SOFTWARE ARCHITECTURE SYSTEM FOR A SECURITY
MANAGEMENT SYSTEM
FIELD OF THE INVENTION
The present invention relates generally to physical security management systems. More particularly, the invention relates to a software architecture system for such security management systems and an implementation of the architecture.
BACKGROUND OF THE INVENTION
Over the past several decades, physical security systems have evolved from manned observation stations and patrols to more technologically complex systems and devices that allow remote surveillance and access control of designated security zones, using closed circuit television, electronic door locks, and the like. This evolution has resulted in economies of scale for large security operations, reduced labor costs, and devices that continuously provide video images, for example.
As security devices and related systems have become more complex, computer- based physical security management systems that integrate various security devices have evolved and are now well known in the art. Such computerized security management systems allow for central, computerized control of security devices, such as cameras, intercoms, and electronic locks.
Recently, there have been rapid advances in computer hardware, software and
communications systems used in the implementation of physical security management systems. As a result, enterprises relying on such computer-based systems must decide between expensive upgrades in hardware and software or foregoing such upgrades and creating a risk that the physical security of the monitored facility will be compromised. In addition, operators of physical security systems also require a computer-based system that can be easily customized to meet their evolving security needs. For example, expansions of the physical plant or the development of new security devices would require existing systems to be modified.
Despite these numerous advances in computer based physical security management systems, there remain shortcomings and problems associated with these systems. For example, when an existing physical security system is expanded or upgraded, the prior art computerized security management systems require extensive modifications to the underlying software applications and the computer hardware upon which such applications are run. Such modifications are time consuming and expensive. Thus, there is a need in the art for a software architecture that is extensible, open and flexible. Such extensibility would be achieved if new software applications and physical security devices could be added without requiring major modifications of the computerized physical security management system, particularly, rewriting or extensively modifying the application software for the system. Such an open and flexible physical security management system software architecture would be compatible with multiple
physical security devices and be easy to upgrade and customize, allowing the physical security system to evolve and to continue to serve the various needs of the enterprise.
SUMMARY OF THE INVENTION
One embodiment of the present invention is directed to a software architecture system for providing security information services over a packet switched network. The architecture includes a security information client framework and a security information server framework. The security information client f amework is for developing a security information client program, and includes a container program for one or more software components, each of which runs in the container program. The client framework also includes one or more software components for providing a user interface to the security information client program, at least one software component for providing communication to and from a security information server program, and at least one software component for providing a virtual connection between the security information client program and a security device. The architecture also includes a security information server framework for creating a plurality of security information server programs. The security information server framework includes a security device manager for determining whether a particular security information client program is authorized to access a particular security information device and whether a particular user is authorized to access a particular
security device. The server framework also includes a network scanner for identifying security devices that are present on the network and for handling events received from a security device
Another component of the server framework is a messaging queue, which includes a broadcast queue, one or more service management queues and one or more service specific queues. The broadcast queue sends and receives messages to and from each of the plurality of security information server programs, and the messages include information as the availability of each security information server program. Specific security mformation services are provided via one of the security information service specific queues. Each security information server program requests a security information service specific queue via one of the service management queues.
The server framework also includes at least one software component for providing communication from and to a security mformation server program.
Another embodiment of the invention is a computer based system for providing security information services. The system includes a plurality of IP networked security devices, a security information server and a security information client. Each security device includes a processor, a memory and a network adapter. A security information server is in electronic communication with each of the security devices via the IP network. The security information server includes a processor and a memory, and processing logic is stored in the memory for controlling each of the security devices
responsive to a request for a security information service or an occurrence of a security event. The security information client is in electronic communication with the security information server via the IP network. The client includes a processor and a memory, and processing logic is stored in the memory for providing a user interface to the security information client and for sending a request for a security information service to the security information server and for receiving a security information service from the security information server in response to the request or the occurrence of a security event. In addition, more than one security device can be controlled simultaneously by the user via the user interface. The security device can be an IP video camera for transmitting a video signal to the security information server. The video signal received by the security information server is transmitted to the security information client, and is displayed on the security information client via the user interface. A user can control the IP video camera via the user interface. The system can also include a 3-dimensional pointing device that electronically communicates with the security information client, allowing for user control of the video camera via the 3-dimensional pointing device. The 3-dimensional pointing device interfaces with the security information client via a DirectX driver.
The system can also include a digital video recorder that receives video signals from the video camera via the security information server, stores the video signals, and
serves the stored video signals to the security information client via the security information server.
The security devices of the system can include access control devices, such as electronic locks, alarms, intrusion detection devices, lighting devices and audio communication devices, such as intercoms. A programmable logic controller can be interposed between the security information server and the security device.
The security information server can include logic for determining whether a user is authorized to access a security information client, whether a user is authorized to control a particular security device or the number of security devices that a user can control at the same time. The number of security devices that a user can control at the same time is determined on the basis of the physical limitations of the network, such as, bandwidth.
The security information client can include a container for a software component, such as an ActiveX control or a JavaBean. The container can be a web browser, a Nisual C program, a Nisual C++ program, a Nisual C# program, a Nisual Basic program, a Java program and an InTouch program. Exemplary functions of the software component are video monitor control, input device control and audio device control.
An alternate embodiment of the invention is directed to a computer based system for providing security information services via a plurality of security information servers. The system includes a plurality of IP networked security devices, a plurality of security
information servers and a security information client.
Each of the plurality of the security information servers includes a processor and a memory, is logically associated with one or more security devices, and is in electronic communication via an IP network with each of the associated security devices. Processing logic is stored in memory for controlling each of the associated security devices responsive to a request for a security information service or the occurrence of a security event. Information as to the state of each security information device is also stored in the memory of the security information server logically associated with the device. Each security information server is in electronic communication with the other security information servers so that each security information server is aware of the status of each device associated with each of the other security information servers.
The security information client is in electronic communication with each of the security information servers via the IP network. The client includes a processor and a memory, and processing logic is stored in the memory for providing a user interface to the security information client, for sending a request for a security information service to one or more of the security information servers, and for receiving a security information service from one or more of the security information servers in response to the request or the occurrence of a security event.
Another alternate embodiment of the invention is directed to a computer based system for providing security information services via a plurality of security information
servers and a plurality of security information clients. The system includes a plurality of of IP networked security devices, a plurality of security information servers and a plurality of security information clients.
Each of the plurality of the security information servers includes a processor and a memory, is logically associated with one or more security devices, and is in electronic communication via an IP network with each of the associated security devices. Processing logic is stored in memory for controlling each of the associated security devices responsive to a request for a security information service or the occurrence of a security event. Information as to the state of each security information device is also stored in the memory of the security information server logically associated with the device. Each security information server is in electronic communication with the other security information servers so that each security information server is aware of the status of each device associated with each of the other security information servers. Each of the plurality of security information clients is in electronic communication with at least one of the security information servers via an IP network. Each security information client is comprised of a processor and a memory, and processing logic is stored in the memory for providing a user interface to the security information client, for sending a request for a security information service to at least one of the security information server, and for receiving a security information service from at least one security information server in response to the request or the occurrence of a
security event. User priority information can be stored in the memory of the security information server, and the processing logic of the security information server includes logic that uses the user priority information for determining which user has priority to a particular security device when more than one user attempts to control simultaneously the device.
These embodiments of the present invention will become apparent to those skilled in the art after a reading of the following description when considered in conjunction with the drawings. It should be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of or limiting to the invention as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of the software architecture system of the present invention;
Figure 2 is high level diagram of an exemplary physical security management system based on the software architecture system of the present invention;
Figure 3 is a diagram of the physical components of an exemplary physical security management system;
Figure 4 is a data flow diagram and schematic for the security information client of the present invention;
Figure 5 is a data flow diagram and schematic for the security information server of the present invention; and
Figure 6 is a flow diagram illustrating one method for a user to request and receive access to security devices.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The headings used herein are meant only to aid the reader and are not meant to be limiting or controlling upon the invention. Generally, the contents of each heading are readily utilized in the other headings.
An embodiment of the present invention is directed to a software architecture system for providing security information services over a packet switched network, such as a network using the Internet Protocol ("IP"). By "security information services," I mean the information that is electronically communicated between a computerized physical security information management system and the physical security devices. The physical security devices include devices that provide surveillance, access control, alarms, intrusion detection, perimeter security, lighting, locks and key control for a secure facility, such as a prison.
Another embodiment of the system is an implementation of the software architecture system to provide security information services over a packet switched network.
Software Architecture 10
As shown in Figure 1, the software architecture 10 of the present invention is graphically illustrated on a block diagram. In an embodiment, the software architecture 10 is based on a component object model ("COM"), which is a framework for developing and supporting software component objects. By "software component," I mean a reusable program building block that can be combined with other components in the same or other computers in a distributed network to form an application. As known to those skilled in the programming arts, components can be deployed on different servers in a network and communicate with each other for needed services. A component runs within a context called a "container." By "container," I mean an application program or subsystem in which the component is run.
Returning to Figure 1, generally, the software architecture 10 includes a security information client framework 12 and a security information server framework 14, each of which will be described in enabling detail below.
• Security Information Client Framework 12
The security information client framework 12 provides a structure for developing a security mformation client program. The security information client framework 12 includes a container 16, in which software objects are run. The container 16 is used to provide a user interface 18, one or more virtual connections 20 with the security devices of the security system and a security information server link 24. The container could be,
for examples, a page on a Web site, a Web browser, a word processor, a Visual C program, a Nisual C++ program, a Visual C# program, a Visual Basic program, or a Java program.
The user interface 18 can be constructed using, for example, the Microsoft Foundation Class ("MFC") library, which is available from Microsoft Corporation of Redmond, Washington. As is known to those skilled in the programming arts, the MFC library includes classes for all graphical user interface elements, such as windows, frames, menus, tool bars, status bars, etc.
The security information client framework 12 also includes one or more software components for creating a virtual connection 20 between a security information client program and a security device 22. By "virtual connection" I mean that the communication between the security information client program and the security device occurs over a packet switched network. Preferably, there is a virtual connection component for each security device of the physical security system. The security information client framework 12 also includes a security information server link 24, which is a software component that facilitates all communications between a security information client program and one or more a security information server programs.
• Security Information Server Framework 14
The security information server framework 14 is a structure for developing a plurality of security information server programs. The security mformation server
framework 14 includes a network scanner 26, a device manager 28, a messaging queue 30 and a security information client link 38, each of which is discussed in enabling detail below.
The network scanner 26 provides the functions of identifying each of the security devices that are present on the network, listening for and handling events that are generated by any of the security devices present on the system, and providing services to reprogram security devices. By "present on the network," I mean that a particular security device has an IP address and can send and receive data packets via the IP address. Alternative, legacy security devices that are not IP addressable communicate with the security information via a device with an IP address that is interposed between the legacy security device and the server. By "event," I mean, an action or occurrence detected by a security information server program.
The device manager 28 determines whether a particular security information client program is authorized to access a particular security information device and whether a particular user is authorized to access a particular security device.
The messaging queue 30 allows all of the software components of the architecture to communicate with each other. The messaging queue 30 is the mechanism through which a security information client program and a security information server program request network resources, such as, a security device. Specifically, the message queue is a method by which process (or program instances) can exchange or pass data using an
interface to a system-managed queue of messages. Messages can vary in length and be assigned different types or usages. A message queue can be created by one process and used by multiple processes that read and/or write messages to the queue. For example, a security information server process can read and write messages from and to a message queue created for security information client processes. The message type can be used to associate a message with a particular client process even though all messages are on the same queue. As is known to skilled programmers, the message queue is managed by the operating system (or kernel). Application programs (or their processes) create message queues and send and receive messages using an application program interface (API). Typically, most operating systems have a "get message" function that is used with various parameters specifying the action requested, message queue ID, message type, etc. The message queue 30 is comprised of a broadcast queue 32, one or more service management queues 34 and one or more service specific queues 36, each of which will be discussed in enabling detail below. The broadcast queue 32 is used to send and receive "wake up" messages from a security information server or client program. By "wake up message," I mean the mechanism by which a security information server program advises other security information server programs that it is present on the network and available to send and receive messages. Preferably, at a predefined time interval, each security information server program sends a data packet to the broadcast queue so that each security
information server program is aware of the other security information server programs that are available. The data packet preferably includes the IP address of the computer upon which the security information server program is running, and permits a queue manager to establish or reconnect to queues specific to a security information server program.
The service management queue 34 is used by security information server and client programs to establish a specific service queue and to notify other security information server programs of problems with queues specific to a particular security information server program. The service management queue 34 is analogous to the "D- channel" of an Integrated Services Digital Network ("ISDN").
A service specific queue 36 is used by each security information server or client program to perform system services, including security information services. Each security information specific queue 36 belongs to a queue pool, which in turn is connected to a dedicated network socket. This architecture advantageously allows for extensibility of the security system and ensures because there will be sufficient resources available to manage the system.
The system also includes a database, such as a SQL server, which is used to log events that occur within the system and to store system information necessary to provide specific security information services. The message queues electronically communicate with the SQL server in order to perform the requested service. For example, the
information needed to communicate with a specific camera, such as its IP address, is not stored by the security information client. The client need only know the system name and the IP address is obtained from the database and returned to the service specific queue. The security information server framework 14 also includes a security information client link 38, which is a remotable class that facilitates all communications between a security information client program and one or more security information server programs. The main components of the software architecture system of the present invention having been described above, I will now describe in enabling detail an exemplary implementation of the software architecture. Implementation of the Software Architecture
Turning now to Figure 2, an implementation of the software architecture system of the present invention is shown. Shown generally as 100, the computerized physical security management system comprises at least one security information client 120 that provides a user interface to the security system. At least one, and preferably multiple servers 140, refeπed herein as security information servers, are in electronic communication with one or more of the clients 120. These servers 140 are also in electronic communication with one another for distributing information about the "state" of the security devices associated with the system, as described in greater detail below. Each security information server 140 in the system 100 is logically associated
with, and therefore, has control over, a selected group of security devices 150, 160, 170, and 180. The group of security devices with which a server 140 is associated is sometimes referred to as a "domain." The security devices may include, but are not limited to fixed cameras, pan-tilt-zoom ("PTZ") cameras, access control devices, alarms, intrusion detection devices, perimeter security devices, lighting devices, locks, key control devices and intercoms. Security devices may include a processor and a memory. Instructions for controlling the security device are stored in the memory and are executed by the processor. Security devices also have network adapters, which provide a physical interface to the network to which the security devices are connected, such as an IP network. Alternatively, programmable logic controllers may be interposed between a server 140 and the security devices.
Figure 3 is a diagram of the physical components of an exemplary physical security management system 100 of the present invention. More specifically, the physical components of the security information client 120 is shown in greater detail. While the system 100 requires only one client 120, the present system 100 is extensible to accommodate an unlimited number of clients via the Ethernet connection to the system.
Preferably, the client 120 is a desktop or laptop computer 122 with a processor and a
memory. Desirably, the processor is at least a Pentium IN® processor, which is available
from Intel Corporation of Santa Clara, California, or an equivalent processor. At least one monitor or display 126 is in electronic communication with the
computer 122, but as many as four monitors 126 may be connected, so that the user has expanded access and viewing capability. For example, multiple monitors 126 will permit the user to access multiple security devices simultaneously.
User interface at the workstation 120 may include a conventional keyboard 123, a conventional pointing device 125, such as a mouse, or a three-dimensional pointing device 127. In one embodiment, a three-dimensional pointing device 127, such as a SpaceMouse XT, available from 3Dconnexion of Silicon Valley, California, enables the user to provide input without the need for a keyboard 123 or other pointing device 125. The SpaceMouse XT pointing device 127 is connected to the computer 122 via a universal serial bus (USB) interface that is driven by a DirectX driver. As used with the SpaceMouse XT joystick, the user is able to manipulate a PTZ camera in three dimensions. As those skilled in the art will appreciate, there are numerous pointing devices and other peripherals, which may be satisfactorily used with computer 122, depending upon the particular application. Referring again to Figure 3, the physical components of the security mformation server 140 are shown in greater detail. As with the security information client 120, only one security information server 140 is required for the system 100 of the present invention. The security information server 140 comprises a computer 141 for running the software that controls and/or provides access to the security devices 150 through 180, and
other network resources. The computer 141 desirably contains a Pentium IV® or
equivalent processor. While not required, a monitor 142 and keyboard 143 may be provided so that system administrators can perform routine maintenance, backup, etc. Electronically connected to at least one computer 141 is a redundant array of inexpensive disks (RAID) 144. As those skilled in the art will appreciate, the RAID provides a data storage method in which data is distributed across a group of computer disk drives that function as a single storage unit. In the present implementation, all of the system information is stored on each of the disks in the array so that no data is lost if one of the disks fails. For example, the RAID stores video images that have been captured and saved, in JPEG or MPEG formats, for example. A suitable RAID is comprised of an Escalade 7500 Series ATA RAID controller card, one to four Escalade RDC-300 drive carrier cages, each of which can accommodate three hard drives, and one to twelve 160GB ATA 133 IDE hard drives, which are available from 3Ware, Inc. of Mountain View, California.
Additionally, where a security mformation server 140 controls cameras, a network video recorder server 145 is provided for recording digitized video images. One suitable network video recorder server 145 is Model 6022P-6, which is available from SuperMicro Computer, Inc. of San Jose, California.
Each security information server 140 is logically associated with and controls a selected group of security devices 150, 160, 170, and 180. That is, each of the security devices is in electronic communication with only one server 140. While there is no
established minimum number of devices within the domain of a server 140, it has been found that associating no more than 48 video and/or audio devices, such as cameras, per server 140 is optimal.
Functions performed by the security information server include determining whether a particular security information client is authorized to access a particular security device and determining whether a particular user is authorized to access a particular device. User priority information can be stored in the memory of the security information server, and the the security information server includes processing logic that uses the user priority information for determining which user has priority to a particular security device when more than one user attempts to control a particular security device at the same time.
In one implementation of the present invention, and as shown in Figure 3, server 140 controls a plurality of fixedly mounted IP addressable cameras 170, IP addressable pan-tilt-zoom (PTZ) cameras 180, intercom stations 150, and electronic door locks 160. IP addressable cameras 170 suitable for the present implementation include digital IP cameras available from Indigo Vision Group, pic of Edinburgh, United Kingdom, as Model No. VP603W53-NTSC. IP addressable PTZ cameras 180 are available from Ultrak, Inc. of Lewisville, Texas as Model No. KD6. The signals for these devices will either have built-in network video cards or must route their signals through a network interface device, such as a VB6004 available from Indigo Vision, or a network card
within the server computer. A video server 182 may be provided with the PTZ camera 180 to digitize the analog signal from the camera. The video server used in the present implementation is available from Indigo Vision as Model VB6004.
The security information clients 120, security information servers 140, and security devices 150, 160, 170, and 180 are interconnected by a system of coaxial cable, fiberoptic cable, or twisted-pair wiring as is conventional for Ethernet installations. As shown in Figure 3, the plurality of security devices 150, 160, 170, and 180 are directly interconnected to a first network switch 135. Dual fiber uplinks 135a, 135b from the first network switch 135 are then interconnected to redundant second network switches 137, 138. The redundancy of the second network switches provides an added level of reliability against the failure of one of the switches 137, 138. Switches 137, 138 provide dual feeds to computer 141 at the security information server 140. Switches 137, 138 also enable electronic communication between the plurality of security information servers 140. Dual uplinks 137a, 138a from switches 137, 138 provide interconnection to a third network switch 139 which is electronically connected to one or more security information client computers 122. As those skilled in the art will appreciate, the plurality of network switches 135, 137, 138, and 139 permit the system 100 to be configured in either a ring or star topology, and desirably both.
A simplified functional block diagram for the security information client 120 user interface is shown in Figure 4. The user interface to the security information client 120 is
comprised of software components, such as ActiveX controls, that run in a container 410. For the present invention, the container is an application program developed in Visual C. ActiveX is preferred because it provides a set of technologies that enable software components, such as VideoBridge for Indigo Vision IP addressable cameras, to interact with one another in the network environment, regardless of the language in which the components were created. As those skilled in the art will appreciate, other containers can be used, such as a web browser, a Visual C++ program, a Visual C# program, a Visual Basic program, a Java program or an InTouch program. InTouch is a human machine interface program available from the Wonderware division of Ivensys, pic of London, England.
Embedded as ActiveX controls in the container 410 are logic equations 420 that govern the client's interaction with the system 100. A family of ActiveX controls, shown in Figure 4 as 441 through 445, have been developed to control the client's interaction with the security devices based upon the protocol of each type of device. An input control 442 provides interaction between an input device, such as a three-dimensional pointing device 127, and the client. A sound control 441 facilitates communications between the client and an audio device, such an intercom. A monitor control 443, 444, 445 facilitates communication between the client and a video device, such as an IP camera. Such a control is sometimes refeπed to a a "soft monitor." In one embodiment, a client may run up to 16 soft monitors, which would permit the simultaneous display of
images from 16 video cameras on client monitor 126. Where multiple monitors 126 are connected to the client computer 122, multiple devices may be accessed and displayed. Turning now to Figure 5, a functional block diagram of the security information server 140 is shown. The operating environment for the server 140 is based on the Microsoft .NET platform. Network access functionality 520 comprises the communications link 522 with each of the security information clients 120 and the other security information servers 140.
Once a user has logged onto a client computer 122, the system communicates the fact of the logon of the specific user to each server computer 141 available on the system. Via the link 522, each server computer 141 communicates back to the client information as to the devices that are available and that the user is authorized to access.
Also running on each server computer are customizable rules and logic equations, shown generally as 523. That is, each security information server 140 is programmed with general rules and logic concerning the devices under its control, as well as rules determining whether a particular user is authorized to access a particular device. For example, where the security devices comprise locked doors A and B, the logic may not permit door B to be unlocked if door A is already unlocked.
Remote classes 524 provide background functionality for the security information server 140. These routines handle, for example, abstraction, determine the status of devices, and activate preprogrammed tasks, such as interlock enables, door hold opens,
function forces, and camera presets.
A SQL server database 526 stores device configuration data, maintains a log of events, and provides requested reports.
Microsoft Message Queue 528 also runs on the server computer 141 to handle routine messages such as routine reports, software updates, etc. Routine messages do not include requests for access to security devices, which must be handled expeditiously. A device scan and administrative function 529 is a set of routines that permit a system administrator to add or delete devices accessible via the security information server 140. A device interface routine 525 is provided by the server for a particular device. If, however, a client "leases" a particular device from the server, the server may relinquish control of certain functions of the leased device to the client. By "lease," I mean that the client has exclusive control over the device and the device is no longer available to any other client. Certain devices that cannot be accessed by more than one client at the same time, such as intercoms and door locks, must be leased exclusively to one client.
Lastly, where a network video recorder server 145 is used in conjunction with a security information server 140, network video recorder software 510 provides the video recording and playback function.
In operation, and as shown in Figure 6, a user can access 610 the system 100 via a security information client computer 122. As those skilled in the art will appreciate, and
as is conventional in network systems, user access is granted based upon entry of a user identification and password. Once logged onto the network, the operating system software transmits a broadcast message to each of the security information servers 140 in the system that the particular user is logged on. As part of this broadcast, the security information client 120 requests from each server 140 the status of security available devices. Each server then communicates 620 back to the client 120 the devices that are available and the devices the user is authorized to access. Each user's access to security devices may be customized for the user depending upon the user's position, priority, etc. For example, a particular user may have access to cameras, but may not have permission to manipulate door locks or other securing devices. Permissions are stored in memory at each of the security information servers 141.
A menu, or the like, on the monitor 126 displays representations of the available devices that the user is authorized to control and/or view. The user can then begin requesting 630 access to specific devices up to the user's authorized maximum. In one embodiment of the present invention, each user is limited to 32 devices at any one time. As described above, each of the security information servers 141 are in electronic communication with each other, wherein, at predetermined time intervals, every minute, for example, each of the servers 141 communicates 640, or distributes information, about the state of the security devices logically associated with the server. By way of example, suppose the maximum number of devices a user can access is
32, and that the user has been granted access to 14 devices from server A and 18 devices from server B. If the user then requests access to a device from server C, the user will be denied access to the device based on information provided by servers A and B as to the number of devices to which the user currently has access. If a user has not accessed the maximum number of devices, and is authorized to access a requested device, then access will be granted 650. Responsive to the user's request, the appropriate server 141 will turn on the device and provide an appropriate acknowledgement to the user. In the case of a fixed camera 170, the server will enable a soft monitor on the user's monitor with a video image of the particular area in the facility that is monitored by the fixed camera 170. The user can have multiple soft monitors enabled on the monitor at any one time, but desirably each client will be limited to 16 soft monitor images. In the case of a PTZ camera 180, the user will be provided a video image, and if authorized, will be allowed to manipulate the camera 180 by means of the three-dimensional pointing device. Because the user's access to a particular device is also based upon priority, the user' s access to a particular device may be terminated by the server 141 if a user with a higher priority requests the device. Additionally, in one implementation of the system of the present invention, access to a device is fixed at a predetermined time; e.g., 1 minute.
Although the present invention has been described with preferred embodiments, it is to be understood that modifications and variations may be utilized without departing
from the spirit and scope of the invention, as those skilled in the art will readily understand. Such modifications and variations are considered to be within the purview and scope of the appended claims and their equivalents.