CN105991642B - Utilize the method for publicly-owned cloud network, privately owned cloud routing server and intelligent apparatus client - Google Patents
Utilize the method for publicly-owned cloud network, privately owned cloud routing server and intelligent apparatus client Download PDFInfo
- Publication number
- CN105991642B CN105991642B CN201510487059.2A CN201510487059A CN105991642B CN 105991642 B CN105991642 B CN 105991642B CN 201510487059 A CN201510487059 A CN 201510487059A CN 105991642 B CN105991642 B CN 105991642B
- Authority
- CN
- China
- Prior art keywords
- privately owned
- routing server
- intelligent apparatus
- owned cloud
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention proposes a kind of method using publicly-owned cloud network.This method, which is contained in a client server relationship, sets a privately owned cloud routing server and intelligent apparatus client.The privately owned cloud routing server includes one first message box.The intelligent apparatus client includes one second message box.First and second message box is located in the publicly-owned cloud network.This method is also contained in the conversational message that a secured fashion transmits a verifying between the first message box and the second message box.The intelligent apparatus client can mutually be communicated with the privately owned cloud routing server after the verifying for providing safety.This method, which is also contained in client server relationship, sets another intelligent apparatus client and the privately owned cloud routing server.Two intelligent apparatus clients can be via the public cloud network with carrying out secret mutually and communication safely.
Description
Technical field
The present invention is about network connection (networking) in general, is about privately owned cloud network more specifically
Use.
Background technique
In internet JA(junction ambient), comprising smart phone, tablet computer, electronic book reading machine (eBook reader),
Intelligent apparatus client (Smart including laptop, PC (PC) and various intelligent devices (gadget)
Device Client) be widely used it is (ubiquitous) and ubiquitous (omnipresent).Except connectivity
(connectivity) except, one of the value of intelligent apparatus client is to be attached whenever and wherever possible from one
Or multiple service sides or server capture service.These services include audio, video content, real-time or archive information, Yi Jiying
(messaging), Email, storage, backup, calendar, telephone directory are transmitted with the execution of program, Social Media, message
(contact), synchronization, sharing, remote desktop (remote desktop), Internet of Things (Internet of Things;IoT).
Other services include, between at least two intelligent apparatus clients, instant, secret and safety video, audio, text and application
Program communication, this is main target of the invention.Have different types of server servo from intelligent apparatus client these
Difference request service.In general, the server of these types can be classified into following two groups: public cloud and private clound
End.Belong to the server in public cloud, as its name suggests, often free but function is limited or charges and has for provided service
There is more complicated service, and is interacted with public masses.The example of public cloud server include data center via internet,
Social Media service and storage/content supplier.On the other hand, the server for belonging to privately owned cloud often solves private need
It asks.With service provided by public cloud on the contrary, servicing more privatization and secret (personal) provided by privately owned cloud.
One example of the application of privately owned cloud server (private cloud server) is a privately owned cloud storage clothes
Be engaged in device (private cloud storage server;PCSS).Privately owned cloud storage server is located to be managed by user
Local area network (local area network;LAN in), in the local area network or Wide Area Network (wide area
network;WAN the user in) provides (on-line) and standby (backup) storage on line.User is able to use one
Intelligent apparatus client accesses the information in privately owned cloud storage server whenever and wherever possible.Therefore, privately owned cloud storage server
And associated intelligent apparatus client forms an example of privately owned cloud server and client framework.
It traditionally, (include Network Attached Storage (network attached there are many storage server solutions
storage;NAS), Windows/Mac/Linux server and directly attached storage (direct attached
storage;DAS)) to meet the requirement of privately owned cloud storage server.But in this field for intelligent apparatus client
Challenge is always how to avoid accessing one to penetrate the subsequent firewall of router in (penetrate) local area network
Cumbersome (cumbersome) setting that privately owned cloud storage server in front yard or working environment is carried out.At least for this challenge
There are four kinds of solutions.
A solution be assigned for the router before privately owned cloud storage server (assign) one it is fixed because
The special fidonetFido address (IP) and opening (open) certain port (port) so that intelligent apparatus client can from local area network it
The privately owned cloud storage server of outer positioning and can self-authentication (authenticate), firewall-penetrating and with privately owned cloud
Storage server establishes the communication channel of a safety.
When second of solution is suitable for being unable to get a fixed Internet Protocol address.User configures private clound
It holds the local area network router of storage server and open certain port is to map to privately owned cloud storage server.Therefore, energy
Enough intelligent apparatus clients by expection (intended) are (dynamic via the dynamic Domain Name System (DNS) on Wide Area Network
State Domain Name System (DDNS)) service positions router.Intelligent apparatus client can self-authentication, firewall-penetrating and with
Privately owned cloud storage server establishes the communication channel of a safety.
The third solution be carried out by another routing server in Wide Area Network intelligent apparatus client with
Virtual private networks (virtual private network between privately owned cloud storage server;VPN it) communicates.It is virtual privately owned
Network communication enable intelligent apparatus client position privately owned cloud storage server, self-authentication, firewall-penetrating and with
Privately owned cloud storage server establishes the communication channel of a safety.
4th kind of solution be carried out by another routing server in Wide Area Network intelligent apparatus client with
Remote desktop agreement (remote desktop protocol between privately owned cloud storage server;) or Virtual Networking Computing RDP
(virtual network computing;VNC it) communicates.Remote desktop agreement/Virtual Networking Computing communication is so that intelligent apparatus
Client can position privately owned cloud storage server, self-authentication, firewall-penetrating and build with privately owned cloud storage server
The communication channel of a vertical safety.Other solutions can be as the mix and match of above-mentioned solution.
In the first situation, needs a fixed Internet Protocol address and need to be arranged and configure router.It is unfavorable
Be in higher in a fixed Internet Protocol cost and can not usually be obtained in family and small corporate environment.Router
Setting and configuration may be extremely complex and have user's compatibility (user- for most consumers
friendly)。
In second of situation, needs a dynamic Domain Name System service and router needs more complicated settings.
Equally, dynamic Domain Name System is arranged so that the system cost is higher and more complicated.Router setting and configuration may be non-
It is often complicated and do not have user's compatibility for most consumers.
In third and fourth kind situation, need to establish an external routes server or service, without carrying out one
Router setting.External routes server or service are for controlling and handling the login between intelligent apparatus client and server
(login)/verifying.Individual's property in privately owned cloud and safety can be reduced due to public cloud type server or service.If should
Server or service are broken down (down) for any reason, then can jeopardize (jeopardize) privately owned cloud storage server
Communication and availability.
All these situations all need the technology of profession, this is likely to be suited for traditional company's environment, but these situations are not
(centric deployment) is disposed at intelligent apparatus client center suitable for satisfying the needs of consumers.
In most of legacy systems, during accessing privately owned cloud server, intelligent apparatus client be will use outside one
Portion or public cloud type routing server.It can be caused to the intelligent apparatus client owner using an external server all scrupulous
(concern)。
Firstly, trust there is always query, is because all logical between intelligent apparatus client and privately owned cloud server
In news transaction (transaction), the routing server of external or public cloud type is always an intermediate
(middleman).Its all user's account information that can hold intelligent apparatus client and privately owned cloud server, password with
And its corresponding Internet Protocol address.Routing server can monitor the communication of any centre (sniff) and become it not
Safety.
Second, as an outside and public cloud type routing server, the business prototype of owner may not be always
It is consistent with the intelligent apparatus client owner or synchronous.If routing server is out of service because of any business reason, do not deposit
Restore to service in any means to save the situation (remedy) or replacement (replacement) option.Routing server is potentially given
User causes a huge commercial risks, is because the important link (link) in communication may be damaged but without recourse
(recourse)。
Traditionally, for the communication between two intelligent apparatus clients, both sides all must be in a public cloud type clothes
Business device is signed to reach instant video, audio, text or application program communication.It as described above, must based on above-mentioned communication
The fact that must pass through a public cloud type server, privacy and safety will compromise easily.
Therefore, it is necessary to a kind of system and methods to solve the above problems.The present invention meets such needs.
Summary of the invention
The present invention proposes a kind of method using publicly-owned cloud network (public cloud network).This method includes
It is arranged to a master-slave relationship at least one privately owned cloud routing server by this and at least one intelligent apparatus client.It should
At least one privately owned cloud routing server includes one first message box associated there.The first message box is arranged at this
Publicly-owned cloud network.At least one intelligent apparatus client includes one second message box associated there.This method is also wrapped
Contained in the conversational message for transmitting a verifying between the first message box and the second message box with a secured fashion.The meeting
Words formula message is by the privately owned cloud routing server and an at least intelligent apparatus client validation.The intelligent apparatus client
It can mutually be communicated after the conversational message is verified with the privately owned cloud routing server.Then at least one privately owned cloud
Routing server is by intelligent apparatus client and by the publicly-owned cloud network and based on the conversational message after the verifying
Safe and receivable ground.This method, which is also contained in a master-slave relationship, sets another intelligent apparatus client and the privately owned cloud road
By server.At least two intelligent apparatus clients and the privately owned cloud routing server can be tested in the conversational message
It communicates with each other after card.At least two intelligent apparatus clients can via the public cloud network with carrying out secret mutually and
Communication safely.
Detailed description of the invention
For the above objects, features and advantages of the present invention can be clearer and more comprehensible, below in conjunction with attached drawing to tool of the invention
Body embodiment elaborates, in which:
Figure 1A is for the block diagram of a traditional cloud network infrastructure development (infrastructure);
Figure 1B is for according to the block diagram of a cloud network infrastructure of an embodiment;
Fig. 2 show can how via configure Router_P in local area network of privately owned cloud server and physically
Access a traditional implementations of privately owned cloud server;
Fig. 3, which is shown, how logically to be accessed privately owned via registering in a virtual private networks routing server
One traditional implementations of cloud server;
Fig. 4, which is shown, how logically to be deposited via registering in (intermediate) routing server among one
Take an embodiment of privately owned cloud server;
Fig. 5 is shown can how logical via point-to-point (peer-to-peer) registered in an intermediate routing server
Interrogate and logically access a traditional implementations of privately owned cloud server;
Fig. 6 illustrates privately owned cloud server routing server according to the present invention and the one of intelligent apparatus client initially sets
It sets;
Fig. 7 shows the communication flow of intelligent apparatus client according to the present invention;
Fig. 8 shows the communication flow of privately owned cloud routing server according to the present invention;
Fig. 9 shows the block diagram of privately owned cloud routing server according to the present invention;
Figure 10 shows the block diagram of intelligent apparatus client according to the present invention;
Figure 11 show intelligent apparatus client according to the present invention as a host side (host) or object end (guest) with
Reach the communication flow of a secret and safety;
Figure 12 shows that the cloud network according to the present invention to a first embodiment of the communication of the secret and safety is basic
The block diagram of construction;
Figure 13 shows that the cloud network according to the present invention to a second embodiment of the communication of the secret and safety is basic
The block diagram of construction;And
Figure 14 shows that the cloud network according to the present invention to a 3rd embodiment of the communication of the secret and safety is basic
The block diagram of construction.
Component label instructions in figure:
100: public cloud
101: intelligent apparatus client
102: router
103: router
104: local area network
105: local area network
106: intelligent apparatus client
107: intelligent apparatus client
108: privately owned cloud routing server
109: intelligent apparatus client
110: intelligent apparatus client
111: intelligent apparatus client
112: intermediate routing server
113: public cloud server
114: virtual private networks routing server
115: client message box
116: routing server message box
117: public the Internet protocol address
118: privately owned Internet Protocol address
119: public the Internet protocol address
120: privately owned Internet Protocol address
128: private network service
900: processor
902: random access memory
903: network interface
904: import and export
905: non-volatile storage
907: privately owned cloud routing server driver
908: device driver
909: operating system
1000: processor
1002: random access memory
1003: network interface
1004: import and export
1005: non-volatile storage
1006: application program
1007: privately owned cloud client driver
1008: device driver
1009: operating system
1100~1116: step
1200,1300,1400: public cloud
1201: intelligent apparatus client
1202,1302:Router_P
1203,1303,1403:Router_S
1204,1205: local area network
1304,1305,1334: local area network
1405,1434: local area network
1206,1207,1209,1210,1211: intelligent apparatus client
1301,1306,1307,1309,1310,1311,1321,1335: intelligent apparatus client
1401,1409,1410,1411,1421,1435: intelligent apparatus client
1208,1308,1408: privately owned cloud routing server
1212,1312,1412: intermediate routing server
1213,1313,1413: public cloud server
1214,1314,1414:VPN routing server
1228,1328,1336,1436: private network service
1215,1315,1415: client message box
1216,1316,1416: routing server message box
1217,1317,1417:Public_IP_P
1218,1318:Private_IP_P
1219,1319,1419:Public_IP_S
1220,1320,1420:Private_IP_S
1222,1223,1224,1225: communication path
1326: communication path
1426: communication path
VLAN 1240, VLAN 1340, VLAN 1440: Virtual Local Area Network
LAN1 1250, LAN1 1350, LAN2 1360, LAN2 1460: entity local area network
Specific embodiment
The present invention is about network connection in general, is the use about privately owned cloud network more specifically.There is provided with
Lower explanation is in order to enable the usual skill in technique to make and using the present invention, and following explanation is with a patent
Application and its requirement provide for background.To made by embodiment described herein and General Principle and feature it is various retouching for
Those who familiarize themselves with the technology will be evident.Therefore, the present invention be not intended to be limited to shown in embodiment, and be intended to meet with
The consistent most wide range of principle and feature described herein.
In discussion in the whole text within a context, term " client " can be exchanged with " intelligent apparatus client ".In discussion,
Term " router " generally can be with " gateway (gateway) ", " access point " and/or " network address transmission " (network
address translation;NAT it) exchanges.
A system in accordance with the present invention and method can solve in the environment to satisfy the needs of consumers one for a Wide Area Network
In intelligent apparatus client following challenge, and then can obtain from a privately owned cloud storage server (PCSS) or
Any privately owned cloud server (Private Cloud Server;PCS service):
1. accessing privately owned cloud server (PCS) whenever and wherever possible.
2. accessing PCS after firewall with fixed or dynamic Internet Protocol address.
3. not needing an outside or public cloud type routing server in Wide Area Network.
4. not needing additional router setting in local area network.
5. being verified using PCS.
6. establishing the communication channel of a safety with PCS.
If these challenges can be able to cope with and solve, can because plug and play (plug and play) simplification and can
With property, and the deployment of privately owned cloud server and service is by build up index mode.It is taken by not utilizing a public cloud type to route
Business device, can also eliminate the technology and business is worried.In the infrastructure of private clound end, be used to storage, on the table of distal end service with
And Internet of Things (Internet of Things;IoT privately owned cloud server) can allow people that can afford and be widely used.
In private clound end ring border, if the privately owned cloud server of more than one or service and meanwhile coexist, by privately owned cloud
The function of server is divided into two mac functions (comprising privately owned cloud route service and private network service) and is advantageous.It is private
There is network service (Private Network Service;PNS) it is designed in wired or wireless private network environment by intelligence
Energy device client is managed and accesses.The example of private network service includes: providing the application of agreement (RDP) on the table of distal end
Program servers, Virtual Networking Computing, office tools, media player and the dedicated application of other users.Private network
Service also can be used as one for privately owned cloud service and include terabyte (terabyte) storage space (storage) storage clothes
Business device.The function of the privately owned cloud route service of multiple privately owned cloud servers can be polymerize (aggregate) Yu Yiqi and
As the privately owned cloud routing server (PCRS) of only one.Privately owned cloud routing server usually can be referred to a privately owned cloud road
By device.
A system in accordance with the present invention and method can solve the following challenge in the environment to satisfy the needs of consumers, to utilize
Intelligent apparatus client in Wide Area Network comes from the privately owned net of a privately owned cloud routing server (PCRS) to manage and access
Network service (PNS).
1. accessing privately owned cloud routing server (PCRS) whenever and wherever possible.
2. accessing PCRS after firewall with fixed or dynamic Internet Protocol address.
3. not needing an outside or public cloud type routing server in Wide Area Network.
4. not needing additional router setting in local area network.
5. being verified using privately owned cloud routing server (PCRS).
6. establishing the communication channel of a safety with private network service (PNS) to be managed and access.
If privately owned cloud routing server (PCRS) can meet above-mentioned challenge, different manufacturers and supplier are come from
(vendor) heterogeneity (heterogeneous) privately owned cloud server can be broken down into simpler private network service simultaneously
Eliminate the complexity of privately owned cloud setting, configuration and access.
The purpose of a system in accordance with the present invention and method is to provide a privately owned cloud routing server (PCRS), private
There are network service and client framework without utilizing a routing server.System according to the invention and method can solve above-mentioned
Challenge a, so that client can access private network service (PNS) whenever and wherever possible.The system and method is also with fixed or dynamic
Internet Protocol access PNS after a firewall, additional router setting and public cloud are not needed in Wide Area Network
End type routing server, is verified using PCRS, and the communication channel of a safety is directly established with PNS.
As shown in Figure 1A, a cloud network infrastructure includes that the public cloud 100, one in Wide Area Network is public
Cloud server 113, an intermediate routing server 112, a VPN routing server 114, an intelligent apparatus client 101 and
An one Router_P 102 and Router_S 103.Router_S 103 is connected to a local area network 105 and public cloud 100
In internet between.Router_P 102 is connected between the internet in a local area network 104 and public cloud 100.?
It is intelligent apparatus client 106,107 and a privately owned cloud server (PCS) 108 after LAN 104.It is after local area network 105
Intelligent apparatus client 109,110 and 111.Intelligent apparatus client can be a PC, laptop, plate electricity
Brain, global positioning system (GPS), smart television, box (set top box), MP3 player or is appointed on machine at electronic book reading machine
Embedded (embedded) device what can be connected to the network.
Beyond the clouds in network infrastructure development, intelligent apparatus client is represented as 101,106,107,109,110 and 111.
The above intelligent apparatus client is therein, and any one is interchangeable in context and discussion.This discussion focuses on intelligent apparatus client
End 109, and within a context using it as representative.
Physically, the situation that an intelligent apparatus client 101,107 or 109 can be connected to privately owned cloud server 108 has
Three kinds.Firstly, intelligent apparatus client 107 judges whether target is located at the local office that can access (locally accessible)
In domain network 104 and determine to be connected directly to privately owned cloud server 108.Second, intelligent apparatus client 101 judges target not
In the accessible local area network 104 in part and determine to be connected to public cloud 100 via Wide Area Network.Wide Area Network pair
Router_P 102 and local area network 104 are positioned, and are then connected to privately owned cloud server 108.Third, intelligent apparatus
Client 109 judges that target is not located in the accessible local area network 105 in part and determines across local area network 105, Router_
S 103 is simultaneously connected to the public cloud 100 in Wide Area Network.
Then intelligent apparatus client 109 carries out being positioned and joined to private to Router_P 102 and local area network 104
There is cloud server 108.The first and second of situation be two kinds of special circumstances and be the third situation derivation
(derivative).Therefore, it focuses on that range is wider and is beneficial in the higher third situation of complexity.
Fig. 2 show can how by configuring Router_P 102 in local area network 104 of privately owned cloud server 108 and
Physically access a traditional implementations of privately owned cloud server 108.Configuration is carried out to Router_P 102 and is related to two
A step.Firstly, user needs the privately owned Internet Protocol address by privately owned cloud server 108 to map to Router_P
A particular port in 102, as shown in step 200.Second, user needs trustship (host) privately owned cloud server
The public the Internet protocol address of 108 Router_P 102 is registered in the intermediate routing server 112 in Wide Area Network,
As shown in step 201.Before intelligent apparatus client 109 can access privately owned cloud server 108, intermediate routing is searched
Server 112 is positioned with the public the Internet protocol address to privately owned cloud server 108, as shown in step 202.Such as
Shown in step 203, then intelligent apparatus client 109 can start to access the predetermined port of Router_P 102, wherein
The predetermined port of Router_P 102 is accurately mapped to the privately owned Internet Protocol address of privately owned cloud server 108.
The configuration of Router_P 102 and the setting of intermediate routing server 112 be not in fact it is easy and for
It can be extremely difficult for most of terminal users.In addition, by by the privately owned Internet Protocol of privately owned cloud server 108
Location, which maps to one, may cause a big safety to privately owned cloud server 108 by the port of extraneous direct and permanent addressing
Risk.
Privately owned cloud server 108 is direct and is exposed permanently to the external world, this can cause many pernicious attacks.In addition, intermediate
Routing server 112 is a public cloud type server.This causes all scrupulous to the owner of intelligent apparatus client 109.
Firstly, trust there is always query, is because of all communications between intelligent apparatus client 109 and privately owned cloud server 108
In transaction, intermediate routing server 112 is always an intermediate.It can hold intelligent apparatus client 109 and privately owned cloud clothes
All user's account informations, password and its corresponding Internet Protocol address of business device 108.Intermediate routing server 112
Intermediate any communication can be listened to and it is made to become dangerous.
Second, as an outside or public cloud type routing server, the business model of intermediate routing server 112 may
It will not be consistent with the owner of intelligent apparatus client 109 always or synchronous.If intermediate routing server 112 is former because of any business
Thus out of service, then there is no any meanss to save the situation or the option of replacement to restore to service.It is potentially caused to user
One huge commercial risks is because the important link in communication may be damaged but without recourse.
Fig. 3 show can how via registered in a virtual private networks routing server 114 and logically
Access a traditional implementations of privately owned cloud server 108.During being configured to a virtual private networks, privately owned cloud
Server 108 is first by its public the Internet protocol address and its privately owned Internet Protocol address in a virtual private networks
(VPN) it is registered in routing server 114 and keeps logging in (logging in), as shown in step 300.Intelligent apparatus client
109 also by its public the Internet protocol address and its privately owned Internet Protocol address and same virtual private networks routing server
114 alignment, as shown in step 301.Virtual private networks routing server 114 is privately owned cloud server and intelligent apparatus visitor
Both family ends 109 distribution virtual IP address simultaneously establishes a virtual private networks, as shown in step 302.At this point, intelligence
Energy device client 109 and privately owned cloud server 108 are positioned at same under the control of virtual private networks routing server 114
In one virtual internet protocol domain (domain).All communications between intelligent apparatus client 109 and privately owned cloud server 108
It is packed according to virtual private networks agreement.
In step 303, intelligent apparatus client 109 logs in virtual private networks routing server 114 and searches privately owned
The virtual IP address of cloud server 108.In step 304, it is intercepted by virtual private networks routing server 114
And encapsulate all communications between intelligent apparatus client 109 and privately owned cloud server 108.As shown at step 305, intelligence dress
Setting client 109 then can start to access privately owned cloud server 108.
With method disclosed by Fig. 2 on the contrary, virtual private networks routing server method is by without configuration of routers
And it benefits.Therefore, so that setting is more easier for user.However, due to that must be routed via a public cloud type
Server carries out all communications, can worry by the business of identical (even if will not be more serious).As a public cloud type clothes
Business device, virtual private networks routing server 114 can cause all scrupulous to the user of intelligent apparatus client 109.Firstly,
Trust is because of all communication transaction phases between intelligent apparatus client 109 and privately owned cloud server 108 there is always query
Between, virtual private networks routing server 114 is always an intermediate.It can hold intelligent apparatus client 109 and private clound
Hold all user's information, password and its corresponding Internet Protocol address of server 108.Virtual private networks route service
Device 114 can listen to intermediate any communication and it is made to become dangerous.Second, as an outside and the routing of public cloud type
Server, the business prototype of virtual private networks routing server 114 may not always with the institute of intelligent apparatus client 109
The person of having is consistent or synchronizes.If virtual private networks routing server 114 is out of service because of any business reason, there is no appoint
What means to save the situation or the option of replacement restore to service.Except nonowners fully control virtual private networks routing server,
Otherwise, potentially cause a huge commercial risks to user, be because communication in important link may be damaged but without
Recourse.
Fig. 4, which is shown, how via registering in an intermediate routing server 112 logically to access privately owned cloud
One embodiment of server 108.In step 400, privately owned cloud server 108 is first by its public the Internet protocol address
It is registered in an intermediate routing server 112 with its privately owned Internet Protocol address and obtains one group of ID and password from server.
Intelligent apparatus client 109 is then by its public the Internet protocol address and its privately owned Internet Protocol address on same intermediate road
By being registered in server 112 and obtaining one group of ID and password, as shown in the step marked with literal 401.Privately owned cloud server 108 logs in centre
Routing server 112, as shown at step 402.
Before intelligent apparatus client 109 can access privately owned cloud server 108, it is necessary to carry out multiple steps.It is first
First, intelligent apparatus client 109 is via a safe lane (such as call, Email, text message or snail mail
(snail mail)) ID and password of privately owned cloud server 108 are obtained from server, as shown in step marked with literal 403.Intelligent apparatus
Then client 109 utilizes road among the ID and password login of the ID of their own and privately owned cloud server 108 obtained
By server 112, as shown in the step marked with literal 404.By intermediate routing server 112 intercept and encapsulate intelligent apparatus client 109 with
All communications between privately owned cloud server 108, as shown in step 405.Finally, intelligent apparatus client 109 can start to deposit
Privately owned cloud server 108 is taken, as shown in step 406.
With conventional method shown in Fig. 2 on the contrary, intermediate routing server method is benefited by configuration of routers is cancelled.Cause
This, so that setting is more easier for user.However, due to must come via a public cloud type routing server into
All communications of row can worry by the business of identical (even if will not be more serious).
As a public cloud type server, intermediate routing server 112 can be to the owner of intelligent apparatus client 109
It causes all scrupulous.Firstly, trust there is always query, is because in intelligent apparatus client 109 and privately owned cloud server 108
Between all communication transactions during, intermediate routing server 112 is an intermediate.It can hold intelligent apparatus client 109 and
All user's account informations, password and its corresponding Internet Protocol address of privately owned cloud server 108.Centre routing
Server 112 can listen to intermediate any communication and it is made to become dangerous.
Second, as an outside and public cloud type routing server, the business model of intermediate routing server 112 may
It will not be consistent with the owner of intelligent apparatus client 109 always or synchronous.If intermediate routing server 112 is former because of any business
Thus out of service, then there is no any meanss to save the situation or the option of replacement to restore to service.It is potentially made to user
It is because the important link in communication may be damaged but without recourse at a huge commercial risks.
Fig. 5 is shown can be how via the point-to- point communication registered in an intermediate routing server 112 and with logic
Mode accesses an embodiment of privately owned cloud server 108.In step 500, privately owned cloud server 108 is first by its public affairs
It is registered in an intermediate routing server 112 with Internet Protocol address and its privately owned Internet Protocol address and is obtained from server
Obtain one group of ID and password.Intelligent apparatus client 109 is then by its public the Internet protocol address and its privately owned Internet Protocol
Address registers in same intermediate routing server 112 and obtains one group of ID and password, as shown in step 501.Privately owned cloud
Server 108 and intelligent apparatus client 109 log in intermediate routing server 112, as shown in step 502.
Before intelligent apparatus client 109 can access privately owned cloud server 108, it is necessary to carry out multiple steps.It is first
First, intelligent apparatus client 109 and privately owned cloud server 108 obtain the public the Internet of another party from intermediate routing server
Protocol address and privately owned Internet Protocol address, as shown in step 503.Both sides taste with the initial outputting communication carried out each other
A hole is made a call to during examination in its respective router, as shown in step 504.Intelligent apparatus client 109 and privately owned cloud
All communications between server 108 are all bound to together, and then establish a point-to-point communication channel therebetween, as in step 505
It is shown.Finally, intelligent apparatus client 109 can start to access privately owned cloud server 108, as shown in step 506.
Conventional method with Fig. 2, Fig. 3 and Fig. 4 is on the contrary, the intermediate routing server method of the present embodiment has in client
The benefit of point-to- point communication is established between server and more preferably efficiency is provided.However, still can by it is all communication all via
" Single Point of Faliure " problem of one single public cloud type routing server.As a public cloud type server, centre routing clothes
Business device 112 can cause all scrupulous to the owner of intelligent apparatus client 109.Firstly, trust is because in there is always query
Between routing server 112 be an intermediate, holding intelligent apparatus client 109 and all of privately owned cloud server 108 makes
User's account information, password and its corresponding Internet Protocol address.
Second, as an outside and public cloud type routing server, the business prototype of intermediate routing server 112 may
It will not be consistent with the owner of intelligent apparatus client 109 always or synchronous.If intermediate routing server 112 is former because of any business
Thus out of service, then there is no any meanss to save the situation or the option of replacement to restore to service.It is potentially made to user
It is because the important link in communication may be damaged but without recourse at a huge commercial risks.
A system in accordance with the present invention and method are to eliminate better than one of the great advantage of above-mentioned conventional method
The role of public cloud type routing server during access, such as in virtual private networks routing server or intermediate routing clothes
It is engaged in general in the situation of device.It is a further advantage of the present invention that in intelligent apparatus client 109 and privately owned cloud server 108
Between no longer exchange the secret information such as account password.
Figure 1B is the block diagram according to a cloud network infrastructure of an embodiment.The element phase illustrated with A referring to Fig.1
Same element label having the same.However, in this embodiment, also there are two message boxes: client message box
Message_box_S 115 and routing server message box message_box_P 116, the purposes of two message boxes will with
Lower detailed description.
It as shown in Figure 1A, is the privately owned cloud route service of intelligent apparatus client 106,107, one after local area network 104
Device (PCRS) 108 and a private network service (PNS) 128.Original privately owned cloud server (PCS) 108 has changed in Figure 1A
Become a privately owned cloud routing server (PCRS) 108 and the private network service (PNS) 128 in Figure 1B.In local area network
It is intelligent apparatus client 109,110 and 111 after 105.Intelligent apparatus client can be a PC, laptop, put down
Plate computer, electronic book reading machine, global positioning system, smart television, box on machine, MP3 player any are connected to the network
Embedded device.These intelligent apparatus clients be represented as in network infrastructure development beyond the clouds 101,106,107,109,110 and
111.The above intelligent apparatus client is therein, and any one is interchangeable in context and discussion.This discussion focuses on intelligent apparatus
Client 109, and in this context using it as representative.
For feature of the invention is explained in more detail, referring now to Fig. 6, Fig. 7 and Fig. 8, wherein Fig. 6, Fig. 7 and Fig. 8 cover this
The initial setup phase and access phase of invention.
Fig. 6 illustrates privately owned cloud routing server 108 according to the present invention and the one of intelligent apparatus client 109 initially sets
It sets.Privately owned cloud routing server 108 forms a principal and subordinate (server-client) relationship with intelligent apparatus client 109.It is privately owned
It is clear that cloud routing server 108 first with client account title and corresponding message box information establishes an authorized client
It is single.Message box information can be an email account, text message account or other unique public account informations of client
Form.
In step 601, it in privately owned 108 side of cloud routing server, sends a conversational and invites to as authorized
The message_box_S 115 of the expection intelligent apparatus client 109 of one of user.Conversational invitation may include road
By Server Message box address message_box_P 116.Then privately owned cloud routing server 108 is attempted from routing server
Message box message_box_P 116 captures conversational access request, and the conversational access request is comprising client message box
Location message_box_S 115, client public Internet Protocol address Public_IP_S119 and privately owned Internet Protocol
Address private_IP_S120, it is such as shown in step 602.
If access request be it is invalid, be back to step 601.If access request is effective, privately owned cloud routing
Server 108 registers the client message box 115 of intelligent apparatus client 109, public the Internet protocol address 119 and privately owned
Internet Protocol address 120, it is such as shown in step 604.Privately owned cloud routing server 108 sends one and carries its current routing
Server public the Internet protocol address and privately owned Internet Protocol address public_IP_P 117 and private_IP_P 118
Conversational confirm to client message box message_box_S 115, as shown in step 605.Privately owned cloud route service
Device 108 can start for communication request to be sent to intelligent apparatus client 109, as shown in step 606.
In 109 side of intelligent apparatus client, conversational is captured from the messge_box_S of their own 115 first and is invited,
As shown in step 611.Conversational invites the message box address message_box_P comprising private clound end routing server
116.If the invitation from privately owned cloud routing server 108 be it is invalid, be back to step 611.If coming from privately owned cloud
The invitation of routing server 108 is effectively that then intelligent apparatus client 109 can return back to a conversational access request privately owned
108 message box message_box_P 116 of cloud routing server, whenever it needs to access privately owned cloud routing server
Its current client message box address, public the Internet protocol address and privately owned Internet Protocol address is registered when 108, is such as walked
Shown in rapid 613.Conversational access request may include 109 message box address message_box_S 115 of intelligent apparatus client,
And client public Internet Protocol address and privately owned Internet Protocol address public_IP_S 119 and private_
IP_S 120.Then intelligent apparatus client 109 is captured from client message_box_S 115 carries privately owned cloud routing clothes
Business device current public the Internet protocol address and privately owned Internet Protocol address public_IP_P 117 and private_
The conversational of IP_P 118 confirms, as shown in step 614.Intelligent apparatus client 109 can start for communication request to be sent to
Privately owned cloud routing server, as shown in step 615.After two independent processes, privately owned cloud routing clothes are just completed
The initial setting up for device 108 and the intelligent apparatus client 109 of being engaged in.
Message box server for Entrust Server or client message box can be an e-mail server, text news
Breath server can be privately owned cloud routing server 108 (as a server) and intelligent apparatus client 109 (as one
Client) between information exchange trustship safety information any kind of server.In the industry cycle, the safety of message box server
And the business prototype person of having been used is known and expected.No matter cause message box server fail for any reason, all may be used
It is replaced or is redeployed immediately without jeopardizing the communication in the infrastructure of private clound end between server and client.
Fig. 7 shows the communication flow of intelligent apparatus client 109 according to the present invention.Intelligent apparatus client 109 can be
Start and privately owned cloud in the case where not via an intermediate routing server 112 or a virtual private networks routing server 114
Routing server 108 carries out point-to- point communication.Intelligent apparatus client 109 first will be by a communication of its Router_S 103
Request is sent to the Router_P 102 of privately owned cloud routing server 108, as indicated in step 700.Router_S 103 is stepped on
Remember the public the Internet protocol address and privately owned internet protocol of intelligent apparatus client 109 and privately owned cloud routing server 108
Address is discussed, as shown in step 701.Router_S103 output route keeps opening, and then makes a call to a hole and wait from privately owned
The response of cloud routing server 108, as shown in step 702.Then Router_S 103 checks whether there is incoming
(incoming) response comes from privately owned cloud routing server 108, as shown in step 703.If incoming response be it is invalid and
Overtime, then the initialization procedure of intelligent apparatus client 109 restarts, as shown in step 708.If its non-overtime,
It is back to step 702.However, if incoming response is that effectively, Router_S 103 can be by privately owned cloud routing server 108
Incoming public the Internet protocol address and register for privately owned Internet Protocol address and intelligent apparatus client 109 export private
There is Internet Protocol address binding, as shown in step 704.Then it will be asked from privately owned the incoming of cloud routing server 108
It asks and routes to intelligent apparatus client 109, as shown in step 705.Intelligent apparatus client 109 can start and privately owned cloud road
Safe point-to- point communication is carried out by server 108 and from privately owned 108 access service of cloud routing server, such as institute in step 706
Show.
Fig. 8 shows the communication flow of privately owned cloud routing server 108 according to the present invention.Privately owned cloud routing server
108 can start and intelligent apparatus visitor in the case where not via an intermediate routing server 112 or a VPN routing server 114
Family end 109 carries out point-to- point communication.Privately owned cloud routing server 108 is asked one by the communication of its Router_P 102 first
The Router_S 103 for being sent to intelligent apparatus client 109 is sought, as indicated in step 800.Router_P 102 then in response to
In output communication request and the public the Internet of registering intelligent apparatus client 109 and privately owned cloud routing server 108 is assisted
Address and privately owned Internet Protocol address are discussed, as shown in step 801.The output route of Router_P 102 keeps opening, into
And make a call to a hole and wait the response from intelligent apparatus client 109, as shown in step 802.Router_P 102 is checked
Whether there is incoming response, to judge whether there is incoming response from intelligent apparatus client 109, as shown in step 803.If
Incoming response is invalid and its overtime, then the initialization procedure reproduction of privately owned cloud routing server 108 starts, such as step
Shown in 808.If its non-overtime, is back to step 802.However, if incoming response is effective, 102 meeting of Router_P
The incoming public the Internet protocol address of intelligent apparatus client 109 and privately owned Internet Protocol address and privately owned cloud are routed
Server 108 registers the privately owned Internet Protocol address binding of output, as shown in step 804.It then will be from intelligence dress
The incoming request for setting client 109 routes to privately owned cloud routing server 108.Privately owned cloud routing server 108 can start
Safe point-to- point communication is carried out with intelligent apparatus client 109 and receives the access of the service from intelligent apparatus client 109,
As shown in step 806.
To ensure point-to- point communication channel safety, many safety measures are disposed, include AES encryption and/or safe package layer
Agreement (secure socket layer;) and transport layer security agreement (transport layer security SSL;TLS).
Conversational communication (including invitation, access request and confirmation) between server and client also utilizes random number seed (random
Number seed), time stab (time stamp), encryption and hashing (hashing) defeat go-between (man-in-
The middle) and fight back the attack from public cloud, with the safety that ensures to communicate and complete.
Since the present invention does not depend on a public cloud type routing server, therefore it can solve and mitigate intelligent apparatus client institute
The person's of having is all scrupulous.Firstly, Single Point of Faliure is not present between a client and a server.Second, in intelligent apparatus client
Intermediate is not present during any communication transaction between 109 and privately owned cloud routing server 108.Therefore, efficiency can be more preferably.The
Three, intermediate any communication can be made not to be monitored, so that process is very safe for client and server.Intelligence
User's account information of device client 109 and privately owned cloud routing server 108, password and its corresponding Internet Protocol
Address is from being not exposed to a public cloud.Information between intelligent apparatus client 109 and privately owned cloud routing server 108 is handed over
Change it is middle using outside communication channel be only two privately owned message box message_box_S 115 and message_box_P
116.It is never exchanged between privately owned cloud routing server 108 and intelligent apparatus client 109 (as a client) close
Code information.The safety of communication and the message box service for being used for trustship message_box_S 115 and message_box_P 116
Device is equally good.If being compromised message box or out of service, another replacement or spare news can be disposed immediately
Cease box.In the present invention, replaceable any key component (includes router, the network switch, message box, intelligent apparatus client
End 109 or even privately owned cloud routing server 108) it is taken without will affect intelligent apparatus client 109 and the routing of privately owned cloud
The efficiency and integrality of communication link between business device 108.
Fig. 9 shows the block diagram of privately owned cloud routing server 108 according to the present invention.It includes a processor 900, with
Machine accesses memory (RAM) 902, network interface 903, import and export (input/output;I/O) 904 and nonvolatile storage
Device (non-volatile storage) 905.Non-volatile storage 905 more accommodates an operating system (operating
system;OS) 909, device driver 908 and privately owned cloud routing server driver 907.
Network interface 903 can be connected to local area network, Wide Area Network or 3G/4G network.Import and export 904 is for connecting
To extraneous user's interface, including, for example, I/O devices such as keyboard, mouse, audio and videos.Non-volatile storage 905
It is mounted with necessary software (comprising operating system and various device drivers).
Privately owned cloud routing server driver 907 is disposed to corresponding with from intelligent apparatus client 109 private
There is the communication of cloud client driver.Privately owned cloud routing server driver 907 initiates to invite, processing access request, then
It will confirm that and send back intelligent apparatus client 109.Then, communication request is sent to intelligent apparatus client 109 and along output
A hole is made a call in direction in its router.Once the incoming request from intelligent apparatus client reaches the hole beaten, two-way
News channel is just bound to together.Privately owned cloud routing server driver 907 can start to carry out with intelligent apparatus client 109
Safe point-to- point communication.
Figure 10 shows the block diagram of intelligent apparatus client 109 according to the present invention.Intelligent apparatus client 109 includes one
Processor 1000, a RAM 1002, a network interface 1003, an import and export (I/O) 1004 and a non-volatile storage
1005.Non-volatile storage 1005 further includes 1009, one device driver 1008 of an operating system (OS) and a private clound
Hold client driver 1007.Intelligent apparatus client 109 can also be mounted with application program 1006 and be taken with routing with privately owned cloud
Business device 108 communicates.Network interface 1003 can be connected to local area network, Wide Area Network or 3G/4G network.
Import and export 1004 is user's interface for being connected to the external world, defeated including, for example, touch pad, audio and video etc.
Access apparatus.Non-volatile storage can be hard disk storage or flash type (flash based) solid magnetic disc (solid
state disk).In non-volatile storage 1005, it is mounted with necessary software (comprising OS and device driver).It is privately owned
Cloud client driver 1007 is disposed to privately owned cloud routing clothes corresponding with from privately owned cloud routing server 108
Business device driver 907 communicates.Privately owned cloud client driver 1007 is invited in response to server, and is replied with access request,
Then receive the confirmation from privately owned cloud routing server 108.Then, communication request is sent to privately owned cloud route service
Device 108 simultaneously makes a call to a hole along outbound course in its router.
Once incoming request from privately owned cloud routing server 108 reaches the hole beaten, both-way communication channel just by
It is bound to together.Intelligent apparatus client 109 can start to carry out safe point-to- point communication with privately owned cloud routing server 108.
Then private network service 128 can be managed and be accessed via public cloud 100 by intelligent apparatus client.Middle wording in the whole text
" access " or " can access " covers management or manageable meaning.
Consider for efficiency, in certain environments, privately owned cloud routing server 108 and corresponding router Router_P
102 can be an entity.In any case of two kinds of situations, the privately owned attainable any private of cloud routing server 108
There is network service that can all be accessed by intelligent apparatus client via public cloud 100.
Figure 11 is shown mounted on a privately owned cloud program of the intelligent apparatus client.The privately owned cloud program provides use
In three kinds of functions of the intelligent apparatus client.The function includes, how such as same under the privately owned cloud routing server
A one conversational communication of host side (host) initial, how as a conversational communication is added in same object end (guest) and enters
Accessible service in entity local area network (physical LAN) or Virtual Local Area Network (virtual LAN).The communication streams
The left side of journey indicates how a host side (host) intelligent apparatus client originates a conversational communication.The bottom right of the communication flow
Side indicates how object end (guest) intelligent apparatus client receives a communication and invite and the conversational communication is added.
Figure 12 is shown between intelligent apparatus client and the exploration and access of private network service and via the public affairs
There is cloud for the secret and a first embodiment of a cloud network infrastructure of safety communication.The intelligent apparatus client
1201,1211 and 1221, respectively via the communication path 1222,1224 and 1223, can be set with the construction of aforementioned Fig. 6,7 and 8
It is placed in the privately owned cloud routing server 1208.The privately owned cloud routing server 1208 then sets up a Virtual Local Area Network
(virtual local area network) VLAN 1240 with allow this authorized privately owned cloud routing server 1201,
1211 and 1221 as members and participate in Virtual Local Area Network VLAN 1240.The intelligent apparatus client 1201 such as a host side
It (host) being capable of an initial secret and safe communication via the program of the installation.The intelligent apparatus client 1211 or 1221 warp
By the program of the installation can be received such as an object end (guest) communication invite and with the host side intelligent apparatus client
1201 carry out the communication-type session of the secret and safety.
As shown in Figure 11 and 12, in step 1100, opened when an intelligent apparatus client 1201 is intended to a host side (host) such as
Begin a conversational communication, the installation (locat) in the host side intelligent apparatus client program first via the communication path
1222 are arranged and login (log-in) to the privately owned cloud routing server (Private Cloud Routing Server).In
Step 1102, after being set to the privately owned cloud routing server 1208, Virtual Local Area Network is added under the server
VLAN 1240.In step 1104 and 1105, a intelligent apparatus client such as host side promises the communication that engages in conversation.In step
1106, which allows the intelligent apparatus client 1201 to establish simultaneously trustship (host) communication-type session (communication
session).In step 1107, the program broadcast host side session is to invite communication object end.It later, should in step 1108
Program is the starting scanning of cognizable object end.In step 1109, once the object end is authorized to, the intelligent apparatus client
1201 can be such as the communication an of host side and the authorized object end intelligent apparatus client initial secret and safety.The secret
And the communication of safety includes that video (video), audio (audio), text (text) or application program (application) are logical
News.The application program is the program (program), effectiveness (utility), operation all recognized by the host side and object end
(operation) or remote desktop (remote desk).
In step 1100, a communication-type session is added when the intelligent apparatus client 1211 or 1221 is intended to an object end such as,
The program is installed on the object end intelligent apparatus client and is arranged and logins via the communication path 1224 or 1223 respectively first
To the privately owned cloud routing server.After the privately owned cloud routing server 1208 is set, it is added in step 1102
Virtual Local Area Network VLAN 1240.In step 1104 and 1105, the intelligent apparatus client such as object end promise engages in conversation logical
News.In step 1112, which waits a communication to invite.Once it receives a communication and invites, the intelligent apparatus client 1211
Or 1221 can be added a communication-type session such as an object end.In step 1113, which is then that cognizable host side is opened
Beginning is scanned.In step 1114, when defining the host side, which logins verifying by the communication of the host side.In
Step 1115, when being authorized to, which can then be added the conversational communication.In step 1116, the intelligent apparatus
The communication of client 1211,2121 such as an object end and the 1201 initial secret of host side intelligent apparatus client and safety.It should
The communication of secret and safety includes video, audio, text or application program communication.The application program can be all by the host side
An and program, effectiveness, operation or the remote desktop of object end identification.
In the other embodiment of the present invention, the intelligent apparatus client can under the privately owned cloud routing server
Entity local area network LAN1 1250 or Virtual Local Area Network VLAN 1240 in any accessible service establish a secret and
The communication of safety.As shown in Figure 11 and 12, in step 1110, when the intelligent apparatus client 1201,1211 or 1221 is arranged simultaneously
The privately owned cloud routing server 1208 is logged into, can be accessed via the communication path 1225 any in the privately owned cloud road
By the accessible private network of entity local area network LAN1 1250 and Virtual Local Area Network VLAN 1240 under server
Service 1228.The private network service includes audio, video content, real-time or archive information and application program execution, society
Can media, message transmission (messaging), Email, storage, backup, calendar, telephone directory (contact), synchronization, sharing,
Remote desktop (remote desktop), Internet of Things (Internet of Things;IoT) and other.
Figure 13 shows the block diagram of second embodiment of the invention.It duplicates in privately owned cloud routing server 1208 company of Figure 12
Line is to Router_P 1202, privately owned cloud routing server (Private Cloud Routing Server;PCRS) 1308 connect
Line to Router_P 1302 the local area network.Privately owned cloud routing server 1308 also has an entity local area network LAN2
The 1360 privately owned net with connection (connect) into (downstream) downstream with an intelligent apparatus client 1335 connection
Network service 1336.It is that can access, connect via local area network 1334 that private network service 1336, which is via communication path 1326,
It ties to privately owned cloud routing server 1308.Since intelligent apparatus client 1311,1310,1309,1301,1321,1306 and
1335 can explore and access Virtual Local Area Network VLAN 1340, entity via the cloud and privately owned cloud routing server 1308
Local area network LAN1 1350 and entity local area network LAN2 1360, all private network services 1328,1336 and intelligence dress
Setting client 1306,1335 also becomes accessible.
Figure 14 shows the block diagram of the second embodiment of the present invention.Privately owned cloud routing server 1408 has linked to the cloud
It holds and has a Public_IP_P1417.Privately owned cloud routing server 1408 also has an entity local area network LAN2 1460 connection
To the private network service 1436 in downstream with an intelligent apparatus client 1435 connection.Private network service 1436 be through
It is that can access, be linked to privately owned cloud routing server 1408 via local area network 1434 by communication path 1426.Since
Intelligent apparatus client 1411,1410,1409,1401,1421 and 1435 can be via the cloud and privately owned cloud routing server
1408 and explore and both access Virtual Local Area Network VLAN 1440 and entity local area network LAN2 1460, all privately owned nets
Network service 1436 and intelligent apparatus client 1435 also become accessible.
Although the present invention is disclosed as above with preferred embodiment, however, it is not to limit the invention, any this field skill
Art personnel, without departing from the spirit and scope of the present invention, when can make a little modification and perfect therefore of the invention protection model
It encloses to work as and subject to the definition of the claims.
Claims (21)
1. the method that one kind is used for a public cloud network (public cloud network), this method includes:
At least one privately owned cloud routing server and at least one intelligent apparatus client are arranged to a master-slave relationship
(client server relationship), wherein at least one privately owned cloud routing server includes associated there
One first message box (message box), the first message box are located on a public cloud network;Wherein at least one intelligence
Device client includes one second message box associated there;The second message box is located on the public cloud network;
Conversational message (session based is transmitted between the first message box and the second message box with a secured fashion
Message), wherein the conversational message is by at least one privately owned cloud routing server and at least one intelligent apparatus visitor
The verifying of family end, wherein an at least intelligent apparatus client and at least one privately owned cloud routing server are in the conversational message
Mutually communication after being verified, the service of wherein at least one private network then can be by this based on the conversational message being verified
At least an intelligent apparatus client is safely accessed via the public cloud network;And
At least one other intelligent apparatus clients are set into the master-slave relationship, wherein after the conversational message is verified,
An at least intelligent apparatus client and at least one other intelligent apparatus clients and at least one privately owned cloud route service
Device link up, wherein an at least intelligent apparatus client and at least one other intelligent apparatus client secrets and safely via
The public cloud network mutually communicates;
Wherein, which is linked in downstream with this at least via an entity local area network
An at least private network service for one intelligent apparatus client connection.
2. the method as described in claim 1, which is characterized in that at least one privately owned cloud routing server includes:
One computing device;
Lead to a connection of a network via a router;
One program, to make at least one privately owned cloud routing server:
(a) it creates and manages an authorized client inventory, to accommodate multiple intelligent apparatus clients;
(b) conversational is sent to invite to the second message box;
(c) a conversational access request of an at least intelligent apparatus client is received from the first message box;And
(d) conversational confirmation (acknowledgement) is sent to the second message box.
3. method according to claim 2, which is characterized in that the program also makes at least one privately owned cloud routing server:
(e) communication request is sent to an at least intelligent apparatus client;
(f) hole (punch a hole) is made a call in the router so that an intelligent apparatus client end response keep it is open to
Certainly (open pending);
(g) router is waited to bind between an at least intelligent apparatus client and at least one privately owned cloud routing server
One network connection;
(h) this will be routed at least from the one of an at least intelligent apparatus client incoming request (incoming request)
One privately owned cloud routing server;
(i) safety point-to-point (peer-to-peer) is established with an at least intelligent apparatus client to communicate;
(j) an at least intelligent apparatus client is made to access an at least private network service;And
(k) make the communication of a secret and safety in an at least intelligent apparatus client and at least one other intelligent apparatus client
It is carried out between end.
4. method according to claim 2, which is characterized in that at least an intelligent apparatus client includes for this:
One computing device;
Lead to a connection of a network via a router;
Wherein the router has a program, which makes an at least intelligent apparatus client:
(a) conversational is captured from an at least intelligent apparatus client message box to invite;
(b) a conversational access request at least one privately owned cloud routing server message box is sent;
(c) conversational confirmation is captured from an at least intelligent apparatus client message box;
(d) communication request is sent at least one privately owned cloud routing server;
(e) hole is made a call in the router, so that at least one privately owned cloud routing server response keeps opening co-pending;
(f) router is waited to bind between at least one privately owned cloud routing server and an at least intelligent apparatus client
One network connection;
(g) an at least intelligent apparatus client will be routed to from the one of at least one privately owned cloud routing server incoming request
End;
(h) a safe point-to- point communication is established at least one privately owned cloud routing server;
(i) an at least private network service is accessed via at least one privately owned cloud routing server;And
(k) it is communicated via at least one privately owned cloud routing server and at least one other intelligent apparatus clients.
5. method as claimed in claim 4, which is characterized in that the program makes it possible to:
At least one privately owned cloud routing server is accessed whenever and wherever possible;
At least one privately owned cloud route service is accessed after a firewall with the fixed or dynamic Internet Protocol address (IP)
Device;Wherein an at least intelligent apparatus client does not need an outside or public cloud type routing clothes in Wide Area Network (WAN)
Business device;Additional router setting is not needed in a local area network (LAN);And at least one privately owned cloud routing server
Establish a point-to-point communication channel of safety;
An at least private network service is accessed via at least one privately owned cloud routing server;And
It is communicated via at least one privately owned cloud routing server and at least one other intelligent apparatus clients.
6. method as claimed in claim 4, which is characterized in that the program makes it possible to:
At least one privately owned cloud routing server is accessed whenever and wherever possible;
At least one privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;Its
In an at least intelligent apparatus client do not needed in Wide Area Network one outside or public cloud type routing server;At one innings
Additional router setting is not needed in the network of domain;And at least one privately owned cloud routing server establish one safety it is point-to-point
Communication channel;
Local entities' import and export (I/O) is mapped into a virtual private cloud end routing server import and export;
An at least private network service is accessed via at least one privately owned cloud routing server;And
It is communicated via at least one privately owned cloud routing server and at least one other intelligent apparatus clients.
7. method according to claim 2, which is characterized in that at least an intelligent apparatus client includes for this:
One computing device;
Towards a wired or wireless connection of a network;
With an appendage, which makes an at least intelligent apparatus client:
(a) conversational is captured from an at least intelligent apparatus client message box to invite;
(b) it sends a conversational and returns back to a privately owned cloud routing server message box;
(c) conversational confirmation is captured from an at least intelligent apparatus client message box;
(d) access request is sent at least one privately owned cloud routing server;
(e) at least one privately owned cloud routing server response is waited;
(f) network connection between at least one privately owned cloud routing server and an at least intelligent apparatus client is bound;
(g) an at least intelligent apparatus client will be routed to from the one of at least one privately owned cloud routing server incoming request
End;
(h) a safe point-to- point communication is established at least one privately owned cloud routing server;
(i) an at least private network service is accessed via at least one privately owned cloud routing server;And
(j) it is communicated via at least one privately owned cloud routing server and at least one other intelligent apparatus clients.
8. the method for claim 7, which is characterized in that the program makes it possible to:
At least one privately owned cloud routing server is accessed whenever and wherever possible;
At least one privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;Its
In an at least intelligent apparatus client do not needed in a Wide Area Network one outside or public cloud type routing server;One
Additional router setting is not needed in local area network;And a point of safes pair is established at least one privately owned cloud routing server
Point communication channel;
An at least private network service is accessed via at least one privately owned cloud routing server;And
It is communicated via at least one privately owned cloud routing server and at least one other intelligent apparatus user client communications.
9. the method for claim 7, which is characterized in that the program makes it possible to:
At least one privately owned cloud routing server is accessed whenever and wherever possible;
At least one privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;Its
In an at least intelligent apparatus client do not needed in a Wide Area Network one outside or public cloud type routing server;One
Additional router setting is not needed in local area network;And a point of safes pair is established at least one privately owned cloud routing server
Point communication channel;
Local entities' import and export is mapped into a virtual server import and export;
An at least private network service is accessed via at least one privately owned cloud routing server;And
It is communicated via at least one privately owned cloud routing server and at least one other intelligent apparatus clients.
10. a kind of privately owned cloud routing server, includes:
One computing device;
Lead to a connection of a network via a router;
One program, is executed so that the privately owned cloud routing server by the computing device: being created and to manage an authorized client clear
It is single, to accommodate multiple intelligent apparatus clients;A conversational is sent to invite to multiple intelligent apparatus client at least within
One of one second message box;The conversational access for receiving an at least intelligent apparatus client from one first message box is asked
It asks;A conversational is sent to confirm to the second message box of an at least intelligent apparatus client;Make the intelligent apparatus client
Access private network service;And secret is carried out between the intelligent apparatus client and at least one other intelligent apparatus clients
And the communication of safety;
Wherein, which is linked in downstream and at least one intelligence via an entity local area network
The private network service of device client connection.
11. privately owned cloud routing server as claimed in claim 10, which is characterized in that the program makes it possible to:
A communication request is sent to an at least intelligent apparatus client;
A hole is made a call in the router, so that an intelligent apparatus client end response keeps opening co-pending;
It waits the router to bind the network between an at least intelligent apparatus client and the privately owned cloud routing server to connect
It connects;
The privately owned cloud routing server will be routed to from the one of an at least intelligent apparatus client incoming request;
At least an intelligent apparatus client establishes a safe point-to- point communication with this;
An at least intelligent apparatus client is set to access private network service;And
Between an at least intelligent apparatus client and at least one other intelligent apparatus clients carry out secret and safety
Communication.
12. a kind of intelligent apparatus client, includes:
One computing device;And
Lead to a connection of a network via a router;Wherein the router has a program, which makes the intelligent apparatus
Client: a conversational is captured from an intelligent apparatus client message box and is invited;A conversational access request is sent to one privately owned
Cloud routing server message box;Conversational confirmation is captured from the intelligent apparatus client message box;Send a communication request
To a privately owned cloud routing server;A hole is made a call in the router, so that a privately owned cloud routing server response is kept
Opening is co-pending;It waits the router to bind the network between the privately owned cloud routing server and the intelligent apparatus client to connect
It connects;The intelligent apparatus client will be routed to from the one of the privately owned cloud routing server incoming request;With the privately owned cloud
Routing server establishes a safe point-to- point communication;Private network service is accessed via the privately owned cloud routing server;And
It is communicated via between the privately owned cloud routing server and at least one other intelligent apparatus clients;
Wherein, which is linked in downstream and intelligent apparatus visitor via an entity local area network
The private network service of family end connection.
13. intelligent apparatus client as claimed in claim 12, which is characterized in that the program makes it possible to:
The privately owned cloud routing server is accessed whenever and wherever possible;
The privately owned cloud routing server is accessed after a firewall with the fixed or dynamic Internet Protocol address (IP);Wherein
The intelligent apparatus client does not need an outside or public cloud type routing server in a Wide Area Network;In a local area network
In do not need additional router setting;And a point-to-point communication channel of safety is established with the privately owned cloud routing server;
Private network service is accessed via the privately owned cloud routing server;And
It is communicated via between the privately owned cloud routing server and at least one other intelligent apparatus clients.
14. intelligent apparatus client as claimed in claim 12, which is characterized in that the program makes it possible to:
The privately owned cloud routing server is accessed whenever and wherever possible;
The privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;The wherein intelligence
Energy device client does not need an outside or public cloud type routing server in a Wide Area Network;In a local area network not
Additional router is needed to be arranged;And a point-to-point communication channel of safety is established with the server;
Local entities' import and export is mapped into virtual server import and export;
Private network service is accessed via the privately owned cloud routing server;And
It is communicated via between the privately owned cloud routing server and at least one other intelligent apparatus clients.
15. a kind of intelligent apparatus client, includes:
One computing device;
Towards a connection of a network;And
One program, the program make the intelligent apparatus client: capturing a conversational from the intelligent apparatus client message box and invite;
It sends a conversational and returns back to a privately owned cloud routing server message box;It is captured for a moment from an intelligent apparatus client message box
The confirmation of words formula;An access request is sent to a privately owned cloud routing server;Wait a privately owned cloud routing server response;It ties up
A network connection between the fixed privately owned cloud routing server and the intelligent apparatus client;It will be from the privately owned cloud routing clothes
The incoming request of the one of business device routes to the intelligent apparatus client;It is point-to-point that a safety is established with the privately owned cloud routing server
Communication;Private network service is accessed via the privately owned cloud routing server;And via the privately owned cloud routing server with
It is communicated between at least one other intelligent apparatus clients;
Wherein, which is linked in downstream and intelligent apparatus visitor via an entity local area network
The private network service of family end connection.
16. intelligent apparatus client as claimed in claim 15, which is characterized in that the program makes it possible to:
The privately owned cloud routing server is accessed whenever and wherever possible;
The privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;The wherein intelligence
Energy device client does not need an outside or public cloud type routing server in a Wide Area Network;In a local area network not
Additional router is needed to be arranged;And a point-to-point communication channel of safety is established with the server;
Private network service is accessed via the privately owned cloud routing server;And
It is communicated via between the privately owned cloud routing server and at least one other intelligent apparatus clients.
17. intelligent apparatus client as claimed in claim 15, which is characterized in that the program makes it possible to:
The privately owned cloud routing server is accessed whenever and wherever possible;
The privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;The wherein intelligence
Energy device client does not need an outside or public cloud type routing server in a Wide Area Network;In a local area network not
Additional router is needed to be arranged;And a point-to-point communication channel of safety is established with the privately owned cloud routing server;
Local entities' import and export is mapped into virtual private cloud end routing server import and export;
Private network service is accessed via the privately owned cloud routing server;And
It is communicated via between the privately owned cloud routing server and at least one other intelligent apparatus clients.
18. a kind of intelligent apparatus client, includes:
One computing device;
Towards a connection of a network;And
One program, the program is to be arranged a privately owned cloud routing server and make the intelligent apparatus client: from an intelligence dress
It sets client message box and captures conversational invitation;It sends a conversational and returns back to a privately owned cloud routing server message box;
Conversational confirmation is captured from the intelligent apparatus client message box;An access request is sent to the privately owned cloud route service
Device;Wait a privately owned cloud routing server response;It binds between the privately owned cloud routing server and the intelligent apparatus client
A network connection;The intelligent apparatus client will be routed to from the one of the privately owned cloud routing server incoming request;With
The privately owned cloud routing server establishes a safe point-to- point communication;In a virtual office is added on the privately owned cloud routing server
Domain network (virtual local area network;VLAN);And it is privately owned via the privately owned cloud routing server access
Network service;
Such as one conversational communication of a host side (host) initial;Establish simultaneously trustship (host) conversational communication;Invite communication object end
(guest);Object end for that can be identified is scanned;With the communication of one secret of object end initial and safety;And
As an object end (guest) receives a communication invitation and the conversational communication is added;Bulk end for that can be identified is swept
It retouches;Login communication verifying;The conversational communication is added;And the communication with the bulk end initial secret and safety;
Wherein, which is linked in downstream and intelligent apparatus visitor via an entity local area network
The private network service of family end connection.
19. intelligent apparatus client as claimed in claim 18, which is characterized in that the program makes it possible to:
The privately owned cloud routing server is accessed whenever and wherever possible;
The privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;The wherein intelligence
Energy device client does not need an outside or a public cloud type routing server in a Wide Area Network;In a local area network
Additional router setting is not needed;And a point-to-point communication channel of safety is established with the server;And
Private network service is accessed via the privately owned cloud routing server.
20. intelligent apparatus client as claimed in claim 18, which is characterized in that the program makes it possible to:
The privately owned cloud routing server is accessed whenever and wherever possible;
The privately owned cloud routing server is accessed after a firewall with fixed or dynamic Internet Protocol address;The wherein intelligence
Energy device client does not need an outside or public cloud type routing server in a Wide Area Network;In a local area network not
Additional router is needed to be arranged;And a safe point-to- point communication is established with the privately owned cloud routing server;And
The communication of secret and safety is carried out via the privately owned cloud routing server and at least one other intelligent apparatus clients.
21. intelligent apparatus client as claimed in claim 18, which is characterized in that the communication of the secret and safety includes:
One of one video, an audio, text and an application program and the application program are all by the host side and visitor
A program (program), effectiveness (utility), operation (operation) and the remote desktop (remote of body end identification
One of desktop).
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14/663,244 | 2015-03-19 | ||
| US14/663,244 US9935930B2 (en) | 2011-09-09 | 2015-03-19 | Private and secure communication architecture without utilizing a public cloud based routing server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105991642A CN105991642A (en) | 2016-10-05 |
| CN105991642B true CN105991642B (en) | 2019-06-28 |
Family
ID=57040550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510487059.2A Active CN105991642B (en) | 2015-03-19 | 2015-08-10 | Utilize the method for publicly-owned cloud network, privately owned cloud routing server and intelligent apparatus client |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105991642B (en) |
| TW (1) | TWI632465B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302552A (en) * | 2016-10-31 | 2017-01-04 | 四川安慧智城科技有限公司 | A kind of processing method that can effectively supervise router and system safety under large scale deployment |
| CN106941415A (en) * | 2017-01-20 | 2017-07-11 | 深圳市先河系统技术有限公司 | Use the method and private clound equipment, terminal device of private clound equipment |
| TWI698754B (en) * | 2018-05-29 | 2020-07-11 | 普安科技股份有限公司 | Method for managing the access authority to cloud storage and the system therefor |
| CN110691059B (en) * | 2018-07-05 | 2021-09-17 | 资富电子股份有限公司 | Apparatus and method for dynamic virtual private network |
| TWI706281B (en) * | 2019-02-19 | 2020-10-01 | 華東科技股份有限公司 | Device verification method |
| CN113014847B (en) * | 2021-01-27 | 2023-06-06 | 广州佰锐网络科技有限公司 | Method and system for realizing audio and video communication based on hybrid cloud architecture |
| GB2609677A (en) * | 2021-04-13 | 2023-02-15 | Kingston Digital Inc | Private cloud routing server connection mechanism for use in a private communication architecture |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001999A (en) * | 2011-09-09 | 2013-03-27 | 金士顿数位股份有限公司 | Private cloud server and client architecture without utilizing a routing server |
| WO2013171637A1 (en) * | 2012-05-15 | 2013-11-21 | Viber Media Inc. | Nat traversal for voip |
| US8661507B1 (en) * | 1999-12-02 | 2014-02-25 | Western Digital Technologies, Inc. | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
| CN104023085A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security cloud storage system based on increment synchronization |
| CN106161394A (en) * | 2014-10-28 | 2016-11-23 | 金士顿数位股份有限公司 | The method utilizing privately owned routing server, global network and smart client |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ATE416585T1 (en) * | 2003-01-16 | 2008-12-15 | Research In Motion Ltd | SYSTEM AND METHOD FOR EXCHANGING IDENTIFICATION INFORMATION FOR MOBILE STATIONS |
| US9781087B2 (en) * | 2011-09-09 | 2017-10-03 | Kingston Digital, Inc. | Private and secure communication architecture without utilizing a public cloud based routing server |
-
2015
- 2015-05-21 TW TW104116233A patent/TWI632465B/en active
- 2015-08-10 CN CN201510487059.2A patent/CN105991642B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8661507B1 (en) * | 1999-12-02 | 2014-02-25 | Western Digital Technologies, Inc. | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
| CN103001999A (en) * | 2011-09-09 | 2013-03-27 | 金士顿数位股份有限公司 | Private cloud server and client architecture without utilizing a routing server |
| WO2013171637A1 (en) * | 2012-05-15 | 2013-11-21 | Viber Media Inc. | Nat traversal for voip |
| CN104023085A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security cloud storage system based on increment synchronization |
| CN106161394A (en) * | 2014-10-28 | 2016-11-23 | 金士顿数位股份有限公司 | The method utilizing privately owned routing server, global network and smart client |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201635164A (en) | 2016-10-01 |
| TWI632465B (en) | 2018-08-11 |
| CN105991642A (en) | 2016-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105991642B (en) | Utilize the method for publicly-owned cloud network, privately owned cloud routing server and intelligent apparatus client | |
| US11356417B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
| TWI545446B (en) | A method and system for use with a public cloud network | |
| US10237253B2 (en) | Private cloud routing server, private network service and smart device client architecture without utilizing a public cloud based routing server | |
| CN100456739C (en) | Remote access vpn mediation method and mediation device | |
| US9781087B2 (en) | Private and secure communication architecture without utilizing a public cloud based routing server | |
| US9935930B2 (en) | Private and secure communication architecture without utilizing a public cloud based routing server | |
| CN106257888A (en) | Privately owned high in the clouds routing server connection mechanism for privately owned communication construction | |
| CN104408777B (en) | Internet attendance management system and method based on P2P communication realized by NAT traversal | |
| US20170111269A1 (en) | Secure, anonymous networking | |
| CN106161394B (en) | Utilize the method for privately owned routing server, global network and smart client | |
| CN105323138B (en) | Privately owned cloud routing server and smart client framework | |
| GB2496380A (en) | Private cloud server and client architecture using e-mail/SMS to establish communication | |
| US11683292B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
| GB2532832A (en) | Private and secure communication architecture without utilizing a public cloud based routing server | |
| CN111490924A (en) | Portable remote network routing system and establishing method thereof | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
| CN117014251A (en) | Private substance gateway linking mechanism for private communication architecture | |
| TW202345551A (en) | Private matter gateway connection mechanism for use in a private communication architecture | |
| GB2532831A (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
| Bai et al. | The application of VPN technology in the university's library |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |