CN103067282A

CN103067282A - Data backup method, device and system

Info

Publication number: CN103067282A
Application number: CN2012105862299A
Authority: CN
Inventors: 聂成蛟
Original assignee: Huawei Technologies Co Ltd
Current assignee: Guangdong Gaohang Intellectual Property Operation Co ltd; Yuying School Yongnian District Handan City
Priority date: 2012-12-28
Filing date: 2012-12-28
Publication date: 2013-04-24
Anticipated expiration: 2032-12-28
Also published as: CN103067282B

Abstract

The invention provides a data backup method, a device and a system. The data backup method thereof comprises that a message which is sent form a mobile terminal through a first virtual private network (VPN) channel can be received. The first VPN channel is a VPN channel between the mobile terminal and the first VPN channel. An objective internet protocol (IP) address in the message can be acquired. The objective IP address is a private IP address of an objective server. The message passes through a second VPN channel to be sent to the objective server which correspond s to the objective IP address. The second VPN channel is a VPN channel between the objective server and the second VPN channel to supply the objective server to acquire objective data from the message and the objective data can be in back-up. The data can be in back-up without the need of connecting the mobile terminal with the personal computer (PC) through a data line. When the server is in a state of starting up, the mobile terminal can be used for sending the data that need to be backupped to the corresponding objective server through mobile internet and a backup controller at any time any where. The convenience and efficiency of the data in the mobile terminal being backupped can be effectively improved.

Description

Data back up method, Apparatus and system

Technical field

The embodiment of the invention relates to the communication technology and computer technology, relates in particular to a kind of data back up method, Apparatus and system.

Background technology

Along with the development of mobile communication technology and intelligent terminal, intelligent terminal not only function becomes increasingly abundant, and memory capacity is also increasing.Especially along with the third generation (3rd-generation, 3G) the development of mobile communication technology, larger data network bandwidth provides more easily transmission channel for intelligent terminal, so that intelligent terminal is increasing in the data volume that conventional internet or mobile Internet transmit.For example, the communication class data such as information of address list, short message and various instant messagings; The amusement such as picture and video class data; The office class data such as mail, calendar stroke planning are the data that may store in the intelligent terminal.

Because the user strengthens gradually to the dependence of intelligent terminal, so that the importance of the data of storing correspondingly increases on the intelligent terminal, therefore, in order to guarantee the fail safe of data, need to back up the data of storing on the intelligent terminal.At present, the backup mode that generally adopts is to utilize data wire that intelligent terminal is connected on the personal computer (personal computer, PC), thereby the data on the intelligent terminal are backuped among the PC.For example, utilize data wire intelligent terminal to be connected to USB (the Universal Serial BUS of PC, USB) on the port, since the USB normalized definition content of the each side such as the electrical standard of physical criterion, connecting line of interface of communicating pair and transport protocol standard, therefore, even intelligent terminal and PC are produced by different vendor, as long as communicating pair is followed the USB standard, can connect by the USB connecting line, and carry out transfer of data, thereby the data on the intelligent terminal are backuped among the PC.

But, because when the data in the intelligent terminal are backed up, need first this intelligent terminal to be connected to the PC for backup, if intelligent terminal is not connected on the PC and then can't carries out data backup, therefore, there is certain limitation in the method that in the prior art data in the intelligent terminal is backed up.

Summary of the invention

It is a kind of for data back up method, Apparatus and system that the embodiment of the invention provides, and there is certain limitation in the method that the data in the intelligent terminal is backed up for the solution prior art.

First aspect of the embodiment of the invention provides a kind of data back up method, comprising:

The message that mobile terminal receive sends by the first virtual private network passage, a described VPN passage be and described portable terminal between the VPN passage;

Obtain the purpose Internet protocol IP address in the described message, described purpose IP address is the private IP address of destination server;

Described message is passed through the 2nd VPN passage, send to described destination server corresponding to described purpose IP address, described the 2nd VPN passage be and described destination server between the VPN passage, from described message, obtain target data for described destination server, and described target data is backed up.

In conjunction with the data back up method of first aspect, in the possible implementation of the first, before the message of described mobile terminal receive by VPN passage transmission, described method also comprises:

Receive the first solicited message that described portable terminal sends, carry username and password in described the first solicited message, be used for request and set up a described VPN passage;

If find identical with described password with described user name respectively username and password, then judge whether to exist described destination server, described destination server is the server corresponding with described user name;

If find described destination server, then described purpose IP address is sent to described portable terminal, for described portable terminal described purpose IP address is encapsulated in the described message.

In conjunction with the possible implementation of the first of first aspect, in the possible implementation of the second, before the first solicited message that the described portable terminal of described reception sends, described method also comprises:

Receive the second solicited message that described destination server sends, carry described user name and described password in described the second solicited message, be used for request and set up described the 2nd VPN passage;

If find identical with described password with described user name respectively username and password, then distribute described purpose IP address for described destination server, and set up the corresponding relation of described destination server and described user name.

In conjunction with the data back up method that first aspect provides, in the third possible implementation, described method also comprises:

Described destination server is monitored;

And if the communication connection between the described destination server disconnects, then delete the corresponding relation of described destination server and described user name, and discharge described purpose IP address.

In conjunction with first aspect or first to three kind of possible implementation, in the 4th kind of possible implementation, described message is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

Second aspect of the embodiment of the invention provides a kind of data back up method, comprising:

Send message by the VPN passage to backup controller, carry purpose IP address in the described message, described purpose IP address is that described backup controller is the private IP address that destination server distributes, for described backup controller according to the described purpose IP address that from described message, gets access to, with described message by and described destination server between the VPN passage, send to described destination server, so that described destination server obtains target data from described message, and described target data is backed up.

The data back up method that provides in conjunction with second aspect, in the possible implementation of the first, described send message by the VPN passage to backup controller before, described method also comprises:

Send the first solicited message to described backup controller, carry first user name and first password in described the first solicited message, be used for request and set up described VPN passage;

Receive described backup controller and finding identical with described first password with described first user name respectively username and password, and find after the described destination server corresponding with described first user name the described purpose IP address of returning.

The data back up method that provides in conjunction with second aspect, in the possible implementation of the second, described send message by the VPN passage to backup controller before, described method also comprises:

Send connectivity request message by described VPN passage to described backup controller, carry digital certificate in the described connectivity request message, comprise issuer information in the described digital certificate, so that described backup controller is transmitted to described destination server with described connectivity request message;

Receive described destination server after finding the digital certificate corresponding with described issuer information, the successful connection information of returning by described backup controller.

In conjunction with the possible implementation of the second of second aspect, in the third possible implementation, described send message by the VPN passage to backup controller before, described method also comprises:

Send the second solicited message by described VPN passage to described backup controller, carry the second user name and the second password in described the second solicited message, so that described backup controller is transmitted to described destination server with described the second solicited message;

Receive described destination server after finding identical with described the second password with described the second user name respectively username and password, the authentication success message that returns by described backup controller.

In conjunction with second aspect or first to three kind of possible implementation, in the 4th kind of possible implementation, described message is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The 3rd aspect of the embodiment of the invention provides a kind of data back up method, comprising:

Receive the message that backup controller sends by the VPN passage, described message be portable terminal by and described backup controller between the VPN passage send to described backup controller, by the message that described backup controller is transmitted according to the purpose IP address in the described message, described purpose IP address is private IP address;

From described message, obtain target data, and described target data is backed up.

In conjunction with the 3rd data back up method that the aspect provides, in the possible implementation of the first, before the message of described reception backup controller by the transmission of VPN passage, described method also comprises:

Receive described backup controller after finding identical with described first password with described first user name respectively username and password, the described purpose IP address of distribution.

In conjunction with the 3rd data back up method that the aspect provides, in the possible implementation of the second, before the message of described reception backup controller by the transmission of VPN passage, described method also comprises:

Receive described backup controller by the connectivity request message that described VPN passage sends, carry the digital certificate of described portable terminal in the described connectivity request message, comprise issuer information in the described digital certificate;

After finding the digital certificate corresponding with described issuer information, return successful connection information by described backup controller to described portable terminal.

In conjunction with the possible implementation of the second of the 3rd aspect, in the third possible implementation, before the message of described reception backup controller by the transmission of VPN passage, described method also comprises:

Receive described backup controller by the second solicited message that described VPN passage sends, carry the second user name and the second password that described portable terminal sends in described the second solicited message;

After finding identical with described the second password with described the second user name respectively username and password, by described backup controller to described portable terminal return authentication successful information.

In conjunction with the 3rd aspect or first to three kind of possible implementation, in the 4th kind of possible implementation, described message is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The 4th aspect of the embodiment of the invention provides a kind of backup controller, comprising:

Receiving element is used for the message that mobile terminal receive sends by a VPN passage, a described VPN passage be and described portable terminal between the VPN passage;

Acquiring unit, for the purpose Internet protocol IP address that obtains described message, described purpose IP address is the private IP address of destination server;

Transmitting element, be used for described message by the 2nd VPN passage, send to described destination server corresponding to described purpose IP address, described the 2nd VPN passage be and described destination server between the VPN passage, from described message, obtain target data for described destination server, and described target data is backed up.

In conjunction with the 4th backup controller that the aspect provides, in the possible implementation of the first, described receiving element also is used for:

Before receiving described message, receive the first solicited message that described portable terminal sends, carry username and password in described the first solicited message, be used for request and set up a described VPN passage;

Correspondingly, described backup controller also comprises:

Processing unit is used for judging whether to exist described destination server when finding identical with described password with described user name respectively username and password, and described destination server is the server corresponding with described user name;

Correspondingly, described transmitting element also is used for, and when finding described destination server, described purpose IP address is sent to described portable terminal, for described portable terminal described purpose IP address is encapsulated in the described message.

In conjunction with the possible implementation of the first of the 4th aspect, in the possible implementation of the second, described receiving element also is used for:

Before receiving described the first solicited message, receive the second solicited message that described destination server sends, carry described user name and described password in described the second solicited message, be used for request and set up described the 2nd VPN passage;

Correspondingly, described processing unit also is used for:

When finding identical with described password with described user name respectively username and password, for described destination server distributes described purpose IP address, and set up the corresponding relation of described destination server and described user name.

In conjunction with the 4th backup controller that the aspect provides, in the third possible implementation, described backup controller also comprises:

Monitoring unit is used for described destination server is monitored;

Correspondingly, described processing unit also is used for:

And described destination server between communication connection when disconnecting, delete the corresponding relation of described destination server and described user name, and discharge described purpose IP address.

In conjunction with the 4th aspect or first to three kind of possible implementation, in the 4th kind of possible implementation, the described message that described receiving element receives is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The 5th aspect of the embodiment of the invention provides a kind of portable terminal, comprising:

Transmitting element, be used for sending message by the VPN passage to backup controller, carry purpose IP address in the described message, described purpose IP address is that described backup controller is the private IP address that destination server distributes, for described backup controller according to the described purpose IP address that from described message, gets access to, with described message by and described destination server between the VPN passage, send to described destination server, so that described destination server obtains target data from described message, and described target data is backed up.

In conjunction with the 5th portable terminal that the aspect provides, in the possible implementation of the first, described transmitting element also is used for:

Before sending described message, send the first solicited message to described backup controller, carry first user name and first password in described the first solicited message, be used for request and set up described VPN passage;

Correspondingly, described portable terminal also comprises:

Receiving element, be used for receiving described backup controller and finding identical with described first password with described first user name respectively username and password, and find after the described destination server corresponding with described first user name the described purpose IP address of returning.

In conjunction with the 5th portable terminal that the aspect provides, in the possible implementation of the second, described transmitting element also is used for:

Before sending described message, send connectivity request message by described VPN passage to described backup controller, carry digital certificate in the described connectivity request message, comprise issuer information in the described digital certificate, so that described backup controller is transmitted to described destination server with described connectivity request message;

Correspondingly, described receiving element also is used for:

In conjunction with the possible implementation of the second of the 5th aspect, in the third possible implementation, described transmitting element also is used for:

Before sending described message, send the second solicited message by described VPN passage to described backup controller, carry the second user name and the second password in described the second solicited message, so that described backup controller is transmitted to described destination server with described the second solicited message;

Correspondingly, described receiving element also is used for:

In conjunction with the 5th aspect or first to three kind of possible implementation, in the 4th kind of possible implementation, the described message that described transmitting element sends is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The 6th aspect of the embodiment of the invention provides a kind of server, comprising:

Receiving element, be used for receiving the message that backup controller sends by the VPN passage, described message be portable terminal by and described backup controller between the VPN passage send to described backup controller, by the message that described backup controller is transmitted according to the purpose IP address in the described message, described purpose IP address is private IP address;

Processing unit is used for obtaining target data from described message, and described target data is backed up.

In conjunction with the 6th server that the aspect provides, in the possible implementation of the first, described server also comprises:

Transmitting element is used for sending the first solicited message to described backup controller before described receiving element receives described message, carries first user name and first password in described the first solicited message, is used for request and sets up described VPN passage;

Correspondingly, described receiving element also is used for:

In conjunction with the 6th server that the aspect provides, in the possible implementation of the second, described receiving element also is used for:

Before receiving described message, receive described backup controller by the connectivity request message that described VPN passage sends, carry the digital certificate of described portable terminal in the described connectivity request message, comprise issuer information in the described digital certificate;

Correspondingly, described transmitting element also is used for:

In conjunction with the possible implementation of the second of the 6th aspect, in the third possible implementation, described receiving element also is used for:

Before receiving described message, receive described backup controller by the second solicited message that described VPN passage sends, carry the second user name and the second password that described portable terminal sends in described the second solicited message;

Correspondingly, described transmitting element also is used for:

To the third possible implementation, in the 4th kind of possible implementation, the described message that described receiving element receives is the message of encrypting through the DTLS agreement in conjunction with the 6th aspect or first, or the message of process ssl protocol encryption.

Seven aspects of the embodiment of the invention provide a kind of data backup system, comprise above-mentioned backup controller, at least one portable terminal and at least one server; Communicate to connect between described backup controller, described portable terminal and the described server.

The data back up method that the embodiment of the invention provides, Apparatus and system, when portable terminal need to carry out data backup, with the data of needs backups and the purpose IP address that is used for carrying out the destination server of data backup, be encapsulated in the message, with this message by and backup controller between the VPN passage send to backup controller; Backup controller is after receiving message, from this message, obtain purpose IP address, by the VPN passage between the destination server corresponding with this purpose IP address, message is sent to this destination server, by this destination server the target data in the message that receives is backed up, thereby not needing that portable terminal is connected to PC by data wire upward backs up data, when server is in open state, portable terminal can will need the data that back up whenever and wherever possible by mobile Internet, send to corresponding destination server by backup controller, effectively improved convenience and efficient that the data in the portable terminal are backed up.

Description of drawings

The flow chart of the data back up method that Fig. 1 provides for the embodiment of the invention;

The flow chart of another data back up method that Fig. 2 provides for the embodiment of the invention;

The flow chart of the another data back up method that Fig. 3 provides for the embodiment of the invention;

The flow chart of the another data back up method that Fig. 4 provides for the embodiment of the invention;

The flow chart of the another data back up method that Fig. 5 provides for the embodiment of the invention;

The flow chart of the another data back up method that Fig. 6 provides for the embodiment of the invention;

The flow chart of the another data back up method that Fig. 7 provides for the embodiment of the invention;

The structural representation of the backup controller that Fig. 8 a provides for the embodiment of the invention;

The structural representation of another backup controller that Fig. 8 b provides for the embodiment of the invention;

The structural representation of the another backup controller that Fig. 8 c provides for the embodiment of the invention;

The structural representation of the portable terminal that Fig. 9 a provides for the embodiment of the invention;

The structural representation of another portable terminal that Fig. 9 b provides for the embodiment of the invention;

The structural representation of the another portable terminal that Fig. 9 c provides for the embodiment of the invention;

The structural representation of the server that Figure 10 a provides for the embodiment of the invention;

The structural representation of another server that Figure 10 b provides for the embodiment of the invention;

The structural representation of the another server that Figure 10 c provides for the embodiment of the invention;

The structural representation of the data backup system that Figure 11 provides for the embodiment of the invention.

Embodiment

In the data back up method that various embodiments of the present invention provide, at the long-range backup controller that increased newly.User's portable terminal can utilize mobile Internet and backup controller communication connection, and backup controller can utilize the Internet to be connected with the server communication that is used for store backup data.When server was in open state, portable terminal can pass through backup controller whenever and wherever possible, and the data that needs are backed up send to server.

When if server is positioned at local area network (LAN), can communicate by proxy gateway and backup controller; When if server is positioned at wide area network, then do not need to communicate by proxy gateway and backup controller.

Backup controller can be connected with one or more communication of mobile terminal, also can with are connected server communication and connect.Wherein, portable terminal can be the terminal equipments such as mobile phone, notebook computer or panel computer; Server can be user's PC, and in other words, server is that the user of portable terminal can operate the PC of control, and is not to be the server in high in the clouds.Each portable terminal can send to one or more servers with the data of needs backup.Each server can receive the data of the needs backup of one or more portable terminals transmissions.

The flow chart of the data back up method that Fig. 1 provides for the embodiment of the invention, as shown in Figure 1, the method comprises:

101, mobile terminal receive is by the message of the first Virtual Private Network (Virtual Private Network, VPN) passage transmission.Wherein, a described VPN passage be and described portable terminal between the VPN passage.

Concrete, utilize a VPN passage to communicate between backup controller and the portable terminal, and utilize the 2nd VPN passage to communicate between the server.When the user need to back up the data in the portable terminal, the data encapsulation of needs backups in message, is sent to backup controller with this message.

102, obtain purpose Internet protocol (Internet Protocol, IP) address in the described message.Wherein, described purpose IP address is the private IP address of destination server.

Concrete, portable terminal has carried the purpose IP address of server in sending to the message of backup controller, below server corresponding to purpose IP address is called destination server.Backup controller gets access to this purpose IP address from message after receiving message.According to this purpose IP address, backup controller can send to this message destination server corresponding to this purpose IP address.

The purpose IP address of destination server can be the private IP address of its distribution for backup controller in advance.The IP address of private IP address in the Virtual Private Network that backup controller and at least one server form, using.Correspondingly, portable terminal is after destination server has distributed private IP address at backup controller, can know from backup controller the purpose IP address of destination server.

103, described message is passed through the 2nd VPN passage, send to described destination server corresponding to described purpose IP address.Wherein, described the 2nd VPN passage be and described destination server between the VPN passage.Execution in step 103 is for the described destination server of confession obtains target data from described message, and described target data is backed up.

Concrete, backup controller is after getting access to purpose IP address from message, and knowing needs this message is sent to destination server corresponding to this purpose IP address.By and destination server between the 2nd VPN passage, this message is sent to this destination server.

Destination server receives after this message, gets access to target data from this message.The target data of being obtained out is the data that portable terminal need to back up.Correspondingly, destination server backs up this target data, saves as the Backup Data corresponding with this portable terminal.

The data back up method that the embodiment of the invention provides, when portable terminal need to carry out data backup, with the data of needs backups and the purpose IP address that is used for carrying out the destination server of data backup, be encapsulated in the message, with this message by and backup controller between the VPN passage send to backup controller; Backup controller is after receiving message, from this message, obtain purpose IP address, by the VPN passage between the destination server corresponding with this purpose IP address, message is sent to this destination server, by this destination server the target data in the message that receives is backed up, thereby not needing that portable terminal is connected to PC by data wire upward backs up data, when server is in open state, portable terminal can will need the data that back up whenever and wherever possible by mobile Internet, send to corresponding destination server by backup controller, effectively improved convenience and efficient that the data in the portable terminal are backed up.

The flow chart of another data back up method that Fig. 2 provides for the embodiment of the invention, as shown in Figure 2, the method comprises:

201, receive the second solicited message that described destination server sends.Wherein, carry described user name and described password in described the second solicited message, be used for request and set up described the 2nd VPN passage.

Concrete, between each portable terminal and the backup controller, and between each server and the backup controller, can set up first transmission control protocol (Transmission Control Protocol, TCP) and connect.Backup controller distributes corresponding TCP connection identifier for each TCP connects, and distinguishes so that communicating pair can connect different TCP according to the TCP connection identifier.The portable terminal of the following stated is to carry out on the basis that the TCP that both have set up is connected with communication between the backup controller, and backup controller is to carry out on the basis that the TCP that both have set up is connected with communication between the server.

VPN passage between each server and the backup controller need to be set up by sending solicited message by server to backup controller.

The process of setting up of the 2nd VPN passage of above-mentioned destination server and backup controller is that destination server sends the second solicited message to backup controller.In the second solicited message, carry be used to the username and password that authenticates.

Pre-stored in the backup controller have a log-on message, and log-on message is effective username and password.The mode of registration can log in backup controller by portable terminal, server or other PC for the user, registered user name and password on backup controller.

When destination server was set up the 2nd VPN passage to the backup controller request, the username and password that carries in the second solicited message was the effective username and password of registered in advance.

If 202 find identical with described password with described user name respectively username and password, then distribute described purpose IP address for described destination server, and set up the corresponding relation of described destination server and described user name.

Concrete, backup controller from wherein obtaining entrained username and password, and judges whether this username and password is registered effective username and password after receiving the second solicited message.

If backup controller is in registered username and password, if do not find with the second solicited message in the username and password that carries identical username and password respectively, then return the failed information of request to this destination server, to ask failed information to offer the user for this destination server, and be convenient to the user and select as required other mode of operation.

If backup controller is in registered username and password, if find with the second solicited message in the username and password that carries identical username and password respectively, then distribute private IP address for this destination server, the i.e. purpose IP address corresponding with this destination server, and set up the corresponding relation of this destination server and this user name.

If backup controller is in registered username and password, find with the second solicited message in the username and password that carries identical username and password respectively, but in the absence of distributable private IP address, return the failed information of request to this destination server, to ask failed information to offer the user for this destination server, and be convenient to the user and select as required other mode of operation.

Further, described destination server is monitored; And if the communication connection between the described destination server disconnects, then delete the corresponding relation of described destination server and described user name, and discharge described purpose IP address.

Concrete, backup controller namely keeps this destination server is monitored after the corresponding relation of having set up between destination server and the corresponding user name.By keeping the corresponding relation of destination server and corresponding user name, embodying this destination server is the online server corresponding with this user name.When backup controller monitors when disconnecting with the communication connection of this destination server, delete the corresponding relation of this destination server and this user name, thereby namely do not comprise this destination server in the online server corresponding with this user name.Correspondingly, backup controller also will discharge for the private IP address of distributing to destination server, for the server of this private IP address being distributed to other.

203, receive the first solicited message that described portable terminal sends.Wherein, carry username and password in described the first solicited message, be used for request and set up a described VPN passage.

Concrete, the VPN passage between each portable terminal and the backup controller need to be set up by sending solicited message by portable terminal to backup controller.

The process of setting up of the one VPN passage of portable terminal and backup controller is that portable terminal sends the first solicited message to backup controller.In the first solicited message, carry be used to the username and password that authenticates.This username and password is the effective username and password of registered in advance in the backup controller.

Need to prove, the first and second in the first solicited message and the second solicited message, only the naming method for different solicited messages are distinguished does not represent the order between the solicited message.In like manner, a VPN passage and the 2nd VPN passage, only the naming method for different VPN passages is distinguished does not represent the order between the VPN passage.

If 204 find identical with described password with described user name respectively username and password, then judge whether to exist described destination server.Wherein, described destination server is the server corresponding with described user name.

Concrete, backup controller from wherein obtaining entrained username and password, and judges whether this username and password is registered effective username and password after receiving the first solicited message.

If backup controller is in registered username and password, if do not find with the first solicited message in the username and password that carries identical username and password respectively, then return the failed information of request to this portable terminal, to ask failed information to offer the user for this portable terminal, and be convenient to the user and select as required other mode of operation.

If backup controller in registered username and password, if find with the first solicited message in the username and password that carries identical username and password respectively, then judge whether to exist at least one destination server corresponding with this user name.

If 205 find described destination server, then described purpose IP address is sent to described portable terminal.Execution in step 205 is in order for described portable terminal described purpose IP address to be encapsulated in the described message.

Exist after at least one destination server corresponding with this user name if backup controller finds, the purpose IP address of destination server is sent to portable terminal.When if destination server is a plurality of, then backup controller sends to portable terminal with the purpose IP address of each destination server.

Portable terminal receives after the purpose IP address, need to select the destination server of use, and the data of needs backup and the purpose IP address of destination server are encapsulated in the message.The message that portable terminal is finished encapsulation sends to backup controller.

In addition, backup controller also will be for portable terminal distributes source IP address, and this source IP address also is private IP address, that is to say, this source IP address is the private IP address that is applied in the Virtual Private Network that each portable terminal and backup controller form.

206, mobile terminal receive is by the message of VPN passage transmission.

Concrete, can be referring to the implementation described in the step 101.

Further, described message is through datagram type secure transport layers ((Datagram Transport Layer Security, DTLS) message that the message of agreement encryption, or process SSL (Secure Sockets Layer, SSL) agreement is encrypted.

Concrete, the message that portable terminal sends to backup controller can be encrypted by the DTLS agreement, correspondingly, server is decrypted the message that receives according to the DTLS agreement, and backup controller can't be known the key that portable terminal and server negotiate, therefore, backup controller only can be with the message that receives from portable terminal, be transmitted to corresponding server, and can't be from wherein getting access to the target data the message.

Perhaps, the message that portable terminal sends to backup controller can also be encrypted by ssl protocol, correspondingly, server is decrypted the message that receives according to ssl protocol, and backup controller can't be known the key that portable terminal and server negotiate, therefore, backup controller only can be with the message that receives from portable terminal, be transmitted to corresponding server, and can't be from wherein getting access to the target data the message.

When the data that portable terminal backs up needs encapsulate, utilize source IP address, purpose IP address to carry out the encapsulation of IP layer; If what adopt is the DTLS agreement, then utilize the purpose udp port of source user data pack protocol (User Datagram Protocol, UDP) port and destination server to carry out the UDP encapsulation; Then carry out the encapsulation of DTLS agreement; Carry out again the encapsulation of VPN agreement; Carry out sending to backup controller after the encapsulation of TCP layer and IP layer finally by the ICP/IP protocol stack of crossing operating system.

If what adopt is ssl protocol, then utilizing after source IP address, purpose IP address carry out the encapsulation of IP layer, utilize source tcp port and purpose tcp port to carry out the TCP encapsulation; Then carry out the encapsulation of ssl protocol; Carry out again the encapsulation of VPN agreement; Carry out sending to backup controller after the encapsulation of TCP layer and IP layer finally by the ICP/IP protocol stack of crossing operating system.

207, obtain purpose IP address in the described message.

Concrete, can be referring to the implementation described in the step 102.

208, described message is passed through the 2nd VPN passage, send to described destination server corresponding to described purpose IP address.

Concrete, can be referring to the implementation described in the step 103.

Backup controller is after receiving message, and the ICP/IP protocol stack of process operating system carries out the decapsulation of TCP layer and IP layer to this message; And then carry out the decapsulation of VPN agreement; Deblocking takes on purpose IP address again.But because backup controller can't be known between portable terminal and the server based on DTLS agreement or ssl protocol, the encryption key that adopts, therefore backup controller can't decrypt the target data in the message, only after getting access to purpose IP address, with this message repeating to destination server corresponding to purpose IP address.

Destination server is after receiving message, ICP/IP protocol stack through operating system carries out the decapsulation of TCP layer and IP layer to this message, carry out the decapsulation of VPN agreement, deblocking takes on purpose IP address again, and then according to the encryption key based on DTLS agreement or ssl protocol, decrypt the target data in the message.

Utilize such processing mode, backup controller can't be intercepted and captured the target data in the message, the fail safe that has effectively improved transfer of data in transmission course.

The flow chart of the another data back up method that Fig. 3 provides for the embodiment of the invention, executive agent embodiment illustrated in fig. 3 is portable terminal, as shown in Figure 3, the method comprises:

301, send message by the VPN passage to backup controller.

Wherein, carry purpose IP address in the described message, described purpose IP address is that described backup controller is the private IP address that destination server distributes.

Execution in step 301 is the described purpose IP addresses that get access to from described message for for described backup controller basis, with described message by and described destination server between the VPN passage, send to described destination server, so that described destination server obtains target data from described message, and described target data is backed up.

Concrete, can be referring to the implementation described in the step 101.

The flow chart of the another data back up method that Fig. 4 provides for the embodiment of the invention, executive agent embodiment illustrated in fig. 4 is portable terminal, as shown in Figure 4, the method comprises:

401, send the first solicited message to described backup controller.Wherein, carry first user name and first password in described the first solicited message, be used for request and set up described VPN passage.

402, receive described backup controller and finding identical with described first password with described first user name respectively username and password, and find after the described destination server corresponding with described first user name the described purpose IP address of returning.

403, send message by the VPN passage to backup controller.

Concrete, can be referring to the implementation described in the step 203-206.Wherein, first user name and the first password described in the embodiment of the invention is username and password in the various embodiments described above.

The flow chart of the another data back up method that Fig. 5 provides for the embodiment of the invention, executive agent embodiment illustrated in fig. 5 is portable terminal, at execution of step 401-402, set up after the VPN passage between portable terminal and the backup controller, as shown in Figure 5, the method can also comprise:

501, send connectivity request message by described VPN passage to described backup controller.Wherein, carry digital certificate in the described connectivity request message, comprise issuer information in the described digital certificate.Execution in step 501 is in order to make described backup controller that described connectivity request message is transmitted to described destination server.

Concrete, after destination server and portable terminal have been set up the VPN passage with backup controller respectively, between portable terminal and destination server, can also set up the data channel of encrypting message for transmission.

Set up the process of data channel between portable terminal and the destination server, can adopt the authentication mode of digital certificate or the authentication mode of the second cover username and password, perhaps adopt the double authentication mode of both combinations.

When adopting the authentication mode of digital certificate, portable terminal sends connectivity request message by the VPN passage between itself and the backup controller to backup controller.In this connectivity request message, carry digital certificate, comprise issuer information in this digital certificate.

Backup controller receives after this connectivity request message, and the purpose IP address according to carrying in the connectivity request message is transmitted to destination server with this connectivity request message.

502, receive described destination server after finding the digital certificate corresponding with described issuer information, the successful connection information of returning by described backup controller.

Concrete, destination server receives after the connectivity request message of backup controller forwarding, obtains issuer information entrained in the connectivity request message.

Pre-stored in the destination server have a digital certificate, comprises the information of the issuer of issuing this digital certificate in this digital certificate.

Whether destination server is judged consistent with the issuer information of its digital certificate of storing according to the issuer information in the connectivity request message that receives.If consistent, then destination server is judged this mobile terminal authentication success, correspondingly, returns the information of successful connection to portable terminal; If inconsistent, then destination server is judged this mobile terminal authentication failure, correspondingly, returns the information of connection failure to portable terminal.

Wherein, the mode of utilizing digital certificate to authenticate can adopt with the DTLS agreement in the similar mode of digital certificate authentication, this time do not giving unnecessary details.

503, send the second solicited message by described VPN passage to described backup controller.Wherein, carry the second user name and the second password in described the second solicited message.Execution in step 503 is in order to make described backup controller that described the second solicited message is transmitted to described destination server.

Concrete, can also adopt the mode of the second cover username and password to authenticate between portable terminal and the destination server.The second solicited message in the embodiment of the invention is different from the second solicited message among the embodiment shown in Figure 2.The first solicited message described in Fig. 2 and the second solicited message are the solicited messages that sends to backup controller for distinguishing portable terminal and destination server; The first solicited message described in Fig. 4 and Fig. 5 and the second solicited message are to be used for the solicited message that authenticates at backup controller for distinguishing portable terminal, and are used for the solicited message that authenticates at destination server.

Pre-stored in destination server have the second user name and the second password, is used for portable terminal is authenticated.

Portable terminal sends to backup controller with the second solicited message described in the embodiment of the invention, is transmitted to destination server by backup controller.

504, receive described destination server after finding identical with described the second password with described the second user name respectively username and password, the authentication success message that returns by described backup controller.

Destination server is searched in the username and password of storing, if find and this second user name and the second password identical username and password respectively, then by backup controller to portable terminal return authentication successful information; If find and this second user name and the second password identical username and password respectively, then by backup controller to portable terminal return authentication failure information.

Wherein, the first and second in first user name and first password and the second user name and the second password is only for overlapping the naming method that username and password is independently distinguished, the not order between representative of consumer name and the password to two.

Need to prove, step 501-502 and step 503-504 are optional operating procedure.In the situation that adopt step 503-504, step 503-504 can also carry out before step 501-502, and this mode does not illustrate in the drawings.In the situation that adopt step 503-504, also can not adopt step 501-502, this mode does not illustrate in the drawings yet.

505, send message by the VPN passage to backup controller.

Portable terminal sends the mode of message to backup controller by the VPN passage after receiving successful connection information and/or authentication success message, can be referring to the implementation described in the step 301.

Further, described message is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The flow chart of the another data back up method that Fig. 6 provides for the embodiment of the invention, executive agent embodiment illustrated in fig. 6 is server, as shown in Figure 6, the method comprises:

601, receive the message that backup controller sends by the VPN passage.

Wherein, described message be portable terminal by and described backup controller between the VPN passage send to described backup controller, by the message that described backup controller is transmitted according to the purpose IP address in the described message, described purpose IP address is private IP address.

602, from described message, obtain target data, and described target data is backed up.

Concrete, can be referring to the implementation described in the step 103.

The flow chart of the another data back up method that Fig. 7 provides for the embodiment of the invention, executive agent embodiment illustrated in fig. 7 is server, as shown in Figure 7, the method comprises:

701, send the first solicited message to described backup controller.Wherein, carry first user name and first password in described the first solicited message, be used for request and set up described VPN passage.

Concrete, can be referring to the implementation described in the step 201, the first solicited message described in Fig. 7 is the second solicited message described in Fig. 2.

702, receive described backup controller after finding identical with described first password with described first user name respectively username and password, the described purpose IP address of distribution.

Concrete, can be referring to the implementation described in the step 202.

703, receive the connectivity request message that described backup controller sends by described VPN passage.Wherein, carry the digital certificate of described portable terminal in the described connectivity request message, comprise issuer information in the described digital certificate.

Concrete, can be referring to the implementation described in the step 501.

704, after finding the digital certificate corresponding with described issuer information, return successful connection information by described backup controller to described portable terminal.

Concrete, can be referring to the implementation described in the step 502.

705, receive the second solicited message that described backup controller sends by described VPN passage.Wherein, carry the second user name and the second password that described portable terminal sends in described the second solicited message.

Concrete, can be referring to the implementation described in the step 503.

706, after finding identical with described the second password with described the second user name respectively username and password, by described backup controller to described portable terminal return authentication successful information.

Concrete, can be referring to the implementation described in the step 504.

Need to prove, step 703-704 and step 705-706 are optional operating procedure.In the situation that adopt step 705-706, step 705-706 can also carry out before step 703-704, and this mode does not illustrate in the drawings.In the situation that adopt step 705-706, also can not adopt step 703-704, this mode does not illustrate in the drawings yet.

707, receive the message that backup controller sends by the VPN passage.

Concrete, can be referring to the implementation described in the step 505.

708, from described message, obtain target data, and described target data is backed up.

Concrete, can be referring to the implementation described in the step 103.

The structural representation of the backup controller that Fig. 8 a provides for the embodiment of the invention, shown in Fig. 8 a, this backup controller comprises receiving element 11, acquiring unit 12 and transmitting element 13.

Receiving element 11 is used for the message that mobile terminal receive sends by a VPN passage, a described VPN passage be and described portable terminal between the VPN passage;

Acquiring unit 12, for the purpose Internet protocol IP address that obtains described message, described purpose IP address is the private IP address of destination server;

Transmitting element 13, be used for described message by the 2nd VPN passage, send to described destination server corresponding to described purpose IP address, described the 2nd VPN passage be and described destination server between the VPN passage, from described message, obtain target data for described destination server, and described target data is backed up.

The structural representation of another backup controller that Fig. 8 b provides for the embodiment of the invention, shown in Fig. 8 b, this backup controller can also comprise processing unit 14.

Described receiving element 11 also is used for, and before receiving described message, receives the first solicited message that described portable terminal sends, and carries username and password in described the first solicited message, is used for request and sets up a described VPN passage;

Processing unit 14 is used for judging whether to exist described destination server when finding identical with described password with described user name respectively username and password, and described destination server is the server corresponding with described user name;

Correspondingly, described transmitting element 13 also is used for, and when finding described destination server, described purpose IP address is sent to described portable terminal, for described portable terminal described purpose IP address is encapsulated in the described message.

Further, described receiving element 11 also is used for, and before receiving described the first solicited message, receives the second solicited message that described destination server sends, carry described user name and described password in described the second solicited message, be used for request and set up described the 2nd VPN passage;

Correspondingly, described processing unit 14 also is used for:

Further, this backup controller can also comprise monitoring unit 15.

Monitoring unit 15 is used for described destination server is monitored;

Correspondingly, described processing unit 14 also is used for:

Further, the described message that described receiving element 11 receives is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The structural representation of the another backup controller that Fig. 8 c provides for the embodiment of the invention, shown in Fig. 8 c, this backup controller comprises: processor 21, memory 22, bus 23 and communication interface 24.Connect by bus 23 between processor 21, memory 22 and the communication interface 24 and finish mutual communication.

Processor 21 may be monokaryon or multinuclear CPU (Central Processing Unit, CPU), perhaps be specific integrated circuit (Application Specific Integrated Circuit, ASIC), perhaps for being configured to implement one or more integrated circuits of the embodiment of the invention.

Memory 22 can be the high-speed RAM memory, also can be nonvolatile memory (non-volatile memory), for example at least one magnetic disc store.

Communication interface 24 is used for the message that mobile terminal receive sends by a VPN passage, a described VPN passage be and described portable terminal between the VPN passage.

Memory 22 is used for depositing program 221.Concrete, can comprise program code in the program 221, described program code comprises computer-managed instruction.

Processor 21 working procedures 221, to carry out:

Concrete, the backup controller in the various embodiments of the present invention carries out the method for data backup, can be referring to the operating procedure described in the embodiment of the method for above-mentioned correspondence, and this repeats no more.

The backup controller that the embodiment of the invention provides, by and portable terminal between the VPN passage, data that mobile terminal receive backs up as required and be used for are carried out the message after the purpose IP address encapsulation of destination server of data backup, from this message, obtain purpose IP address, by the VPN passage between the destination server corresponding with this purpose IP address, message is sent to this destination server, by this destination server the target data in the message that receives is backed up, thereby not needing that portable terminal is connected to PC by data wire upward backs up data, when server is in open state, portable terminal can will need the data that back up whenever and wherever possible by mobile Internet, send to corresponding destination server by backup controller, effectively improved convenience and efficient that the data in the portable terminal are backed up.

The structural representation of the portable terminal that Fig. 9 a provides for the embodiment of the invention, shown in Fig. 9 a, this portable terminal comprises:

Transmitting element 31, be used for sending message by the VPN passage to backup controller, carry purpose IP address in the described message, described purpose IP address is that described backup controller is the private IP address that destination server distributes, for described backup controller according to the described purpose IP address that from described message, gets access to, with described message by and described destination server between the VPN passage, send to described destination server, so that described destination server obtains target data from described message, and described target data is backed up.

The structural representation of another portable terminal that Fig. 9 b provides for the embodiment of the invention, shown in Fig. 9 b, this portable terminal can also comprise receiving element 32.

Described transmitting element 31 also is used for, and before sending described message, sends the first solicited message to described backup controller, carries first user name and first password in described the first solicited message, is used for request and sets up described VPN passage;

Correspondingly, receiving element 32, be used for receiving described backup controller and finding identical with described first password with described first user name respectively username and password, and find after the described destination server corresponding with described first user name the described purpose IP address of returning.

Further, described transmitting element 31 also is used for, before sending described message, send connectivity request message by described VPN passage to described backup controller, carry digital certificate in the described connectivity request message, comprise issuer information in the described digital certificate, so that described backup controller is transmitted to described destination server with described connectivity request message;

Correspondingly, described receiving element 32 also is used for, and receives described destination server after finding the digital certificate corresponding with described issuer information, the successful connection information of returning by described backup controller.

Further, described transmitting element 31 also is used for, before sending described message, send the second solicited message by described VPN passage to described backup controller, carry the second user name and the second password in described the second solicited message, so that described backup controller is transmitted to described destination server with described the second solicited message;

Correspondingly, described receiving element 32 also is used for, and receives described destination server after finding identical with described the second password with described the second user name respectively username and password, the authentication success message that returns by described backup controller.

Further, the described message that described transmitting element 31 sends is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The structural representation of the another portable terminal that Fig. 9 c provides for the embodiment of the invention, shown in Fig. 9 c, this portable terminal comprises: processor 41, memory 42, bus 43 and communication interface 44.Connect by bus 43 between processor 41, memory 42 and the communication interface 44 and finish mutual communication.

Processor 41 may be monokaryon or multinuclear CPU (Central Processing Unit, CPU), perhaps be specific integrated circuit (Application Specific Integrated Circuit, ASIC), perhaps for being configured to implement one or more integrated circuits of the embodiment of the invention.

Memory 42 can be the high-speed RAM memory, also can be nonvolatile memory (non-volatile memory), for example at least one magnetic disc store.

Communication interface 44 is used for sending message to backup controller.

Memory 42 is used for depositing program 421.Concrete, can comprise program code in the program 421, described program code comprises computer-managed instruction.

Processor 41 working procedures 421, to carry out:

Described message is sent to described backup controller by the VPN passage, carry purpose IP address in the described message, described purpose IP address is that described backup controller is the private IP address that destination server distributes, for described backup controller according to the described purpose IP address that from described message, gets access to, with described message by and described destination server between the VPN passage, send to described destination server, so that described destination server obtains target data from described message, and described target data is backed up.

Concrete, the portable terminal in the various embodiments of the present invention carries out the method for data backup, can be referring to the operating procedure described in the embodiment of the method for above-mentioned correspondence, and this repeats no more.

The portable terminal that the embodiment of the invention provides, when needs carry out data backup, with the data of needs backups and the purpose IP address that is used for carrying out the destination server of data backup, be encapsulated in the message, with this message by and backup controller between the VPN passage send to backup controller; Backup controller is after receiving message, from this message, obtain purpose IP address, by the VPN passage between the destination server corresponding with this purpose IP address, message is sent to this destination server, by this destination server the target data in the message that receives is backed up, thereby not needing that portable terminal is connected to PC by data wire upward backs up data, when server is in open state, portable terminal can will need the data that back up whenever and wherever possible by mobile Internet, send to corresponding destination server by backup controller, effectively improved convenience and efficient that the data in the portable terminal are backed up.

The structural representation of the server that Figure 10 a provides for the embodiment of the invention, shown in Figure 10 a, this server comprises: receiving element 51 and processing unit 52.

Receiving element 51, be used for receiving the message that backup controller sends by the VPN passage, described message be portable terminal by and described backup controller between the VPN passage send to described backup controller, by the message that described backup controller is transmitted according to the purpose IP address in the described message, described purpose IP address is private IP address;

Processing unit 52 is used for obtaining target data from described message, and described target data is backed up.

The structural representation of another server that Figure 10 b provides for the embodiment of the invention, shown in Figure 10 b, this server can also comprise transmitting element 53.

Transmitting element 53 is used for sending the first solicited message to described backup controller before described receiving element 51 receives described message, carries first user name and first password in described the first solicited message, is used for request and sets up described VPN passage;

Correspondingly, described receiving element 51 also is used for:

Further, described receiving element 51 also is used for, and before receiving described message, receives the connectivity request message that described backup controller sends by described VPN passage, carry the digital certificate of described portable terminal in the described connectivity request message, comprise issuer information in the described digital certificate;

Correspondingly, described transmitting element 53 also is used for, and after finding the digital certificate corresponding with described issuer information, returns successful connection information by described backup controller to described portable terminal.

Further, described receiving element 51 also is used for, before receiving described message, receive described backup controller by the second solicited message that described VPN passage sends, carry the second user name and the second password that described portable terminal sends in described the second solicited message;

Correspondingly, described transmitting element 53 also is used for, after finding identical with described the second password with described the second user name respectively username and password, by described backup controller to described portable terminal return authentication successful information.

Further, the described message that described receiving element 51 receives is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

The structural representation of the another server that Figure 10 c provides for the embodiment of the invention, shown in Figure 10 c, this server comprises: processor 61, memory 62, bus 63 and communication interface 64.Connect by bus 63 between processor 61, memory 62 and the communication interface 64 and finish mutual communication.

Processor 61 may be monokaryon or multinuclear CPU (Central Processing Unit, CPU), perhaps be specific integrated circuit (Application Specific Integrated Circuit, ASIC), perhaps for being configured to implement one or more integrated circuits of the embodiment of the invention.

Memory 62 can be the high-speed RAM memory, also can be nonvolatile memory (non-volatile memory), for example at least one magnetic disc store.

Communication interface 64, be used for receiving the message that backup controller sends by the VPN passage, described message be portable terminal by and described backup controller between the VPN passage send to described backup controller, by the message that described backup controller is transmitted according to the purpose IP address in the described message, described purpose IP address is private IP address;

Memory 62 is used for depositing program 621.Concrete, can comprise program code in the program 621, described program code comprises computer-managed instruction.

Processor 61 working procedures 621, to carry out:

Concrete, the server in the various embodiments of the present invention carries out the method for data backup, can be referring to the operating procedure described in the embodiment of the method for above-mentioned correspondence, and this repeats no more.

The server that the embodiment of the invention provides, by portable terminal when needs carry out data backup, with the data of needs backups and the purpose IP address that is used for carrying out the destination server of data backup, be encapsulated in the message, with this message by and backup controller between the VPN passage send to backup controller; Backup controller is after receiving message, from this message, obtain purpose IP address, by the VPN passage between the destination server corresponding with this purpose IP address, message is sent to this destination server, by this destination server the target data in the message that receives is backed up, thereby not needing that portable terminal is connected to PC by data wire upward backs up data, when server is in open state, portable terminal can will need the data that back up whenever and wherever possible by mobile Internet, send to corresponding destination server by backup controller, effectively improved convenience and efficient that the data in the portable terminal are backed up.

The structural representation of the data backup system that Figure 11 provides for the embodiment of the invention, as shown in figure 11, this data backup system comprises backup controller 1, at least one portable terminal 2 and at least one server 3.Communication connection between described backup controller 1, described portable terminal 2 and the described server 3.

Concrete, the data backup system in the various embodiments of the present invention is carried out the method for data backup, can be referring to the operating procedure described in the embodiment of the method for above-mentioned correspondence, and this repeats no more.

The data backup system that the embodiment of the invention provides, when portable terminal need to carry out data backup, with the data of needs backups and the purpose IP address that is used for carrying out the destination server of data backup, be encapsulated in the message, with this message by and backup controller between the VPN passage send to backup controller; Backup controller is after receiving message, from this message, obtain purpose IP address, by the VPN passage between the destination server corresponding with this purpose IP address, message is sent to this destination server, by this destination server the target data in the message that receives is backed up, thereby not needing that portable terminal is connected to PC by data wire upward backs up data, when server is in open state, portable terminal can will need the data that back up whenever and wherever possible by mobile Internet, send to corresponding destination server by backup controller, effectively improved convenience and efficient that the data in the portable terminal are backed up.

One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each embodiment of the method can be finished by the relevant hardware of program command.Aforesaid program can be stored in the computer read/write memory medium.This program is carried out the step that comprises above-mentioned each embodiment of the method when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.

It should be noted that at last: above each embodiment is not intended to limit only in order to technical scheme of the present invention to be described; Although with reference to aforementioned each embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.

Claims

1. a data back up method is characterized in that, comprising:

2. data back up method according to claim 1 is characterized in that, before the message of described mobile terminal receive by VPN passage transmission, described method also comprises:

3. data back up method according to claim 2 is characterized in that, before the first solicited message that the described portable terminal of described reception sends, described method also comprises:

4. data back up method according to claim 1 is characterized in that, described method also comprises:

Described destination server is monitored;

5. arbitrary described data back up method is characterized in that according to claim 1-4, and described message is the message of encrypting through datagram type secure transport layers DTLS agreement, or the message of process SSL ssl protocol encryption.

6. a data back up method is characterized in that, comprising:

7. data back up method according to claim 6 is characterized in that, described send message by the VPN passage to backup controller before, described method also comprises:

8. data back up method according to claim 6 is characterized in that, described send message by the VPN passage to backup controller before, described method also comprises:

9. data back up method according to claim 8 is characterized in that, described send message by the VPN passage to backup controller before, described method also comprises:

10. arbitrary described data back up method is characterized in that according to claim 6-9, and described message is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

11. a data back up method is characterized in that, comprising:

12. data back up method according to claim 11 is characterized in that, before the message of described reception backup controller by the transmission of VPN passage, described method also comprises:

13. data back up method according to claim 11 is characterized in that, before the message of described reception backup controller by the transmission of VPN passage, described method also comprises:

14. data back up method according to claim 13 is characterized in that, before the message of described reception backup controller by the transmission of VPN passage, described method also comprises:

15. arbitrary described data back up method is characterized in that according to claim 11-14, described message is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

16. a backup controller is characterized in that, comprising:

17. backup controller according to claim 16 is characterized in that, described receiving element also is used for:

Correspondingly, described backup controller also comprises:

18. backup controller according to claim 17 is characterized in that, described receiving element also is used for:

Correspondingly, described processing unit also is used for:

19. backup controller according to claim 16 is characterized in that, described backup controller also comprises:

Monitoring unit is used for described destination server is monitored;

Correspondingly, described processing unit also is used for:

20. arbitrary described backup controller is characterized in that according to claim 16-19, the described message that described receiving element receives is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

21. a portable terminal is characterized in that, comprising:

22. portable terminal according to claim 21 is characterized in that, described transmitting element also is used for:

Correspondingly, described portable terminal also comprises:

23. portable terminal according to claim 21 is characterized in that, described transmitting element also is used for:

Correspondingly, described receiving element also is used for:

24. portable terminal according to claim 23 is characterized in that, described transmitting element also is used for:

Correspondingly, described receiving element also is used for:

25. arbitrary described portable terminal is characterized in that according to claim 21-24, the described message that described transmitting element sends is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

26. a server is characterized in that, comprising:

27. server according to claim 26 is characterized in that, described server also comprises:

Correspondingly, described receiving element also is used for:

28. server according to claim 26 is characterized in that, described receiving element also is used for:

Correspondingly, described transmitting element also is used for:

29. server according to claim 28 is characterized in that, described receiving element also is used for:

Correspondingly, described transmitting element also is used for:

30. arbitrary described server is characterized in that according to claim 26-29, the described message that described receiving element receives is the message of encrypting through the DTLS agreement, or the message of process ssl protocol encryption.

31. data backup system, it is characterized in that, comprise such as arbitrary described backup controller among the claim 16-20, at least one is such as arbitrary described portable terminal among the claim 21-25 and at least one is such as arbitrary described server among the claim 26-30; Communicate to connect between described backup controller, described portable terminal and the described server.