KR102277014B1 - Cctv system based on vpn and method for monitoring using the same - Google Patents

Abstract

The present invention discloses a VPN-based monitoring method, which includes: setting up a VPN server of a virtual private network (VPN) for communication access to the CCTV system; setting up a VPN client which can connect to the VPN server; and authenticating a monitoring device for a connection request from the monitoring device to the VPN server or VPN client. According to the present invention, it is possible to block external intrusions and increase a security level of a system by managing clients accessing the CCTV system through the VPN.

Description

VPN-based CCTV system and monitoring method using the same

The present invention relates to a VPN-based CCTV system and a monitoring method using the same, and more particularly, to a method of constructing a CCTV system using a VPN and a CCTV system constructed by the method.

Recently, CCTV has been used for various purposes, for example, traffic information collection, anti-theft, crime prevention, and crime prevention activities in private areas. In addition, the CCTV system, which has evolved from an existing analog camera to an IP camera, has a function of transmitting images collected from the camera to a monitoring device in a streaming form. In particular, when an IP camera including a sensor capable of measuring environment-related chemical, physical, and meteorology is used, the installation and management cost of the environmental measuring sensor network can be reduced.

As the CCTV system is connected to the network through an IP camera and a network video recorder (NVR), the scalability of the CCTV system has developed dramatically. However, as the possibility of external intrusion increases due to network connection, problems are raised in data protection, management and security of CCTV systems. In particular, research on protection measures for CCTV systems connected to public networks is being actively conducted.

A Virtual Private Network (VPN) allows you to establish a protected network connection when using a public network. VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal your data. Encryption is done in real time.

VPN hides the IP address by forcing the network to redirect the IP address through a specially configured remote server run by the VPN host. In other words, when you surf online with a VPN, the VPN server becomes the source of your data. This means that Internet Service Providers (ISPs) and other third parties cannot see the websites you visit or the data you send and receive online. A VPN works like a filter that turns all your data into "meaningless data". Even if someone gets their hands on your data, it will be of no use.

VPN connections disguise your data traffic online and protect your data from external access. Unencrypted data is accessible to the network and can be viewed by anyone who wants to see it. With a VPN, hackers and cybercriminals cannot decrypt this data.

An encryption key is required to read the data. Without one thing, it would take millions of years for computers to crack passwords in the event of a ferocious brute force attack. With the help of a VPN, your online activities are hidden even on public networks.

A VPN server basically acts as a proxy for your users on the Internet. Since the demographic location data comes from servers in other countries, it is not possible to determine the actual location. Also, most VPN services don't store activity logs. On the other hand, some providers record users' actions, but do not pass this information on to third parties. This means that all potential records of user behavior are permanently hidden.

Local web content is not always accessible everywhere. Services and websites often contain content that is only accessible from certain regions of the world. A standard connection uses the country's local server to determine the user's location. This means that you can't access content from home while traveling, and you can't access international content from home. VPN location spoofing allows you to effectively "change" your location by switching servers to different countries.

If you work remotely, you may need to access important files on your corporate network. For security reasons, this kind of information requires a secure connection. A VPN connection is often required to access the network. A VPN service connects to a private server and uses encryption to reduce the risk of data leakage.

Your ISP usually establishes a connection when you connect to the Internet. It tracks the user via IP address. Your network traffic is routed through your ISP's servers, which can record and display everything you do online.

Although ISPs may appear reliable, they may share your browsing history with advertisers, police or governments, and/or other third parties. ISPs can also be victims of attacks by cybercriminals: if they are hacked, users' personal data and personal data can be compromised.

This is especially important if you regularly connect to public Wi-Fi networks. Users never know who is spying on their internet traffic and what they will steal from them, including passwords, personal data, payment information or even the user's full identity.

The basic job of a VPN is to hide your IP address from your ISP and other third parties. This allows you to send and receive information online without risk to anyone other than you and your VPN provider seeing it.

A VPN should ensure that you do not leave any traces in the form of, for example, your Internet history, browsing history, and cookies. Cookie encryption is particularly important because it prevents third parties from accessing confidential information such as personal data, financial information and other content on the website.

If your VPN connection is suddenly interrupted, your secure connection is also disrupted. A good VPN can detect such sudden downtime and close preselected programs to reduce the chances of data corruption.

Using a variety of authentication methods, a strong VPN checks every user attempting to log in. For example, when prompted to enter a password, a code is sent to the mobile device. This makes it difficult for uninvited third parties to access your secure connection.

Since humans have been using the Internet, there has been a movement to protect and encrypt Internet browser data. The US Department of Defense was already involved in a project on the encryption of Internet communications data in the 1960s.

Their efforts led to the creation of the Advanced Research Projects Agency Network (ARPANET), a packet-switched network, which eventually led to the development of the Transfer Control Protocol/Internet Protocol (TCP/IP).

TCP/IP had four levels: Link, Internet, Transport, and Application. At the Internet level, local networks and devices can be connected to the universal network, where the risk of exposure becomes clear. In 1993, a team at Columbia University and AT&T Bell Labs finally succeeded in creating the first version of a modern VPN known as sw.

The following year, Weisu developed the IPSec network, an Internet security protocol that authenticates and encrypts packets of information shared online. In 1996, a Microsoft employee named Gurdeep Singh Pal created the Peer-to-Peer Tunneling Protocol (PPTP).

As Singpal developed PPTP, the popularity of the Internet increased, and the need for a consumer-ready and sophisticated security system emerged. At that time, antivirus programs were already effective in preventing malware and spyware from infecting computer systems. However, people and companies are also starting to demand encryption software that can hide your browsing history on the Internet.

The first VPNs started in the early 2000s, but were used exclusively by almost all companies. However, after a flood of security breaches, especially in the early 2010s, the consumer market for VPNs has begun to recover.

According to the Global Web Index, the number of VPN users worldwide has more than quadrupled from 2016 to 2018. In countries like Thailand, Indonesia and China, where internet usage is restricted and censored, 1 in 5 internet users use a VPN. In the US, UK, and Germany, the proportion of VPN users is low at around 5%, but is gradually increasing.

One of the biggest drivers of VPN adoption in recent years has been the growing demand for content with geo-access restrictions. For example, video streaming services like Netflix or YouTube make certain videos available only in certain countries. A contemporary VPN lets you encrypt your IP address to make it look like you're surfing in another country, so you can access this content from anywhere.

A VPN encrypts a user's surfing behavior, which can be decoded with the help of a key. Only your computer and VPN know this key, so your ISP cannot know where you are surfing. Different VPNs use different encryption processes, but they usually work in three steps:

Often not all employees in a company have access to a company laptop they can use when working from home. In the spring of 2020, during the coronavirus outbreak, many companies faced the problem of not having enough equipment for their employees. In this case, it is often dependent on the use of personal devices (PC, laptop, tablet, mobile phone). In this case, the enterprise retreats to an SSL-VPN solution that is typically implemented through that hardware box.

A VPN condition is usually an HTML-5 capable browser, which is used to invoke the company's login page. HTML-5 enabled browsers can be used on almost all operating systems. Access is protected by username and password.

A site-to-site VPN is essentially a private network designed to hide your private intranet and allow users on these secure networks to access each other's resources.

A site-to-site VPN is useful if you have multiple locations in your company, each with a local area network (LAN) connected to a wide area network (WAN). A site-to-site VPN is also useful if you have two separate intranets where you want to transfer files from one intranet to another without users explicitly accessing the other.

Site-to-site VPNs are primarily used by large enterprises. They are complex to implement and do not offer the same flexibility as SSL VPNs. However, it is the most effective way to ensure communication between large departments and between large departments.

Connecting through a VPN client can be imagined as connecting your home PC to work with an extension cable. Employees can make calls from their home office to the corporate network over a secure connection and act as if they were sitting in the office. However, you must first install and configure the VPN client on your computer.

This includes users establishing a connection directly through their VPN provider rather than connecting to the Internet through their ISP. This essentially shortens the tunnel phase of the VPN journey. Instead of using a VPN to create an encrypted tunnel that disguises your existing internet connection, a VPN can automatically encrypt your data before you use it.

This is an increasingly common form of VPN, especially useful for insecure public WLAN providers. It prevents third parties from accessing and compromising the network connection and encrypts the data to the provider. It also prevents ISPs from accessing data that remains unencrypted for any reason, and bypasses any restrictions on a user's Internet access (for example, where the country's government restricts Internet access).

The benefits of this type of VPN access are efficiency and universal access to company resources. For example, if a suitable phone system is available, an employee can access the system with a headset and act as if he or she is at work. The company's customers, for example, don't even know if the employee is in the company or in their home office.

You need to install the software for a standalone VPN client. The software is configured to meet the requirements of the endpoint. When setting up a VPN, the endpoint runs the VPN link and connects to the other endpoint to create an encrypted tunnel. For companies, this step usually requires entering a company-issued password or installing an appropriate certificate. By using a password or certificate, the firewall can recognize that this is an authorized connection. The employee then identifies himself with the credentials known to him.

VPN extensions can be added to most web browsers such as Google Chrome and Firefox. Some browsers, including Opera, even have their own integrated VPN extensions. The extension allows users to quickly switch and configure VPNs while surfing the Internet. However, the VPN connection is only valid for information shared by this browser. Other browsers outside of the browser and other Internet use (eg online gaming) cannot be encrypted by the VPN.

Browser extensions aren't as comprehensive as VPN clients, but they can be a good option for internet users who want an extra layer of internet security. However, they have proven to be more vulnerable to violations. Data collectors may want to use fake VPN extensions, so users should choose a reputable extension. Data collection is the collection of personal data that marketing strategists do to create a user's personal profile. Advertising content is personally tailored to the user.

If you have multiple devices connected to the same internet connection, it may be easier to implement a VPN directly on your router than to install a separate VPN on each device. A router VPN is especially useful if you want to secure your device over an internet connection that is not as easy to configure as a smart TV. It even helps you access geo-restricted content through your home entertainment system.

Router VPNs are easy to install, always provide security and privacy, and prevent compromised networks when insecure devices log on. However, it can be more difficult to manage if your router doesn't have its own user interface. This can block incoming connections.

Corporate VPNs are custom solutions that require personalized setup and technical support. VPNs are usually created by a company's IT team. Users are not administratively affected by the VPN itself, and user activity and data transfers are logged by the company. This allows companies to minimize the potential risk of data breaches. The main advantage of a corporate VPN is a seamless and secure connection to the company's intranet and servers, even for employees who work outside the company using their Internet connection.

A VPN connection establishes a secure connection between you and the Internet. Through the VPN, all data traffic is routed through an encrypted virtual tunnel. This camouflages your IP address when you use the Internet, making its location invisible to everyone. VPN connections are also secure against external attacks. That's because only the user can access the data in the encrypted tunnel, and no one else can access it because they don't have the key. A VPN allows you to access geo-restricted content from anywhere in the world. Many streaming platforms are not available in all countries. You can access it using a VPN.

1 is an exemplary diagram of a VPN composed of a VPN server and a VPN client.

Referring to FIG. 1 , among VPNs for which various protocols can be used, a VPN in which a router functions as a VPN client is depicted. A plurality of computers in the office are connected to the LAN in the form of clients.

If the client does not use the VPN, the client accesses the Internet using an Internet access device such as a router or a router provided by the ISP. And the client will communicate directly with other entities connected to the internet. However, when a VPN exists as shown in FIG. 1, a VPN composed of a VPN client and a VPN server intervenes between the client and the Internet. The intervening VPN client and VPN server can encrypt and decrypt data transmitted and received by the client, and allow the client to access through a virtual VPN IP, so that information about the client's use of the Internet is not exposed to the outside. A VPN connection is also called VPN tunneling, and is a section in which encrypted data communication takes place.

A VPN-based CCTV system and a monitoring method using the same according to an embodiment of the present invention configure a CCTV system using a virtual private network, that is, VPN, and connect to the CCTV system through a connection between an NVR and a camera and a monitoring device Includes configurations related to enhancing security and protecting data in transit.

As a related art, the invention of Patent Registration No. 10-1991340 relates to an apparatus and method for security management. Referring to FIG. 1 and claim 1 , security management including a first connection management unit and a second connection management unit The device is a type of router that uses a router VPN, and is distinguished from the configuration of the present invention in that it performs authentication necessary for accessing a cloud photographing device, but does not include an encryption operation for data protection.

As a related art, the invention of Patent Publication No. 10-2019-0003256 relates to a VPN management method and apparatus for an IP camera. Referring to FIG. 1 and claim 1, a data tunnel established between an IP camera and a gateway is provided. It is distinguished from the configuration of the present invention relating to authentication for connecting to NVRs and cameras connected to the network through a server and client model and protection of packets transmitted according to their monitoring in that it relates to VPN management using.

Korea Registration No. 10-1991340 (Announcement on June 20, 2019) Korean Publication No. 10-2019-0003256 (published on 2019.01.09)

One problem to be solved by the present invention to solve the conventional problems as described above is a virtual private network-based CCTV system using a device constituting a CCTV system connected to a network, for example, a network video recorder as a server or a client. is to build

One problem to be solved by the present invention is to establish a CCTV system based on a virtual private network in which a camera and a spot monitor are connected as clients in addition to a network video recorder.

One problem to be solved by the present invention is to establish a CCTV system based on a virtual private network capable of authentication for access to the CCTV system and data encryption of collected images.

In order to achieve the above object, a VPN-based monitoring method according to an embodiment of the present invention is a method performed by a CCTV system configured to include a network video recorder (NVR) and a camera, the CCTV system Setting a VPN server of a virtual private network (VPN) for communication access to the ; Setting up a VPN client that can connect to the VPN server; and authenticating the monitoring device for a connection request of the monitoring device to the VPN server or VPN client.

In addition, the step of setting the VPN server may be configured to include the step of setting the NVR as the VPN server.

Further, the step of setting the VPN server may be configured to include the step of setting the NVR as a VPN client.

Further, the step of setting up the VPN server may be configured to include generating a VPN server certificate.

In addition, the step of setting the VPN client may be configured to include the step of generating a VPN client profile (Profile).

Further, authenticating the monitoring device may be configured to include authenticating the monitoring device using a VPN client profile generated by the VPN server.

In addition, the VPN-based monitoring method may be configured to further include the step of a monitoring device accessing the NVR using the VPN IP of the NVR.

In addition, the VPN-based monitoring method may be configured to further include the step of registering the camera using the VPN IP by the NVR in order to access the image collected by the camera.

A VPN-based CCTV system according to an embodiment of the present invention is a network video recorder (NVR) that records images collected through a camera, and a virtual private network (Virtual Private Network) for communication connection to the CCTV system; VPN server/client setting module for setting a VPN server and a VPN client connectable to the VPN server; a VPN server certificate management module for generating a server certificate for VPN client management of a virtual private network; and a VPN client profile management module for generating a VPN client profile for connection of the VPN client and the monitoring device based on the server certificate, and through the control of the VPN client profile management module, issuing and using the VPN client profile It may be configured to further include a control unit to perform authentication.

In addition, the VPN-based CCTV system may be configured to further include an encryption module that performs an encryption operation on a VPN client profile and an encryption operation on a transmitted packet.

In addition, the VPN-based CCTV system further includes a client-to-client communication activation module that enables VPN communication between VPN clients, and the controller includes a monitoring device between the VPN clients through the control of the client-to-client communication activation module. It may be configured to enable VPN communication.

In addition, the VPN-based CCTV system may be configured to further include a VPN-based camera that provides an encrypted packet of streaming in real time as a VPN client through a virtual VPN IP generated by the VPN server.

In addition, the VPN-based CCTV system may be configured to include a VPN-based NVR that provides encrypted packets of stored images as a VPN client through a virtual VPN IP generated by the VPN server.

Specific details of other embodiments are included in "Details for carrying out the invention" and the accompanying "drawings".

Advantages and/or features of the present invention, and methods for achieving them, will become apparent with reference to the various embodiments described below in detail in conjunction with the accompanying drawings.

However, the present invention is not limited to the configuration of each embodiment disclosed below, but may also be implemented in a variety of different forms, and each embodiment disclosed herein only makes the disclosure of the present invention complete, and the present invention It is provided to fully inform those of ordinary skill in the art to which the scope of the present invention belongs, and it should be understood that the present invention is only defined by the scope of each of the claims.

According to the present invention, it is possible to block external intrusions and increase the security level of the system by managing clients accessing the CCTV system through VPN.

In addition, data leakage due to hacking can be prevented through encrypted transmission of streaming data collected through the camera and image data stored in the NVR.

1 is an exemplary diagram of a VPN composed of a VPN server and a VPN client.
2 is a block diagram of a network video recorder according to an embodiment of the present invention.
3 is a flowchart of a VPN-based monitoring method according to an embodiment of the present invention.
4 is a network relationship diagram of a VPN-based CCTV system according to an embodiment of the present invention.
5 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN server according to an embodiment of the present invention.
6 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN server according to an embodiment of the present invention.
7 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN client according to an embodiment of the present invention.
8 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN client according to an embodiment of the present invention.
9 is a flowchart of a method for an NVR to obtain an image of a VPN camera as a VPN server according to an embodiment of the present invention.
10 is a flowchart of a method for an NVR to obtain an image of a VPN camera as a VPN client according to an embodiment of the present invention.
11 is a flowchart of a method for a monitoring device to monitor an NVR operating as a VPN server according to an embodiment of the present invention.
12 is a flowchart of a method for a monitoring device to monitor an NVR operating as a VPN client according to an embodiment of the present invention.
13 is a flowchart of a method for a spot monitor to monitor an NVR operating as a VPN server according to an embodiment of the present invention.
14 is a flowchart of a method for a spot monitor to monitor an NVR operating as a VPN client according to an embodiment of the present invention.

Before describing the present invention in detail, the terms or words used herein should not be construed as being unconditionally limited to their ordinary or dictionary meanings, and in order for the inventor of the present invention to describe his invention in the best way It should be understood that the concepts of various terms can be appropriately defined and used, and further, these terms or words should be interpreted as meanings and concepts consistent with the technical idea of the present invention.

That is, the terms used herein are only used to describe preferred embodiments of the present invention, and are not used for the purpose of specifically limiting the content of the present invention, and these terms represent various possibilities of the present invention. It should be noted that the term has been defined taking into account.

Also, in the present specification, it should be understood that, unless the context clearly indicates otherwise, the expression in the singular may include a plurality of expressions, and even if it is similarly expressed in plural, it should be understood that the meaning of the singular may be included. .

In the case where it is stated throughout this specification that a component "includes" another component, it does not exclude any other component, but further includes any other component unless otherwise stated. It could mean that you can.

Furthermore, when it is described that a component is "exists in or is connected to" of another component, this component may be directly connected to or installed in contact with another component, and a certain It may be installed spaced apart by a distance, and in the case of being installed spaced apart by a certain distance, a third component or means for fixing or connecting the corresponding component to another component may exist, and now It should be noted that the description of the components or means of 3 may be omitted.

On the other hand, when it is described that a certain element is "directly connected" or "directly connected" to another element, it should be understood that the third element or means does not exist.

Similarly, other expressions describing the relationship between components, such as "between" and "immediately between", or "neighboring to" and "directly adjacent to", have the same meaning. should be interpreted as

In addition, if terms such as "one side", "the other side", "one side", "other side", "first", "second" are used in this specification, with respect to one component, this one component is It is used to be clearly distinguished from other components, and it should be understood that the meaning of the component is not limitedly used by such terms.

In addition, in the present specification, terms related to positions such as "upper", "lower", "left", and "right", if used, should be understood as indicating a relative position in the drawing with respect to the corresponding component, Unless an absolute position is specified with respect to their position, these position-related terms should not be construed as referring to an absolute position.

In addition, in this specification, in specifying the reference numerals for each component of each drawing, the same component has the same reference number even if the component is shown in different drawings, that is, the same reference is made throughout the specification. Symbols indicate identical components.

In the drawings attached to this specification, the size, position, coupling relationship, etc. of each component constituting the present invention are partially exaggerated, reduced, or omitted for convenience of explanation or in order to sufficiently clearly convey the spirit of the present invention. may be described, and therefore the proportion or scale may not be exact.

In addition, in the following, in describing the present invention, a detailed description of a configuration determined that may unnecessarily obscure the subject matter of the present invention, for example, a detailed description of a known technology including the prior art may be omitted.

Hereinafter, an embodiment of the present invention will be described in detail with reference to the related drawings.

A VPN-based monitoring method according to an embodiment of the present invention is related to a CCTV system. And CCTV system has NVR and camera as components. Hereinafter, a network video recorder (NVR) for recording images collected through a camera will be described.

2 is a block diagram of a network video recorder according to an embodiment of the present invention.

Referring to FIG. 2 , a network video recorder (NVR) includes a controller 110 , an input device 120 , an output device 130 , a storage device 140 , a communication device 150 , and a VPN module 160 . ) can be configured to include.

The controller 110 basically controls operations of the input device 120 , the output device 130 , the storage device 140 , and the communication device 150 . In addition, the controller 110 may control the operation of the VPN module 160 in relation to the VPN-based monitoring method according to an embodiment of the present invention. Control of the VPN module 160 by the controller 110 will be described in the corresponding configuration module. The control unit 110 may be implemented in the form of a processor.

The input device 120 may include various buttons for receiving commands input to the NVR by the user.

The output device 130 may be configured to include a monitor for displaying CCTV images collected through a camera and a speaker for outputting an alarm sound.

The storage device 140 may be configured to include various media capable of storing CCTV images collected through the camera, for example, a hard disk (HDD), a solid state disk (SSD), a magnetic tape, and the like.

The communication device 150 may be configured to include a communication module that enables data communication using components constituting the CCTV system and various protocols, for example, a network adapter such as Ethernet. In addition, the communication device 150 may include a communication module suitable for communication using various networks.

The VPN module 160 includes a VPN server/client setting module 161, a VPN server certificate management module 162, a VPN client profile management module 163, an encryption module 164, and a client-to-client communication activation module 165. can be configured to include.

The VPN module 160 may be implemented through software, hardware, or a combination of software and hardware. The VPN module 160, itself, is implemented in the form of a computer program in software, and may be implemented to operate by being loaded onto a memory that is hardware.

The VPN server/client setting module 161 may function to set a VPN server of a virtual private network (VPN) for communication connection to a CCTV system and a VPN client connectable to the VPN server.

The VPN server certificate management module 162 may function to generate a server certificate for VPN client management of the virtual private network.

The VPN client profile management module 163 may function to generate a VPN client profile for connection of the VPN client and the monitoring device based on a server certificate.

In particular, the control unit 110 may issue a VPN client profile and perform authentication using the issuance of the VPN client profile under the control of the VPN profile management module 163 .

The encryption module 164 may perform an encryption operation on the VPN client profile and an encryption operation on a transmitted packet. Decryption of the encrypted data packet transmitted through the VPN connection may be performed through the encryption module 164 included in the VPN client. The encryption module 164 may decrypt the encrypted data by using the decryption key included in the VPN client profile issued to the VPN client.

The client-to-client communication activation module 165 may enable VPN communication between VPN clients. That is, the control unit 110 may enable VPN communication between the VPN clients, including a monitoring device, through the control of the client-to-client communication activation module 165 .

3 is a flowchart of a VPN-based monitoring method according to an embodiment of the present invention.

Referring to FIG. 3 , the VPN-based monitoring method ( S100 ) according to an embodiment of the present invention may be configured to include VPN settings ( S110 ), ( S120 ) and ( S130 ). In addition, the monitoring method ( S100 ) may be configured to further include steps S140 and S150 .

The VPN-based monitoring method (S100) is broadly characterized by being performed by a network video recorder (NVR) and a CCTV system configured to include a camera, narrowly by an NVP.

In step S110, the NVR 100 may set a VPN server of a virtual private network (VPN) for communication connection to the CCTV system.

In step S120, a VPN client that can connect to the NVR 100 DMS and the VPN server can be set.

In step S130, the NVR 100 may authenticate the monitoring device for a request for access to the VPN server or VPN client of the monitoring device.

In step S110, the NVR 100 may set the NVR as a VPN server. That is, the NVR 100 may set itself as a VPN server. The NVR 100 set as a VPN server may generate a VPN server certificate, create a VPN client profile based on it, and transmit it to the corresponding VPN client. Here, the transmission may include physical transmission through a medium in which the VPN client profile is stored, for example, a USB memory, as well as transmission through the network 600 .

In step S110, the NVR 100 may set the NVR as a VPN client. If the NVR functions as a VPN client, a PC that functions as a VPN server must be provided.

In step S130, the NVR 100 may authenticate the monitoring device using the VPN client profile generated by the VPN server. The generated VPN client profile is sent to the corresponding VPN client through the medium or over the network. The VPN client receiving this may use the VPN client profile created and distributed for itself for authentication for VPN connection.

The VPN-based monitoring method ( S100 ) may be configured to further include the step of a monitoring device accessing the NVR using the VPN IP of the NVR. In order for the monitoring device to monitor images stored in the NVR, VPN connection to the NVR is required. Accordingly, when the NVR functions as a VPN server or a VPN client, the monitoring device can access the NVR by using the virtual VPN IP issued by the VPN server.

In addition, the VPN-based monitoring method ( S100 ) may be configured to further include the step of registering the camera using the VPN IP by the NVR in order to access the image collected by the camera. The NVR 100 may access the camera as a VPN server or VNP client, and monitor streaming images collected by the camera. For this purpose, the camera may be registered using the virtual VPN IP issued by the VPN server.

4 is a network relationship diagram of a VPN-based CCTV system according to an embodiment of the present invention.

Referring to FIG. 4 , the CCTV system 10 may be configured to include an NVR 100 , a VPN server 200 , a camera 300 , and a spot monitor 400 . Each component of the CCTV system 10 and the monitoring device 500 , for example, a PC client, and a mobile terminal may be connected to each other through the network 600 to communicate with each other.

The NVR 100 may function as a VPN server or VPN client in relation to a VPN-based monitoring method.

The VPN server 200 may perform a VPN server function in response to the NVR 100 functioning as a VPN client.

The camera 300 and the spot monitor 400 are elements constituting the CCTV system, and may function as a VPN client in an embodiment of the present invention.

The monitoring device 500 may be configured to include a PC client and a user terminal. The monitoring device 500 may monitor the NVR 100 , the camera 300 , and the spot monitor 400 through a VPN-based web connection separately from the spot monitor 400 .

The elements constituting the VPN-based CCTV system are characterized in that they commonly include the VPN module 160 depicted in FIG. 2 in that they can function as a VPN server or a VPN client.

5 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN server according to an embodiment of the present invention.

Referring to FIG. 5 , a VPN-based CCTV system composed of a VPN server and a VPN client is depicted. Here, the NVR can act as a VPN server, and monitoring devices, VPN spot monitors, other NVRs and VPN IP cameras can act as VPN clients.

The VPN server may generate a server certificate and create a VPN client profile based on the server certificate. In addition, the VPN client may receive its own VPN client profile from the VPN server, and use it to connect to the VPN server. A virtual VPN IP may be used for VPN connection.

Among the various VPN functions, encrypted data communication is possible through a VPN connection between a VPN server and a VPN client. In addition, the monitoring device can monitor the NVR, the VPN spot monitor, and the VPN IP camera based on the VPN. In addition, images collected by general IP cameras can be monitored through NVR. In addition, VPN clients, through a VPN server, can perform basic VPN functions.

6 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN server according to an embodiment of the present invention.

Referring to FIG. 6 , a VPN-based CCTV system composed of a VPN server and a VPN client is depicted. The difference from FIG. 5 is that the LAN connecting the VPN server and the VPN client is connected to the Internet through a router and further connected to other CCTV systems. That is, the VPN-based CCTV system of FIG. 6 is an extension of the VPN-based CCTV system of FIG. 5 .

Here, the NVR can act as a VPN server, and monitoring devices, VPN spot monitors, other NVRs and VPN IP cameras can act as VPN clients.

The VPN server may generate a server certificate and create a VPN client profile based on the server certificate. In addition, the VPN client may receive its own VPN client profile from the VPN server, and use it to connect to the VPN server. A virtual VPN IP may be used for VPN connection.

Among the various VPN functions, encrypted data communication is possible through a VPN connection between a VPN server and a VPN client. In addition, the monitoring device can monitor the NVR, the VPN spot monitor, and the VPN IP camera based on the VPN. In addition, images collected by general IP cameras can be monitored through NVR. In addition, VPN clients, through a VPN server, can perform basic VPN functions.

7 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN client according to an embodiment of the present invention.

Referring to FIG. 7 , a VPN-based CCTV system composed of a VPN server and a VPN client is depicted. The difference from FIGS. 5 and 6 is that the NVR 100 in FIG. 7 functions as a VPN client.

Here, PC can act as VPN server, NVR can act as VPN client, and monitoring device, VPN spot monitor, other NVR and VPN IP camera can act as VPN client.

The VPN server may generate a server certificate and create a VPN client profile based on the server certificate. In addition, the VPN client may receive its own VPN client profile from the VPN server, and use it to connect to the VPN server. A virtual VPN IP may be used for VPN connection.

Among the various VPN functions, encrypted data communication is possible through a VPN connection between a VPN server and a VPN client. In addition, the monitoring device can monitor the NVR, the VPN spot monitor, and the VPN IP camera based on the VPN. In addition, images collected by general IP cameras can be monitored through NVR. In addition, VPN clients, through a VPN server, can perform basic VPN functions.

8 is an exemplary diagram of a VPN-based CCTV system in which an NVR operates as a VPN client according to an embodiment of the present invention.

Referring to FIG. 8 , a VPN-based CCTV system composed of a VPN server and a VPN client is depicted. The difference from FIG. 7 is that the LAN connecting the VPN server and the VPN client is connected to the Internet through a router and further connected to other CCTV systems. That is, the VPN-based CCTV system of FIG. 8 is an extension of the VPN-based CCTV system of FIG.

Here, PC can act as VPN server, NVR can act as VPN client, and monitoring device, VPN spot monitor, other NVR and VPN IP camera can act as VPN client.

The VPN server may generate a server certificate and create a VPN client profile based on the server certificate. In addition, the VPN client may receive its own VPN client profile from the VPN server, and use it to connect to the VPN server. A virtual VPN IP may be used for VPN connection.

Among the various VPN functions, encrypted data communication is possible through a VPN connection between a VPN server and a VPN client. In addition, the monitoring device can monitor the NVR, the VPN spot monitor, and the VPN IP camera based on the VPN. In addition, images collected by general IP cameras can be monitored through NVR. In addition, VPN clients, through a VPN server, can perform basic VPN functions.

9 is a flowchart of a method for an NVR to obtain an image of a VPN camera as a VPN server according to an embodiment of the present invention.

Referring to FIG. 9 , in the method S200, the client profile is issued to the VPN camera by the NVR (S210), the NVR connection using the client profile issued by the VPN camera (S220), and the VNP IP of the VPN camera by the NVR is manually registered (S230) may be configured to include.

As one of the VPN clients, the VPN camera receives the VPN client profile generated by the NVR, that is, the VPN server, and stores it (S210).

After setting the OVPN file for Clint issued by the NVR to the camera, connect to the NVR by VPN (S220).

Manually register the camera as a VPN IP using the camera manual registration function in the NVR (S230).

10 is a flowchart of a method for an NVR to obtain an image of a VPN camera as a VPN client according to an embodiment of the present invention.

Referring to FIG. 10 , in the method S300, the issuance of a profile to the NVR by the VPN server (S310), connection to the VPN server using the profile by the NVR (S320), and manual registration of the VPN camera connected to the VPN server by the NVR (S330) ) can be configured to include.

The NVR, as one of the VPN clients, receives the VPN client profile generated by the VPN server and stores it (S310).

Install the ovpn file issued from the OpenVPN Server in the NVR and connect to the OpenVPN Server (S320).

The VPN Camera connected to the OpenVPN Server is registered using the camera manual registration function of the NVR (S330).

11 is a flowchart of a method for a monitoring device to monitor an NVR operating as a VPN server according to an embodiment of the present invention.

Referring to FIG. 11 , in the S400 method, a profile is issued to a PC client by the NVR, that is, a monitoring device (S410), a VPN connection to the NVR using the profile by the PC client (S420), and a VPN IP of the NVR by the PC client It may be configured to include a web connection or a CMS connection (S430).

The PC client, as one of the VPN clients, receives the VPN client profile generated by the NVR, that is, the VPN server, and stores it (S410).

The ovpn file for Clint issued by the NVR is called from the OpenVPN Client program and the PC is connected to the NVR by VPN (S420).

Access the web from the PC to the VPN IP of the NVR or access it from the CMS (S430).

12 is a flowchart of a method for a monitoring device to monitor an NVR operating as a VPN client according to an embodiment of the present invention.

Referring to FIG. 12 , in the method S500, a profile is issued to the NVR by the VPN server (S510), access to the VPN server using the profile by the NVR (S520), and a web connection or CMS connection with the VPN IP of the NVR by a PC client (S530) may be configured to include.

The PC client, as one of the VPN clients, receives the VPN client profile generated by the NVR, that is, the VPN server, and stores it (S410).

Install the ovpn file issued from the OpenVPN Server in the NVR and connect to the OpenVPN Server (S420).

Access the web from the PC to the VPN IP of the NVR or access it from the CMS (S430).

13 is a flowchart of a method for a spot monitor to monitor an NVR operating as a VPN server according to an embodiment of the present invention.

Referring to FIG. 13 , in the S600 method, a profile is issued to the spot monitor by the NVR (S610), a VPN connection to the NVR using the profile by the spot monitor (S620), and manual registration to the NVR by the spot monitor is used. It may be configured to include a connection (S630) by inputting the VPN IP.

The spot monitor, as one of the VPN clients, receives the VPN client profile generated by the NVR, that is, the VPN server, and stores it (S610).

The ovpn file for Clint issued by the NVR is called from the OpenVPN Client menu of the Spot Monitor, and the Spot is connected to the NVR by VPN (S620).

Enter the NVR manual registration function in the Spot and connect by entering the NVR's VPN IP (S630).

14 is a flowchart of a method for a spot monitor to monitor an NVR operating as a VPN client according to an embodiment of the present invention.

Referring to FIG. 14 , in the method S700, the VPN server of the NVR using the issuance of a profile to the NVR by the VPN server (S710), the VPN connection to the VPN server using the profile by the NVR (S720), and manual registration of the NVR by the spot monitor It may be configured to include an access (S730) by inputting an IP.

The NVR, as one of the VPN clients, receives the VPN client profile generated by the VPN server and stores it (S710).

Install the ovpn file issued from the VPN server in the NVR and connect to the VPN Server (S720).

Enter the NVR manual registration function on the spot monitor and connect by entering the NVR's VPN IP (S730).

As described above, according to an embodiment of the present invention, it is possible to block external intrusions and increase the security level of the system by managing clients accessing the CCTV system through VPN.

In addition, data leakage due to hacking can be prevented through encrypted transmission of streaming data collected through the camera and image data stored in the NVR.

As mentioned above, although several preferred embodiments of the present invention have been described with some examples, the descriptions of various various embodiments described in the "Specific Contents for Carrying Out the Invention" item are merely exemplary, and the present invention Those of ordinary skill in the art will understand well that the present invention can be practiced with various modifications or equivalents to the present invention from the above description.

In addition, since the present invention can be implemented in various other forms, the present invention is not limited by the above description, and the above description is for the purpose of completing the disclosure of the present invention, and it is common in the technical field to which the present invention pertains. It should be understood that this is only provided to fully inform those with knowledge of the scope of the present invention, and that the present invention is only defined by each of the claims.

100: Network Video Recorder (NVR)
110: control unit
120: input device
130: output device
140: storage device
150: communication device
160: VPN module
161: VPN server/client configuration module
162: VPN server certificate management module
163: VPN Client Profile Management Module
164: encryption module
165: client-to-client communication activation module

Claims (13)

A method performed by a CCTV system configured to include a Network Video Recorder (NVR) and a camera, the method comprising:
setting a VPN server of a virtual private network (VPN) for communication access to the CCTV system;
setting a VPN client that can connect to the VPN server; and
and authenticating the monitoring device for a connection request of the monitoring device to the VPN server or VPN client,
The steps of setting up the VPN server include:
Setting the NVR as the VPN server, setting the NVR as the VPN client, or setting the NVR as both a VPN server and a VPN client with a VPN connection to enable encrypted data communication comprising the steps of
The steps of setting up the VPN server include:
generating a VPN server certificate;
The steps of setting up the VPN client include:
creating a VPN Client Profile;
The step of authenticating the monitoring device,
authenticating the monitoring device using a VPN client profile generated by the VPN server;
In order for the NVR to obtain the video of the VPN camera as a VPN server,
receiving, by the VPN camera, a VPN client profile generated by an NVR, which is a VPN server, and storing it;
Connecting to the NVR by VPN after setting the OVPN file for Clint issued by the NVR to the camera;
Manually registering the camera as a VPN IP using the camera manual registration function in the NVR,
In order for the NVR to obtain the video of the VPN camera as a VPN client,
the NVR receiving the VPN client profile generated by the VPN server and storing it;
Installing the ovpn file issued from the OpenVPN Server in the NVR and connecting to the OpenVPN Server;
and registering the VPN camera connected to the OpenVPN Server using the camera manual registration function of the NVR,
In order for the monitoring device to monitor the NVR operating as a VPN server,
The PC client receives the VPN client profile generated by the NVR, which is a VPN server, and stores it;
Calling the ovpn file for Clint issued by the NVR from the OpenVPN Client program and connecting the PC to the NVR via VPN;
Including web access from the PC to the VPN IP of the NVR or accessing from the CMS,
In order for the monitoring device to monitor the NVR operating as a VPN client,
The PC client receives the VPN client profile generated by the NVR, which is a VPN server, and stores it;
Installing the ovpn file issued from the OpenVPN Server in the NVR and connecting to the OpenVPN Server;
It includes the step of accessing the web from the PC to the VPN IP of the NVR or accessing it from the CMS,
In order for the Spot Monitor to monitor the NVR acting as a VPN server,
The spot monitor receives the VPN client profile generated by the NVR, which is a VPN server, and stores it;
Calling the ovpn file for Clinet issued by the NVR from the OpenVPN Client menu of Spot Monitor and connecting the Spot to the NVR via VPN;
Including the step of entering the NVR manual registration function in the Spot and entering the NVR's VPN IP to connect,
In order for the spot monitor to monitor the NVR acting as a VPN client,
the NVR receiving the VPN client profile generated by the VPN server and storing it;
Installing the ovpn file issued from the VPN server in the NVR and connecting to the VPN Server;
configured to include the step of entering the NVR manual registration function on the spot monitor and entering the NVR's VPN IP to access
VPN-based monitoring method. delete delete delete delete delete The method of claim 1,
configured to further include the step of the monitoring device accessing the NVR using the VPN IP of the NVR,
VPN-based monitoring method. The method of claim 1,
configured to further include the step of registering the camera by the NVR using a VPN IP to access the image collected by the camera,
VPN-based monitoring method. delete delete delete delete delete

Images