TWI491209B - Router and security system using the same - Google Patents

Description

Router and security system

The present invention relates to a network device and system, and more particularly to a router and security system.

In recent years, in order to protect the environmental security of homes, office buildings, shopping malls, factories, hospitals, etc., private or public places, most homes, businesses, or businesses usually install security systems to monitor environmental safety. With the development of the Internet, the security system has been traditionally connected to the user terminal and the remote monitoring center through telephone communication, and is updated to use the network communication channel for data and information transmission.

At present, under the architecture of the security system, the management server of the remote monitoring center generally communicates with multiple security devices in the security system through multiple routers. Specifically, conventional routers usually have a wide area network interface connected to an external network and a local area network interface connected to the internal subnet, and serve as a bridge between the external network and the internal network. The router can perform Network Address Translation (NAT) based on the public address it has to configure multiple internal addresses to form a subnet with the private address of the network device connected to it. Therefore, in the security system, the router generally replaces the address of the received data (for example, the data packet transmitted by the remote monitoring center), and then transmits the corresponding information to the security devices in the internal subnet.

However, in the architecture of the security system, the remote monitoring center can only transmit data and information through the router, and cannot establish direct communication with the security devices. path of. In addition, when the remote monitoring center manages the routers in the security system, the user terminals of the routers must be individually logged into the router to modify, configure and obtain the private addresses of the security devices of the routers, and increase the installation and installation. Manage the complexity of the security system. Moreover, each router can provide a limited private address, and as the monitoring function and scope of the security system expands, the number of routers and internal sub-networks increases, which in turn increases security system hardware installation. Management or communication complexity.

In view of this, an embodiment of the present invention provides a router and a security system, where the router can divide the security system into multiple sub-domains, and actively transmit the address information of each network device in the sub-domain to the remote network. The end servo system is used for the remote servo system to directly monitor the network devices, thereby improving the monitoring efficiency of the security system. Thereby, the router of the present invention and the security system constructed by the router of the present invention can provide reverse control functions, so that the remote administrator can directly obtain the network address inside the network network for management and setting. In addition, the external servo module in the router provides the VoIP (Voice over IP) servo function, which can be used as a VoIP server, allowing the user of the router to construct a private VoIP environment, thereby reducing the use and architecture of VoIP. the cost of.

The embodiment of the invention provides a router, which is suitable for being connected between an upper layer router and a plurality of network devices. The upper router performs a first network address translation procedure to establish a first subdomain and assign a first private address to the router. The router includes a router module, a network module, and an external servo module. The router module is coupled to the upper router and the network devices. The router is configured to set the first private address as a public address, and perform a second network address translation procedure based on the public address to establish a second subdomain. The network module is coupled to the router module. The external servo module is coupled to the router module via the network module. The external servo module is configured to obtain an address allocation table in the router, and transmit the address allocation table to the remote server via the routing module. system. The router is located in the first sub-domain, and the network devices are located in the second sub-domain, wherein the address allocation table records a plurality of network addresses corresponding to the network devices.

Embodiments of the present invention provide a security system including a remote servo system, an upper layer router, and a plurality of routers. The upper router is connected to the remote servo system via the network and is configured to perform a first network bit address translation (NAT) procedure to establish the first subdomain. A plurality of routers are connected to the upper router via the network. Each router also includes a router module, a network module, and an external servo module. The router module is coupled to the upper router and the plurality of network devices, and sets the first private address obtained from the upper router as the public address. The router module performs a second network bit address translation (NAT) procedure based on the public address to establish a second subdomain. The network module is coupled to the router module. The external servo module is coupled to the router module via the network module. The external servo module is configured to obtain an address allocation table in the router, and transmit the address allocation table to the remote servo system via the routing module. The router is located in a first sub-domain and the network devices are located in a second sub-domain. The address allocation table records a plurality of network addresses corresponding to the network devices.

In summary, the router and the security system provided by the embodiments of the present invention are used in the security system, and the bits of the network device connected to the router can be established while establishing the corresponding subdomain in the security system. The address allocation table actively transmits the remote servo system for the remote server system administrator to obtain the network address of the network device. The administrator of the remote servo system can directly connect the network device according to the network address of the network device in the address allocation table to configure and monitor the network device address of the network device. Accordingly, the router provided by the embodiment of the present invention can increase the convenience of installation and control of the security system, and improve the monitoring efficiency of the security system.

The detailed description of the present invention and the accompanying drawings are to be understood by the claims The scope is subject to any restrictions.

1, 2‧‧‧Security system

10, 20‧‧‧ Remote servo system

12, 22‧‧‧ Network

14, 24‧‧‧ upper router

140, 240‧‧‧ first subdomain

16, 16', 26a~26c‧‧‧ router

160, 260a~260c‧‧‧second subdomain

162‧‧‧ router module

164‧‧‧Network Module

166, 166'‧‧‧ external servo module

1662‧‧‧Central Processing Unit

1664‧‧‧Internal network module

1666‧‧‧ memory unit

18, 18a~18d, 28a~28h‧‧‧ network equipment

1 is a functional block diagram of a security system according to a first embodiment of the present invention.

2 is a functional block diagram of a router according to a first embodiment of the present invention.

FIG. 3 is a functional block diagram of a router according to a second embodiment of the present invention.

4 is a functional block diagram of a security system according to a third embodiment of the present invention.

[First Embodiment]

Please refer to FIG. 1. FIG. 1 is a schematic functional block diagram of a security system according to a first embodiment of the present invention. The router corresponding to each sub-domain in the security system of the embodiment can actively transmit the address allocation table of the corresponding multiple network devices in the router to the remote servo system through the network for management of the remote servo system. Manage and monitor these network devices.

The security system 1 includes a remote server system 10, a network 12, an upper router 14, a plurality of routers 16, and a plurality of network devices 18a-18d. The upper router 14 is connected to the remote servo system 10 via the network 12. A plurality of routers 16 are respectively connected between the upper router 14 and the network devices 18a-18d. The upper router 14 can connect to the routers 16 either by wire (e.g., Ethernet) or wirelessly. The network devices 18a-18d may be connected to the routers 16 via RJ45 connectors. The firewall between the remote server system 10 and the network 12 or between the network 12 and the upper layer router 14 may further include a firewall to filter the exchange of information packets to improve the security of the security system 1.

In this embodiment, the routers 16 actively transmit the address allocation table corresponding to the network devices 18a-18d to the remote server system 10 via the upper router 14 and the network 12. The remote servo system 10, in turn, can communicate directly with the network devices 18a-18d. The remote servo system 10 can be, for example, a monitoring server disposed at a remote monitoring center.

Further, the upper layer router 14 has a Wide Area Network (WAN) interface (not shown) and a Local Area Network (LAN) interface (not shown). Wide Area Network (WAN) The face and area network interface is a circuit of the physical layer, which is responsible for the port of the wide area network and the area network and handles the packet transmission. The upper router 14 can connect to a data machine through a wide area network interface, for example, a telephone line conforming to the RJ-11 specification to connect with the network 12 and the remote servo system 10, and connect, for example, a cable conforming to the RJ-45 specification through a regional network interface. The line connects to a plurality of routers 16 in the area network.

In this embodiment, the security system 1 uses the Internet Protocol version 4 (IPv4) network communication protocol for communication, that is, each address includes four bytes, and each bit is The group includes 8 bits. It is known that in the IPv4 network communication protocol, the upper router 14 can be configured with 254 network addresses in the network segment of the first sub-domain 140, so that 254 routers 16 can be connected. However, the security system 1 can also communicate according to the network protocol of the Internet Protocol version 6 (IPv6) according to the actual architecture and the operation requirements. This embodiment is not limited.

The upper router 14 has an externally recognized address (for example, provided by a carrier), and can perform a first Network Address Translation (NAT) procedure to establish the first subdomain 140 and assign the first A private IP address is given to each of the routers 16. In other words, when the routers 16 are connected to the upper router 14, the upper router 14 can automatically perform a Dynamic Host Configuration Protocol (DHCP) to allocate the first private address to each connected router 16 .

Briefly, when the router 16 connects to the upper router 14, it can send a broadcast message, and the upper router 14 requests a dynamic network address. The upper router 14 provides an available address according to the currently configured address. The first private address and the corresponding subnet are masked to the router 16. Accordingly, the upper router 14 can automatically allocate the first private address to the router 16, and only apply to the upper private router 14 when the router 16 is powered on, and immediately return it after use, effectively saving the first. The number of network addresses used by 140 in the subnet domain.

More specifically, when any of the routers 16 in the first subdomain 140 are connected to When the upper router 14 is used, the router 16 transmits a DHCP discovery packet to the upper router 14 to receive the DHCP providing packet returned by the upper router 14 in response. Thus, the router 16 can resolve the assigned first private address of the upper router 14 according to the DHCP providing packet, and automatically set the public address (ie, the network address of the WAN port), so that the public address of the router 16 and the upper router 14 is on the same network segment. At the same time, router 16 also sets the private address of router 16 (i.e., the network address of the LAN port) based on the first private address.

It should be noted that, in this embodiment, the plurality of routers 16 are included in the first sub-domain 140. In practice, the first sub-domain 140 may also include network devices such as a router 16, a personal computer (PC), and a personal digital assistant. After the upper router 14 finishes assigning the first private address (private IP address) to each of the routers 16 in the first sub-domain 140, the upper-layer router 14 automatically establishes an address allocation table corresponding to the first sub-domain 140. And transmitting to the remote servo system 10 via the network 12 using the wide area network interface. The address allocation table of the first sub-domain 140 records the first private address corresponding to the configuration of the plurality of routers 16 in the first sub-domain 140, and is stored in the upper-layer router 14.

Each router 16 sets the first private address as a public IP address as described above, and performs a second network address translation procedure based on the public address to establish the second sub-domain 160. Each router 16 is configured with a network address for each of the network devices 18a-18d. The network devices 18a-18d are located in the second subdomain 160, respectively. The network segment of the second sub-domain 160 may be different from the network segment of the first sub-domain 140. For example, the network segment of the first sub-domain 140 may be 192.168.0.X, and the second sub-domain 160 The network segment can be 192.168.1.X. Since the network segment 18a-18d of the second sub-domain 160 is established by the same router 16, the corresponding network mask is also the same.

In detail, when the network devices 18a-18d in the second sub-domain 160 are connected to the corresponding router 16, the router 16 automatically performs a dynamic host configuration agreement procedure to allocate network addresses to each of the routers. The network devices 18a-18d are connected. For example, the network devices 18a-18d will transmit DHCP to the router 16. The packet is now encapsulated and receives a DHCP-provided packet that is returned by the router 16 in response. Therefore, the network device further provides a private address of the packet resolution router 16 according to the DHCP (ie, the network address of the router 16), so that the private address of the network device in the second sub-domain 160 (ie, the network) The network address of the LAN port of the device is in the same network segment as the router 16. In addition, when the network devices 18a-18d are not turned on or disconnected, the corresponding network address is returned to the router 16 for reconfiguration.

After each router 16 completes the dynamic host configuration protocol procedure, that is, after assigning the network address to the network devices 18a-18d in the second subdomain 160, the router 16 automatically establishes a corresponding second subdomain. The address allocation table of 160 is transmitted to the remote servo system 10 via the upper layer router 14 via the network 12. The address allocation table of the second sub-domain 160 records the network addresses of the network devices 18a-18d corresponding to the second sub-domain 160, and stores each of the routers 16.

In addition, in this embodiment, the network devices 18a-18d are disposed in each monitoring area, such as a monitoring area of an office building. The network devices 18a-18d may include, but are not limited to, various types of sensors, card readers, access control systems, video door phones, emergency phones, digital video recorders. , DVR), Network Video Recorder (NVR), surveillance video recorder, Closed Circuit television (CCTV) or digital assistant.

According to this, the remote server system 10 can transmit the address allocation table of the first sub-domain 160 and the address allocation table of the second sub-domain 160 of the router 16 according to the upper-layer router 14 to obtain the network devices 18a-18d. The path of communication. The remote server system 10 can then directly connect the network devices through the upper router 14 and the corresponding router 16 according to the address allocation table of the first sub-domain 160 and the address allocation table of the router 16 transmitting the second sub-domain 160. 18a~18d for control, thus improving the efficiency of information transmission. The remote servo system 10 can directly grasp the real-time information of each of the network devices 18a-18d in the security system 1 to improve the monitoring efficiency of the security system 1. In addition, under this architecture, if the network bits of the network devices 18a-18d in the router 16 are to be used, Address configuration, correction or acquisition of the address information of the network devices 18a~18d can be achieved by the user terminal independently logging into the router 16, but can be directly connected to the network devices by the remote server system 10. Configuration and correction from 18a to 18d.

Further, in the present embodiment, the system architecture of the upper router 14 is the same as that of the router 16. Therefore, the upper layer router 14 and each of the routers 16 transmit the address allocation table of the first sub-domain 140 and the second sub-domain 160 to the remote server system 10 when the sub-networks are completed. . However, in practice, the upper router 14 and the router 16 can also periodically transmit the address allocation tables of the first sub-domain 140 and the second sub-domain 160 to the remote servo system 10. The remote server system 10 can also transmit the request information of the address allocation table of the first sub-domain 140 and the second sub-domain 160 to the upper-layer router 14 and the router 16, respectively, and the upper-layer router 14 and each of the routers 16 can After receiving the request information, the address allocation table of the first sub-domain 140 and the second sub-domain 160 is sent to the remote server system 10 by mail.

Incidentally, one of the network devices in the second sub-domain 160, such as the network device 18b, may be another router, and the router 16 may assign a second private address when performing the second network address translation procedure. The router within the second subdomain 160 is given. The router can set the second private address to another public address, and perform a third network address translation procedure based on the public address to establish a third subdomain (not shown). The router can allocate the network address to the network devices in the third sub-domain by using the dynamic host configuration protocol program, respectively. The router establishes an address allocation table corresponding to the third subdomain when the dynamic host configuration protocol is completed, and transmits the address allocation table of the third subdomain to the remote terminal via the router 16, the upper router 14, and the network 12. Servo system 10.

Next, please refer to FIG. 2. FIG. 2 is a functional block diagram of a router according to the first embodiment of the present invention. The router 16 further includes a router module 162, a network module 164, and an external servo module 166. The router module 162 is coupled to the network devices 18a-18d in the second subdomain 160 established by the upper router 14 and the router. The network module 164 is coupled to the router module 162. The external servo module 166 is connected to the network module The 164 is coupled to the router module 162. In this embodiment, the router module 162, the network module 164, and the external servo module 166 are integrated into the casing of the router 16. The housing of the router 16 can be made of an insulating material.

The router module 162 can be used to perform the network communication processing functions of the router 16 including performing network connection, packet processing, domain management, etc., and the router module 162 can be composed of a hardware and software architecture for implementing the above network communication functions. . The router module 162 can include a wide area network interface (not shown) and a regional network interface (not shown), wherein the wide area network interface can be used to communicate with the upper layer router 14, and the regional network interface can be used with the networks. The devices 18a-18d communicate. In one embodiment, the wide area network interface and the regional network interface may include an RJ45 connector or an RJ11 connector. The router module 162 can be connected through the WAN interface router 14 and through the regional network interface to the network devices 18a-18d.

The router module 162 sets the first private address assigned by the router 16 as a public address to perform a second network address translation procedure based on the public address to establish a second sub-domain (not shown in FIG. 2). . When the network devices 18a-18d are connected to the router module 162, the router module 162 automatically performs a dynamic host configuration protocol to allocate network addresses to the network devices 18a of the connections. 18d.

The network module 164 has a network interface for connecting the router module 162 and the external servo module 166. In this embodiment, the network module 164 is a regional network module, and may be implemented by a hardware circuit with a regional network interface, such as an RJ45 connection interface.

The external servo module 166 is configured to obtain an address allocation table in the router 16 corresponding to the network addresses of the network devices 18a-18d through the router module 162, and allocate the address in the second subdomain. The table is transmitted to the remote servo system 10 via the routing module 162 and the upper router. The plug-in servo module 166 includes a central processing unit 1662, an internal network module 1664, and a memory unit 1666. The central processing unit 1662 is coupled to the internal network module 1664 and the memory unit 1666, respectively. The internal network module 1664 is coupled to the network module 164. In other words, the external servo module 166 is transmitted through the internal network. Module 1664 is coupled to communicate with router module 162.

The central processing unit 1662 of the external servo module 166 is configured by the router module 162 to obtain an address allocation table of the network address of the network devices 18a-18d in the router 16. The central processing unit 1662 stores the address allocation table of the network addresses of the recording network devices 18a-18d in the memory unit 1666. The central processing unit 1662 drives the internal network module 1664 to transmit the address allocation table of the network addresses of the recording network devices 18a-18d to the remote servo system 10 via the router module 162. The central processing unit 1662 of the plug-in servo module 166 can transmit the address allocation table of the second private address to the remote server system 10 by mail.

It should be noted that the central processing unit 1662 of the external servo module 166 can further provide a monitoring webpage in the second sub-domain of the corresponding router 16 to the remote servo system 10 by executing a monitoring program. In detail, the administrator of the remote server system 10 can browse the monitoring webpage to establish and configure the router module 162 and the network devices 18a-18d, such as startup or configuration, when establishing a communication path with the router 16. The operation status of the network devices 18a to 18d is turned off or monitored. The code of the monitoring program may be stored in the memory unit 1666.

It is worth mentioning that the central processing unit 1662 can be disposed on the external servo module 166 for a processing chip such as a central processing unit (CPU), a microcontroller, or an embedded controller. The memory unit 1666 can be implemented by using a volatile or non-volatile memory chip such as a flash memory chip, a read-only memory chip, or a random access memory chip, but the embodiment is not limited thereto.

In addition, the external servo module 166 can be used as a network phone server, such as a VoIP server or a SIP (Session Initiation Protocol) server. The plug-in servo module 166 can provide a VoIP login interface for the wide area network (such as the administrator of the remote server system 10) and the regional domain (for example, the network devices 18a in the second sub-domain). The user of the 18d operator registers to join a private internet telephony communication network. The above VoIP login interface is like the network provided by SKYPE. The phone login interface is generally used to allow users to register to join the private Internet telephony communication network. In other words, with the router 16 of the present invention, the user can establish a private network telephony communication environment without having to join or access the VoIP interface provided by the external network circuit provider. For enterprises, it can reduce equipment costs and improve management efficiency.

The difference between the above-mentioned external servo module 166 and the general network telephone supplier is that the external servo module 166 is integrated into the router 16, so that the user or the enterprise of the security system does not need to establish an additional network telephone servo. The system can also perform VoIP communication without renting a cloud server system. The router 16 is a necessary device for constructing a regional network, so that the user can establish a private network telephone communication environment at the same time while constructing the regional network, which can simplify the architecture of the network telephone and reduce the installation cost.

In addition, the above private network telephone communication network can be simultaneously provided to the wide area network (for example, the administrator of the remote server system 10) and the regional domain (for example, the operators of the network devices 18a-18d in the second subdomain) User use. Furthermore, when the external domain provided by the carrier is interrupted, the users in the local area network (the operators of the network devices 18a-18d) can still establish a private network through the external servo module 166. The telephone telephone communication network architecture performs telephone and data communication operations with each other. Moreover, the router 16 has the function of returning the automatic backhaul network address allocation table, so that the administrator of the remote monitoring system 10 can directly connect to the router 16 in the regional network through the monitoring server for private network telephone. Network management.

In other words, the router 16 of the present invention has the functions of address conversion, automatic backhaul, reverse control and network telephone servo, which can simplify the complexity and cost of constructing a private network environment.

It should be noted that FIG. 1 is only used to illustrate a physical architecture of the security system, and is not intended to limit the present invention. FIG. 2 is only used to illustrate the system architecture of the router 16, and is not intended to limit the present invention.

[Second embodiment]

In the router 16 described above, the router module 162, the network module 164, and the external servo module 166 are integrated into the casing of the router 16. However, the external servo module 166 can also be provided separately from the router module 162 and the network module 164. That is, the plug-in servo module 166 in the above embodiment may be the external router 16. Please refer to FIG. 3, which is a functional block diagram of a router according to a second embodiment of the present invention.

The router 16' shown in FIG. 3 includes a router module 162 and a network module 164. The plug-in servo module 166' includes a central processing unit 1662, an internal network module 1664, and a memory unit 1666. The difference between the router 16' of Figure 3 and the router 16 of Figure 2 is that the external servo module 166' and the router 16' are not integrated into the router housing. The router 16' and the external servo module 166' are separately provided.

More specifically, the router 16' can be a general router, and the router module 162 is configured to perform network communication processing functions such as network connection, packet processing, and domain management, and the like. The router module 162 has a wide area network transmission interface and a regional network transmission interface. The network module 164 is a regional network module having a network interface. Router 16' is coupled to internal network module 1664 of external servo module 266 via network module 164. The central processing unit 1662 of the plug-in servo module 166' can obtain the address allocation table of the corresponding network devices 18a-18b through the internal network module 1664 to the router module 162 of the router 16' by executing the monitoring program. The external servo module 166' can simultaneously transmit the address allocation table of the corresponding network devices 18a-18b to the remote server system 10 via the router module 162 of the router 16' via the same path.

It is worth mentioning that the external servo module 166' can be a program code of a monitoring program, for example, a computer host such as a personal computer, a notebook computer or a tablet computer. The code of the monitoring program may be the memory unit 166 stored in the external servo module 166'. The plug-in servo module 166' can provide a monitoring webpage in the second sub-domain established by the corresponding router 16' to the remote servo system 10 through the code of the monitoring program for the administrator of the remote servo system 10 to access the network. The operation of the devices 18a-18b is controlled.

In addition, in an embodiment, the internal network module 164 of the external servo module 166' may be connected to the network module 164 of the router 16' via the RJ45 wire for communication.

In addition, the plug-in servo module 166' can be used as a network telephony server (for example, a VoIP server or a SIP (Session Initiation Protocol) server) as described in the foregoing embodiments. That is, the plug-in servo module 166' can provide a VoIP login interface through the execution of the code of the VoIP server program, via the router 16' for the wide area network (for example, the administrator of the remote servo system 10) and the area. The user of the domain (for example, the operators of the network devices 18a-18d in the second subdomain) registers to join the private network telephone communication network, performs network telephone communication and data transmission, etc., and simplifies the security system management. Architecture.

The router 16' and the external servo module 166' of FIG. 3 are similar to the other architectures of the router 16 and the external servo module 166 of FIG. 1. Therefore, those skilled in the art should be able to infer the router 16' and the external servo from the above description. The operation of the module 166' is not described here.

[Third embodiment]

In order to further describe the operation of the security system of the router provided by the embodiment of the present invention, the following describes the actual application mode of the router. Please refer to FIG. 4. FIG. 4 is a schematic functional block diagram of a security system according to a third embodiment of the present invention.

The security system 2 includes a remote servo system 20, a network 22, an upper router 24, routers 26a-26c, and network devices (such as video doorbell 28a, monitoring system 28b, emergency communication system 28c, access control system 28d, and surveillance video recorder 1). 28e, surveillance video recorder 2nd 28f, surveillance video recorder 3rd 28g and surveillance video recorder 4th 28h, etc.). The remote servo system 30 is coupled to the upper router 24 via the network 22. The upper router 24 connects the routers 26a-26c via the network. The routers 26a-26c are respectively connected to a plurality of network devices. In this embodiment, the upper router 24 and the router 26 are both routers with external servo modules, and can be implemented by the router 16 of FIG. 2 or the external router module 166' of the router 16' shown in FIG. The remote servo system 20 can be configured to The monitoring server of the remote servo center. The remote servo system 20 can directly acquire the communication path of the network device in the security system 2 through the security architecture, and immediately monitor the network device.

Specifically, the upper router 24 has a wide area network interface address (ie, the network address of the WAN port) and a regional network interface address (ie, the network address of the LAN port). For example, the network address of the WAN port of the upper router 24 is 220.123.1.1, and the network address of the LAN port of the upper router 24 is 192.168.1.251. The upper router 24 performs a first network address translation (NAT) procedure to establish a first subdomain 240 and assign a first private address to the routers 26a-26c. The upper router 24 dispatches the network address to each of the routers 26a-26c by executing an automatic dynamic host configuration protocol (DHCP). When each of the routers 26a-26c in the first sub-domain 240 is connected to the upper-layer router 24, each of the routers 26a-26c sets a public address (ie, WAN) according to the first private address assigned by the upper-layer router 24. The network address of the port is connected to a private address (that is, the network address of the LAN port).

For example, the router 26a sets the first private address 192.168.1.1 assigned by the upper router 24 to the public address (ie, the network address of the WAN port), and sets the private bit according to the first private address 192.168.1.1. The address (that is, the network address of the LAN port) is 192.168.0.251. The public address of the router 26a (ie, the network address of the WAN port) is in the same network segment as the network address of the LAN port of the upper router 24, and the private address (ie, the network of the LAN port) The address can be in a different network segment from the network address of the LAN port of the upper router 24. Similarly, the router 26b sets the first private address 192.168.1.2 assigned by the upper router 24 to the public address (ie, the network address of the WAN port), and sets the private address according to the first private address 192.168.1.2. (ie the network address of the LAN port) is 192.168.0.251. The router 26c sets the first private address 192.168.1.3 assigned by the upper router 24 to the public address (ie, the network address of the WAN port), and sets the private address according to the first private address 192.168.1.3 (ie, the LAN). The address is 192.168.0.251.

When the upper router 24 completes the address configuration procedure of the routers 26a-26c, an address allocation table corresponding to the first subdomain 240 is generated, and the upper router 24 transmits the corresponding first sub-mail through the network 22. The address allocation table of the domain 240 is transmitted to the remote servo system 20 for management by the administrator of the remote servo system 20. The address allocation table of the first sub-domain 240 records the public address of each of the routers 26a-26c (ie, the network address of the WAN port) and the private address (ie, the network address of the LAN port). .

Next, each of the public addresses of the routers 26a-26c performs a second network address translation (NAT) procedure to establish the second sub-domains 260a-260c. The router 26 assigns a network address (i.e., the network address of the LAN port) to each of the network devices 28a-28h by executing an automatic Dynamic Host Configuration Protocol (DHCP). When the network devices in the second sub-domains 260a-260c are connected to the corresponding routers 26, the network devices respectively set their network addresses according to the router 26 assigning a private address (the network of the LAN port) Address).

For example, when the gateway door 26a is connected to the router 26a, the dynamic host configuration protocol is automatically executed by the router 26a to obtain the corresponding private address 192.168.0.1, wherein the private address of the video doorbell 28a is 192.168.0.1 and the router 26a. The LAN埠 address 192.168.0.251 is in the same frequency band. Monitoring system 28b obtains the corresponding private address 192.168.0.2 at link router 26a, and so on.

When the routers 26a-26c respectively complete the network devices in the second sub-domains 260a-260c, such as the video doorbell 28a, the monitoring system 28b, the emergency communication system 28c, the access control system 28d, the surveillance video recorder No. 1 28e, the surveillance video recorder The address allocation table corresponding to the second sub-domains 260a-360c is generated when the address configuration program of the No. 2 28f, the monitoring video recorder No. 3 28g, and the monitoring video recorder No. 4 28h, and the routers 260a to 360c pass through the upper layer respectively. The router 24 transmits the address allocation table of the corresponding second sub-domains 260a-260c to the remote server system 20 via the network 22 for management by the administrator of the remote server system 20. The address allocation table of the second sub-domain 260 records the private address of each network device in the second sub-domain 260 (ie, LAN) The network address of the port).

Accordingly, the remote servo system 20 can obtain the communication path of each of the network devices in the second sub-domains 260a-260c. The remote server system 20 can also be connected to the routers 26a-26c through the address allocation table of the first sub-domain 240 to browse the monitoring webpages provided by the routers 26a-26c, and monitor each network device, for example, monitor each network. The operation of the device or the remote operation of each of the network devices. The remote server system 20 can also directly connect the network devices through the address allocation table to perform network device, address setting or correction. For example, the administrator of the remote server system 20 can directly connect the network address 220.123.1.1 of the upper router 24, the network address 192.168.1.1 of the router 26a, and the network address 192.168.0.1 of the video doorbell. The video doorbell is connected for communication or device settings. Therefore, the conventional security system architecture can be directly connected to the network device because the subdomain established by the router cannot be directly connected to the network device, and the operation of the network device cannot be effectively controlled.

When the upper router 24 and the routers 26a-26c can also change between the first subdomain 240 and the second subdomains 260a to 260c, for example, when the router or the network device is replaced, the address is automatically reconfigured, and the address allocation is updated. table. At the same time, the address allocation table is actively transmitted to the remote servo system 20 in real time. Therefore, it can be avoided that the conventional security system needs to manually modify the network address of the network device in the corresponding sub-domain through the user to log in to the router, and the complicated program can be modified, thereby reducing the installation of the security system. The complexity.

In addition, at least one of the upper router 24 and the routers 26a-26c can establish and provide a network telephone communication network through the built-in or external plug-in servo module as described above. Furthermore, at least one of the upper router 24 and the routers 26a-26c can establish a network telephone communication network while constructing the regional network, and provide a network telephone login interface for the wide area network (for example, remote servo The administrator of the system 20) and the regional domain (for example, the network devices in the second sub-domains 260a-260c (such as the video doorbell 28a, the monitoring system 28b, the emergency communication system 28c, the access control system 28d, the monitoring video recorder No. 1) 28e, surveillance video recorder 2nd 28f, surveillance video recorder 3 The user of No. 28g and the operator of the monitoring video recorder No. 4, 28h, etc., registers to join the private network telephone communication network, thereby enabling functions such as network telephone communication and data transmission. In other words, the security system 2 can establish a private network telephone communication environment, and does not need to join or through the external network circuit provider's provided network telephone interface, simplifying the complexity of the user to construct the private network environment and reducing the equipment. Cost, while also improving management efficiency.

In summary, the router and the security system provided by the embodiments of the present invention are used in the security system, and can establish a corresponding subnet domain in the security system while the network device connected to the router is The address allocation table actively transmits the remote server for the remote server manager to obtain the network address of the network device. Therefore, the remote server administrator can directly connect the network device according to the network address of the network device in the address allocation table to configure and monitor the network device address of the network device. The remote server administrator can also connect to the router to browse the monitoring webpage provided by the router to monitor the operation of the network device.

In addition, the router provided by the embodiment of the present invention can also be used as a network call server to provide a network call servo function. Therefore, the user of the router, such as an individual or a company, can construct a private network telephone environment and perform network telephone without requiring an additional network telephone server or a cloud server system. Communication simplifies the complexity and cost of building a private network environment, while improving the security of the system. Accordingly, the router provided by the embodiment of the present invention can increase the installation and control convenience of the security system, and improve the monitoring efficiency of the security system.

The above description is only an embodiment of the present invention, and is not intended to limit the scope of the invention.

10‧‧‧Remote servo system

16‧‧‧ router

162‧‧‧ router module

164‧‧‧Network Module

166‧‧‧External Servo Module

1662‧‧‧Central Processing Unit

1664‧‧‧Internal network module

1666‧‧‧ memory unit

18a~18d‧‧‧Network equipment

Claims (14)

A router adapted to be connected between an upper layer router and a plurality of network devices, wherein the upper layer router performs a first network address translation (NAT) procedure to establish a first subdomain and assign a first private bit Addressing the router, the router includes: a router module coupled to the upper router and the network devices, the first private address is set to a public address, and the first address is performed based on the public address a network address translation (NAT) program to establish a second subdomain; a network module coupled to the router module; and an external servo module coupled to the network module a router module, configured to obtain an address allocation table in the router, and transmit the address allocation table to a remote server through the routing module; wherein the router is located in the first subdomain The network devices are located in the second subnet domain, and the address allocation table records a plurality of network addresses corresponding to the network devices. The router of claim 1, wherein the network module is a regional network module having a network interface for connecting to the external servo module. The router of claim 1, wherein the external servo module, the router module and the network module are integrated in a router housing. The router of claim 1, wherein the external servo module comprises: a central processing unit; a memory unit coupled to the central processing unit; and an internal network module coupled to the central unit The handler and the network module. The router of claim 1, wherein the external server module transmits the address allocation table to the remote server system by mail. The router of claim 1, wherein the router automatically performs a dynamic host configuration protocol when the network devices are connected to the router module. The Dynamic Host Configuration Protocol assigns network addresses to each of these network devices. The router of claim 1, wherein the plug-in server module is a network phone server, and provides a network phone login interface for a user to register to join a private network phone network. A security system includes: a remote servo system; an upper router connected to the remote servo system via a network for performing a first network address translation (NAT) procedure to establish a first subdomain And a plurality of routers connected to the upper router via a network, wherein each of the routers includes: a router module coupled to the upper router and the plurality of network devices, and a first private device obtained from the upper router The address is set to a public address, and a second network address translation (NAT) procedure is performed based on the public address to establish a second subdomain; a network module coupled to the router module And an external servo module coupled to the router module via the network module for obtaining an address allocation table in the router, and transmitting the address allocation table to the router through the routing module a remote servo system; wherein the router is located in the first sub-domain, the network devices are located in the second sub-domain, and the address allocation table records a plurality of networks corresponding to the network devices Address. The security system of claim 8, wherein the network module is a regional network module having a network interface for connecting to the external servo module. The security system of claim 8, wherein the external servo module, the router module and the network module are integrated in a router housing. The security system of claim 8, wherein the external servo module comprises: A central processing unit; a memory unit coupled to the central processing unit; and an internal network module coupled to the central processing unit and the network module. The security system of claim 8, wherein the external servo module transmits the address allocation table to the remote server system by mail. The security system of claim 8, wherein the router automatically performs a dynamic host configuration protocol (Dynamic Host Configuration Protocol) to allocate network bits when the network devices are connected to the router module. Address each of these network devices. The security system of claim 8, wherein the external servo module is a network telephone server, and provides a network telephone login interface for a user to register to join a private network telephone network. .