CN103001928A - Communication method of terminals interconnected among different networks - Google Patents
Communication method of terminals interconnected among different networks Download PDFInfo
- Publication number
- CN103001928A CN103001928A CN 201110268563 CN201110268563A CN103001928A CN 103001928 A CN103001928 A CN 103001928A CN 201110268563 CN201110268563 CN 201110268563 CN 201110268563 A CN201110268563 A CN 201110268563A CN 103001928 A CN103001928 A CN 103001928A
- Authority
- CN
- China
- Prior art keywords
- terminal
- address
- protocol conversion
- authentication device
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a communication method of terminals interconnected among different networks. The method includes: an access terminal issues an access request to a protocol conversion device; the protocol conversion device converts the access request into an IP (internet protocol) form accessible by a communication authentication device; the communication authentication device compares the access request converted into the IP to identity of an accessed terminal stored in an identity storage device for authentication; and after authentication succeeds, a VPN (virtual private network) channel between the accessed terminal and the communication authentication device is established, and the access terminal is available to access by the accessed terminal. The access terminal and the accessed terminal under different network protocols are subjected to protocol conversion by the protocol conversion device, so that the terminals under different network protocols are connected and communicated.
Description
Technical field
The present invention relates to a kind of network communication method, espespecially a kind of be under different network environments realizes the communication means exchanged visits between terminal.
Background technology
Cloud computing is a kind of demand according to user, by long-range large server group calculated, store and various software services calculating new paragon.The resource pool that large server group is constituted is referred to as " cloud ", including calculation server, storage server, broadband resource etc., the function such as calculating, storage needed for user is realized by calculation server, storage server in large server group etc..Calculate and storage capacity is all provided by long-range server, user only needs to a notebook or a mobile phone, it is possible to mass data is stored and called by network service, or even including task as supercomputing, greatly reduces the terminal cost of user.
Calculation server and storage server in cloud system are in intranet environment, consider fire wall is installed in cloud system for secure context, some calculation server or storage server that external user is wanted to break through in the limitation directly access cloud system of fire wall and network are extremely difficult, used by all calculation servers and the data summarization of storage server into a master server in existing cloud system, external user can directly access the data required for master server is extracted.If simultaneously excessive using the user of cloud system, very big pressure can be brought to master server, it is possible that to user transmit data not in time the problem of, or even cause the master server paralysis not work.The advantage that result is quickly obtained by cloud computing can not be thus embodied, and master server, calculation server and storage server need regular maintenance, add the cost using cloud computing.
The IP agreement that existing internet is used is a kind of entitled IPv4 32 bit address, total capacity 4,300,000,000 or so.General headquarters are located at the Internet title in the U.S. and numbering distribution company (ICANN) is responsible for " global " internet ip address" distribution, at this stage, all IP address are distributed to global five major region by this distribution company, some areas IP address is less than number of terminals, multiple terminals can only be finally leaned on to share the mode of an IP address to solve, but this mode not only clamps down on network speed, also triggers Network Security Vulnerabilities.Particularly, when the same IP address of multiple users share, as long as a user is put into network or judicial blacklist, all users may all turn into suspect.
IP agreement of new generation comes out many years ago, entitled IPv6.This set protocol system can provide the remote IP address for being more than IPv4 quantity, the problem of can effectively solve the problem that present shortage of ip address for internet.But, it is a huge engineering from IPv4 to the transition of IPv6 agreement, except all terminal users all must changes terminal plug into internet router or modem in addition to, all websites and internet operators all must modernization overlay there is provided " entrance " entered web suitable for IPv6 terminals.
The content of the invention
The problem of existing for prior art, it is an object of the invention to provide the communication means that a kind of external user can directly access any server in cloud system.
To achieve the above object, the communication means that terminal is interconnected between heterogeneous networks of the present invention, methods described includes:
Access terminal and send access request to protocol conversion apparatus;
Access request is converted into by the addressable IP agreement form of communication authentication device by protocol conversion apparatus;
Communication authentication device IP agreement is changed after access request and identity information storage device in the identity information of accessed terminal that stores certification is compared;
Accessed VPN passages between terminal and communication authentication device are set up after certification success so that accessing terminal can conduct interviews to accessed terminal.
Further, methods described also includes:It is unsuccessful that the identity information of accessed terminal of the access request with being stored in identity information storage device after communication authentication device changes IP agreement is compared certification, then return to false response messages, terminate this flow.
Further, log-on message is any of word, numeral, figure, sound and fingerprint or any combination.
Further, identity information includes IP address and node name, and in correspondence with each other, the IP address is the address based on IPv4 agreements or IPv6 agreements for IP address and node name.
Further, the communication authentication device includes many certificate servers, and every certificate server can be authenticated and set up VPN passages to multiple personal devices.
Further, the protocol conversion apparatus can carry out the protocol conversion between IPv4 and IPv6.
Further, the access request that the access terminal is sent is URL Address requests, URL addresses include the node name of accessed terminal, node name in URL addresses is translated into IP address by the protocol conversion apparatus, the IP address of the IP address and accessed terminal distribution is compared through communication authentication device, decides whether to set up the VPN passages between accessed terminal and communication authentication device according to comparison result.
Further, the URL addresses also include server name, and server name points to the position of the protocol conversion apparatus, after being compared successfully through communication authentication device, and the IP address after translation is replaced server name by protocol conversion apparatus.
The present invention carries out protocol conversion by protocol conversion apparatus to the access terminal under different network protocol and accessed terminal, realizes the connection communication of the terminal room in different network protocol.Certification is compared in the identity information of access request and the accessed terminal in Intranet of the communication authentication device according to user, to select to set up the VPN passages between accessed terminal and communication authentication device, so as to realize that external user can directly access the accessed terminal in Intranet.
Brief description of the drawings
Fig. 1 is communication means flow chart of the present invention;
Fig. 2 sets up the flow of cloud service for the inventive method;
Fig. 3 is the data communication schematic diagram of the inventive method;
Fig. 4 is protocol conversion flow chart in communication means of the present invention.
Embodiment
As shown in figure 1, the communication means that terminal is interconnected between heterogeneous networks of the present invention, is comprised the following steps that:
Accessed VPN passages between terminal and communication authentication device are set up after step 104, certification success so that accessing terminal can conduct interviews to accessed terminal;
Step 105, certification are unsuccessful, then return to false response messages, terminate this flow.
As shown in Fig. 2 cloud service Establishing process is as follows:
Namely, software client is installed on personal device, the log-on message that will fill in by the communication module in software client is transferred to cloud service group registration device, log-on message is stored in identity information storage device by cloud service group registration device, identity information storage device preserves log-on message, and the data after distributing IP address to software client and associating log-on message with IP address are stored in identity information storage device to be logged in for follow-up certification.
Namely, after above-mentioned registration, identity information storage device in system has preserved the log-on message of user and the IP address of distribution, user needs the filling registration information on software client, log-on message now is logon information, cloud service group registration device tells software client the IP address of communication authentication device, software client is connected to the communication authentication device being apprised of, communication authentication device inquires logon information to identity information storage device, it is authenticated, it is consistent with the log-on message stored in identity information storage device if the log on information, then certification success;
It is, certification, by rear, communication authentication device sets up the VPN passages between software client, and notifies its allocated virtual ip address arrived, the cloud system based on personal device, which is set up, to be completed.Once software client possesses IP address in itself, the problem of just not occurring by ambient influnences such as the routing iinformation of operating system or the network address again, and can not be communicated.
It is, communication authentication device inquires logon information to identity information storage device, it is authenticated, inconsistent if the log on information and the log-on message that is stored in identity information storage device, then authentification failure, to client return error message, terminates this flow.
For security consideration, verification process is the association certification carried out to log-on message and the IP address of distribution, if the wrong authentication authorization and accounting failure of any one, even if log-on message is stolen, other people only can not also be logged in by log-on message.
In order to ensure the security of data, above-mentioned log-on message and logon information are any of word, numeral, figure, sound and fingerprint or any combination.
The access of terminal is all unified into HTTP, therefore the identity information of accessed terminal can be shown as a URL, the URL of the accessed terminal address of input reaction in the browser of terminal, wherein URL includes the node name of accessed terminal, node name part in the middle of protocol conversion apparatus automatic identification URL, and the IPv6 addresses that it is changed into the IPv6 networks residing for accessed terminal, and the IPv6 addresses are sent to communication authentication device be authenticated, if the IPv6 addresses after converted are consistent with the IP address that accessed terminal is distributed to before communication authentication device, set up the connection of terminal and accessed terminal, otherwise do not set up and be connected with accessed terminal, point out user name wrong.
Communication authentication device receives the HTTP access requests from protocol conversion apparatus, and the IP address after being changed by protocol conversion apparatus is authenticated comparing with allocated IP address provides corresponding response.Even if user does not know which network is accessed terminal be connected in advance, what IP address is, only it is to be understood that the node name of accessed terminal, it is possible to realize the access to being accessed terminal.
It is described above the mode that IPv4 conducts interviews to IPv6 networks, reverse access can also be realized by protocol conversion apparatus, that is the user of IPv6 networks to IPv4 networks conducts interviews, and corresponding protocol conversion apparatus needs to be converted to the access request under IPv6 procotols into the request that can recognize that under IPv4 procotols.Terminal and accessed terminal can be the equipment being under different network environments.
As shown in figure 4, so that accessed terminal is under IPv6 procotols as an example, the communication means of the invention based on different network protocol terminal room is specially:Access terminal and URL addresses are filled in its browser, the URL addresses include server name part (servername) and node name part (node-name), such ashttp://www.jindouyun.net/target-node/, whereinwww.jindouyun.netI.e. the as sensing address of server name part protocol conversion apparatus, target-node parts (i.e. node name part) in the middle of protocol conversion apparatus meeting automatic identification URL, and it is changed into the IPv6 addresses that can recognize that under the IPv6 procotols residing for accessed terminal, IPv6 addresses after communication authentication device will be changed through protocol conversion apparatus are compared with distributing to the IPv6 addresses of accessed terminal, if comparison result is consistent, protocol conversion apparatus is by the server name partial replacement in URL addresses into the IPv6 addresses after certification, so realize the access to being accessed terminal.
The present invention can realize that external user directly accesses interior network termination, communication authentication device only carries out the foundation of VPN passages and the certification of identity, the data being accessed in terminal are not through communication authentication device but are delivered directly to access terminal, the loss of data is not resulted in so, and can prevent that data are intercepted in the pilot process of transmission, it has been greatly improved the security of communication.In addition, the present invention is possibly realized using personal device as Cloud Server, is eliminated Cloud Server and is spent and maintenance cost, greatly reduces the operating cost of cloud computing.
It may be noted that according to the present invention embodiment made by any deformation, all without departing from the present invention spirit and claim record scope.
Claims (5)
1. the communication means that terminal is interconnected between heterogeneous networks, methods described includes:
Access terminal and send access request to protocol conversion apparatus;
Access request is converted into by the addressable IP agreement form of communication authentication device by protocol conversion apparatus;Communication authentication device IP agreement is changed after access request and identity information storage device in the identity information of accessed terminal that stores certification is compared;
Accessed VPN passages between terminal and communication authentication device are set up after certification success so that accessing terminal can conduct interviews to accessed terminal.
2. according to the method described in claim 1, it is characterised in that methods described also includes:It is unsuccessful that the identity information of accessed terminal of the access request with being stored in identity information storage device after communication authentication device changes IP agreement is compared certification, then return to false response messages, terminate this flow.
3. the communication means that terminal is interconnected between heterogeneous networks as claimed in claim 1, it is characterised in that log-on message is any of word, numeral, figure, sound and fingerprint or any combination.
4. the communication means that terminal is interconnected between heterogeneous networks as claimed in claim 1, it is characterised in that identity information includes IP address and node name, and in correspondence with each other, the IP address is the address based on IPv4 agreements or IPv6 agreements for IP address and node name.
5. the communication means that terminal is interconnected between heterogeneous networks as claimed in claim 1, it is characterized in that, the URL addresses also include server name, server name points to the position of the protocol conversion apparatus, after being compared successfully through communication authentication device, the IP address after translation is replaced server name by protocol conversion apparatus.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110268563 CN103001928A (en) | 2011-09-08 | 2011-09-08 | Communication method of terminals interconnected among different networks |
| PCT/CN2012/081138 WO2013034100A2 (en) | 2011-09-08 | 2012-09-07 | Communications system and method for terminals based on different network protocols |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110268563 CN103001928A (en) | 2011-09-08 | 2011-09-08 | Communication method of terminals interconnected among different networks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103001928A true CN103001928A (en) | 2013-03-27 |
Family
ID=47930075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110268563 Pending CN103001928A (en) | 2011-09-08 | 2011-09-08 | Communication method of terminals interconnected among different networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103001928A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104539598A (en) * | 2014-12-19 | 2015-04-22 | 厦门市美亚柏科信息股份有限公司 | Tor-improved safety anonymous network communication system and method |
| CN105100114A (en) * | 2015-08-26 | 2015-11-25 | 宇龙计算机通信科技(深圳)有限公司 | Terminal interconnection method, terminal and system |
| CN105207867A (en) * | 2015-10-30 | 2015-12-30 | 北京奇艺世纪科技有限公司 | Equipment connecting method and equipment connecting device |
| CN116248416A (en) * | 2023-05-11 | 2023-06-09 | 深圳竹云科技股份有限公司 | Identity authentication method, device and computer equipment |
-
2011
- 2011-09-08 CN CN 201110268563 patent/CN103001928A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104539598A (en) * | 2014-12-19 | 2015-04-22 | 厦门市美亚柏科信息股份有限公司 | Tor-improved safety anonymous network communication system and method |
| CN104539598B (en) * | 2014-12-19 | 2017-10-03 | 厦门市美亚柏科信息股份有限公司 | A kind of improvement Tor secure anonymous network communicating system and method |
| CN105100114A (en) * | 2015-08-26 | 2015-11-25 | 宇龙计算机通信科技(深圳)有限公司 | Terminal interconnection method, terminal and system |
| CN105100114B (en) * | 2015-08-26 | 2018-08-24 | 宇龙计算机通信科技(深圳)有限公司 | A kind of terminal interconnected method, terminal and system |
| CN105207867A (en) * | 2015-10-30 | 2015-12-30 | 北京奇艺世纪科技有限公司 | Equipment connecting method and equipment connecting device |
| CN116248416A (en) * | 2023-05-11 | 2023-06-09 | 深圳竹云科技股份有限公司 | Identity authentication method, device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103001999B (en) | For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network | |
| CN100437550C (en) | Ethernet confirming access method | |
| CN100388739C (en) | Method and system for contributing DHCP addresses safely | |
| CN101141492B (en) | Method and system for implementing DHCP address safety allocation | |
| CN101166173B (en) | A single-node login system, device and method | |
| CN101110847B (en) | Method, device and system for obtaining medium access control address | |
| CN108092988B (en) | Non-perception authentication and authorization network system and method based on dynamic temporary password creation | |
| CN101990183A (en) | Method, device and system for protecting user information | |
| US20110191223A1 (en) | Internet Control Management and Accounting in a Utility Computing Environment | |
| CN103414709A (en) | User identity binding and user identity binding assisting method and device | |
| WO2022247751A1 (en) | Method, system and apparatus for remotely accessing application, device, and storage medium | |
| US20110078784A1 (en) | Vpn system and method of controlling operation of same | |
| CN101582856A (en) | Session setup method of Portal server and BAS (broadband access server) device and system thereof | |
| CN102984031B (en) | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network | |
| CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
| CN108200039B (en) | Non-perception authentication and authorization system and method based on dynamic establishment of temporary account password | |
| CN103179104A (en) | Method, system and equipment thereof for accessing remote service | |
| WO2010017737A1 (en) | Report form normalization processing method, apparatus and system | |
| CN103001928A (en) | Communication method of terminals interconnected among different networks | |
| CN109067729B (en) | Authentication method and device | |
| CN110730189A (en) | Communication authentication method, device, equipment and storage medium | |
| CN103001931A (en) | Communication system of terminals interconnected among different networks | |
| CN105721274A (en) | Method and device for integrating variety of instant messaging | |
| KR20120044381A (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
| GB2555108A (en) | Improvements in and relating to network communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100028, room 22, floor 2208, block A, International Building, Sanyuanqiao, Chaoyang District, Beijing Applicant after: Beijing somersault cloud Technology Co. Ltd. Applicant after: Aigo Digital Technology Co., Ltd. Address before: 100028, room 22, floor 2208, block A, International Building, Sanyuanqiao, Chaoyang District, Beijing Applicant before: Beijing Wisdom Storm Science and Technology Co., Ltd. Applicant before: Aigo Digital Technology Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: BEIJING WISDOM STORM SCIENCE AND TECHNOLOGY CO., LTD. TO: BEIJING JINDOUYUN TECHNOLOGY CO., LTD. |
|
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Beijing somersault cloud Technology Co. Ltd. Document name: Notification that Application Deemed to be Withdrawn |
|
| DD01 | Delivery of document by public notice | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130327 |
|
| WD01 | Invention patent application deemed withdrawn after publication |