KR102083870B1 - contact imprint management system for video surveillance by use of blockchain and biometric authentication - Google Patents

Abstract

The present invention generally relates to a technology capable of increasing security reliability for a CCTV video surveillance system. In particularly, the present invention relates to a video surveillance contact imprint management technology to make it impossible to control a CCTV video itself or CCTV video management information without permission as a video surveillance information chain is formed in response to a life cycle movement path of a CCTV video in a CCTV video surveillance system, and each participating device generates device log data and operation technology data related to itself and distributes and shares the data through the blockchain. According to the present invention, it is possible to prevent unauthorized manipulation or leakage of creation conditions of a CCTV video, the CCTV video itself, storage management status of the CCTV video, and management information of the CCTV video and to track the cause in case of an accident, thereby increasing the reliability of the CCTV video surveillance system. In addition, according to the present invention, by distributing biometric authentication information through the blockchain, it is possible to autonomously perform FIDO2 interoperable transaction authentication on a device belonging to the video surveillance information chain.

Description

{Contact imprint management system for video surveillance by use of blockchain and biometric authentication}

The present invention generally relates to a technique for increasing security reliability for CCTV video control systems.

In particular, the present invention constitutes a video control information chain corresponding to the life cycle movement path of CCTV video in a CCTV video control system, and the devices participating therein, in particular, a CCTV camera, an NVR device, a control terminal, and a device log related to each The present invention relates to a video control contact trace management technology that prevents unauthorized manipulation of CCTV video itself or CCTV video management information by generating and sharing data and operation technology data through a blockchain.

Recently, it is common to establish a CCTV video control system to prevent crime and secure post evidence. With multiple CCTV cameras installed by region, images generated by these CCTV cameras are displayed on a monitor and stored in a storage device for emergency. When a control agent finds a scene where a crime or accident occurs, it immediately responds appropriately and secures after-mortem evidence by searching and searching large-scale CCTV images stored in storage.

Accumulated large-scale CCTV images are acquired through CCTV video control system, which requires high reliability because it can be used as post evidence in case of crime or accident as well as real-time control. However, in order to increase the control efficiency, various equipment constituting the video control system, for example, CCTV cameras, VMS servers, storage servers, display control terminals, etc. are connected to the Internet. As a side effect, an internal security threat occurred. In other words, even if not physically invaded through the network or spyware infiltrate to access CCTV video or manipulate CCTV video records, internal staff access the equipment to illegally manipulate CCTV video or unauthorized outside Transmission has become technically possible.

Accordingly, in the past, firewalls and vaccine programs have been installed in video surveillance equipment to protect against security threats through the network, and security IDs through human ID are required by requiring login using ID / password combination or biometric authentication. However, this type of control technique is incapacitated with little effort and does not help much, and thus cannot be considered to be completely coping with hacking.

Accordingly, there has been a demand for a technology capable of improving the security of the CCTV video control system itself and the reliability of the CCTV video obtained through the same and various data related thereto. In this case, it is important to defend against security attacks on the video surveillance system, but even if the security attack succeeds, it is also important to be able to reliably detect it and track its connection path.

In addition, with the recent attempt to connect and utilize biometric authentication, including FIDO2, to device authentication, beyond the device access control technology, the scope of use of biometric technology adopted in the past to enhance security in CCTV security control systems It is preferable to extend the biometric authentication result data in transaction authentication in various applications related to the video control system.

An object of the present invention is to provide a technology that can generally increase the security reliability for CCTV video control system.

Particularly, an object of the present invention is to construct a video control information chain corresponding to the life cycle movement path of CCTV video in a CCTV video control system, and the devices participating therein, in particular, a CCTV camera, an NVR device, and a control terminal are associated with each other. By creating and sharing device log data and operation technology data through the blockchain, it provides video control contact trace management technology that prevents unauthorized manipulation of CCTV video itself or CCTV video management information.

In order to achieve the above object, the present invention discloses a system for recording and managing contact traces using biometric authentication and blockchain for the life cycle movement path of CCTV images in a CCTV image control system.

The video control contact trace management system using biometric authentication and blockchain according to the present invention is installed in a plurality of CCTV cameras 101 and includes at least one of device setting change, firmware change, and camera PTZ control for the corresponding CCTV camera. In case of detecting the control node control event, the first block data is generated by including an accessor IP address, a log time, a control operation time, a receiver IP address, and an operation descriptor for the first control node control event. An image capturing processing module 100 which performs blockchain update according to a preset schedule and inputs first block data to the image control distributed ledger 600; A second device installed in at least one network storage device 201 that controls access by biometric authentication and which is one or more of device setting change, firmware change, storage period change, deletion of stored image, and external transmission of stored image for the network storage device; In case of detecting the control node control event, the second block data is generated including the accessor IP address, log time, biometric identification information, control operation time, receiver IP address, and operation description data for the second control node control event. An image storage processing module 200 for inputting second block data to the video control distributed ledger 600 by performing a blockchain update according to a preset schedule; The visitor IP address and the log time, which are installed in the plurality of display control terminals 301 and detect a third control node control event which is one or more of device setting change, control image deletion, and external transmission of the control image for the corresponding display control terminal. And generating third block data including control operation time, receiver IP address, and operation description data for the third control node control event, and performing blockchain update according to a preset schedule to distribute the third block data to video control. Image control processing module 300 to be put into the ledger 600; It is installed in the video control management computer 401 which maintains the CCTV video control system, and has the configuration data for the video control information chain of the CCTV video control system, and performs the block chain update according to a preset schedule for video control. Sharing the distributed ledger 600, analyzing the distributed video ledger 600 and comparing the configuration data with the configuration data, extracting the inconsistent control information, and accessor IP address corresponding to the inconsistent control information from the distributed video ledger 600, A contact trace tracking module 400 for extracting and providing log time, biometric identification information, control operation time, recipient IP address, and operation description data; It is installed in the control link client 501 operating in conjunction with the biometric authentication result of the CCTV video control system, and performs a blockchain update according to a preset schedule to share the video control distributed ledger 600, and the video control distributed ledger 600 Extract one or more biometric identification information, and perform biometrics based transaction authentication by comparing the biometric information with the biometric identification information when biometric information of the current user is provided from the biometric unit of the control link client. Biometric authentication extension module 500; is configured to include.

At this time, the image capture processing module 100, the camera interlocking unit 110 to interlock with the installed CCTV camera 101; A camera event detection unit 120 for detecting a first control node control event of at least one of device setting change, firmware change, and camera PTZ control for the corresponding CCTV camera; A camera log collection unit 130 receiving first device log data including at least one of a visitor IP address, a log time, a control operation time, and a receiver IP address associated with the first control node control event from the CCTV camera 101; A camera operation collection unit 140 receiving data of the first control node control event from the CCTV camera 101 and generating first operation description data according to a preset format therefrom; A camera block data generator 150 for generating first block data including first device log data and first operation description data; And a camera blockchain processing unit 160 for inputting the first block data to the video control distributed ledger 600 through the blockchain update.

In addition, the image storage processing module 200, the storage interlocking unit 210 to interlock with the installed biometric network storage device 201; A storage event detection unit 120 for detecting a second control node control event of at least one of device setting change, firmware change, storage period change, storage image deletion, and storage image external transmission for the corresponding network storage device; A storage log provided with the second device log data including at least one of an accessor IP address, a log time, biometric identification information, a control operation time, and a receiver IP address associated with a second control node control event from the network storage device 201. Collecting unit 130; A storage operation collector 140 which receives data of a second control node control event and generates second operation description data according to a preset format therefrom; A storage block data generation unit 150 for generating second block data including second device log data and second operation description data; And a storage blockchain processing unit 160 for injecting the second block data into the video control distributed ledger 600 through the blockchain update.

In addition, the video control processing module 300, the control terminal interlocking unit 310 to interlock with the installed display control terminal 301; A control terminal event detection unit 320 for detecting a third control node control event of at least one of a device setting change, a control image deletion, and a control image external transmission for the corresponding display control terminal; The control terminal log collection unit 330 receiving the third device log data including at least one of an accessor IP address, a log time, a control operation time, and a receiver IP address associated with the third control node control event from the display control terminal 301. ); A control terminal operation collector 340 which receives data of a third control node control event and generates third operation description data according to a preset format therefrom; A control terminal block data generation unit 350 for generating third block data including third device log data and third operation description data; And a control terminal blockchain processing unit 360 for inputting third block data to the video control distributed ledger 600 through a blockchain update.

In addition, the contact trace tracking module 400, the control management interlocking unit 410 in conjunction with the installed video control management computer 401; A system configuration storage unit 420 for storing configuration data for a video control information chain of a CCTV video control system; A control management blockchain processing unit 430 sharing the video control distributed ledger 600 through a blockchain update; A system security risk identification unit 440 for extracting inconsistency control information by analyzing the video control distributed ledger 600 and contrasting with the configuration data; Inconsistent control details including one or more of accessor IP address, log time, biometric identification information, control operation time, receiver IP address, and operation description data corresponding to the inconsistent control information by analyzing the data of the distributed video ledger 600 Security risk information tracking unit 450 for extracting data; And a security risk warning display unit 460 for outputting the mismatch control history data to the image control management computer 401.

In addition, the biometric authentication extension module 500 includes an authentication extension interworking unit 510 interworking with the installed control link client 501; An authentication extension blockchain unit 520 sharing the video control distributed ledger 600 through a blockchain update; An authentication extension information collecting unit 530 which analyzes data of the video control distributed ledger 600 and extracts one or more biometric identification information generated as a result of biometric authentication made in the CCTV video control system; A biometric information acquisition unit 540 that receives biometric information about a current user from a biometric unit of the control link client 501; An application linking unit 550 interworking with an application application operating in the control link client 501; By expanding biometric information with biometric identification information, it performs biometric authentication for the current user and passes the biometric result to the application so that user authentication can be performed to achieve biometric-based transaction authentication. 560); may be configured to include.

According to the present invention, it is possible to prevent unauthorized manipulation or leakage of CCTV image generation conditions, CCTV image itself, CCTV image storage management status, CCTV image management information in CCTV video control system, and to track the cause in case of an accident. There is an advantage that can increase the reliability of CCTV video control system.

In addition, according to the present invention, by distributing biometric authentication information through a blockchain, a device belonging to a video control information chain may autonomously perform FIDO2 interoperable transaction authentication.

1 is a diagram conceptually showing a video control information chain in the present invention.
2 is a view conceptually showing the overall configuration of an image control contact trace management system according to the present invention;
3 is a view showing an example of a control node control event and block data for the video control information chain in the present invention.
Figure 4 is a block diagram showing the functional configuration of the image processing module to work with the CCTV camera in the present invention.
5 is a block diagram showing a functional configuration of an image storage processing module interoperating with a storage device in the present invention.
6 is a block diagram showing a functional configuration of an image control processing module interworking with a display control terminal in the present invention.
7 is a block diagram showing a functional configuration of a contact trace tracking module interworking with an image control management computer in the present invention.
FIG. 8 is a block diagram showing a functional configuration of a biometric authentication module interworking with a client terminal of a user in the present invention. FIG.

Hereinafter, with reference to the drawings will be described in detail the present invention.

1 is a diagram conceptually showing a video control information chain of a CCTV video control system in the present invention.

In the CCTV video control system, CCTV video experiences a series of life cycles, and at each stage of the life cycle, the devices that handle CCTV video are referred to as video control information chains.

The CCTV image is generated by the CCTV camera 101 and moved to the VMS server 302 along a network (for example, the Internet, a dedicated network) so that the control agent performs video control through the display control terminal 301. In this case, for smart video control, the VMS server 302 performs image analysis on the CCTV image, and adds various metadata to the CCTV image according to the result. The VMS server 302 transmits the CCTV image to the NVR device 201 and stores the CCTV image for a predetermined period (for example, five years). In this case, the original image file may be stored as it is, or may be stored in the form of a low capacity file into which metadata is inserted.

When an event that may be related to the result affecting the CCTV image itself or the result affecting the CCTV image management is detected within the video control information chain, the device that generated the event records the relevant information and records the block chain. Manage through. In the present specification, such an event is sometimes referred to as a 'control node control event'. When a control node control event is detected, the device log data is managed in relation to the corresponding event and the content of the corresponding event is managed. The description of the content of the corresponding event according to a predetermined format is referred to herein as an operation descriptor.

In this specification, as an example of a control node control event, firmware change for various devices, camera PTZ control, CCTV image storage period setting change, CCTV image deletion or leakage, device failure occurrence, and the like are presented. These events are actions that can change the CCTV image itself, reduce security, or adversely affect CCTV image management. In the present invention, when such an event occurs in the video surveillance information chain, the device log data and operation description data are recorded and managed by the device where the event occurs. If the event was merely a routine, the record would not be utilized, and if something bad attempt had been made, it would be detected by the record.

2 is a view conceptually showing the overall configuration of an image control contact trace management system according to the present invention.

The image control contact trace management system according to the present invention is a system for recording and managing contact traces for a movement path of a CCTV image using a biometric authentication and a blockchain in a CCTV image control system. Devices that handle CCTV images along the life cycle are called video control information chains, including CCTV cameras 101 that generate CCTV images, NVRs 201 that store CCTV images, and display control terminals 301 that query CCTV images. This video control information chain is constructed. In the present invention, the devices participating in the video control information chain become nodes of the blockchain to jointly manage recording of device log data and operation description data.

3 is a diagram illustrating an example of a control node control event and block data for the CCTV camera 101, the storage device 201, and the display control terminal 301 constituting the video control information chain in the present invention.

First, a control node control event means an event that may be related to a result affecting the CCTV image itself or a result affecting the CCTV image management. For example, changing device settings or firmware is an important event because it can fundamentally change how the device operates. Controlling the PTZ (Pan-Tilt-Zoom) of the camera is to artificially change the shooting target of CCTV images, so it is necessary to record the fact. The storage device 201 (for example, the NVR device) changes the storage period for the CCTV image or deletes the stored image altogether, and the event that the control agent deletes the control image in the display control terminal 301 is also recorded and managed. It is worth it. Finally, it is also important that the storage device 201 transmits a specific stored image to the outside (including copying) or transmits the image currently viewed by the display control terminal 301 to the outside.

When the control node control event as described above is identified, the device generates device log data and operation description data to construct block data and distributes it through the blockchain. Device log data includes peer IP address, login time, login time, login period, control and operation time period, destination IP address, biometric authentication Among the biometric authentication identifiers (for example, fingerprint identification IDs), each piece of information corresponds to itself. The operation description data describes the contents of the corresponding event according to a preset format (for example, XML script), and may include, for example, a description of the firmware change history.

Each device of the video control information chain becomes a node of a block chain and packages device log data and operation description data into block data in response to a control node control event that has occurred in the block chain. In this way, if an event occurs on any one device in the video control information chain, the information is distributed to all devices after a short time, and thus it is impossible to manipulate CCTV video itself or CCTV video management information without anyone knowing. . By periodically checking the data (distributed ledger) stored in the blockchain, it is possible to prevent unauthorized operation of CCTV images.

A block chain generally has a concept of a public digital transaction book in which transaction information generated on a network is replicated and distributed by the number of nodes shared among network participants. Blockchain technology is being actively applied centering on cryptocurrency. In the present invention, blockchain technology is used to distribute and manage device log data and operation technology data generated in the video control information chain. The devices participating in the chain participate in the digital ledger management of the blockchain as a kind of peer.

The distributed video ledger 600 is composed of a plurality of transaction data, each of which is connected like a block, and one block is connected to the blockchain in a corresponding blockchain update period (eg, 1 hour). That is, the devices of the video control information chain correspond to the newly recorded device log data and operation description data corresponding to the control node control event. Due to the nature of the blockchain, which is based on a distributed network, the data once written in the video control distributed ledger 600 is virtually impossible to be tampered with.

Referring to Figure 2, installed in the device participating in the video control information chain of the CCTV video image processing module 100, the image storage processing module 200, each of the components performing the function related to the present invention, It is called an image control processing module 300. These components together with the contact trace tracking module 400 installed in the video control management computer 401 and the biometric authentication extension module 500 installed in the control link client 501 constitute a video control contact trace management system according to the present invention. do. In this case, the image control processing module 300 and the contact trace tracking module 400 may be implemented in the same apparatus or in separate apparatuses according to embodiments.

First, the image capturing processing module 100 is a software function module installed in the plurality of CCTV cameras 101. When the image capturing processing module 100 monitors the CCTV camera 101 on which it is installed and detects a first control node control event which is one or more of device setting change, firmware change, and camera PTZ control, the device log data (accessor) IP address, log time, control operation time, receiver IP address) and operation description data for the first control node control event. Then, the first block data is generated including the collected device log data and the operation description data, and the blockchain update is performed according to a preset schedule, and the first block data is input to the distributed video ledger 600. .

The image storage processing module 200 is a software function module installed in the network storage device 201 (eg, an NVR device). In the present invention, since the network storage device 201 controls access by biometric authentication, the image storage processing module 200 also collects biometric authentication-related information and reflects it on the blockchain. The image storage processing module 200 monitors the network storage device 201 in which the image storage processing module 200 is installed, and detects a second control node control event which is one or more of device setting change, firmware change, storage period change, deletion of stored image, and external transmission of stored image. Then, the device log data (accessor IP address, log time, biometric identification information, control operation time, receiver IP address) associated with it and operation description data for the second control node control event are collected. Then, the second block data is generated by including the collected device log data and operation description data, and the blockchain update is performed according to a preset schedule, and the second block data is input to the video control distributed ledger 600. .

The image control processing module 300 is a software function module installed in the display control terminal 301 for monitoring personnel to observe the CCTV image transmitted from the VMS server 302 or the NVR device 201. The video control processing module 300 monitors the display control terminal 301 in which the video control processing module is installed and detects a third control node control event of at least one of device setting change, control video deletion, and external transmission of the control video. Collect data (accessor IP address, log time, control operation time, receiver IP address) and operation description data for the third control node control event. Then, the third block data is generated, including the collected device log data and the operation description data, and the blockchain update is performed according to a preset schedule, and the third block data is input to the distributed video ledger 600. .

The contact trace tracking module 400 is a software function module installed in the video control management computer 401 that maintains the CCTV video control system. The contact trace tracking module 400 affects the CCTV video itself in the video control information chain or the CCTV video management. When there is a possibility of a security attack, the event that may be related to the impacting result is abnormal or unauthorized access, it is detected on the blockchain basis, and the information for tracking the attacker is extracted.

To this end, the contact trace tracking module 400 stores the configuration data for the video control information chain constituting the CCTV video control system in advance, and updates the blockchain according to a preset schedule (for example, once an hour). The video control distributed ledger 600 is shared. Each of them contains information on the normal operation of the CCTV video control system and information on various events occurring in the video information chain.

The contact trace tracking module 400 analyzes the image control distributed ledger 600 and extracts mismatch control information by comparing with the configuration data. In other words, access from an external device not connected to the CCTV video surveillance system, camera PTZ control or firmware change occurs in an unauthorized state, or some of the CCTV images stored in the storage device 201 are deleted or a storage option is deleted. In case of changing or leaking CCTV images to the outside, it is determined to extract mismatch control information. At this time, if the matter is specifically allowed in the environment setting data, it can be determined as normal. Then, the contact trace tracking module 400 extracts the accessor IP address, log time, biometric identification information, control operation time, receiver IP address, and operation description data corresponding to the mismatch control information from the video control distributed ledger 600. In addition, inconsistency control information and related information are packaged and provided to the administrator.

The biometric authentication extension module 500 is a software function module installed in the control link client 501 operating in conjunction with the biometric authentication result of the CCTV video control system. The control link client 501 may be a tablet PC used by internal parties in the CCTV video control system. As biometric authentication result data performed by the network storage device 201 is distributed through the blockchain, biometric information is utilized by itself in an application (eg, CCTV image inquiry, analysis, management application) installed in the control link client 501. It is to perform the transaction authentication based. For example, when a user's finger is placed on the fingerprint sensor of the tablet PC, the application may immediately authenticate and identify the user and configure an operation screen suitable for the user.

To this end, the biometric authentication extension module 500 performs a blockchain update according to a predetermined schedule to share the distributed video ledger 600, at least one biometric made from the video control information chain from the distributed video ledger 600 Extract and organize authentication identification information. In this state, if the biometric information (eg, fingerprint characteristic information) of the user who is currently operating the control link client 501 is provided from a biometric unit of the control link client 501, for example, a fingerprint sensor, In contrast to biometric identification information, biometrics-based transaction authentication can be performed.

The FIDO (Fast IDentity Online) Alliance, a global biometric standards association, is in the process of standardizing biometrics based transaction authentication technology. In the FIDO2 standard, even when biometric information is obtained from a client terminal, the method is transferred to a remote server to perform transaction authentication.

In the present invention, as the biometric identification information is distributed through the blockchain, transaction authentication is possible in the client itself. For example, when developing and installing a smartphone application that interoperates with the blockchain, it is possible to utilize transaction authentication according to FIDO2, and as a result, each node of the video information information chain itself has its own biometric authentication-based FIDO2 without server authentication. Transaction authentication can be implemented to implement a distributed model of FIDO2 transaction authentication.

4 is a block diagram showing a functional configuration of an image capturing processing module 100 interworking with a CCTV camera 101 in the present invention.

In the present invention, the image capturing processing module 100 is installed in a plurality of CCTV cameras 101 which are arranged scattered by region in the CCTV video control system and photograph the surroundings of the camera, and the camera interlocking unit 110 and the camera event detecting unit 120. , A camera log collection unit 130, a camera operation collection unit 140, a camera block data generation unit 150, and a camera block chain processing unit 160.

Hereinafter, each functional component constituting the image capturing processing module 100 will be described in detail.

First, the camera linkage unit 110 obtains information from the camera operation program in conjunction with the CCTV camera 101 is installed.

The camera event detection unit 120 detects a first control node control event such as a device setting change, a firmware change, a camera PTZ control, etc. in the CCTV camera 101 in which the camera linking unit 110 acquires the information. .

When the camera log collecting unit 130 detects the first control node control event by the camera event detecting unit 120, the camera log collecting unit 130 may select the camera log collecting unit 130 from the CCTV camera 101 on which the camera log collecting unit 130 is installed. Obtain first device log data associated with the detected first control node control event, namely, accessor IP address, log time, control operation time, receiver IP address, and the like.

The camera operation collecting unit 140 receives data about the details of the detected first control node control event from the CCTV camera 101 based on the information acquired by the camera interlocking unit 110 and receives a specific format ( Example: Create first operation description data according to an XML script). Parsing the first operation description data identifies the content of the first control node control event.

The camera block data generation unit 150 generates the first block data including the first device log data and the first operation description data when the camera event detection unit 120 detects the first control node control event. When the first control node control event occurs frequently, a plurality of first device log data and first operation description data may be included in the first block data, which is equally true for the second and third block data described later. .

The camera blockchain processing unit 160 inputs the first block data to the video control distributed ledger 600 by performing blockchain update according to a preset blockchain update period (eg, 1 hour).

FIG. 5 is a block diagram illustrating a functional configuration of an image storage processing module 200 interoperating with the storage device 201 in the present invention.

In the present invention, the image storage processing module 200 is one or more network storage device 201 to receive a large number of CCTV images taken by a plurality of CCTV cameras 101 in a CCTV video control system via a network and to store for a considerable period of time. Installed in the storage interlocking unit 210, storage event detection unit 220, storage log collection unit 230, storage operation collection unit 240, storage block data generation unit 250, storage block chain processing unit 260 It is configured to include.

Hereinafter, each functional component constituting the image storage processing module 200 will be described in detail.

First, the storage interworking unit 210 acquires information related to the storage device 201 from a storage operation program in cooperation with the biometric network storage device 201 in which the storage interworking unit 210 is installed.

The storage event detection unit 120 changes the device settings, changes the firmware, changes the storage period, deletes the stored image, and stores the image in the biometric network storage device 201 in which the storage interworking unit 210 obtains the information. The second control node control event such as external transmission is detected.

When the storage event detector 120 detects the second control node control event by the storage event detector 120, the storage log collection unit 130 may select the storage log collection unit 130 from the storage device 201 in which the storage log collecting unit 130 is installed. The second device log data associated with the detected second control node control event, that is, accessor IP address, log time, biometric identification information, control operation time, receiver IP address, and the like, are acquired.

The storage operation collecting unit 140 receives data regarding the details of the detected second control node control event from the storage device 201 based on the information acquired by the storage interlocking unit 210, and receives a specific format from the storage operation unit 210. Example: Create second operation description data according to an XML script). Parsing the second operation description data captures the content of the second control node control event.

When the storage event detection unit 120 detects the second control node control event, the storage block data generation unit 150 generates second block data including the second device log data and the second operation description data.

The storage blockchain processor 160 inputs the second block data to the distributed video ledger 600 by performing blockchain update according to a preset blockchain update period (eg, 1 hour).

6 is a block diagram illustrating a functional configuration of an image control processing module 300 interoperating with the display control terminal 301 in the present invention.

In the present invention, the video control processing module 300 is installed in a plurality of display control terminals 301 used by the control personnel to observe the CCTV image in the CCTV video control system, the control terminal interlocking unit 310, the control terminal event detection unit 320, the control terminal log collection unit 330, the control terminal operation collection unit 340, the control terminal block data generation unit 350, and the control terminal block chain processing unit 360 are configured.

Hereinafter, each functional component constituting the image control processing module 300 will be described in detail.

First, the control terminal linkage unit 310 obtains information from the control terminal program in conjunction with the display control terminal 301 is installed.

The control terminal event detection unit 320 changes the device setting, deletes the control image, and externally transmits the control image in the display control terminal 301 in which the control terminal interworking unit 310 is installed based on the information obtained from the control terminal 301. Detect a third control node control event, such as;

If the control terminal log collecting unit 330 detects the third control node control event by the control terminal event detecting unit 320, the control terminal log collecting unit 330 is installed based on the information obtained by the control terminal interlocking unit 310. 301 obtains the third device log data associated with the detected third control node control event, namely, accessor IP address, log time, control operation time, receiver IP address, and the like.

The control terminal operation collection unit 340 is provided with data on the details of the detected third control node control event from the display control terminal 301 based on the information obtained by the control terminal linkage unit 310 Generate third operation description data according to a specific format (eg, XML script).

When the control terminal event detection unit 320 detects the third control node control event, the control terminal block data generation unit 350 generates third block data including the third device log data and the third operation description data.

The control terminal blockchain processing unit 360 inputs the third block data to the video control distributed ledger 600 by performing blockchain update according to a preset blockchain update period (for example, 1 hour).

7 is a block diagram showing a functional configuration of the contact trace tracking module 400 interoperating with the image control management computer 401 in the present invention.

In the present invention, the contact trace tracking module 400 detects a security threat such as device unauthorized control or video deletion and leakage in a CCTV video control system, thereby performing a function of maintaining high reliability. Installed and managed management linkage unit 410, system configuration storage unit 420, control blockchain processing unit 430, system security risk identification unit 440, security risk information tracking unit 450, security risk warning display unit And 460.

Hereinafter, each functional component constituting the contact trace tracking module 400 will be described in detail.

First, the control management interlocking unit 410 acquires information from the management computer 401 in conjunction with the video control management computer 401 on which it is installed.

System configuration storage unit 420 stores the configuration data for the video control information chain constituting the CCTV video control system. The configuration data includes what devices are connected in the CCTV video control system, how are users allowed internal access, what devices are externally accessed through the network, and the operation allowed for CCTV video in each device. May be any information, who is a device capable of applying a camera PTZ control command, and the device firmware may include information regarding an update schedule.

The control blockchain processing unit 430 accesses the information contained in the distributed video ledger 600 by performing blockchain update according to a preset blockchain update period (for example, 1 hour). Through this, the contact trace tracking module 400 can determine how an event that may affect CCTV video control occurs in devices participating in the video control information chain.

The system security risk identification unit 440 analyzes the video control distributed ledger 600 and extracts mismatch control information by contrasting the configuration data. The environment setting data is information that defines the normal operation status of CCTV management system, and if it finds an incompatible item or a low frequency of use, it determines that there is a risk of security attack and generates a security warning.

For example, camera PTZ control or firmware change occurs while access is coming from an external device that is not connected to the CCTV video control system, or any part of the CCTV video stored in the storage device 201 is deleted or stored. If the option is changed or the CCTV image is leaked to the outside, it may be determined as the mismatch control information.

When the system security risk identification unit 440 extracts the inconsistency control information, the security risk information tracking unit 450 analyzes the data of the video control distributed ledger 600 to access the visitor IP corresponding to the detected inconsistency control information. Extract address, log time, biometric identification information, control operation time, recipient IP address, operation description data, etc. Since these contain specific details on the detected mismatch control information, they may be referred to as 'non-match control history data'.

The security risk warning display unit 460 outputs the mismatch control history data extracted by the security risk information tracking unit 450 to the video control management computer 401 when the system security risk identification unit 440 extracts the mismatch control information. . Through this, the manager in charge of CCTV video control system can recognize the possibility of security attack.

8 is a block diagram showing the functional configuration of the biometric authentication extension module 500 in conjunction with the client terminal 501 of the user in the present invention.

In the present invention, the biometric authentication extension module 500 is a control link client 501 operating in connection with the biometric authentication result of the CCTV video control system, for example, a client such as a smartphone or a tablet PC used by internal persons in the video control system. A distributed model of FIDO2 transaction authentication is provided for application applications installed in terminal devices and installed in these control link clients 501.

Biometric authentication was originally a technology for controlling device access by using biometric information of a user, but according to the FIDO2 technical specification, an application installed on a device achieves transaction authentication using biometric information, For example, smartphone apps have been extended to passwordless login based on biometric information (eg fingerprints, irises). Such FIDO2 transaction authentication can deny authentication of malicious sites, so it is expected to be effective for phishing prevention. Typically, in February 2019, Google Android became FIDO2 certified, allowing Google apps to use this feature. FIDO2 transaction authentication basically assumes that the server performs authentication, and the present invention proposes a distributed model of FIDO2 transaction authentication by distributing biometric identification information through a blockchain.

Referring to FIG. 8, the biometric authentication module 500 according to the present invention includes an authentication extension interworking unit 510, an authentication extension block chain unit 520, an authentication extension information collecting unit 530, and biometric information acquisition. It comprises a unit 540, the application interlocking unit 550, the authentication extended transaction authentication unit 560.

Hereinafter, each functional component constituting the biometric authentication extension module 500 will be described in detail.

First, the authentication extension interworking unit 510 acquires information from the client 501 in association with the control link client 501 in which the authentication extension interworking unit 510 is installed.

The authentication extension blockchain 520 accesses the information contained in the distributed video ledger 600 by performing blockchain update according to a preset blockchain update period (eg, 1 hour). Through this, one or more biometric identification information made in the video control information chain can be accessed.

The authentication extension information collecting unit 530 analyzes data of the video control distributed ledger 600 and extracts one or more biometric identification information generated as a result of biometric authentication made through the network storage device 201 in the CCTV video control system. . According to the FIDO2 technical standard, biometric information itself should not be distributed, so 'biometric identification information' is not biometric information itself but a piece of information that can perform biometric authentication through a combination of information, such as shared secrets of cryptography. Can be.

The biometric information acquisition unit 540 receives biometric information on the current user acquired by the biometric unit of the control link client 501, for example, a fingerprint sensor of a tablet PC or a smartphone, through the authentication extension interworking unit 510. To be provided.

The application interworking unit 550 provides interworking with application applications operating in the control link client 501, through which these application applications can utilize biometrics based transaction authentication.

The authentication extended transaction authentication unit 560 compares the biometric information obtained from the biometric unit of the control link client 501 with the biometric identification information obtained from the video control distributed ledger 600, and thereby controls the current control link client 501. After performing biometric authentication for the user who manipulates), the biometric authentication result is transmitted to the application to achieve biometrics based transaction authentication through user authentication.

Meanwhile, the present invention may be embodied in the form of computer readable codes on a computer readable nonvolatile recording medium. Such nonvolatile recording media include various types of storage devices, such as hard disks, SSDs, CD-ROMs, NAS, magnetic tapes, web disks, and cloud disks. Forms that are implemented and executed may also be implemented. In addition, the present invention may be implemented in the form of a computer program stored in a medium in combination with hardware to execute a specific procedure.

100: image recording processing module
101: CCTV Camera
110: camera link unit 120: camera event detection unit
130: camera log collector 140: camera operation collector
150: camera block data generation unit 160: camera block chain processing unit
200: image storage processing module
201: NVR device (DVR device)
210: storage interworking unit 220: storage event detection unit
230: storage log collector 240: storage operation collector
250: storage block data generation unit 260: storage block chain processing unit
300: video control processing module
301: display control terminal
302: VMS Server
310: control terminal interworking unit 320: control terminal event detection unit
330: control terminal log collection unit 340: control terminal operation collection unit
350: control terminal block data generation unit 360: control terminal block chain processing unit
400: contact trace tracking module
401: video management computer
410: control management interlocking unit 420: system configuration storage unit
430: control blockchain processing unit 440: system security risk identification unit
450: security risk information tracking unit 460: security risk warning display unit
500: biometric authentication extension module
501: control link client
510: certification extension interworking unit 520: certification extension blockchain
530: certification extension information collection unit 540: biometric information acquisition unit
550: application interworking unit 560: certification extended transaction authentication unit
600: Distributed video ledger

Claims (8)

A system for recording and managing contact traces of life cycle movement path of CCTV images in CCTV video control system.
IP address, log time, control operation time when installed in a plurality of CCTV cameras 101, and detects a first control node control event which is one or more of device setting change, firmware change, and camera PTZ control for the corresponding CCTV camera A first block data including a receiver IP address, an operation descriptor for the first control node control event, and a blockchain update according to a preset schedule to image the first block data. An image photographing processing module 100 input to the control distributed ledger 600;
A second device installed in at least one network storage device 201 that controls access by biometric authentication and which is one or more of device setting change, firmware change, storage period change, deletion of stored image, and external transmission of stored image for the network storage device; In case of detecting the control node control event, the second block data is generated including the visitor IP address, log time, biometric identification information, control operation time, receiver IP address, and operation description data for the second control node control event. An image storage processing module 200 for inputting the second block data to the video control distributed ledger 600 by performing a blockchain update according to a preset schedule;
The visitor IP address and the log time, which are installed in the plurality of display control terminals 301 and detect a third control node control event which is one or more of device setting change, control image deletion, and external transmission of the control image for the corresponding display control terminal. And generating third block data including a control operation time, a receiver IP address, and operation description data for the third control node control event, and performing blockchain update according to a preset schedule to convert the third block data into the third block data. An image control processing module 300 input to the image control distributed ledger 600;
Image control contact trace management system using biometric authentication and blockchain, including.
The method according to claim 1,
It is installed in the video control management computer 401 for maintaining the CCTV video control system, provided with the configuration data for the video control information chain of the CCTV video control system, and performs a block chain update according to a preset schedule Sharing the video control distributed ledger 600, analyzing the video control distributed ledger 600, and comparing the configuration data with the configuration data, extracts inconsistency control information, and from the video control distributed ledger 600 A contact trace tracking module 400 for extracting and providing a visitor IP address, a log time, biometric identification information, a control operation time, a receiver IP address, and operation description data corresponding to the data;
Image control contact trace management system using a biometric authentication and blockchain further comprises.
The method according to claim 2,
It is installed in the control link client 501 operating in conjunction with the biometric authentication result of the CCTV video control system, and performs a blockchain update according to a predetermined schedule to share the video control ledger 600, the video control distribution Based on biometrics by extracting one or more biometric identification information from the ledger 600 and comparing the biometric information with the biometric identification information when biometric information about the current user is provided from the biometric unit of the control link client. Biometric authentication extension module 500 for performing transaction authentication;
Image control contact trace management system using a biometric authentication and blockchain further comprises.
The method according to claim 3,
The image capture processing module 100,
A camera linking unit 110 that works with the installed CCTV camera 101;
A camera event detection unit 120 for detecting a first control node control event of at least one of device setting change, firmware change, and camera PTZ control for the corresponding CCTV camera;
Camera log collection unit 130 receives the first device log data including one or more of the accessor IP address, log time, control operation time, receiver IP address associated with the first control node control event from the CCTV camera 101 );
A camera operation collection unit 140 receiving data of the first control node control event from the CCTV camera 101 and generating first operation description data according to a preset format therefrom;
A camera block data generation unit (150) for generating first block data including the first device log data and the first operation description data;
A camera blockchain processing unit 160 for inputting the first block data to the video control distributed ledger 600 through a blockchain update;
Image control contact trace management system using biometric authentication and blockchain, characterized in that comprises a.
The method according to claim 4,
The image storage processing module 200,
A storage interlocking unit 210 interoperating with the installed biometric network storage device 201;
A storage event detection unit 120 for detecting a second control node control event of at least one of device setting change, firmware change, storage period change, storage image deletion, and storage image external transmission for the corresponding network storage device;
Receiving second device log data including at least one of an accessor IP address, a log time, biometric identification information, a control operation time, and a receiver IP address associated with the second control node control event from the network storage device 201; A storage log collection unit 130;
A storage operation collector 140 receiving data of the second control node control event and generating second operation description data according to a preset format therefrom;
A storage block data generation unit 150 for generating second block data including the second device log data and the second operation description data;
A storage blockchain processing unit 160 for inputting the second block data to the video control distributed ledger 600 through a blockchain update;
Image control contact trace management system using biometric authentication and blockchain, characterized in that comprises a.
The method according to claim 5,
The video control processing module 300,
A control terminal interlocking unit 310 interlocked with the installed display control terminal 301;
A control terminal event detection unit 320 for detecting a third control node control event of at least one of a device setting change, a control image deletion, and a control image external transmission for the corresponding display control terminal;
The control terminal log collection unit receiving the third device log data including at least one of an accessor IP address, a log time, a control operation time, and a receiver IP address associated with the third control node control event from the display control terminal 301. 330;
A control terminal operation collection unit (340) for receiving the data of the third control node control event and generating third operation description data according to a preset format therefrom;
A control terminal block data generation unit 350 for generating third block data including the third device log data and the third operation description data;
A control terminal blockchain processing unit 360 for inputting the third block data to the video control distributed ledger 600 through a blockchain update;
Image control contact trace management system using biometric authentication and blockchain, characterized in that comprises a.
The method according to claim 6,
The contact trace tracking module 400,
A control management interlocking unit 410 interlocked with the installed video control management computer 401;
A system configuration storage unit 420 for storing configuration data for the video control information chain of the CCTV video control system;
A control management blockchain processing unit 430 sharing the video control distributed ledger 600 through a blockchain update;
A system security risk identification unit 440 for extracting inconsistency control information by analyzing the video control distributed ledger 600 and comparing it with the configuration data;
Inconsistency including one or more of accessor IP address, log time, biometric identification information, control operation time, receiver IP address, operation description data corresponding to the discrepancy control information by analyzing the data of the distributed video ledger 600 Security risk information tracking unit 450 for extracting the control history data;
A security risk warning display unit 460 for outputting the mismatch control history data to the video control management computer 401;
Image control contact trace management system using biometric authentication and blockchain, characterized in that comprises a.
The method according to claim 7,
The biometric authentication expansion module 500,
An authentication extension interworking unit 510 interworking with the installed control link client 501;
An authentication extension block chain unit 520 sharing the video control distributed ledger 600 through a block chain update;
An authentication extension information collecting unit 530 which analyzes data of the video control distributed ledger 600 and extracts one or more biometric identification information generated as a result of biometric authentication made in the CCTV video control system;
A biometric information acquisition unit 540 which receives biometric information on a current user from a biometric unit of the control link client 501;
An application interworking unit 550 interworking with an application application operating in the control link client 501;
Authentication extension that achieves biometrics based transaction authentication by performing biometric authentication for the current user by comparing the biometric information with the biometric identification information and delivering the biometric result to the application so that user authentication is performed. Transaction authentication unit 560;
Image control contact trace management system using biometric authentication and blockchain, characterized in that comprises a.

Images