[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

EP1836826A1 - Monitoring system and method for accessing a monitoring device of a monitoring system - Google Patents

Monitoring system and method for accessing a monitoring device of a monitoring system

Info

Publication number
EP1836826A1
EP1836826A1 EP05819824A EP05819824A EP1836826A1 EP 1836826 A1 EP1836826 A1 EP 1836826A1 EP 05819824 A EP05819824 A EP 05819824A EP 05819824 A EP05819824 A EP 05819824A EP 1836826 A1 EP1836826 A1 EP 1836826A1
Authority
EP
European Patent Office
Prior art keywords
monitoring device
control server
control
monitoring
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05819824A
Other languages
German (de)
French (fr)
Inventor
Joacim Tullberg
Johan Adolfsson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Axis AB
Original Assignee
Axis AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Axis AB filed Critical Axis AB
Publication of EP1836826A1 publication Critical patent/EP1836826A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • H04L41/028Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for synchronisation between service call and response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • H04L67/145Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/34Signalling channels for network management communication

Definitions

  • the present invention relates to a monitoring system including a public network, a private network, and an access limiting device arranged to limit the access of the private network from the public network. Further the present invention relates to a method for accessing a monitoring device of such a monitoring system from the public network.
  • Monitoring systems for monitoring of premises , areas of particular interest and processes by means of cameras connected directly to computer networks are increasingly popular .
  • One reason for this may be that these systems in great extent may utilize an existing network, if a computer network already is in place .
  • Another reason may ⁇ be that the network that has to be built for the monitoring system may be used to connect other types of equipment, e . g . computers, servers and peripherals .
  • the users of the monitoring system or a central control centre responsible for the monitoring of the premises, areas of particular interest or processes are located remotely from the monitored site .
  • a remote user or a remote control centre may be easily connected to the monitoring system via the Internet .
  • IP-addresses are connected to the Internet via some device that limits the access to the network from the Internet .
  • an access limiting device may be a firewall, a router implementing NAT (Network Address Translation) to provide additional IP addresses on the private network, a proxy server or an Internet Service Provider (ISP) providing dynamic IP-addresses .
  • NAT Network Address Translation
  • ISP Internet Service Provider
  • one problem of such a monitoring system is that many functions, e . g . control of the monitoring device or devices, require transactions initiated by either the control centre or the remote user and that the monitoring device or devices are arranged in a private network behind an access limiting device . Accordingly, the control centre or the remote user either are unable to penetrate the protection installed or do not have knowledge of the address of the monitoring device or devices .
  • a firewall may be modified to pass through communication originating from outside the private network. Such modifications may however be difficult, either because the firewall is not within the control of the user, because the user do not want to open the firewall, or because the user do not know how or do not want to go through the trouble of modifying the firewall .
  • One obj ect of the present invention is to provide an improved computer network based monitoring system.
  • the obj ect is achieved by means of a method for accessing at least one monitoring device of a monitoring system according to claim 1 and by means of a monitoring system according to claim 11.
  • Embodiments of the invention are disclosed in the dependent claims .
  • the obj ect is accomplished by means of a method for accessing at least one monitoring device of a monitoring system wherein the monitoring system comprises a public network, a private network, an access limiting device arranged to limit the access to the private network from the public network, a monitoring device connected to the private network, and a control server connected to the public network.
  • the method comprises sending an http request from the monitoring device to the control server, sending, in response to said http request, an http response in which the content length is not defined or in which the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response, thereby achieving an open path from the server to the monitoring device through the access limiting device, and sending a plurality of control messages to the monitoring device from the control server via said open path .
  • the obj ect is accomplished by means of a monitoring system comprising a public network, a private network, an access limiting device arranged to limit the access of the private network from the public network, and a control server connected to the public network.
  • the monitoring system being characterized by a monitoring device connected to the private network and being arranged to send an http request to the control server, said control server being arranged to send a http response to the monitoring device in response to the http request, wherein the content length of the http response is not defined or wherein the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response resulting in an open path from the control server to the monitoring device through the access limiting device and wherein the control server is arranged to send control messages to the monitoring device via said open path .
  • One advantage of providing an open path from the control server to the monitoring device by means of responding to an http (Hyper Text Transport Protocol) request with an http response as described above is that the http request is a type of message that almost always are allowed to be sent out through a firewall or any other access limiting device . Therefore, the creating of the open path by sending the http request from the monitoring device to the control server and responding from the control server with said http response results in a simple and effective way to create the open path through the access limiting device from the control server to the monitoring device . Accordingly, the setup of the monitoring system becomes simple because there is no need for tampering with access limiting devices in order to make control server initiated transactions possible .
  • the setup of the monitoring device becomes simple and the security of the private network do need to be affected.
  • the http request initiating the setup of the open path is sent from the monitoring device as soon as a network connection is detected. This makes it even more simple to setup the monitoring devices .
  • the simplicity of setting up the monitoring device may be particularly interesting for small business or monitoring systems for homes .
  • said http request is sent to a control server indicated as a first choice in a list of control servers stored in the monitoring device .
  • This feature also contribute to simplifying the installation of the monitoring device . Further, this may facilitate load control of the system.
  • the method further comprises the acts of : sending a control message from a first server, which is currently enabled to send control messages to the monitoring device via the open path, wherein the control message includes instructions to the monitor device to move the open path from the first control server to a second control server, terminating the connection that generated the open path and, thus , terminating the open path .
  • control server to move the open path to are selected by the monitoring device from a list of control servers stored in the monitoring device .
  • the selected control server is then set to be the control server of first choice and the setting is stored in the list in the monitoring device .
  • FIG. 1 is a schematic diagram of one embodiment of a monitoring system according to the present invention
  • Fig 2 is a timing diagram over one embodiment of the signaling between the monitoring device and the control server resulting in the open path
  • Fig 3 is a timing diagram presenting a possible signaling scheme for checking the open path
  • Fig 4 is a schematic diagram of one embodiment of a monitoring system according to the present invention.
  • Fig 5 is a schematic block diagram of one embodiment of the monitoring device .
  • the monitoring system includes a private network 2, e . g. a Local Area Network 2, e . g. a Local Area Network
  • the private network 2 is connected to a public network 4 , e . g . the Internet, via an access limiting device 6, e . g . a firewall, a NAT (Network Address Translation) , a proxy server, an ISP (Internet Service Provider) providing dynamic addresses .
  • the access limiting device 6 is limiting the access to the private network 2 from the public network 4 in different ways depending on the specific type of limiting device . For example, a firewall is generally arranged to prohibit access to devices in the private network from a public network.
  • the system includes at least one monitoring device 10 , which is associated with a specific area or a process , connected to the private network 2 for providing monitoring information via the private network.
  • the monitoring device 10 is arranged to be controlled by a user by means of a terminal 14 , 16 and the monitoring device may, for example, be a camera, a central unit of an alarm system, an IR-detector, a temperature sensor etc . , which is enabled to communicate over the private network 2.
  • the terminal 14, 16 may be a computer 14, a workstation 14 , a computerized control centre, a mobile telephone 16, a PDA (Personal Digital Assistant) , etc . and is connected to the public network 4. Further, in order to enable the terminal 14 , 16 to control and access the monitoring device 10 through the access limiting device 6 at least one control server 20 is connected to the public network 4.
  • the access to the devices on the private network 2 from devices on the public network 4 is barred by the access limiting device 6.
  • the terminal 14, 16 of the user has to be able to initiate communication with the monitoring device 10. This should be enabled without affecting the available bandwidth on the network to any greater extent and, thus, this function should not involve unnecessary usage of bandwidth .
  • a control connection from the server 20 to the monitoring device 10 through the access limiting device is set up by making the monitoring device 10 send an http request 52 to a control server 20 see Figs 1 and 2.
  • the http request may be sent by the monitoring device 10 upon power up 50, upon detection of a network connection, upon pressing a button, upon keying a code, upon receipt of detection event indicating an alarm, etc .
  • An event indicating an alarm may be a signal from an internally or externally, in relation to the monitoring device, arranged sensor or a state in a program triggering an alarm.
  • the control server 20 then respond to this request by sending an "endless" http response 54 to the monitoring device 10.
  • the length of the content of the endless http response 54 is not specified or may be specified as a large number in the http response and, thereby, the underlying TCP connection is not terminated by the control server .
  • the response is not terminated until the amount of data corresponding to the large number has been sent .
  • the control server utilizes the open path to control the monitoring device 10 by sending control messages 56 (control message 1-N) to the monitoring device, wherein N is an unlimited number .
  • the control messages 56 may be initiated by the control server 20 by it self or by a user terminal 14 , 16.
  • the control server 20 is able to send control messages 56 at any time, i . e . the server do not have to wait for any polling signal from the monitoring device and, thus , there is essentially no latency .
  • a user requesting monitoring data from a monitoring device 10 using a user terminal 14 , 16 would essentially only experience the latency resulting from the transport of the request, the processing in the monitoring device and the transport back to the terminal . This also results in less traffic being transported in the network.
  • the http response which is creating the open path, may also be described as an http response including a plurality of control messages 56 dispersed in time or as an http response in which the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response .
  • This may be achieved by not defining the length of the content of the http response or by setting the length of the content of the http response to a large number . In the case of setting the length of the content to a large number, the large number is to be selected so large as a plurality of control messages 56 may be sent by means of the http response without termination of the http response and consequently the open path .
  • such a large number may be 18 kilobytes, if the initial packet of the http response only is some bytes and if the subsequent control messages also are rather small . However, such a large number may also be two megabytes or greater if the control messages are of larger size . Additionally, the size of the length of the content also depends on the desired duration of the open path . In some applications the network load is not much affected if a new open path is set up once every hour, but in other applications it may be desirable to keep the open path open for a day or more in order not to noticeably affect the network load.
  • the open path is the communication link into the private network 2 for control server 20 or terminal 14 , 16 initiated messaging, as depicted by the control message 56 1-N in Fig 2.
  • the control messages 56 may be utilized to control the monitoring device from a terminal of the user, such instructions are relayed or translated and sent via the open path by the control server . Further, the control messages 56 may be utilized to check the status of the monitoring device 10, to test that the monitoring device is operating correctly, to control the status of the open path connection, to provide configuration data to the monitoring device, to request the monitoring device 10 to set up a new or other connection or to request the monitoring device to deliver data, e . g . monitoring data or other data of interest, to a specific destination .
  • control server 20 is arranged to frequently initiate a check of the open path connection in order to determine if the connection has been broken or for any reason terminated .
  • the check is initiated by the control server which sends a control message 56, including instructions and data associated with the check, via the open path .
  • the monitoring device is programmed to expect frequent reception of such a control message .
  • the server may be provided with a timer 106 triggering the sending of the control message 100 , including check data, see Fig 3.
  • the period set for the timer 106 may be t s .
  • the monitoring device may also be provided with a timer 108 that will be reset 104 each time the monitoring device receives the control message 100 including control data .
  • a control message 100 including checking data At the same time as the control message 100 is sent the timer 106 is started.
  • the timer 108 at the monitoring device is started.
  • t s time units after the timer 106 of the control server was started the timer 106 triggers the sending of the next control message 101, including checking data, and the timer 106 of the control server is restarted .
  • the control message 101, including checking data is received at the monitoring device the timer 108 at the monitoring device is reset and restarted, before it has timed out .
  • the timer 106 triggers the sending of the next control message 102 , including checking data, and the timer 106 of the control server is restarted once more .
  • the control message 102 does not reach the monitoring device for some reason and this leads to the timer 108 of the monitoring device timing out after t m time units .
  • the timer 108 of the monitoring device has timed out the sending of a new http request 52 is triggered in order to try to re-establish the open path between the control server and the monitoring device . If the control server is down or the http request is not arriving at the control server the monitoring device may try to connect to another control server, e . g .
  • an address to the control server 20 is stored in the monitoring device 10 and the address is used by the monitoring device 10 when sending the http request for setting up the open path for the control messages described in relation to Fig 2.
  • the address may be an IP address ( Internet Protocol address ) or an URL (Uniform Resource Locator) .
  • This embodiment may ⁇ be used independently of how many control servers there are available on the public network.
  • a monitoring system including a plurality of control servers .
  • the monitoring system is identical to the system presented in Fig 1 with the difference that it includes a first control server 20 , a second control server 22 and a third control server 24.
  • the monitoring device 10 may be arranged to send the initiating message to one of the control servers 20, 22 , 24 in accordance with the description above or in accordance with any of the descriptions below .
  • three control servers 20 , 22 , 24 may only include two control servers or the system may include four control servers . Depending on the circumstances it may be optimal to provide more than four control servers to the monitoring system.
  • a change of the control server associated with the monitoring device includes sending of a control message from the present control server 20 , i . e . a first control server 20, to the monitoring device 10 including a request to terminate the connection to the first control server 20 and initiate a connection to an address provided in the control message, which may be the address of the second control server 22. Then the monitoring device 10 terminates the connection, including the open path, to the first control server and sends an http request to the address provided by the first control server . Then the second control server receives the http request and sets up the open path in accordance with the description of Fig 2.
  • One advantage of providing a plurality of control servers and the method of changing control servers is that it makes it possible balance the load of different parts of the network.
  • control servers may always be available even if some are not available .
  • a control server may be unavailable because of overload, because it is out of order, because of interrupted network connection, etc .
  • another advantage may be the use of specialized control servers . For instance, one subset of control servers may be specialized in handling video and one subset may be specialized for other purposes . In this way there is no need to pay for licenses relating to some specific functions , programs or hardware for all control servers .
  • a plurality of control server 20 addresses are stored in a list in the monitoring device 10. The addresses in the list are prioritized, i . e .
  • the number of addresses in the list are equal to or less than the number of control servers 20 on the public network associated with the monitoring system.
  • the monitoring device is arranged to make the initial http request to the control server 20 that is the first choice according to the list in order to establish the open path from the control server 20, i . e . the first control server 20, to the monitoring device . If this attempt fails the monitoring device is arranged to make the initial http request to the control server 22 which is the second choice according to the list, i . e . the second control server . If there are more failures with the initial http request and if there are additional control servers in the list the procedure may continue until there is no further control servers or the open path has been established.
  • the first control server may send a control message to the monitoring device requesting it to connect to the second control server 22 by requesting the monitoring device to change control server .
  • the monitoring device then terminates the connection and sends the initial http request to the second choice in the list stored in the monitoring device 10.
  • the prioritized list may be amended .
  • the second control server 22 may, for example, be entered as the control server of first choice and accordingly the first control server is entered as a control server of lower priority .
  • the amended list is then stored in the monitoring device 10. The advantage of such an amendment of the prioritized list is that if the monitoring device is powered down or disconnected from the network and then powered up or reconnected to the network the setup sequence of the open path does not have to be performed towards a control server that possibly still is experiencing a high load but to the same control server from which the latest open path was established successfully.
  • a redirecting message including instructions ordering the monitoring device to connect to another control server, may be provided in a control message or in the http response initiating the open path .
  • the monitoring device is a network enabled camera .
  • the load balancing becomes even more important because of the large amount of monitoring data, i . e . a video sequence, images , streaming video, etc . , it may send to the control server upon request and, thus , introducing large loads to the portion of the public network where the control server is connected or to the control server itself .
  • a monitoring device which may be a camera, may comprise the following features, in addition to the features required to perform the specific task of the monitoring device : a control server communication program 202 , a web-server 204 , URL addressable storage means 205, and a network interface 211, see Fig 5.
  • the web-server 204 and the control server communication program 202 may be implemented as software functions processed by a processor of the monitoring device, but may also be implemented by means of hardware .
  • the control server communication program 202 is arranged to send the initial http request for setting up the open path and to translate instructions received via said open path to http messages for sending to the web-server 204.
  • the monitoring device and, thus , the control server communication program 202 and the web-server 204 are connected to the private network 212 , via the network interface 211.
  • the web-server 204 handles the http requests by either loading or storing data in the URL addressable storage means 205 :
  • the URL addressable storage means may include a URL for first monitoring data 206, which may be one type of data generated by the monitoring device 10 , a URL for second monitoring data 208 , which may be another type of data generated by the monitoring device 10 , and an URL for configuration data 210.
  • Monitoring data may, for example, be video images or sequences .
  • the monitoring device additionally may include a media server implementing RTSP (Real Time Streaming Protocol ) or the web-server 204 may be replaced by such a media server .
  • RTSP Real Time Streaming Protocol
  • An embodiment of a method to request monitoring information from a monitoring device 10 by means of a terminal 14 , 16 by referring to Fig 1 will now be described .
  • the method may be used in systems comprising a plurality of control servers 20, a plurality of monitoring devices and a plurality of terminals as well as in a system as depicted in Fig 1.
  • the open path between the control server 20 and the monitoring device 10 has been set up in accordance with the description of Fig 2.
  • the user of the terminal 16 decides that he wants monitoring data from a specific monitoring device .
  • the terminal 16 sends an http get to the control server 20 specifying the wanted data .
  • the control server 20 receives the http get, assigns the connection established by the http get from the terminal a session identity, and translates the http get to a control message for sending via an open path to the specified monitoring device .
  • the control message includes a command specifying the action to be taken, in this example the action is to retrieve data, a URL identifying the data to retrieve and a destination URL, specifying an address at a control server 20 to which the data are to be returned and specifying the session identity .
  • the control message is sent to the monitoring device and the monitoring device performs the specified action by retrieving the monitoring data identified by the URL identifying the data to retrieve .
  • the monitoring device then generates an http post directed to the destination URL included in the control message, thereby sending the data to the control server 20.
  • the control server receives the http post including the monitoring data .
  • the control server 20 uses the session identity of the URL in the http post from the monitoring device 10 to generate a response to the http get from the terminal 16 including the requested data .
  • the monitoring device may include a program that interprets the control message sent from the control server in the example above .
  • a program may be arranged to identify the action to perform, in the above case to retrieve data, and then translate the URL identifying the data to retrieve to a location within the monitoring device from which the requested data is retrievable . Then the requested monitoring data is included in a http post message sent to the destination URL, as described in the above example .
  • the monitoring device may be a monitoring device that is designed as the one described in Fig 5.
  • the monitoring device receives the data of the control message, at the control server communication program 202 , and translates the data to an http get to the URL identifying the data to retrieve .
  • the http get is then sent to the embedded web-server 204.
  • the web-server 204 then handles the http get in a way known to the person skilled in the art and returns the requested monitoring data to the control server communication program 202 which generates and sends a http post, including the monitoring data, to the destination URL .
  • the monitoring device 10 is provided with an electronic serial number identifying the device .
  • the serial number may be stored in the monitoring device 10 during manufacturing and may be used to identify the monitoring device 10 during the setup of the connection resulting in the open path .
  • the monitoring device may be provided with a unique key for encrypting messages to be sent or for decrypting received messages .
  • This key may also be utilized to authenticate the camera during the setup of the connection resulting in the open path .
  • the control server is also provided with a key in order to be able to decrypt messages from the monitoring device, to encrypt messages sent to the monitoring device and to authenticate the monitoring device 10. Thereby all communication between the monitoring device and the control server may be encrypted .
  • a unique key for each monitoring device produced and the key may be stored in the monitoring device during manufacturing of the device .
  • the keys may be keys of a shared secret system or a public key system.
  • a very large list of different keys are generated before the manufacturing of the cameras which are to be provided with these keys .
  • the list should be of such a size that no new list has to be generated for years .
  • Each control server is provided with the list of keys and during the manufacturing of a monitoring device the device will be provided with one of the keys .

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A Monitoring system and a method in a monitoring system comprising a public network 4, a private network 2, an access limiting device 6 arranged to limit the access of the private network 2 from the public network 4, and a control server 20, 22, 24 connected to the public network 4. The monitoring system further comprises a monitoring device 10 connected to the private network and being arranged to send an http request to the control server 20, 22, 24. The control server 20, 22, 24 being arranged to send a http response to the monitoring device 10 in response to the http request, wherein the content length of the http response is not defined or wherein the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response resulting in an open path from the control server 20, 22, 24 to the monitoring device 10 through the access limiting device 6 and wherein the control server 20, 22, 24 is arranged to send control messages to the monitoring device 10 via said open path.

Description

MONITORING SYSTEM AND METHOD FOR ACCESSING A MONITORING DEVICE OF A MONITORING SYSTEM
Technical Field of the Invention
The present invention relates to a monitoring system including a public network, a private network, and an access limiting device arranged to limit the access of the private network from the public network. Further the present invention relates to a method for accessing a monitoring device of such a monitoring system from the public network.
Background of the Invention
Monitoring systems for monitoring of premises , areas of particular interest and processes by means of cameras connected directly to computer networks are increasingly popular . One reason for this may be that these systems in great extent may utilize an existing network, if a computer network already is in place . Another reason may¬ be that the network that has to be built for the monitoring system may be used to connect other types of equipment, e . g . computers, servers and peripherals . In many cases the users of the monitoring system or a central control centre responsible for the monitoring of the premises, areas of particular interest or processes are located remotely from the monitored site . As a result of the monitoring system being based on a computer network a remote user or a remote control centre may be easily connected to the monitoring system via the Internet . However, most private networks , home networks , corporate networks, etc . are connected to the Internet via some device that limits the access to the network from the Internet . Such an access limiting device may be a firewall, a router implementing NAT (Network Address Translation) to provide additional IP addresses on the private network, a proxy server or an Internet Service Provider (ISP) providing dynamic IP-addresses .
Thus, one problem of such a monitoring system is that many functions, e . g . control of the monitoring device or devices, require transactions initiated by either the control centre or the remote user and that the monitoring device or devices are arranged in a private network behind an access limiting device . Accordingly, the control centre or the remote user either are unable to penetrate the protection installed or do not have knowledge of the address of the monitoring device or devices . A firewall may be modified to pass through communication originating from outside the private network. Such modifications may however be difficult, either because the firewall is not within the control of the user, because the user do not want to open the firewall, or because the user do not know how or do not want to go through the trouble of modifying the firewall . One way of making it possible for servers to communicate with clients otherwise inaccessible is described in the patent application US 2004/0044771 Al . The document describes that a persistent network connection from the client to the server is established . Further, it describes that such a scheme may work fine for a small number of clients , but that the server will soon be overloaded for a large number (i . e . thousands or more) of clients connecting to a single server .
However, the document do not describe how to implement a persistent network connection to otherwise inaccessible network devices .
Summary of the Invention
One obj ect of the present invention is to provide an improved computer network based monitoring system. The obj ect is achieved by means of a method for accessing at least one monitoring device of a monitoring system according to claim 1 and by means of a monitoring system according to claim 11. Embodiments of the invention are disclosed in the dependent claims .
In particular, according to a first aspect of the invention, the obj ect is accomplished by means of a method for accessing at least one monitoring device of a monitoring system wherein the monitoring system comprises a public network, a private network, an access limiting device arranged to limit the access to the private network from the public network, a monitoring device connected to the private network, and a control server connected to the public network. The method comprises sending an http request from the monitoring device to the control server, sending, in response to said http request, an http response in which the content length is not defined or in which the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response, thereby achieving an open path from the server to the monitoring device through the access limiting device, and sending a plurality of control messages to the monitoring device from the control server via said open path .
According to a second aspect of the invention the obj ect is accomplished by means of a monitoring system comprising a public network, a private network, an access limiting device arranged to limit the access of the private network from the public network, and a control server connected to the public network. The monitoring system being characterized by a monitoring device connected to the private network and being arranged to send an http request to the control server, said control server being arranged to send a http response to the monitoring device in response to the http request, wherein the content length of the http response is not defined or wherein the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response resulting in an open path from the control server to the monitoring device through the access limiting device and wherein the control server is arranged to send control messages to the monitoring device via said open path .
One advantage of providing an open path from the control server to the monitoring device by means of responding to an http (Hyper Text Transport Protocol) request with an http response as described above is that the http request is a type of message that almost always are allowed to be sent out through a firewall or any other access limiting device . Therefore, the creating of the open path by sending the http request from the monitoring device to the control server and responding from the control server with said http response results in a simple and effective way to create the open path through the access limiting device from the control server to the monitoring device . Accordingly, the setup of the monitoring system becomes simple because there is no need for tampering with access limiting devices in order to make control server initiated transactions possible . Especially, the setup of the monitoring device becomes simple and the security of the private network do need to be affected. According to one embodiment the http request initiating the setup of the open path is sent from the monitoring device as soon as a network connection is detected. This makes it even more simple to setup the monitoring devices . The simplicity of setting up the monitoring device may be particularly interesting for small business or monitoring systems for homes .
According to a further embodiment said http request is sent to a control server indicated as a first choice in a list of control servers stored in the monitoring device . This feature also contribute to simplifying the installation of the monitoring device . Further, this may facilitate load control of the system. According to yet a further embodiment the method further comprises the acts of : sending a control message from a first server, which is currently enabled to send control messages to the monitoring device via the open path, wherein the control message includes instructions to the monitor device to move the open path from the first control server to a second control server, terminating the connection that generated the open path and, thus , terminating the open path . sending an http request from the monitoring device to the second control server, sending, in response to said http request, an http response from the second control server in which the content length is not defined, thereby achieving an open path from the second control server to the monitoring device through the access limiting device, and sending a plurality of control messages to the monitoring device from the second control server via said open path after the http response has been sent .
By providing a method like this it becomes possible to balance the network load of the system dynamically in spite of the fact that the monitoring device is arranged on a private network behind an access limiting device, i . e . if the load on the control server or on the public network path to the control server becomes to high .
According to a further embodiment the control server to move the open path to are selected by the monitoring device from a list of control servers stored in the monitoring device . The selected control server is then set to be the control server of first choice and the setting is stored in the list in the monitoring device . The advantage of this is that the risk of unnecessary load on the network or to specific servers are minimized, because the load of the control server initiating the move or the network path to that control server is probably high even after the monitoring device has been disconnected and reconnected, in which event the monitoring device will connect to a control server experiencing less load .
A further scope of applicability of the present invention will become apparent from the detailed description given below . However, it should be understood that the detailed description and specific examples , while indicating preferred embodiments of the invention, are given by way of illustration only, since various changes and modifications within the spirit and scope of the invention will become apparent to those skilled in the art from this detailed description .
Brief Description of the Drawings
Other features and advantages of the present invention will become apparent from the following detailed description of a presently preferred embodiment, with reference to the accompanying drawings, in which Fig 1 is a schematic diagram of one embodiment of a monitoring system according to the present invention,
Fig 2 is a timing diagram over one embodiment of the signaling between the monitoring device and the control server resulting in the open path, Fig 3 is a timing diagram presenting a possible signaling scheme for checking the open path,
Fig 4 is a schematic diagram of one embodiment of a monitoring system according to the present invention,
Fig 5 is a schematic block diagram of one embodiment of the monitoring device .
Detailed Description of a Presently Preferred Embodiment
One embodiment of a monitoring system according to the invention is shown in Fig 1. The monitoring system includes a private network 2, e . g. a Local Area
Network (LAN) arranged in a home, at an office, in a factory, in a park or a garden, at a car park, or in any area or premises that is interesting to monitor . The private network 2 is connected to a public network 4 , e . g . the Internet, via an access limiting device 6, e . g . a firewall, a NAT (Network Address Translation) , a proxy server, an ISP (Internet Service Provider) providing dynamic addresses . The access limiting device 6 is limiting the access to the private network 2 from the public network 4 in different ways depending on the specific type of limiting device . For example, a firewall is generally arranged to prohibit access to devices in the private network from a public network.
Further, the system includes at least one monitoring device 10 , which is associated with a specific area or a process , connected to the private network 2 for providing monitoring information via the private network. The monitoring device 10 is arranged to be controlled by a user by means of a terminal 14 , 16 and the monitoring device may, for example, be a camera, a central unit of an alarm system, an IR-detector, a temperature sensor etc . , which is enabled to communicate over the private network 2. The terminal 14, 16 may be a computer 14, a workstation 14 , a computerized control centre, a mobile telephone 16, a PDA (Personal Digital Assistant) , etc . and is connected to the public network 4. Further, in order to enable the terminal 14 , 16 to control and access the monitoring device 10 through the access limiting device 6 at least one control server 20 is connected to the public network 4.
As mentioned above the access to the devices on the private network 2 from devices on the public network 4 is barred by the access limiting device 6. In order to make it possible for the user to control the monitoring device the terminal 14, 16 of the user has to be able to initiate communication with the monitoring device 10. This should be enabled without affecting the available bandwidth on the network to any greater extent and, thus, this function should not involve unnecessary usage of bandwidth . To make this possible a control connection from the server 20 to the monitoring device 10 through the access limiting device is set up by making the monitoring device 10 send an http request 52 to a control server 20 see Figs 1 and 2. The http request may be sent by the monitoring device 10 upon power up 50, upon detection of a network connection, upon pressing a button, upon keying a code, upon receipt of detection event indicating an alarm, etc . An event indicating an alarm may be a signal from an internally or externally, in relation to the monitoring device, arranged sensor or a state in a program triggering an alarm.
The control server 20 then respond to this request by sending an "endless" http response 54 to the monitoring device 10. The length of the content of the endless http response 54 is not specified or may be specified as a large number in the http response and, thereby, the underlying TCP connection is not terminated by the control server . This results in that the access limiting device 6 and the monitoring device 10 do not consider the response terminated and, thereby, an open path from the control server 20 through the access limiting device 6 and to the monitoring device 10 is created . In the case of the content length being specified as a large number, the response is not terminated until the amount of data corresponding to the large number has been sent . The control server utilizes the open path to control the monitoring device 10 by sending control messages 56 (control message 1-N) to the monitoring device, wherein N is an unlimited number . The control messages 56 may be initiated by the control server 20 by it self or by a user terminal 14 , 16. As a result of the open path the control server 20 is able to send control messages 56 at any time, i . e . the server do not have to wait for any polling signal from the monitoring device and, thus , there is essentially no latency . Accordingly, a user requesting monitoring data from a monitoring device 10 using a user terminal 14 , 16 would essentially only experience the latency resulting from the transport of the request, the processing in the monitoring device and the transport back to the terminal . This also results in less traffic being transported in the network.
The http response, which is creating the open path, may also be described as an http response including a plurality of control messages 56 dispersed in time or as an http response in which the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response . This may be achieved by not defining the length of the content of the http response or by setting the length of the content of the http response to a large number . In the case of setting the length of the content to a large number, the large number is to be selected so large as a plurality of control messages 56 may be sent by means of the http response without termination of the http response and consequently the open path . In some cases such a large number may be 18 kilobytes, if the initial packet of the http response only is some bytes and if the subsequent control messages also are rather small . However, such a large number may also be two megabytes or greater if the control messages are of larger size . Additionally, the size of the length of the content also depends on the desired duration of the open path . In some applications the network load is not much affected if a new open path is set up once every hour, but in other applications it may be desirable to keep the open path open for a day or more in order not to noticeably affect the network load.
Accordingly, the open path is the communication link into the private network 2 for control server 20 or terminal 14 , 16 initiated messaging, as depicted by the control message 56 1-N in Fig 2. The control messages 56 may be utilized to control the monitoring device from a terminal of the user, such instructions are relayed or translated and sent via the open path by the control server . Further, the control messages 56 may be utilized to check the status of the monitoring device 10, to test that the monitoring device is operating correctly, to control the status of the open path connection, to provide configuration data to the monitoring device, to request the monitoring device 10 to set up a new or other connection or to request the monitoring device to deliver data, e . g . monitoring data or other data of interest, to a specific destination .
In one embodiment the control server 20 is arranged to frequently initiate a check of the open path connection in order to determine if the connection has been broken or for any reason terminated . The check is initiated by the control server which sends a control message 56, including instructions and data associated with the check, via the open path . The monitoring device is programmed to expect frequent reception of such a control message .
Such a check may be implemented in many different ways . For instance the server may be provided with a timer 106 triggering the sending of the control message 100 , including check data, see Fig 3. The period set for the timer 106 may be ts . The monitoring device may also be provided with a timer 108 that will be reset 104 each time the monitoring device receives the control message 100 including control data . The time period set for the monitoring device may be tm, wherein tm=ts+Δt . Δt is a short time period in relation to ts, this time period Δt only have to be long enough to compensate for possible delays in transmission of the control message .
In Fig 3 there is shown a control message 100 including checking data . At the same time as the control message 100 is sent the timer 106 is started. When the control message 100 is received at the monitoring device the timer 108 at the monitoring device is started. Then, ts time units after the timer 106 of the control server was started the timer 106 triggers the sending of the next control message 101, including checking data, and the timer 106 of the control server is restarted . When the control message 101, including checking data, is received at the monitoring device the timer 108 at the monitoring device is reset and restarted, before it has timed out . Then, ta time units after the timer 106 of the control server was restarted the timer 106 triggers the sending of the next control message 102 , including checking data, and the timer 106 of the control server is restarted once more . In this example the control message 102 does not reach the monitoring device for some reason and this leads to the timer 108 of the monitoring device timing out after tm time units . When the timer 108 of the monitoring device has timed out the sending of a new http request 52 is triggered in order to try to re-establish the open path between the control server and the monitoring device . If the control server is down or the http request is not arriving at the control server the monitoring device may try to connect to another control server, e . g . in a manner as described in this description . The check may be performed once every 2 minutes in order not to load the network to the extent that the check is decreasing the capacity of the network, i . e . ts=2 minutes . However, the check may be performed more frequently , e . g . once every 20 seconds (ts=20 seconds ) , if the check does not result in a load decreasing the capacity of the network noticeably.
According to one embodiment an address to the control server 20 is stored in the monitoring device 10 and the address is used by the monitoring device 10 when sending the http request for setting up the open path for the control messages described in relation to Fig 2. The address may be an IP address ( Internet Protocol address ) or an URL (Uniform Resource Locator) . This embodiment may¬ be used independently of how many control servers there are available on the public network.
Independent of embodiment the final responsibility for the open path lies in the monitoring device, because the open path may only be initiated from the monitoring device . Accordingly, if the connection is broken, for some reason, the monitoring device has to initiate the setup of a new connection . In Fig 4 there is shown a monitoring system including a plurality of control servers . The monitoring system is identical to the system presented in Fig 1 with the difference that it includes a first control server 20 , a second control server 22 and a third control server 24. The monitoring device 10 may be arranged to send the initiating message to one of the control servers 20, 22 , 24 in accordance with the description above or in accordance with any of the descriptions below . In the figure there is shown three control servers 20 , 22 , 24. However, the system may only include two control servers or the system may include four control servers . Depending on the circumstances it may be optimal to provide more than four control servers to the monitoring system.
In this embodiment a change of the control server associated with the monitoring device includes sending of a control message from the present control server 20 , i . e . a first control server 20, to the monitoring device 10 including a request to terminate the connection to the first control server 20 and initiate a connection to an address provided in the control message, which may be the address of the second control server 22. Then the monitoring device 10 terminates the connection, including the open path, to the first control server and sends an http request to the address provided by the first control server . Then the second control server receives the http request and sets up the open path in accordance with the description of Fig 2. One advantage of providing a plurality of control servers and the method of changing control servers is that it makes it possible balance the load of different parts of the network. Another advantage is redundancy of control servers, i . e . a control server may always be available even if some are not available . A control server may be unavailable because of overload, because it is out of order, because of interrupted network connection, etc . Yet, another advantage may be the use of specialized control servers . For instance, one subset of control servers may be specialized in handling video and one subset may be specialized for other purposes . In this way there is no need to pay for licenses relating to some specific functions , programs or hardware for all control servers . In another embodiment a plurality of control server 20 addresses are stored in a list in the monitoring device 10. The addresses in the list are prioritized, i . e . there is a first choice address , a second choice address , etc . , the number of addresses in the list are equal to or less than the number of control servers 20 on the public network associated with the monitoring system. In this embodiment the monitoring device is arranged to make the initial http request to the control server 20 that is the first choice according to the list in order to establish the open path from the control server 20, i . e . the first control server 20, to the monitoring device . If this attempt fails the monitoring device is arranged to make the initial http request to the control server 22 which is the second choice according to the list, i . e . the second control server . If there are more failures with the initial http request and if there are additional control servers in the list the procedure may continue until there is no further control servers or the open path has been established.
Further, assume the open path was established by the first control server 20, but the load on the control server or the portion of the public network that the first control server is connected to is too high . Then the first control server may send a control message to the monitoring device requesting it to connect to the second control server 22 by requesting the monitoring device to change control server . The monitoring device then terminates the connection and sends the initial http request to the second choice in the list stored in the monitoring device 10. By implementing said prioritized list of control servers in the monitoring device there is less risk that a monitoring device is not able to connect to a control server as a result of one specific control server not being currently available . Additionally, less data need to be sent to the monitoring device 10 when a change of control server is needed because of high load, thus , minimizing the contribution to the high load condition .
When a change of server has been made for a monitoring device 10 including a prioritized list, the prioritized list may be amended . The second control server 22 may, for example, be entered as the control server of first choice and accordingly the first control server is entered as a control server of lower priority . The amended list is then stored in the monitoring device 10. The advantage of such an amendment of the prioritized list is that if the monitoring device is powered down or disconnected from the network and then powered up or reconnected to the network the setup sequence of the open path does not have to be performed towards a control server that possibly still is experiencing a high load but to the same control server from which the latest open path was established successfully.
A redirecting message, including instructions ordering the monitoring device to connect to another control server, may be provided in a control message or in the http response initiating the open path . According to one embodiment the monitoring device is a network enabled camera . In cases of the monitoring device being a camera the load balancing becomes even more important because of the large amount of monitoring data, i . e . a video sequence, images , streaming video, etc . , it may send to the control server upon request and, thus , introducing large loads to the portion of the public network where the control server is connected or to the control server itself . According to one embodiment a monitoring device, which may be a camera, may comprise the following features, in addition to the features required to perform the specific task of the monitoring device : a control server communication program 202 , a web-server 204 , URL addressable storage means 205, and a network interface 211, see Fig 5. The web-server 204 and the control server communication program 202 may be implemented as software functions processed by a processor of the monitoring device, but may also be implemented by means of hardware . The control server communication program 202 is arranged to send the initial http request for setting up the open path and to translate instructions received via said open path to http messages for sending to the web-server 204. The monitoring device and, thus , the control server communication program 202 and the web-server 204 are connected to the private network 212 , via the network interface 211. The web-server 204 handles the http requests by either loading or storing data in the URL addressable storage means 205 : The URL addressable storage means may include a URL for first monitoring data 206, which may be one type of data generated by the monitoring device 10 , a URL for second monitoring data 208 , which may be another type of data generated by the monitoring device 10 , and an URL for configuration data 210. Monitoring data may, for example, be video images or sequences . According to another embodiment the monitoring device additionally may include a media server implementing RTSP (Real Time Streaming Protocol ) or the web-server 204 may be replaced by such a media server . An embodiment of a method to request monitoring information from a monitoring device 10 by means of a terminal 14 , 16 by referring to Fig 1 will now be described . The method may be used in systems comprising a plurality of control servers 20, a plurality of monitoring devices and a plurality of terminals as well as in a system as depicted in Fig 1. The open path between the control server 20 and the monitoring device 10 has been set up in accordance with the description of Fig 2. The user of the terminal 16 decides that he wants monitoring data from a specific monitoring device . The terminal 16 sends an http get to the control server 20 specifying the wanted data . The control server 20 receives the http get, assigns the connection established by the http get from the terminal a session identity, and translates the http get to a control message for sending via an open path to the specified monitoring device . The control message includes a command specifying the action to be taken, in this example the action is to retrieve data, a URL identifying the data to retrieve and a destination URL, specifying an address at a control server 20 to which the data are to be returned and specifying the session identity . The control message is sent to the monitoring device and the monitoring device performs the specified action by retrieving the monitoring data identified by the URL identifying the data to retrieve . The monitoring device then generates an http post directed to the destination URL included in the control message, thereby sending the data to the control server 20. The control server receives the http post including the monitoring data . Then the control server 20 uses the session identity of the URL in the http post from the monitoring device 10 to generate a response to the http get from the terminal 16 including the requested data .
The monitoring device may include a program that interprets the control message sent from the control server in the example above . Such a program may be arranged to identify the action to perform, in the above case to retrieve data, and then translate the URL identifying the data to retrieve to a location within the monitoring device from which the requested data is retrievable . Then the requested monitoring data is included in a http post message sent to the destination URL, as described in the above example .
According to another embodiment the monitoring device may be a monitoring device that is designed as the one described in Fig 5. When such a monitoring device is used in the example of retrieving monitoring data above, the monitoring device receives the data of the control message, at the control server communication program 202 , and translates the data to an http get to the URL identifying the data to retrieve . The http get is then sent to the embedded web-server 204. The web-server 204 then handles the http get in a way known to the person skilled in the art and returns the requested monitoring data to the control server communication program 202 which generates and sends a http post, including the monitoring data, to the destination URL .
In one embodiment the monitoring device 10 is provided with an electronic serial number identifying the device . The serial number may be stored in the monitoring device 10 during manufacturing and may be used to identify the monitoring device 10 during the setup of the connection resulting in the open path .
Additionally, the monitoring device may be provided with a unique key for encrypting messages to be sent or for decrypting received messages . This key may also be utilized to authenticate the camera during the setup of the connection resulting in the open path . The control server is also provided with a key in order to be able to decrypt messages from the monitoring device, to encrypt messages sent to the monitoring device and to authenticate the monitoring device 10. Thereby all communication between the monitoring device and the control server may be encrypted . Preferably there is provided a unique key for each monitoring device produced and the key may be stored in the monitoring device during manufacturing of the device . The keys may be keys of a shared secret system or a public key system.
According to one embodiment a very large list of different keys are generated before the manufacturing of the cameras which are to be provided with these keys . The list should be of such a size that no new list has to be generated for years . Each control server is provided with the list of keys and during the manufacturing of a monitoring device the device will be provided with one of the keys . By providing the keys in this way there is no need for distribution of keys , which may be a safety hazard . Accordingly, authentication of monitoring devices and the distribution of keys may be simplified.

Claims

1. Method for accessing at least one monitoring device of a monitoring system wherein the monitoring system comprises : a public network, a private network, an access limiting device arranged to limit the access to the private network from the public network, a monitoring device connected to the private network, and a control server connected to the public network, said method comprising : sending an http request from the monitoring device to the control server, sending, in response to said http request, an http response in which the content length is not defined or in which the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response, thereby achieving an open path from the server to the monitoring device through the access limiting device, and sending a plurality of control messages to the monitoring device from the control server via said open path .
2. Method according to claim 1, wherein the control messages is sent at different points in time via the same open path that has been initiated by the http request .
3. Method according to any one of claims 1 or 2 , wherein said sending of the http request from the monitoring device to a control server is performed as soon as the monitoring device detects that it is connected to a network.
4. Method according to any one of claims 1-3 , wherein the sending of the http request from the monitoring device to the control server is made to a control server that is indicated as the first choice in a list of control servers stored in the monitoring device .
5. Method according to any one of claims 1-4 , wherein the method further comprises the acts of : sending a control message from a first server, which is currently enabled to send control messages to the monitoring device via the open path, wherein the control message includes instructions to the monitor device to move the open path from the first control server to a second control server, terminating the connection that generated the present open path and, thus , terminating the open path , sending an http request from the monitoring device to the second control server, sending, in response to said http request, an http response from the second control server in which the content length is not defined, thereby achieving an open path from the second control server to the monitoring device through the access limiting device, and sending a plurality of control messages to the monitoring device from the second control server via said open path after the http response has been sent .
6. Method according to claim 5, wherein the instructions in the control message from a first server regarding moving the open path to a second server includes an address to the second server .
7. Method according to claim 5, wherein the method further comprises the act of selecting, by the monitoring device, the second control server from a list of control servers stored in the monitoring device .
8. Method according to claim 7 , wherein the method further comprises the act of placing the second control server as the first choice in said list of control servers and storing the amended list in the monitoring device .
9. Method according to any one of claims 1-8 , wherein the method further comprises : receiving an http request at the server from a user terminal, said http request including a request for monitoring data, associating the http request from a user terminal with a session number, translating the request for monitoring data to a data source URL of the monitoring device identifying the location of the requested data in the camera, sending a control message from the server to the monitoring device, said control message including said data source URL and a destination URL, which identifies a network address of the control server and the session number, retrieving, at the monitoring device, the requested monitoring data in accordance with the source URL, sending an http message including the requested monitoring data from the monitoring device to the control server by using said destination URL, and sending an http response from the control server in response to the http request associated with the session number of the destination URL of the http message from the monitoring device, said http response including said requested monitoring data .
10. Method according to any one of claims 1-9, wherein the monitoring device is a network enabled camera .
11. Monitoring system comprising : a public network, a private network, an access limiting device arranged to limit the access of the private network from the public network, and a control server connected to the public network, the monitoring system being characterized by : a monitoring device connected to the private network and being arranged to send an http request to the control server, said control server being arranged to send an http response to the monitoring device in response to the http request, wherein the content length of the http response is not defined or wherein the content length is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched http response resulting in an open path from the control server to the monitoring device through the access limiting device and wherein the control server is arranged to send control messages to the monitoring device via said open path .
12. Monitoring system according to claim 11, wherein the control server is arranged to send a plurality of control messages from the control server to the monitoring device via the open path and at different points in time .
13. Monitoring system according to any one of claims 11-12 , wherein the monitoring device is arranged to send the http request as soon as the monitoring device detects that it is connected to a network.
14. Monitoring system according to any one of claims 11-13 , wherein the monitoring device includes a list of control servers, the priority of the control servers of the list is indicated in the list, and wherein the monitoring device is arranged to send the http request initiating the open path to the control server that is indicated as being the first choice in the prioritized list .
15. Monitoring system according to any one of claims 11-15, wherein the monitoring device is a network enabled camera .
EP05819824A 2005-01-10 2005-12-22 Monitoring system and method for accessing a monitoring device of a monitoring system Withdrawn EP1836826A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0500071A SE530217C2 (en) 2005-01-10 2005-01-10 Monitoring system and method for accessing a monitoring unit in a monitoring system
PCT/SE2005/002026 WO2006073348A1 (en) 2005-01-10 2005-12-22 Monitoring system and method for accessing a monitoring device of a monitoring system

Publications (1)

Publication Number Publication Date
EP1836826A1 true EP1836826A1 (en) 2007-09-26

Family

ID=36647768

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05819824A Withdrawn EP1836826A1 (en) 2005-01-10 2005-12-22 Monitoring system and method for accessing a monitoring device of a monitoring system

Country Status (6)

Country Link
EP (1) EP1836826A1 (en)
JP (1) JP2008527842A (en)
KR (1) KR20070093417A (en)
CN (1) CN101103608A (en)
SE (1) SE530217C2 (en)
WO (1) WO2006073348A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109803119A (en) * 2018-12-27 2019-05-24 视联动力信息技术股份有限公司 A kind of method and apparatus of monitoring information transmission

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1802032B1 (en) 2005-12-22 2010-02-17 Axis AB Monitoring system and method for connecting a monitoring device to a service server
EP2112806B1 (en) 2008-04-14 2013-03-20 Axis AB Information collecting system
JP4672055B2 (en) * 2008-11-28 2011-04-20 キヤノンItソリューションズ株式会社 Information processing apparatus, information processing method, and computer program
CN101808237A (en) * 2010-03-09 2010-08-18 西安科技大学 Image acquisition terminal for embedded system web server and image acquisition method
FR2959897B1 (en) * 2010-05-10 2013-05-10 Web Securite Systeme CONFIGURING AN IP CAMERA
DE102012217144A1 (en) * 2012-09-24 2014-03-27 Robert Bosch Gmbh Terminal, monitoring system with the terminal and method for initializing the terminal in the monitoring system
DE102012217136A1 (en) * 2012-09-24 2014-03-27 Robert Bosch Gmbh Monitoring system with message forwarding, procedures and computer program
EP2849437B1 (en) 2013-09-11 2015-11-18 Axis AB Method and apparatus for selecting motion videos
CN106611453A (en) * 2015-10-27 2017-05-03 常熟安智生物识别技术有限公司 Kindergarten picking-up system based on finger vein recognition technology
CN106611454A (en) * 2015-10-27 2017-05-03 常熟安智生物识别技术有限公司 Kindergarten sending and picking up system based on palm vein recognition technology
JP6380902B2 (en) * 2016-06-15 2018-08-29 株式会社エム・クレスト Remote monitoring system terminal, remote monitoring program, and remote monitoring system
CN107197386B (en) * 2017-05-31 2020-04-21 西安理工大学 Cross-platform video playing implementation method without client

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6349336B1 (en) * 1999-04-26 2002-02-19 Hewlett-Packard Company Agent/proxy connection control across a firewall
US6553422B1 (en) * 1999-04-26 2003-04-22 Hewlett-Packard Development Co., L.P. Reverse HTTP connections for device management outside a firewall
GB2366163A (en) * 2000-08-14 2002-02-27 Global Knowledge Network Ltd Inter-network connection through intermediary server
US7003798B2 (en) * 2000-10-20 2006-02-21 Canon Kabushiki Kaisha System for operating device from remote location and apparatus for use in the system
US20020194289A1 (en) * 2001-06-18 2002-12-19 Engel Glenn R. Configuring devices using server responses

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006073348A1 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109803119A (en) * 2018-12-27 2019-05-24 视联动力信息技术股份有限公司 A kind of method and apparatus of monitoring information transmission
CN109803119B (en) * 2018-12-27 2020-08-28 视联动力信息技术股份有限公司 Method and device for monitoring information transmission

Also Published As

Publication number Publication date
SE0500071L (en) 2006-07-11
SE530217C2 (en) 2008-04-01
CN101103608A (en) 2008-01-09
JP2008527842A (en) 2008-07-24
KR20070093417A (en) 2007-09-18
WO2006073348A1 (en) 2006-07-13

Similar Documents

Publication Publication Date Title
US20060173997A1 (en) Method and apparatus for remote management of a monitoring system over the internet
US8612630B2 (en) Communication network system, gateway, data communication method and program providing medium
US6499108B1 (en) Secure electronic mail system
US8015255B2 (en) System and method for network device communication
EP1632862B1 (en) Address conversion method, access control method, and device using these methods
US7587459B2 (en) Remote application publication and communication system
US20040103314A1 (en) System and method for network intrusion prevention
WO2007073314A2 (en) Monitoring system and method for connecting a monitoring device to a service server
WO2006073348A1 (en) Monitoring system and method for accessing a monitoring device of a monitoring system
CN110365741A (en) A kind of connection method for building up and transfer server
EP1661011B1 (en) Communications system providing enhanced client-server communications and related methods
US20100017500A1 (en) Methods and systems for peer-to-peer proxy sharing
US7644185B2 (en) Communications system providing shared client-server communications interface and related methods
WO2004019528A1 (en) Method and apparatus for establishing multiple bandwidth-limited connections for a communication device
CN114499965B (en) Internet surfing authentication method and system based on POP3 protocol
EP1401205A1 (en) Monitoring support server
JP2004151964A (en) Tunneling communication system, http tunneling server, http communication library, tunneling communication method, and program
GB2410401A (en) A communication apparatus and method

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070601

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/08 20060101ALI20090922BHEP

Ipc: H04L 29/06 20060101AFI20060719BHEP

Ipc: H04N 7/18 20060101ALI20090922BHEP

Ipc: H04L 29/12 20060101ALI20090922BHEP

Ipc: G08B 25/08 20060101ALI20090922BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20091105