CN101257511A - Method for establishing new connection between two sides on internet - Google Patents
Method for establishing new connection between two sides on internet Download PDFInfo
- Publication number
- CN101257511A CN101257511A CNA2008100573953A CN200810057395A CN101257511A CN 101257511 A CN101257511 A CN 101257511A CN A2008100573953 A CNA2008100573953 A CN A2008100573953A CN 200810057395 A CN200810057395 A CN 200810057395A CN 101257511 A CN101257511 A CN 101257511A
- Authority
- CN
- China
- Prior art keywords
- information
- party
- sides
- connection
- program object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention is a method of building a new connection by two sides in internet. The invention, adopting a method of two information closed transmission, makes the two sides build a connection to a new object based on a built safe connection. The method is realized by various ways with low workload, simple program and easy realization. Further the closed transmission information does not depend on IP address and terminal port numbers, thus providing higher safety as well as better solution to problems such as NAT penetrating through, etc.
Description
Technical field
The present invention relates to set up between a kind of two sides on internet the new method that connects.
Background technology
Set up between the program object that moves on computer system on the Internet and the opposing party be connected after, sometimes another program object in this system need be set up one again with the opposing party based on the trusting relationship of this connection and newly is connected, some application like this comprise: the application of SessionID among the HTTP, and based on application (as: UDP Punching hole) of IP address transfer mode or the like.
But the browser program that present mode exists following problem: SessionID to be only limited to and is applied in based on http protocol generates new application, application that can't compatible other form, and SessionID be when initial dialog is set up, generate and transmit and after setting up, be constant during a plurality of new connection, have potential safety hazard; Must carry out " burrowing " based on the mode that transmit the IP address in some NAT use, this can't realize in some applications.
Also having some to utilize the connection of having set up to transmit specific authentication information realizes connecting in the scheme of authentication, the connection of having set up is a user terminal (as: instant communication terminal) and do not participate in initiatively that new establishment of connection can not be finished closed the transmission automatically and the manual operation that needs the user, this with regard to brought fail safe low, make mistakes easily and use problem such as inconvenience.In addition, owing to user terminal can not be finished closed the transmission automatically and needs the user to operate, the closed time term of validity of transmitting can't be defined in second level and need at least to be arranged on minute more than the level, and this has not only reduced fail safe but also reduced the value that realizes.
Summary of the invention
The present invention adopts the method for setting up new connection between a kind of two sides on internet to solve above-mentioned problem.
The present invention realizes like this, set up the new method that connects between a kind of two sides on internet, wherein, two computers system first party and second party are connected to the Internet, wherein the program object A on the first party can send information or receive information from second party to second party by a connection of having set up, wherein, when the program object B on the first party will set up new a connection with second party, described two sides are transmitting two information respectively between program object A and the second party and between program object B and the second party, wherein, described two information are identical or different and have the corresponding relation that meets the specific mathematical operation law, the transmission of described two information constitutes the closure transmission between two sides, described two sides go up the program of operation and can obtain described two information automatically and finish described closed the transmission, wherein, as one of the terminal point of closure transmission can be enough information by above two transmission whether identical or not meeting corresponding relation verifies whether the information of receiving is sent by the opposing party, if the information of receiving be verified be by the opposing party send transmit new the connection being identified and setting up of information between program object B and the second party.
Wherein, described closure transmission between two sides is meant: a side simultaneously sends two information to the opposing party, perhaps, the initiator to the opposing party send an information then the other direction initiator return an information.
Wherein, described two information are only used once and only are used to set up a connection, and described two information can't be known by inference by the information of before having sent.For example: different with the mode of SessionID or other application layer address, described two information only are used for setting up once and connect, and be not used in conversation procedure session are identified.
Wherein, one side also can the rise time mark when sending information or when receiving first information, time mark can be kept in the information that this locality of rise time mark one side or rise time mark one side send, and receives the time of information or receives that the time of second information just can be identified and set up above the stylish connection of the regulation term of validity as a side of the terminal point of closure transmission.
Wherein, described two information are not IP address and the port numbers in the datagram header.The described closed information of transmitting does not rely on IP address and port numbers, and this has solved the NAT penetration problem in some applications better.
Wherein, the connection of having set up of described program object A can be that point-to-point connection or described two square tubes between described two sides are crossed third-party connection, and described connection of having set up can be two-way connection or unidirectional connection.For example: program object A has set up point-to-point the connection with second party after by the safety certification of second party, has set up point-to-point safety based on this then and has connected and set up a program object B and be connected with the new of second party.Perhaps program object A logins common server respectively with second party and has set up by this server and is connected, and connects new point-to-point connection of setting up a program object B and second party based on this indirect safety then.
Wherein, the bang path of the new connection of described program object B or PORT COM are different with the connection of having set up of program object A.For example: the connection of program object A is set up by third-party server, and the new connection of program object B is point-to-point direct connection.And for example: program object A connects by the application-specific port in the first party system, and program object B connects by the HTTPS protocol port in the first party system.
Wherein, a side of described terminal point as the closure transmission is a second party.
Wherein, described two information can be identical.For example: described information can be the random number that is generated by a random function.Perhaps, described two information are different.For example: described two information can be a pair of numerals that meets specific rule that generates at random, the sender issues the opposing party with this respectively to two in the numeral, and whether two numerals that the opposing party obtains by checking meet specific rule is judged that whether two information receiving are from the sender.And for example: one of described information can be a random sequence, the initiator issues the opposing party with this information, the opposing party calculates its uni-directional hash value and hashed value is beamed back the initiator with engagement arithmetic after receiving this information, and the initiator judges that according to this hashed value whether the information of returning is from the opposing party.For another example: one of described information can be key, one-way hash function or other function, the initiator issues the opposing party with this information, the opposing party issues the initiator after receiving behind this authentication information and will about definite value calculating with this key, one-way hash function or other function, and the initiator judges that by about definite value is checked whether this information is from the opposing party.
It is wherein, described that what connect with program object A and program object B respectively is same program object or the distinct program object that moves on the second party.
Wherein, described two information are instant that generate or generate in advance and obtain immediately when carrying out closed the transmission.
Wherein, do not comprise the user of system in the described closed path of transmitting, the user of system does not need to know the content of information, and the user of system does not need the process that participates in transmitting.
Wherein, first party can be the terminal equipment with computer function that is connected in the Internet of user's use, and second party is for providing the computer system of resource and service to the user by the Internet.
Wherein, described two can think PC terminal, mobile phone terminal, server, server farm etc.
Wherein, the connected mode of described the Internet comprises wired mode and wireless mode.
The present invention adopts the mode of the closure transmission of two information to make two sides based on setting up connection to new application of generation that safety connects.This scheme specific implementation is various, live load is little, program is simple and realization easily.And the closed information of transmitting does not rely on IP address and port numbers, can solve problems such as NAT penetrates better when better fail safe is provided.
Description of drawings
Fig. 1 is the information bang path figure of embodiment 1;
Fig. 2 is the information bang path figure of embodiment 2;
Embodiment
Embodiment 1
Fig. 1 is the information bang path figure of embodiment 1.
What present embodiment was described is to realize a system that realizes authentication by the third party on the internet, wherein, the program object A of first party has set up one with second party by the third party and has been connected, first party is a subscriber network terminal, second party is Internet resources, the third party is for providing the identification service system of third party's authentication service on the internet, and described two information are a random number.
Embodiment 1 may further comprise the steps:
1) the program object A on the subscriber network terminal has set up by the authentication of identification service system and with identification service system and has been connected, and identification service system has and being connected of Internet resources, thereby program object A has set up indirect being connected with Internet resources;
2) the program object A on the subscriber network terminal by identification service system to the network resource request service;
3) Internet resources generate a random number and time mark;
4) Internet resources send to identification service system with random number, Internet resources URL, user ID;
5) identification service system sends to program object A on the subscriber network terminal according to user ID with random number and Internet resources URL;
6) the program object A on the subscriber network terminal invests program object B with random number and Internet resources URL;
7) program object B returns to Internet resources according to Internet resources URL with random number;
8) random number that generates of Internet resources contrast oneself and the random number of returning from user terminal are if random number is identical and do not surpass the official hour term of validity then newly be connected with program object B foundation;
In the present embodiment, program object A can finish following steps: program object A receives random number and the Internet resources URL from identification service system by connecting; Seek identically with Internet resources URL in the browser object that program object A moves on terminal, just do not generate a new browser object if find, program object A browser object that find or newly-generated is exactly program object B; Program object B to Internet resources URL send connection request and this connection request that random number is added in, as: random number is added in the list of connection request.
Present embodiment can be realized easily in conjunction with immediate communication tool.For example, program object A can realize by increase the module that can discern the closed information of transmitting and path and the forwarding of execution information automatically on the client software of immediate communication tool.Wherein, Internet resources and client software can be developed and provided by the immediate communication tool provider, and Internet resources and client download and just can use, and be very convenient feasible.
Embodiment 2
Fig. 2 is the information bang path figure of embodiment 2, and the network configuration of present embodiment is asked for an interview Fig. 6.
What present embodiment was described is that user terminal with after Internet resources have been set up point-to-point a connection is set up new a connection by new program object again, possible application as: two of point-to-point communication clients send file and need set up new the connection when receiving in the IM immediate communication tool.Program object A has set up one with second party and point-to-pointly directly has been connected among the embodiment 2.In the present embodiment, first party is a subscriber network terminal, and second party is Internet resources.The a pair of numeral that meet specific rule of described two information for generating at random, as 256 product of 128 prime number and this prime number and another 128 prime numbers, whether 256 number can be divided exactly to judge that whether information is from first party by 128 prime number in two numbers that second party is received by calculating.
Embodiment 2 may further comprise the steps:
1) the program object A of subscriber network terminal has set up a trust with Internet resources and has been connected;
2) the program object A of subscriber network terminal generates a pair of numeral that meets specific rule at random;
3) the program object A of subscriber network terminal sends one of user ID and pair of random numbers by connecting to Internet resources and comes request authentication, simultaneously the program object A generator object B of subscriber network terminal and with another write-in program object B of user ID and pair of random numbers according to Internet resources URL in the connection request that Internet resources send;
4) two random numbers receiving of Internet resources contrasts, if two random numbers meet specific rule and time difference of receiving do not surpass setting the user by authentication;
In the present embodiment, program object A can finish following steps: program object A generates a pair of numeral that meets specific rule at random; The generator object B and with another write-in program object B of user ID and pair of random numbers according to Internet resources URL in the connection request that Internet resources send.
In the present embodiment, step 1) also can move between step 3) and the step 4) and carry out.
Present embodiment also can be realized in conjunction with the immediate communication tool IM of point-to-point communication modes.Built-in objects program A disposes corresponding service software at Internet resources in user side software, just can realize present embodiment.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those skilled in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (10)
1, set up the new method that connects between a kind of two sides on internet, it is characterized in that, two computers system first party and second party are connected to the Internet, wherein the program object A on the first party can send information or receive information from second party to second party by a connection of having set up, wherein, when the program object B on the first party will set up new a connection with second party, described two sides are transmitting two information respectively between program object A and the second party and between program object B and the second party, wherein, described two information are identical or different and have the corresponding relation that meets the specific mathematical operation law, the transmission of described two information constitutes the closure transmission between two sides, described two sides go up the program of operation and can obtain described two information automatically and finish described closed the transmission, wherein, as one of the terminal point of closure transmission can be enough information by above two transmission whether identical or not meeting corresponding relation verifies whether the information of receiving is sent by the opposing party, if the information of receiving be verified be by the opposing party send transmit new the connection being identified and setting up of information between program object B and the second party.
2, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that, described closure transmission between two sides is meant: a side sends two information to the opposing party simultaneously, perhaps, the initiator to the opposing party send an information then the other direction initiator return an information.
3, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that described two information are only used once and only are used to set up a connection, described two information can't be known by inference by the information of before having sent.
4, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that, one side also can the rise time mark when sending information or when receiving first information, time mark can be kept in the information that this locality of rise time mark one side or rise time mark one side send, and receives the time of information or receives that the time of second information just can be identified and set up above the stylish connection of the regulation term of validity as a side of the terminal point of closure transmission.
5, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that described two information are not IP address and the port numbers in the datagram header.
6, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that, the connection of having set up of described program object A can be that point-to-point connection or described two square tubes between described two sides are crossed third-party connection, and described connection of having set up can be two-way connection or unidirectional connection.
7, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that the bang path of the new connection of described program object B or PORT COM are different with the connection of having set up of program object A.
8, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that, a side of described terminal point as the closure transmission is a second party.
9, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that, do not comprise the user of system in the described closed path of transmitting, the user of system does not need to know the content of information, and the user of system does not need the process that participates in transmitting.
10, set up the new method that connects between the two sides on internet according to claim 1, it is characterized in that, described two information are instant that generate or generate in advance and obtain immediately when carrying out closed the transmission.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100573953A CN101257511A (en) | 2008-02-01 | 2008-02-01 | Method for establishing new connection between two sides on internet |
| PCT/CN2008/073863 WO2009089764A1 (en) | 2008-01-10 | 2008-12-30 | A system and method of secure network authentication |
| CN2008801244913A CN101978650B (en) | 2008-01-10 | 2008-12-30 | A system and method of secure network authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100573953A CN101257511A (en) | 2008-02-01 | 2008-02-01 | Method for establishing new connection between two sides on internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101257511A true CN101257511A (en) | 2008-09-03 |
Family
ID=39891978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100573953A Pending CN101257511A (en) | 2008-01-10 | 2008-02-01 | Method for establishing new connection between two sides on internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101257511A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009089764A1 (en) * | 2008-01-10 | 2009-07-23 | Shaohua Ren | A system and method of secure network authentication |
| CN103546462A (en) * | 2013-10-08 | 2014-01-29 | 任少华 | Third party certification system with specific associated processes or third party certification method |
| CN106454830A (en) * | 2016-10-10 | 2017-02-22 | 武汉理工大学 | Method for establishing connection with program in mobile terminal and system |
-
2008
- 2008-02-01 CN CNA2008100573953A patent/CN101257511A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009089764A1 (en) * | 2008-01-10 | 2009-07-23 | Shaohua Ren | A system and method of secure network authentication |
| CN103546462A (en) * | 2013-10-08 | 2014-01-29 | 任少华 | Third party certification system with specific associated processes or third party certification method |
| CN106454830A (en) * | 2016-10-10 | 2017-02-22 | 武汉理工大学 | Method for establishing connection with program in mobile terminal and system |
| CN106454830B (en) * | 2016-10-10 | 2020-01-14 | 武汉理工大学 | Method and system for establishing connection with program in mobile terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107534672B (en) | Method, equipment and system for promoting network client to provide network service | |
| US9648052B2 (en) | Real-time communications gateway | |
| US20210007176A1 (en) | Wireless connection establishing methods and wireless connection establishing apparatuses | |
| CN108476165B (en) | Information interaction method, client and device | |
| CN101764828B (en) | Establishing method for push conversation, push system and relevant equipment | |
| CN104980920A (en) | Method and device for establishing communication connection of intelligent terminal | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| EP2710776B1 (en) | Anonymous signalling | |
| KR102041172B1 (en) | Session Initiation Method and Device | |
| CN104348710A (en) | Methods and systems for acquiring and correlating web real-time communications (webrtc) interactive flow characteristics | |
| CN105681258B (en) | Session method and conversational device based on third-party server | |
| CN103179104B (en) | A kind of access method of remote service, system and equipment thereof | |
| EP2981022A1 (en) | Method and system for transmitting and receiving data, method and device for processing message | |
| CN105519028A (en) | Wireless system access control method and apparatus | |
| CN107124483A (en) | Domain name analytic method and server | |
| CN103108037A (en) | Communication method, Web server and Web communication system | |
| CN106850502A (en) | Service request retransmission method, storage method, apparatus and system based on connection long | |
| CN101442523A (en) | Identification authentication system and method through third-party | |
| Sălăgean et al. | Iot applications based on mqtt protocol | |
| CN103858389A (en) | Session transmission method, client and Push server | |
| CN101257511A (en) | Method for establishing new connection between two sides on internet | |
| CN105518693A (en) | Safety protection method and device | |
| CN110730189A (en) | Communication authentication method, device, equipment and storage medium | |
| CN105306577A (en) | Data sharing system and method between handheld devices based on APP | |
| CN106302846B (en) | A kind of communication connection method for building up and device, system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080903 |