CN104811370B - A kind of security instant communication system framework based on mark - Google Patents
A kind of security instant communication system framework based on mark Download PDFInfo
- Publication number
- CN104811370B CN104811370B CN201510203774.9A CN201510203774A CN104811370B CN 104811370 B CN104811370 B CN 104811370B CN 201510203774 A CN201510203774 A CN 201510203774A CN 104811370 B CN104811370 B CN 104811370B
- Authority
- CN
- China
- Prior art keywords
- servers
- user
- network
- routers
- mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of security instant communication system framework based on mark, including IM user, IM servers and IM routers.Wherein, there is each IM user the whole network uniquely to identify UID, and the UID includes the mark HID information of the IM servers of the user's registration;There is every IM server the whole network uniquely to identify HID, they are interconnected to form instant messaging service network, and the instant messaging service of safety is provided for IM user;There is every IM router the whole network uniquely to identify RID, they build route service network, be that the network connection of IM servers carries out the routing addressing of safety.The beneficial effects of the invention are as follows:Provide a kind of brand-new security instant communication network architecture, user can both set privately owned server, public server can be utilized again, the privately owned safety interconnection with public server can also be realized, so as to meet security instant communication demand of the user under different network environments.
Description
Technical field
The invention belongs to information technology field, relates to how to establish safety under internet, enterprise network and cloud computing environment
Instantaneous communication system, more particularly to for individual, corporations, enterprise or tissue provide it is a set of across heterogeneous networks it is safe i.e.
When communication system.
Background technology
Instant messaging(Instant Messaging, are abbreviated as IM)It is sharp between mobile phone, tablet computer and computer user
Process is sent and received with what network carried out instant message, can be transmitted the information such as word, picture, sound and video, is interconnection
One of very universal and welcome network application of net.Typical IM applications have wechat, QQ, Skype, Tencent leads to and hundred million enterprises are logical
Deng, wherein, former three user towards the public, it is rear both towards enterprise or organizing user.
Leading to software using Tencent, enterprise or tissue can easily build oneself internal instantaneous communication system, but
Do not account for different enterprises or tissue, enterprise or tissue and public instant messaging interconnect and information security issue.Hundred million enterprises
General rule is one and is directed to Mini Tissue or the instant messaging service platform of enterprise, and all enterprises or tissue can be according to predefined
Rule is assigned on different instant communication servers;Connection between different server passes through primary, two controls of backup
Device is managed;In this way, the user between enterprise or organization internal, different enterprises or tissue, can be on this platform
Carry out instant messaging.Mainly also there are following 2 points deficiencies for these systems:
First, the instant communication server that different enterprises or tissue are built, and with public instant communication server, even if
Same instantaneous communication system is used, still cannot accomplish to interconnect, this causes the flexibility of group communication to drop significantly
It is low, seriously affect the work collaboration efficiency of enterprise or tissue.If using different instantaneous communication systems, between them
Just it is more difficult to interconnect, although there are some protocol conversion gateway technologies, can be used to solve the problems, such as this, increase greatly
The complexity for having added system to realize, could not reach the target of practical application so far.
2nd, the public instantaneous communication system in existing internet, does not provide safe information storage and transmission clothes to the user
Business;Although the instantaneous communication system of enterprise version can provide safe information transmission to the user, without offer local information
Secure storage;Moreover, carry out point-to-point or group between enterprise or organizing user and public user, different enterprises or organizing user
During group communication, safe information transmission and storage can not be carried out.
The content of the invention
The object of the present invention is to provide one kind under the complex network environments such as internet, corporate intranet and cloud computing platform into
Row interconnects and the instantaneous communication system framework of safety, is made of, can be established flexibly " route+service+user " three-decker
, safely controllable instant messaging system.
A kind of security instant communication system framework based on mark of the present invention, including IM user, IM servers and IM roads
By device.It is specific as follows:
(1)IM user.There is each IM user the whole network uniquely to identify UID, and mark UID includes the user's registration
The mark HID information of IM servers, 2 or multiple IM users can pass through the instant messaging that IM servers carry out safety;Mark
The mark HID for the IM servers that UID is registered by user's name and user is formed, and the other information of IM user includes:It is the pet name, true
Real name, gender, birthday and Quick Response Code etc..
(2)IM servers.There is every IM server the whole network uniquely to identify HID, participate in point-to-point or group communication
IM servers where IM user are interconnected to form instant messaging service network, and the Instant Messenger that safety is provided for IM user is convinced
Business;The configuration information of IM servers includes:Title, mark HID, description, network address, state, the mark of affiliated IM routers
RID and connection relational table etc..
(3)IM routers.There is every IM router the whole network uniquely to identify RID, manage one to multiple IM server, IM
Route service network, the mark HID based on IM servers are formed between router, the network connection between IM servers provides
The routing addressing service of safety;The configuration information of IM routers includes:Title, mark RID, description, network address, state, institute
IM server HID lists, neighbours IM Router Distinguisher RID lists and routing table of management etc..
The effect of the connection relational table of IM servers is:In the connection relational table of every IM server, store and this
Platform IM servers had the letter such as title, server identification HID, network address and state of other IM servers of network connection
Breath;The information such as the title and network address of the new IM servers returned for IM routers, are verifying that new IM servers are normal
After working status, relevant information can be added in connection relational table.
If some IM user initiates point-to-point or group communication, the IM servers where the relevant IM user of session are
In the connection relational table of IM servers where initiator IM user, then each IM servers directly establish network connection, without through
Cross IM routers.
If some IM user initiates point-to-point or group communication, there are IM servers where the relevant IM user of session not
In the connection relational table of IM servers where initiator IM user, then the server submits target IM clothes to affiliated IM routers
The concurrent outlets of mark HID of business device are by addressing request;Then IM routers search target IM servers according to routing addressing strategy
Network address, the server is returned to after finding.
In the security instant communication system framework proposed by the invention based on mark, IM routers for IM servers into
The strategy of row routing addressing is prestissimo preference strategy or shortest path first strategy.
The security instant communication system framework based on mark of the present invention, further comprises information security module, and IM is used
Family is to the network connection between IM servers, IM servers and IM servers, the BlueDrama data between IM user, be all by
Arrive encipherment protection.Moreover, IM routers also provide safe routing addressing service, the neighborhood between IM routers is true
It is fixed, and the IM servers that IM routers are managed with it, it is required to mutually carry out authentication.
Brief description of the drawings
Fig. 1 is the structure diagram of the security instant communication system framework of the present invention.
Fig. 2 is that schematic diagram is disposed in the connection of the security instant communication system framework of the present invention.
Embodiment
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is the structure diagram of the instantaneous communication system framework of the present invention.The system uses three-decker, and bottom is user
Layer, is the user of instant messaging service;Intermediate layer is service layer, and instant messaging service is provided for client layer;Top layer is route
Layer, the service such as routing addressing is provided for service layer.
First, client layer
I.e. using the level where the user of instant messaging service.After user succeeds to certain IM server registration, just obtain
An instant messaging account is obtained, becomes IM user.User can apply for the registration of different accounts on different IM servers, into
For different IM users, log in and use in one or more mobile phone, tablet computer or personal computer terminal.
There is each IM user the whole network uniquely to identify UID, and mark UID includes the IM servers of the user's registration
HID information is identified, 2 or multiple IM users can carry out the instant messaging of safety by IM servers;UID is identified by user name
Claim the mark HID compositions of IM servers registered with user, the other information of IM user includes:The pet name, Real Name, property
Not, birthday and Quick Response Code etc..
2nd, service layer
Level i.e. where IM servers.There is every IM server the whole network uniquely to identify HID, participate in point-to-point or group
IM servers where the IM user of group communication are interconnected to form instant messaging service network, for IM user provide safety i.e.
When communication service;The configuration information of IM servers includes:Title, mark HID, description, network address, state, affiliated IM routes
The mark RID of device and connection relational table etc..
IM server sets accessing points, instant messaging application and database can be physical machine and virtual machine in one.Possess
The encryption storage of the communication information and access control function.IM user is to the net between IM servers, IM servers and IM servers
Network connects, and the BlueDrama data between IM user, are all subject to encipherment protection.Carry out route querying and manage operation
Before, IM servers can carry out bidirectional identity authentication with affiliated IM routers.
3rd, routing layer
Level i.e. where IM routers.There is every IM router the whole network uniquely to identify RID, manage one to multiple IM
Server, forms route service network, the mark HID based on IM servers, the net between IM servers between IM routers
Network connection provides the routing addressing service of safety;The configuration information of IM routers includes:Title, mark RID, description, network
Location, state, the IM server HID lists, neighbours IM Router Distinguisher RID lists and the routing table that are managed etc..
Fig. 2 is that schematic diagram is disposed in the connection of the security instant communication system framework of the present invention.
IM routers can be according to the scale of IM servers, the efficiency based on routing addressing, into the netted of plane-parallel layer time
Connection, or with different levels tree-shaped connection, to establish the route service network of instant messaging.It is in instantaneous communication system framework
Top layer, be responsible for the lower IM servers progress routing addressing of its management.Here, IM routers R1, R2, R3, R4 are until Rm structures
Into the route service network of whole instant messaging network.
IM servers are the suppliers of network instant communication service, and each IM servers constitute instant messaging service network,
The information exchange of instant messaging is only stored and circulated between IM servers.Every IM server can all have an IM route
Device to provide routing addressing service for it.When the IM servers where instant communication initiator IM user do not know target IM user
During the network address of the IM servers at place, it can propose network address inquiry request to affiliated IM routers.Here, IM is serviced
The affiliated IM routers of device S1 and S3 are R1, and the affiliated IM routers of S2, S6 and S7 are that the affiliated IM routers of R3, S4 and S5 are
The affiliated IM routers of R2, S8 are R4, and the affiliated IM routers of Sn are Rm.
IM user is the user of instant messaging service, and each IM user has the IM servers of oneself registering and logging.
People in society can apply for the registration of multiple IM users on same or different IM servers, and in same terminal
Log in, or logged on different terminals at the same time.Here, the IM user of S1 is U1, U2 and U3, and the IM user of S2 is U4 and U5, S3
IM user be U6, the IM user of S4 is U10, and the IM user of S5 is U7 and U8, and the IM user of S6 is U9.All users may be used
To initiate point-to-point or group communication, instant messaging is carried out with the user of desired communication.
Here, we by a typical instant messaging process come the present invention is described in detail.It is assumed that user U1,
U2, U3, U4, U5, U6, U7 and U8 are registered and examination & verification passes through.Wherein, user U1, U2 and U3 is registered simultaneously in IM server Ss 1
Log in, user U4 and U5 is registered and logged in IM server Ss 2, and user U6 is registered and logged in IM server Ss 3, user U7 and U8
Register and log in IM server Ss 5.It is assumed that IM server Ss 2 are in the connection relational table in IM server Ss 1(Because for it
Instant messaging occurred for preceding S1 and S2, the network address and status information for having S2 in the connection relational table of S1), IM servers
S3, S4 and S5 not yet establish a connection with IM server Ss 1.As shown in Fig. 2, comprise the following steps that:
(1)IM user U1 creates a group chat(Group communication), invite IM user U2, U3, U4, U5, U6, U7 and U8 to add
Enter;
(2)IM server Ss 1 where U1 find that user U1, U2 and U3 are the users of oneself, and U4, U5, U6, U7 and U8
It is not the user of oneself;
(3)IM server Ss 1 parse the mark UID information of user U4, U5, U6, U7 and U8, have obtained these users and have been noted
The title and mark HID of volume and the IM servers logged in, are respectively S2, S3 and S5;
(4)IM server Ss 1 inquire about the connection relational table of oneself, find IM server Ss 2 in the connection relation of oneself
In table, network connection then is established with S2, in this way, user U4 and U5 add group chat;
(4)S1 does not know IM server Ss 3 and the network address of S5, and then S1 is sought to affiliated IM routers R1 requests route
Location;
(5)R1 inquires about the IM server HID lists oneself managed, it was found that S3 in lists, then returns to S3 to S1
Network address;
(6)S1 establishes network connection, in this way, user U6 adds group chat according to the network address of the S3 of return with S3;
(7)R1 inquires about the neighbours' IM Router Distinguisher RID lists of oneself, proposes to take IM to adjacent IM routers R2 and R3
The addressing request of business device S5;
(8)After IM routers R2 is connected to addressing request, S5 is found in the IM server HID lists oneself managed, in
It is the network address that S5 is returned to R1;
(9)R1 returns to the network address of S5 to S1 again, and S1 establishes network with S5 and connect according to the network address of the S5 of return
Connect, in this way, user U7 and U8 add group chat;
(10)So far, IM server Ss 1 and IM server Ss 2, S3 and the S5 of all users establish network connection, and route is sought
Location is terminated, and group chat successfully creates.
Claims (6)
1. a kind of security instant communication system framework based on mark, including IM user, IM servers and IM routers, its feature
It is:
There is each IM user the whole network uniquely to identify UID, and the IM that the mark UID is registered by user's name and user is serviced
The mark HID compositions of device, 2 or multiple IM users can pass through the instant messaging that IM servers carry out safety;
The configuration information of IM servers includes title, mark HID, description, network address, state, the mark of affiliated IM routers
There is the whole network uniquely to identify HID for RID and connection relational table, every IM server, and each IM servers are interconnected to form immediately
Communication service network, provides the instant messaging service of safety for IM user, the information exchange of instant messaging only IM servers it
Between stored and circulated;
The configuration information of IM routers includes title, mark RID, description, network address, state, the IM servers HID managed
There is the whole network uniquely to identify RID, management one for list, neighbours IM Router Distinguisher RID lists and routing table, every IM router
At most platform IM servers, form route service network between IM routers, the mark HID based on IM servers, is IM servers
Between network connection provide safety routing addressing service.
2. security instant communication system framework according to claim 1, it is characterised in that the connection relational table is used to deposit
Storage had title, mark HID, network address and the status information of other IM servers of network connection with this IM server;
The title and network address information of the new IM servers returned for IM routers, are verifying new IM servers for normal work shape
After state, relevant information can be added in connection relational table.
3. security instant communication system framework according to claim 1, it is characterised in that when some IM user's initiate point pair
When point or group communication, if IM is serviced the IM servers where the relevant IM user of session where initiator IM user
In the connection relational table of device, then each IM servers directly establish network connection, need not move through IM routers.
4. security instant communication system framework according to claim 1, it is characterised in that when some IM user's initiate point pair
When point or group communication, if the IM servers where the relevant IM user of session, not where initiator IM user, IM is serviced
In the connection relational table of device, then the IM servers submit the concurrent outlets of mark HID of target IM servers to affiliated IM routers
By addressing request, then according to routing addressing strategy, the network address of lookup target IM servers, returns IM routers after finding
Give the IM servers.
5. security instant communication system framework according to claim 1, it is characterised in that the safe instant messaging is
Refer to IM user to the network connection between IM servers, IM servers and IM servers, the BlueDrama data between IM user,
All it is subject to encipherment protection.
6. security instant communication system framework according to claim 1, it is characterised in that the safe routing addressing clothes
Business refers to that the neighborhood between IM routers determines, and the IM servers that IM routers are managed with it, is required to mutually
Carry out authentication.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510203774.9A CN104811370B (en) | 2015-04-27 | 2015-04-27 | A kind of security instant communication system framework based on mark |
PCT/MY2015/050073 WO2016175647A1 (en) | 2015-04-27 | 2015-07-15 | A secured instant messaging (im) system structure based on identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510203774.9A CN104811370B (en) | 2015-04-27 | 2015-04-27 | A kind of security instant communication system framework based on mark |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104811370A CN104811370A (en) | 2015-07-29 |
CN104811370B true CN104811370B (en) | 2018-05-08 |
Family
ID=53695879
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510203774.9A Active CN104811370B (en) | 2015-04-27 | 2015-04-27 | A kind of security instant communication system framework based on mark |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104811370B (en) |
WO (1) | WO2016175647A1 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106533894B (en) * | 2015-09-11 | 2019-05-21 | 北京北信源软件股份有限公司 | A kind of instant messaging system of completely new safety |
CN106101267A (en) * | 2016-07-29 | 2016-11-09 | 安徽和信科技发展有限责任公司 | A kind of File Transfer Crossovers Network Segments system and method |
CN107888474A (en) * | 2016-09-30 | 2018-04-06 | 江苏神州信源系统工程有限公司 | A kind of method of controlling security and device for the interconnection of different instantaneous communication systems |
CN106789571A (en) * | 2016-12-16 | 2017-05-31 | 邦彦技术股份有限公司 | A kind of cross-domain instant communication method and its system based on IMS architecture |
CN109347730A (en) * | 2018-12-07 | 2019-02-15 | 合肥万户网络技术有限公司 | One kind being based on semantic analysis office instant chat platform |
CN109639565B (en) * | 2018-12-14 | 2022-02-25 | 杭州安司源科技有限公司 | Decentralized instant messaging multi-service node interconnection and intercommunication system |
CN113824628B (en) * | 2021-09-30 | 2023-04-07 | 传仲智能数字科技(上海)有限公司 | User identity authentication method, device, server and storage medium based on IM |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004057831A1 (en) * | 2002-12-20 | 2004-07-08 | Koninklijke Philips Electronics N.V. | System and method for establishing communication between a client and a server in a heterogenous ip network |
CN101227419A (en) * | 2007-01-15 | 2008-07-23 | 阿里巴巴公司 | Instant communication processing system and method |
CN102035655A (en) * | 2009-09-30 | 2011-04-27 | 中兴通讯股份有限公司 | Implementation method for end-to-end instant messaging, and end-to-end instant messaging terminal and system |
CN102546646A (en) * | 2012-01-17 | 2012-07-04 | 深圳市乐唯科技开发有限公司 | System and method for realizing voice talkback function |
CN103457828A (en) * | 2012-06-05 | 2013-12-18 | 深圳中兴网信科技有限公司 | Method and system for cross-website instant messaging |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002171286A (en) * | 2000-12-01 | 2002-06-14 | Jepro:Kk | Network system and internet communication management method |
CN101292478A (en) * | 2005-10-07 | 2008-10-22 | 雅虎公司 | Instant messaging interoperability between disparate service providers |
JP2009288894A (en) * | 2008-05-27 | 2009-12-10 | Nippon Telegr & Teleph Corp <Ntt> | Im client device, im server, im system and method |
CN102571591B (en) * | 2012-01-18 | 2014-09-17 | 中国人民解放军国防科学技术大学 | Method, edge router and system for realizing marked network communication |
-
2015
- 2015-04-27 CN CN201510203774.9A patent/CN104811370B/en active Active
- 2015-07-15 WO PCT/MY2015/050073 patent/WO2016175647A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004057831A1 (en) * | 2002-12-20 | 2004-07-08 | Koninklijke Philips Electronics N.V. | System and method for establishing communication between a client and a server in a heterogenous ip network |
CN101227419A (en) * | 2007-01-15 | 2008-07-23 | 阿里巴巴公司 | Instant communication processing system and method |
CN102035655A (en) * | 2009-09-30 | 2011-04-27 | 中兴通讯股份有限公司 | Implementation method for end-to-end instant messaging, and end-to-end instant messaging terminal and system |
CN102546646A (en) * | 2012-01-17 | 2012-07-04 | 深圳市乐唯科技开发有限公司 | System and method for realizing voice talkback function |
CN103457828A (en) * | 2012-06-05 | 2013-12-18 | 深圳中兴网信科技有限公司 | Method and system for cross-website instant messaging |
Non-Patent Citations (2)
Title |
---|
TeamTalk服务器的学习1;茄子船长;《程序园》;20150310;正文第1-3页 * |
TeamTalk服务端分析一、编译;zhyh;《蓝狐》;20141126;正文第1-3页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104811370A (en) | 2015-07-29 |
WO2016175647A1 (en) | 2016-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104811370B (en) | A kind of security instant communication system framework based on mark | |
CN104811371B (en) | A kind of brand-new instantaneous communication system | |
CN104158818B (en) | A kind of single-point logging method and system | |
JP5451901B2 (en) | Method and system for accessing network with public facilities | |
CN104821908B (en) | Support the special instant communicating method and system for enjoying service | |
CN102244845B (en) | The method of access IM operation system storage server and IM operation system | |
WO2009074037A1 (en) | An instant communication method, device and system | |
CN105072093A (en) | Interconnection device and method used for IM system | |
US9525848B2 (en) | Domain trusted video network | |
CN101867589B (en) | Network identification authentication server and authentication method and system thereof | |
CN103347087B (en) | The service registry of a kind of structural P 2 P and UDDI and lookup method and system | |
CN103428041B (en) | A kind of end-to-end flux content detection system and detection method based on cloud | |
CN106533894B (en) | A kind of instant messaging system of completely new safety | |
JP2013517716A5 (en) | ||
CN106060097B (en) | A kind of management system and management method of information security contest | |
CN102868716A (en) | Searching method, system and search server for contact path | |
CN104836734B (en) | A kind of brand-new instant messaging method for routing and router | |
JP5451902B2 (en) | Network access method and system in public facilities | |
CN104811379A (en) | Router addressing method for instant communication server interoperability | |
JP5451903B2 (en) | Method and system for accessing a network in a public facility | |
CN107231454A (en) | The method and device of domain name high-volume asynchronous query | |
CN104125310B (en) | Message method based on semi-permanent address | |
JP2013504828A (en) | ICP website login method, system and login device for user in ID / locator separation network | |
JP5190921B2 (en) | Community communication network, communication control method, community management server, community management method, and program | |
TWI295132B (en) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |