CN104811370B - A kind of security instant communication system framework based on mark - Google Patents

A kind of security instant communication system framework based on mark Download PDF

Info

Publication number
CN104811370B
CN104811370B CN201510203774.9A CN201510203774A CN104811370B CN 104811370 B CN104811370 B CN 104811370B CN 201510203774 A CN201510203774 A CN 201510203774A CN 104811370 B CN104811370 B CN 104811370B
Authority
CN
China
Prior art keywords
servers
user
network
routers
mark
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510203774.9A
Other languages
Chinese (zh)
Other versions
CN104811370A (en
Inventor
林皓
高曦
钟力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing VRV Software Corp Ltd
Original Assignee
Beijing VRV Software Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing VRV Software Corp Ltd filed Critical Beijing VRV Software Corp Ltd
Priority to CN201510203774.9A priority Critical patent/CN104811370B/en
Priority to PCT/MY2015/050073 priority patent/WO2016175647A1/en
Publication of CN104811370A publication Critical patent/CN104811370A/en
Application granted granted Critical
Publication of CN104811370B publication Critical patent/CN104811370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of security instant communication system framework based on mark, including IM user, IM servers and IM routers.Wherein, there is each IM user the whole network uniquely to identify UID, and the UID includes the mark HID information of the IM servers of the user's registration;There is every IM server the whole network uniquely to identify HID, they are interconnected to form instant messaging service network, and the instant messaging service of safety is provided for IM user;There is every IM router the whole network uniquely to identify RID, they build route service network, be that the network connection of IM servers carries out the routing addressing of safety.The beneficial effects of the invention are as follows:Provide a kind of brand-new security instant communication network architecture, user can both set privately owned server, public server can be utilized again, the privately owned safety interconnection with public server can also be realized, so as to meet security instant communication demand of the user under different network environments.

Description

A kind of security instant communication system framework based on mark
Technical field
The invention belongs to information technology field, relates to how to establish safety under internet, enterprise network and cloud computing environment Instantaneous communication system, more particularly to for individual, corporations, enterprise or tissue provide it is a set of across heterogeneous networks it is safe i.e. When communication system.
Background technology
Instant messaging(Instant Messaging, are abbreviated as IM)It is sharp between mobile phone, tablet computer and computer user Process is sent and received with what network carried out instant message, can be transmitted the information such as word, picture, sound and video, is interconnection One of very universal and welcome network application of net.Typical IM applications have wechat, QQ, Skype, Tencent leads to and hundred million enterprises are logical Deng, wherein, former three user towards the public, it is rear both towards enterprise or organizing user.
Leading to software using Tencent, enterprise or tissue can easily build oneself internal instantaneous communication system, but Do not account for different enterprises or tissue, enterprise or tissue and public instant messaging interconnect and information security issue.Hundred million enterprises General rule is one and is directed to Mini Tissue or the instant messaging service platform of enterprise, and all enterprises or tissue can be according to predefined Rule is assigned on different instant communication servers;Connection between different server passes through primary, two controls of backup Device is managed;In this way, the user between enterprise or organization internal, different enterprises or tissue, can be on this platform Carry out instant messaging.Mainly also there are following 2 points deficiencies for these systems:
First, the instant communication server that different enterprises or tissue are built, and with public instant communication server, even if Same instantaneous communication system is used, still cannot accomplish to interconnect, this causes the flexibility of group communication to drop significantly It is low, seriously affect the work collaboration efficiency of enterprise or tissue.If using different instantaneous communication systems, between them Just it is more difficult to interconnect, although there are some protocol conversion gateway technologies, can be used to solve the problems, such as this, increase greatly The complexity for having added system to realize, could not reach the target of practical application so far.
2nd, the public instantaneous communication system in existing internet, does not provide safe information storage and transmission clothes to the user Business;Although the instantaneous communication system of enterprise version can provide safe information transmission to the user, without offer local information Secure storage;Moreover, carry out point-to-point or group between enterprise or organizing user and public user, different enterprises or organizing user During group communication, safe information transmission and storage can not be carried out.
The content of the invention
The object of the present invention is to provide one kind under the complex network environments such as internet, corporate intranet and cloud computing platform into Row interconnects and the instantaneous communication system framework of safety, is made of, can be established flexibly " route+service+user " three-decker , safely controllable instant messaging system.
A kind of security instant communication system framework based on mark of the present invention, including IM user, IM servers and IM roads By device.It is specific as follows:
(1)IM user.There is each IM user the whole network uniquely to identify UID, and mark UID includes the user's registration The mark HID information of IM servers, 2 or multiple IM users can pass through the instant messaging that IM servers carry out safety;Mark The mark HID for the IM servers that UID is registered by user's name and user is formed, and the other information of IM user includes:It is the pet name, true Real name, gender, birthday and Quick Response Code etc..
(2)IM servers.There is every IM server the whole network uniquely to identify HID, participate in point-to-point or group communication IM servers where IM user are interconnected to form instant messaging service network, and the Instant Messenger that safety is provided for IM user is convinced Business;The configuration information of IM servers includes:Title, mark HID, description, network address, state, the mark of affiliated IM routers RID and connection relational table etc..
(3)IM routers.There is every IM router the whole network uniquely to identify RID, manage one to multiple IM server, IM Route service network, the mark HID based on IM servers are formed between router, the network connection between IM servers provides The routing addressing service of safety;The configuration information of IM routers includes:Title, mark RID, description, network address, state, institute IM server HID lists, neighbours IM Router Distinguisher RID lists and routing table of management etc..
The effect of the connection relational table of IM servers is:In the connection relational table of every IM server, store and this Platform IM servers had the letter such as title, server identification HID, network address and state of other IM servers of network connection Breath;The information such as the title and network address of the new IM servers returned for IM routers, are verifying that new IM servers are normal After working status, relevant information can be added in connection relational table.
If some IM user initiates point-to-point or group communication, the IM servers where the relevant IM user of session are In the connection relational table of IM servers where initiator IM user, then each IM servers directly establish network connection, without through Cross IM routers.
If some IM user initiates point-to-point or group communication, there are IM servers where the relevant IM user of session not In the connection relational table of IM servers where initiator IM user, then the server submits target IM clothes to affiliated IM routers The concurrent outlets of mark HID of business device are by addressing request;Then IM routers search target IM servers according to routing addressing strategy Network address, the server is returned to after finding.
In the security instant communication system framework proposed by the invention based on mark, IM routers for IM servers into The strategy of row routing addressing is prestissimo preference strategy or shortest path first strategy.
The security instant communication system framework based on mark of the present invention, further comprises information security module, and IM is used Family is to the network connection between IM servers, IM servers and IM servers, the BlueDrama data between IM user, be all by Arrive encipherment protection.Moreover, IM routers also provide safe routing addressing service, the neighborhood between IM routers is true It is fixed, and the IM servers that IM routers are managed with it, it is required to mutually carry out authentication.
Brief description of the drawings
Fig. 1 is the structure diagram of the security instant communication system framework of the present invention.
Fig. 2 is that schematic diagram is disposed in the connection of the security instant communication system framework of the present invention.
Embodiment
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is the structure diagram of the instantaneous communication system framework of the present invention.The system uses three-decker, and bottom is user Layer, is the user of instant messaging service;Intermediate layer is service layer, and instant messaging service is provided for client layer;Top layer is route Layer, the service such as routing addressing is provided for service layer.
First, client layer
I.e. using the level where the user of instant messaging service.After user succeeds to certain IM server registration, just obtain An instant messaging account is obtained, becomes IM user.User can apply for the registration of different accounts on different IM servers, into For different IM users, log in and use in one or more mobile phone, tablet computer or personal computer terminal.
There is each IM user the whole network uniquely to identify UID, and mark UID includes the IM servers of the user's registration HID information is identified, 2 or multiple IM users can carry out the instant messaging of safety by IM servers;UID is identified by user name Claim the mark HID compositions of IM servers registered with user, the other information of IM user includes:The pet name, Real Name, property Not, birthday and Quick Response Code etc..
2nd, service layer
Level i.e. where IM servers.There is every IM server the whole network uniquely to identify HID, participate in point-to-point or group IM servers where the IM user of group communication are interconnected to form instant messaging service network, for IM user provide safety i.e. When communication service;The configuration information of IM servers includes:Title, mark HID, description, network address, state, affiliated IM routes The mark RID of device and connection relational table etc..
IM server sets accessing points, instant messaging application and database can be physical machine and virtual machine in one.Possess The encryption storage of the communication information and access control function.IM user is to the net between IM servers, IM servers and IM servers Network connects, and the BlueDrama data between IM user, are all subject to encipherment protection.Carry out route querying and manage operation Before, IM servers can carry out bidirectional identity authentication with affiliated IM routers.
3rd, routing layer
Level i.e. where IM routers.There is every IM router the whole network uniquely to identify RID, manage one to multiple IM Server, forms route service network, the mark HID based on IM servers, the net between IM servers between IM routers Network connection provides the routing addressing service of safety;The configuration information of IM routers includes:Title, mark RID, description, network Location, state, the IM server HID lists, neighbours IM Router Distinguisher RID lists and the routing table that are managed etc..
Fig. 2 is that schematic diagram is disposed in the connection of the security instant communication system framework of the present invention.
IM routers can be according to the scale of IM servers, the efficiency based on routing addressing, into the netted of plane-parallel layer time Connection, or with different levels tree-shaped connection, to establish the route service network of instant messaging.It is in instantaneous communication system framework Top layer, be responsible for the lower IM servers progress routing addressing of its management.Here, IM routers R1, R2, R3, R4 are until Rm structures Into the route service network of whole instant messaging network.
IM servers are the suppliers of network instant communication service, and each IM servers constitute instant messaging service network, The information exchange of instant messaging is only stored and circulated between IM servers.Every IM server can all have an IM route Device to provide routing addressing service for it.When the IM servers where instant communication initiator IM user do not know target IM user During the network address of the IM servers at place, it can propose network address inquiry request to affiliated IM routers.Here, IM is serviced The affiliated IM routers of device S1 and S3 are R1, and the affiliated IM routers of S2, S6 and S7 are that the affiliated IM routers of R3, S4 and S5 are The affiliated IM routers of R2, S8 are R4, and the affiliated IM routers of Sn are Rm.
IM user is the user of instant messaging service, and each IM user has the IM servers of oneself registering and logging. People in society can apply for the registration of multiple IM users on same or different IM servers, and in same terminal Log in, or logged on different terminals at the same time.Here, the IM user of S1 is U1, U2 and U3, and the IM user of S2 is U4 and U5, S3 IM user be U6, the IM user of S4 is U10, and the IM user of S5 is U7 and U8, and the IM user of S6 is U9.All users may be used To initiate point-to-point or group communication, instant messaging is carried out with the user of desired communication.
Here, we by a typical instant messaging process come the present invention is described in detail.It is assumed that user U1, U2, U3, U4, U5, U6, U7 and U8 are registered and examination & verification passes through.Wherein, user U1, U2 and U3 is registered simultaneously in IM server Ss 1 Log in, user U4 and U5 is registered and logged in IM server Ss 2, and user U6 is registered and logged in IM server Ss 3, user U7 and U8 Register and log in IM server Ss 5.It is assumed that IM server Ss 2 are in the connection relational table in IM server Ss 1(Because for it Instant messaging occurred for preceding S1 and S2, the network address and status information for having S2 in the connection relational table of S1), IM servers S3, S4 and S5 not yet establish a connection with IM server Ss 1.As shown in Fig. 2, comprise the following steps that:
(1)IM user U1 creates a group chat(Group communication), invite IM user U2, U3, U4, U5, U6, U7 and U8 to add Enter;
(2)IM server Ss 1 where U1 find that user U1, U2 and U3 are the users of oneself, and U4, U5, U6, U7 and U8 It is not the user of oneself;
(3)IM server Ss 1 parse the mark UID information of user U4, U5, U6, U7 and U8, have obtained these users and have been noted The title and mark HID of volume and the IM servers logged in, are respectively S2, S3 and S5;
(4)IM server Ss 1 inquire about the connection relational table of oneself, find IM server Ss 2 in the connection relation of oneself In table, network connection then is established with S2, in this way, user U4 and U5 add group chat;
(4)S1 does not know IM server Ss 3 and the network address of S5, and then S1 is sought to affiliated IM routers R1 requests route Location;
(5)R1 inquires about the IM server HID lists oneself managed, it was found that S3 in lists, then returns to S3 to S1 Network address;
(6)S1 establishes network connection, in this way, user U6 adds group chat according to the network address of the S3 of return with S3;
(7)R1 inquires about the neighbours' IM Router Distinguisher RID lists of oneself, proposes to take IM to adjacent IM routers R2 and R3 The addressing request of business device S5;
(8)After IM routers R2 is connected to addressing request, S5 is found in the IM server HID lists oneself managed, in It is the network address that S5 is returned to R1;
(9)R1 returns to the network address of S5 to S1 again, and S1 establishes network with S5 and connect according to the network address of the S5 of return Connect, in this way, user U7 and U8 add group chat;
(10)So far, IM server Ss 1 and IM server Ss 2, S3 and the S5 of all users establish network connection, and route is sought Location is terminated, and group chat successfully creates.

Claims (6)

1. a kind of security instant communication system framework based on mark, including IM user, IM servers and IM routers, its feature It is:
There is each IM user the whole network uniquely to identify UID, and the IM that the mark UID is registered by user's name and user is serviced The mark HID compositions of device, 2 or multiple IM users can pass through the instant messaging that IM servers carry out safety;
The configuration information of IM servers includes title, mark HID, description, network address, state, the mark of affiliated IM routers There is the whole network uniquely to identify HID for RID and connection relational table, every IM server, and each IM servers are interconnected to form immediately Communication service network, provides the instant messaging service of safety for IM user, the information exchange of instant messaging only IM servers it Between stored and circulated;
The configuration information of IM routers includes title, mark RID, description, network address, state, the IM servers HID managed There is the whole network uniquely to identify RID, management one for list, neighbours IM Router Distinguisher RID lists and routing table, every IM router At most platform IM servers, form route service network between IM routers, the mark HID based on IM servers, is IM servers Between network connection provide safety routing addressing service.
2. security instant communication system framework according to claim 1, it is characterised in that the connection relational table is used to deposit Storage had title, mark HID, network address and the status information of other IM servers of network connection with this IM server; The title and network address information of the new IM servers returned for IM routers, are verifying new IM servers for normal work shape After state, relevant information can be added in connection relational table.
3. security instant communication system framework according to claim 1, it is characterised in that when some IM user's initiate point pair When point or group communication, if IM is serviced the IM servers where the relevant IM user of session where initiator IM user In the connection relational table of device, then each IM servers directly establish network connection, need not move through IM routers.
4. security instant communication system framework according to claim 1, it is characterised in that when some IM user's initiate point pair When point or group communication, if the IM servers where the relevant IM user of session, not where initiator IM user, IM is serviced In the connection relational table of device, then the IM servers submit the concurrent outlets of mark HID of target IM servers to affiliated IM routers By addressing request, then according to routing addressing strategy, the network address of lookup target IM servers, returns IM routers after finding Give the IM servers.
5. security instant communication system framework according to claim 1, it is characterised in that the safe instant messaging is Refer to IM user to the network connection between IM servers, IM servers and IM servers, the BlueDrama data between IM user, All it is subject to encipherment protection.
6. security instant communication system framework according to claim 1, it is characterised in that the safe routing addressing clothes Business refers to that the neighborhood between IM routers determines, and the IM servers that IM routers are managed with it, is required to mutually Carry out authentication.
CN201510203774.9A 2015-04-27 2015-04-27 A kind of security instant communication system framework based on mark Active CN104811370B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510203774.9A CN104811370B (en) 2015-04-27 2015-04-27 A kind of security instant communication system framework based on mark
PCT/MY2015/050073 WO2016175647A1 (en) 2015-04-27 2015-07-15 A secured instant messaging (im) system structure based on identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510203774.9A CN104811370B (en) 2015-04-27 2015-04-27 A kind of security instant communication system framework based on mark

Publications (2)

Publication Number Publication Date
CN104811370A CN104811370A (en) 2015-07-29
CN104811370B true CN104811370B (en) 2018-05-08

Family

ID=53695879

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510203774.9A Active CN104811370B (en) 2015-04-27 2015-04-27 A kind of security instant communication system framework based on mark

Country Status (2)

Country Link
CN (1) CN104811370B (en)
WO (1) WO2016175647A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533894B (en) * 2015-09-11 2019-05-21 北京北信源软件股份有限公司 A kind of instant messaging system of completely new safety
CN106101267A (en) * 2016-07-29 2016-11-09 安徽和信科技发展有限责任公司 A kind of File Transfer Crossovers Network Segments system and method
CN107888474A (en) * 2016-09-30 2018-04-06 江苏神州信源系统工程有限公司 A kind of method of controlling security and device for the interconnection of different instantaneous communication systems
CN106789571A (en) * 2016-12-16 2017-05-31 邦彦技术股份有限公司 A kind of cross-domain instant communication method and its system based on IMS architecture
CN109347730A (en) * 2018-12-07 2019-02-15 合肥万户网络技术有限公司 One kind being based on semantic analysis office instant chat platform
CN109639565B (en) * 2018-12-14 2022-02-25 杭州安司源科技有限公司 Decentralized instant messaging multi-service node interconnection and intercommunication system
CN113824628B (en) * 2021-09-30 2023-04-07 传仲智能数字科技(上海)有限公司 User identity authentication method, device, server and storage medium based on IM

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004057831A1 (en) * 2002-12-20 2004-07-08 Koninklijke Philips Electronics N.V. System and method for establishing communication between a client and a server in a heterogenous ip network
CN101227419A (en) * 2007-01-15 2008-07-23 阿里巴巴公司 Instant communication processing system and method
CN102035655A (en) * 2009-09-30 2011-04-27 中兴通讯股份有限公司 Implementation method for end-to-end instant messaging, and end-to-end instant messaging terminal and system
CN102546646A (en) * 2012-01-17 2012-07-04 深圳市乐唯科技开发有限公司 System and method for realizing voice talkback function
CN103457828A (en) * 2012-06-05 2013-12-18 深圳中兴网信科技有限公司 Method and system for cross-website instant messaging

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002171286A (en) * 2000-12-01 2002-06-14 Jepro:Kk Network system and internet communication management method
CN101292478A (en) * 2005-10-07 2008-10-22 雅虎公司 Instant messaging interoperability between disparate service providers
JP2009288894A (en) * 2008-05-27 2009-12-10 Nippon Telegr & Teleph Corp <Ntt> Im client device, im server, im system and method
CN102571591B (en) * 2012-01-18 2014-09-17 中国人民解放军国防科学技术大学 Method, edge router and system for realizing marked network communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004057831A1 (en) * 2002-12-20 2004-07-08 Koninklijke Philips Electronics N.V. System and method for establishing communication between a client and a server in a heterogenous ip network
CN101227419A (en) * 2007-01-15 2008-07-23 阿里巴巴公司 Instant communication processing system and method
CN102035655A (en) * 2009-09-30 2011-04-27 中兴通讯股份有限公司 Implementation method for end-to-end instant messaging, and end-to-end instant messaging terminal and system
CN102546646A (en) * 2012-01-17 2012-07-04 深圳市乐唯科技开发有限公司 System and method for realizing voice talkback function
CN103457828A (en) * 2012-06-05 2013-12-18 深圳中兴网信科技有限公司 Method and system for cross-website instant messaging

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
TeamTalk服务器的学习1;茄子船长;《程序园》;20150310;正文第1-3页 *
TeamTalk服务端分析一、编译;zhyh;《蓝狐》;20141126;正文第1-3页 *

Also Published As

Publication number Publication date
CN104811370A (en) 2015-07-29
WO2016175647A1 (en) 2016-11-03

Similar Documents

Publication Publication Date Title
CN104811370B (en) A kind of security instant communication system framework based on mark
CN104811371B (en) A kind of brand-new instantaneous communication system
CN104158818B (en) A kind of single-point logging method and system
JP5451901B2 (en) Method and system for accessing network with public facilities
CN104821908B (en) Support the special instant communicating method and system for enjoying service
CN102244845B (en) The method of access IM operation system storage server and IM operation system
WO2009074037A1 (en) An instant communication method, device and system
CN105072093A (en) Interconnection device and method used for IM system
US9525848B2 (en) Domain trusted video network
CN101867589B (en) Network identification authentication server and authentication method and system thereof
CN103347087B (en) The service registry of a kind of structural P 2 P and UDDI and lookup method and system
CN103428041B (en) A kind of end-to-end flux content detection system and detection method based on cloud
CN106533894B (en) A kind of instant messaging system of completely new safety
JP2013517716A5 (en)
CN106060097B (en) A kind of management system and management method of information security contest
CN102868716A (en) Searching method, system and search server for contact path
CN104836734B (en) A kind of brand-new instant messaging method for routing and router
JP5451902B2 (en) Network access method and system in public facilities
CN104811379A (en) Router addressing method for instant communication server interoperability
JP5451903B2 (en) Method and system for accessing a network in a public facility
CN107231454A (en) The method and device of domain name high-volume asynchronous query
CN104125310B (en) Message method based on semi-permanent address
JP2013504828A (en) ICP website login method, system and login device for user in ID / locator separation network
JP5190921B2 (en) Community communication network, communication control method, community management server, community management method, and program
TWI295132B (en)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant