[go: up one dir, main page]

TW201008199A - Connection and access method between user end and network device in network system - Google Patents

Connection and access method between user end and network device in network system Download PDF

Info

Publication number
TW201008199A
TW201008199A TW97129717A TW97129717A TW201008199A TW 201008199 A TW201008199 A TW 201008199A TW 97129717 A TW97129717 A TW 97129717A TW 97129717 A TW97129717 A TW 97129717A TW 201008199 A TW201008199 A TW 201008199A
Authority
TW
Taiwan
Prior art keywords
network
network device
server
message
target
Prior art date
Application number
TW97129717A
Other languages
Chinese (zh)
Other versions
TWI385999B (en
Inventor
Shih-Yi Chiu
Original Assignee
Davicom Semiconductor Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Davicom Semiconductor Inc filed Critical Davicom Semiconductor Inc
Priority to TW97129717A priority Critical patent/TWI385999B/en
Publication of TW201008199A publication Critical patent/TW201008199A/en
Application granted granted Critical
Publication of TWI385999B publication Critical patent/TWI385999B/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a connection and access method between the user end and the network device in network system. In a network system, a network device registration information is sent to the database of a sever from a target network device through a firewall and an Internet, and stored therein without disconnecting. When a user end wants to get connected with a target network device and to access the target information, the user end shall send an access message to the server to make sure that the target network device is registered in the server. The target network device is then connected with the user end through the firewall and the Internet, or transmits target information to the user end through the forwarding of the server.

Description

201008199 ' t 九、發明說明: 【發明所屬之技術領域】 本發明係關於Τ種網路系統資料存取之方法,特別是關 ' 於一種包括有防火牆、網路位址轉換器或路由器等網路互連 設備之網路系統中使用者端與網路裝置間之連線存取之方 法0 g 【先前技術】 在網際網路系統中,通常都裝設有例如防火牆 (Firewall)、網路位址轉換器(Network Address Translation, NAT)或路由器(router)等網路互連設備(Network Interconnection Apparatus)。其中,網路位址轉換是一種在IP 數據包通過路由器或防火牆時重寫原始IP位址、目的IP位 址的技術。這種技術被普遍使用有多台主機但只通過一個公 用IP位址來連結網際網路的私有網路(例如:區域網路)中。 φ 網路位址轉換是作為一種解決IPv4位址短缺以避免保留IP 位址困難的方案,因此在很多國家都被廣泛的使用,並成為 了家庭和小型辦公室網路中,連接上的路由器的一個標準特 徵。 【發明内容】 本發明所欲解決之技術問題 然而,雖然利用網路位址轉換所建構之網路環境能彌補 201008199 ' t IPv4之IP不足之情況,但使用網路位址轉換卻會造成網路 位址轉換外部無法直接存取内部的網路設備。過去的解決辦 法是在網路位址轉換的路由器上設定埠的對應,但若無網路 位址轉換的管理權限,即無^進行這項動作,網際網路中的 使用者便無法連接到網路位址轉換下的裝置。 緣此,本發明之一目的即是提供一種網路系統中使用者 端與網路裝置間之連線存取之方法,不論標的網路裝置處於 防火牆或是網路位址轉換下,使用者端皆能存取到標的網路 ® 裝置。 本發明解決問題之技術手段 本發明為解決已知技術之問題所採用之技術手段係為 一種網路系統中使用者端與網路裝置間之連線存取之方 法,係在一網路系統中,由一標的網路裝置透過一防火牆及 一網際網路發送一網路裝置註冊資料予一伺服器之一資料 庫中儲存,並保持連線。 ® 當一使用者端欲與標的網路裝置進行連線及標的資料 存取時,即發送一存取訊息予伺服器,確認標的網路裝置是 否已在伺服器註冊。標的網路裝置便透過防火牆及網際網路 與使用者端連線,或是透過伺服器之轉送,傳送標的資料至 使用者端。 本發明對照先前技術之功效 經由本發明所採用之技術手段,不論標的網路裝置處於 201008199 防火牆或是網路位址轉換下,只要標__置有在飼 資:用Γ:便Γ藉由飼服器’而從標的網路裝置存取到 來,'就不用特地在網路位址轉換的路由号 上^埠的對應,亦不用擔心是否有網路位址轉換的管理權 此外’使用者端與網路裝置的資料皆會儲存在飼服 7,使用者能夠透過使用者介_頁)方便地查詢 ^的網路裝置’再從中選擇適合且需要的網路裝置進行連 ❹ 呈圖tr明所採用的具體實施例’將藉由以下之實施例及附 呈圖式作進一步之說明。 【實施方式】 <閲第1 II所示’其係顯示本發明網路系統中使 ΓΓ中路Γ間之連線存取之方法之系統架構圖。在網路系統 〇〇中有-使用者端卜使用者端i透過—網際網路2及一 _防火牆3與標的網«置4相連接,標的網路裝置4包括有 ^網路攝影機4卜42及一電腦裝置43。網際網路2還連接 b 一伺服器5。在此’防火牆3為一種廣義的稱呼,所指的 疋-:網路位址轉換的路由器,並且内建有防火牆的功能。 閱第2圖所不,其係顯示本發明第一實施例之飼服器 2路方塊圖。伺服器5中包括有—處理單元Η,其分別連 接有-作業系統52、一資料庫53及一網路界面Μ。 處理單元51中建置有—存取控制模組6,用以負責使 201008199 I « 用者端1與網路攝影機41、42間的存取控制。資料庫53中 有一網路裝置資料表531、一使用者端資料表532及一關聯 資料表533。網路界面54用以供伺服器5透過網路界面54 連接至網際網路2。在本實施例中,作業系統52是Linux 系統,資料庫53則是MySQL資料庫,當然也可以採用其他 的作業系統、資料庫,端視各種情況及需求而定。 參閱第3圖所示,其係顯示本發明第一實施例之存取控 制模組之架構圖。存取控制模組6中包括有一網路資料傳輸 _ 模組61,其分別連接—多用途網路郵件擴充(Multipurpose Internet Mail Extension,MIME)模組 62、一 裝置控制模組 63、一轉送模組64及一訊息處理模組65。 網路資料傳輸模組61與應用程式A連接,用以接收由 網路送來的息,並在解析過後分配給相對應的模組,若解 析後發現無相對應之模組,則將此訊息丟棄。多用途網路郵 件擴充模組62則是當網路資料傳輸模組61判定網路送來的 訊息是標準的超文件傳輸協定(hypertext transmission protocol, HTTP)訊息時,則會由多用途網路郵件擴充模組 62來負責回覆。裝置控制模組63透過一資料庫存取模組% 與資料庫53相連接’負責處理網路攝影機41、42所傳來的 訊息。 同時參閱第4圖及第5圖所示,並配合前述第1圖至第 3圖。第4圖係顯示本發明第一實施例之系統動作圊;第5 圖係顯示本發明第一實施例之控制流程圖。本發明第一實施 例係以·一疋之程序流向F1執行。 201008199 首先,網路攝影機41發送一註冊請求訊息予伺服器 5(步驟101)。伺服器5接收註冊請求訊息後,會回傳一認證 訊息予網路攝影機41(步驟102),認證訊息在本實施例中是 * 一種系統所產生的亂數。當網路攝影機41接收到認證訊息 後,便依據這個亂數再回傳一回覆認證訊息予伺服器(步驟 103),而回覆認證訊息同樣也是亂數,這種利用亂數所進行 的確認動作,可增加傳輸上的安全性。 當伺服器5接收到回覆認證訊息後,便回傳一確認回覆 © 訊息予網路攝影機41(步驟104),確認回覆訊息包括有連線 用的IP位置、連接埠等資訊在内。接著,網路攝影機41便 透過防火牆3及網際網路2發送一網路裝置註冊資料S1予 伺服器(步驟105)。 雖然在本實施例中,網路攝影機41只進行了一次的註 冊動作。但在實際應用時,也可使網路攝影機41週期性地 進行進行註冊,以使伺服器5隨時了解網路攝影機41的最 新資訊。 ® 在存取控制模組6方面,網路裝置註冊資料S1自應用 程式A於網路資料傳輸協定P之下傳輸到存取控制模組6 之網路資料傳輸模組61。網路資料傳輸模組61解析後判斷 網路裝置註冊資料S1是屬於由網路攝影機41所傳來的,便 將網路裝置註冊資料S1分配給裝置控制模組63。 裝置控制模組63會依據網路裝置註冊資料S1處理網 路攝影機41的註冊動作,將網路裝置註冊資料S1透過資料 庫存取模組66儲存到資料庫53之網路裝置資料表531中, 201008199 完成註冊之動作(步驟^ _包括有網路裝置識別中所儲存 實體ip位置、實體連 冊時間、ip位置、連接埠、 徵描述等資料。、 同路裝置的別名、網路裝置特 發送-當m1欲與__機41騎連、狀前,會先 卿伺服料予伺服器5,進行註冊的動作(步驟 而)5則會將使用者端註冊 資料庫53之使用者端資料表 使:二 ❹㈣广所儲存的内容包括有使用者識別碼)、=: 二=密碼、使用者的信箱、使用者的電話、以及使 用者所居住的地址等資料。 1史 ”使二者端1註冊完畢之後’發送-存取訊息S2予伺服 二’表明欲與網路攝影機41進行連線(步驟聲存㈣ “r:程式Α於網路資料傳輸協定卩之下傳輸到存取 義组6之網路資料傳輸模組61。 〇 :;後判斷存取訊'“2是屬於由使用者端】所傳來的二 將存取訊息S2分配給訊息處理模組65。 訊息處理模組65接收存取訊息S2後,會依據存㈣ =2之請求並透過轉送模組64之轉送,以確認網路攝 41疋否已在伺服器5註冊,也就是查詢資料庫53 資料存在(步驟110)。 疋 在實際應用上,飼服器5本身提供了使用者介面(網頁) 予使用者端1’因此確認網路攝影機41的步驟可以直接從使 用者介面來查詢網路攝影機41。另外,使用者端丨盥網= 201008199201008199 ' t ninth, invention description: [Technical field of invention] The present invention relates to a method for accessing data of a network system, in particular, a network including a firewall, a network address converter or a router Method for connecting access between a user terminal and a network device in a network system of a road interconnection device 0 g [Prior Art] In an internet system, for example, a firewall or a network is usually installed. A Network Interconnection Apparatus such as a Network Address Translation (NAT) or a router. Among them, network address translation is a technology that rewrites the original IP address and destination IP address when IP packets pass through a router or firewall. This technology is commonly used with multiple hosts but only through a public IP address to connect to the Internet's private network (for example, regional network). φ Network address translation is a solution to the shortage of IPv4 addresses to avoid the difficulty of preserving IP addresses. Therefore, it is widely used in many countries and becomes a router in the home and small office networks. A standard feature. SUMMARY OF THE INVENTION The technical problem to be solved by the present invention, however, although the network environment constructed by using network address translation can make up for the lack of IP of 201008199 't IPv4, but using network address conversion will cause the network The external address network device cannot directly access the internal network device. The solution in the past was to set the 埠 correspondence on the router for network address translation. However, if there is no management right for network address translation, that is, if there is no action, the users in the Internet cannot connect to it. Device under network address translation. Accordingly, it is an object of the present invention to provide a method for connecting access between a user terminal and a network device in a network system, regardless of whether the target network device is under firewall or network address translation. Both ends can access the target Network® device. Technical Solution for Solving the Problems of the Invention The technical means adopted by the present invention to solve the problems of the prior art is a method for connecting access between a user terminal and a network device in a network system, which is a network system. In the middle, a network device sends a network device registration data to a database in a server through a firewall and an internet network, and keeps the connection. ® When a user wants to connect to the target network device and access the data, an access message is sent to the server to confirm whether the target network device is registered with the server. The target network device is connected to the user terminal through the firewall and the Internet, or is transmitted through the server to transmit the target data to the user terminal. The present invention compares the power of the prior art with the technical means adopted by the present invention, regardless of whether the target network device is under the 201008199 firewall or network address conversion, as long as the standard __ is placed in the feed: use: Γ: The feeding device's access from the target network device, 'there is no need to specifically correspond to the routing number of the network address conversion, and there is no need to worry about whether there is management right for network address translation. The data of the end and the network device will be stored in the feeding service 7, and the user can conveniently query the network device of the device through the user's page, and then select the suitable and required network device to connect with the device. The specific embodiments used herein will be further described by the following examples and accompanying drawings. [Embodiment] A system architecture diagram showing a method of accessing a connection between a road in a network system of the present invention is shown in Fig. 1 II. In the network system, the user terminal i is connected to the target network through the Internet 2 and the firewall 3, and the target network device 4 includes a network camera 4 42 and a computer device 43. Internet 2 is also connected to b a server 5. Here, the firewall 3 is a generalized name, referred to as a router for network address translation, and has a built-in firewall function. Referring to Figure 2, there is shown a two-way block diagram of the feeding device of the first embodiment of the present invention. The server 5 includes a processing unit 连 connected to the operating system 52, a database 53, and a network interface. The processing unit 51 is provided with an access control module 6 for controlling the access between the 201008199 I «user 1 and the network cameras 41, 42. The database 53 has a network device data table 531, a user terminal data table 532, and an associated data table 533. The network interface 54 is used by the server 5 to connect to the Internet 2 through the network interface 54. In this embodiment, the operating system 52 is a Linux system, and the database 53 is a MySQL database. Of course, other operating systems and databases can be used, depending on various situations and needs. Referring to Fig. 3, there is shown an architectural diagram of the access control module of the first embodiment of the present invention. The access control module 6 includes a network data transmission module 61, which is respectively connected to a multipurpose Internet Mail Extension (MIME) module 62, a device control module 63, and a forwarding module. Group 64 and a message processing module 65. The network data transmission module 61 is connected to the application program A to receive the information sent by the network, and is allocated to the corresponding module after parsing. If the corresponding module is found after parsing, the message is sent. throw away. The multi-purpose network mail extension module 62 is a multi-purpose network when the network data transmission module 61 determines that the message sent by the network is a standard hypertext transmission protocol (HTTP) message. The mail extension module 62 is responsible for replying. The device control module 63 is connected to the database 53 via a data inventory module % to handle the messages transmitted by the network cameras 41, 42. See also Figures 4 and 5, and in conjunction with Figures 1 through 3 above. Fig. 4 is a view showing the system operation of the first embodiment of the present invention; Fig. 5 is a flow chart showing the control of the first embodiment of the present invention. The first embodiment of the present invention is executed in a flow of F1. 201008199 First, the webcam 41 sends a registration request message to the server 5 (step 101). After receiving the registration request message, the server 5 returns an authentication message to the network camera 41 (step 102). In the embodiment, the authentication message is * a random number generated by the system. When the network camera 41 receives the authentication message, it returns a reply authentication message to the server according to the random number (step 103), and the reply authentication message is also a random number, and the confirmation action by using the random number is performed. Can increase the security on the transmission. When the server 5 receives the reply authentication message, it sends back a confirmation reply © message to the network camera 41 (step 104), and confirms that the reply message includes the IP address, connection port and the like for connection. Next, the network camera 41 transmits a network device registration data S1 to the server through the firewall 3 and the Internet 2 (step 105). Although in the present embodiment, the web camera 41 performs only one registration operation. However, in actual application, the network camera 41 can also be periodically registered to enable the server 5 to know the latest information of the network camera 41 at any time. In the access control module 6, the network device registration data S1 is transmitted from the application program A to the network data transmission module 61 of the access control module 6 under the network data transmission protocol P. After the network data transmission module 61 analyzes, it is determined that the network device registration data S1 belongs to the network camera 41, and the network device registration data S1 is assigned to the device control module 63. The device control module 63 processes the registration operation of the network camera 41 according to the network device registration data S1, and stores the network device registration data S1 in the network device data table 531 of the database 53 through the data inventory retrieval module 66. 201008199 Complete the registration action (step ^ _ includes the location of the physical IP address stored in the network device identification, entity registration time, ip location, connection port, characterization description, etc., alias of the same device, network device special transmission -When m1 wants to ride with the __ machine 41, it will send the servo material to the server 5, and the registration action (step) 5 will be the user side data table of the user registration database 53. The data stored in the second (four) wide includes the user identification code), =: two = password, the user's mailbox, the user's phone, and the address where the user lives. 1 history" after the registration of both ends 1 'send-access message S2 to servo 2' indicates that the network camera 41 is to be connected (step sound storage (4) "r: program is in the network data transmission agreement" The next is transmitted to the network data transmission module 61 of the access group 6. 〇:; after the judgment of the access message '2 is the user-side', the second access message S2 is assigned to the message processing mode After the message processing module 65 receives the access message S2, it will transmit according to the request of the deposit (4) = 2 and transfer through the transfer module 64 to confirm whether the network camera 41 has been registered on the server 5, that is, the query. The database 53 data exists (step 110). In practical applications, the feeder 5 itself provides a user interface (web page) to the user terminal 1' so that the steps of confirming the webcam 41 can be directly from the user interface. Query the webcam 41. In addition, the user end network = 201008199

• I 影機41間的關聯性動作(也就像是請求連線的動作),會被記 錄在資料庫53之關聯資料表533中。關聯資料表533中所 儲存的資訊包括有資料筆數、使用者辨識碼、網路裝置辨識 , 碼,用以紀錄不同使用者與其所欲連線之網路裝置之間的關 聯資料。 因為網路攝影機41已經先行在伺服器5中註冊,所以 伺服器5在確認過後,便會發送一通知連線訊息至網路攝影 機41(步驟111)。如果使用者端1之請求,是欲和尚未註冊 ® 的網路攝影機42進行連線時,伺服器5就不會接受這個要 求。 最後,網路攝影機41收到通知連線訊息後,會透過防 火牆3及網際網路2與使用者端1連線,於網路資料傳輸協 定P之下,傳送標的資料S3至使用者端1(步驟112)。標的 資料S3在此實施例中代表的是網路攝影機41的聲音、圖像 資料,也就是藉由上述之方法,使用者端1能直接觀看到網 路攝影機41所攝取的影像。 參閱第6圖所示,其係顯示本發明第二實施例之存取控 制模組之架構圖。由於本發明第二實施例之系統架構與伺服 器之電路和第一實施例相同。只在存取控制模組6’之結構設 計有所差異,故相同之構件乃標示以相同之元件編號,以資 對應。其差異在於第二實施例之存取控制模組6’中多了一使 用者資料封包(User Datagram Protoco卜UDP)傳輸模組67。 使用者資料封包傳輸模組67連接訊息處理模組65,用以在 進行UDP傳輸時使用。 -11 - 201008199 同時再參閱第7圖及第8圖所示,其係顯示本發明第二 實施例之傳輸時序示意圖及控制流程圖。本發明第二實施例 係以一定之程序流向F:,2執行。 與第一實施例相似地,網路攝影機41發送一註冊請求 訊息予伺服器5(步驟201)。伺服器5接收註冊請求訊息後回 傳一認證訊息予網路攝影機41 (步驟202)。當網路攝影機41 接收到認證訊息後,便依據這個亂數回傳一回覆認證訊息予 伺服器5(步驟203)。伺服器5接收到回覆認證訊息後,回傳 一確認回覆訊息予網路攝影機41 (步驟204)。網路攝影機41 再透過防火牆3及網際網路2發送一網路裝置註冊資料S1 予伺服器5(步驟205)。 在存取控制模組6’方面,網路裝置註冊資料S1自應用 程式A於網路資料傳輸協定P之下,先後透過網路資料傳輸 模組61、裝置控制模組63、資料庫存取模組66儲存到資料 庫53之網路裝置資料表531中(步驟205)。 當使用者端1欲與網路攝影機41進行連線之前,先發 送一使用者端註冊資料予伺服器5(步驟206)。伺服器5將使 用者端註冊資料儲存至伺服器5之資料庫53之使用者端資 料表531(步驟207)。註冊完畢後,使用者端1發送一存取訊 息S2予伺服器5(步驟208)。伺服器5接收使用者端1發送 之存取訊息S2,並依據存取訊息S2之請求,確認網路攝影 機41是否已在伺服器5註冊(步驟209)。伺服器5在確認過 網路攝影機41已經註冊後,發送一通知連線訊息至網路攝 影機41(步驟210)。 -12 - 201008199 r l 聽攝影機41接_通知連線 3及網際網路2與_器5 μ ^即透過防火 下,㈣㈣μ 線,於網路資料傳輸協定p之 於伺服-5 I I,至伽^ 5(步驟211)。標的資料^ . 巾,由麵_触6,之轉送触64及使用者 貧㈣包傳輸模組67轉送,之後被轉送之標的資料以便從 伺服器5送至使用者端丨(步驟212)。 雖之、上述第f施例與第二實施例之方法是分開描述 的,但實際應用上因為伺服器5本身提供使用者介面予使用 者端卜故使用者端1能夠利用使用者介面,自由地選擇利 用第-貫施例或是第二實施例之方法來實行連線傳輸的動 作。 由以上之實施例可知,本發明所提供之網路系統中使用 者端與網路裝置間《連線存取之方法確具產業上之利用價 值,故本發明業已符合於專利之要件。惟以上之敘述僅為本 發明之較佳貫施例說明,凡精於此項技藝者當可依據上述之 說明而作其它種種之改良,惟這些改變仍屬於本發明之發明 精神及以下所界定之專利範圍中。 【圖式簡單說明】 弟1圖係顯示本發明網路系統中使用者端與網路裝置間之 連線存取之方法之系統架構圖; 第2圖係顯示本發明第一實施例之伺服器之電路方塊圖; 第3圖係顯示本發明第一實施例之存取控制模組之架構圖; -13 - 201008199 * t 第4圖係顯示本發明第一實施例之傳輸時序示意圖; 第5圖係顯示本發明第一實施例之控制流程圖; 第6圖係顯示本發明策二實施例之存取控制模組之架構圖; 第7圖係顯示本發明第二實施例之傳輸時序示意圖; 第8圖係顯示本發明第二實施例之控制流程圖。• The associated action between the I players 41 (also like the action of requesting a connection) is recorded in the associated data table 533 of the database 53. The information stored in the associated data table 533 includes the number of data, the user identification code, the network device identification, and the code for recording the association information between different users and the network devices to which they are connected. Since the network camera 41 has been registered in the server 5 first, after the server 5 confirms, a notification connection message is sent to the network camera 41 (step 111). If the request from the client 1 is to be connected to the webcam 42 that has not been registered, the server 5 will not accept the request. Finally, after receiving the notification connection message, the network camera 41 connects to the user terminal 1 through the firewall 3 and the Internet 2, and transmits the target data S3 to the user terminal 1 under the network data transmission protocol P. (Step 112). The target data S3 represents the sound and image data of the network camera 41 in this embodiment, that is, by the above method, the user terminal 1 can directly view the image taken by the network camera 41. Referring to Fig. 6, there is shown an architectural diagram of an access control module of a second embodiment of the present invention. Since the system architecture of the second embodiment of the present invention is the same as that of the first embodiment of the servo circuit. Only the structural design of the access control module 6' is different, so the same components are denoted by the same component numbers. The difference is that the access control module 6' of the second embodiment has a User Datagram Protoco (UDP) transmission module 67. The user data packet transmission module 67 is connected to the message processing module 65 for use in performing UDP transmission. -11 - 201008199 Referring again to Figures 7 and 8, there is shown a transmission timing diagram and a control flow chart of the second embodiment of the present invention. The second embodiment of the present invention is executed in a certain program flow to F:, 2. Similarly to the first embodiment, the network camera 41 transmits a registration request message to the server 5 (step 201). The server 5 receives an authentication request message and returns an authentication message to the network camera 41 (step 202). When the network camera 41 receives the authentication message, it returns a reply authentication message to the server 5 based on the random number (step 203). After receiving the reply authentication message, the server 5 returns a confirmation reply message to the network camera 41 (step 204). The network camera 41 transmits a network device registration data S1 to the server 5 through the firewall 3 and the Internet 2 (step 205). In the access control module 6', the network device registration data S1 is sent from the application program A under the network data transmission protocol P, and then through the network data transmission module 61, the device control module 63, and the data inventory modulo The group 66 is stored in the network device data table 531 of the database 53 (step 205). Before the user terminal 1 wants to connect to the network camera 41, a user registration data is sent to the server 5 (step 206). The server 5 stores the user side registration data in the user side data table 531 of the database 53 of the server 5 (step 207). After the registration is completed, the client 1 sends an access message S2 to the server 5 (step 208). The server 5 receives the access message S2 sent by the user terminal 1, and confirms whether the network camera 41 has been registered with the server 5 in response to the request of the access message S2 (step 209). After confirming that the network camera 41 has been registered, the server 5 transmits a notification connection message to the network camera 41 (step 210). -12 - 201008199 rl Listening to the camera 41 _ notification connection 3 and the Internet 2 and _ 5 μ ^ through the fire, (four) (four) μ line, in the network data transmission protocol p to the servo-5 II, to the gamma ^ 5 (step 211). The target data ^. towel, from the face_touch 6, the transfer contact 64 and the user (4) packet transmission module 67 forward, and then transferred the target data for delivery from the server 5 to the user terminal (step 212). Although the above-mentioned f-th embodiment and the method of the second embodiment are separately described, in practice, since the server 5 itself provides a user interface to the user terminal, the user terminal 1 can utilize the user interface, freely. The operation of the connection transmission is performed by the method of the first embodiment or the second embodiment. It can be seen from the above embodiments that the method for connection access between the user terminal and the network device in the network system provided by the present invention has an industrial utilization value, and thus the present invention has met the requirements of the patent. However, the above description is only a description of the preferred embodiments of the present invention, and those skilled in the art can make various other modifications according to the above description, but these changes still belong to the inventive spirit of the present invention and are defined below. In the scope of patents. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a system architecture diagram showing a method for connection access between a user terminal and a network device in a network system of the present invention; FIG. 2 is a view showing a servo of the first embodiment of the present invention; 3 is a block diagram showing the access control module of the first embodiment of the present invention; -13 - 201008199 * t FIG. 4 is a schematic diagram showing the transmission sequence of the first embodiment of the present invention; 5 is a control flow chart showing a first embodiment of the present invention; FIG. 6 is a block diagram showing an access control module of the second embodiment of the present invention; and FIG. 7 is a view showing a transmission timing of the second embodiment of the present invention; Fig. 8 is a flow chart showing the control of the second embodiment of the present invention.

【主要元件符號說明】 100 網路系統 1 使用者端 2 網際網路 3 防火牆 4 標的網路裝置 41、42 網路攝影機 43 電腦裝置 5 伺服器 51 處理單元 52 作業系統 53 資料庫 531 網路裝置資料表 532 使用者端資料表 533 關聯資料表 54 網路界面 6、6, 存取控制模組 -14 - 201008199 61 網路資料傳輸模組 62 多用途網路郵件擴充模組 63 裝置提制模組 64 轉送模組~ 65 訊息處理模組 66 資料庫存取模組 67 使用者資料封包傳輸模組 A 應用程式 FI、F2 時序流向 P 網路資料傳輸協定 SI 網路裝置註冊資料 S2 存取訊息 S3 標的資料 S4 被轉送之標的資料 參 -15 -[Description of main component symbols] 100 Network system 1 User terminal 2 Internet 3 Firewall 4 Target network device 41, 42 Network camera 43 Computer device 5 Server 51 Processing unit 52 Operating system 53 Database 531 Network device Data Table 532 User Data Sheet 533 Linked Data Table 54 Network Interface 6, 6, Access Control Module-14 - 201008199 61 Network Data Transfer Module 62 Multi-Purpose Internet Mail Expansion Module 63 Device Mode Group 64 Transfer Module ~ 65 Message Processing Module 66 Data Inventory Module 67 User Data Packet Transfer Module A Application FI, F2 Timing Flow P Network Data Transfer Protocol SI Network Device Registration Data S2 Access Message S3 The subject information S4 is transferred to the subject information -15 -

Claims (1)

201008199 申請專利範圍 .-種網路系統中使用者端與網路I置間之連線存取之方 法,係在—網路系統中包括有至少—使用者端及至少一 標的網路裝置’且該使用者端係透過—網際網路及—防 火牆連接㈣標_路裝置’且該網際網路連接有一飼 服器’ §亥方法包括下列步驟: ❹ ⑻該標的_裝置透過㈣火牆及__路發送一 網路裝置註冊資料予該伺服器; ⑻該伺服n接收_路裝置註冊賴後,將該網路裳置 註冊貧料儲存至該伺服器之―資料庫中,並保持連 線; ⑷=用者端欲與該標的網路裝置進行 料存取時,發送-存取訊息予該飼服哭. ⑷^司服器接收該使用者端發送之存取訊息,並依據該 讯息之請求,確認該標的網路裝置是否已在該伺 服器註冊; (e)該標的網路裝置透過該 用者端連線,在-預定之網際網路與該使 頂疋之網路貧料傳輸協定 該標的資料至該使用者端。 、 如申請專利_第 路震置間之連線存取之方法,其中 1用,與網 下列步驟: ° ^驟(3)之刖更包括 •16- 2. 201008199 (al) s亥標的網路裝置發送一註冊請求訊息予該伺服器; (a2)該伺服器接收該註冊請求訊息後,回傳一認證訊息 予該標的網路裝置; (a3)該標的網路裝置接收該確認訊息後,回傳一回覆認 證訊息予該伺服器; (a4)該伺服ϋ接收該認證訊息後,回傳__確認回覆訊息 予該標的網路裝置。 3·如申請專利範圍帛!項所述之網路系統中使用者端與網 路裝置間之連線存取之方法,其中該步驟(e)之前更包括 下列步驟: (bl)該使用者端發送—㈣者端註冊f料予該伺服器; ⑽該舰ϋ㈣純之使用者端註冊資料儲存至該伺 服器之資料庫中。 參 4.如申請專利範圍第〗 “— 錢中使用者端與網 路裝置間之連線存取之方法,其切 該飼服器發送-通知連線訊自至㈣更匕括 、11心至該軚的網路裝置之步 5.如申請專利範圍第丨項所述之網 ^ F f f 1 ^ ^ ^ *系、、先中使用者端與網 塔褒置間之連線存取之方法, 路奘荖总、网如u· μ 乂驟(a)中之標的網 路裝置係週期性地發送該網路 器。 置5主冊貢料予該伺服 -17 - 201008199 6. -種網路系統中使用者端與網路裝置間之連線存取之方 法’係在—網路純中包括有至少-使用者端及至少一 標的網路m紐用者端顧過-網際網路及一防 火牆連接於該標的網路裝置,且該網際網路連接有—饲 服器,该方法包括下列步驟:201008199 Patent application scope - A method for connecting a user terminal to a network I in a network system, wherein the network system includes at least a user terminal and at least one target network device. And the user end is connected through the Internet-and-firewall connection (four) standard device and the internet connection has a feeding device. The method includes the following steps: ❹ (8) the target device passes through (4) the fire wall and _ _路 sends a network device registration information to the server; (8) after the servo n receives the _road device registration, the network stores the registered poor material and stores it in the database of the server, and keeps the connection (4)=When the user wants to access the device with the target network device, send-access message to the feeding device to cry. (4) The server receives the access message sent by the user terminal, and according to the message a request to confirm whether the target network device has been registered with the server; (e) the target network device is connected to the network through the user terminal, and the network in the predetermined network Transfer the subject of the agreement to the User side. For example, if you want to apply for a patent, you can use the following methods: 1. Use the following steps: ° ^ (3) and then include • 16- 2. 201008199 (al) s The path device sends a registration request message to the server; (a2) the server receives the registration request message, and returns an authentication message to the target network device; (a3) the target network device receives the confirmation message , returning a reply authentication message to the server; (a4) after receiving the authentication message, the servo 回 returns a __ confirmation reply message to the target network device. 3. If you apply for a patent range! The method for connecting access between a user end and a network device in the network system, wherein the step (e) further comprises the following steps: (bl) the user end sends - (4) the client registration f (10) The ship's (4) pure user-side registration data is stored in the database of the server. For example, if the patent application scope is 〗 〖"--the method of connecting the user terminal to the network device in the money, the service is sent to the feeder and the notification is connected to the connection (4). Step 5 to the network device of the 軚 如 如 如 如 如 如 如 如 如 如 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Method, the total network of the road, such as u· μ 乂 (a), the target network device periodically sends the network device. 5 main book tribute to the servo -17 - 201008199 6. The method of connecting between the user end and the network device in the network system is based on - the network pure includes at least - the user end and at least one of the standard network m user contacts - the Internet A road and a firewall are connected to the target network device, and the internet connection is provided with a feeding device. The method comprises the following steps: ⑻該標的網路裝置透過該时歧該網際網路發送一 網路褒置註冊資料予該伺服器; ⑼該舰n接收該祕裝置註冊賴後,將朗路裳置 註冊資料儲存至該伺服器之一資料庫中; ⑷該使用者端欲與該標的網路裝置進行連線及標的資 :料存取時,發送一存取訊息予該伺服器; ⑷該飼服H接收該制者端發送之存取訊息,並依據該 存取訊息之請求,確認該標的網路裝置是否已在該飼 服益註冊; ⑷該標❸料裝置透㈣防火歧_㈣路與該飼 服器,在一預定之網路資料傳輸協定下’傳送該標的 資料至該伺服器; (ί)該伺服II將該接收之標的諸轉送至該使用者端。 如申凊專利範圍第6項所述之網路系統中使用者端與網 路襄置間之連線存取之方法,其中該步驟⑷之前更包括 下列步驟: (al)该標的網路裝置發送—註冊請求訊息予該飼服器; -18 - 201008199 (a2) s亥祠服盗接收該註冊請求訊息後,回傳一認證訊息 予該標的網路裝置; (a3)該標的網路裝置接收該確認訊息後,回傳一回覆認 證訊息予該伺服器; (a4)該伺服器接收該認證訊息後,回傳一確認回覆訊息 予該標的網路裝置。 〇 8. 9. 如申請專利範圍第6項所述之網路系統中使用者端與網 路裝置間之連線存取之方法,其中該步驟之前更包括 下列步驟: (b 1)該使用者端發送一使用者端註冊資料予該伺服器; (b2)該伺服器將該接收之使用者端註冊資料儲存至該伺 服器之資料庫中。 如申請專職圍第6項所述之網路彡統巾使用者端與網 路裝置間之連線存取之方法,其中該步驟之前更包括 該伺服器發送-通知連線訊息至該標的網路裝置之步 如申請專利範圍第6項所述之網路线中使用者端與網 驟(a)中之標的網 路裝置係㈣性地發送關路裝置註冊資料予該飼服 10(8) The target network device sends a network device registration data to the server through the Internet; (9) after receiving the registration of the secret device, the ship n stores the registered data of the Langlu skirt to the server. (4) The user terminal wants to connect with the target network device and the target resource: when accessing the material, send an access message to the server; (4) the feeding device H receives the system Sending an access message, and confirming whether the target network device has been registered in the feeding service according to the request for accessing the message; (4) the standard device is transparent (4) fire prevention_(four) road and the feeding device, Transmitting the target data to the server under a predetermined network data transfer protocol; (ί) the servo II forwards the received target to the user terminal. The method for accessing a connection between a user end and a network device in the network system described in claim 6 of the patent scope, wherein the step (4) further comprises the following steps: (al) the target network device Sending a registration request message to the feeding device; -18 - 201008199 (a2) After receiving the registration request message, the singer returns an authentication message to the target network device; (a3) the target network device After receiving the confirmation message, a reply reply message is sent back to the server; (a4) after receiving the authentication message, the server returns a confirmation reply message to the target network device. 〇8. 9. The method for accessing a connection between a user terminal and a network device in a network system as described in claim 6, wherein the step further comprises the following steps: (b 1) the use The client sends a user registration data to the server; (b2) the server stores the received user registration data in the database of the server. For example, the method for requesting connection between the user terminal of the network device and the network device described in Item 6 of the full-time application, wherein the step further includes the server sending and notifying the connection message to the target network. The step of the road device is as follows: in the network route described in claim 6 of the patent application, the user terminal and the network device in the network (a) (4) send the road device registration information to the feeding device 10
TW97129717A 2008-08-05 2008-08-05 And a method of accessing the connection between the user side and the network device in the network system TWI385999B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW97129717A TWI385999B (en) 2008-08-05 2008-08-05 And a method of accessing the connection between the user side and the network device in the network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW97129717A TWI385999B (en) 2008-08-05 2008-08-05 And a method of accessing the connection between the user side and the network device in the network system

Publications (2)

Publication Number Publication Date
TW201008199A true TW201008199A (en) 2010-02-16
TWI385999B TWI385999B (en) 2013-02-11

Family

ID=44827356

Family Applications (1)

Application Number Title Priority Date Filing Date
TW97129717A TWI385999B (en) 2008-08-05 2008-08-05 And a method of accessing the connection between the user side and the network device in the network system

Country Status (1)

Country Link
TW (1) TWI385999B (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6874028B1 (en) * 1999-10-25 2005-03-29 Microsoft Corporation System and method for unified registration information collection
US7187678B2 (en) * 2001-08-13 2007-03-06 At&T Labs, Inc. Authentication for use of high speed network resources
US7899932B2 (en) * 2003-01-15 2011-03-01 Panasonic Corporation Relayed network address translator (NAT) traversal
US20050138128A1 (en) * 2003-12-23 2005-06-23 Baniel Uri S. Method and device for grab transferring an instant messaging and presence (IMP) session
US7529852B2 (en) * 2004-05-17 2009-05-05 Cisco Technology, Inc. Method and apparatus for handling IPv4 DNS PTR queries across IPv4 and IPv6 networks
JP2006254137A (en) * 2005-03-11 2006-09-21 Nec Corp User terminal management device, user terminal management program and user terminal management system
US7411967B2 (en) * 2005-05-06 2008-08-12 Cisco Technology, Inc. Private network gateways interconnecting private networks via an access network
KR100803273B1 (en) * 2005-12-27 2008-02-13 삼성전자주식회사 ISP router and method for packet tunneling

Also Published As

Publication number Publication date
TWI385999B (en) 2013-02-11

Similar Documents

Publication Publication Date Title
US7577141B2 (en) Communication system
CN101370035B (en) Method and system for dynamic client/server network management using proxy servers
CN103339901B (en) Terminal in content guiding network environment and the communication means of intermediate node and terminal and intermediate node
US8554937B2 (en) Method and system for transmitting and receiving data using multicasting
WO2015003566A1 (en) Method, device and system for transmitting packet in multicast domain name system
CN102546666B (en) The method preventing IGMP from cheating and to attack and device
WO2014019451A1 (en) Method, device, and system for quick notification of cgn exception
CN103597794B (en) For providing information about data array associations and for forwarding data array assumptions
US20050030959A1 (en) Connections of nodes on different networks
TW200924462A (en) System and method for connection of hosts behind NATs
CN101834783A (en) Method and device for forwarding messages and network equipment
CN106604119A (en) Network penetrating method and system of intelligent TV private cloud equipment
CN102546428A (en) System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception
WO2014014909A1 (en) Control system for conferencing applications in named-data networks
CN101911593B (en) Network location service methods, devices and systems
CN102546308B (en) The method and system of neighbor uni-cast agency is realized based on duplicate address detection
KR100811890B1 (en) Anycast Routing Method and Device for Guaranteeing Service Flow in Internet System
RU2006104546A (en) METHOD FOR MANAGING TRANSMISSION OF INFORMATION BETWEEN THE HEAD UNIT AND MANY CUSTOMER SYSTEMS
JP2006074132A (en) Multicast communication method and gateway device
CN1801711B (en) Multicast group member identification method and apparatus
CN102598637B (en) Communications system
CN102437966A (en) Layer-3 switching system and method based on layer-2 DHCP (Dynamic Host Configuration Protocol) SNOOPING
US7853703B1 (en) Methods and apparatuses for identification of device presence
CN104518959B (en) A kind of method and device of communication between devices
CN103023818A (en) Method and device for media access control forced forwarding of address resolution protocol (ARP) message

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees