Method and apparatus for implementing remote house control

FIELD: physics, control.

SUBSTANCE: invention relates to remote home control means. In the system, a virtual private network is formed between a network home control key and a network home control device. For said network home control key and network home control device, network routes to the Internet from data networks to which they are connected are determined. The found network routes are stored in a home control network server on the Internet. If there is need to form a virtual private network, the home control network server reports the stored network routes to the network home control key and to the network home control device. Using the received network routes, the network home control key and the network home control device form a virtual private network with each other, said virtual private network being connected to a client device used by the individual performing remote control and actuating devices to be controlled remotely.

EFFECT: high reliability and safety of the home control system.

13 cl, 7 dwg

 

Area of technology

The present invention relates to a method of remote control actuators in the housing, the remote control system and its components.

The level of technology

Remotely operated devices and systems often are installed in homes and buildings. The purpose of the installation of such systems is to ensure safety in dwellings and/or maintaining a comfortable and safe living conditions. Range of remote-controlled devices, or remote controlled devices extensive. In one dwelling may be used multiple device manufacturers. These devices are often unable to communicate directly with each other. In addition, typically each system has its own logic of functioning, remote control which requires the use of specialized means of communication.

Construction companies have recently begun to solve this problem quite radically, why not order the operator to the customer's own separately purchased additional communication line with defined individually for each object contractual services, which must be serviced separately; this communication is done either via the telephone network or via the broadband network, which may be a fixed network or b�provodnoy network 2G/3G. Despite the presence of several bottlenecks, the majority of companies currently consider that this approach is most appropriate.

If a new object appears an additional connection, then it is usually necessary to coordinate the transfer of data with the administrator of the local internal network (intranet). To establish a remote connection is made possible, the administrator of the intranet would probably need to perform additional network configuration.

Often quite a long time, weeks, to wait for the provision of additional connections, particularly permanent network connection. When the connection is finally available, it often happens that it is not working as it was stated in the order from the operator, and have to negotiate with the operator to correct deficiencies.

Operators, speaking about the use of wireless broadband connections, there are still too many promises. When a remote object is connected to a new wireless connection, does not work correctly, you need long, time-consuming and costly, exhausting for all parties involved in the negotiations.

In addition, operators are trying to consolidate users, in addition to connecting modem and imposing, for example, a mandatory 24-month contract. Not all uses�may want to participate in this, preferring to be masters in their own house.

Always have to bear the additional costs of commissioning and use of a new connection, suitable for remote use. Many private households and housing cooperatives such additional expenses are not ready to bear.

In addition, if the additional services needed for remote control, for example, a fixed IP address or dynamic domain name service, provided by service operator or service provider network connection over an existing connection can occur, for example, the following problem.

The provision of static IP addresses may not be possible, so you have to use dynamic domain name service. If the provider remotely host device does not provide dynamic domain name service, then the service must be provided by a third party. Dynamic domain name service is also provided by some third party (for example, some student organizations) for free; it, for example http://dyndns.org, http://dy.fi etc., the use of such domain name service varies, and the availability and quality of response to occur when you work the problems, as a rule, insufficient to realize their dream,�to provide reliable remote control housing.

Currently connecting via a broadband connection from the outside is often prohibited, so using this connection object to remote control impossible. Operators can, for example, to completely ban initiated from the Internet connection through the connection. Thus, the use of dynamic domain name service is not useful.

To use dynamic domain name service also requires that the object received from the connection that he uses, public Internet address. This is only possible with the support by the connection of working with multiple public addresses.

One option of bringing the commissioning of the facility is that a networking expert, going to the object, sets up the connection so that it is suitable for remote use. This should take measures to ensure that not have any obstacles or problems in functioning of other networking devices and Internet connections. Also available on the connection object in its original form is often unsuitable for remote use. You have to change the modem or the connection type or to coordinate with the operator changes to the operation.

Crea� individual technical solutions for each object always holds the user additional costs. This reduces the effectiveness of the contractor's work.

You can try to solve the problem of remote control of the object and using technical solutions that are customized for specific application tasks. For example, the provider device can be purchased from the operator's radio network for their own use and to create in it the name of the private access point (access point name, APN), which defines the configuration for data transmission in the GPRS (General Packet Radio service, packet radio data service) and HSDPA (Highspeed Downlink Packet Access, high-speed packet transmission in the downlink) / HSUPA (Highspeed Uplink Packet Access, high-speed packet transmission in uplink). Using the APN settings connecting devices at the facility with the Internet through a wireless network 2G/3G/4G network. In such cases, the user has to pay separately for the connection, for front-end modems and programs that make it possible for remote use. Often this additional connection itself does not have the technical ability or externally limited in their ability to use for other tasks, for example, for remote use of devices, provided by the developer. In addition, operators at present, will normally limit the amount of data transferred in such connections, � exceeding the prescribed amount may lead to significant additional costs of the owner of the connection.

In objects of type housing cooperatives, which are homes several owners may be granted a "remote control", acting only within the intranet between dwellings. Real remote communication for such objects becomes impossible, if the user of remote communications is physically located outside the home, connected to the specified intranet.

Route information between any two devices may be stored on the server. When a device requests from the server information about the route to some other device, the server can transmit the requested route information to the device that made the specified query routing information, or both.

Application USA US 2010/0014529 describes the network communication device, giving the opportunity to establish a connection between any two network devices connected to the network using multiple routers with NAT. First describe the network communication device automatically checks if the direct local connection with another arbitrary device. Describes the network communication device includes: module direct search, which passes the request to the direct search in another arbitrary network communication device, determining module info�information about the route, who receives information about a route to the specified another arbitrary network communication device from the server, and the management module connection, which, if by querying an immediate search of the accepted information related to the another network communication device that communicates with the specified another network communications device based on said information, and if this information is not adopted, then communicates with the specified another network communications device based on the route information, adopted from the server.

U.S. patent US 7590074 describes a communication system in which, if the network element in the node VPN requires route information for communication with another arbitrary node of the VPN, the network element checks whether it has the required information about the route. In the absence of routing information the specified network element may, upon request, to receive route information from the routing server. Accepting the request message route, the routing server transmits information about the route initiated the request in the VPN node, and possibly in the target node VPN, giving these VPN nodes to update their routing tables and send data to each other directly.

Disclosure of the invention

The aim of the present invention is the proposal of a new system of remote�remote control of technical devices in the home and way remote control, use this remote control system, which is used for remote control and monitoring uses existing residential homes and an Internet connection. The connection to the housing facility is available for remote control by combining devices in pairs in accordance with the present invention. Existing network connections at the facility and intranet facility is not affected.

The purpose of the present invention are achieved in a system in which a network device management home, which is fixed in the housing, and the network key management house, belonging to the person supervising the housing, establish a secure bidirectional communication via Internet on the basis of information communication, adopted by the specified device and the key from the network server to manage the house in accordance with the present invention. Network device management home connected devices at home that are subject to remote control or remote monitoring, connected with the established in house device a network connection (network terminal), for example, with a modem.

Current IP address of the network device control and network key home control are stored in the network server home control, Rel�casesa to the present invention; these IP addresses are used to establish the connection between these devices. Thanks to the additional operations and methods for establishing a connection in accordance with the present invention both of these devices can be connected to a private, not a public network, but may nevertheless be able to establish a data connection via the Internet. Preferably, for establishing a connection for data transmission over the Internet between mobile network key management house and stationary network device management home enough to mentioned devices in addition to existing IP addresses that are not publicly available, is received at some point the connection is established, public (public) IP address. The network server home management after the transfer of IP addresses of devices to which are to be accessed, in these devices, the connection for data transmission is not involved.

The advantage of remote control system housing in accordance with the present invention is that both devices of the pair of network devices of the home control can determine a route from the place of his accommodation to the IP address of the devices responsible for connecting homes to the Internet, and save found�th route in a separate storage server on the Internet to identify a given pair of devices and the storage of its IP addresses.

Another advantage of the present invention is that each pair of network devices of the home control in accordance with the present invention independently forms between a predetermined pair of the devices or group of devices that find each other in the network. Thanks to the used authentication method, network key home management, which the user carries with him, establishes a network connection only with its own unique pair of network devices to manage a home, but cannot connect to any other network devices. Thus, the network key home control functions as a powerful network security key front of the house.

Another advantage of the present invention is that a pair of devices of remote control system in accordance with the present invention may independently using the address information of the network server home management to establish a direct bidirectional secure connection for data transmission at the data link layer (layer 2) or network layer (layer 3) of the OSI model (Open Systems Interconnection Reference Model, standard model the open systems interconnection) service through the local network device and the Internet (VPN, Virtual Private Network, virtual private network) without the prop�ka any information in the established connection via the external server. Protected link layer connection for remote transmission is a basic requirement for many types of use of the devices of the home control.

Another advantage of the present invention is that a pair of devices of remote control system in accordance with the present invention works with all types of Internet connections without changing the settings provided by vendors such connections. Connection secure and full-featured are used on the options specified when entering them into operation, with no change in the connection and/or at the terminals of the customer are not required.

Another advantage of the present invention is that the connection for remote control not required for the foregoing reasons, additional connections, replace modems or firewalls at client connections, reprogramming terminal client, or payments for the use of the individual devices.

Another advantage of the present invention is that the connection for the remote control depends on the user's operating system (e.g. MAC, Windows) and terminal. Enough to the user terminal by remote control, was program b�of auzer, supported by a network server device which is subject to remote control. This terminal may be a stationary computer or a mobile device such as a laptop computer, tablet or smartphone.

Another advantage of the present invention is that the remote control system in accordance with the present invention it is possible using remote network devices, home control systems from different manufacturers in an environment beyond the control of the operator. Video camera security systems manufacturer, CCTV camera of the second manufacturer, ground source heat pump a third of the manufacturer and control system air conditioning fourth of the manufacturer can be connected to a pair of network devices of the home control in accordance with the present invention.

Another advantage of the present invention is that the device to be managed, and the device from which control is exercised, can be in different networks, and these networks do not necessarily have to be of the same type or to use the same network technology. For example, the managed device may be connected to a permanent broadband connection, and the control device can be connected via 3G or G.

The remote control mode according to the present invention is characterized in that

- a client device of the user, control actuators, connected to the first network terminal in the first data network;

- the Executive unit, subject to remote control, connects to the second network terminal to the second data network;

- as the first network terminal and the second network terminal can communicate with the network server home management;

- as the first network terminal and the second network terminal for the purpose of establishing end-to-end data transfer connection between said network terminals request from the network server home management routing information;

server management network house passes the requested route information to the first network terminal and the second network terminal and the first network terminal and the second network terminal using said information between a virtual private network, which specified server network home control doesn't belong.

The remote control system according to the present invention includes

- the first data transmission network connected to the first network terminal connected to client devices�m user Manager of Executive devices to be remote control;

- at least one second data network connected to a second network terminal connected to the actuators to be remote control;

- one or more other data transmission networks, one of which is the Internet network, between a first data network and a second data network; and

- Internet connected network server home control; wherein the remote control system is characterized in that

- the first network terminal and the second network terminal is arranged to establish a data connection with the network server to manage the house for the purpose of establishing mutually directional end-to-end data transfer connection between said network terminals;

- the first network terminal and the second network terminal is configured to, with the aim of establishing end-to-end data transfer connection between said network terminals, a request from a network server home management routing information; and

server network home control is arranged to transmit the specified information about the route to the first network terminal and the second network terminal and the first network terminal and the second �etevye terminal is arranged to create using this information a virtual private network, which the specified network server to manage the house doesn't belong.

Network key home management in accordance with the present invention is characterized in that are included with the specified key CPU, memory and stored computer program code provides the opportunity

- to determine the network route from a given network key home control in the Internet;

- to maintain a specified network path in memory network key home management, and in memory of the network server home management;

- to request from the server network management information about the network route of the pairwise network terminal for the purpose of establishing end-to-end data transfer connection between said network terminals;

- accept from the server network management information about the network route network terminal pair; and

- using the received information about the network route, to form with his pair of network terminal a virtual private network for remote control of actuators of the home, which the network server home control doesn't belong.

Network device management home, in the dwelling in accordance with the present invention is characterized in that its CPU, memory and stored computer program to�d provide an opportunity

- to determine the network route from the network device management home on the Internet;

- to maintain a specified network path in a storage device of a network device to manage a home and in a storage device such as a network server home management;

- to request from the server network management information about the network route of the pairwise network terminal for the purpose of establishing end-to-end data transfer connection between said network terminals;

- accept from the server network management information about the network route network terminal pair; and

- using the received information about the network route, to form with his pair of network terminal a virtual private network for remote control of actuators of the home, which the network server home control doesn't belong.

The network server home control in accordance with the present invention is characterized in that its CPU, memory and stored computer program code provides the opportunity

- save to a storage device such as a network server home control identification data pair of network terminals formed by two network terminals used for remote control housing;

- to take out of the uke�Anna pair of network terminals information about them a certain network route;

- to receive from the first network terminal request information about the network route pair him network terminal;

- determine which device is paired to the first network terminal that has made the specified query network route.

- to send information about the network route to a specified pair of network terminals in the first network terminal and the second network terminal;

- receive information about the specified pair of network terminals of the address space and transmit information about valid address space in the network device control; and

to maximize the data connection to the specified pair of network devices after the transmission of information about the network route.

Some preferred embodiments of the present invention are presented in dependent claims.

The basic idea of the present invention is as follows: for the realization of remote management is formed by a pair of devices, which includes the network device control and network key home management, and network device management may be able to establish a connection for data transmission only with its pair network key home management. In one preferred embodiment of the present Fig�plants one network key home management can serve as the paired device to two or more network devices of the home control in different homes. Identification codes of the network device control and network key home control are recorded in these devices during their manufacture. Using the identification codes, the network device control and network key home management can establish a bidirectional data connection between themselves. The advantage of the specified data connection is that it is created at the data link layer (layer 2) or network layer (layer 3) of the OSI model. When commissioning the two devices determine the information about the route from their location in the network to a network terminal connected to the Internet; the indicated route information needed to establish the connection. This route information is stored in an Internet-connected server, network, home control in accordance with the present invention. If the network key home management is required to establish a connection for data transmission via the Internet with its pair device in a housing, the specified network key management house seeks information about the route of the pair of network control devices of the home network server to manage the house. Using the obtained route information, the network key home control starts to establish a p�yoga vias for data transmission. When specified a direct data connection is established, installed and thereby direct VPN connection to transfer data between the network key home control network and device management home, located in the housing; an advantage of the compounds is the use of network layer.

Network device management house in accordance with the present invention installed in an internal data network of the home, subject to remote control, between the existing internal data network relating to the management of housing and monitor, and a network terminal, relaying traffic from dwelling on the Internet. All devices related to the control housing connected to the inputs of the network device management house, and to the output of the network control device is connected to the input of the intranet network of the terminal, relaying Internet traffic.

Network key home management in accordance with the present invention can be connected to any data communication device, which has the technical ability to set the data connection to the Internet. In such a data communication device may be, for example, a personal computer, tablet PC or smartphone. Connection network key Ctrl�effect to the house to the specified data transfer device can be performed for example, using the LAN interface (Local Area Network, LAN), WLAN interface (Wireless LAN, wireless LAN), WAN (Wide Area Network, distributed network), USB (Universal Serial Bus, universal serial bus) or the antenna interface. When the network key management house is connected to the data communication device, the specified network key home management first determines the route through the subnet to a network terminal on the Internet. When the specified route is determined, route guidance network key home control is stored in the network server home control in accordance with the present invention.

When forming the through channel bidirectional data transmission between the network key home control and networking device home control uses information about the route of the specified pair of devices with different subnet stored in the network server to manage the house. After establishment of the specified data connection, the network server home control is no longer involved in data transmission.

Brief description of the drawings

Further, the present invention is described in detail. In the following description makes reference to the accompanying drawings, where:

Fig.1 is an example of how a bidirectional data connection rela�against the present invention may be established between client device, by remote control, and a separate device control and management of the housing;

Fig.2 represents a second example in accordance with the present invention between a client device from which the remote control, and a separate control device and the control housing is established bidirectional data connection;

Fig.3 is a block diagram of an example of establishing a connection for data transmission between the client device and the device housing;

Fig.4 is an example of a network device management house in accordance with the present invention;

Fig.5a is an example network key home management in accordance with the present invention;

Fig.5b is an example of a redundant network key home management in accordance with the present invention; and

Fig.6 shows an example of the network server home control in accordance with the present invention.

The implementation of the invention

Embodiments of the following description given merely as examples, and a specialist in the art can carry out the basic idea of the present invention and a manner different from that described in the present description. Although in some places the description can refer to op�edeleny variant or variants of the invention, this does not mean that this link may only be applicable in the described embodiment of the implementation, or that the described property can be used only in one described embodiment implementation. The individual properties of two or more embodiments of the invention may be combined, thereby can be the new variants of implementation of the present invention.

Fig.1 and 2 show two preferred options 1A and 1B of the implementation of remote control system in accordance with the present invention. In the examples in Fig.1 and 2 one network key 42 of the home control is used to establish a data connection with a single network device 61 home management. However, the network key 42 of the home control in accordance with the present invention can also work with several different devices management house, located in two or more dwellings.

In both embodiments, Fig.1 and 2, the data network generally has the same basic structure. Fig.1 and 2 to Internet used the symbol 2. To the Internet 2 is connected to some public network or intranet, the symbol 3. The network 3 may be a fixed or wireless data network. To the network 3 connected to the first network 4 data transfer (remote network UE�of Alenia house) which can be connected to a client device 41a and/or 41b, implementing remote control.

In-house intranet dwellings, subject to the remote control of Fig.1 and 2 is designated 5. To the intranet 5 connected to the second network 6 data, intranet home control in accordance with the present invention. To the intranet home control connected actuators 62 to 65, subject to remote control.

Specialist in the art it is clear that between the network device 61 home control network key 42 of the home control in accordance with the present invention and the Internet 2 can be more subnets than shown in Fig.1 and 2.

In the examples in Fig.1 and 2, the second network terminal in accordance with the present invention, that is, the network device 61 home control home control network device, HCND) connected to the intranet 5 houses (10.0.0.0/24). Intranet 5th house connected to the Internet 2 via the network terminal 51. Network terminal 51 may be a router, modem or firewall, which can also include network address translator (NAT (network address translator, NAT). In the examples in Fig.1 and 2 intranet 5 is located behind the firewall FW1, designation 51 containing functional module NAT. In the examples in Fig.1 and 2, the firewall FW1 has a public IP address 240.1.1.2. The internal IP address of the firewall FW1 in the intranet 5 is 10.0.0.1. To the intranet as an example of two other connected devices data; The IP addresses of the devices in the intranet 5 is 10.0.0.3 and 10.0.0.4.

Intranet home management 172.17.0.0/24 (house control intranet, HCI) symbol 6, is associated with the intranet 5 homes through a network device 61 home management. IP address of the network device 61 of house control intranet 6 home management equal 172.17.0.1, and on the intranet is $ 5 at home 10.0.0.2. In the examples in Fig.1 and 2 to the intranet 6 home management as an example, four connected devices/servers 62, 63, 64 and 65. These devices/ servers can be connected to the intranet 6 home control using either a fixed connection or a wireless connection for data transfer.

Symbol 62 shows the web server lighting control, IP address which is on the intranet home control equal 172.17.0.5. For a remote user, the web server 62 lighting control is seen as a device HCND4.

Symbol 63 shows the web server controls the heating, the IP address in the intranet home control equal 172.17.0.4. For a remote user, the web server 63, the heating control is seen as a device HCND1.

Symbol 64 shows the web server, CCTV camera, IP address which is on the intranet home control equal 172.17.0.3. For a remote user, the web server 62 CCTV camera is visible as a device HCND2.

Symbol 65 shows a web server administered�I air conditioning IP address in the intranet home control equal 172.17.0.2. For a remote user, the web server 65 of the air conditioning control is seen as a device HCND3.

In the examples in Fig.1 and 2 to the remote network 4 home management (172.17.0.0/24) connected to the first network terminal in accordance with the present invention, constituting a network key 42 of the home control home control network key, HCNK). Remote network 4 home management is behind the firewall FW1 intranet 3, designated as 31. Public IP address of the firewall 31 NAT in this example is $ 240.2.1.2, and the internal IP address of the specified firewall NAT equal to 10.0.1.1.

Remote network 4 home management 172.17.0.0/24 (HCRN, house control remote network) connected to the network 3 data transmission through a network key 42 of the home control in accordance with the present invention. IP address network key 42 of the home control in the intranet is equal to 10.0.1.2, and remote network management of the home is $ 172.17.0.6. In the examples in Fig.1 and 2 to the remote network 4 home management as an example of the connected processing unit 41A or 41b; IP address of the specified device data in the remote network 4 home management equal 172.17.0.7. This unit 41a/41b data is used to remote control the devices/servers 62, 63, 64 and 65, connected to the network 6 (intranet) �reign of the house.

Network key 42 of the home control and networking device 61 of house control in accordance with the present invention for establishing a pass-through connection for data transmission on the channel or the network layer (in the examples in Fig.1 and 2 is a VPN connection 55 for data transmission) requires information about the route of the corresponding paired device. The information about the route stored as network key 42 of the home control and networking device 61 of house control in accordance with the present invention in the server 21 network home control home control network server, HCNS) to the Internet.

In the example of Fig.1 NAT firewalls not completely prohibit outbound UDP communication. This so-called firewalls and NAT in one state and "memory" that do not change and source port numbers of connections UDP (User Datagram Protocol, transmission Protocol, user data) in unpredictable ways, if they are not claimed. In the example of Fig.1 the purpose is to establish a link-layer connections of the Ethernet network between the key 42 of the home control and networking device 61 home control.

If the system 1A remote control according to Fig.1 is required to establish a connection 55 for the transmission of data belonging to a virtual private network (VPN) between devices, each device 42 and theproximal from the server 21 network home control route information, stored by the corresponding paired device. Before you provide the route information, the server 21 network home control makes sure that the request really came from a valid device, pairwise network key home management or network device management home. Using adopted this way information about the route, the network key 42 of the home control network device 61 home management establish a direct VPN connection. When establishing a VPN connection 55 is completed, the processing unit 41a/41b on the remote network 4 home control can communicate with the device 62, 63, 64 or 65 in the network 6 home control.

To be able to establish a connection for data transmission, the network key 42 of the home control network device 61 home management should define your network route from its own network at least in the Internet 2. The definition of a network route can be performed, for example, the methods described below, the network key 42 of the home control network device 61 home control is preferably used.

IP settings for the network interface device of the data processing can be defined using DHCP (Dynamic Host Configuration Protocol, a Protocol for dynamic configuration of the host). With and�use DHCP operations can be defined, at least the IP address of the data processing device, netmask, default gateway, and DNS server (Domain Name System, domain name system, which converts domain names to IP addresses.

Operation Traceroute (trace route) allows using TCP/IP network to determine the route that packets are transmitted at some node. In Traceroute data communication device connected to the network, determines the network route by gradually, starting from zero, increasing the "life time" (the Time to Live, TTL) of packets that the specified device transmits one by one.

Determining a network route, as a rule, is described below. The device transmits data to the default gateway, the IP packet with the address of some object in the external network, using a TTL value of 0. The default gateway in response transmits the message "TTL expired" (the life time is exceeded). This message allows you to determine, in particular, IP address, latency, etc. of the default gateway.

The device then transmits data to the default gateway, the IP packet with the address of some object in the external network, using a TTL value of 1. Now the message "TTL expired" is transmitted by the router, next to the default gateway, and on this message to determine the IP address of this (the second) router. Such transfers and the answers continue p�and increasing the TTL value until it reaches the target node. In the case of the Internet the target node, as a rule, is achieved when the TTL value 6-15. The final result of the operation is that the data processing device becomes known network route to the external network, e.g. the Internet.

To identify external addresses can be used the ICMP Protocol (Internet Control Message Protocol internetwork control message). In operation ICMP flag is used "record route" (record route) that are installed in the ICMP packet; this flag requires that the operating systems of the devices in the network route, record in a header of the specified ICMP IP address of the router that performed the transfer. In the examples in Fig.1 and 2, the first and second network key 42 of the home control, redundant network key 22 home control network device 61 home management determine the network route using at least one of the operations described above. These devices retain certain specified, the network route to the server 21 network home control; the specified server stores this information in its memory.

Network key 42 of the home control and networking device 61 of house control in accordance with this invention also preferably have the technical ability to determine the free space addresses. These device is made with possibility of ODA�mine is available for the address space automatically using information about the network route, stored on the server 21 network home control. These devices ask the server 21 of the management of the house providing some unoccupied part of the address space. The server 21 network home management analyzes the stored network routes, and reports a certain block of network addresses, any address which is not contained in the network route of any of the known devices.

Network device 61 home control also, preferably, provides in its subnet 4 and 6 DHCP and DNS services for devices connected to the specified subnet. In addition, the network key 42 of the home control network device 61 home control function as the default gateway for devices connected to the specified subnet.

The following describes an example operation of the remote control system 1A according to the present invention shown in Fig.1.

Network device 61 home control

Network device 61 home control is connected to the 10.0.0.0/24 network (intranet 5 at home), for example, by attaching the cable to the WAN port of said network device 61 home management. Network device 61 home control automatically detects your IP settings using DHCP operation. Firewall FW1 in the intranet 5 at home, preferably functions as a DHCP server, and assigns the CE�the left device 61 home management IP address of 10.0.0.2 with a subnet mask length of 24 bits (255.255.255.0). The DHCP server also assigns the default router address 10.0.0.1 and DNS server address 10.0.0.1.

Network device 61 home control starts the connection with the fact that with the help of the DNS server determines the IP address of the server 21 network management building (HCNS, the DNS address http://etahallinta.fi). DNS server 10.0.0.1 reports that the IP address of the server 21 network home control equal 240.1.1.1.

Network device 61 home control establishes communication with the server 21 network management house (240.1.1.1) via the Internet using TCP or UDP Protocol. Network device 61 performs home management server 21 network home control mutual authentication using certificates and/or passwords set at the factory. The specified connection for the transmission of data is preferably encrypted, for example using SSL/TLS encryption. The server 21 network home control data from incoming connection is known to the public IP address of the network device 61 home control, which is shown in Fig.1 example is 240.1.1.2. Network device 61 home control reports in the server 21 network management home address and netmask of the network (10.0.0.2/24). The server 21 network management home saves this information in its database.

Network device 61 home control also preferably performs an operation of tracing the route to the server 21 CET� home management, and reports specified by the specified, the network route to the server 21 network home control. The server 21 network home control maintains the adopted network path to a network device 61 of the control of the house in its database.

Then the network device 61 home control also preferably performs the operation of determining the route by recording ICMP, and reports found in the specified way the route to the server 21 network home control. The server 21 network home control maintains specified route, adopted from a network device 61 of the control of the house in its database.

Then the network device 61 of house control by transmitting the request to the server 21 network home control performs automatic determination of free address space. In the examples in Fig.1 and 2, the server 21 network home control reports in a network device 61 home control space address 172.17.0.0/24.

Network device 61 home control takes the address space to use for your intranet 6, with a private IP address of the device 61 network management gets the value of the house 172.17.0.1. Network device 61 home management notifies the server 21 of the management of house on reception of the specified address space in use, information about what the server stores in its database.

Network key 42 of the home control

The WAN port network key 42 of the home control connected to the network 10.0.1.0/24 (network 3 data). Satevo� key 42 of the home control requests information about the IP address in the DHCP server the function which performs firewall 31 (FW2). Specified network key home management obtains an IP address 10.0.1.2. Obtained from a DHCP server address router 31 default relating to network key 42 of the home control equal to 10.0.1.1, the address of the DNS server 31 is equal to 10.0.1.1.

Network key 42 of the home control starts the connection with the fact that with the help of the DNS server determines the IP address of the server 21 network management building (HCNS, the DNS address http://hcns.fi). In the examples in Fig.1 and 2, the DNS server 10.0.1.1 appointed network server 21 home management IP address 240.1.1.1.

Then the network key 42 of the home control establishes communication with the server 21 network management house, having an address 240.1.1.1, through the Internet using UDP as the primary Protocol, TCP as the additional Protocol. Network key 42 of the home control server performs 21 network home control mutual authentication with the use of advance certificates and/or passwords. The specified connection for the transmission of data is preferably encrypted, for example using SSL/TLS encryption. The server 21 network home control data from incoming connection is known to public IP address 240.2.1.2 network key 42 of the home control. Network key 42 of the home control adds in the server 21 network management home address and netmask of the network 10.0.1.2/24. The server 21 network management �Ohm retains this information in its database.

Then the network key 42 of the home control performs an operation of tracing the route, and reports found in the specified way network route to the server 21 network home control, which stores this information in its database.

Network key 42 of the home control also preferably performs a write operation of the route ICMP and reports found in the specified way network route to the server 21 network home control, which stores this information in its database.

The server 21 network home control checks the received route information, and if there are overlaps, the server 21 network home control reports this to the network key 42 of the home control, which, if necessary, automatically re-finding free address space.

Actuating device using the remote control system 1A

The device to be remote control, connect the remote control system 1A by acceding to the intranet interface of the network device 61 home control using either a permanent connection or a wireless connection.

For example, the web server 63, the heating control (heat control webserver, HCWS) connected to the network 6 (intranet) home control. In this example, the web server 63, the heating control after connecting �predelay its IP settings using DHCP. The web server of heating control receives from the network device 61 home control address 172.17.0.4 as its own address 172.17.0.1 as the address of a default router, 172.17.0.1 as the DNS server address. In addition, in the example of Fig.1 it receives from the DNS server as its name the name of the hews.hend.local.

Network device 61 home management retains the DHCP information supplied by the specified device to the web server 63 of heating control in its local database.

In advance it is determined that the device pair network key 42 of the home control is a network device 61 home management. This way you can establish a direct connection to transfer data between the intranet 6 home management and network 3 Ethernet connected network key 42 of the home control.

Network key 42 of the home control starts an operation of forming a pair. The key 42, using, preferably, the UDP Protocol, notifies the server 21 of the control network is the home's intention to establish a data connection with the device 61 network management home. The server 21 network home management decides that the requested data connection must be established with the following port numbers:

- network key home control - the source UDP port 10500, destination UDP port 10501, the destination IP address 40.1.1.2;

- network device control - UDP source port 10501, target UDP port 10500, destination IP address 240.2.1.2.

The server 21 network management house reported this information in the network key 42 of the home control and networking device 61 home control.

Then the network key 42 of the home control transmits a UDP packet to the address 240.1.1.2 using source port 10500 on the target port 10501. Since outbound traffic is not imposed strict limitation of the transmitted packet passes through the firewall FW2, which contains a functional module NAT. Firewall 31 (FW2) stores the specified UDP packet as a connection for the next X seconds with information communication 10.0.0.2, 240.1.1.2, 10500 and 10501.

The specified UDP packet arrives at the firewall 51 (FW1), which prohibits incoming traffic and therefore removes the specified package. This package does not reach the address of 10.0.0.2.

Network device 61 home control passes to the address 240.2.1.2 a UDP packet with a source port 10501 and a target port 10500. The transmitted UDP packet passes through the firewall 51 NAT (FW1), as outbound traffic is not limited. Firewall 51 (FW1) stores the specified UDP packet as a connection for the next X seconds with information communication 10.0.0.2, 240.2.1.2, 10501 10500 and.

The specified UDP packet arrives at the firewall 31 (FW2). Firewall 31 (FW2) remember that the IP address� 10 0.1.2 established UDP connection with the address 240.1.1.2 using source port 10500 and destination port 10501. Since the UDP packet received from a named source address 240.2.1.2 with a source port 10501 and a target port 10500, firewall 31 (FW2) sees this package as a response message relating to the connection established with the device 10.0.1.2. Then the firewall FW2 performs an operation of changing address. Specified, the firewall changes the destination address of the UDP packet to 10.0.1.2. After that the firewall 31 (FW2) sends a UDP packet to the address of 10.0.1.2. Now the network key 42 of the home control receives a message from a network device 61 home management. With this point established a unidirectional data connection from a network device 61 home control network key 42 of the home control.

Then the network key 42 of the home control transmits a UDP packet to the address 240.1.1.2 using source port 10500 on the target port 10501. The specified UDP packet arrives at the firewall 51 (FW1). Firewall 51 (FW1) remembers that address 10.0.0.2 set a UDP connection with the address 240.2.1.2 using source port 10501 and destination port 10500. Because this package came from a source address 240.2.1.2 using source port 10500 in the target port 10501, firewall 51 (FW2) perceives the adopted UDP packet as a response message relating to the connection established with the device 10.0.0.2. Firewall 51 (FW1) �apolnet a change of address, ie changes the destination address of this packet to 10.0.0.2. Then the firewall 51 (FW1) sends the package to the address 10.0.0.2.

From this point between the network key 42 of the home control and networking device 61 of the control house has a bidirectional UDP connection. These devices can now communicate with each other by two-way communication. Network device 61 home management and key 21 network management home, preferably together form a VPN tunnel link layer using, for example, the OpenVPN program.

Network device 61 home control connects the created tunnel 55 VPN to a remote network 6 (172.17.0.0/24) home management, which said device operates. In the same way network key 42 of the home control connects the created tunnel 55 VPN with my LAN port, that is, the key 42 is able to provide interfaces intranet network 172.17.0.0/24 link layer. After performing these operations the remote network 4 home management and intranet 6 home control form private network (VPN) via the Internet 2.

Now the client device 41a may be connected via the Ethernet interface to the intranet network key 42 home management; so interface may be, for example, the LAN interface. After the connection is established, the client device 41a requests its IP settings from a network device�VA 61 home management, using DHCP. The DHCP request transmitted by the client device 41a or 41b is supplied to the LAN port network key 42 of the home control; the specified port is connected with the tunnel 55 VPN. network key 42 of the home control transmits the specified Ethernet packet generated by the client device 41a or 41b, unchanged in the tunnel 55 VPN. The specified DHCP packet transmitted by the client device 41a or 41b enters the network device 61 home control through a tunnel 55 VPN.

Network device 61 home control includes a DHCP server that sends the response message IP address 172.17.0.7/24, the address of the default router and the address 172.17.0.1 DNS-servers 172.17.0.1. The specified response message to the network device 61 home control, respectively, is passed through the tunnel 55 VPN network key 42 of the remote control of the home, which then transmits the specified package into your network LAN interface. Client device 41a or 41b, accepting via the network interface LAN DHCP response packet, notes the use of its IP configuration. The client device is now assigned an IP address 172.17.0.7/24, the default router 17217.0.1, the DNS server 172.17.0.1.

Client device 41a now logically is part of the VPN network 172.17.0.0/24 and has the ability directly on the Ethernet to communicate with the device 172.17.0.4 exactly the same as if it were direct� physically attached to the network 172.17.0.0/24 (intranet 6 home control). However, the implementation of such communication should take into account the technical constraints of the tunnel 55 VPN and Internet connections, in particular, the data rate and delay.

The device to be remote control, connected to the LAN interface of the network device 61 home control or via a permanent connection, or through wireless communication. In the examples in Fig.1 and 2 devices to be remotely operated, are device 65 of the air conditioning control device 63 of heating control chamber 64 and the CCTV device 62 lighting control. The web servers of devices that are subject to remote control, get their IP address from a DHCP server, which, preferably, is part of a network device to manage the house.

Network device 61 home management advance in a certain way puts the names in IP addresses. In the examples in Fig.1 and 2 IP address 172.17.0.4 (heating control) has a name HCND1. Similarly, IP address 172.17.0.3 (CCTV camera) has a name HCND2.

The user of the client device 41 can now directly on the Ethernet to communicate with shown in Fig.1 devices 62, 63, 64 and 65, subject to the remote control. Method this regard is no different from the one that could use�Xia, if the client device 41a is directly physically connected to the intranet 172.17.0.0/24 home management, maintenance the device, subject to the remote control.

Using the remote control system 1A according to the present invention, the user of the client device 41a enters the address in the browser address http://hcnd1. The browser of the client device sends to the network device 61 home control (with the address 172.17.0.1) a DNS query against the name HCND1. Network device 61 of house control in response transmits to the client device 41a specified name and the corresponding name HCND1 IP address 172.17.0.4. Browser of a client device of the user 41a using, preferably, the HTTP Protocol, opens the page http://HCND1 on the web server 172.17.0.4 heating control. Then, the user has direct control connection with the web server 63, the heating control and can control the heating.

The user of the client device 41a can also perform address search by common name HCND. Network device 61 home management is responsible for the specified query your IP address 172.17.0.1 and generates a catalog page that will be displayed in the browser of the client device 41a of the user. On this page of the directory the user sees a list of all resources under�connected to the LAN interface of the network device 61 home management. In the example of Fig.1 and 2 is visible in the browser the following list:

hcnd1 172.17.0.4

hcnd2 172.17.0.3

hcnd3 172.17.0.2

hcnd4 172.17.0.5.

On the catalog page the user of the client device can rename the displayed objects, for example, can replace the name HCND1 in the name of "heating Control", and the name HCND2 in the name of "security Camera". The network control device automatically saves the new names assigned to IP addresses. Then, the user of the client device 41a may refer to, for example, the control device heating by typing in the address bar of the browser only "heating Control".

In the embodiment 1B of the implementation of remote control system shown in Fig.2, with the aim of eliminating some occasionally its shortcomings connecting to remote objects use duplicate network key 22 home management. Duplicate network key 22 home management ensures that the VPN connection can be established and on such objects. Fig.1 tunnel 55 VPN can be installed directly between the network device 61 home management and network key 42 of the home control.

If for any reason, to establish such a direct VPN tunnel in accordance with the first variant implementation of the present invention fails or is not always possible, it may be �ispolzovana system 1 In remote control in accordance with Fig.2. In the remote control system of Fig.2 redundant network key 22 home management participates in the creation of a VPN tunnel, connecting tunnels 55a and 55b VPN. For the user of the client device, the remote control system operates the same regardless of whether the remote control system according to Fig.1 or Fig.2.

Fig.2 1B shows a system of remote control in accordance with the second preferred variant implementation of the present invention. Basically the network system 1B of the data transmission the same as the network system 1A data transmission in accordance with Fig.1. The second variant of implementation differs in the use of additional redundant network key 22 home management (HCN2K) on the Internet 2, designed to establish connections 55a and 55b for data transfer.

Variant implementation of the present invention in accordance with Fig.2 can be used in those rare cases when there are routing problems. Variant implementation of the matching system 1B remote control, and in such difficult cases provides the opportunity to establish connections with a remote object without individual programming performed at the facility of remote control by a networking expert. Implementation option in with�according to Fig.2 is necessary in situations when the network key home control and pair him network device to manage a home for some rare reason, for example, due largely limiting the connection settings, firewall NAT, can't establish a direct connection.

The problem of establishing the connection occurs if, for example, NAT firewall in a data connection replaces the source port for outgoing UDP connections on different from the original requested requesting device. In this case, the connection always fails to install. The same problem may occur if, in addition to a complete ban on incoming traffic, greatly limited the use of the outgoing ports or if the UDP connection is totally prohibited.

Variant of the implementation according to Fig.2 can also be used in networks with extremely complicated structure NAT. As an example, a situation in which the devices for two different double firewalls, you need to communicate with each other, but for some reason they can not determine the external address of the firewall NAT.

In a variant implementation of Fig.2 redundant network key 22 home management functions as the device for connecting the VPN connection between Seth�mode key 42 of the home control and networking device 61 home management. In this embodiment, the implementation of the information goes through a redundant network key 22 home management. Duplicate network key 22 home control is also made with the ability to perform automatic search IP address. However, if you want, you can ask redundant network key management house permanent IP address. Duplicate network key 22 home management also supports tunnels established both in http and https connections. Duplicate network key 22 home management, preferably also supports the functioning of the proxy server (proxy server), using which a method of controlling a housing in accordance with the present invention can be used and when in third-party data networks.

If there is a connection problem, in which the logic of Troubleshooting when connecting the remote control system 1A shown in Fig.1 doesn't work, then the customer gets redundant network key 22 home management, which is part of the system 1B remote control according to Fig.2.

First, duplicate the network key 22 home management and basic network key 42 of the home control physically connect with each other through their network interfaces, and redundant network key 22 home management receives �La information paired device from the storage device, the primary network key 42 of the home control. Then duplicate the network key 22 home control connects to the public Internet 2. This redundant network key 22 home management receives from the Internet 2 public IP address. After receiving a public IP address of the backup network key 22 home control establishes communication with the server 21 network home control. The server 21 network home control keeps in its database information about public IP address of the backup network key 22 home management and queries the network route taken by the specified key. Then duplicate the network key 22 home management notifies the server 21 of the network management home about your network key 42 of the home control. Duplicate network key 22 home management received information pertaining to the network key 42 of the home control when connected to network interface network key 42 of the home control. The server 21 network home control then passes to backup network key 22 home control network device 61 home control corresponding to the considered network key 42 of the home control.

In the remote control system 1B according to Fig.2 network key 42 of the home control network device 61 home control take information about a new additional element from the server 21 network management d�IOM. Then they request from the server 21 network management home public IP address of the backup network key 22 home management. After that, as the network key 42 of the home control and networking device 61 home control can, if necessary, directly to access public address of the backup network key 22 home management. Transmission of packets from a network device 61 of the control of the house and from the first network key 42 of the home control via redundant network key 22 home management and firewalls FW1 and FW2 occurs without difficulty, since firewalls 31 and 51 always miss the backup network key 22 home control at least outgoing TCP packets. On the other hand, firewalls FW1 and FW2 perceive packages taken from duplicate network key 22 home management, as received in response to packets previously sent in a duplicate network key 22 home management of protected specified firewall subnets 3 or 4. Accordingly, firewalls FW1 and FW2 are missing these packages are taken from duplicate network key 22 home management, in specified protected by firewalls subnet 3 and 4. Thus, in the above-described rare problematic cases can be installed VPN tunnels 55a and 55b.

Redundant network control key 22 home�m is arranged to combine the VPN connection of the pair of network devices 42 and 61 control the house, that is, to function as a communication intermediary between these devices. This function is preferably performed by connecting created at the data link layer tunnels 55a and 55b VPN as backup network key 22 home management as described above. After this connection a pair of network devices 42 and 61 control the house gets a direct connection to the Ethernet to transfer data between them.

With the use of Fig.1 and 2 described an example that demonstrates how a client device located in the housing unit that is subject to remote control, can exchange information and commands in the remote control system according to the present invention. Fig.3 is described above in the form of a block diagram.

In step 300, the network device 61 home control connects to the intranet 5 at home, and network key 42 of the home control connects to the intranet 3. All devices in the home that are subject to remote control, attached to a network device 61 home control using either a permanent connection or a wireless connection.

In step 301, the network device 61 home control network key 42 of the home control to determine its network routes. In step 302, the network device 61, the control�of the house and the network key 42 of the home control retain their network routes on the server 21 network home control.

In step 303, the device 42 and 61, in accordance with the present invention used for remote control, take the information corresponding to the paired device registered on the server 21 network home control, or information about the absence of such registration. If one of the devices 42 or 61, in accordance with the present invention included in a specified couple of devices that are not registered, the system 1A or 1B remote control after a predetermined delay 312 goes to step 313 connection standby network server to manage the house.

In the beginning the connection is established in step 304 the network key 42 of the home control network device 61 home control request from the server 21 network management home network a route corresponding paired device. The server 21 network home control checks whether the received request is a valid request from a couple of devices, then In step 305 passes in both units of the requested network routes. Then, the server 21 network home control releases the connection with both devices 42 and 61 and is no longer part of the formed tunnel 55 or 55a+55b VPN.

In step 306 the network key 42 of the home control network device 61 home management to form a tunnel between 55 or 55a+55b VPN.

In step 307 and the client device uses�the user 41a or 41b, and target device 62 to 65 in a housing attached to the formed virtual private network (VPN). A client device of the user 41a or 41b is connected to the network through VPN network key 42 of the home control. The device 62 to 65, subject to the remote management entity connected to the network via VPN network device 61 home control.

In step 308, the client device user 41a or 41b and the device 62 to 65 in the home are part of the same VPN network and can exchange information among themselves. After the delay specified in the remote control system, in step 309, the system checks the availability of activity data connection between the client device 41a/41b and the target device 62-65. If the data connection is active, then the operation returns to step 308 and the data transmission can be continued.

If in step 309 it is established that the VPN connection is no longer active, then in step 310 a decision is made about the possibility of a new attempt to establish a connection. If you have decided to perform a new attempt to establish a connection, the operation returns to step 301. In this case, preferably, also performs the operations required to release the VPN connection to the operation of establishing a connection in accordance with the present invent�amount of force could be successfully resumed. Attempts to establish a connection are performed a predetermined number of times.

If in step 310 it was decided that further attempts to establish a VPN connection will not be made in connection with the exhaustion of a predetermined number of attempts to establish a connection or for any other reason, the operation proceeds to step 311. In step 311 used the VPN data is released.

For the release of VPN to transmit data in the remote control system 1A or 1B should advance a certain delay 312. After the expiration of the delay 312, the operation proceeds to step 313 connection standby network server to manage the house. Thus working as a network device 61 home control transmits connection requests across the network to the server 21 network home control.

Network device 61 home control repeats step 314 to establish a network connection to the server 21 network home control.

If the data connection with the server 21 network of house control set, then in step 314 the decision to transition operations to establish the VPN connection, and the operation returns to step 301.

All of the above steps are accomplished by the commands of the program executable suitable for this purpose processor, a special or General purpose. The team said program is stored on the nose�body of information in a network device 61 of the control of the house and in the network key 42 of the home control, for example, in the memory from which the processor can read these commands and execute them. Such machine-readable data carrier can, for example, be specialized components, such as program memory device flash memory device with USB interface, programmable logic arrays (FPLA), specialized integrated circuits (application-specific integrated circuit, ASIC) and digital signal processors (digital signal processor, DSP).

Fig.4 illustrates the main functional modules of a network device 61 of house control in accordance with the present invention. Network device 61 of the control house contains 621 source of nutrition. It could be the battery or the power source, powered from the mains. All electrical components of the network device management home receive power from a power source 621.

Network device 61 home control includes one or more processors 622. The processor or the processor unit may include an arithmetic logic unit, a group of registers for different purposes and control circuits. To a processor device connected to the system 623 data storage, e.g. memory or storage device that can store computer-readable program, or user information. Storage device 623, as a rule, includes m�Dooley memory allowing both reading and writing information (random access memory, RAM), and memory modules containing non-volatile storage device, from which it is only possible to read data (read only memory, ROM). Information identifying the device, its current network path, information identifying the network key 42 of the home control, which for a given device pair, and all programs necessary for the operation of a network device 61 home control is stored, preferably, in the specified storage device.

For example, in the memory of the network device 61 home control can store the operating system (e.g. Linux), software TCP/IP, VPN (e.g. OpenVPN), client/ DHCP server program (for example, ISC DHCP), DNS server (for example, dnsmasq), the program database (e.g., SQLite), remote control (for example, OpenSSH), management program certificates and confirmations (for example, GPG) and user interface library (for example, LuCI).

Network device 61 home control also includes interface elements, including device 624, 625 and 626 I/ o for receiving or transmitting information. Information accepted by the input device, is transmitted for processing in processornamestring 622 network device 61 home management. Interface of network devices of the home control transmit information or data network, or in an external processing unit. Interface elements of the network device 61 home management are, preferably, port 624 WAN, one or more ports 625 LAN and port 626 of the antenna.

Fig.5a illustrates the main functional modules of the network key 42 of the home control in accordance with the present invention. Network key 42 of the home control has a source 421 power. It could be the battery or the power source, powered from the mains. All electrical components of network devices of the home control receive power from the source 421.

Network key 42 of the home control includes one or more processors 422. The processor or the processor unit may include an arithmetic logic unit, a group of registers for different purposes and control circuits. To a processor device connected to the system 423 data storage, e.g. memory or storage device that can store computer-readable program, or user information Storage device 423, typically includes memory modules, allowing both reading and writing information (random access memory, RAM), and memory modules containing EN�lonesomedove storage device, from which it is only possible to read data (read only memory, ROM). Information identifying the device, its current network route identification information of the network devices of the home control, which paired devices, and programs necessary for operating the network key 42 of the home control, is stored, preferably, in the specified storage device.

For example, a network key 42 of the home control can store the operating system (e.g. Linux), software TCP/IP, VPN (e.g. OpenVPN), client/ DHCP server program (for example, ISC DHCP), DNS server (for example, dnsmasq), the program database (e.g., SQLite), remote control (for example, OpenSSH), management program certificates and confirmations (for example, GPG) and user interface library (for example, LuCI).

Network key 42 of the home control also includes interface elements, including device 424, 425 and 426 I/o for receiving or transmitting information. Information accepted by the input device, is transmitted for processing in the processor unit 422 network key 42 of the home control. Interface of network devices of the home control transmit information or data network or an external device �of processing data. Interface elements of the network key 42 of the home control are, preferably, the port 424 WAN, port 425 LAN port 426 and USB port 627 antenna.

Fig.5b illustrates the main functional modules of the backup network key 22 home management in accordance with the present invention. Duplicate network key 22 home management 421a has a source of power. It could be the battery or the power source, powered from the mains. All electrical components of the backup network key 22 home management receive voltage from the power source 421a power.

Duplicate network key 22 home management includes one or more processors 422a. The processor or the processor unit may include an arithmetic logic unit, a group of registers for different purposes and control circuits. To a processor device connected to the system 423a data storage, e.g. memory or storage device that can store computer-readable program, or user information. Storage device 423a typically includes memory modules, allowing both reading and writing information (random access memory, RAM), and memory modules containing non-volatile storage device, from which it is only possible to read data (permanent storage device�in, The ROM). Information identifying the device, its current network path, information identifying the network key 42 of the home control network device 61 home management which paired devices, and programs necessary for the operation of the backup network key 22 home control, is stored, preferably, in the specified storage device.

For example, in the memory of the backup network key 22 home management can store the operating system (e.g. Linux), software TCP/IP, VPN (e.g. OpenVPN), client/ DHCP server program (for example ISC DHCP), the program database (e.g. SQLite), management program certificates and confirmations (for example, GPG) and user interface library (for example, LuCI).

Duplicate network key 22 home management also includes interface elements, including devices 424a and 424b input/ output for receiving or transmitting information. Information accepted by the input device, is transmitted for processing in the processor unit 422a redundant network key 22 home management. Interface of network devices of the home control transmit information or data network, or in an external processing unit. Interface elements of the duplicate network key 22 is administered�I home are, preferably, the WAN ports 424a and 434b, of which there are two or more.

Fig.6 illustrates the main functional modules of the server 21 network home control. The server 21 network control house contains the source 211 power. It could be the battery or the power source, powered from the mains. All electrical components of the server 21 of the control network is home to receive the voltage from the power source 211.

The server 21 network home control includes one or more processors 212. The processor or the processor unit may include an arithmetic logic unit, a group of registers for different purposes and control circuits. To a processor device connected to the system 213 data storage, e.g. memory or storage device that can store computer-readable program, or user information. Storage device 213 typically includes memory modules, allowing both reading and writing information (random access memory, RAM), and memory modules containing non-volatile storage device, from which it is only possible to read data (read only memory, ROM). Identification data paired devices in the remote control system, the current network routes each pair of devices and all the programs needed DL� establish VPN connections for data transmission between pairs of devices, stored, preferably, in the specified storage device.

For example, in the server memory 21 of the management network of the house can store the operating system (e.g. Linux), software TCP/IP, client/ DHCP server program (for example ISC DHCP), DNS server (e.g. bind), database (e.g. SQLite), management program certificates and confirmations (for example, GPG) and user interface library (for example, LuCI).

The server 21 network management also includes interface elements, including devices 214 and 215 I/o for receiving or transmitting information. Information accepted by the input device, is transmitted for processing in the processor unit 222 of the server network 21 home management. Interface server 21 network home control transmit information or data network, or in an external processing unit. Interface elements of the server 21 network management house are, preferably, the port of WAN 214 and one or more ports 215 LAN. The server 21 network home control also preferably includes a user interface module (not shown in Fig.6), which includes a device for receiving information from the user, the server 21. The user interface module may include a keyboard, touch screen, microphone acoustic emitter.

We have described above certain preferred embodiments of a method of remote management and remote control system in accordance with the present invention. The present invention is not limited to the above embodiments, and the basic idea of the invention can be used in various ways without going beyond the scope of the claims of the present invention.

1. Method of remote control of actuators (62-65) in the dwelling between the client device (41a, 41b) of the user controlling the actuators and located in a first network (4) data transmission, and an actuating device (62-65) subject to remote control and located in the second network (6) data transmission, creates a virtual private network (55), characterized in that
- client device (41a, 41b) is connected (300) to the first network terminal (42) in the first network (4) data;
- the Executive unit (62-65) subject to remote control, connecting (300) to the second network terminal (61) in the second network (6) data;
- as the first network terminal and the second network terminal connects (301) to the server (21) network management house, located in the Internet (2);
- as the first network terminal (42) and a second network terminal (61) with CE�'yu establish end-to-end data transfer connection between said network terminals request (304) from the server (21) of the network home control route information; and
- server (21) the management of the house after receiving a query about the route and from the first network terminal and the second network terminal transmits (305) of the requested route information to the first network terminal (42) and a second network terminal (61) and the first network terminal (42) and a second network terminal (61) using this information create a virtual private network (55), which the server (21) of the network home control doesn't belong (306).

2. A method according to claim 1, characterized in that the server (21) of the network management home before transmission (305) for the first network terminal (42) and a second network terminal (61) information about the network route is required for the formation of a virtual private network (55), identifies (303, 304) of the first network terminal (42) and a second network terminal (61) as defined in the manufacture of a few devices.

3. A method according to claim 2, characterized in that the first network terminal (42) determines (301) your network route from the first network (4) data transmission in the Internet (2), the second network terminal (61) determines (301) your network path from the second network (6) data transmission in the Internet (2), the first network terminal and the second network terminal guard (302) certain specified information about the network route to the server (21) of the network home control, and the server management network house for the purpose of education virtual cha�a combined network (55) passes the specified network routes in the first network terminal and the second network terminal.

4. A method according to claim 3, characterized in that the formed (306) between the first network terminal (42) and a second network terminal (61) virtual private network (42, 55, 61) connected (307, 308) as a client device (41a, 41b) and the device (62-65) subject to remote control, formed either at the data link layer (layer 2) or network layer (layer 3) of the OSI model.

5. The system (1A, 1B) remote control actuators (62-65) in housing that contains
- the first network (4) data transmission, connected to the first network terminal (42) connected to the client device (41a, 41b) of the user controlling the actuators to be remote control;
- at least one second network (6) data transmission, is connected to a second network terminal (61) is connected to actuators (62-65) subject to the remote control;
- one or more other networks (2, 3, 5) data transmission, one of which is the Internet network (2) between the first network (4) data transmission and a second network (6) data transmission; and
- connected to Internet (2) server (21) of the network home control,
characterized in that
- the first network terminal (42) and a second network terminal (61) is arranged to establish a data connection with the server (2) network control house for the purpose of establishing between said network terminals (42, 61) mutually directed vias (55) data;
- the first network terminal (42) and a second network terminal (61) is arranged to request from the server (21) of the network home control route information for the purpose of establishing end-to-end data transfer connection between said network terminals; and
- the server (21) of the network home control configured to, after receiving requests for a route from the first network terminal (41), and from the second network terminal (61) of the transmission of specified information about the route in a first network terminal (42) and a second network terminal (61) and the first network terminal (42) and a second network terminal (61) is arranged to create using this information the virtual private network (55), which the server (21) of the network home control doesn't belong.

6. A system according to claim 5, characterized in that the server (21) of the network home control made with the possibility before transmission in the first network terminal (42) and a second network terminal (61) information about the network route is required for the formation of a virtual private network (55), to identify the first network terminal (42) and a second network terminal (61) as defined in the manufacture of a few devices.

7. A system according to claim 6, characterized in that the first network terminal (42) is provided with the ability to define�management of your network route from the first network (4) data transmission in the Internet (2), a second network terminal (61) is arranged to determine its network route from the second network (6) data transmission in the Internet (2), the first network terminal and the second network terminal is arranged to maintain certain specified information about the network route to the server (21) of the network management and the network server home control made with the possibility of transfer of the specified network routes in the first and second network terminal to form a virtual private network (55).

8. A system according to claim 7, characterized in that the formed (306) between the first network terminal (42) and a second network terminal (61) virtual private network (42, 55, 61) connected (307, 308) as a client device (41a, 41b) and the device (62-65) subject to remote control, formed either at the data link layer (layer 2) or network layer (layer 3) of the OSI model.

9. Network key (42) home management to execution units in a dwelling containing
- elements of a network interface, including a means (424, 425, 426, 427) I/o for network interfaces (3, 4);
- processor (422); and
memory (423), which contains computer program code;
characterized in that said processor, memory and stored computer program code provides the opportunity
- definition of the CE�left route from the network key (42) home control in the Internet (2);
- maintain a particular specified network route in memory (423) network key home management, and in memory (213) web server (21) of the network home control;
- request from the server (21) of the network control information about the network route specified in the manufacture of the pair of network terminal (61) for the purpose of establishing end-to-end data transfer connection between said network terminals;
- receiving from the server (21) of the network control information about the network route of the pairwise network terminal (61); and
- using the received information about the network route of education with its predetermined pair network terminal (61) virtual private network (55) for remote control of actuators of the home, which the server (21) of the network home control doesn't belong.

10. The network key according to claim 9, characterized in that made with the possibility of formation of the specified virtual private network (42, 55, 61) either at the data link layer (layer 2) or network layer (layer 3) of the OSI model.

11. Network device (61) home management to execution units in a dwelling containing
- elements of a network interface, including a means (624, 625, 626) I/o interface (5) and devices (62-65) subject to the remote control;
- p�of ocessor (622); and
memory (623), which contains computer program code,
characterized in that said processor, memory and stored computer program code provides the opportunity
- determine the network route from the network device (61) home control in the Internet (2);
- maintain a particular specified network route in memory (623) network device management house, and in memory (213) are online (2) of the server (21) of the network home control;
- request from the server (21) of the network control information about the network route specified in the manufacture of the pair of network terminal (42) for the purpose of establishing end-to-end data transfer connection between said network terminals;
- receiving from the network server home management information about the network route of the pairwise network terminal (42); and
- using the received information about the network route, education, paired with his network terminal (42) virtual private network (55) for remote control of actuators of the home, which the server (21) of the network home control doesn't belong.

12. The network device according to claim 11, characterized in that made with the possibility of formation of the specified virtual private network (42, 55, 61) either at the data link layer (layer 2) or network level (LVL�out 3) of the OSI model.

13. The server (21) network control house containing
- elements of a network interface, including a means (214, 215) input/output;
- a processor (212); and
memory (213), which contains computer program code,
characterized in that said processor, memory and stored computer program code provides the opportunity
- storing in the memory of the network server home control information identification, predetermined in the manufacture of the pair of network terminals (42, 61) formed by the two network terminals used for remote control housing;
- receiving from said pair of network terminals (42, 61) of them information about a specific network route.
- receiving from the first network terminal (42) request information about the network route in advance of a given pair of network terminals; and
- receiving from the second network terminal (61) request information about the network route in advance of a given pair of network terminals; and further
- determine which network the terminal is a predetermined pair of the network terminal to the first network terminal (42) that submitted the query network route;
- check whether the first network terminal (42) and a second network terminal (61) of a predetermined pair of devices; and if these terminals are predetermined pair of us�devices,
- transmit information about the network route to a specified pair of network terminals in the first network terminal, (42) and a second network terminal (61);
- receiving information about the specified pair of network terminals (42, 61) the address space and transmitting information about valid address space in a network device (61) home management; and
- release connections for data transfer with a pair of network devices (42, 61) after the transfer of information about the network route.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: device comprises: an input/output facility for network interfaces; a processor and a memory, which contains a computer software code; at the same time the specified processor, memory and computer software code stored in the memory provide for possibility to receive a unique identification code of the device transmitted by its unique paired network terminal, which is a unique terminal, with which it is possible to establish a connection to transfer data only for a network key of house management, or to transfer one's own identification code of the device into one's own paired network terminal, when the network key of house management and the unique paired network terminal are connected to each other by means of their USB ports.

EFFECT: increased safety of data transmission.

9 cl, 7 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to an in-flight entertainment system. The in-flight entertainment system includes a plurality of head-end line replaceable units physically interconnected in a ring configuration and a plurality of serially-connected networking line replaceable units physically interconnected in a serial configuration, wherein two of the serially-connected networking line replaceable units at the edge of the serial configuration are physically interconnected with two of the head-end line replaceable units, respectively, wherein a loop-free head-end data path is maintained between active head-end line replaceable units by regulating link participation in the data path, and wherein one or more loop-free serially-connected data paths are maintained between at least one of the two head-end line replaceable units and active serially-connected networking line replaceable units.

EFFECT: high efficiency of communications of components of an in-flight entertainment system.

10 cl, 13 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to multiprotocol telecommunication data transmission means. The system enables to create a network with data relay and routing based on navigation information. The data transmission means comprises a signal (2) type detection and determination unit, a scanning receiver (28) for air scanning and transmission of a set of reports to a frequency spectrum (29) computer, intended for transmission thereof to the signal (30) type determination unit, designed to determine a set of frequencies corresponding to the detected signal based on geographic coordinates obtained from a navigator (14), and also notify a monitoring and control telecommunication module (1), selecting a corresponding radio station connected to a switch (12), for signal modulation with parameters corresponding to the detected parameters. The telecommunication network comprises radio stations with or without an Ethernet standard IEEE 802.3 interface, and telecommunication network (461-46q) data transmission means, the switches (12) of which are connected to the radio stations with or without an Ethernet standard IEEE interface.

EFFECT: constructing a data transmission network without setting the broadcast frequency and parameters of radio stations which are part of the network.

3 cl, 8 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method comprises forming a database of content units to a user or group of users, formed on a particular list and, based on the list, making a more precise calculation of the required channel resources in the system by building a queue of orders for rate reservation for each ordered content unit for each user or group of users; combining the same orders and multicasting the same custom content units to the user or group of users; carrying out automatic switching of the user access device to a content channel that has already broadcast a content unit in accordance with its request. The allocation of resources is also carried out through creating dynamic content feeds that include content units of duration T to be transmitted to groups of user access devices at certain time intervals.

EFFECT: high optimisation of broadband access channel resources.

17 cl, 8 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to database management and specifically to database applications for performing certain functions on databases. The technical result is achieved due to a database server application program which is provided such that it is configured to provide a programmable interface into a database application through uniform resource locators (URL) of database services. A database services URL used by the database application can be updated programmatically by program code executing within or under control of the database server application program. A macro action for use in conjunction with a database server application that provides functionality for displaying a database object, such as a form or report, locally in a Web browser is also described.

EFFECT: enabling users without a copy of the client database application to gain access and use the database application through a Web browser and a local or wide area network.

19 cl, 8 dwg

FIELD: physics, computer engineering.

SUBSTANCE: group of inventions relates to a method of redirecting an Internet protocol (IP) packet in a network element and a network element for redirecting an IP packet through Ethernet segments. A network element comprises a virtual router, which connects at least two level 2 network segments to allow data transmission in between, wherein each level 2 network segment is connected to a corresponding I-SID value, wherein each network element is configured to receive, from the level 2 network segment, an Ethernet frame in which an IP packet is encapsulated, wherein the IP packet contains the IP address of the recipient, and the Ethernet frame contains the I-SID and MAC address of the recipient associated with the virtual router, and when the MAC address of the recipient in the received Ethernet frame is associated with the virtual router, perform at least one routing data stream processing in the encapsulated IP packet, wherein said routing data stream processing includes identification of the level 2 network segment associated with the IP address of the recipient in the IP packet, and direct the IP packet to the identified level 2 network segment in the Ethernet frame with the I-SID associated with the identified level 2 network segment.

EFFECT: optimising data routing in a network.

12 cl, 3 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to controlling transmission of data to medical devices. A system for controlling transmission of data to and/or from medical devices, wherein medical devices are divided into separate groups of at least one medical device in each case, wherein each group of medical devices at a first level of transmitting data via a first network is directly connected in each case to a communication device located at a second data transmission level for transmitting, storing and controlling data, and means are provided to facilitate communication between said communication devices with a common central server device located at a third data transmission level, for storing, controlling and transmitting data, wherein said means represent a second network which is independent and separated from the first network and which directly connects the communication device with the common central server device located at the third data transmission level.

EFFECT: providing continuous fail-proof data transmission between medical devices without data loss during transmission.

11 cl, 3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: domain-wide unique node identifiers and unique service identifiers are distributed within a MPLS domain using a routing system LSA. Nodes on the MPLS network compute shortest path trees for each destination and install unicast forwarding state based on the calculated trees. Nodes also install multicast connectivity between nodes advertising common interest in a common service instance identifier. Instead of distributing labels to be used in connection with unicast and multicast connectivity, the nodes deterministically calculate the labels. Any number of label contexts may be calculated. The labels may either be domain-wide unique per unicast path or may be locally unique and deterministically calculated to provide forwarding context for the associated path. Multicast and unicast paths may be congruent, although this is not a requirement.

EFFECT: improved communication.

16 cl, 7 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to connection processing systems and methods using a temporary port. The technical result is achieved using a proxy server which imitates a status from the server through changes in the states of the temporary port. The connection processing system using a temporary port comprises an application, an interception means, a connection establishing means and a remote server. The application initiates connection establishment with the remote server by sending network requests. The interception means intercepts network requests from the application to the remote server and initiates creation of a temporary port. The connection establishing means establishes a connection with the remote server after interception, creates a temporary port and imitates the status from the server by changing the state of the created temporary port. The remote server establishes a connection in response to the network requests.

EFFECT: enabling establishment or termination of a connection between an application and a remote server.

8 cl, 5 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to methods and apparatus for selecting a gateway in a wireless communication system. A method of selecting a gateway (GW) in a mobility management entity (MME) in a wireless communication system comprising steps of receiving a connection request message from a home evolved Node B (HeNB); determining if the connection request message includes a local gateway (L-GW) address; and if the connection request message includes a L-GW address, selecting a GW using the L-GW address.

EFFECT: efficient gateway search using core network equipment.

24 cl, 12 dwg

FIELD: wireless interface technology.

SUBSTANCE: one protocol of network messaging is a control protocol for NDIS device. Also, multiple software products for operation in circuit-based, i.e. bus-connected, network, can also be used for any wireless Bluetooth network.

EFFECT: broader functional capabilities.

3 cl, 3 dwg, 1 tbl

FIELD: wireless communications.

SUBSTANCE: estimate of time needed for transfer and confirmation of receipt is synchronized by both sides of radio communication line protocol without necessity for three-side synchronization of communication establishing process usually necessary for said synchronization. Method includes procedures used by both sides of communication line to dynamically renew and correct their starting estimates of time needed for transfer and confirmation of receipt.

EFFECT: higher efficiency, broader functional capabilities.

7 cl, 8 dwg

FIELD: computer science.

SUBSTANCE: device has programmable controller with software integrated in random-access and hard memory for functions of gathering and processing of information about peripheral devices of segment, buffer memory, output register, input register, clock generator, power block, buffer output cascade of force outputs ad buffer input cascade for inputs.

EFFECT: higher efficiency, broader functional capabilities.

4 cl, 6 dwg

FIELD: mobile communication systems.

SUBSTANCE: proposed method used for Internet protocol (IP) mobile centers in heterogeneous networks with real-time applications includes following procedures: module 134 designed for managing interfaces of mobile center 10 checks mobile center for available network interfaces 14 - 17, generates recoding table with available and configurable interfaces 14 - 17, and communicates with applications 11 of interfaces 14 - 17. Applications 11 of IP mobile center 10 are given access to heterogeneous networks through virtual network IP interface 133 organized in mobile center 10; this IP interface 133 communicates with current network 21 - 24 through interface management module 134. Changing interface 14 - 17 of mobile center 10 updates communications of IP permanent virtual network interface with network 21 - 24 basing on recoding table by means of interface management module 134.

EFFECT: ability of change-over from one network connection to other in heterogeneous networks without interrupting internet protocol applications.

16 cl, 9 dwg

FIELD: engineering of telecommunication equipment.

SUBSTANCE: wireless initialization device is a system for administrating computer data traffic, capable of routing TCP/IP traffic with utilization of 2,4 GHz equipment. Aforementioned wireless initialization device, strategically, is subject to positioning in areas of logical segments of wireless network for facilitation of traffic administration. This device operates to provide for possible connection between wireless access points and main line. Device also may be positioned in client local network, providing possibility of access to global network. Wireless device has authentication means, maintaining operative connection with operation system. Wireless device is capable of filtering IP-addresses, controlling a firewall and/or router and/or bridge.

EFFECT: increased effective TCP/IP traffic capacity for global network or local network, at the same time, realization of safe administration and improved integrity.

2 cl, 3 dwg

FIELD: mobile electronic commerce.

SUBSTANCE: method includes receipt by operations execution system of request for operation from operation requester, and identification of operation requester. After identification of requester of operation, code of operation is transferred from operations executing system to wireless communication device of requester. After receiving operation code, operation code is optically scanned from video terminal of wireless communication device of requester by the system for executing operations.

EFFECT: improved comfort of commercial operations performed over wireless electronic commerce network while providing for safety of these.

5 cl, 10 dwg

FIELD: systems and methods for advancing traffic streams with guaranteed quality of service in network.

SUBSTANCE: proposed method involves use of dispatch network resource managers to execute service function ensuring desired quality of service (QoS) similar to and separated from route choice function for IP bursts in Internet Protocol dispatch networks at transfer channel control level. Upon completion of route choice dispatch network resource managers control routers so as to enable traffic streams to run on the way assigned by resource manager in dispatch network with aid of multilayer label stack technology. Proposed system implements this method.

EFFECT: enhanced reliability of system.

14 cl, 12 dwg

FIELD: computer science, possible use for constructing multiple protected virtual networks.

SUBSTANCE: source IP packet of protected virtual network is encoded, network consisting of separately standing computers or portion of computers from local area network or computers of several local networks, output packet is formed including encoded packet (encapsulation), while at each computer, which can be utilized in several protected virtual networks, for each created protected virtual network separate long-term memory block is assigned, wherein separate operation system is recorded, adjusted for current virtual network, and access to long-term memory block and loading of operation system of each protected virtual network is performed after checking user rights, while access to memory blocks of each protected virtual network from other virtual networks is blocked by means of limiting access.

EFFECT: expanded functional capabilities.

2 cl, 11 dwg

FIELD: technology for providing centralized remote control over digital television systems.

SUBSTANCE: interface of global WAN network is emulated for IP datagram over original remote interface of adapter and simple IP datagram transfer function is added between global WAN network interface and original Ethernet network interface in accordance to protocols stack. Therefore, system for controlling local network of digital television system performs IP connection to systems for controlling local area networks LANs of other digital television systems, then datagram is transformed to transport packets and transferred jointly with other transport packets via one and the same channel.

EFFECT: possible exchange of control data via network without mounting an additional commutation network.

9 cl, 8 dwg

FIELD: mobile electronic commerce.

SUBSTANCE: method for realization of wireless operation includes placing an order for operation from wireless communication device to operation device and transfer of spoken operation authentication code from wireless communication device to operation device. After authentication of spoken authentication code wireless communication device receives code of operation. After receiving operation code, operation code is displayed on video terminal of wireless communication device and optically scanned from it for providing a legal commercial operation.

EFFECT: increase comfort of commercial operation in wireless electronic commerce network while providing for safety of said operations.

3 cl, 11 dwg

Up!