U.S. patent application number 15/216114 was filed with the patent office on 2016-11-10 for connection gateway for communicating monitoring and control information between a remotely located mobile device and premises devices/appliances on a premises network.
The applicant listed for this patent is Portus Singapore Pte Ltd.. Invention is credited to Charles Cameron LINDQUIST, Timothy John LINDQUIST.
Application Number | 20160330227 15/216114 |
Document ID | / |
Family ID | 3811968 |
Filed Date | 2016-11-10 |
United States Patent
Application |
20160330227 |
Kind Code |
A1 |
LINDQUIST; Charles Cameron ;
et al. |
November 10, 2016 |
CONNECTION GATEWAY FOR COMMUNICATING MONITORING AND CONTROL
INFORMATION BETWEEN A REMOTELY LOCATED MOBILE DEVICE AND PREMISES
DEVICES/APPLIANCES ON A PREMISES NETWORK
Abstract
A home security and control system for monitoring and
controlling an external environment such as a home environment
comprising: an Internet browser connectable to an extranet; an
extranet located external to the home environment and accessible
via the Internet browser; a communications server located in the
extranet and adapted to interconnect on demand with one of a series
of connection gateways located in predetermined home environments;
and a connection gateway located in the home environment adapted to
control and/or monitor the operation of at least one security
device in the home environment; wherein upon accessing a
predetermined address by the Internet browser on the extranet, the
communications server connects to a predetermined one of the
connection gateways to control and/or monitor the operation of the
security device. The extranet can ideally be implemented as a
Virtual Private Network (VPN) across an Internet substrate.
Inventors: |
LINDQUIST; Charles Cameron;
(Sydney, AU) ; LINDQUIST; Timothy John; (Waverton,
AU) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Portus Singapore Pte Ltd. |
Sydney |
|
AU |
|
|
Family ID: |
3811968 |
Appl. No.: |
15/216114 |
Filed: |
July 21, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
14536784 |
Nov 10, 2014 |
|
|
|
15216114 |
|
|
|
|
09868417 |
Oct 23, 2001 |
8914526 |
|
|
PCT/AU99/01128 |
Dec 17, 1999 |
|
|
|
14536784 |
|
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 29/06 20130101;
H04L 12/66 20130101; H04L 63/083 20130101; H04L 67/14 20130101;
H04L 12/4641 20130101; G08B 25/10 20130101; H04L 67/10 20130101;
H04L 63/1425 20130101; H04L 63/0272 20130101; H04L 67/12 20130101;
H04L 69/329 20130101; H04L 67/025 20130101; H04M 11/04
20130101 |
International
Class: |
H04L 29/06 20060101
H04L029/06; G08B 25/10 20060101 G08B025/10; H04L 29/08 20060101
H04L029/08; H04L 12/66 20060101 H04L012/66; H04L 12/46 20060101
H04L012/46 |
Foreign Application Data
Date |
Code |
Application Number |
Dec 17, 1998 |
AU |
PP7764 |
Claims
1. A system comprising: (a) at least one connection gateway located
in a user premises network; (b) at least one server located in a
network external to the user premises network and configured to
establish communication sessions involving the at least one
connection gateway and one or more access devices running a user
interface application; and (c) at least one premises device or
appliance located in the user premises network and communicatively
coupled to the at least one connection gateway and not
communicatively coupled to the server, wherein the at least one
premises device or appliance is configured to output premises
monitoring information and receive premises control information;
wherein: (i) one or more of the communications sessions involve the
transfer of one of the premises monitoring information and the
premises control information; (ii) the at least one server is
configured to determine which connection gateway to establish one
of the communication sessions with based on authentication details
received from the access device, wherein the authentication details
are used by the at least one server to retrieve premises connection
data; and (iii) the user interface application is configured to
receive and display the premises monitoring information or output
premises control information.
2. The system of claim 1, wherein the network is a Virtual Private
Network (VPN).
3. The system of claim 1, wherein the at least one premises device
or appliance is a surveillance device.
4. The system of claim 1, wherein the at least one premises device
or appliance is a user appliance.
5. The system of claim 1, wherein the at least one server is
configured to receive and send the premises monitoring information
and the premises control information as part of the communications
sessions.
6. The system of claim 1, wherein the access devices running a user
interface application is configured to receive the premises
monitoring information from one of the server and the connection
gateway as part of the communications sessions.
7. The system of claim 1, wherein the connection gateway and the at
least one premises device or appliance are enclosed in a common
housing.
8. The system of claim 1, wherein the connection gateway is
configured to generate an alarm state in response to determining
that the premises monitoring information received from the at least
one premises device or appliance is related to an alert
condition.
9. The system of claim 1, wherein the connection gateway is
communicatively coupled to the at least one premises device or
appliance through a wireless communications protocol.
10. The system of claim 1, wherein the authentication details
comprise a user name and password.
11. The system, of claim 1, wherein the server is configured to
store the premises monitoring information.
12. A connection gateway comprising: (a) a gateway web server
configured for installation at a user premises to connect to at
least one service node; and (b) a services module communicatively
coupled to at least one premises device or appliance located at the
user premises, wherein the connection gateway is configured to
establish communications sessions involving the at least one
service node and the premises device or appliance, which is not
directly connected to the at least one service node, and wherein
the premises device or appliance is configured to output premises
monitoring information and receive premises control information;
wherein: one or more of the communication sessions involve the
transfer of one of premises monitoring information and premises
control information between the at least one service node and the
premises device or appliance; and wherein the gateway web server is
further configured to: (i) receive or send the premises monitoring
information and premises control information as part of the
transfer of premises monitoring information and premises control
information; (ii) receive information originating from an access
device upon the at least one service node's authentication based
upon authentication details the at least one service node receives
from the access device running a user interface application,
wherein the authentication details are used by the at least one at
least one service node to retrieve premises connection data and
establish the one or more communications sessions; and (iii) output
premises monitoring information in a format for display by the
access device running a user interface application.
13. The connection gateway of claim 12, wherein the at least one
premises device or appliance is a surveillance device.
14. The connection gateway of claim 12, wherein the at least one
premises device or appliance is a user appliance.
15. The connection gateway of claim 12, wherein the access device
is a mobile device.
16. The connection gateway of claim 12, wherein the gateway web
server is configured to send the premises monitoring information to
one of the service node and the access device running a user
interface application.
17. The connection gateway of claim 12, wherein the services module
and the at least one premises device or appliance are enclosed in a
common housing.
18. The connection gateway of claim 12, wherein the gateway web
server is configured to generate an alarm state in response to
determining that the premises monitoring information received from
the at least one premises device or appliance is related to an
alert condition.
19. The connection gateway of claim 12, wherein the services module
is communicatively coupled to the at least one premises device or
appliance through a wireless communications protocol.
20. The connection gateway of claim 12, wherein the gateway web
server is configured to store the premises monitoring
information.
21. A provider network comprising: (a) a login facility server
configured to authenticate users based on authentication details
received by the login facility server from one or more access
devices running a user interface application; and (b) a
communications server configured to establish communications
sessions involving the provider network and at least one connection
gateway located in a user premises network and configured to
receive from the connection gateway premises monitoring information
from at least one premises device or appliance located at the user
premises and receive premises control information from one or more
access devices running a user interface application, wherein the at
least one premises device or appliance is configured to output
premises monitoring information and receive premises control
information; and wherein: (i) the communications server is not
directly communicatively coupled to the premises device or
appliance; (ii) one or more of the communications sessions involve
the sharing of premises monitoring information and premises control
information between the access device and the premises device or
appliance; (iii) the communications server is configured to receive
the premises monitoring information and send the premises control
information as part of one or more of the communications sessions;
(iv) the communications server is configured to determine which
connection gateway to establish one of the communication sessions
with based on the authentication details, wherein the
authentication details are used by the provider network to retrieve
premises connection data; and (v) the communications server is
configured to provide premises information to the access device in
a format for display by the user interface application.
22. The provider network of claim 21, wherein the at least one
premises device or appliance is a surveillance device.
23. The provider network of claim 21, wherein the at least one
premises device or appliance is a user appliance.
24. The provider network of claim 21, wherein the connection
gateway and the at least one premises device or appliance are
enclosed in a common housing.
25. The provider network of claim 21, wherein the connection
gateway is configured to generate an alarm state in response to
determining that the premises monitoring information received from
the at least one premises device or appliance is related to an
alert condition.
26. The provider network of claim 21, wherein the services module
is communicatively coupled to the at least one premises device or
appliance through a wireless communications protocol.
27. The provider network of claim 21, wherein the communications
server is configured to store the premises monitoring
information.
28. Computer readable program code configured to cause an access
device to perform a method of receiving premises monitoring
information and sending premises control information comprising:
(a) initiating a communications session by a provider network
involving an access device and a communications gateway, wherein
the communications session is initiated based on authentication
details received by the provider network from the access device,
wherein the authentication details are used by the provider network
to retrieve premises connection data related to the communications
gateway; (b) sending premises control information to one of the
provider network and the connection gateway for delivery through
the connection gateway to a premises device or appliance, wherein
the connection gateway is located in a user premises network and is
communicatively coupled to the premises device or appliance,
wherein the premises device or appliance is configured to output
premises monitoring information and receive premises control
information and is not otherwise connected to the provider network;
and (c) receiving premises monitoring information from one of the
provider network and the connection gateway and processing the
premises monitoring information for display by the access
device.
29. The computer readable program code of claim 28, wherein the
access device is configured to receive an alarm state from one of
the communications gateway and the provider network in response to
a determination that the premises monitoring information received
from the at least one premises device or appliance is related to an
alert condition.
30. The computer readable program code of claim 28, wherein the
connection gateway is communicatively coupled to the at least one
premises device or appliance through a wireless communications
protocol.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application is a continuation application of
pending U.S. patent application Ser. No. 14/536,784 filed Nov. 10,
2014, which is a continuation of U.S. patent application Ser. No.
09/868,417, filed on Oct. 23, 2001, now U.S. Pat. No. 8,914,526,
which is a national phase of International Application No.
PCT/AU99/01128, filed Dec. 17, 1999, and which claims priority to
Australian Patent Application No. PP 7764, filed on Dec. 17, 1998.
The contents of each of the above-identified applications are
hereby incorporated herein by reference in their entireties.
FIELD OF THE INVENTION
[0002] The present invention relates to the area of local and
remote monitoring and control, through use of a standard web
browser and the Internet
BACKGROUND OF THE INVENTION
[0003] A communication node between data and a telecommunication
networks is disclosed in PCT Patent Publication Number WO 94/24803
which describes a node that enables communication between users
using different types of terminals, such as telephones and
computers.
[0004] PCT Patent Publication Number WO 98/19445 describes a
service node between Internet networks and a telecommunications
network that is used to order telephony services by means of HTML
pages from a computer with a WWW browser. It also describes a
method of calling a subscriber, in which the call is ordered by
computer but the connection is set up between the telephones of a
first and second subscriber. The service node communicates with
computers connected to computer networks using the HTTP protocol.
The node stores data related to a subscriber; said data can be used
when the user requests a telephony service.
[0005] A system for the control of devices within the home, using
web browsers, is described in "Joe Desbonnet and Peter Corcoran.
"Browser-style interfaces to a home automation network", IEEE
Transactions on Consumer Electronics, 1997, Volume 43, No. 4,
1063-1069.
[0006] The automation and security systems that may be installed in
a user's premises are becoming more and more advanced. Users often
have a common need to control and monitor such systems both locally
and remotely. Typically these systems provide an on-site control
panel offering input facilities and visual status display
facilities, but generally must resort to non-visual monitoring and
control mechanisms for remote operation. Remote operation is
usually achieved by telephone through codes entered via a telephone
handset. Some systems allow both local and remote operation using
any combination of voice command input and voice feedback of
status. Due to the complexity of the automation systems and the
choices they afford users, such remote systems are cumbersome and
limit the scope for interaction. In addition, the user must learn
several alternate methods of control.
[0007] Another problem with current systems is the absence of a
monitoring and control method that provides a geographically
independent standard interface that is universally accessible and
not platform or hardware dependent. The Desbonnet and Corcoran
paper describes the use of a web browser and the WWW for a standard
interface, both local and remote. However it is assumed in that
paper that for remote monitoring and control, the site to be
controlled is actively connected to the Internet at the time that
remote operation is desired. In the case that the site is not
actively connected to the Internet, a user may initiate a
connection from their remote location to the desired site manually.
However, this requires special knowledge and telecommunications
access facilities on the part of the user and is not a suitable
mechanism for those individuals who are not technically
literate.
[0008] Another problem with current systems, and with the system
described by the Desbonnet and Corcoran paper, is that if the user
is geographically remote to the user premises, then initiating a
direct connection through the public telecommunication network is
expensive, requiring a long distance or international call.
[0009] Another problem with current systems relates to the handling
of alarm and surveillance data. Current systems are based on CCTV
and VCR technology. A problem associated with such systems is that
surveillance data remains unprotected whilst retained at the site
of an incursion.
[0010] Another problem with current systems relates to the cost
associated with the surveillance system. System costs for video
surveillance may be prohibitive, as they are based on CCTV and VCR
technology. In addition, steps must be taken to ensure that
surveillance data remains protected if it must be retained at the
site of an incursion. Methods employed to make such systems
tamper-proof add to the total system cost.
[0011] Another problem associated with current surveillance systems
is that they may not differentiate alarm and non-alarm conditions,
and continuously record activity. Such systems record in a loop
fashion, eventually overwriting prerecorded material.
[0012] Another problem with current systems is that they do not
allow, except in the case of expensive systems, a remote user, or
remote authorised security personnel, to interrogate a surveillance
or automation system during an alarm condition.
[0013] Another problem with existing systems is that they do not
provide a facility for viewing surveillance material in relation to
a user premises during non-alarm periods using standard platform
independent and location independent mechanisms.
SUMMARY OF THE INVENTION
[0014] In accordance with a first aspect of the present invention,
there is provided a home security and control system for monitoring
and controlling an external environment such as a home environment
comprising: an Internet browser connectable to an extranet; an
extranet located external to the home environment and accessible
via the Internet browser; a communications server located in the
extranet and adapted to interconnect on demand with one of a series
of connection gateways located in predetermined home environments;
and a connection gateway located in the home environment adapted to
control and/or monitor the operation of at least one security
device in the home environment; wherein upon accessing a
predetermined address by the Internet browser, the communications
server connects to a predetermined one of the connection gateways
to control and/or monitor the operation of the security device. The
extranet can ideally be implemented as an Virtual Private Network
(VPN) across an Internet substrate.
[0015] Preferably, when a customer connects to their home, their
home effectively appears to them as a website, with all devices,
security and otherwise, accessible for monitoring or control.
[0016] In accordance with a further aspect of the present
invention, there is provided a home security system for monitoring
a home environment comprising: an extranet located external to the
home environment; storage means forming part of the extranet; at
least one communications server located in the extranet and adapted
to interconnect on demand with one of a series of connection
gateways located in predetermined home environments; a connection
gateway located in the home environment adapted to control and/or
monitor the operation of at least one security device in the home
environment; and a security device activating a security condition
upon the occurrence of a predetermined event; wherein, upon the
occurrence of the predetermined event, the security device notifies
the connection gateway and transfers event information on the
predetermined event to the connection gateway and the connection
gateway establishes an interconnection with the communications
server and transfers the event information via the communications
server to the storage means for later interrogation by a user of
the home security system.
[0017] Ideally, the storage means operates virtually in that it is
allocated dynamically o a server in accordance with usage
demands.
[0018] Ideally, the communication server utilises a
telecommunications network to interconnect with the connection
gateway. The security device preferably can include or respond to
alert conditions which are preferably forwarded to the connection
gateway, wherein it can be qualified with a pre-programmed enable,
and if the result can be TRUE, an alarm event can be generated,
whereupon the connection gateway establishes a connection with one
of the communications servers, and surveillance data related to the
alarm event can be uploaded to the extranet for secure storage
accessible upon interrogation by a user. In a further refinement,
the enables can be across zones or device types so as to
simultaneously arm multiple security devices.
[0019] In one example, the extranet forms part of the Internet and
the communications server can be located within the local telephone
call radius of the home environment, thus providing lowest cost
PSTN access from or to the home environment. Other types of access
may be provided (e.g. ADSL or ISDN interconnection).
[0020] In a further preferred modification, photos of authorised
occupants of the home environment are preferably accessible from
the extranet and are accessed upon an alarm event and cross
referenced with surveillance data to ascertain whether a true alarm
condition has been raised. The accessibility to surveillance data
can be controlled by the user.
[0021] The system preferably requires user authentication to access
the extranet by users, with the authentication being provided only
once per Internet browser session. The system uses web page
technology and can be implemented in, for example, the following
manner: a) directly in HTML, b) directly in XML, c) XML parsed
through style sheet to format supported by users browser (HTML,
WAP, VRML, . . . ), d) scripting languages (e.g. Java). The
accessible URL provided for each user of the home security system
provides details of the current status of the home environment of
the user. The Internet browser can be utilised in conjunction with
an Internet access device which can include a smart card reader and
associated user smart card which provides authentication details
and a URL corresponding to the home environment. The smart card
also ideally facilitates global access to the Internet for access
of the extranet, and optionally additionally tracks connections for
expensing. The Internet access device can be a computer, WebPhone,
Portable digital assistant, or mobile phone or any other device
with web browsing capability.
[0022] In one embodiment, the smart card can include an on-board
bio-sensor. Hence the smart card consists of a data receptacle and
substrate, with the substrate including a biosensor on the surface.
An embedded controller reads biosensor and processes input data
using a stored identification algorithm. The substrate can also
include an embedded communication means and means of accepting
power for operation, either through direct electrical connection or
magnetic/rf coupling. The authentication data can be bound to an
individuals "fingerprint" during a registration process. Through
utilizing an on-board biosensor, sensor devices are not required
everywhere, only on the one card.
[0023] The extranet can be extended to other uses including
providing a user premises e-mail facility and other facilities, for
example downloading of standard news data etc. The connection
gateway can further incorporate a user programmed answer strategy,
including delayed answer, and optionally detection of a voice
connection and recording compressed message, thus operating in
answering machine mode. After accepting the transmitted voice, fax,
or data, upon completion of inbound call the connection gateway,
can raise a connection to a communications server, and send an
indication to the user of the home security system of the receipt
of a recorded data. The connection gateway can further send a
recorded compressed voice messages to a communications server for
storage on the extranet for forwarding to a user of the home
environment. The connection gateway also provides an indication of
messages received on a HTML page accessible by a user of the home
environment. In one embodiment, the connection gateway acts as a
hub and Internet connection mechanism for connected devices
including the security devices located in the home environment.
That is, the gateway acts as a router, so if a URL is entered which
is external to home it automatically raises the connection to
Internet.
[0024] The connection gateway is ideally in a tamper proof
enclosure and can operate without mains power such that, upon
tampering, the connection gateway triggers an alarm and relays the
alarm to the extranet.
[0025] The system can also include a control terminal
interconnected to the connection gateway, the control terminal
comprising a wall mounted flat panel display incorporating a touch
screen and running web browser. The control terminal can use
wireless protocols such as TCP/IP running over wireless standards
such as Bluetooth. The control terminal can be equipped with
biosensor such as a fingerprint sensor, for access authentication
of a local user in the home environment to the connection gateway.
Alternatively, other forms of secure authentication can be
provided. The control terminal can be connected to the connection
gateway in a wireless manner and can be powered by rechargeable
batteries, allowing the control terminal mobility within the range
of wireless transmitters attached to the user premises network.
Ideally, the control terminal can be of reduced handheld size, so
that can operate as universal premises remote control.
[0026] Ideally, the control terminal integrates a digital camera,
microphone and speaker, and H323 protocol software, thus allowing
the control terminal to be used as a videophone, through a standard
browser interface. Alternatively, the control terminal can be
provided by a personal computer (PC) equipped with a user premises
network connection, wherein the PC runs a browser accessing a URL
corresponding to the connection gateway. Alternatively, the control
terminal can be provided by set top box connected to TV and running
a web browser. The control terminal can be equipped with a
smartcard reader for e-commerce transactions over the extranet.
[0027] At least one of the security devices can comprise a digital
security camera embodying image capture and compression method and
an interconnection to the connection gateway running a protocol
such as the H323 protocol standard. The camera could alternatively
take JPEG stills, motion JPEG, or digital video. The camera
preferably can include motion detection and image significance
algorithms which run in the camera, and filter input so that only
detected motion input can be compressed and sent through the
connection gateway to the extranet.
[0028] The connection gateway can be programmable to allow
different response mechanisms to differing classes of alert event.
Preferably, the connection gateway contains connection details for
preferred and secondary communication servers on the extranet, so
that if a first communication server does not respond, other
communication servers may be contacted until successful connection
can be achieved. The extranet preferably can include a user contact
database which preferably can include preferred contact methods,
allowing automatic contact mechanisms to be associated with alarm
condition, including use of e-mail, pager, computer generated voice
message through telephone, requesting response or if timeout,
security action.
[0029] The user data storage on the extranet for storing event data
associated with the home environment can be allocated virtually and
allocated redundantly, ensuring integrity of stored surveillance
data.
[0030] The security devices preferably can include an external
access mechanism to the user premises. Also one of the security
devices can be equipped with reader for an RF tag that can be used
for user authentication or equipped with a smartcard reader that
can be used for user authentication.
[0031] Preferably, the connection gateway provides support for
standards such as the HomePnP standard for CEBus networks, OSGI,
Bluetooth, the HAVi standard for consumer appliance control
etc.
[0032] In one example access mechanism, the smartcard preferably
can include a biosensor bonded to the substrate of the smart card,
and circuit embedded in smartcard to authenticate user before the
smartcard will operate.
[0033] In accordance with a further aspect of the present
invention, there is provided a system for providing information
access across at least two networks, the system comprising a first
network having a first network access controller; a second network
having a second network access controller; and a user access
browser located on the first network for locating and examining
information on the first and second networks by means of network
address locators; wherein when a predetermined location on the
network is accessed, the first network access controller initiates
the establishment of a network connection to the second network
access controller so as to provide for the temporary
interconnection of the first network to the second network, the
system thereby providing a seamless access to information stored on
the second network from the user access browser.
BRIEF DESCRIPTION OF THE DRAWINGS
[0034] Preferred embodiments of the present invention will now be
described with reference to the accompanying drawings in which:
[0035] FIG. 1 illustrates the arrangement of the preferred
embodiment;
[0036] FIG. 2 illustrates the software modules of a gateway;
[0037] FIG. 3 illustrates a gateway attached to a series of
appliance via different networks;
[0038] FIG. 4 illustrates a gateway attached to a series of
appliances;
[0039] FIG. 5 illustrates schematically the structure of a first
camera system; and
[0040] FIG. 6 illustrates schematically the structure of a second
camera system.
DESCRIPTION OF PREFERRED AND OTHER THE EMBODIMENTS
[0041] The preferred embodiments provide a method of remote control
that provides the user visual monitoring and control information.
The preferred embodiment also provides a visual interface for both
remote and local monitoring and control. The preferred embodiment
simplifies the use, for a user, of automation and security services
in relation to their designated premises. It also simplifies
monitoring of the user's premises by an authorised security
service. It achieves this simplification of use by providing an
integrated facility for monitoring and control, alarm detection and
transmission, and alarm servicing, that is accessible both locally
and remotely through a standard web browser via secure
user-specific HTML pages. Of course other protocols such as WAP,
VRML or XML can also be utilised.
[0042] Turning now to FIG. 1, there is illustrated the arrangement
of the preferred embodiment which includes the following
components:
[0043] An Internet access device 15, which may include, but is not
limited to, a computer, a mobile phone with display, a Web Phone,
or a Personal Digital Assistant, capable of connection to the World
Wide Web (WWW) through a client web browser supporting the
HyperText Transfer Protocol (HTTP).
[0044] A web browser interface which runs on the Internet access
device 15 and that allows the user to access, through queries over
the WWW, HTML pages from HTTP servers corresponding to associated
URLs.
[0045] An active Internet connection that connects the Internet
access device 15 to the Internet 16.
[0046] A virtual private network (VPN) 17, termed here the
"provider network", which is connected to the Internet and which
embodies a collection of Internet-accessible resources that
implement part of the integrated monitoring and control, alarm
transmission and servicing functions of the invention. This network
17, whilst accessible from the Internet, forms an Extranet.
[0047] An extranet is a private network that uses the Internet
protocols and the public telecommunication system to securely share
part of a business's information or operations with suppliers,
vendors, partners, customers, or other businesses. An extranet can
be viewed as part of a company's intranet that is extended to users
outside the company. An extranet requires security and privacy.
These require firewall server management, the issuance and use of
digital certificates or similar means of user authentication,
encryption of messages, and the use of virtual private networks
(VPNs) that tunnel through the public network.
[0048] A virtual private network (VPN) is a private data network
that makes use of the public telecommunication infrastructure,
maintaining privacy through the use of a tunnelling protocol and
security procedures. A virtual private network can be contrasted
with a system of owned or leased lines that can only be used by one
company. The idea of the VPN is to give the company the same
capabilities at much lower cost by sharing the public
infrastructure. Using a virtual private network involves encrypting
data before sending it through the public network and decrypting it
at the receiving end. An additional level of security involves
encrypting not only the data but also the originating and receiving
network addresses.
[0049] The resources associated with the provider VPN 17 network
include:
[0050] An authentication system or database 18 containing access
information in relation to authorised users.
[0051] A user connection system or database 14 containing
connection parameters in relation to the user premises.
[0052] A login facility 19 to initiate a secure connection for
authorised users of Internet access devices 15. User specific HTML
(or other standard) pages which are stored on logon facility server
19 and are linked to private areas, and possibly public areas.
[0053] A service node 20 which uses the user connection parameters
to direct a communications server 21 to establish a connection
through either a private or public telecommunications network to a
gateway 22 at the user premises.
[0054] A communications server 21.
[0055] A telecommunications network 24.
[0056] A user premises gateway 22 including a web server running on
the user premises gateway 22.
[0057] A home network 26 attached to the gateway 22, which may
include sub nets of differing physical implementation.
[0058] Appliances 27 attached to the home network which may be
monitored and controlled by gateway 27 and include specific
intrusion detection devices which may instigate alarms.
[0059] A surveillance device 28 in the form of a digital security
camera or other form of intrusion detection such as motion
detection etc.
[0060] A control terminal 29. The following situations for
operation of the preferred embodiment are identified:
1. The user is in a remote location with respect to their premises
and wishes to monitor and control, or retrieve recorded data
associated with, their premises; 2. The user is local to their
premises and wishes to monitor and control their premises; 3. An
alarm condition is reported to the monitoring network, and
surveillance data recorded.
1. Remote Operation
[0061] The user premises network 26 is normally in an unconnected
state in relation to the provider network 17. Specific actions on
the part of the remote user, or their authorised agents, connect
the user premises network to the provider network, thus allowing
monitoring and control operations to proceed.
[0062] Each user registered with the provider network has login
data and premises connection data stored respectively in user login
and user connection systems or databases 18 located within the
provider network. In addition, private Web pages are provided for
each user, allowing access to URLs dedicated to either of two
resource classes. One resource class is dedicated to stored
surveillance data, whilst the other resource class is dedicated to
active connection to the user premises for monitoring and
control.
[0063] A remote user, who desires to monitor or control their
premises, uses a web browser on an Internet access device 15 to
view the private HTML pages that are dedicated to monitoring and
control of the user premises by entering a URL associated with the
HTML page they wish to access.
[0064] Before the remote user may view the particular HTML pages
that are associated with the monitoring and control of the user
premises, they must first identify themselves to the provider
network via a login procedure associated with the HTML pages in
question. Once the user's identification details, constituting a
user name and password are authenticated, the user is permitted
access to the HTML page requested.
[0065] Once the user authentication process is complete, the
records associated with the user, detailing connection parameters
for the user premises, are retrieved from a database 18 in the
provider network. The process of accessing the URL dedicated to the
monitoring and control of the user premises initiates a sequence of
events that culminate in connection of the user premises network 26
to the provider network 17. A service node 20 within the provider
network intercepts the access to the URL dedicated to the
monitoring and control of the user premises, and uses the premises
connection data associated with the user to instruct a
communications server 21 to initiate a connection to the gateway 22
at the user premises
[0066] The communications server 21 at the service node interprets
the user connection parameters and initiates a connection phase
across the telecommunications facility to connect with the gateway
22 at the customer premises. The telecommunications facility 24
includes any system that allows end to end communication, including
but not limited to the PSTN, PLMN, ISDN and RF communication.
[0067] Preferably, a gateway 22 at the user premises has a
dedicated port to the telecommunications network. However, it is
possible for the gateway to share the port to the
telecommunications network, in which case the user may connect to
the gateway using a number of different response mechanisms,
including a delayed answer mechanism.
[0068] The gateway answers the incoming call and completes the
connection. The gateway and the connection server negotiate
connection parameters and establish a network connection between
the user premises network and the provider network. A web server on
the gateway then accepts HTTP protocol through the connection. The
service node 20 forwards the URL that was previously intercepted
and that corresponds to a resource contained within the customer
premises network to the gateway.
[0069] Turning now to FIG. 2 there is illustrated the components
running on the gateway computer 22 in more detail. The computer
includes a HTTP server 30 which runs as an application. The gateway
web server 30 then serves information in relation to user premises
appliances through appropriate web pages to the user. The gateway
web server communicates with a Services Module 31, which allows the
control and monitoring actions to be performed, and issues requests
to the Services Module 31 to fulfil the user requests. The requests
are relayed through the protocol stack 34 attached to the operating
system resident in the gateway to the target appliances attached to
the network. Data is sent or received from the device in response
to the requests. In the case of control actions, the device
performs the action, whilst in the case of monitoring actions, the
device returns the requested data.
[0070] As illustrated in FIG. 3, the gateway can be interconnected
to a series of appliances 40 over a number of different networks
41, 42, 43. FIG. 4 illustrates one form of hardwired
interconnection with a series of appliances 27.
User Access Master Node Website
[0071] 1. From web browser, user initiates connection to login
facility http server 19 via its domain name server (DNS) address.
2. DNS address is translated to associated IP address of login
facility 19 by a DNS server. 3. HTTP connection request is sent to
IP address of login facility 19. 4. HTTP request is received by
login facility 19 HTTP server and ACK is replied 5. Page request is
sent to HTTP service node 20. 6. HTTP service node 20 determines
availability of requested document 7. HTTP service node 20 responds
with response code. 8. HTTP transaction occurs
User Logs In
[0072] 1. User access login page at login facility 19. 2. User is
prompted for authentication details 3. User supplies authentication
details 4. HTTP login facility 19 receives authentication details
(potentially via SSL 40 bit secure connection) 5. HTTP login
facility 19 decodes details and consults authentication database
18. 6. Database 18 verifies user authentication and notifies login
facility. 7. If successful, user profile/identifier is pulled from
database 18. 8. Two concurrent processes are initiated on service
node 20 (P1 to keep the user informed, the P2 to establish the
connection via communications server 21 to the monitored premises
9. P1 Personalised web page is dynamically constructed and sent to
user's browser requesting wait 10. P2 Connection profile is used to
initiate request to gateway 22 by either of 3 possible
scenarios
Scenario 1: Service Node 20, Login Facility 19 and Connection
Establishment Server 21 are Co-Resident at Same Network Node
[0073] 1. A response request is sent to an interface on the
connection server 21 which initiates connection (dialup) to remote
host 22. 2. Connection is established using connection profile for
automatic authentication at remote side. 3. Remote web server
gateway is queried for active HTTP services 4. If successful user
HTTP connection is redirected to remote HTTP service on gateway 22.
5. If non-successful the user is notified and alert raised to
monitoring personnel monitoring extranet 17.
Scenario 2: Service Node 20 and Connection Establishment Service 21
are at Separate Nodes, Connection is Identified by Static
Addressing
[0074] 1. A response request is sent to communications server 21
which also holds subnet routing entry for static IP address. 2.
Response is delivered to communications server 21 via intermediate
gateways using appropriate routing protocol b 3. Request for
response is delivered to appropriate interface on communications
server 21, which may initiate remote connection via entries within
gateway configuration tables 4. Wait state is established until
positive response from gateway 22 bound with specified IP address
5. Response (either positive or negative) is received from
communications server 21. 6. Response is relayed to login facility
18. 7. If successful user HTTP connection is redirected to remote
HTTP service on gateway 22. 8. If non-successful user is notified
and alert raised to monitoring personnel Scenario 3: Service Node
20 and Connection Establishment Server 21 are at Separate Nodes,
and Connection must Establish Identity via Dynamically Assigned
Addressing Case 1: Dynamic assignment is achieved by
reconfiguration of end point router interface configuration tables
service node 20. 1. A control channel is established to the
end-point gateway 22 as specified in the connection profile 2. The
end point gateway 22 is programmed with the IP address specified in
the connection profile (the IP address may be obtained dynamically
by the service node 20 server from any dynamic host configuration
service), and with the connection details required to establish
physical connection via OSI level 1 network. 3. Request for
response is sent to IP address specified in connection profile of
device e.g. 27-29 via end point gateway 22. 4. Request for response
is delivered to appropriately reconfigured interface. 5. Response
(either positive or negative) is received from interface of device
27-29. 6. Response is relayed to Gateway 22. 7. If successful user
HTTP connection is redirected to remote HTTP service on gateway 22.
8. If non-successful user is notified and alert raised to
monitoring personnel
[0075] Case 2: Dynamic assignment is achieved by request for IP
address assignment from dynamic host configuration service (local
to end-point router) initiated by endpoint router based on
connection parameter (from the connection profile) encapsulated in
the request packet received from the server node 20.
1. Service Node 20 encapsulates connection parameters from
connection profile in request packet which is sent to
communications server 21. 2. Communications server 21 detects
request packet received from service node 20. 3. Communications
server 21 detects queries DHC server with connection parameters. 4.
DHC server dynamically assigns IP address for connection profile to
endpoint gateway 5. Endpoint router reconfigures interface using
connection parameters and IP address 6. Request for response is
delivered to appropriately reconfigured interface. 7. Response
(either positive or negative) is received from interface. 8.
Response is relayed to Gateway Web/Auth Service 9. If successful
user HTTP connection is redirected to remote HTTP service 10. If
non-successful user is notified and alert raised to monitoring
personnel For all dynamic IP address assignment methods, the
allocated IP address is relayed to the home gateway once the
interface is successfully raised (There are several methods. For
instance, PPP can be used to negotiate the IP address to be
assigned to the Home Gateway) Immediately that the interface with
the assigned IP address on the Home Gateway is raised a watchdog
process will bind an instance of the HTTP service to the raised
interface for service of request coming through to that
interface.
2. Local Operation
[0076] A local user can monitor and control devices and appliances
in the user premises through a control terminal incorporating a
display and an input mechanism and running a web browser. The
control terminal can be implemented as a wall mounted display unit
45, a set top box and TV 46, or a PC 47, which runs a web browser.
The user accesses HTML pages on the gateway 22 which provide
monitoring and control services for devices located within the user
premises that are attached to the premises network.
[0077] The gateway web server serves information through HTML pages
to the user. The gateway web server communicates with a Services
Module, which allows the control and monitoring actions to be
performed, and issues requests to the Services Module to fulfil the
user requests. The requests are relayed through the protocol stack
attached to the operating system resident in the gateway to the
target appliances attached to the network. Data is sent or received
from the device is response to the requests. In the case of control
actions, the device performs the action, whilst in the case of
monitoring actions, the device returns the requested data. The
gateway can also acts as a router, so if non-local address is
detected, gateway can raise connection so that non-local IP address
can be accessed across Internet.
3. Alarm Operation
[0078] Devices, such as sensors 49, attached to the user premises
network may generate alert conditions, in response to a condition
detected by a device sensor or to a particular device state. A
special case identified is an alert condition generated by an
intrusion detection or surveillance device.
[0079] A digital security camera 28 is provided and, as shown in
more detail in FIG. 5, incorporates an imaging device 50 for
capturing an image from lens 56, preprocessing unit 51, memory
store 52, compression unit 53, network interface 54 and CPU 55. The
digital security camera is connected to the user premises network
gateway through a physical or wireless network. The gateway 22 and
the camera system 28 communicate through a common protocol. The
imaging device 51 within the digital security camera continuously
records image data, which is then read from the imaging device,
through the pre-processing circuit 51, and written to memory store
52. A compressor 53 reads image data from memory and produces a
compressed version of the image data. The CPU 55 may optionally
analyse the raw image using motion detection and image significance
algorithms programmed into the CPU. If the security system is
armed, and a significant event is detected, an alert condition is
generated and compressed images and other information are
transmitted through the network interface 54, across the user
premises network, to the gateway 22.
[0080] In another embodiment of the security camera, as shown in
FIG. 6, the functionality of the gateway is incorporated directly
into the camera and a telecommunications interface 57 is provided
for direct connection with the communications server.
[0081] Returning to FIG. 1, generally, once an alert condition is
detected by a sensor or other device attached to the user premises
network, information regarding the alert condition is transmitted
via the user premises network 26 to the gateway 22. Software on the
gateway interprets the information in relation to the alert
condition, and may qualify the alert condition with user
pre-programmed qualifiers stored in a database on the gateway 22.
An alarm condition is generated if the logical AND of the alert
condition and corresponding qualifier is TRUE. In response to an
alarm condition, the gateway 22 uses pre-programmed connection
parameters to initiate a connection through the telecommunications
network 24 to a preferred communications server 21 on the provider
network 17. The communications server answers the call and
completes the connection. If there is a fault and a successful
connection to the communications server can not be raised, the
gateway may retrieve from a local database further connection
details for alternative communication servers on the provider
network. Once a successful connection exists between the gateway
and a communication server on the provider network, the gateway and
the communication server negotiate connection parameters and
establish a connection between the user premises network 26 and the
provider network. This process identifies the user premises
network, and hence the associated user, to the provider network 17.
Information in relation to the alarm condition is transmitted from
the user premises network 26 to the provider network 17. Software
running on the provider network processes the alarm condition, and
transmits an alarm state to a monitoring console. In addition,
pre-programmed alarm actions in relation to the user are retrieved
from a user database 18 on the provider network, and all actions
identified are automatically performed. These may include automatic
notification of the alarm condition to the user through mechanisms
such as, but not limited to: e-mail, pager, and telephone. In
addition, all data associated with the alarm condition transmitted
from the user premises network to the provider network is stored in
a secure repository within the provider network. User
pre-programmed qualifiers may gate access to this recorded
surveillance data by authorised monitoring personnel. The data is
accessible to the user in their private storage area, and may be
viewed from their web browser.
[0082] Further modifications and applications are possible. For
example, the connection gateways could form nodes of a distributed
computing environment that may be allocated by the extranet on a
demand basis to facilitate supercomputer type calculations.
[0083] It would be appreciated by a person skilled in the art that
numerous variations and/or modifications may be made to the present
invention as shown in the preferred embodiment without departing
from the spirit or scope of the invention as broadly described. The
preferred embodiment is, therefore, to be considered in all
respects to be illustrative and not restrictive.
* * * * *