CN103067282B - Data back up method, apparatus and system - Google Patents
Data back up method, apparatus and system Download PDFInfo
- Publication number
- CN103067282B CN103067282B CN201210586229.9A CN201210586229A CN103067282B CN 103067282 B CN103067282 B CN 103067282B CN 201210586229 A CN201210586229 A CN 201210586229A CN 103067282 B CN103067282 B CN 103067282B
- Authority
- CN
- China
- Prior art keywords
- message
- backup controller
- destination server
- address
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the present invention provides a kind of data back up method, apparatus and system, and wherein data back up method includes receiving the message that mobile terminal is sent by a VPN passages, and a VPN passages are the VPN passages between mobile terminal;The purpose IP address in message are obtained, purpose IP address are the private IP address of destination server;By message by the 2nd VPN passages, the corresponding destination server of purpose IP address is sent to, the 2nd VPN passages are the VPN passages between destination server, so that destination server obtains target data from message, and target data are backed up.Data are backed up without mobile terminal is connected on PC by data wire, when server is in open state, mobile terminal can will need the data of backup whenever and wherever possible by mobile Internet, corresponding destination server is sent to by backup controller, the convenience and efficiency backed up to the data in mobile terminal is effectively improved.
Description
Technical field
The present embodiments relate to the communication technology and computer technology, more particularly to a kind of data back up method, device and
System.
Background technology
With the development of mobile communication technology and intelligent terminal, not only function becomes increasingly abundant intelligent terminal, and storage is held
Amount is also increasing.Especially with the third generation(3rd-generation, 3G)The development of mobile communication technology, bigger data
The network bandwidth provides more easily transmission channel for intelligent terminal so that intelligent terminal is in conventional internet or mobile mutual
The data volume for joining transfers on network is increasing.For example, the communication class number such as information of address list, short message and various instant messagings
According to;Picture and video etc. entertain class data;The office such as mail, calendar stroke planning class data may storage in being intelligent terminal
Data.
Because user gradually strengthens the dependence of intelligent terminal so that the importance phase of institute's data storage on intelligent terminal
Increase with answering, therefore, in order to ensure the security of data, it is necessary to be backed up to institute's data storage on intelligent terminal.Mesh
Before, the backup mode for generally using by intelligent terminal using data wire to be connected to personal computer(personal
Computer, PC)On, in the data on intelligent terminal are backuped into PC.For example, intelligent terminal is connected using data wire
In the USB of PC(Universal Serial BUS, USB)On port, because USB defines communicating pair
The each side such as the physical criterion of interface, the electrical standard of connecting line and transport protocol standard content, therefore, even if intelligence
Terminal with PC is produced by different vendor, as long as communicating pair follows USB, you can set up by USB connecting lines and connected,
And carry out data transmission, in the data on intelligent terminal are backuped into PC.
But, due to when the data in intelligent terminal are backed up, it is necessary to first by the intelligent terminal be connected to for
On the PC of backup, data backup cannot be carried out if intelligent terminal is not connected on PC, therefore, in the prior art to intelligent end
The method that data in end are backed up has some limitations.
The content of the invention
The embodiment of the present invention provides a kind of for data back up method, apparatus and system, right in the prior art for solving
The method that data in intelligent terminal are backed up has some limitations.
Embodiment of the present invention one side is to provide a kind of data back up method, including:
The message that mobile terminal is sent by the first virtual private network passage is received, a VPN passages are and institute
State the VPN passages between mobile terminal;
The purpose Internet protocol IP address in the message is obtained, the purpose IP address are the private ip of destination server
Address;
By the message by the 2nd VPN passages, the corresponding destination server of the purpose IP address, institute are sent to
State the 2nd VPN passages be with the VPN passages between the destination server, so that the destination server is obtained from the message
Target data is taken, and the target data is backed up.
It is described to receive mobile whole in the first possible implementation with reference to the data back up method of one side
Before message of the end by VPN passages transmission, methods described also includes:
The first solicited message that the mobile terminal sends is received, user name and close is carried in first solicited message
Code, for asking to set up a VPN passages;
If find respectively with the user name and the password identical username and password, judge whether institute
Destination server is stated, the destination server is server corresponding with the user name;
If finding the destination server, the purpose IP address are sent to the mobile terminal, for described
Be encapsulated in the purpose IP address in the message by mobile terminal.
It is described to connect in second possible implementation with reference to the first possible implementation of one side
Before receiving the first solicited message that the mobile terminal sends, methods described also includes:
The second solicited message that the destination server sends is received, the user is carried in second solicited message
Name and the password, for asking to set up the 2nd VPN passages;
If find respectively with the user name and the password identical username and password, be the destination service
Device distributes the purpose IP address, and sets up the corresponding relation of the destination server and the user name.
With reference to the data back up method that one side is provided, in the third possible implementation, methods described is also
Including:
The destination server is monitored;
If having been disconnected with the communication connection between the destination server, the destination server is deleted with the user
The corresponding relation of name, and discharge the purpose IP address.
With reference to one side or the first to three kind of possible implementation, in the 4th kind of possible implementation, institute
It is the message encrypted by DTLS agreements to state message, or the message encrypted by ssl protocol.
Second aspect of the embodiment of the present invention is to provide a kind of data back up method, including:
Message is sent to backup controller by VPN passages, purpose IP address, the purpose IP are carried in the message
It is the private IP address of destination server distribution that address is the backup controller, so that the backup controller is according to from described
The purpose IP address got in message, by the message by the VPN passages between the destination server, send
To the destination server, so that the destination server obtains target data from the message, and to the target data
Backed up.
It is described by VPN in the first possible implementation with reference to the data back up method that second aspect is provided
Before passage sends message to backup controller, methods described also includes:
To the backup controller send the first solicited message, carried in first solicited message first user name and
First password, for asking to set up the VPN passages;
Receive the backup controller find respectively with the first user name and the first password identical use
Name in an account book and password, and find with after the first user corresponding destination server of name, the purpose IP of return
Address.
It is described by VPN in second possible implementation with reference to the data back up method that second aspect is provided
Before passage sends message to backup controller, methods described also includes:
Connectivity request message is sent to the backup controller by the VPN passages, is taken in the connectivity request message
With digital certificate, the digital certificate includes issuer information, so that the backup controller believes the connection request
Breath is transmitted to the destination server;
The destination server is received after digital certificate corresponding with the issuer information is found, by described
The successful connection information that backup controller is returned.
It is described logical in the third possible implementation with reference to second second of aspect possible implementation
Before VPN passages are crossed to backup controller transmission message, methods described also includes:
Second solicited message is sent to the backup controller by the VPN passages, is taken in second solicited message
With second user name and the second password, so that second solicited message is transmitted to the target clothes by the backup controller
Business device;
Receive the destination server find respectively with the second user name and the second password identical use
After name in an account book and password, the authentication success message returned by the backup controller.
With reference to second aspect or the first to three kind of possible implementation, in the 4th kind of possible implementation, institute
It is the message encrypted by DTLS agreements to state message, or the message encrypted by ssl protocol.
The 3rd aspect of the embodiment of the present invention is to provide a kind of data back up method, including:
Receive the message that is sent by VPN passages of backup controller, the message for mobile terminal by with the backup
VPN passages between controller are sent to the backup controller, by purpose of the backup controller in the message
The message of IP address forwarding, the purpose IP address are private IP address;
Target data is obtained from the message, and the target data is backed up.
It is described to receive standby in the first possible implementation with reference to the data back up method that the 3rd aspect is provided
Before the message that part controller is sent by VPN passages, methods described also includes:
To the backup controller send the first solicited message, carried in first solicited message first user name and
First password, for asking to set up the VPN passages;
Receive the backup controller find respectively with the first user name and the first password identical use
After name in an account book and password, the purpose IP address of distribution.
It is described to receive standby in second possible implementation with reference to the data back up method that the 3rd aspect is provided
Before the message that part controller is sent by VPN passages, methods described also includes:
Receive the connectivity request message that the backup controller is sent by the VPN passages, the connectivity request message
In carry the digital certificate of the mobile terminal, the digital certificate includes issuer information;
After digital certificate corresponding with the issuer information is found, by the backup controller to the shifting
Dynamic terminal returns to successful connection information.
It is described to connect in the third possible implementation with reference to the 3rd second possible implementation of aspect
Before receiving the message that backup controller is sent by VPN passages, methods described also includes:
Receive the second solicited message that the backup controller is sent by the VPN passages, second solicited message
In carry second user name and the second password that the mobile terminal sends;
Find respectively with the second user name and the second password identical username and password after, pass through
The backup controller is to the mobile terminal return authentication successful information.
With reference to the 3rd aspect or the first to three kind of possible implementation, in the 4th kind of possible implementation, institute
It is the message encrypted by DTLS agreements to state message, or the message encrypted by ssl protocol.
The 4th aspect of the embodiment of the present invention is to provide a kind of backup controller, including:
Receiving unit, for receiving the message that mobile terminal is sent by a VPN passages, a VPN passages are
With the VPN passages between the mobile terminal;
Acquiring unit, for obtaining the purpose Internet protocol IP address in the message, the purpose IP address are target
The private IP address of server;
Transmitting element, it is corresponding described for the message by the 2nd VPN passages, to be sent to the purpose IP address
Destination server, the 2nd VPN passages be with the VPN passages between the destination server, for the destination server
Target data is obtained from the message, and the target data is backed up.
With reference to the backup controller that the 4th aspect is provided, in the first possible implementation, the receiving unit
It is additionally operable to:
Before the message is received, the first solicited message that the mobile terminal sends, the first request letter are received
Username and password is carried in breath, for asking to set up a VPN passages;
Correspondingly, the backup controller also includes:
Processing unit, for find respectively with the user name and the password identical username and password when,
The destination server is judged whether, the destination server is server corresponding with the user name;
Correspondingly, the transmitting element is additionally operable to, when the destination server is found, by purpose IP address hair
The mobile terminal is given, so that be encapsulated in the purpose IP address in the message by the mobile terminal.
It is described to connect in second possible implementation with reference to the 4th the first possible implementation of aspect
Unit is received to be additionally operable to:
Before first solicited message is received, the second solicited message that the destination server sends is received, it is described
The user name and the password are carried in second solicited message, for asking to set up the 2nd VPN passages;
Correspondingly, the processing unit is additionally operable to:
Find respectively with the user name and the password identical username and password when, be the destination service
Device distributes the purpose IP address, and sets up the corresponding relation of the destination server and the user name.
With reference to the backup controller that the 4th aspect is provided, in the third possible implementation, the Standby control
Device also includes:
Monitoring unit, for being monitored to the destination server;
Correspondingly, the processing unit is additionally operable to:
When communication connection between the destination server disconnects, the destination server and the user name are deleted
Corresponding relation, and discharge the purpose IP address.
With reference to the 4th aspect or the first to three kind of possible implementation, in the 4th kind of possible implementation, institute
It is the message encrypted by DTLS agreements to state the message that receiving unit receives, or the report encrypted by ssl protocol
Text.
The 5th aspect of the embodiment of the present invention is to provide a kind of mobile terminal, including:
Transmitting element, for sending message to backup controller by VPN passages, carries purposeful IP ground in the message
Location, the purpose IP address are that the backup controller is the private IP address of destination server distribution, for the backup control
Device processed according to the purpose IP address got from the message, by the message by between the destination server
VPN passages, be sent to the destination server so that the destination server obtains target data from the message, and
The target data is backed up.
With reference to the mobile terminal that the 5th aspect is provided, in the first possible implementation, the transmitting element is also
For:
Before the message is sent, the first solicited message, first solicited message are sent to the backup controller
In carry first user name and first password, for ask set up the VPN passages;
Correspondingly, the mobile terminal also includes:
Receiving unit, for receive the backup controller find respectively with the first user name and described first
Password identical username and password, and find with after the first user corresponding destination server of name, return
The purpose IP address.
With reference to the mobile terminal that the 5th aspect is provided, in second possible implementation, the transmitting element is also
For:
Before the message is sent, connectivity request message, institute are sent to the backup controller by the VPN passages
State and carry digital certificate in connectivity request message, the digital certificate includes issuer information, so that the Standby control
The connectivity request message is transmitted to the destination server by device;
Correspondingly, the receiving unit is additionally operable to:
The destination server is received after digital certificate corresponding with the issuer information is found, by described
The successful connection information that backup controller is returned.
With reference to the 5th second possible implementation of aspect, in the third possible implementation, the hair
Unit is sent to be additionally operable to:
Before the message is sent, the second solicited message, institute are sent to the backup controller by the VPN passages
State and carry in the second solicited message second user name and the second password, so that the backup controller will the described second request letter
Breath is transmitted to the destination server;
Correspondingly, the receiving unit is additionally operable to:
Receive the destination server find respectively with the second user name and the second password identical use
After name in an account book and password, the authentication success message returned by the backup controller.
With reference to the 5th aspect or the first to three kind of possible implementation, in the 4th kind of possible implementation, institute
The message for stating transmitting element transmission is the message encrypted by DTLS agreements, or the message encrypted by ssl protocol.
The 6th aspect of the embodiment of the present invention is to provide a kind of server, including:
Receiving unit, for receiving the message that backup controller is sent by VPN passages, the message is logical for mobile terminal
Cross and the VPN passages between the backup controller are sent to the backup controller, by the backup controller according to
The message of the purpose IP address forwarding in message, the purpose IP address are private IP address;
Processing unit, for obtaining target data from the message, and backs up to the target data.
With reference to the server that the 6th aspect is provided, in the first possible implementation, the server also includes:
Transmitting element, for before the receiving unit receives the message, first being sent to the backup controller
Solicited message, carries first user name and first password in first solicited message, setting up the VPN for request leads to
Road;
Correspondingly, the receiving unit is additionally operable to:
Receive the backup controller find respectively with the first user name and the first password identical use
After name in an account book and password, the purpose IP address of distribution.
With reference to the server that the 6th aspect is provided, in second possible implementation, the receiving unit is also used
In:
Before the message is received, receive the backup controller and believed by the connection request that the VPN passages send
Breath, carries the digital certificate of the mobile terminal in the connectivity request message, the digital certificate includes that issuer is believed
Breath;
Correspondingly, the transmitting element is additionally operable to:
After digital certificate corresponding with the issuer information is found, by the backup controller to the shifting
Dynamic terminal returns to successful connection information.
It is described to connect in the third possible implementation with reference to the 6th second possible implementation of aspect
Unit is received to be additionally operable to:
Before the message is received, the second request letter that the backup controller is sent by the VPN passages is received
Breath, carries second user name and the second password that the mobile terminal sends in second solicited message;
Correspondingly, the transmitting element is additionally operable to:
Find respectively with the second user name and the second password identical username and password after, pass through
The backup controller is to the mobile terminal return authentication successful information.
With reference to the 6th aspect or first to the third possible implementation, in the 4th kind of possible implementation,
The message that the receiving unit is received is the message encrypted by DTLS agreements, or encrypted by ssl protocol
Message.
Seven aspects of the embodiment of the present invention are to provide a kind of data backup system, including above-mentioned backup controller, at least one
Individual mobile terminal and at least one server;Communicated between the backup controller, the mobile terminal and the server
Connection.
Data back up method provided in an embodiment of the present invention, apparatus and system, need to carry out data backup in mobile terminal
When, it would be desirable to the data of backup and the purpose IP address for carrying out the destination server of data backup, encapsulate in messages,
The message is sent to backup controller by the VPN passages between backup controller;Backup controller is receiving message
Afterwards, purpose IP address are obtained from the message, is led to by the VPN between destination server corresponding with the purpose IP address
Road, the destination server is sent to by message, and the target data in the message that receives is backed up by the destination server,
Data are backed up without mobile terminal is connected on PC by data wire, open state is in server
When, mobile terminal can will need the data of backup whenever and wherever possible by mobile Internet, be sent to by backup controller
Corresponding destination server, is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
Brief description of the drawings
Fig. 1 is the flow chart of data back up method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of another data back up method provided in an embodiment of the present invention;
Fig. 3 is the flow chart of another data back up method provided in an embodiment of the present invention;
Fig. 4 is the flow chart of another data back up method provided in an embodiment of the present invention;
Fig. 5 is the flow chart of another data back up method provided in an embodiment of the present invention;
Fig. 6 is the flow chart of another data back up method provided in an embodiment of the present invention;
Fig. 7 is the flow chart of another data back up method provided in an embodiment of the present invention;
Fig. 8 a are the structural representation of backup controller provided in an embodiment of the present invention;
Fig. 8 b are the structural representation of another backup controller provided in an embodiment of the present invention;
Fig. 8 c are the structural representation of another backup controller provided in an embodiment of the present invention;
Fig. 9 a are the structural representation of mobile terminal provided in an embodiment of the present invention;
Fig. 9 b are the structural representation of another mobile terminal provided in an embodiment of the present invention;
Fig. 9 c are the structural representation of another mobile terminal provided in an embodiment of the present invention;
Figure 10 a are the structural representation of server provided in an embodiment of the present invention;
Figure 10 b are the structural representation of another server provided in an embodiment of the present invention;
Figure 10 c are the structural representation of another server provided in an embodiment of the present invention;
Figure 11 is the structural representation of data backup system provided in an embodiment of the present invention.
Specific embodiment
In the data back up method that various embodiments of the present invention are provided, remotely backup controller is being increased newly.The shifting of user
Dynamic terminal can be communicated to connect using mobile Internet with backup controller, and backup controller can utilize internet and be used to deposit
Store up the server communication connection of Backup Data.When server is in open state, mobile terminal can pass through whenever and wherever possible
Backup controller, it would be desirable to which the data is activation of backup is to server.
If server is located at when in LAN, can be communicated with backup controller by proxy gateway;If server
When in wide area network, then need not be communicated with backup controller by proxy gateway.
Backup controller can be connected with one or more communication of mobile terminal, it is also possible to and one or more servers lead to
Letter connection.Wherein, mobile terminal can be the terminal devices such as mobile phone, notebook computer or panel computer;Server can be
The PC of user, in other words, server is that the user of mobile terminal can carry out the PC of operational control, and is not the service in high in the clouds
Device.Each mobile terminal can will need the data is activation of backup to one or more servers.Each server can be received
The data that one or more mobile terminals are backed up the need for sending.
Fig. 1 is the flow chart of data back up method provided in an embodiment of the present invention, as shown in figure 1, the method includes:
101st, receive mobile terminal and pass through the first Virtual Private Network(Virtual Private Network, VPN)Passage is sent out
The message for sending.Wherein, a VPN passages are and the VPN passages between the mobile terminal.
Specifically, communicated using a VPN passages between backup controller and mobile terminal, the profit between server
Communicated with the 2nd VPN passages.When user needs to be backed up the data in mobile terminal, it would be desirable to the data envelope of backup
The message in messages, is sent to backup controller by dress.
102nd, the purpose Internet protocol in the message is obtained(Internet Protocol, IP)Address.Wherein, it is described
Purpose IP address are the private IP address of destination server.
Specifically, mobile terminal is in the message for being sent to backup controller, the purpose IP address of server are carried, with
It is lower that the corresponding server of purpose IP address is referred to as destination server.Backup controller after message is received, from message
Get the purpose IP address.According to the purpose IP address, the message can be sent to the purpose IP address by backup controller
Corresponding destination server.
The purpose IP address of destination server can be that backup controller is in advance the private IP address of its distribution.Private ip
Address is the IP address used in the Virtual Private Network that backup controller and at least one server are constituted.Correspondingly, move
Dynamic terminal, for destination server is assigned with after private IP address, can know target in backup controller from backup controller
The purpose IP address of server.
103rd, the message is sent to the corresponding destination service of the purpose IP address by the 2nd VPN passages
Device.Wherein, the 2nd VPN passages are and the VPN passages between the destination server.It is to supply to perform step 103
State destination server and target data is obtained from the message, and the target data is backed up.
Specifically, backup controller from message after purpose IP address are got, knowing needs to send the message
Give the purpose IP address corresponding destination server.By the 2nd VPN passages between destination server, the message is sent
Give the destination server.
Destination server is received after the message, and target data is got from the message.It is acquired go out number of targets
According to the data that as mobile terminal needs to be backed up.Correspondingly, destination server is backed up the target data, is saved as
Backup Data corresponding with the mobile terminal.
Data back up method provided in an embodiment of the present invention, when mobile terminal needs to carry out data backup, it would be desirable to standby
The data and the purpose IP address for carrying out the destination server of data backup of part, encapsulation in messages, the message are led to
The VPN passages crossed and backup controller between are sent to backup controller;Backup controller after message is received, from the report
Purpose IP address are obtained in text, by the VPN passages between destination server corresponding with the purpose IP address, message is sent
The destination server is given, the target data in the message that receives is backed up by the destination server, without will
Mobile terminal is connected on PC by data wire and data is backed up, and when server is in open state, mobile terminal can
The data of backup will be needed whenever and wherever possible with by mobile Internet, corresponding destination service is sent to by backup controller
Device, is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
Fig. 2 is the flow chart of another data back up method provided in an embodiment of the present invention, as shown in Fig. 2 the method includes:
201st, the second solicited message that the destination server sends is received.Wherein, carried in second solicited message
There are the user name and the password, for asking to set up the 2nd VPN passages.
Specifically, between each mobile terminal and backup controller, and between each server and backup controller, Ke Yixian
Set up transmission control protocol(Transmission Control Protocol, TCP)Connection.Backup controller is connected for each TCP
Corresponding TCP connection identifier is distributed, to enable that communicating pair carries out area according to TCP connection identifier to different TCP connections
Point.Communication between mobile terminal as described below and backup controller is entered on the basis of the TCP connections that both have set up
Capable, the communication between backup controller and server is carried out on the basis of the TCP connections that both have set up.
VPN passages between each server and backup controller are, it is necessary to please by being sent to backup controller from server
Information is asked to be set up.
Above-mentioned destination server is that destination server is to standby with the process of setting up of the 2nd VPN passages of backup controller
Part controller sends the second solicited message.The username and password for being authenticated is carried in the second solicited message.
Log-on message is previously stored with backup controller, log-on message is effective username and password.The side of registration
Formula can log in backup controller for user by mobile terminal, server or other PC, registered on backup controller and used
Name in an account book and password.
When destination server sets up the 2nd VPN passages to backup controller request, the use carried in the second solicited message
Name in an account book and password are effective username and password registered in advance.
If the 202nd, find respectively with the user name and the password identical username and password, be the target
Purpose IP address described in server-assignment, and set up the corresponding relation of the destination server and the user name.
Specifically, backup controller is after the second solicited message is received, obtain therefrom entrained user name and
Password, and judge whether the username and password is registered effective username and password.
If backup controller is in registered username and password, if not finding and carrying in the second solicited message
Username and password distinguishes identical username and password, then the information of request failure is returned to the destination server, for this
The information of request failure is supplied to user by destination server, is easy to user to select other modes of operation as needed.
If backup controller is in registered username and password, if finding and the use carried in the second solicited message
Name in an account book and password difference identical username and password, then for the destination server distributes private IP address, i.e., take with the target
The corresponding purpose IP address of business device, and set up the corresponding relation of the destination server and the user name.
If backup controller is in registered username and password, find and the user carried in the second solicited message
Name and password distinguish identical username and password, but without in the case of distributable private IP address, to the target
Server returns to the information of request failure, so that the information of request failure is supplied to user by the destination server, is easy to use
Family selects other modes of operation as needed.
Further, the destination server is monitored;If with the communication connection between the destination server
Disconnect, then delete the corresponding relation of the destination server and the user name, and discharge the purpose IP address.
Specifically, backup controller is after the corresponding relation between destination server and corresponding user name is established,
Keep being monitored the destination server.By keeping the corresponding relation of destination server and corresponding user name, embody
It is online server corresponding with the user name to go out the destination server.When backup controller is monitored and the destination server
Communication connection disconnect when, delete the corresponding relation of the destination server and the user name, thus it is corresponding with the user name
It is not include the destination server in the server of line.Correspondingly, backup controller will also be the private distributed to destination server
There is IP address to be discharged, for the private IP address is distributed into other servers.
203rd, the first solicited message that the mobile terminal sends is received.Wherein, carried in first solicited message
Username and password, for asking to set up a VPN passages.
Specifically, the VPN passages between each mobile terminal and backup controller by from mobile terminal to backup, it is necessary to control
Device processed sends solicited message and is set up.
Mobile terminal is that mobile terminal is sent out to backup controller with the process of setting up of a VPN passages of backup controller
Send the first solicited message.The username and password for being authenticated is carried in the first solicited message.The user name and close
Code is effective username and password registered in advance in backup controller.
It should be noted that in the first solicited message and the second solicited message first and second, only to different requests
The naming method that information makes a distinction, does not represent the order between solicited message.Similarly, a VPN passages and the 2nd VPN are logical
Road, the naming method for only being made a distinction to different VPN passages, does not represent the order between VPN passages.
If the 204th, find respectively with the user name and the password identical username and password, judge whether to deposit
In the destination server.Wherein, the destination server is server corresponding with the user name.
Specifically, backup controller is after the first solicited message is received, obtain therefrom entrained user name and
Password, and judge whether the username and password is registered effective username and password.
If backup controller is in registered username and password, if not finding and carrying in the first solicited message
Username and password distinguishes identical username and password, then the information of request failure is returned to the mobile terminal, for the shifting
The information of request failure is supplied to user by dynamic terminal, is easy to user to select other modes of operation as needed.
If backup controller is in registered username and password, if finding and the use carried in the first solicited message
Name in an account book and password difference identical username and password, then judge whether at least one target clothes corresponding with the user name
Business device.
If the 205, finding the destination server, the purpose IP address are sent to the mobile terminal.Perform
Step 205 is in order to the purpose IP address are encapsulated in the message for the mobile terminal.
If backup controller is found in the presence of after at least one destination server corresponding with the user name, target is taken
The purpose IP address of business device are sent to mobile terminal.If destination server for it is multiple, backup controller is by each destination service
The purpose IP address of device are sent to mobile terminal.
Mobile terminal is received after purpose IP address, the destination server that selection is needed to use, it would be desirable to the number of backup
According to the purpose IP address encapsulation with destination server in messages.Mobile terminal will encapsulate the message for completing and be sent to Standby control
Device.
Additionally, backup controller will also distribute source IP address for mobile terminal, the source IP address is also private IP address,
That is, the source IP address is the private ip ground applied in the Virtual Private Network of each mobile terminal and backup controller composition
Location.
206th, the message that mobile terminal is sent by a VPN passages is received.
Specifically, may refer to the implementation described in step 101.
Further, the message is by datagram type secure transport layers((Datagram Transport Layer
Security, DTLS)The message of agreement encryption, or by SSL(Secure Sockets Layer, SSL)Association
Discuss the message of encryption.
Specifically, the message that mobile terminal is sent to backup controller can be encrypted by DTLS agreements, correspondingly,
Server is decrypted according to DTLS agreements to the message for receiving, and backup controller cannot know mobile terminal and server
The key for negotiating, therefore, the message that will can be only received from mobile terminal of backup controller is transmitted to corresponding service
Device, and cannot therefrom get the target data in message.
Or, the message that mobile terminal is sent to backup controller can also be encrypted by ssl protocol, correspondingly,
Server is decrypted according to ssl protocol to the message for receiving, and backup controller cannot know mobile terminal and server
The key for negotiating, therefore, the message that will can be only received from mobile terminal of backup controller is transmitted to corresponding service
Device, and cannot therefrom get the target data in message.
When mobile terminal is packaged to the data that needs are backed up, IP is carried out using source IP address, purpose IP address
The encapsulation of layer;According to be DTLS agreements, then using source user data pack protocol(User Datagram Protocol,
UDP)The purpose udp port of port and destination server carries out UDP encapsulation;Then the encapsulation of DTLS agreements is carried out;VPN is carried out again
The encapsulation of agreement;After eventually passing the ICP/IP protocol stack of operating system and carrying out TCP layer and IP layers of encapsulation, backup is sent to
Controller.
According to be ssl protocol, then after IP layers of encapsulation is carried out using source IP address, purpose IP address, utilize
Source tcp port and purpose tcp port carry out TCP encapsulation;Then the encapsulation of ssl protocol is carried out;The encapsulation of VPN agreements is carried out again;
After eventually passing the ICP/IP protocol stack of operating system and carrying out TCP layer and IP layers of encapsulation, backup controller is sent to.
207th, the purpose IP address in the message are obtained.
Specifically, may refer to the implementation described in step 102.
208th, the message is sent to the corresponding destination service of the purpose IP address by the 2nd VPN passages
Device.
Specifically, may refer to the implementation described in step 103.
Backup controller carries out TCP by the ICP/IP protocol stack of operating system after message is received to the message
Layer and IP layers of decapsulation;And then carry out the decapsulation of VPN agreements;Decapsulate purpose IP address again.But because backup is controlled
Device processed cannot be known between mobile terminal and server based on DTLS agreements or ssl protocol, the encryption key for being used, therefore standby
Part controller cannot decrypt the target data in outgoing packet, only after purpose IP address are got, forward the packet to mesh
The corresponding destination server of IP address.
Destination server carries out TCP by the ICP/IP protocol stack of operating system after message is received to the message
Layer and IP layers of decapsulation, carry out the decapsulation of VPN agreements, then decapsulate purpose IP address, and then assist according to based on DTLS
The encryption key of view or ssl protocol, the target data in decryption outgoing packet.
Using such processing mode, backup controller cannot have in the target data in intercepting and capturing message in transmitting procedure
Improve to effect the security of data transfer.
Fig. 3 is the flow chart of another data back up method provided in an embodiment of the present invention, the execution master of embodiment illustrated in fig. 3
Body is mobile terminal, as shown in figure 3, the method includes:
301st, message is sent to backup controller by VPN passages.
Wherein, purpose IP address are carried in the message, the purpose IP address are that the backup controller is target
The private IP address of server-assignment.
It is to supply the backup controller according to the purpose IP ground got from the message to perform step 301
Location, by the message by the VPN passages between the destination server, is sent to the destination server, so that described
Destination server obtains target data from the message, and the target data is backed up.
Specifically, may refer to the implementation described in step 101.
Data back up method provided in an embodiment of the present invention, when mobile terminal needs to carry out data backup, it would be desirable to standby
The data and the purpose IP address for carrying out the destination server of data backup of part, encapsulation in messages, the message are led to
The VPN passages crossed and backup controller between are sent to backup controller;Backup controller after message is received, from the report
Purpose IP address are obtained in text, by the VPN passages between destination server corresponding with the purpose IP address, message is sent
The destination server is given, the target data in the message that receives is backed up by the destination server, without will
Mobile terminal is connected on PC by data wire and data is backed up, and when server is in open state, mobile terminal can
The data of backup will be needed whenever and wherever possible with by mobile Internet, corresponding destination service is sent to by backup controller
Device, is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
Fig. 4 is the flow chart of another data back up method provided in an embodiment of the present invention, the execution master of embodiment illustrated in fig. 4
Body is mobile terminal, as shown in figure 4, the method includes:
401st, the first solicited message is sent to the backup controller.Wherein, is carried in first solicited message
One user name and first password, for asking to set up the VPN passages.
402nd, receive the backup controller find it is identical with first user name and the first password respectively
Username and password, and find with after the first user corresponding destination server of name, the mesh of return
IP address.
403rd, message is sent to backup controller by VPN passages.
Specifically, may refer to the implementation described in step 203-206.Wherein, described in the embodiment of the present invention
First user name and first password, as username and password in the various embodiments described above.
Fig. 5 is the flow chart of another data back up method provided in an embodiment of the present invention, the execution master of embodiment illustrated in fig. 5
Body is mobile terminal, in execution of step 401-402, establish VPN passages between mobile terminal and backup controller it
Afterwards, as shown in figure 5, the method can also include:
501st, connectivity request message is sent to the backup controller by the VPN passages.Wherein, the connection request
Digital certificate is carried in information, the digital certificate includes issuer information.It is in order that the backup to perform step 501
The connectivity request message is transmitted to the destination server by controller.
Specifically, after destination server and mobile terminal establish VPN passages with backup controller respectively, in movement
The data channel for transmitting encrypted message can also be set up between terminal and destination server.
The process of data channel is set up between mobile terminal and destination server, can be using the authentication mode of digital certificate
Or second set of authentication mode of username and password, or the double authentication mode combined using both.
In the authentication mode using digital certificate, mobile terminal passes through its VPN passage between backup controller, to
Backup controller sends connectivity request message.Digital certificate is carried in the connectivity request message, the digital certificate includes
Issuer information.
Backup controller is received after the connectivity request message, according to the purpose IP ground carried in connectivity request message
Location, destination server is transmitted to by the connectivity request message.
502nd, the destination server is received after digital certificate corresponding with the issuer information is found, and is passed through
The successful connection information that the backup controller is returned.
Specifically, destination server receive backup controller forwarding connectivity request message after, obtain connection request
Issuer information entrained in information.
Digital certificate is previously stored with destination server, the digital certificate includes issuing the issuer of the digital certificate
Information.
Issuer information of the destination server in the connectivity request message for receiving, judges the numeral stored with it
Whether the issuer information of certificate is consistent.If consistent, destination server judges mobile terminal authentication success, correspondingly, to
Mobile terminal returns to the information of successful connection;If inconsistent, destination server judges that the mobile terminal authentication fails, accordingly
Ground, the information of connection failure is returned to mobile terminal.
Wherein, the mode being authenticated using digital certificate can use the digital certificate authentication similar with DTLS agreements
Mode, this time do not repeating.
503rd, the second solicited message is sent to the backup controller by the VPN passages.Wherein, second request
Second user name and the second password are carried in information.It is in order that the backup controller is by described second to perform step 503
Solicited message is transmitted to the destination server.
Specifically, can also be carried out by the way of second set of username and password between mobile terminal and destination server
Certification.The second solicited message in the embodiment of the present invention, different from the second solicited message in the embodiment shown in Fig. 2.In Fig. 2
Described the first solicited message and the second solicited message, is sent out to backup controller for distinguishing mobile terminal and destination server
The solicited message sent;The first solicited message and the second solicited message described in Fig. 4 and Fig. 5, are used for distinguishing mobile terminal
In the solicited message being authenticated on backup controller, and the solicited message for being authenticated on destination server.
Second user name and the second password are previously stored with destination server, for being authenticated to mobile terminal.
The second solicited message described in the embodiment of the present invention is sent to backup controller by mobile terminal, by Standby control
Device is transmitted to destination server.
504th, receive the destination server find it is identical with second user name and second password respectively
Username and password after, the authentication success message returned by the backup controller.
Destination server is searched in the username and password for being stored, if finding and second user name and the
Two passwords distinguish identical username and password, then by backup controller to mobile terminal return authentication successful information;If not
Find and distinguish identical username and password with second user name and the second password, then by backup controller to mobile whole
End return authentication failure information.
Wherein, first and second in first user name and first password and second user name and the second password, only right
The naming method that two sets of independent username and passwords make a distinction, does not represent the order between username and password.
It should be noted that step 501-502 and step 503-504 are optional operating procedure.Using step
In the case of 503-504, step 503-504 can also be performed before step 501-502, and which is not shown.
In the case of using step 503-504, it is also possible to do not use step 501-502, which is also not shown.
505th, message is sent to backup controller by VPN passages.
Mobile terminal is controlled by VPN passages after successful connection information and/or authentication success message is received to backup
Device processed sends the mode of message, may refer to the implementation described in step 301.
Further, the message is the message encrypted by DTLS agreements, or the report encrypted by ssl protocol
Text.
Specifically, the message that mobile terminal is sent to backup controller can be encrypted by DTLS agreements, correspondingly,
Server is decrypted according to DTLS agreements to the message for receiving, and backup controller cannot know mobile terminal and server
The key for negotiating, therefore, the message that will can be only received from mobile terminal of backup controller is transmitted to corresponding service
Device, and cannot therefrom get the target data in message.
Or, the message that mobile terminal is sent to backup controller can also be encrypted by ssl protocol, correspondingly,
Server is decrypted according to ssl protocol to the message for receiving, and backup controller cannot know mobile terminal and server
The key for negotiating, therefore, the message that will can be only received from mobile terminal of backup controller is transmitted to corresponding service
Device, and cannot therefrom get the target data in message.
Fig. 6 is the flow chart of another data back up method provided in an embodiment of the present invention, the execution master of embodiment illustrated in fig. 6
Body is server, as shown in fig. 6, the method includes:
601st, the message that backup controller is sent by VPN passages is received.
Wherein, the message is described standby for mobile terminal is sent to by the VPN passages between the backup controller
Part controller, the message of the purpose IP address forwarding by the backup controller in the message, the purpose IP address
It is private IP address.
602nd, target data is obtained from the message, and the target data is backed up.
Specifically, may refer to the implementation described in step 103.
Data back up method provided in an embodiment of the present invention, when mobile terminal needs to carry out data backup, it would be desirable to standby
The data and the purpose IP address for carrying out the destination server of data backup of part, encapsulation in messages, the message are led to
The VPN passages crossed and backup controller between are sent to backup controller;Backup controller after message is received, from the report
Purpose IP address are obtained in text, by the VPN passages between destination server corresponding with the purpose IP address, message is sent
The destination server is given, the target data in the message that receives is backed up by the destination server, without will
Mobile terminal is connected on PC by data wire and data is backed up, and when server is in open state, mobile terminal can
The data of backup will be needed whenever and wherever possible with by mobile Internet, corresponding destination service is sent to by backup controller
Device, is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
Fig. 7 is the flow chart of another data back up method provided in an embodiment of the present invention, the execution master of embodiment illustrated in fig. 7
Body is server, as shown in fig. 7, the method includes:
701st, the first solicited message is sent to the backup controller.Wherein, is carried in first solicited message
One user name and first password, for asking to set up the VPN passages.
Specifically, may refer to the implementation described in step 201, the first solicited message described in Fig. 7 is as schemed
The second solicited message described in 2.
702nd, receive the backup controller find it is identical with first user name and the first password respectively
Username and password after, the purpose IP address of distribution.
Specifically, may refer to the implementation described in step 202.
703rd, the connectivity request message that the backup controller is sent by the VPN passages is received.Wherein, the connection
The digital certificate of the mobile terminal is carried in solicited message, the digital certificate includes issuer information.
Specifically, may refer to the implementation described in step 501.
704th, after digital certificate corresponding with the issuer information is found, by the backup controller to institute
State mobile terminal and return to successful connection information.
Specifically, may refer to the implementation described in step 502.
705th, the second solicited message that the backup controller is sent by the VPN passages is received.Wherein, described second
Second user name and the second password that the mobile terminal sends are carried in solicited message.
Specifically, may refer to the implementation described in step 503.
706th, find respectively with the second user name and the second password identical username and password after,
By the backup controller to the mobile terminal return authentication successful information.
Specifically, may refer to the implementation described in step 504.
Wherein, first and second in first user name and first password and second user name and the second password, only right
The naming method that two sets of independent username and passwords make a distinction, does not represent the order between username and password.
It should be noted that step 703-704 and step 705-706 are optional operating procedure.Using step
In the case of 705-706, step 705-706 can also be performed before step 703-704, and which is not shown.
In the case of using step 705-706, it is also possible to do not use step 703-704, which is also not shown.
707th, the message that backup controller is sent by VPN passages is received.
Specifically, may refer to the implementation described in step 505.
Further, the message is the message encrypted by DTLS agreements, or the report encrypted by ssl protocol
Text.
Specifically, the message that mobile terminal is sent to backup controller can be encrypted by DTLS agreements, correspondingly,
Server is decrypted according to DTLS agreements to the message for receiving, and backup controller cannot know mobile terminal and server
The key for negotiating, therefore, the message that will can be only received from mobile terminal of backup controller is transmitted to corresponding service
Device, and cannot therefrom get the target data in message.
Or, the message that mobile terminal is sent to backup controller can also be encrypted by ssl protocol, correspondingly,
Server is decrypted according to ssl protocol to the message for receiving, and backup controller cannot know mobile terminal and server
The key for negotiating, therefore, the message that will can be only received from mobile terminal of backup controller is transmitted to corresponding service
Device, and cannot therefrom get the target data in message.
708th, target data is obtained from the message, and the target data is backed up.
Specifically, may refer to the implementation described in step 103.
Fig. 8 a are the structural representation of backup controller provided in an embodiment of the present invention, as shown in Figure 8 a, the Standby control
Device includes receiving unit 11, acquiring unit 12 and transmitting element 13.
Receiving unit 11, for receiving the message that mobile terminal is sent by a VPN passages, a VPN passages
It is and the VPN passages between the mobile terminal;
Acquiring unit 12, for obtaining the purpose Internet protocol IP address in the message, the purpose IP address are mesh
Mark the private IP address of server;
Transmitting element 13, by the 2nd VPN passages, the corresponding institute of the purpose IP address is sent to for by the message
State destination server, the 2nd VPN passages be with the VPN passages between the destination server, for the destination service
Device obtains target data from the message, and the target data is backed up.
Fig. 8 b are the structural representation of another backup controller provided in an embodiment of the present invention, as shown in Figure 8 b, the backup
Controller can also include processing unit 14.
The receiving unit 11 is additionally operable to, and before the message is received, receive the mobile terminal transmission first please
Information is sought, username and password is carried in first solicited message, for asking to set up a VPN passages;
Processing unit 14, for find respectively with the user name and the password identical username and password
When, the destination server is judged whether, the destination server is server corresponding with the user name;
Correspondingly, the transmitting element 13 is additionally operable to, when the destination server is found, by the purpose IP address
The mobile terminal is sent to, so that be encapsulated in the purpose IP address in the message by the mobile terminal.
Further, the receiving unit 11 is additionally operable to, and before first solicited message is received, receives the target
The second solicited message that server sends, carries the user name and the password in second solicited message, for asking
Ask and set up the 2nd VPN passages;
Correspondingly, the processing unit 14 is additionally operable to:
Find respectively with the user name and the password identical username and password when, be the destination service
Device distributes the purpose IP address, and sets up the corresponding relation of the destination server and the user name.
Further, the backup controller can also include monitoring unit 15.
Monitoring unit 15, for being monitored to the destination server;
Correspondingly, the processing unit 14 is additionally operable to:
When communication connection between the destination server disconnects, the destination server and the user name are deleted
Corresponding relation, and discharge the purpose IP address.
Further, the message that the receiving unit 11 is received is the message encrypted by DTLS agreements, or
It is the message encrypted by ssl protocol.
Fig. 8 c are the structural representation of another backup controller provided in an embodiment of the present invention, as shown in Figure 8 c, the backup
Controller includes:Processor 21, memory 22, bus 23 and communication interface 24.Processor 21, memory 22 and communication interface 24
Between connected by bus 23 and complete mutual communication.
Processor 21 may be monokaryon or multinuclear CPU(Central Processing Unit, CPU), or
Person is specific integrated circuit(Application Specific Integrated Circuit, ASIC), or to be configured to
Implement one or more integrated circuits of the embodiment of the present invention.
Memory 22 can be high-speed RAM memory, or nonvolatile memory(non-volatile
memory), for example, at least one magnetic disk storage.
Communication interface 24, for receiving the message that mobile terminal is sent by a VPN passages, a VPN passages
It is and the VPN passages between the mobile terminal.
Memory 22 is used to deposit program 221.Specifically, program code, described program code can be included in program 221
Including computer-managed instruction.
The operation program 221 of processor 21, to perform:
The purpose Internet protocol IP address in the message is obtained, the purpose IP address are the private ip of destination server
Address;
By the message by the 2nd VPN passages, the corresponding destination server of the purpose IP address, institute are sent to
State the 2nd VPN passages be with the VPN passages between the destination server, so that the destination server is obtained from the message
Target data is taken, and the target data is backed up.
Specifically, the method that the backup controller in various embodiments of the present invention carries out data backup, it is above-mentioned right to may refer to
The operating procedure described in embodiment of the method answered, this is repeated no more.
Backup controller provided in an embodiment of the present invention, by the VPN passages between mobile terminal, receives mobile terminal
The data that back up as needed and for the message after the purpose IP address encapsulation of the destination server for carrying out data backup, from
Purpose IP address are obtained in the message, by the VPN passages between destination server corresponding with the purpose IP address, by message
Be sent to the destination server, the target data in the message that receives is backed up by the destination server, from without
Mobile terminal is connected on PC by data wire data are backed up, it is mobile whole when server is in open state
End can will need the data of backup whenever and wherever possible by mobile Internet, and corresponding target is sent to by backup controller
Server, is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
Fig. 9 a are the structural representation of mobile terminal provided in an embodiment of the present invention, as illustrated in fig. 9, the mobile terminal bag
Include:
Transmitting element 31, for sending message to backup controller by VPN passages, carries purposeful IP in the message
Address, the purpose IP address are that the backup controller is the private IP address of destination server distribution, for the backup
Controller according to the purpose IP address got from the message, by the message by with the destination server it
Between VPN passages, be sent to the destination server so that the destination server obtains target data from the message,
And the target data is backed up.
Fig. 9 b are the structural representation of another mobile terminal provided in an embodiment of the present invention, as shown in figure 9b, the movement end
End can also include receiving unit 32.
The transmitting element 31 is additionally operable to, and before the message is sent, sends first to the backup controller and asks
Information, carries first user name and first password in first solicited message, for asking to set up the VPN passages;
Correspondingly, receiving unit 32, for receive the backup controller find respectively with the first user name
With the first password identical username and password, and find and the first user corresponding destination server of name
Afterwards, the purpose IP address of return.
Further, the transmitting element 31 is additionally operable to, before the message is sent, by the VPN passages to institute
State backup controller and send connectivity request message, digital certificate is carried in the connectivity request message, in the digital certificate
Including issuer information, so that the connectivity request message is transmitted to the destination server by the backup controller;
Correspondingly, the receiving unit 32 is additionally operable to, and receives the destination server and is finding and issuer letter
After ceasing corresponding digital certificate, the successful connection information returned by the backup controller.
Further, the transmitting element 31 is additionally operable to, before the message is sent, by the VPN passages to institute
State backup controller and send the second solicited message, second user name and the second password are carried in second solicited message, with
Make the backup controller that second solicited message is transmitted into the destination server;
Correspondingly, the receiving unit 32 is additionally operable to, and receives the destination server and is finding respectively with described second
After user name and the second password identical username and password, the certification returned by the backup controller is successfully believed
Breath.
Further, the message that the transmitting element 31 sends is the message encrypted by DTLS agreements, or
By the message that ssl protocol is encrypted.
Fig. 9 c are the structural representation of another mobile terminal provided in an embodiment of the present invention, as is shown in fig. 9 c, the movement end
End includes:Processor 41, memory 42, bus 43 and communication interface 44.Between processor 41, memory 42 and communication interface 44
Mutual communication is connected and completed by bus 43.
Processor 41 may be monokaryon or multinuclear CPU(Central Processing Unit, CPU), or
Person is specific integrated circuit(Application Specific Integrated Circuit, ASIC), or to be configured to
Implement one or more integrated circuits of the embodiment of the present invention.
Memory 42 can be high-speed RAM memory, or nonvolatile memory(non-volatile
memory), for example, at least one magnetic disk storage.
Communication interface 44, for sending message to backup controller.
Memory 42 is used to deposit program 421.Specifically, program code, described program code can be included in program 421
Including computer-managed instruction.
The operation program 421 of processor 41, to perform:
The message is sent to the backup controller by VPN passages, purpose IP address is carried in the message,
The purpose IP address are that the backup controller is the private IP address of destination server distribution, for the backup controller
According to the purpose IP address got from the message, by the message by between the destination server
VPN passages, are sent to the destination server, so that the destination server obtains target data from the message, and it is right
The target data is backed up.
Specifically, the method that the mobile terminal in various embodiments of the present invention carries out data backup, may refer to above-mentioned correspondence
Embodiment of the method described in operating procedure, this is repeated no more.
Mobile terminal provided in an embodiment of the present invention, when needing to carry out data backup, it would be desirable to the data of backup and
Purpose IP address for carrying out the destination server of data backup, encapsulation in messages, by the message by with Standby control
VPN passages between device are sent to backup controller;Backup controller obtains purpose after message is received from the message
IP address, by the VPN passages between destination server corresponding with the purpose IP address, the destination service is sent to by message
Device, is backed up, to the target data in the message that receives by the destination server without mobile terminal is passed through
Data wire is connected on PC and data is backed up, and when server is in open state, mobile terminal can be by mobile mutual
Networking will need the data of backup whenever and wherever possible, and corresponding destination server is sent to by backup controller, effectively carry
High convenience and efficiency that data in mobile terminal are backed up.
Figure 10 a are the structural representation of server provided in an embodiment of the present invention, and as shown in Figure 10 a, the server includes:
Receiving unit 51 and processing unit 52.
Receiving unit 51, for receiving the message that backup controller is sent by VPN passages, the message is mobile terminal
The backup controller is sent to by the VPN passages between the backup controller, by the backup controller according to institute
The message of the purpose IP address forwarding in message is stated, the purpose IP address are private IP address;
Processing unit 52, for obtaining target data from the message, and backs up to the target data.
Figure 10 b are the structural representation of another server provided in an embodiment of the present invention, as shown in fig. lob, the server
Transmitting element 53 can also be included.
Transmitting element 53, for before the receiving unit 51 receives the message, being sent to the backup controller
First solicited message, carries first user name and first password in first solicited message, for asking to set up the VPN
Passage;
Correspondingly, the receiving unit 51 is additionally operable to:
Receive the backup controller find respectively with the first user name and the first password identical use
After name in an account book and password, the purpose IP address of distribution.
Further, the receiving unit 51 is additionally operable to, and before the message is received, receives the backup controller and leads to
The connectivity request message that the VPN passages send is crossed, the numeral card of the mobile terminal is carried in the connectivity request message
Book, the digital certificate includes issuer information;
Correspondingly, the transmitting element 53 is additionally operable to, find digital certificate corresponding with the issuer information it
Afterwards, successful connection information is returned to the mobile terminal by the backup controller.
Further, the receiving unit 51 is additionally operable to, and before the message is received, receives the backup controller and leads to
The second solicited message that the VPN passages send is crossed, carry that the mobile terminal sends in second solicited message the
Two user names and the second password;
Correspondingly, the transmitting element 53 is additionally operable to, find respectively with second user name and described second close
After code identical username and password, by the backup controller to the mobile terminal return authentication successful information.
Further, the message that the receiving unit 51 is received is the message encrypted by DTLS agreements, or
It is the message encrypted by ssl protocol.
Figure 10 c are the structural representation of another server provided in an embodiment of the present invention, as shown in figure l0c, the server
Including:Processor 61, memory 62, bus 63 and communication interface 64.Lead between processor 61, memory 62 and communication interface 64
Bus 63 is crossed to connect and complete mutual communication.
Processor 61 may be monokaryon or multinuclear CPU(Central Processing Unit, CPU), or
Person is specific integrated circuit(Application Specific Integrated Circuit, ASIC), or to be configured to
Implement one or more integrated circuits of the embodiment of the present invention.
Memory 62 can be high-speed RAM memory, or nonvolatile memory(non-volatile
memory), for example, at least one magnetic disk storage.
Communication interface 64, for receiving the message that backup controller is sent by VPN passages, the message is mobile terminal
The backup controller is sent to by the VPN passages between the backup controller, by the backup controller according to institute
The message of the purpose IP address forwarding in message is stated, the purpose IP address are private IP address;
Memory 62 is used to deposit program 621.Specifically, program code, described program code can be included in program 621
Including computer-managed instruction.
The operation program 621 of processor 61, to perform:
Target data is obtained from the message, and the target data is backed up.
Specifically, the method that the server in various embodiments of the present invention carries out data backup, may refer to above-mentioned corresponding
Operating procedure described in embodiment of the method, this is repeated no more.
Server provided in an embodiment of the present invention, by mobile terminal when needing to carry out data backup, it would be desirable to backup
Data and the purpose IP address for carrying out the destination server of data backup, encapsulation in messages, by the message by with
VPN passages between backup controller are sent to backup controller;Backup controller after message is received, from the message
Purpose IP address are obtained, by the VPN passages between destination server corresponding with the purpose IP address, message this is sent to
Destination server, is backed up by the destination server to the target data in the message that receives, without will be mobile
Terminal is connected on PC by data wire and data is backed up, and when server is in open state, mobile terminal can lead to
Crossing mobile Internet will need the data of backup whenever and wherever possible, and corresponding destination server is sent to by backup controller,
It is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
Figure 11 is the structural representation of data backup system provided in an embodiment of the present invention, and as shown in figure 11, the data are standby
Part system includes backup controller 1, at least one mobile terminal 2 and at least one server 3.The backup controller 1, institute
State and communicated to connect between mobile terminal 2 and the server 3.
Specifically, the method that the data backup system in various embodiments of the present invention carries out data backup, may refer to above-mentioned
Operating procedure described in corresponding embodiment of the method, this is repeated no more.
Data backup system provided in an embodiment of the present invention, when mobile terminal needs to carry out data backup, it would be desirable to standby
The data and the purpose IP address for carrying out the destination server of data backup of part, encapsulation in messages, the message are led to
The VPN passages crossed and backup controller between are sent to backup controller;Backup controller after message is received, from the report
Purpose IP address are obtained in text, by the VPN passages between destination server corresponding with the purpose IP address, message is sent
The destination server is given, the target data in the message that receives is backed up by the destination server, without will
Mobile terminal is connected on PC by data wire and data is backed up, and when server is in open state, mobile terminal can
The data of backup will be needed whenever and wherever possible with by mobile Internet, corresponding destination service is sent to by backup controller
Device, is effectively improved the convenience and efficiency backed up to the data in mobile terminal.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to
The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey
Sequence upon execution, performs the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent
Pipe has been described in detail with reference to foregoing embodiments to the present invention, it will be understood by those within the art that:Its according to
The technical scheme described in foregoing embodiments can so be modified, or which part or all technical characteristic are entered
Row equivalent;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology
The scope of scheme.
Claims (17)
1. a kind of data back up method, it is characterised in that including:
Backup controller receives the message that mobile terminal is sent by the first virtual private network passage, a VPN passages
Be with the VPN passages between the mobile terminal, wherein, the message is by datagram type secure transport layers DTLS agreements
The message of encryption, or the message encrypted by SSL ssl protocol;
The backup controller obtains the purpose Internet protocol IP address in the message, and the purpose IP address are destination service
The private IP address of device;
The message by the 2nd VPN passages, is sent to the corresponding mesh of the purpose IP address by the backup controller
Mark server, the 2nd VPN passages be with the VPN passages between the destination server, for the destination server base
In DTLS agreements or the cryptographic keys of ssl protocol, target data is obtained from the message, and the target data is carried out standby
Part;
Wherein, before the backup controller receives message of the mobile terminal by VPN passages transmission, methods described is also wrapped
Include:
The first solicited message that the mobile terminal sends is received, username and password is carried in first solicited message,
For asking to set up a VPN passages;
If find respectively with the user name and the password identical username and password, judge whether the mesh
Mark server, the destination server is server corresponding with the user name;
If finding the destination server, the purpose IP address are sent to the mobile terminal, for the movement
Be encapsulated in the purpose IP address in the message by terminal;
Before first solicited message for receiving the mobile terminal transmission, methods described also includes:
Receive the second solicited message that the destination server sends, carried in second solicited message user name and
The password, for asking to set up the 2nd VPN passages;
If find respectively with the user name and the password identical username and password, be the destination server point
With the purpose IP address, and set up the corresponding relation of the destination server and the user name.
2. data back up method according to claim 1, it is characterised in that methods described also includes:
The destination server is monitored;
If having been disconnected with the communication connection between the destination server, the destination server is deleted with the user name
Corresponding relation, and discharge the purpose IP address.
3. a kind of data back up method, it is characterised in that including:
Mobile terminal sends message by VPN passages to backup controller, wherein, the message is encrypted by DTLS agreements
Message, or the message encrypted by ssl protocol, carry purpose IP address in the message, the purpose IP address are
The backup controller is the private IP address of destination server distribution, so that the backup controller is according to from the message
The purpose IP address for getting, by the message by the VPN passages between the destination server, are sent to described
Destination server, so that the destination server is based on the cryptographic keys of DTLS agreements or ssl protocol, obtains from the message
Target data, and the target data is backed up;
Wherein, before the mobile terminal sends message by VPN passages to backup controller, methods described also includes:
Second solicited message is sent to the backup controller by the VPN passages, is carried in second solicited message
Second user name and the second password, so that second solicited message is transmitted to the destination service by the backup controller
Device;
Receive the destination server find respectively with the second user name and the second password identical user name
After password, the authentication success message returned by the backup controller.
4. data back up method according to claim 3, it is characterised in that the mobile terminal is by VPN passages to standby
Before part controller sends message, methods described also includes:
The first solicited message is sent to the backup controller, first user name and first are carried in first solicited message
Password, for asking to set up the VPN passages;
Receive the backup controller find respectively with the first user name and the first password identical user name
And password, and find with after the first user corresponding destination server of name, the purpose IP address of return.
5. data back up method according to claim 3, it is characterised in that the mobile terminal is by VPN passages to standby
Before part controller sends message, methods described also includes:
Connectivity request message is sent to the backup controller by the VPN passages, is carried in the connectivity request message
Digital certificate, the digital certificate includes issuer information, so that the backup controller turns the connectivity request message
Issue the destination server;
The destination server is received after digital certificate corresponding with the issuer information is found, by the backup
The successful connection information that controller is returned.
6. a kind of data back up method, it is characterised in that including:
Destination server receives the message that backup controller is sent by VPN passages, wherein, the message is by DTLS agreements
The message of encryption, or by ssl protocol encrypt message, the message be mobile terminal by with the backup controller
Between VPN passages be sent to the backup controller, by purpose IP address of the backup controller in the message
The message of forwarding, the purpose IP address are private IP address;
The destination server is based on the cryptographic keys of DTLS agreements or ssl protocol, and target data is obtained from the message, and
The target data is backed up;
Wherein, before the destination server receives the message that backup controller is sent by VPN passages, methods described is also wrapped
Include:
The second solicited message that the backup controller is sent by the VPN passages is received, is taken in second solicited message
The second user name sent with the mobile terminal and the second password;
Find respectively with the second user name and the second password identical username and password after, by described
Backup controller is to the mobile terminal return authentication successful information.
7. data back up method according to claim 6, it is characterised in that the destination server receives backup controller
By the way that before the message that VPN passages send, methods described also includes:
The first solicited message is sent to the backup controller, first user name and first are carried in first solicited message
Password, for asking to set up the VPN passages;
Receive the backup controller find respectively with the first user name and the first password identical user name
After password, the purpose IP address of distribution.
8. data back up method according to claim 6, it is characterised in that the destination server receives backup controller
By the way that before the message that VPN passages send, methods described also includes:
The connectivity request message that the backup controller is sent by the VPN passages is received, is taken in the connectivity request message
Digital certificate with the mobile terminal, the digital certificate includes issuer information;
After digital certificate corresponding with the issuer information is found, by the backup controller to described mobile whole
End returns to successful connection information.
9. a kind of backup controller, it is characterised in that including:
Receiving unit, for receiving the message that mobile terminal is sent by a VPN passages, a VPN passages are and institute
The VPN passages between mobile terminal are stated, wherein, the message that the receiving unit is received is encrypted by DTLS agreements
Message, or the message encrypted by ssl protocol;
Acquiring unit, for obtaining the purpose Internet protocol IP address in the message, the purpose IP address are destination service
The private IP address of device;
Transmitting element, by the 2nd VPN passages, the corresponding target of the purpose IP address is sent to for by the message
Server, the 2nd VPN passages be with the VPN passages between the destination server, so that the destination server is based on
The cryptographic keys of DTLS agreements or ssl protocol, obtain target data from the message, and the target data are carried out standby
Part;
Wherein, the receiving unit is additionally operable to:
Before the message is received, the first solicited message that the mobile terminal sends is received, in first solicited message
Username and password is carried, for asking to set up a VPN passages;
Correspondingly, the backup controller also includes:
Processing unit, for find respectively with the user name and the password identical username and password when, judge
With the presence or absence of the destination server, the destination server is server corresponding with the user name;
Correspondingly, the transmitting element is additionally operable to, and when the destination server is found, the purpose IP address is sent to
The mobile terminal, so that be encapsulated in the purpose IP address in the message by the mobile terminal;
The receiving unit is additionally operable to:
Before first solicited message is received, the second solicited message that the destination server sends, described second are received
The user name and the password are carried in solicited message, for asking to set up the 2nd VPN passages;
Correspondingly, the processing unit is additionally operable to:
Find respectively with the user name and the password identical username and password when, be the destination server point
With the purpose IP address, and set up the corresponding relation of the destination server and the user name.
10. backup controller according to claim 9, it is characterised in that the backup controller also includes:
Monitoring unit, for being monitored to the destination server;
Correspondingly, the processing unit is additionally operable to:
When communication connection between the destination server disconnects, the destination server is deleted right with the user name
Should be related to, and discharge the purpose IP address.
A kind of 11. mobile terminals, it is characterised in that including:
Transmitting element, for sending message to backup controller by VPN passages, wherein, it is described that the transmitting element sends
Message is the message encrypted by DTLS agreements, or the message encrypted by ssl protocol, is carried in the message purposeful
IP address, the purpose IP address are that the backup controller is the private IP address of destination server distribution, for described standby
Part controller according to the purpose IP address got from the message, by the message by with the destination server
Between VPN passages, the destination server is sent to, so that the destination server is based on DTLS agreements or ssl protocol
Cryptographic keys, obtain target data, and the target data is backed up from the message;
Wherein, the transmitting element is additionally operable to:
Before the message is sent, the second solicited message is sent to the backup controller by the VPN passages, described the
Second user name and the second password are carried in two solicited messages, so that the backup controller turns second solicited message
Issue the destination server;
Receiving unit, for receive the destination server find respectively with the second user name and second password
After identical username and password, the authentication success message returned by the backup controller.
12. mobile terminals according to claim 11, it is characterised in that the transmitting element is additionally operable to:
Before the message is sent, the first solicited message is sent to the backup controller, taken in first solicited message
With first user name and first password, for asking to set up the VPN passages;
Correspondingly, the receiving unit, be additionally operable to receive the backup controller find respectively with first user name
With the first password identical username and password, and find and the first user corresponding destination server of name
Afterwards, the purpose IP address of return.
13. mobile terminals according to claim 11, it is characterised in that the transmitting element is additionally operable to:
Before the message is sent, connectivity request message, the company are sent to the backup controller by the VPN passages
Connect and carry digital certificate in solicited message, the digital certificate includes issuer information, so that the backup controller will
The connectivity request message is transmitted to the destination server;
Correspondingly, the receiving unit is additionally operable to:
The destination server is received after digital certificate corresponding with the issuer information is found, by the backup
The successful connection information that controller is returned.
A kind of 14. servers, it is characterised in that including:
Receiving unit, for receiving the message that backup controller is sent by VPN passages, wherein, the receiving unit is received
The message be by DTLS agreements encrypt message, or by ssl protocol encrypt message, the message for movement
Terminal is sent to the backup controller by the VPN passages between the backup controller, by the backup controller root
According to the message that the purpose IP address in the message are forwarded, the purpose IP address are private IP address;
Processing unit, for the cryptographic keys based on DTLS agreements or ssl protocol, obtains target data from the message, and
The target data is backed up;
Wherein, the receiving unit is additionally operable to:
Before the message is received, the second solicited message that the backup controller is sent by the VPN passages, institute are received
State second user name and the second password for carrying that the mobile terminal sends in the second solicited message;
Transmitting element, for find respectively with the second user name and the second password identical username and password
Afterwards, by the backup controller to the mobile terminal return authentication successful information.
15. servers according to claim 14, it is characterised in that the transmitting element is additionally operable in the receiving unit
Before receiving the message, the first solicited message is sent to the backup controller, the is carried in first solicited message
One user name and first password, for asking to set up the VPN passages;
Correspondingly, the receiving unit is additionally operable to:
Receive the backup controller find respectively with the first user name and the first password identical user name
After password, the purpose IP address of distribution.
16. servers according to claim 14, it is characterised in that the receiving unit is additionally operable to:
Before the message is received, the connectivity request message that the backup controller is sent by the VPN passages, institute are received
The digital certificate that the mobile terminal is carried in connectivity request message is stated, the digital certificate includes issuer information;
Correspondingly, the transmitting element is additionally operable to:
After digital certificate corresponding with the issuer information is found, by the backup controller to described mobile whole
End returns to successful connection information.
A kind of 17. data backup systems, it is characterised in that including the backup controller as described in any in claim 9-10,
It is any at least one mobile terminal and at least one such as claim 14-16 as described in any in claim 11-13
Described server;Communicated to connect between the backup controller, the mobile terminal and the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210586229.9A CN103067282B (en) | 2012-12-28 | 2012-12-28 | Data back up method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210586229.9A CN103067282B (en) | 2012-12-28 | 2012-12-28 | Data back up method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067282A CN103067282A (en) | 2013-04-24 |
| CN103067282B true CN103067282B (en) | 2017-07-07 |
Family
ID=48109750
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210586229.9A Active CN103067282B (en) | 2012-12-28 | 2012-12-28 | Data back up method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067282B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018133190A1 (en) | 2017-01-22 | 2018-07-26 | 华为技术有限公司 | Authentication method, mobile terminal, device and system |
| CN108628706B (en) * | 2018-05-02 | 2021-08-17 | 北京新桥信通科技股份有限公司 | Data backup method, device, system and storage medium |
| CN111090547A (en) * | 2019-12-24 | 2020-05-01 | 浙江大华技术股份有限公司 | Data backup processing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101040496A (en) * | 2004-10-19 | 2007-09-19 | 日本电气株式会社 | VPN gateway device and hosting system |
| CN101212374A (en) * | 2006-12-29 | 2008-07-02 | 北大方正集团有限公司 | Method and system for remote access to campus network resources |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4803116B2 (en) * | 2007-05-31 | 2011-10-26 | 富士ゼロックス株式会社 | Virtual network connection device and program |
| CN101778045B (en) * | 2010-01-27 | 2012-07-04 | 成都市华为赛门铁克科技有限公司 | Message transmission method, device and network system |
-
2012
- 2012-12-28 CN CN201210586229.9A patent/CN103067282B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101040496A (en) * | 2004-10-19 | 2007-09-19 | 日本电气株式会社 | VPN gateway device and hosting system |
| CN101212374A (en) * | 2006-12-29 | 2008-07-02 | 北大方正集团有限公司 | Method and system for remote access to campus network resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067282A (en) | 2013-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102801695B (en) | Virtual private network (VPN) communication equipment and data pack transmission method thereof | |
| CN102377629B (en) | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system | |
| JP4407452B2 (en) | Server, VPN client, VPN system, and software | |
| EP3425945B1 (en) | Methods and apparatus for a self-organized layer-2 enterprise network architecture | |
| US20020143960A1 (en) | Virtual network generation system and method | |
| CN104168173B (en) | The method, apparatus and network system of terminal crosses private network and server communication in IMS core net | |
| US20170126623A1 (en) | Protected Subnet Interconnect | |
| US20170201382A1 (en) | Secure Endpoint Devices | |
| CN103188351B (en) | IPSec VPN traffic method for processing business and system under IPv6 environment | |
| TW573412B (en) | Virtual private network | |
| CN103580980A (en) | Automatic searching and automatic configuration method and device of VN | |
| CN106506354B (en) | Message transmission method and device | |
| WO2013166696A1 (en) | Data transmission method, system and device | |
| CN110324227A (en) | Data transmission method and vpn server in a kind of vpn server | |
| CN106878133A (en) | Message forwarding method and device | |
| CN109906625A (en) | The method of the online safety chain layer connection of wireless local area | |
| CN106789476A (en) | A kind of gateway communication method and system | |
| CN107819685A (en) | The method and the network equipment of a kind of data processing | |
| CN103067282B (en) | Data back up method, apparatus and system | |
| CN103731410A (en) | Virtual network building system, virtual network building method, small terminal, and authentication server | |
| CN102932359B (en) | Streaming media service requesting method, device and system | |
| CN108924157B (en) | Message forwarding method and device based on IPSec VPN | |
| CN114629678A (en) | TLS-based intranet penetration method and device | |
| CN103209107A (en) | Method for realizing user access control | |
| CN102904792A (en) | Service carrying method and router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200117 Address after: 056000 south end of Xinming Road, Linmingguan Town, Yongnian District, Handan City, Hebei Province Patentee after: Yuying school, Yongnian District, Handan City Address before: 510000 unit 2414-2416, building, No. five, No. 371, Tianhe District, Guangdong, China Patentee before: GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd. Effective date of registration: 20200117 Address after: 510000 unit 2414-2416, building, No. five, No. 371, Tianhe District, Guangdong, China Patentee after: GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |