[go: up one dir, main page]

CN102378982A - Monitoring system and communication management device - Google Patents

Monitoring system and communication management device Download PDF

Info

Publication number
CN102378982A
CN102378982A CN2010800148511A CN201080014851A CN102378982A CN 102378982 A CN102378982 A CN 102378982A CN 2010800148511 A CN2010800148511 A CN 2010800148511A CN 201080014851 A CN201080014851 A CN 201080014851A CN 102378982 A CN102378982 A CN 102378982A
Authority
CN
China
Prior art keywords
mentioned
terminal
connection
sip
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010800148511A
Other languages
Chinese (zh)
Other versions
CN102378982B (en
Inventor
藤沢正幸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CIKOM Co Ltd
Original Assignee
CIKOM Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CIKOM Co Ltd filed Critical CIKOM Co Ltd
Publication of CN102378982A publication Critical patent/CN102378982A/en
Application granted granted Critical
Publication of CN102378982B publication Critical patent/CN102378982B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Closed-Circuit Television Systems (AREA)
  • Alarm Systems (AREA)

Abstract

通信管理装置(11)连接到多个终端。多个终端是监视装置(15)和使用者装置(17)。当进行终端间的通信时,连接源终端将SIP的邀请消息发送到通信管理装置(11)。通信管理装置(11)中除了SIP服务器(37)之外还具有:许可信息存储部(101),存储了连接许可信息,该连接许可信息中存储了连接应被许可的终端的组合;和许可处理部(103),参照连接许可信息来许可终端间的连接。当SIP服务器(37)从连接源终端取得邀请消息时,在许可处理部(103)许可了连接源和连接地的终端的连接的情况下,SIP服务器(37)将来自连接源终端的邀请消息提供到连接地终端。由此,提供一种能够提高将SIP适用于监视系统时的安全性的监视系统。

Figure 201080014851

A communication management device (11) is connected to a plurality of terminals. The plurality of terminals are a monitoring device (15) and a user device (17). When communication between terminals is performed, the connection source terminal transmits an invitation message of SIP to the communication management device (11). In addition to the SIP server (37), the communication management device (11) further includes: a permission information storage unit (101) storing connection permission information in which combinations of terminals whose connection should be permitted are stored; A processing unit (103) permits a connection between terminals by referring to the connection permission information. When the SIP server (37) obtains the invitation message from the connection source terminal, if the permission processing unit (103) permits the connection between the connection source and the connection destination terminal, the SIP server (37) transmits the invitation message from the connection source terminal Provided to the connection ground terminal. Thereby, the monitoring system which can improve the security at the time of applying SIP to a monitoring system is provided.

Figure 201080014851

Description

Surveillance and Communications Management Units
Technical field
The present invention relates to a kind of surveillance, wherein the terminal of the terminal of monitored object and user's one side is connected mutually and can communicates by letter, and monitor message is obtained at the terminal of above-mentioned monitored object, and the terminal of above-mentioned user's one side obtains monitor message and uses.
Background technology
In the prior art, thus the surveillance that monitored objects such as shop, factory are provided with monitor camera telemonitoring image practicability.Keep watch on image and send to long-range central monitoring position, and send to the owner's (owner) of monitored object office.Keep watch on the transmission of image and use common public circuits (for example patent documentation 1) such as ISDN.
In recent years, because of popularizing of the such broadband line of ADSL, FTTH, the demand of the supervision image in realizing the transmitting-receiving surveillance on the Internet etc. increases.Through utilizing the Internet to help to practice thrift cost, improving system flexibility.
As in the technology that transmits sound, image on the Internet, (Session Initiation Protocol: agreement Session initiation Protocol) is known to be called SIP.SIP is applicable to IP phone, video conference etc.In order to connect two places through SIP, the address in each place of registration in sip server.So, between the place of having registered the address, can carry out the communication of SIP.
If but SIP is applicable to surveillance then will considers the problem of security.That is the security of, the surveillance of image of monitored object etc. being kept watch on, having relatively high expectations from the outside.Relative with it, in SIP, can connect place arbitrarily through the registered address.Therefore, do not hope directly SIP to be applicable to surveillance from the angle of security.
For example, suppose that monitored object is the shop, the terminal in a plurality of shops is connected to central monitoring position.Central monitoring position also is connected to the storekeeper's in each shop terminal.At this moment, can be connected to the terminal that should only limit to corresponding storekeeper at the terminal in each shop.
But in existing SIP, in sip server, registered can connecting between the terminal arbitrarily of address.As basic authentication function, sip server can carry out the authentication of password and ID.But this only limits to the authentication between terminal and the sip server.If permitted being connected of terminal and sip server, then can't limit via the combination between the terminal of sip server.So also can't limit the terminal in shop and being connected of storekeeper's terminal room.Therefore, the storekeeper might obtain the monitor message in the shop outside oneself.
Patent documentation 1: TOHKEMY 2001-54102 communique
Summary of the invention
The present invention produces under above background.The object of the present invention is to provide a kind of surveillance that improves the security when SIP is applicable to surveillance.
A mode of the present invention is a kind of surveillance, and this surveillance has: a plurality of terminals that monitor message is communicated; Manage the Communications Management Units of the communication at a plurality of terminals; A plurality of terminals are separately positioned on monitored object one side; Or utilize user's one side of the monitor message that receives from monitored object, its formation to be, when the terminal at a plurality of terminals when the other-end request connects; This connection source terminal will comprise that the invitation message of the SIP of the identifying information that connects the terminal, ground sends to Communications Management Units, and Communications Management Units has: sip server; The License Info storage part, storage connects License Info, and this connection License Info representes to connect the combination at the terminal that should be permitted; Permit process portion; With reference to connecting the connection that License Info judges whether to permit terminal room; When sip server is obtained invitation message from connecting source terminal; The identifying information at the terminal, connection ground that comprises in the invitation message is provided to permit process portion, and when permit process portion has permitted the connection of terminal room, sip server will be provided to from the invitation message that connects source terminal and connect the terminal, ground.
Other type of the present invention is a kind of Communications Management Units, and this Communications Management Units is managed the communication at a plurality of terminals that monitor message is communicated, and Communications Management Units has: sip server; The License Info storage part, storage connects License Info, and this connection License Info representes to connect the combination at the terminal that should be permitted; With permit process portion; With reference to connecting the connection that License Info judges whether to permit terminal room; When sip server from a plurality of terminals obtains the invitation message that comprises the SIP of the identifying information of other-end; Permit process portion judges whether to permit the connection of terminal room according to the identifying information at terminal, the connection that contains in invitation message ground, and when permit process portion has permitted connection, sip server will be provided to from the invitation message that connects source terminal and connect the terminal, ground.
Be described below, there are other modes in the present invention.Therefore, of the present inventionly openly be intended to provide part mode of the present invention, be not limited in the invention scope that this records and narrates request.
Description of drawings
Fig. 1 is the figure that the integral body of expression surveillance of the present invention constitutes.
Fig. 2 is the block diagram of the formation of more concrete expression surveillance.
Fig. 3 is the block diagram of the main composition in the expression surveillance of the present invention.
Fig. 4 is the figure of the table example of the connection License Info stored in the expression License Info storage part.
Fig. 5 is the figure of the action when being illustrated in the communication of carrying out terminal room in the surveillance.
Fig. 6 is that the expression monitoring arrangement is as the figure of connection source with the action of the communication of carrying out terminal room.
Fig. 7 is an expression user device as the figure of connection source with the action of the communication of carrying out terminal room.
Label declaration
1 surveillance
3 central monitoring positions
5 monitored objects
7 user places
11 Communications Management Units
13 center fixtures
15 monitoring arrangements
17 user's devices
VPN between 21 center terminal
23 SIP communication
25 terminal room VPN
33 http servers
35 vpn servers
37 sip servers
41 account management server
43 databases
61 controllers
63 IP line units
65,83 routers
69 multi-line adapters
73 monitor cameras
81 VPN end devices (VTE)
85 user PC
101 License Info storage parts
103 permit process portions
Embodiment
Below specify the present invention.But following detailed description and accompanying drawing are not used in qualification the present invention.
The present invention is a kind of surveillance, has: a plurality of terminals that monitor message is communicated; Manage the Communications Management Units of the communication at a plurality of terminals; A plurality of terminals are separately positioned on monitored object one side or utilize from user's one side of the monitor message of monitored object reception; Its formation is; When the terminal at a plurality of terminals when the other-end request connects, this connection source terminal will comprise that the invitation message of the SIP of the identifying information that connects the terminal, ground sends to Communications Management Units, Communications Management Units has: sip server; The License Info storage part, storage connects License Info, and this connection License Info representes to connect the combination at the terminal that should be permitted; With permit process portion; With reference to connecting License Info; Judge whether to permit the connection of terminal room, when sip server is obtained invitation message from connecting source terminal, the identifying information at the terminal of containing in the invitation message, connection ground is provided to permit process portion; When permit process portion has permitted the connection of terminal room, sip server will be provided to from the invitation message that connects source terminal and connect the terminal, ground.
As stated, according to the present invention, a plurality of terminals of surveillance are connected to the Communications Management Units with sip server.Communications Management Units also has except sip server: the License Info storage part, and storage connects License Info, and this connection License Info representes to connect the combination at the terminal that should be permitted; With permit process portion, with reference to connecting the connection that License Info judges whether to permit terminal room.In the signaling of SIP, invitation message sends to sip server from connecting source terminal.At this moment, in the present invention, permit process portion judges whether that permission connects.When permit process portion has permitted connection, sip server will send to from the invitation message that connects source terminal and connect the terminal, ground, the signaling success of SIP.
Therefore, in the present invention, storage in advance connects the information of the combination at the terminal that should be permitted, when the SIP signaling, carries out the permission of the connection of terminal room.So, and the simple authentication between nonterminal and the sip server, but the terminal room that can get involved sip server is the permission of P2P, can appropriately limit the user of monitor message.So, can improve security when being suitable for surveillance SIP.
Connect the terminal, ground when Communications Management Units receives invitation message; Can the OK message of SIP be sent to Communications Management Units; Can be to invitation message and the additional establishment information that connects of OK message; It is used for after the SIP session is established, in the connection source and connect the ground terminal room and establish the terminal room that stays out of Communications Management Units and connect.
So, after the SIP session is established, can carry out the communication of monitor message not by Communications Management Units and at terminal room.In the present invention, carry out the communication in two stages.The communication in the 1st stage is SIP, is undertaken by Communications Management Units.The communication in the 2nd stage is not connect by the terminal room of Communications Management Units., SIP carries out signaling when connecting, exchange invitation message and OK message in signaling.The present invention utilizes the message of the signaling of SIP, and exchange is used for the connection of the establishment of terminal room connection and establishes information.So, can utilize SIP to carry out terminal room well connects.And, can reduce the traffic at Communications Management Units and terminal, reduce the load of Communications Management Units.
The terminal room connection that stays out of Communications Management Units can be to construct the terminal room VPN that VPN connects at terminal room.So, through being suitable for VPN (VPN), can improve security to terminal room communication (communication in the 2nd stage after above-mentioned SIP connects).Two-way news exchange in the signal communication of SIP connects applicable to VPN establishes required message exchange.
Invitation message can contain the IP address that connects source terminal and digital certificates as being connected establishment information, and OK message can contain the IP address that connects the terminal, ground and digital certificates as being connected establishment information.So, can suitably utilize the information of using in the SIP switched vpc N connection, carry out safe communication at terminal room.
Communications Management Units can be arranged on the central monitoring position, and this central monitoring position utilization is kept watch on monitored object with communicating by letter of a plurality of terminals.So, Communications Management Units capable of using carries out the communication of communicating by letter of central monitoring position and terminal and terminal room well.
Being connected of Communications Management Units and a plurality of terminals can be connected by VPN between Communications Management Units and a plurality of terminal rooms are through the center terminal of having constructed VPN, and sip server can make a plurality of terminals communicate by letter with sip message by VPN between center terminal.So, SIP communication is carried out on VPN between center terminal.More than discussed SIP session establishment back and carried out the VPN connection at terminal room.VPN is the VPN of center and each terminal room between the center terminal here.Through using VPN between center terminal, can guarantee the security of communicating by letter at central monitoring position and each terminal, and also can guarantee the security of SIP communication.
In the control information that monitor message can comprise the image taken by monitored object, become by the detected supervisory signal of monitored object and through user's one adnation at least one.So, can communicate monitor message at terminal room.
Other type of the present invention is a kind of Communications Management Units, manages the communication at a plurality of terminals that monitor message is communicated, and wherein, Communications Management Units has: sip server; The License Info storage part, storage connects License Info, and this connection License Info representes to connect the combination at the terminal that should be permitted; With permit process portion; With reference to connecting License Info; Judge whether to permit the connection of terminal room, when sip server from a plurality of terminals obtained the invitation message that comprises the SIP of the identifying information of other-end, permit process portion judged whether to permit the connection of terminal room according to the identifying information at the terminal of containing in the invitation message, connection ground; When permit process portion has permitted connection, sip server will be provided to from the invitation message that connects source terminal and connect the terminal, ground.Also applicable above-mentioned various formations in this mode.
The invention is not restricted to the mode of above-mentioned surveillance and Communications Management Units.Other modes of the present invention for example are end devices.And the present invention can realize through method, program or the form of recording medium that has write down the embodied on computer readable of this program.
As stated, the present invention can improve the security when SIP is applicable to surveillance.
Following surveillance with reference to description of drawings embodiment of the present invention.
Fig. 1 representes that the integral body of surveillance of the present invention constitutes.As shown in the figure, in the surveillance 1, between central monitoring position 3, monitored object 5 and user place 7, communicate.Wherein, the user is meant the user of the monitor service of the monitored object 5 in the surveillance 1.In the example of this embodiment, monitored object 5 is shops, and user place 7 is offices of shop owner.
Have Communications Management Units 11 and a plurality of center fixture 13 in the central monitoring position 3, they are connected to and can communicate by letter.Communications Management Units 11 and a plurality of center fixture 13 configurable on geography away from the place.A plurality of center fixtures 13 can be configured in a plurality of zones of taking on respectively.And a plurality of center fixtures 13 can be shared function.For example, certain center fixture 13 can be used as Control Centre's device of handling the relevant signal of guard and plays a role, and the picture centre device that other center fixtures 13 can be used as main processing supervision image plays a role.In addition, within the scope of the invention, center fixture 13 also can be one.
Monitoring arrangement 15 and user's device 17 are set respectively in monitored object 5 and the user place 7.Monitoring arrangement 15 and user's device 17 are equivalent to terminal of the present invention.Monitoring arrangement 15 sends to center fixture 13 and user's device 17 with monitor message.Monitor message for example is the image of monitor camera, and is by monitored object 5 detected supervisory signals.Supervisory signal for example is that unusual guard signal takes place in expression, according to generating the guard signal from the detection signal that is arranged on the sensor on the monitored object 5, perhaps when operational alarm button (switch), generates.And user's device 17 transmits control signal or voice signal to monitoring arrangement 15.It is this that 15 signal is also contained in the monitor message from user's device 17 to monitoring arrangement.
A monitored object 5 and a user place 7 have been shown among Fig. 1.But in fact, central monitoring position 3 is communicated by letter with a plurality of monitored objects 5 and a plurality of users place 7.Therefore, Communications Management Units 11 is also communicated by letter with a plurality of monitoring arrangements 15 and a plurality of user's device 17.User's device 17 (shop owner's terminal) communication that each monitoring arrangement 15 is related with foundation.
According to the surveillance 1 of Fig. 1, for example monitoring arrangement 15 is unusual through detections such as sensor signals.At this moment, be sent to central monitoring position 3 as the guard signal of monitor message with the image of monitored object 5.At central monitoring position 3, the operator confirms guard signal and image through the monitor of center fixture 13, sends necessary indication to the guard personnel.The guard personnel that receive indication arrive to monitored object 5 fast, handle unusual.
And for example monitoring arrangement 15 is set termly or according to other image of monitored object 5 etc. is sent to user's device 17.For example, when going out the guest through sensor, image etc. are sent to user's device 17.And, also exist user's device 17 to require to send the situation of images etc.Owner can be according to the situation in grasp shops such as image.And owner can send sound etc. to monitoring arrangement 15 from user's device 17, and necessary item is indicated to the salesman.
The communication mode of surveillance 1 then is described.Communications Management Units 11, monitoring arrangement 15 and user's device 17 are connected to the Internet.
Further, Communications Management Units 11 is being connected with monitoring arrangement 15 and user's device 17 through VPN (VPN) 21 between center terminal on the Internet.In order to construct VPN21 between center terminal, make Communications Management Units 11 have the vpn server function, make monitoring arrangement 15 and user's device 17 have the VPN client functionality.In VPN, construct vpn tunneling, carry out cryptographic communication, realize higher security.
And monitoring arrangement 15 carries out SIP with user's device 17 by Communications Management Units 11 and communicates by letter 23.SIP communication 23 is undertaken by VPN21 between above-mentioned center terminal.Communications Management Units 11 has the sip server function.
And monitoring arrangement 15 and user's device 17 be not by Communications Management Units 11 but directly be connected through terminal room VPN25.For constructing this terminal room VPN25, user's device 17 has the vpn server function, makes monitoring arrangement 15 have the VPN client functionality.
Wherein, VPN21 always connects and constructs vpn tunneling between center terminal, is used for the communication between center fixture 13 and monitoring arrangement 15 and the user's device 17.And terminal room VPN25 only constructs where necessary.
The reason of using terminal room VPN25 is described.In surveillance 1, carry out the communication of large-capacity data such as image.If VPN21 is used for all communications between center terminal, then the load of Communications Management Units 11 becomes excessive.Therefore, carry out communicating by letter of monitoring arrangement 15 and user's device 17, thereby alleviate the load of Communications Management Units 11 when can guarantee security by terminal room VPN25.
And the effect of the SIP communication 23 in this embodiment is and common different special effects such as IP phone.That is, in this embodiment, the signaling of SIP is located as the processing that VPN connects preceding preparation.Particularly, when establishing the session of SIP23, carry out the information notice.In this information notice, carry out two-way communication, exchange invitation message and OK message.On the other hand, connect, need exchange message in order to establish VPN.In this embodiment, exchange IP address and digital certificates.Digital certificates are used to verify the legitimacy of electronic signature etc., use the certificate by the distribution of the reliable third-party institution.Therefore, the signaling of SIP communication 23 is as being used to establish the information exchange unit use that VPN connects.
The integral body that surveillance 1 more than has been described constitutes.As stated, in this embodiment, use two kinds of VPN.A kind of connection Communications Management Units 11 and terminal (monitoring arrangement 15 or user's device 17) are between the another kind of connecting terminal (monitoring arrangement 15 and user's device 17).Therefore, in Fig. 1,, use VPN21 and these two terms of terminal room VPN25 between center terminal in order to distinguish this two VPN.Use VPN21, these two terms of VPN25 but also can simplify.
Then specify the formation of surveillance 1 with reference to Fig. 2.Communications Management Units 11 has: fire wall 31, http server 33, vpn server 35, sip server 37, STUN server 39, account management server 41, database 43 and log server 45.
Fire wall 31 is used to shield the data beyond the communication data that between Communications Management Units 11 and monitoring arrangement 15 and user's device 17, uses.Http server 33 is used for the Internet and connects.Vpn server 35 is servers of constructing the authentication and the encryption of vpn tunneling.
Vpn server 35 is used to realize VPN21 between center terminal, between Communications Management Units 11 and monitoring arrangement 15, constructs VPN, and between Communications Management Units 11 and user's device 17, constructs VPN.Signal from monitoring arrangement 15 is deciphered through vpn server 35, sends to center fixture 13.And, encrypt through vpn server 35 from the signal of center fixture 13, send to monitoring arrangement 15.And, when monitoring arrangement 15 sends signal, also encrypt through vpn server 35 at Communications Management Units 11.In the communicating by letter of Communications Management Units 11 and user's device 17, vpn server 35 is encrypted too and is deciphered.
Sip server 37 carries out the processing of signaling according to Session Initiation Protocol, connects monitoring arrangement 15 and user's device 17.When user's device 17 requires to be connected to monitoring arrangement 15, or monitoring arrangement 15 is when requiring to be connected to user's device 17, and sip server 37 plays the effect of the connection control of SIP.
In the signaling of SIP, exchange messages.Particularly, exchange INVITE (invitation) message and OK message.Utilize this message, as stated, exchange IP address and digital certificates for establishing the VPN connection.
STUN server 39 provides STUN function for the nat feature of the router of corresponding monitoring arrangement 15 and user's device 17.
Account management server 41 is servers of various information such as administrative authentication.Stored in the database 43 by information of managing.By information of managing comprise the IP circuit account, be used for the right information of digital certificates, key that VPN connects (tunnel construction).And in this embodiment, in the signaling procedure of SIP, authentication and permission are carried out in the connection of terminal room.Be used for this information processed and also preserve, be used for account management server 41 by database 43.In addition, can be undertaken by sip server self authentication and the permission of the connection of terminal room, in this case, permit process portion of the present invention and License Info storage part are arranged on the sip server.
Log server 45 is servers of preserving the daily record that generates through monitoring arrangement 15.
Center fixture 13 has monitor station 51 and circuit coupling arrangement 53.Monitor station 51 is connected to Communications Management Units 11 by circuit coupling arrangement 53.For example, when center fixture 13 is picture centre, keeps watch on image and be provided to monitor station 51, by monitor station 51 management.And when center fixture 13 was Control Centre, the information that guard is relevant was provided to monitor station 51.Keep watch on the also good monitor that is shown in Control Centre of image.Supervision image etc. also can communicate between center fixture.
Monitoring arrangement 15 then is described.Monitoring arrangement 15 comprises: controller 61, IP line unit 63, router 65, peripherals 67, multi-line adapter 69 and monitored object PC (personal computer) 71.
Controller 61 is made up of computing machine, with peripherals 67 cooperations and realize function for monitoring.Controller 61 is connected with central monitoring position 3 by IP line unit 63.And controller 61 also is connected with user's device 17 by IP line unit 63.
In Fig. 2, as peripherals 67 examples monitor camera 73, sensor 75 and alarm button 77.61 pairs of controllers are kept watch on image enforcement image recognition processing and are detected unusually.And controller 61 detects through the detection signal from sensor 75 inputs unusually.When alarm button 77 is pressed, also detect unusual.Other peripherals also can be used for detecting unusual.When generation was unusual, controller 61 was communicated by letter with center fixture 13, sent guard signal and picture signal.Also have microphone when having monitor camera 73, also send voice signal.So, controller 61 is realized the policing function of monitored object 5.
And, also can transmitting monitoring image and sound when center fixture 13 requires.Further, keep watch on image and sound and also send to user's device 17.For example regularly carry out, perhaps also can set the transmission of carrying out to user's device 17 according to other.For example, when detecting the guest through sensor 75, image etc. send to user's device 17.And when user's device 17 required, monitoring arrangement 15 also sent image etc.
IP line unit 63 is constructed and is used for the vpn tunneling that controller 61 is communicated by letter with Communications Management Units 11.And, construct and be used for the vpn tunneling that controller 61 is communicated by letter with user's device 17.The former is corresponding to VPN21 between center terminal, and the latter is corresponding to terminal room VPN25.In these connected, IP line unit 63 was realized the function of VPN client.
In Fig. 2, IP line unit 63 is illustrated as the inside formation of controller 61.This has showed physical configuration.Constitute as communication, IP line unit 63 is configured between controller 61 and the router 65.And IP line unit 63 is connected through Ethernet (registered trademark) LAN with controller 61.Router 65 is routers that broadband line is used.
Multi-line adapter 69 is connected with center fixture 13 by mobile telephone network.Multi-line adapter 69 is used for when broadband line is obstructed, sending the guard signal.Guard signal slave controller 61 sends to multi-line adapter 69 by IP line unit 63, sends to center fixture 13 from multi-line adapter 69.
Monitored object PC71 is arranged on the PC on the monitored object 5.In the example of this embodiment, monitored object 5 is shops.Therefore, monitored object PC71 can be the PC that the shop is used.
User's device 17 then is described.User's device 17 is made up of VPN end device (to call VTE in the following text) 81, router 81 and user PC (personal computer) 85.
VTE81 is the line termination device that is used for broadband connection.And VTE81 constructs the vpn server 35 and the vpn tunneling of Communications Management Units 11, and constructs the IP line unit 63 and the vpn tunneling of monitoring arrangement 15.In the former, VTE81 is as the effect of VPN client, and in the latter, VTE81 is as the vpn server effect.Router 83 is routers that broadband line is used.
VTE81 is connected with user PC85.Image, sound and control signal that VTE81 will receive from the controller 61 of monitoring arrangement 15 are forwarded to user PC85.And VTE81 will be forwarded to controller 61 from sound and the control signal that user PC85 receives.
In this embodiment, user place 7 is offices of shop owner etc.Therefore, user PC85 can be the owner's in shop PC.User PC85 is used for the supervision image that owner watches monitored object 5.For this function is provided, set up applications among the user PC85 is through communicating the supervision image that can show and switch monitored object 5 with controller 61.
In this embodiment, user's device 17 is fixed.But the function of user's device 17 also can be assembled in portable terminal etc., thereby can move.
The integral body that surveillance 1 more than has been described constitutes.Explain that then characteristic of the present invention constitutes.
The part of Fig. 3 presentation graphs 1 and surveillance 1 shown in Figure 2 is a major part of the present invention.In Fig. 3, to being marked with same label at Fig. 1 and key element illustrated in fig. 2.
As shown in Figure 3, except vpn server 35 and sip server 37, have License Info storage part 101 and permit process portion 103 in the Communications Management Units 11.License Info storage part 101 storage connects License Infos, and this connection License Info representes to connect the combination at the terminal (monitoring arrangement 15 and user's device 17) of waiting to be permitted.And permit process portion 103 judges whether to permit the connection of terminal room with reference to connecting License Info.License Info storage part 101 and permit process portion 103 realize through database 43 and the account management server 41 of Fig. 2 respectively.
The example of the connection License Info that Fig. 4 representes should to store in the License Info storage part 101.In this example, connecting License Info is the table of the combination of expression Termination ID.It is corresponding that this table is set up each user (owner in shop), monitoring arrangement ID (ID of monitoring arrangement 15) and user's device ID (ID of user's device 17).Monitoring arrangement ID and user's device ID are the information arbitrarily that can confirm monitoring arrangement 15 and user's device 17.After state in the example, monitoring arrangement ID is the ID of IP line unit 63, user's device ID is the ID of VTE81.
Exist an owner to have the situation in a plurality of shops.At this moment, a monitoring arrangement 15 makes up with a plurality of user's devices 17.In the example of Fig. 4, user C has two shops, and two monitoring arrangements 15 (C01, C02) are set up corresponding with user's device 17 (C11).In addition, when owner uses a plurality of user's device 17, monitoring arrangement 15 and a plurality of user's device 17 corresponding getting final product.
Turn back to Fig. 3, in monitoring arrangement 15, IP line unit 63 has SIP handling part 111, VPN handling part 113 and storage part 115.SIP handling part 111 and VPN handling part 113 carry out the processing relevant with SIP and VPN respectively.The various information that storage part 115 storages are handled through IP line unit 63.Particularly in the present invention, the IP address and the digital certificates of storage part 115 storing IP line units 63.These information are equivalent to connection of the present invention and establish information, are provided to connecting object for VPN connects.And, storage part 115 storing IP line unit ID (ID of IP line unit 63), this IP line unit ID uses as the ID of monitored object 5.
As shown in Figure 3, the VTE81 of user's device 17 also has SIP handling part 121, VPN handling part 123 and storage part 125.IP address and the digital certificates of storage part 125 storage VTE81.And, storage part 125 storage VTE-ID (ID of VTE81).
The action of this embodiment then is described.Action when terminal room VPN25 is constructed in this explanation, the action when carrying out the VPN connection between monitoring arrangement 15 and the user's device 17.
The action summary at first is described.As stated, between Communications Management Units 11 and monitoring arrangement 15, always construct VPN21 between center terminal.Also always construct VPN21 between center terminal between Communications Management Units 11 and the user's device 17.Different with VPN21 between these center terminal, between monitoring arrangement 15 and user's device 17, directly construct terminal room VPN25 through following action.
Carry out the exchange of information between connecting terminal during VPN25.In this embodiment, exchange IP address and digital certificates between monitoring arrangement 15 and user's device 17.As the unit of this message exchange, this embodiment is conceived to SIP.In the information notice of SIP, exchange messages at terminal room.In this sip message, add above-mentioned IP address and digital certificates.So, notify the message exchange that can be used to prepare to construct terminal room VPN25 through the information of SIP.
In the basic function of SIP, the connection of establishing SIP arbitrarily between the address of in sip server 37, being registered.In this case, there is the possibility of user's device 17 connections of monitoring arrangement 15 nothing to do withs, not good in security.Consider this point, in this embodiment, be described below and carry out signaling.Below with one in monitoring arrangement 15 and the user's device 17 connection source terminal as SIP, with another as terminal, the connection of SIP ground.And the message of SIP is sent on VPN21 between center terminal.
With reference to Fig. 5, at first, connect source terminal INVITE (particularly be SIPINVITE message, below identical) is sent to sip server 37 (S1).Additional in the INVITE have the ID of connection source terminal and connect the ID at terminal, ground, the IP address and the digital certificates of connection source terminal.
After sip server 37 receives INVITE, the ID that connects source terminal is provided to permit process portion 103 with the ID that is connected the terminal, ground, whether inquiry permit process portion 103 can connect this connection source terminal and be connected terminal (S3), ground.Permit process portion 103 judges whether to permit (S5) of connection with reference to the connection License Info of License Info storage part 101.Be registered in the License Info storage part 101 with the combination that is connected the terminal, ground if connect source terminal, then permission connects.
Sip server 37 receives allowed results (S7) from permit process portion 103.If permitted connection by permit process portion 103, then sip server 37 sends to INVITE and connects terminal (S9), ground.This INVITE comprises IP address and the digital certificates that connect source terminal.
After connecting the terminal, ground and receiving INVITE, send OK message (particularly be SIP 2000K message, below identical) (S11) to sip server 37.Additional IP address and the digital certificates that terminal, connection ground is arranged of OK message.This OK message sends to via sip server 37 and connects source terminal (S13).Thus, the information notice through SIP has exchanged IP address and digital certificates.And, when terminal room is constructed VPN, carry out authentication through digital certificates that contain in the connection request and the digital certificates that exchange before, construct terminal room VPN25 (S15).
As stated, in this embodiment, by the processing of permitting the combination at terminal behind the sip server 37 reception INVITE.Do not permitted that if connect then INVITE can not be sent to and connect the terminal, ground, the SIP after also can not carrying out handles and VPN handles.Only in the appropriate of monitoring arrangement 15 and user's device 17 at that time, connect and permitted, INVITE is sent to and connects the terminal, ground, and the SIP after carrying out handles, and finally can carry out VPN and connect.
Then specify the action of surveillance 1 with reference to Fig. 6 and Fig. 7.Wherein, explain that at first monitoring arrangement 15 is the situation that connect source terminal, explains that then user's device 17 is the situation in connection source.
In the time diagram of Fig. 6; Controller 61 and IP line unit 63 are formations of monitoring arrangement 15; Sip server 37 and License Info storage part 101 (account management server 41) are the formations of Communications Management Units 11, the formation of VTE81 and the user PC85 person of being to use device 17.
Controller 61 will comprise that the connection indication (P2P connects indication) of VTE-ID (ID of VTE81) sends to IP line unit 63 (S101).Here, VTE-ID is with connecting the ground Termination ID.
IP line unit 63 is read IP line unit IP address (the IP address of IP line unit 63) and the indivedual certificates of IP line unit from storage part 115.The indivedual certificates of IP line unit are digital certificates of distributing to each IP circuit.And IP line unit 63 is read as the IP line unit ID (ID of IP line unit 63) that connects source terminal ID from storage part 115.And IP line unit 63 appends to INVITE with this information, then INVITE is sent to sip server 37 (S103).Particularly, INVITE comprises IP line unit IP address, IP line unit ID, VTE-ID and the indivedual certificates of IP line unit.
Sip server 37 receives INVITE, and IP line unit ID and VTE-ID are sent to permit process portion 103, and whether inquiry permits connection (S105).Permit process portion 103 judges whether that with reference to the connection License Info of License Info storage part 101 permission connects (S107).Here, read the table of Fig. 4.Permit process portion 103 judges whether the combination of the Termination ID of inquiry has been registered in the table then.If corresponding combination is registered, then 103 permissions of permit process portion connect.Allowed results sends to sip server 37 (S109) from permit process portion 103.When permit process portion 103 had permitted connection, sip server 37 sent to VTE81 (S111) with INVITE.This INVITE adds has IP line unit IP address and the indivedual certificates of IP line unit.
In above-mentioned processing, if not permission connection in step S107, then sip server 37 can not send to VTE81 with INVITE.Therefore, the SIP after can not carrying out handles, and the VPN after also not carrying out connects.
After VTE81 receives INVITE, preserve IP line unit IP address and the indivedual certificates of IP line unit, carry out the inquiry (S113) of connection request (P2P connection request) to user PC85 by storage part 125.This connection request adds has IP line unit IP address.User PC85 sends connection response (S115) to VTE81 afterwards.
VTE81 reads VTE-IP address (the IP address of VTE81) and VTE other certificate (distributing to the digital certificates of VTE81) from storage part 125.Then, VTE81 sends to sip server 37 (S117) with OK message.This OK message is added has VTE-IP address and VTE other certificate.
Sip server 37 sends to IP line unit 63 (S 119) with OK message with VTE-IP address and VTE other certificate.After IP line unit 63 receives OK message, preserve VTE-IP address and VTE other certificate by storage part 115, ACK message is sent to sip server 37 (S121), further, sip server 37 sends to VTE81 (S123) with ACK message.
In said process, IP line unit 63 is obtained IP address and the digital certificates of VTE81.And VTE81 obtains the IP address and the digital certificates of IP line unit 63.Therefore, thus can use these information Recognition the other side between IP line unit 63 and VTE81, to establish VPN connects.This is terminal room VPN25.
As shown in the figure, IP line unit 63 carries out VPN connection request (S125) to VTE81.Here, not by sip server 37 but directly ask VPN to connect.Indivedual certificates of the IP line unit of preserving in indivedual certificates of IP line unit that VTE81 is comprised through the VPN connection request and the storage part 125 carry out authentication, will comprise that the arrival information of the IP line unit IP address of object sends to user PC85 (S127).IP line unit IP address is used when the VPN traffic by user PC85.And VTE81 will carry out the advisory IP line unit 63 (S129) of VPN connection processing as vpn server.IP line unit 63 will connect the advisory controller 61 that the result is OK, and with the VTE-IP address notification controller 61 (S131) of object.The VTE-IP address is used when the VPN traffic by controller 61.Thus, established the VPN connection, VPN25 communicates through terminal room.Keep watch on image and sound etc. and be provided to user's device 17 from monitoring arrangement 15.
Then explain that with reference to Fig. 7 user's device 17 is the situation in connection source.User (owner) for example is input to user PC85 with the indication of show image.User PC85 will comprise that the connection indication (P2P connects indication) of IP line unit ID sends to VTE81 (S201).Here, IP line unit ID is with the ID that connects the terminal, ground.
VTE81 reads VTE-IP address and VTE other certificate from storage part 125.And VTE81 reads as the VTE-ID that connects source terminal ID from storage part 125.And VTE81 is additional to INVITE with these information, and INVITE is sent to sip server 37 (S203).Particularly, INVITE comprises VTE-IP address, VTE-ID, IP line unit ID and VTE other certificate.
Sip server 37 receives INVITE, and VTE-ID and IP line unit ID are sent to permit process portion 103, and whether inquiry permits connection (S205).Permit process portion 103 and the above-mentioned same License Info that is connected with reference to License Info storage part 101 judge whether that permission connects (S207), sends to sip server 37 (S209) with allowed results.That is, if the combination of VTE-ID and IP line unit ID is registered, then permission connects.After permit process portion 103 had permitted connection, sip server 37 sent to IP line unit 63 (S211) with INVITE.This INVITE adds has VTE-IP address and VTE other certificate.
In above-mentioned processing, if not permission connection in step S207, then sip server 37 can not send to IP line unit 63 with INVITE.Therefore, the processing of the SIP after not carrying out, the VPN after also not carrying out connects.
After IP line unit 63 receives INVITE, in storage part 115, preserve VTE-IP address and VTE other certificate.And 63 pairs of controllers of IP line unit 61 carry out the inquiry (S213) of connection request (P2P connection request).This connection request adds has the VTE-IP address.Controller 61 sends connection response (S215) to IP line unit 63 then.
IP line unit 63 is read IP line unit IP address and the indivedual certificates of IP line unit from storage part 115.And IP line unit 63 sends to sip server 37 (S217) with OK message.This OK message is added has IP line unit IP address and the indivedual certificates of IP line unit.
Sip server 37 sends to VTE81 (S219) together with OK message and IP line unit IP address and the indivedual certificates of IP line unit.After VTE81 receives OK message, IP line unit IP address and the indivedual certificates of IP line unit are saved in the storage part 125, return ACK message (S221), and SIP connects establishment (S223) to user PC85 notice to sip server 37.Sip server 37 sends to IP line unit 63 (S225) with ACK message.
In said process, exchange IP address and digital certificates between IP line unit 63 and VTE81.After IP line unit 63 receives ACK message, VTE81 is carried out VPN connection request (S227).The VPN connection is not carried out through sip server 37.VTE81 will comprise that the arrival information of the VTE-IP address of object sends to user PC85 (S229).And VTE81 will carry out the advisory IP line unit 63 (S231) of the processing of VPN connection as vpn server.IP line unit 63 will comprise that the arrival information of the VTE-IP address of object sends to controller 61 (S233).Thus, VPN connects establishment, and VPN25 communicates through terminal room.
Like Fig. 6, shown in Figure 7, in the processing of two figure, send the VPN connection request to VTE81 from IP line unit 63.It the reasons are as follows.In VPN, need send connection request from user end to server.In this embodiment, the function of vpn server only is arranged among the VTE81.Therefore, in Fig. 6 and Fig. 7 both sides, the VPN connection request all is to send to VTE81 from IP line unit 63.
Preferred implementation of the present invention more than has been described.According to this embodiment, a plurality of terminals (monitoring arrangement 15, user's device 17) is connected to the Communications Management Units 11 with sip server 37.As shown in Figure 3, Communications Management Units 11 also has License Info storage part 101 and permit process portion 103 except sip server 37.In the information notice of SIP, send INVITE (invitation) message to sip server from connecting source terminal.At this moment, permit process portion 103 judges whether that permission connects.Only when 103 permissions of permit process portion connect, sip server 37 will send to from the INVITE that connects source terminal and connect the terminal, ground, and the information of SIP is notified successfully.
Therefore, in the present invention, storage in advance connects the information of the combination at the terminal that should be permitted, when SIP information is notified, carries out the permission of the connection of terminal room.Thus, and the simple authentication between nonterminal and the sip server 37, but the terminal room that can get involved sip server 37 is the permission of P2P, can appropriately limit the user of monitor message.Can improve the security when being suitable for SIP in the surveillance 1 thus.
And, in the present invention, can add in the INVITE in the information of the SIP notice and the exchange of OK message and be connected establishment information, this connection establishment information is not by the employed information of establishment of the terminal room connection of Communications Management Units 11.Thus, can connect establishment information, connect thereby establish terminal room in the terminal room exchange.Therefore, can utilize SIP to carry out terminal room well connects.And, can reduce the traffic at Communications Management Units 11 and terminal, reduce the load of Communications Management Units 11.
And, in this embodiment, be that example is illustrated with digital certificates as being connected establishment information with the IP address, also can replace digital certificates and use other information to carry out the authentication of object.For example, also can the usefulness such as common name that contain in the digital certificates be connected establishment information.
And according to the present invention, the terminal room that stays out of Communications Management Units 11 connects, and can be the terminal room VPN25 that constructs VPN and connect at terminal room.Can the two-way message exchange in the information notice of SIP be applicable to VPN connects the exchange of establishing required information, and, security can be improved through using VPN.
And according to the present invention, invitation message comprises the IP address that connects source terminal and digital certificates as being connected establishment information, and OK message comprises that the IP address that connects the terminal, ground and digital certificates are as being connected establishment information.Thus, the information of using in the SIP switched vpc N connection can be utilized well, safe communication can be carried out at terminal room.
And according to the present invention, Communications Management Units 11 can be arranged at central monitoring position 3.Thus, utilize Communications Management Units 11 can carry out the communication of communicating by letter of central monitoring position 3 and terminal and terminal room well.
And; According to the present invention; The connection at Communications Management Units 11 and a plurality of terminals can connect through VPN21 between the center terminal of having constructed VPN between Communications Management Units 11 and a plurality of terminal, and sip server 37 can carry out sip message with a plurality of terminals by VPN21 between center terminal and communicate by letter.Thus, SIP communication is carried out on VPN21 between center terminal.The terminal room VPN25 that SIP conversation back is established is the VPN of terminal room, and VPN21 is the VPN of Communications Management Units 11 and terminal room between center terminal.Through using VPN21 between center terminal, can guarantee the security of communicating by letter at central monitoring position 3 and each terminal, and can guarantee the security of SIP communication.
And, at least one in the control information that according to the present invention, monitor message can comprise the image taken by monitored object 5, become by monitored object 5 detected supervisory signals, by user's one adnation.Thus, can communicate monitor message at terminal room.
Preferred implementation of the present invention more than has been described.But the invention is not restricted to above-mentioned embodiment, those skilled in the art can be out of shape above-mentioned embodiment within the scope of the invention certainly.
The preferred implementation of considering at present of the present invention more than has been described, but can have been made various deformation, and all distortion that are in true spirit of the present invention and the scope all are included in the scope of claim this embodiment.
The possibility of utilizing on the industry
As stated, the surveillance that the present invention relates to is applicable to through communication comes telemonitoring shop etc.
Claims (according to the modification of the 19th of treaty)
1. (modification) a kind of surveillance has: the terminal that is arranged at the monitored object side of monitored object; Be arranged at the terminal of user's side of user's one side, this user uses the monitor message that receives from the terminal of above-mentioned monitored object side; And Communications Management Units, manage the terminal of above-mentioned monitored object side and the communication between terminals of above-mentioned user's side, above-mentioned surveillance is characterised in that,
Above-mentioned surveillance constitutes: when the request of the side in the terminal of the terminal of above-mentioned monitored object side or above-mentioned user's side is connected to the opposing party; This connection source terminal will comprise that the invitation message of the SIP of the identifying information that connects the terminal, ground sends to above-mentioned Communications Management Units
Above-mentioned Communications Management Units has: sip server;
License Info storage part, storage be used to represent to connect the monitored object side that should be permitted terminal and the terminal of user's side combination be connected License Info; With
Permit process portion judges whether to permit being connected of terminal of terminal and user's side of monitored object side with reference to above-mentioned connection License Info,
When above-mentioned sip server when above-mentioned connection source terminal is obtained above-mentioned invitation message; The identifying information at the terminal, above-mentioned connection ground that is comprised in the above-mentioned invitation message is provided to above-mentioned permit process portion; When above-mentioned permit process portion has permitted being connected of terminal of terminal and user's side of monitored object side, above-mentioned sip server will be provided to terminal, above-mentioned connection ground from the invitation message of above-mentioned connection source terminal.
2. surveillance according to claim 1 is characterized in that,
Terminal, above-mentioned connection ground sends to above-mentioned Communications Management Units with the OK message of SIP when above-mentioned Communications Management Units receives above-mentioned invitation message,
Above-mentioned invitation message has the establishment of connection information, this connection establishment information to be used for after the SIP session is established, connecting with the terminal room that the terminal room establishment that is connected ground stays out of above-mentioned Communications Management Units in above-mentioned connection source with above-mentioned OK message is additional.
3. surveillance according to claim 2 is characterized in that,
It is to construct VPN and the terminal room VPN that connects at terminal room that the terminal room that stays out of above-mentioned Communications Management Units connects.
4. surveillance according to claim 3 is characterized in that,
The IP address that above-mentioned invitation message comprises above-mentioned connection source terminal and digital certificates are as the above-mentioned information of establishment that is connected, and the IP address that above-mentioned OK message comprises terminal, above-mentioned connection ground and digital certificates are as the above-mentioned establishment information that is connected.
5. surveillance according to claim 1 is characterized in that,
Connection between above-mentioned Communications Management Units and the above-mentioned a plurality of terminal is connected through VPN between the center terminal of having constructed VPN at above-mentioned Communications Management Units and above-mentioned a plurality of terminal rooms,
Above-mentioned sip server carries out communicating by letter of sip message through VPN between above-mentioned center terminal with above-mentioned a plurality of terminals.
6. according to any described surveillance of claim 1~5, it is characterized in that,
Above-mentioned monitor message comprises the image taken by above-mentioned monitored object, by in the detected supervisory signal of above-mentioned monitored object and the control information that becomes by above-mentioned user's one adnation at least one.
7. (modification) a kind of Communications Management Units; Communicating by letter of the terminal of management monitored object side and the terminal of user's side; The terminal of above-mentioned monitored object side is arranged at monitored object; The terminal of above-mentioned user's side is arranged at user one side of use from the monitor message of the terminal reception of above-mentioned monitored object side, and above-mentioned Communications Management Units is characterised in that
Above-mentioned Communications Management Units has: sip server;
License Info storage part, storage be used to represent to connect the monitored object side that should be permitted terminal and the terminal of user's side combination be connected License Info; With
Permit process portion judges whether to permit being connected of terminal of terminal and user's side of monitored object side with reference to above-mentioned connection License Info,
Obtain when above-mentioned sip server and to comprise from the terminal of above-mentioned monitored object side or the side at the terminal of user's side during to the invitation message of the SIP of the opposing party's identifying information; Above-mentioned permit process portion judges whether to permit being connected of terminal of terminal and user's side of above-mentioned monitored object side according to the identifying information at the terminal, above-mentioned connection ground that comprises in the above-mentioned invitation message
When above-mentioned permit process portion has permitted connection, above-mentioned sip server will be provided to terminal, above-mentioned connection ground from the invitation message of above-mentioned connection source terminal.

Claims (7)

1. surveillance has: a plurality of terminals that monitor message is communicated; With the Communications Management Units of communicating by letter at the above-mentioned a plurality of terminals of management, above-mentioned a plurality of terminals are separately positioned on monitored object one side or use user's one side of the above-mentioned monitor message that receives from above-mentioned monitored object, and above-mentioned surveillance is characterised in that,
Above-mentioned surveillance constitutes: when the terminal at above-mentioned a plurality of terminals when the other-end request connects, this connection source terminal will comprise that the invitation message of the SIP of the identifying information that connects the terminal, ground sends to above-mentioned Communications Management Units,
Above-mentioned Communications Management Units has: sip server;
The License Info storage part, storage is used to represent connect the connection License Info of the combination at the terminal that should be permitted; With
Permit process portion, the above-mentioned connection License Info of reference judges whether to permit the connection of terminal room,
Above-mentioned sip server; When above-mentioned connection source terminal is obtained above-mentioned invitation message; The identifying information at the terminal, above-mentioned connection ground that comprises in the above-mentioned invitation message is provided to above-mentioned permit process portion; When above-mentioned permit process portion has permitted the connection of above-mentioned terminal room, above-mentioned sip server will be provided to terminal, above-mentioned connection ground from the invitation message of above-mentioned connection source terminal.
2. surveillance according to claim 1 is characterized in that,
Terminal, above-mentioned connection ground sends to above-mentioned Communications Management Units with the OK message of SIP when above-mentioned Communications Management Units receives above-mentioned invitation message,
Above-mentioned invitation message has the establishment of connection information, this connection establishment information to be used for after the SIP session is established, connecting with the terminal room that the terminal room establishment that is connected ground stays out of above-mentioned Communications Management Units in above-mentioned connection source with above-mentioned OK message is additional.
3. surveillance according to claim 2 is characterized in that,
It is to construct VPN and the terminal room VPN that connects at terminal room that the terminal room that stays out of above-mentioned Communications Management Units connects.
4. surveillance according to claim 3 is characterized in that,
The IP address that above-mentioned invitation message comprises above-mentioned connection source terminal and digital certificates are as the above-mentioned information of establishment that is connected, and the IP address that above-mentioned OK message comprises terminal, above-mentioned connection ground and digital certificates are as the above-mentioned establishment information that is connected.
5. surveillance according to claim 1 is characterized in that,
Connection between above-mentioned Communications Management Units and the above-mentioned a plurality of terminal is connected through VPN between the center terminal of having constructed VPN at above-mentioned Communications Management Units and above-mentioned a plurality of terminal rooms,
Above-mentioned sip server carries out communicating by letter of sip message through VPN between above-mentioned center terminal with above-mentioned a plurality of terminals.
6. according to any described surveillance of claim 1~5, it is characterized in that,
Above-mentioned monitor message comprises the image taken by above-mentioned monitored object, by in the detected supervisory signal of above-mentioned monitored object and the control information that becomes by above-mentioned user's one adnation at least one.
7. the communication at a plurality of terminals that Communications Management Units, management communicate monitor message, above-mentioned Communications Management Units is characterised in that,
Above-mentioned Communications Management Units has: sip server;
The License Info storage part, storage is used to represent connect the connection License Info of the combination at the terminal that should be permitted; With
Permit process portion, the above-mentioned connection License Info of reference judges whether to permit the connection of terminal room,
When the invitation message that comprises the SIP of the identifying information of other-end is obtained at the terminal of above-mentioned sip server from above-mentioned a plurality of terminals; Above-mentioned permit process portion judges whether to permit the connection of above-mentioned terminal room according to the identifying information at the terminal, above-mentioned connection ground that is comprised in the above-mentioned invitation message
When above-mentioned permit process portion has permitted connection, above-mentioned sip server will be provided to terminal, above-mentioned connection ground from the invitation message of above-mentioned connection source terminal.
CN201080014851.1A 2009-03-30 2010-03-25 Monitoring system and communication management device Active CN102378982B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2009081307A JP4781447B2 (en) 2009-03-30 2009-03-30 Monitoring system
JP2009-081307 2009-03-30
PCT/JP2010/002119 WO2010116642A1 (en) 2009-03-30 2010-03-25 Monitoring system and communication management device

Publications (2)

Publication Number Publication Date
CN102378982A true CN102378982A (en) 2012-03-14
CN102378982B CN102378982B (en) 2015-05-27

Family

ID=42935943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201080014851.1A Active CN102378982B (en) 2009-03-30 2010-03-25 Monitoring system and communication management device

Country Status (4)

Country Link
JP (1) JP4781447B2 (en)
KR (1) KR101516708B1 (en)
CN (1) CN102378982B (en)
WO (1) WO2010116642A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016070685A1 (en) * 2014-11-07 2016-05-12 中兴通讯股份有限公司 Method and system for implementing sip session transmission
CN105933198A (en) * 2016-04-21 2016-09-07 浙江宇视科技有限公司 Device for establishing direct connection VPN tunnel
CN110087034A (en) * 2019-04-25 2019-08-02 山西潞安金源煤层气开发有限责任公司 A kind of coal bed gas remote supervision system
CN112579011A (en) * 2019-09-30 2021-03-30 兄弟工业株式会社 Printing apparatus

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5779882B2 (en) * 2011-01-05 2015-09-16 株式会社リコー Device management system, device, device management method and program
JP2013038684A (en) * 2011-08-10 2013-02-21 Refiner Inc Vpn connection management system
US9467297B2 (en) 2013-08-06 2016-10-11 Bedrock Automation Platforms Inc. Industrial control system redundant communications/control modules authentication
US9727511B2 (en) 2011-12-30 2017-08-08 Bedrock Automation Platforms Inc. Input/output module with multi-channel switching capability
US11967839B2 (en) 2011-12-30 2024-04-23 Analog Devices, Inc. Electromagnetic connector for an industrial control system
US8862802B2 (en) 2011-12-30 2014-10-14 Bedrock Automation Platforms Inc. Switch fabric having a serial communications interface and a parallel communications interface
US9600434B1 (en) 2011-12-30 2017-03-21 Bedrock Automation Platforms, Inc. Switch fabric having a serial communications interface and a parallel communications interface
US9191203B2 (en) 2013-08-06 2015-11-17 Bedrock Automation Platforms Inc. Secure industrial control system
US12061685B2 (en) 2011-12-30 2024-08-13 Analog Devices, Inc. Image capture devices for a secure industrial control system
US11314854B2 (en) 2011-12-30 2022-04-26 Bedrock Automation Platforms Inc. Image capture devices for a secure industrial control system
US8971072B2 (en) 2011-12-30 2015-03-03 Bedrock Automation Platforms Inc. Electromagnetic connector for an industrial control system
US9437967B2 (en) 2011-12-30 2016-09-06 Bedrock Automation Platforms, Inc. Electromagnetic connector for an industrial control system
US10834094B2 (en) 2013-08-06 2020-11-10 Bedrock Automation Platforms Inc. Operator action authentication in an industrial control system
US10834820B2 (en) 2013-08-06 2020-11-10 Bedrock Automation Platforms Inc. Industrial control system cable
US10613567B2 (en) 2013-08-06 2020-04-07 Bedrock Automation Platforms Inc. Secure power supply for an industrial control system
CN111293495B (en) 2014-07-07 2022-05-24 基岩自动化平台公司 Industrial control system cable
JP7085826B2 (en) * 2016-12-16 2022-06-17 ベドロック・オートメーション・プラットフォームズ・インコーポレーテッド Image capture device for secure industrial control systems

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1717913A (en) * 2003-08-06 2006-01-04 松下电器产业株式会社 Relay server, relay server service control method, service providing system and program

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3779101B2 (en) * 1999-08-13 2006-05-24 セコム株式会社 Image sending device
JP4415311B2 (en) * 2003-12-25 2010-02-17 日本ビクター株式会社 Monitoring system and output control device
JP4410070B2 (en) * 2004-09-17 2010-02-03 富士通株式会社 Wireless network system and communication method, communication apparatus, wireless terminal, communication control program, and terminal control program
JP4551866B2 (en) * 2005-12-07 2010-09-29 株式会社リコー COMMUNICATION SYSTEM, CALL CONTROL SERVER DEVICE, AND PROGRAM
JP2008219239A (en) * 2007-03-01 2008-09-18 Yamaha Corp Vpn dynamic setting system
JP4750761B2 (en) * 2007-07-23 2011-08-17 日本電信電話株式会社 Connection control system, connection control method, connection control program, and relay device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1717913A (en) * 2003-08-06 2006-01-04 松下电器产业株式会社 Relay server, relay server service control method, service providing system and program

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016070685A1 (en) * 2014-11-07 2016-05-12 中兴通讯股份有限公司 Method and system for implementing sip session transmission
CN105635078A (en) * 2014-11-07 2016-06-01 中兴通讯股份有限公司 Method and system of realizing session initiation protocol (SIP) session transmission
CN105933198A (en) * 2016-04-21 2016-09-07 浙江宇视科技有限公司 Device for establishing direct connection VPN tunnel
CN105933198B (en) * 2016-04-21 2020-01-14 浙江宇视科技有限公司 Device for establishing direct connection VPN tunnel
CN110087034A (en) * 2019-04-25 2019-08-02 山西潞安金源煤层气开发有限责任公司 A kind of coal bed gas remote supervision system
CN112579011A (en) * 2019-09-30 2021-03-30 兄弟工业株式会社 Printing apparatus

Also Published As

Publication number Publication date
JP4781447B2 (en) 2011-09-28
CN102378982B (en) 2015-05-27
KR101516708B1 (en) 2015-05-04
KR20120028298A (en) 2012-03-22
WO2010116642A1 (en) 2010-10-14
JP2010233167A (en) 2010-10-14

Similar Documents

Publication Publication Date Title
CN102378982A (en) Monitoring system and communication management device
US9204096B2 (en) System and method for extending communications between participants in a conferencing environment
US10116637B1 (en) Secure telecommunications
US7426271B2 (en) System and method for establishing secondary channels
CN102823228B (en) User terminal is used to communicate
CN103430506B (en) Network communicating system and method
NO332231B1 (en) Method of pairing computers and video conferencing devices
EP2226987A1 (en) Terminal device, system, connection management server, and computer program for establishing direct communication between terminals
US8949593B2 (en) Authentication system for terminal identification information
JP2009232045A (en) Ip telephone terminal, server apparatus, authentication apparatus, communication system, communication method and program
CN100370832C (en) A multimedia monitoring system
JP5148540B2 (en) Monitoring system
EP3282639B1 (en) Method for operating server and client, server, and client apparatus
KR101444089B1 (en) Communication control device and monitoring device
US20170195327A1 (en) Peer-to-peer communication based on device identifiers
US20160234263A1 (en) Management system, communication system, management method, and recording medium
IL260087A (en) Secure transmission of local private encoding data
CN104767754B (en) Equipment is calculated for online communication session registered client
KR102548430B1 (en) Apparatus and method establishing a policy of end-to-end communication
KR101969141B1 (en) Messenger service apparatus and method having a function of individual communication between chatting room owner and each participant
US20140219164A1 (en) Hardware-Based Private Network Using WiMAX
JP5670680B2 (en) COMMUNICATION METHOD, PRIVATE XMPP SERVER, XMPP CLIENT DEVICE, AND COMMUNICATION SYSTEM INCLUDING THEM
US8903065B2 (en) Call interlocking system, in-house control apparatus, and call interlocking method
JP2015062143A (en) Communication method, and information apparatus
JP5354311B2 (en) Voice chat system with call importance function

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant