the conversion process between the global IP address and the local IP address given to the IP packet to be transmitted and received, and the transmission. IP packet encryption processing and received IP packet decryption processing,
A central processing unit (CPU) 71 that performs authentication processing when establishing a VPN connection, and the like, and the CPU 71.
Work memory, communication unit A73 and communication unit B described later
RAM 72 for temporarily accumulating data transmitted and received at 74, and IEEE802.80 which is a predetermined communication protocol with the ADSL modem 3.
IEEE80, which is a predetermined communication protocol between the monitoring units 6 and 6 via the communication unit A73 that performs bidirectional data communication at 3 / 10baseT and the hub 8.
An image transmission device database (DB) shown in FIG. 6 together with a communication unit B74 that performs bidirectional data communication at 2.3 / 10baseT and a global IP route establishment program in which various processing contents performed by the CPU 71 are described. Is connected to the storage device 75 that stores the.

In the image transmission device database (DB) used in this embodiment, as shown in FIG.
Associated with the transmission device ID, which is an identification code uniquely given to each image transmission device 2 installed in the
The more dynamically assigned global IP address is updated and registered, and the local IP of the image transmission device 2 is also updated.
An address, a pseudo local IP address virtually assigned to the surveillance camera connected to the image transmission device 2, and a password for collating with the password transmitted from each image transmission device 2 in the authentication processing, The encryption key data used for encryption and decryption of encrypted data transmitted / received to / from each image transmission device 2 are registered.

Further, FIG. 5 shows respective processing units formed by various module programs stored in the storage device 75, and the processing units formed by these VPN devices 7 are the above-mentioned images. As with the transmission device 2, V
The authentication processing module 76 as an authentication means for performing the authentication processing at the time of establishing the PN connection is an authentication processing module program, and the IE in the communication module A73.
Between a global IP device composed of a communication device for controlling communication of IEEE802.3 / 10baseT and a local IP device which is a local IP packet transmitting / receiving means composed of a communication device for controlling communication of IEEE802.3 / 10baseT in the communication section B74. In the above, an IP address conversion processing unit 79 that performs conversion processing from the global IP to the local IP or from the local IP to the global IP is formed by the IP address conversion processing module program, and the IP address conversion processing unit 79 and the local IP device are An encryption processing unit 77 that encrypts an IP packet to be transmitted based on the encryption key data registered in advance in the image transmission device database (DB) of the storage device 75. When , The decoding unit 78 for decoding based received IP packet to the encryption key data
Are formed by the encryption processing module program and the decryption processing module program, and each processing unit other than the image compression processing unit 30 of the image, the image transmission processing unit 31, and the control processing unit 37 in the image transmission apparatus 2 It is provided so that the VPN device 7 and the image transmission device 2 can establish a VPN connection, which is a virtual private communication path by a global IP address, via the ADSL modem 3.

Control data transmitted from the monitoring computers 6 and 6 and input from the communication unit B74, which is a local IP device, is encrypted by the encryption processing unit 77 on the virtual private communication path by the VPN connection. Then, the encrypted monitoring image data transmitted from the image transmission device 2 on the virtual private communication path is transmitted to the image transmission device 2 and the encrypted monitoring image data is transmitted on the virtual private communication path. After being decrypted by the encryption processing unit 78, it is transmitted to each of the monitoring computers 6 and 6 through the communication unit B74 which is the local IP device.

As a method of forming a virtual private communication path on the Internet network 5, a known VPN (Virtual Private Network) shown in FIG. 7 is used in this embodiment. Referring to FIG. 7, the VPN method of the present embodiment will be described by taking the case where the image transmission device 2 of each store a to c transmits monitoring image data to the head office as an example. The local IP device inside the image transmission device 2 will be described. 32 local IP address (A), global IP device 24 global IP address (B), fixed global IP address fixedly assigned to the ADSL modem 3 to which the VPN device 7 is connected (c), Assuming that the local IP address assigned to the monitoring computer 6 is (D), first, the image transmission processing unit 31 sets the local IP address of the monitoring computer 6 as the destination of the image data (packet) (D). And the local IP address of the local IP device 32 inside the image transmission apparatus 2 as the local IP address of the transmission source. The P address (A) (provided that when a plurality of cameras are connected imparts pseudo-granted local IP address to the camera) to impart to output to a local IP device 32.

The IP packets to which these local IP addresses (D) and (A) are added are mainly encrypted by the encryption processing unit 35 based on the encryption key. On the other hand, in the IP address conversion processing unit 34, the fixed global IP address (C) is given as the destination IP address, and the dynamic global IP address (B) is given as the source IP address. Sent to.

The transmitted global IP packet is
After the fixed global IP address (C) and the dynamic global IP address (B) are removed by the VPN device 7, the decryption processing unit 78 decrypts the local IP address (D) and (A). I was given
The P packet is restored and output to the communication unit B74, which is the local IP device, and transmitted to the monitoring computer 6.

The flow of establishing a VPN connection between the image transmission device 2 and the VPN device 7 will be described below with reference to FIG. 9. First, when the image transmission device 2 is activated, the ADSL modem 3 is activated. To obtain a global IP address dynamically assigned by the Internet provider (ISP).

Next, the fixed global IP address of the VPN device 7 registered in the setting file of the flash memory 23 is read out, and the IP address of the VPN device 7 is read.
A VPN session start request including the acquired global IP address assigned to itself and the transmission device ID which is its own identification code is transmitted to the address to notify the global IP address.

The VPN device 7, which has received the request for starting the VPN session, transmits the transmission device I included in the transmission data.
D is extracted to specify the image transmission device 2 as the transmission source, and the global IP address of the transmission source added to the transmission data (IP packet) is newly assigned to the specified image transmission device 2. The IP address is updated and registered in the transmission device DB of the storage device 75, and the authentication processing unit 76 is activated to wait for the password.

Further, the image transmission apparatus 2 transmits the VPN session start request, and then, the authentication processing unit 33.
To read the password registered in the setting file and send the password to the VPN device 7.

Upon receipt of the password, the authentication processing unit 76 of the VPN device 7 recognizes the transmitted password and the password registered in the transmission device DB in association with the transmitted transmission device ID. The verification is performed, and if the verifications do not match, the connection is rejected. If the verifications match, an acceptance notification is returned, and the process proceeds to the VPN connection establishment process described below.

When the collation with the password matches, the VPN device 7 creates a new local IP device as a tunnel device, and gives a predetermined local IP address determined in advance by a setting file to the created tunnel device. To allocate. The IP packet transmitted to the tunnel device (local IP address) on the VPN device 7 is once received by the global IP route establishing program on the VPN device 7, and is encrypted by the encryption processing unit 77 here. Then, in the IP address conversion processing unit 79, a VPN header composed of a global IP address of a destination and a source corresponding to the local IP address is added and transmitted to the Internet network 5 via the ADSL modem 3 and ISP. It

Further, the image transmission apparatus 2 which has received the acceptance notification from the VPN apparatus 7 by collating with the password.
Also, the process shifts to the same VPN connection establishment process as the VPN device 7, a new local IP device is created as a tunnel device, and a predetermined local IP address determined in advance by a setting file is given to the created tunnel device. To allocate. The IP packet transmitted to the tunnel device (local IP address) on the VPN device 7 is once received by the image transmission program on the image transmission device 2, and the encryption processing unit 3 is operated.
After being encrypted at 5, the IP address conversion processing unit 3
4. A VPN composed of a destination and a global IP address of a source corresponding to the local IP address
A header is added to the ADSL modem 3 and ISP
Is transmitted to the Internet network 5 via. This VPN
The IP packet to which the header is added is received by the global IP route establishing program on the VPN device 7, the VPN header is removed as described above, and the tunnel on the VPN device 7 is assigned a composited local IP address. Output to the device. The output local IP packet is transferred to each of the monitoring computers 6 and 6 connected to the VPN device 7 via the hub 8, and the monitoring image data included in the IP packet is a browser which is an image display program. Received by the program.

The transmission / reception processing of the image transmission apparatus 2 at the stage when these VPN connections are established will be described with reference to FIG. First, regarding the transmission process, FIG.
First, it is detected whether there is a local IP packet to be transmitted, and when the local IP packet to be transmitted is detected by the detection, the encryption code registered in advance in the setting file is detected. After performing the encryption process using the encryption key in the encryption processing unit 35, based on the registration contents of the IP address table in which the local IP address and the global IP address are registered in association with each other,
The fixed global IP address of the VPN device 7, which is the global IP address corresponding to the local IP address given to the local IP packet to be transmitted, is specified, and the fixed global IP address and the global IP address of the self are specified. By adding the VPN header to the encrypted IP packet and transmitting the encrypted IP packet, the encrypted local IP packet is received by the VPN device 7 through the Internet network 5, and the encrypted local IP packet is transmitted. Is restored and transmitted to the LAN at the head office.

The local IP packet containing the control data transmitted from the monitoring computers 6 and 6 is:
The global I of the image transmission device 2 encrypted in the VPN device 7 and installed in the corresponding store
A VPN header including the P address is added and transmitted to the Internet network 5. The transmitted IP packet is
If the communication unit 24, which is a global IP device of the image transmission apparatus 2, receives and the reception is detected,
First, the VPN header of the received IP packet is removed, and it is confirmed whether the source global IP address is the fixed global IP address of the VPN device 7 registered in advance.

The IP packet from which the VPN header has been removed is decrypted by the decryption processing unit 36 using the encryption key registered in the setting file, and then the control processing unit through the local IP device 32. The control data output at 37 is transmitted, and control based on the control instruction input at the monitoring computers 6 and 6 is performed.

In this embodiment, the image transmission apparatus 2 carries out the connection monitoring process shown in FIG. 10 in order to hold the VPN connection when there is no IP packet to be transmitted and received. Explaining the connection monitoring process, a survival confirmation packet is transmitted to the VPN device 7 at every monitoring time set in a definition file in advance, and the survival confirmation packet is accepted from the VPN device 7 within a designated time. When the notification is not returned, the VPN transmission establishment process is performed again by performing the VPN connection establishment process again.
The VPN connection with is maintained.

As described above, according to this embodiment, even in the constant connection environment in which the dynamically changing global IP address is given as described above, the monitoring image of each store is displayed at the head office by using the constant connection. You will be able to build a monitoring system that can be monitored at.

Although the present invention has been described above with reference to the drawings, the present invention is not limited to these embodiments, and any modification or addition within the scope of the present invention is included in the present invention. Needless to say.

For example, in the above-mentioned embodiment, the description has been given by taking the ADSL constant connection as an example, but the present invention is not limited to this, and the present invention is also applicable to a constant connection such as CA-TV or a constant connection by radio. Needless to say, is applicable.

Further, in the above-mentioned embodiment, the example in which the head office and the store are connected has been described, but the present invention is not limited to this, and for example, a monitoring computer for monitoring and the V
A PN device is installed in, for example, the president's home, and normally the monitoring computer obtains the monitoring image of each store via the VPN device 7 at the head office. It is also possible to obtain the global IP address dynamically assigned to the image transmission device 2 of each store from 7 and to directly access the image transmission device 2 of each store from the home to obtain the monitoring image.

[0048]

According to the present invention, the following effects can be obtained. (A) According to the invention described in claim 1, even if the global IP address on the Internet network assigned to the first communication means provided on the image pickup means side is dynamically changed, the change is also made. The new global IP address is notified to the global IP address fixedly assigned in advance to the second communication means on the output means side, so that the second communication means performs the first communication. It becomes possible to access the means and obtain the surveillance image photographed by the image pickup means, and thus it is possible to use the high-speed constant connection environment in which the global IP address is dynamically assigned.

(B) According to the second aspect of the invention, the local area networks (LANs) formed ahead of the respective communication means are pseudo-connected to each other through the Internet network, When a plurality of image pickup means are connected to the first communication means via a LAN,
When a plurality of output means are connected to the second communication means by LAN corresponding to the communication means, it is not necessary to install a plurality of communication means, and the system can be constructed at low cost.

(C) According to the third aspect of the invention, it is possible to prevent the surveillance image from being stolen due to unauthorized access.

(D) According to the invention described in claim 4, even if a transmission packet transmitted on the Internet is illegally exploited, the contents of the transmission packet can be prevented from being stolen.

(E) According to the invention described in claim 5, not only can the transmission time of the monitoring image be shortened, but also the communication load in the transmission of the monitoring image can be reduced.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a specific area monitoring system according to an embodiment of the present invention.

FIG. 2 is an image transmission device 2 used in an embodiment of the present invention.
3 is a block diagram showing the configuration of FIG.

FIG. 3 is an image transmission device 2 used in the embodiment of the present invention.
It is explanatory drawing which shows the flow of the data in each processing part inside.

FIG. 4 is a diagram showing a configuration of a VPN device used in an embodiment of the present invention.

FIG. 5 is an explanatory diagram showing a data flow in each processing unit in the VPN device used in the embodiment of the present invention.

FIG. 6 is a diagram showing the contents of an image transmission device DB registered in the VPN device used in the embodiment of the present invention.

FIG. 7 is a diagram showing an IP packet transmission state in the monitoring system according to the embodiment of the present invention.

FIG. 8 is a diagram showing processing contents of transmission / reception processing in the image transmission apparatus used in the embodiment of the present invention.

FIG. 9 is a diagram showing data exchange between an image transmission device used in an embodiment of the present invention and a VPN server which is a collection unit.

FIG. 10 is a flowchart showing the contents of VPN connection monitoring processing in the image transmission apparatus used in the embodiment of the present invention.

[Explanation of symbols]

1 surveillance camera 2 Image transmission device 3 ADSL modem 5 Internet network 6 monitoring computer 7 VPN device 8 hubs 20 data buses 21 Central Processing Unit (CPU) 22 RAM 23 Flash memory 24 Communication Department 25 Serial input / output section 26 sound input / output section 27 Image capture unit 28 Digital input / output section 30 Image compression processing unit 31 Image transmission processing unit 32 Local IP device 33 Authentication processing unit 34 Address conversion processing unit 35 Encryption processing unit 36 Decoding processing unit 37 Control processing unit 70 data bus 71 Central processing unit (CPU) 72 RAM 73 Communication unit A 74 Communication unit B 75 storage 76 Authentication processing unit 77 Encryption processing unit 78 Decoding processing unit 79 Address conversion processing unit

Claims (5)

[Claims] 1. An image pickup means for photographing a specific area,
A collecting unit that collects the monitoring image captured by the image capturing unit through the Internet network, which is an open computer network, and an output unit that outputs the collected monitoring image, and specify the image captured by the image capturing unit. A monitoring system of a specific area capable of monitoring an area by the output means, wherein the collecting means includes a first communication means provided on the imaging means side and an output means side across the Internet network. And a second communication means provided, wherein the first communication means is assigned to the first communication means in advance with respect to a unique global IP address on the Internet network assigned to the second communication means in advance. The global IP address dynamically assigned to itself along with the assigned identification information is notified each time it is changed. The communication means renews and registers the global IP address registered in association with the first communication means specified by the identification information with the notified new global IP address. Monitoring system. 2. The first communication means and the second communication means are the unique global IP address on the Internet network previously assigned to the second communication means and the notified first communication registered. A global IP path establishing means for establishing a communication path with a dynamic global IP address on the internet network assigned to the means, and a global IP communication path on the internet network established by the global IP path establishing means And a local IP packet transmitting / receiving unit for transmitting / receiving an IP packet to which a local IP address is assigned.
Specific area monitoring system described in. 3. The specific area monitoring system according to claim 1, wherein the first communication means and the second communication means include an authentication means for authenticating each other's communication means. 4. An encryption unit for encrypting a transmission packet to which each IP address is added, and a decryption unit for decrypting the transmission packet encrypted by the encryption unit. The monitoring system for a specific area according to any one of 3 above. 5. An image compression unit for compressing a monitoring image captured by the image capturing unit is provided, the compressed monitoring image is collected by the collecting unit, and the output unit decompresses the compressed monitoring image. Defrosting means for
4. The specific area monitoring system according to any one of 4 above.