IEC 62676-2-33:2022

IEC 62676-2-33 ®
Edition 1.0 2022-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Video surveillance systems for use in security applications –
Part 2-33: Video transmission protocols – Cloud uplink and remote management
system access
Systèmes de vidéosurveillance destinés à être utilisés dans les applications de
sécurité –
Partie 2-33: Protocoles de transmission vidéo – Liaison montante au nuage et
accès au système de gestion à distance

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni
utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et
les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always have
committee, …). It also gives information on projects, replaced access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 300 terminological entries in English
details all new publications released. Available online and once
and French, with equivalent terms in 19 additional languages.
a month by email.
Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Découvrez notre puissant moteur de recherche et consultez
webstore.iec.ch/advsearchform gratuitement tous les aperçus des publications. Avec un
La recherche avancée permet de trouver des publications IEC abonnement, vous aurez toujours accès à un contenu à jour
en utilisant différents critères (numéro de référence, texte, adapté à vos besoins.
comité d’études, …). Elle donne aussi des informations sur les
projets et les publications remplacées ou retirées. Electropedia - www.electropedia.org

Le premier dictionnaire d'électrotechnologie en ligne au monde,
IEC Just Published - webstore.iec.ch/justpublished
avec plus de 22 300 articles terminologiques en anglais et en
Restez informé sur les nouvelles publications IEC. Just
français, ainsi que les termes équivalents dans 19 langues
Published détaille les nouvelles publications parues.
additionnelles. Egalement appelé Vocabulaire
Disponible en ligne et une fois par mois par email.
Electrotechnique International (IEV) en ligne.

Service Clients - webstore.iec.ch/csc
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC Products & Services Portal - products.iec.ch

IEC 62676-2-33 ®
Edition 1.0 2022-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Video surveillance systems for use in security applications –

Part 2-33: Video transmission protocols – Cloud uplink and remote management

system access
Systèmes de vidéosurveillance destinés à être utilisés dans les applications de

sécurité –
Partie 2-33: Protocoles de transmission vidéo – Liaison montante au nuage et

accès au système de gestion à distance

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.320 ISBN 978-2-8322-3973-5

– 2 – IEC 62676-2-33:2022 © IEC 2022
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Overview . 8
4.1 General . 8
4.2 Remote access . 8
4.3 Cloud uplink . 9
5 Requirements . 10
5.1 General . 10
5.2 Functional requirements. 10
5.3 Protocol requirements . 11
6 Resource addressing . 11
6.1 Token based addressing . 11
6.2 Remote tokens . 12
6.3 Token context . 12
7 Resource queries . 12
7.1 General . 12
7.2 Resource event . 13
7.3 Location filter . 13
7.4 Prefix filter . 14
7.5 Scope filter . 14
7.6 Select filter . 14
7.7 Live checks . 15
7.8 Informative examples . 15
7.8.1 Live video . 15
7.8.2 Forensic . 15
8 Uplink . 16
8.1 Protocol . 16
8.1.1 Connection establishment . 16
8.1.2 Connection management . 16
8.1.3 Authentication . 17
8.1.4 HTTP/2 frames . 17
8.1.5 HTTP transactions . 17
8.2 Configuration interface . 17
8.2.1 Configuration parameters . 17
8.2.2 GetUplinks . 17
8.2.3 SetUplink . 18
8.2.4 DeleteUplink . 18
8.2.5 Capabilities . 18
Annex A (informative) Addressing scheme . 19
A.1 Overview . 19
A.2 Field definitions . 19
A.2.1 Zone code . 19
A.2.2 Agency code . 19

A.2.3 Device type code . 20
A.2.4 Serial number . 22
A.2.5 Examples . 22
Annex B (informative) APIs with token adaption . 24
B.1 General . 24
B.2 Consuming live video . 24
B.3 Controlling PTZ cameras . 24
B.4 Retrieving recordings . 24
B.5 Forwarding of events . 24
Bibliography . 25

Figure 1 – Hierarchical system example . 9
Figure 2 – Standard connection initiated from the client . 9
Figure 3 – Connection initiation from the device . 10
Figure 4 – Connection initiation sequence . 16
Figure A.1 – Fields of the device ID scheme . 19

Table A.1 – The zone code elements . 19
Table A.2 – Industry coding . 20
Table A.3 – Device type codes . 21
Table A.4 – Serial number value . 22

– 4 – IEC 62676-2-33:2022 © IEC 2022
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
VIDEO SURVEILLANCE SYSTEMS FOR
USE IN SECURITY APPLICATIONS –

Part 2-33: Video transmission protocols – Cloud uplink and remote
management system access
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62676-2-33 has been prepared by IEC technical committee 79: Alarm and electronic
security systems. It is an International Standard.
The text of this International Standard is based on the following documents:
Draft Report on voting
79/658/FDIS 79/666/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.

A list of all the parts in the IEC 62676 series, under the general title Video surveillance systems
for use in security applications, can be found on the IEC website.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/standardsdev/publications.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under webstore.iec.ch in the data related to the
specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

– 6 – IEC 62676-2-33:2022 © IEC 2022
INTRODUCTION
Surveillance systems are important in public safety projects to maintain law and order as well
as public safety, and to assist the police to perform forensic analysis. Due to organizational and
security reasons, large-scale surveillance systems are split in segments, which can lead to
information silos. This document provides a standardized interface for management systems
such that authorized entities can easily access remote information using the same mechanism
they are using today for accessing local information.

VIDEO SURVEILLANCE SYSTEMS FOR
USE IN SECURITY APPLICATIONS –

Part 2-33: Video transmission protocols - Cloud uplink and remote
management system access
1 Scope
This document specifies management systems interfaces and mechanisms for remote
operational access to physical security devices such as video surveillance devices and systems.
For video surveillance, the use cases focus on accessing live video and retrieving recordings.
The mechanisms defined in this document are not restricted to surveillance applications, but
also cover remote access to security systems and electronic access control systems.
Configuration of devices and management systems is out of the scope of this document.
Clause 4 introduces remote management access. Clause 5 defines a set of requirements that
the protocol needs to fulfil. Clause 6 extends the token-based resource-addressing scheme of
IEC 60839-11-31. Clause 7 describes how to retrieve information about remote resources.
Clause 8 defines how to connect to devices that are not directly reachable because they are for
instance located behind firewalls.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 60839-11-31, Alarm and electronic security systems – Part 11-31: Electronic access control
systems – Core interoperability protocol based on Web services
IETF RFC 4122, A Universally Unique IDentifier (UUID) URN Namespace
IETF RFC 5246, The Transport Layer Security (TLS) Protocol, Version 1.2
IETF RFC 6125, Representation and Verification of Domain-Based Application Service
Identity within Internet Public Key Infrastructure Using X.509 (PKIX)
Certificates in the Context of Transport Layer Security (TLS)
IETF RFC 7540, Hypertext Transfer Protocol Version 2 (HTTP/2)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp

– 8 – IEC 62676-2-33:2022 © IEC 2022
3.1
resource
IEC 62676-2 entity that can be addressed via a token
3.2
uplink
connection established by the local service to the remote client
4 Overview
4.1 General
IEC 62676-2-31 and IEC 62676-2-32 provide a detailed protocol definition for interacting with
video surveillance devices such as cameras and digital recorders. Similarly, IEC 60839-11-32
and IEC 60839-11-33 describe how to monitor and configure electronic access control systems.
These two parts are based on IEC 60839-11-31, which defines a communication mechanism
based on web services. This document extends IEC 60839-11-31 by adding cloud connectivity
and remote addressing to the framework. Note that this document does not contain any domain-
specific details, since all interfaces defined in the above-mentioned parts are applicable without
any modifications. Therefore, this document covers the integration of a wide range of physical
security systems into any management system. This document describes how a remote client
or management system connects to resources such as cameras. The approach shown here
allows scaling over several hierarchies. The examples in 4.2 show the mechanism principle with
two layers of video surveillance systems (VSS) called "lower level" and "higher level". In this
system, a higher-level VSS can retrieve a resource like device information from a lower-level
VSS, to trigger corresponding actions for different devices that are connected to the lower-level
VSS.
Access to remote VSS can require strict authentication constraints. The related definitions are
outside of the scope of this document.
4.2 Remote access
Figure 1 shows a typical management system topology as deployed for bigger installations. So-
called lower-level video surveillance systems incorporate numerous surveillance cameras and
other equipment to monitor a region of a premises or city district. Higher-level video
management systems allow supervision of large compounds.

Figure 1 – Hierarchical system example
In a way similar to the cameras shown in Figure 1, the VSSs expose an interface towards the
higher layer via which a client can access any resource placed below. Typically, the VSS
restricts the access to any of its associated resources depending on the authorization granted
to the client.
Instead of defining a new interface, this document defines a small set of rules explaining how
a VSS has to present resources to a higher-layer entity. Devices implementing IEC 60839-11-31
address resources via tokens for which this document defines a small set of mapping rules. In
the example of Figure 1, both the high-level VSS as well as clients A and B can use exactly the
same interface to control a camera as the lower-level VSS does today.
4.3 Cloud uplink
The IEC 60839-11-31 defines that the client initiates a connection to a device, as depicted in
Figure 2.
Figure 2 – Standard connection initiated from the client
This connection mechanism works very well within standard networks. However, in cases where
the device is located behind a firewall and the client resides in the cloud, the client cannot
establish the connection. In these cases, the device needs to establish the connection. Such a
connection is called "uplink" and needs to be initiated from the device, as depicted in Figure 3.

– 10 – IEC 62676-2-33:2022 © IEC 2022

Figure 3 – Connection initiation from the device
This document specifies a solution that allows a camera or management system to use an
uplink to facilitate existing web server functionality and RTSP server functionality using the
HTTP/2 protocol.
5 Requirements
5.1 General
To achieve the interconnection between High-level VSS (H-VSS) and Low-level VSS (L-VSS),
there are some basic requirements for the system.
5.2 Functional requirements
The detailed functional requirements of the interconnection between H-VSS and L-VSS are
described in two aspects: resource usage and configuration.
For resource usage acquired from L-VSS to H-VSS, the following requirements are described:
a) Live streaming control. Live streaming on demand, supporting on-demand image display,
zoom, capture and recording, and multi-user support for the same image resources on-
demand at the same time.
b) Historical image retrieval and playback. Retrieve historical image data of the device in the
network, according to the specified equipment, channel, time, alarm information, etc.,
playback and download. Playback supports the following methods: normal playback, fast
playback, slow playback, picture pause, image capture and zoom display. The recording
information is in the L-VSS.
c) Remote control. The remote operation of the device can be controlled remotely by manual
or automatic operation, e.g. using pan, tilt or zoom (PTZ) functions. Optionally support
locking to gain exclusive access.
d) Output of the decoded image. Real-time image decode, the output could be displayed.
Remote control of video wall located in L-VSS.
e) Storage management. Hierarchical distributed storage management, combining device
storage and client storage, to support the storage settings of location, time, backup strategy,
finishing strategies, etc.
• Content transfers from L-VSS and H-VSS.
f) Client management. L-VSS sends the management information to the H-VSS after receiving
the request from the H-VSS.
• When a new device enters the system, the L-VSS should notify the device information
to the H-VSS.
• Clock synchronization: the H-VSS and L-VSS should have clock synchronization, and
the high-level clock source should be the backup of the low-level clock source.
• Support the transport security between H-VSS and L-VSS.

• Query the equipment manufacturers, equipment model, version, and other basic
information from H-VSS to L-VSS.
g) User management
• Support the function of user registration, authentication, authorization management,
access control, transmission and audit of user identifier from L-VSS to H-VSS.
• Grant access control permissions of the appropriate resources to different users.
h) Log management: support the logging in L-VSS and query from H-VSS to L-VSS.
i) Access control: the VSS can support the access control service.
5.3 Protocol requirements
This section lists the requirements for web service protocols between two VSS in different levels:
• The L-VSS shall report its cameras. The L-VSS shall inform the H-VSS on any changes
in its associated cameras.
• A L-VSS behind a firewall shall be able to connect to an H-VSS in the Internet.
• Device information query
The protocol should support the hierarchical query to get the device directory
information. The device directory information contains the device ID, device name,
manufacturer name, device type, device address, device mode, device status, etc. A
CameraID can be used to get the device information.
• Authority control
Set different user names and passwords for different administrators, to limit the
administrative rights, management scope, login time range and login IP address range
of the administrator to achieve more detailed management authorization.
• Live streaming control
As defined in the IEC 62676-2-32 media service document, the GetStreamUri command
is used to define how the encoded data is expected to be streamed to the client. This
command can be extended to support the hierarchical streaming.
6 Resource addressing
6.1 Token based addressing
Devices implementing IEC 60839-11-31 address resources by so-called tokens. Tokens are
character strings of a defined length and are enumerated by the device to ease the devices'
resource management. Similarly, this document assumes that a VSS enumerates its attached
device resources in such a way that a unique token is assigned to each of its attached devices'
resources.
Additionally, this document assumes that a VSS implements resource token mapping by adding
a prefix delimited by a colon. Whether a VSS simply adds a prefix to a device token or does a
complete remapping is outside of the scope of this document.
The following is an incomplete list of resources that can be handled:
• media profiles and configurations including OSD and masks,
• video and audio sources,
• digital inputs and relay outputs,
• door locks and card readers,
• recordings, recording tracks and recording jobs.

– 12 – IEC 62676-2-33:2022 © IEC 2022
This document uses the property event mechanism defined in IEC 60839-11-31 to model global
resources. A client or upper level VSS subscribes to a VSS pull point. In consecutive requests,
it then pulls all resources it is interested in in order to get to know all relevant resources of a
lower-level VSS. As soon as it receives a resource, it can apply an action on it.
Once all resources have been reported, further pull messages will either timeout when no
changes happen or report changes. In this context, changes are added resources, modification
of resource properties or removed resources. By applying the property event notification
mechanism to resources, a client or upper level VSS has always up-to-date information about
the lower level VSS resources it is interested in.
6.2 Remote tokens
IEC 60839-11-31 assumes that the device defines tokens, which are unique within a device and
its context. This document extends the scheme to allow building globally unique tokens called
remote tokens.
A remote token shall be constructed like a QName with a device-specific prefix and a local
token.
RemoteToken = Prefix + ':' + LocalToken
The overall string length of the remote token is limited to 64 characters. A local token shall not
exceed 36 characters and should contain no colon. The length limitation is chosen in such a
way that it enables the use of UUIDs as defined in RFC 4122. Note that device implementations
typically use compact tokens.
A VSS shall use the same prefix for all tokens of the same device. This allows a client to
understand which tokens they can use for any web service API call.
A VSS can choose to simply use device local tokens as LocalToken part or create an internal
mapping. A client may not assume that tokens received from a VSS can be used in device calls
by stripping the prefix.
The naming conventions for the prefix part are outside of the scope of this document. Depending
on the application area, implementers can choose different approaches. Therefore, this
document does not require that remote tokens are globally unique between different VSSs. See
Annex A for a country-specific definition of globally unique addresses.
See Annex B for a guide to token adaptation.
6.3 Token context
Clients talking to multiple servers at a time, such as VSSs and/or devices, shall address
resources to a server only with tokens received from that same server. There is no guarantee
that remote tokens received from one server can be used to address the same resource at
another server.
7 Resource queries
7.1 General
This document models resources as so-called property events. A resource is a configuration
item addressed via a token.
Resources are queried and reported via the event mechanism. This mechanism provides two
advantages over a classical query interface. Firstly, the mechanism can cope with very large
responses by chopping the response packets into multiple pull cycles. Secondly, the mechanism
provides a real-time update facility so that services can inform clients very efficiently about
resource changes.
A server supporting resource queries shall signal the supported resource queries via the
GetEventProperties interface of the event service. The following resources can be enumerated:
For media configurations:
VideoSourceConfiguration, AudioSourceConfiguration, VideoEncoderConfiguration,
AudioEncoderConfiguration, AudioOutputConfiguration, AudioDecoderConfiguration,
MetadataConfiguration, AnalyticsConfiguration, PTZConfiguration, OSDConfiguration,
MaskConfiguration
For media profiles: MediaProfile
7.2 Resource event
Each resource maps to the following event definition;
Topic: tns1:Resource/








 

The source item Token is mandatory and shall contain a qualified token that is unique within
the serving system.
The data items are optional.
The data item scope refers to the discovery scope entry defined in IEC 60839-11-31. It can
occur multiple times for each scope entry supported by the device.
An event shall be generated with PropertyOperation set to Initialized whenever a resource is
signaled the first time in a subscription or it is newly added to the system. An event with
PropertyOperation set to Deleted shall be generated when a resource is removed from the
system.
Note that a change from online to offline or vice versa shall only create a PropertyOperation of
type Changed if the event contains an Offline state Boolean.
7.3 Location filter
A service supporting resource queries shall support the Location Filter.

– 14 – IEC 62676-2-33:2022 © IEC 2022









Devices with unknown location shall correspond to a match if the property includeUnknown is
set.
7.4 Prefix filter
A server supporting resource queries shall support the Prefix Filter. The prefix filter allows
restricting the search to any events of a device by the prefix assigned by the VMS.





7.5 Scope filter
A server supporting resource query shall support the Scope Filter allowing searching for device
scope entries.












See IEC 60839-11-31 for the scope matching rules.
7.6 Select filter
A server supporting resource query shall support the Select Filter allowing restricting the
resulting data items of each event in order to reduce the message sizes of large queries.





Each entry defines an XPath expression that matches to one of the event data items.
The following example restricts the content of the result to the resource name and location
scope:

/Name
/Scope/Location

7.7 Live checks
The mechanism defined in this document makes use of the real-time pull point defined in
IEC 60839-11-31. When no events are pending at a pull point, the PullMessages call will timeout
after a client defined timeout. The client is in control of the timeout and can ensure a continuous
heartbeat from the server. Hence, there is no need for an additional ping or heartbeat interface.
7.8 Informative examples
7.8.1 Live video
This example assumes that a police station client wants to get live feeds related to an incident
at a certain geo location.
1) The client authenticates itself at the VSS using its client certificate.
2) Client subscribes to VSS topic Resource/MediaProfile within 100 m of a lon/lat provided geo
location.
3) VSS responds to PullMessages enumerating all media profiles in the given area.
4) If the client receives multiple profiles for a remote device, it can select the best suited one
by querying the profile configurations. For each profile token, the client calls GetProfiles. By
supplying parameter Type set to VideoSource and VideoEncoder, it will receive detailed
information about the Video resolution and encoder settings.
5) The client calls GetStreamUri for each video source on the selected profile.
6) The client streams video and displays it on the Police Video Wall.
At first glance, it looks like no new functional interface has been defined. Although this is correct,
the VSS shall still implement a number of operations in order to make the above example
happen:
a) enumerate its attached camera profiles as resource events;
b) implement the Media2 API;
c) map request media profile token to cameras and their local tokens;
d) map response profile tokens to global tokens;
e) support streaming proxy and map camera stream URI to proxy.
Additionally, an intelligent VSS can expose only those media profiles to its client that have a
decent data rate so that it is able to proxy those Video streams.
Instead of directly connecting to the remote lower level VSS systems, the police station client
can connect to an upper level VSS that in turn combines search results from multiple lower
level VSS and forwards commands to individual camera sources via the appropriate lower-level
VSS.
7.8.2 Forensic
This example assumes that a police station client wants to retrieve recordings related to an
incident at a certain geo location.
1) The client authenticates itself at the VSS using its client certificate.
2) Client subscribes to VSS topic Resource/VideoSource within 100 m of a lon/lat provided
geo location.
3) VSS responds to PullMessages enumerating all video sources in the given area.
4) The client calls FindEvents passing the interested time range and a list of video sources in
the search scope.
5) The client calls GetEventSearchResults to get all available recordings at the interested
location and in the given period of time.

– 16 – IEC 62676-2-33:2022 © IEC 2022
6) The client retrieves the RTSP URIs by calling the GetReplayUri method for the recording.
7) The client plays back video of interested cameras by retrieving the RTSP media stream for
the URI retrieved by a call to Replay:GetReplayUri.
As an alternative to the above approach, the client might also directly query the recording
resource at a geo location. Some replays can fail because the cameras did not record for the
selected location at the selected time of day.
The above example is applicable for both content stored in camera's edge storage and VMS
recording server. It is up to the VMS application how the recordings are retrieved.
8 Uplink
8.1 Protocol
8.1.1 Connection establishment
The device initiates the connection to the cloud service. Figure 4 shows the three phases. In
the first phase, the device acts as a TLS client that connects to the cloud service. The figure
only shows the most relevant packets. Details of the TCP and TLS exchanges are out of the
scope of this document. The second phase includes the connection upgrade to HTTP/2, which
the cloud service confirms with a 101 HTTP response. The third phase of the connection then
fully complies with an HTTP2 connection as if the cloud service were the initiator.

Figure 4 – Connection initiation sequence
8.1.2 Connection management
A local service that is offered to a remote client for utilization is responsible for maintaining an
operational communication channel. Since the connection shall be established from the service
to the remote client, this connection is called uplink. The uplink shall be secured via the TLS.
The service shall monitor whether the remote client is able to communicate via the uplink. It
can use the HTTP/2 ping mechanism to check whether a link is still operational if no packets
have been received for a longer period of time.

A local service shall close and reconnect the uplink whenever no packets have been received
from the remote client for more than 30 s. Each camera shall use an individual ascending
interval strategy to avoid that all cameras connect at the same time.
The following example shows patterns chosen by two cameras A and B:
• Camera A: 3 s, 6 s, 12 s, 24 s, 30 s, 30 s, 30 s .
• Camera B: 2 s, 4 s, 8 s, 16 s, 30 s, 30 s, 30 s .
If the uplink list contains multiple entries the device shall try to establish all connections in
parallel.
Note that this document assumes that scenarios with multiple clients are designed such that
they do not interfere with each other. The coordination between such multiple clients is outside
the scope of the document.
8.1.3 Authentication
Note that for the following d
...