CN106161394A - The method utilizing privately owned routing server, global network and smart client - Google Patents

The method utilizing privately owned routing server, global network and smart client Download PDF

Info

Publication number
CN106161394A
CN106161394A CN201510186124.8A CN201510186124A CN106161394A CN 106161394 A CN106161394 A CN 106161394A CN 201510186124 A CN201510186124 A CN 201510186124A CN 106161394 A CN106161394 A CN 106161394A
Authority
CN
China
Prior art keywords
clouds
privately owned
routing server
smart client
owned high
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510186124.8A
Other languages
Chinese (zh)
Other versions
CN106161394B (en
Inventor
B·W·陈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kingston Digital Inc
Original Assignee
Kingston Digital Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/526,393 external-priority patent/US9781087B2/en
Application filed by Kingston Digital Inc filed Critical Kingston Digital Inc
Publication of CN106161394A publication Critical patent/CN106161394A/en
Application granted granted Critical
Publication of CN106161394B publication Critical patent/CN106161394B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of method utilizing privately owned routing server, global network and smart client.The method is contained in a client server relationship setting one privately owned high in the clouds routing server and smart client.This privately owned high in the clouds routing server comprises one first message box.This smart client comprises one second message box.This first and second message box is located at this publicly-owned cloud network.The method is also contained in a secured fashion and transmits the conversational message of a checking between this first message box and this second message box.This smart client can mutually communication after providing the checking of safety with this privately owned high in the clouds routing server.The method is also contained in client server relationship and sets another smart client and this privately owned high in the clouds routing server.These two smart client can carry out mutually secret ground and communication safely via this public cloud network.

Description

The method utilizing privately owned routing server, global network and smart client
Technical field
What the present invention generally sayed is to connect (networking) about network, more specifically, is about privately owned The use of cloud network.
Background technology
In Internet connection environment, comprise intelligent mobile phone, tablet PC, electronic book reading machine (eBook Reader), mobile computer, personal computer (PC) and various intelligent device (gadget) (ubiquitous) and nothing are widely used in interior smart client (Smart Device Client) Place is not at (omnipresent).In addition to connectivity (connectivity), smart client Being worth one of them is for being attached whenever and wherever possible capturing from one or more service side or server Service.Such services package containing message, video content, in real time or archive information and the execution of application program, Social Media, message transmission (messaging), Email, store, back up, calendar, telephone directory (contact), Synchronize, share, remote desktop (remote desktop), Internet of Things (Internet of Things;IoT). Other services package contains, between at least two smart client, in real time, secret and the video of safety, Audio frequency, word and application program communication, this is the main target of the present invention.Different types of server is had to watch Take the such different request services from smart client.It is said that in general, the server of such type Following two groups can be classified into: public high in the clouds and privately owned high in the clouds.Belong to the server in public high in the clouds, turn round and look at Name Si Yi, the service provided is often free but function is limited or charges and has more complicated service, And it is mutual with public masses.The example of public cloud server comprises the data center via the Internet, society Media services and storage/content supplier.On the other hand, the server belonging to privately owned high in the clouds often solves private People's demand.Contrary with the service that public high in the clouds is provided, the privately owned service remotely provided more personalise and Secret (personal).
One example system of the application of privately owned cloud server (private cloud server) is a privately owned high in the clouds storage Deposit server (private cloud storage server;PCSS).Privately owned high in the clouds storage server be positioned at by LAN (the local area network of user management;LAN) in.It is for being in this LAN Or Wide Area Network (wide area network;WAN) user in provide online (on-line) and Standby (backup) stores.It is privately owned that user can use a smart client to access whenever and wherever possible Information in the storage server of high in the clouds.Therefore, privately owned high in the clouds storage server and the intelligent dress that is associated Put client and form an example of privately owned cloud server and client framework.
Traditionally, there is many storage server solutions and (comprise Network Attached Storage (network attached storage;NAS), Windows/Mac/Linux server and directly attached storage (direct attached storage;DAS)) to meet the requirement of privately owned high in the clouds storage server.But in this field Challenge one for smart client is lineal for how to avoid as penetrating (penetrate) LAN On router fire wall below and access the privately owned high in the clouds storage server in a family or working environment Loaded down with trivial details (cumbersome) carried out is arranged.Four kinds of solutions are at least existed for this challenge.
A solution system assigns (assign) for the router before the storage server of privately owned high in the clouds Fixing Internet Protocol (IP) address open (open) certain port (port), so that intelligent Device client can be from the outside fix of LAN privately owned high in the clouds storage server can self-authentication (authenticate), firewall-penetrating and with privately owned high in the clouds storage server set up a safety communication letter Road.
When the second solution is applicable to obtain a fixing Internet Protocol address.User configures The LAN router of privately owned high in the clouds storage server open certain port are to map to the storage of privately owned high in the clouds Deposit server.Therefore, it is possible to by the smart client of expection (intended) via Wide Area Network On a Dynamic Networks domain name system (DNS) (Dynamic Networks domain name system (DDNS)) service determine Position router.Smart client can self-authentication, firewall-penetrating and with privately owned high in the clouds store-service The communication channel of a safety set up by device.
The third solution system is to rely on another routing server in Wide Area Network to carry out intelligent dress Put virtual private networks (the virtual private network between client and privately owned high in the clouds storage server; VPN) communication.Virtual private networks communication makes smart client can position the storage of privately owned high in the clouds Server, self-authentication, firewall-penetrating also set up the communication letter of a safety with privately owned high in the clouds storage server Road.
4th kind of solution system is that another routing server in relying on Wide Area Network is to carry out intelligent dress Put RDP (the remote desktop protocol between client and privately owned high in the clouds storage server; Or Virtual Networking Computing (virtual network computing RDP);VNC) communication.Remote desktop is assisted The communication of view/Virtual Networking Computing make smart client can position privately owned high in the clouds storage server, from My checking, firewall-penetrating set up the communication channel of a safety with privately owned high in the clouds storage server.Other solves Certainly scheme can be the mix and match for above-mentioned solution.
In the first situation, need a fixing Internet Protocol address and need to arrange and configuration route Device.It is disadvantageous in that an Internet Protocol cost fixed is higher and logical in family and little corporate environment Chang Wufa obtains.Router is arranged and configuration may be extremely complex and do not have for most consumers User affinity (user-friendly).
In the second situation, a Dynamic Networks domain name system service and router is needed to need more complicated Arrange.Equally, Dynamic Networks domain name system arranges and makes this system cost higher and more complicated.Router sets Putting and configure may be extremely complex and do not have user affinity for most consumers.
In third and fourth kind situation, need to set up external routes server or a service, without Carry out a router setting.External routes server or service are used for controlling and processing smart client And the login (login) between server/checking.Individual's property in privately owned high in the clouds and safety can be due to public clouds End type server or service and reduce.If this server or service are because of any reason break down (down), The then communication of entail dangers to (jeopardize) privately owned high in the clouds storage server and availability.
All such situations all need the technology of specialty, and this is likely to be suited for tradition company's environment, but such feelings (centric deployment) is disposed at the smart client center that border is not particularly suited for satisfying the needs of consumers.
In most of legacy systems, during accessing privately owned cloud server, smart client meeting Use an outside or public high in the clouds type routing server.Use the external server can be to intelligent device client The end owner causes all scrupulous (concern).
First, always there is query in sense of trust, is because of between smart client and privately owned cloud server All communication transactions (transaction) in, routing server one direct line of outside or public high in the clouds type is One intermediate (middleman).It can hold the institute of smart client and privately owned cloud server There is the Internet Protocol address of user accounts information, password and its correspondence.Routing server can be monitored (sniff) communication of any centre make it become dangerous.
Second, as an outside and public high in the clouds type routing server, the business prototype of its owner may not Can be consistent or Tong Bu with the smart client owner always.If routing server is because of any business reason And out of service, the most there is not any means to save the situation (remedy) or replace (replacement) option Recover service.Routing server causes a huge commercial risks to user potentially, is because of in communication Important link (link) but without recourse (recourse) may be damaged.
Traditionally, for the communication between two smart client, both sides all must be public one High in the clouds type server carries out signing to reach real-time video, audio frequency, word or application program communication.As above Described, the fact that have to pass through a public high in the clouds type server based on above-mentioned communication, privacy and safety will Compromise easily.
Accordingly, it would be desirable to a kind of system and method solving the problems referred to above.The present invention i.e. meets this kind of needs.
Summary of the invention
The invention discloses a kind of side utilizing privately owned routing server, global network and smart client Method.The method is contained at least one privately owned high in the clouds routing server and this at least one intelligent device by this Client is arranged to a master slave relation.This at least one privately owned high in the clouds routing server comprises associated there One first message box.This first message box is arranged at this publicly-owned cloud network.This at least one intelligent dress Put client and comprise one second message box associated there.The method is also contained in a secured fashion at this The conversational message of a checking is transmitted between first message box and this second message box.This conversational message system Verified by this privately owned high in the clouds routing server and this at least one smart client.This intelligent device visitor Family end and this privately owned high in the clouds routing server can mutual communications after this conversational message is verified.Then should At least one privately owned high in the clouds routing server by smart client and through this publicly-owned cloud network and Can receive ground based on the conversational message after this checking for safety.The method is also contained in a master slave relation Set another smart client and this privately owned high in the clouds routing server.These at least two intelligent device Client and this privately owned high in the clouds routing server can be verified in this conversational message communicates with each other afterwards.Should At least two smart client can carry out mutually secret ground and safety via this public cloud network The communication on ground.
Accompanying drawing explanation
Figure 1A system is the block chart of tradition high in the clouds network infrastructure development (infrastructure);
Figure 1B system is the block chart of the cloud network capital construction according to an embodiment;
Fig. 2 show can how via configure privately owned cloud server Router_P on LAN and with Physics mode accesses a traditional implementations of privately owned cloud server;
Fig. 3 shows can via registration in a virtual private networks routing server the most logically Access a traditional implementations of privately owned cloud server;
Fig. 4 show can how via registration in (intermediate) routing server in the middle of with logic Mode accesses an embodiment of privately owned cloud server;
Fig. 5 shows can be the most point-to-point via carry out registering in a middle routing server (peer-to-peer) communication and logically access a traditional implementations of privately owned cloud server;
Fig. 6 illustrates the privately owned cloud server routing server according to the present invention and smart client An initial setting up;
Fig. 7 shows the communication flow of the smart client according to the present invention;
Fig. 8 shows the communication flow of the privately owned high in the clouds routing server according to the present invention;
Fig. 9 shows the block chart of the privately owned high in the clouds routing server according to the present invention;
Figure 10 shows the block chart of the smart client according to the present invention;
Figure 11 show smart client according to the present invention as a host side or object end to reach One secret and safety communication flow;And
Figure 12 shows according to the present invention in order to a cloud network capital construction of this secret and the communication of safety Block chart.
Symbol description
100: public high in the clouds
101: smart client
102: router
103: router
104: LAN
105: LAN
106: smart client
107: smart client
108: privately owned high in the clouds routing server
109: smart client
110: smart client
111: smart client
112: middle routing server
113: public cloud server
114: virtual private networks routing server
115: client message box
116: routing server message box
117: public the Internet protocol address
118: privately owned Internet Protocol address
119: public the Internet protocol address
120: privately owned Internet Protocol address
128: private network service
900: processor
902: random access memory
903: network interface
904: input and output
905: non-volatile
907: privately owned high in the clouds routing server driver
908: device driver
909: operating system
1000: processor
1002: random access memory
1003: network interface
1004: input and output
1005: non-volatile
1006: application program
1007: privately owned high in the clouds client driver
1008: device driver
1009: operating system
1100~1116: step
1200: public high in the clouds
1201: smart client
1202:Router_P
1203:Router_S
1204,1205: LAN
1206,1207,1209,1210,1211: smart client
1208: privately owned high in the clouds routing server
1228: private network service
1215: client message box
1216: routing server message box
1217:Public_IP_P
1218:Private_IP_P
1219:Public_IP_S
1220:Private_IP_S
1222,1223,1224,1225: communication path
Detailed description of the invention
The present invention is to connect about network in general, more specifically, is the use about privately owned cloud network. There is provided following description system in order to enable the usual skill in technique to make and to use the present invention, and with Lower explanation system is with a patent application and requires to provide as background.To embodiment described herein and the most former The various retouchings that reason and feature are made will be apparent to for those who familiarize themselves with the technology.Therefore, the present invention is not It is intended to be limited to shown embodiment, and is intended to meet consistent with principle described herein and feature the widest Scope.
In discussion in the whole text within a context, term " client " can be mutual with " smart client " Change.In discussion, term " router " typically can be with " gateway (gateway) ", " access point " And/or " network address transmission " (network address translation;NAT) exchange.
A system in accordance with the present invention and method can solve in an environment satisfied the needs of consumers wide for one The following challenge of the smart client in the network of territory, and then can obtain from a privately owned high in the clouds Storage server (PCSS) or any privately owned cloud server (Private Cloud Server;PCS) Service:
Access privately owned cloud server (PCS) the most whenever and wherever possible.
2. after fire wall, access PCS with fixing or dynamic Internet Protocol address.
3. in Wide Area Network, need not an outside or public high in the clouds type routing server.
4. in LAN, need not extra router arrange.
5. utilize PCS to verify.
6. the communication channel of a safety is set up with PCS.
If such challenge can be tackled and solved, then can simple because of plug and play (plug and play) Property and availability, and the deployment of privately owned cloud server and service is by build up index mode.By not utilizing one Public high in the clouds type routing server, also can eliminate this technology and business misgivings.In the capital construction of privately owned high in the clouds, It is used to service and Internet of Things (Internet of Things on storage, long-range table;IoT) privately owned high in the clouds Server can allow people can afford and be widely used.
In the environment of privately owned high in the clouds, if the privately owned cloud server of more than one or service coexist, then by private simultaneously The function having cloud server is divided into two mac function (to comprise privately owned high in the clouds route service and private network Service) it is for favourable.Private network service (Private Network Service;PNS) it is designed to Wired or wireless private network environment is managed by smart client and accesses.Private network The example of service comprises: provide the apps server of agreement (RDP), virtual network meter on long-range table The application that calculation, office tools, media player and other user are special.Private network service also may be used It it is the storage of privately owned cloud service and the storage area (storage) that comprises upper terabyte (terabyte) as one Deposit server.The function of the privately owned high in the clouds route service of multiple privately owned cloud servers can be polymerized (aggregate) in becoming only one privately owned high in the clouds routing server (PCRS) together.Privately owned high in the clouds Routing server generally can be referred to as a privately owned high in the clouds router.
A system in accordance with the present invention and method can solve the following challenge in the environment satisfied the needs of consumers, To utilize the smart client in Wide Area Network to manage and access from privately owned high in the clouds route clothes The private network service (PNS) of business device (PCRS).
Access privately owned high in the clouds routing server (PCRS) the most whenever and wherever possible.
2. after fire wall, access PCRS with fixing or dynamic Internet Protocol address.
3. in Wide Area Network, need not an outside or public high in the clouds type routing server.
4. in LAN, need not extra router arrange.
5. utilize privately owned high in the clouds routing server (PCRS) to verify.
6. set up the communication channel of a safety with private network service (PNS) to be managed and to access.
If privately owned high in the clouds routing server (PCRS) can meet above-mentioned challenge, then from different manufacturers and Heterogeneity (heterogeneous) the privately owned cloud server of supplier (vendor) can be broken down into simpler Single private network service also eliminates the complexity that privately owned high in the clouds arranges, configures and access.
The purpose system of a system in accordance with the present invention and method is for providing a privately owned high in the clouds routing server (PCRS), private network service and client framework and do not utilize a routing server.According to the present invention This system and method can solve above-mentioned challenge so that a client can access whenever and wherever possible private network clothes Business (PNS).This system and method also accesses PNS with fixing or dynamic Internet Protocol after a fire wall, In Wide Area Network, need not extra router arrange and public high in the clouds type routing server, utilize PCRS verifies, and directly and PNS sets up the communication channel of a safety.
As shown in Figure 1A, a cloud network capital construction comprises the public high in the clouds of be positioned in Wide Area Network 100, middle routing server 112, VPN routing server 114 of public cloud server 113, One smart client 101 and a Router_P 102 and a Router_S 103.Router_S 103 are connected between the Internet in a LAN 105 and public high in the clouds 100.Router_P 102 is even It is connected between the Internet in a LAN 104 and public high in the clouds 100.It is for intelligence after LAN 104 Can type device client 106,107 and privately owned cloud server (PCS) 108.At LAN 105 Rear system is smart client 109,110 and 111.Smart client can be to be people's meter Calculation machine, mobile computer, tablet PC, electronic book reading machine, global positioning system (GPS), Intelligent electric depending on box (set top box) on, machine, MP3 player or any can the embedded that connects of network (embedded) device.
Beyond the clouds in network infrastructure development, smart client is represented as 101,106,107,109, 110 and 111.Above smart client therein any one context and discuss in interchangeable. This discussion focuses on smart client 109, and within a context with it as representative.
Physically, a smart client 101,107 or 109 is connectable to privately owned cloud server The situation of 108 has three kinds.First, smart client 107 judges whether target is positioned at local and can deposit Take in the LAN 104 of (locally accessible) and determine to be connected directly to privately owned cloud server 108.Second, smart client 101 judges that target is not positioned at the accessible LAN 104 in local In and determine to be connected to public high in the clouds 100 via Wide Area Network.Wide Area Network is to Router_P 102 and local Network 104 positions, and is then connected to privately owned cloud server 108.3rd, intelligent device visitor Family end 109 judges that target is not positioned in the accessible LAN 105 in local and determines through LAN 105, Router_S 103 the public high in the clouds 100 that is connected in Wide Area Network.
Then Router_P 102 and LAN 104 are positioned also by smart client 109 It is connected to privately owned cloud server 108.The first and the second situation system are two kinds of special circumstances and are to be The derivation (derivative) of three kinds of situations.Therefore, higher 3rd feelings of wider and complexity are focused on It is for useful on border.
Fig. 2 shows can be how by configuring privately owned cloud server 108 on LAN 104 Router_P 102 and access a traditional implementations of privately owned cloud server 108 for physically.Right Router_P 102 carries out configuration and relates to two steps.First, user needs privately owned cloud server 108 Privately owned Internet Protocol address map to the particular port in Router_P 102, such as institute in step 200 Show.Second, user needs the Router_P's 102 by trustship (host) privately owned cloud server 108 A public the Internet protocol address middle routing server 112 in Wide Area Network is registered, such as step Shown in 201.Before smart client 109 can access privately owned cloud server 108, it is looked into Middle routing server 112 is looked for carry out with the public the Internet protocol address to privately owned cloud server 108 fixed Position, as shown in step 202.As shown in step 203, then smart client 109 can be opened Beginning to access the predetermined port of Router_P 102, wherein the predetermined port of Router_P 102 is accurately mapped to The privately owned Internet Protocol address of privately owned cloud server 108.
The configuration of Router_P 102 and the setting of middle routing server 112 are the easiest And can be extremely difficult for most of terminal users.Additionally, by by privately owned cloud server 108 Privately owned Internet Protocol address map to one can directly and the port of permanent addressing may be to private by the external world Cloud server 108 is had to cause a big security risk.
Privately owned cloud server 108 directly and is exposed permanently to the external world, and this can cause many pernicious attacks.This Outward, middle routing server 112 is to be a public high in the clouds type server.This gives smart client 109 The owner cause all scrupulous.First, always there is query in sense of trust, is because of in smart client In all communication transactions between 109 and privately owned cloud server 108, middle routing server 112 1 is lineal It it is an intermediate.It can hold smart client 109 and all of privately owned cloud server 108 make The Internet Protocol address of user's accounts information, password and its correspondence.Middle routing server 112 can Listen to any communication of centre and make it become dangerous.
Second, as an outside or public high in the clouds type routing server, the business of middle routing server 112 Pattern may will not be consistent or Tong Bu with the owner of smart client 109 always.If middle route Server 112 is out of service because of any business reason, the most there is not the option of any means to save the situation or replacement Recover service.It causes a huge commercial risks to user potentially, is because of the important chain in communication But without recourse may be damaged in road.
Fig. 3 shows can be how via carrying out registering and to patrol in a virtual private networks routing server 114 The mode of collecting accesses a traditional implementations of privately owned cloud server 108.One virtual private networks is being carried out Arranging period, privately owned cloud server 108 is first by its public the Internet protocol address and privately owned the Internet thereof Protocol address is registered in a virtual private networks (VPN) routing server 114 and keeps logging in (logging In), as shown in step 300.Smart client 109 is also by its public the Internet protocol address And privately owned Internet Protocol address aligns, such as step with same virtual private networks routing server 114 Shown in 301.Virtual private networks routing server 114 is privately owned cloud server and intelligent device visitor Both family ends 109 distribution virtual IP address also sets up a virtual private networks 302.Now, intelligence Can type device client 109 be to be located at virtual private networks routing server with privately owned cloud server 108 In same virtual internet protocol territory (domain) under 114 controls.Smart client 109 with All communication systems between privately owned cloud server 108 are packed according to virtual private networks agreement.
In step 303, smart client 109 logs in virtual private networks routing server 114 And search the virtual IP address of privately owned cloud server 108.In step 304, by virtual private Network routing server 114 is had to intercept and encapsulate smart client 109 and privately owned cloud server All communications between 108.As shown at step 305, smart client 109 can then begin to deposit Take privately owned cloud server 108.
Contrary with the method disclosed by Fig. 2, virtual private networks routing server method is by not routeing Device configures and benefits.Therefore so that arrange and be more prone to for user.But, due to must be through Carried out all communications by a public high in the clouds type routing server, identical (even if will not be more serious) can be suffered Business misgivings.As a public high in the clouds type server, virtual private networks routing server 114 can be to intelligence The user of energy type device client 109 causes all scrupulous.First, always there is query in sense of trust, be because of During all communication transactions between smart client 109 and privately owned cloud server 108, virtual Private network routing server 114 1 direct line is an intermediate.It can hold smart client 109 And all user information, password and the Internet Protocol address of correspondence thereof of privately owned cloud server 108. Virtual private networks routing server 114 can listen to any communication of centre and make it become dangerous. Second, as an outside and public high in the clouds type routing server, virtual private networks routing server 114 Business prototype may will not be consistent or Tong Bu with the owner of smart client 109 always.If it is virtual Private network routing server 114 is out of service because of any business reason, the most there is not any side of remedying The option of method or replacement recovers service.Unless the owner controls virtual private networks routing server completely, Otherwise, it causes a huge commercial risks to user potentially, is because the important link in communication may But without recourse can be damaged.
Fig. 4 shows how can logically to access private via registration in a middle routing server 112 There is an embodiment of cloud server 108.In step 400, first privately owned cloud server 108 will Its public the Internet protocol address Internet Protocol address privately owned with it is stepped in a middle routing server 112 Note also obtains one group of ID and password from server.Smart client 109 is then public because of spy by it FidonetFido address and privately owned Internet Protocol address thereof are registered and are obtained in same middle routing server 112 One group of ID and password, as shown in the step marked with literal 401.Privately owned cloud server 108 logs in middle route service Device 112, as shown at step 402.
Before smart client 109 can access privately owned cloud server 108, it is necessary to carry out many Individual step.First, smart client 109 is via a safe lane (such as call, electronics Mail, text message or snail mail (snail mail)) obtain privately owned cloud server 108 from server ID and password, as shown in step marked with literal 403.Then smart client 109 utilizes their own Routing server 112 in the middle of ID and the ID of privately owned cloud server 108 obtained and password login, As shown in the step marked with literal 404.Intercepted and encapsulate smart client 109 by middle routing server 112 And all communications between privately owned cloud server 108, as shown in step 405.Finally, intelligent device Client 109 can start to access privately owned cloud server 108, as shown in step 406.
Contrary with the traditional method shown in Fig. 2, middle routing server method is by cancellation configuration of routers Benefit.Therefore so that arrange and be more prone to for user.But, due to must be public via one High in the clouds type routing server carries out all communications, turned round and look at by the business of identical (even if will not be more serious) Consider.
As a public high in the clouds type server, middle routing server 112 can be to smart client The owner of 109 causes all scrupulous.First, always there is query in sense of trust, is because of intelligent device visitor During all communication transactions between family end 109 and privately owned cloud server 108, middle routing server 112 System is an intermediate.It can hold all of smart client 109 and privately owned cloud server 108 The Internet Protocol address of user accounts information, password and its correspondence.Middle routing server 112 energy Enough listen to any communication of centre and make it become dangerous.
Second, as an outside and public high in the clouds type routing server, the business of middle routing server 112 Pattern may will not be consistent or Tong Bu with the owner of smart client 109 always.If middle route Server 112 is out of service because of any business reason, the most there is not the choosing of any means to save the situation or replacement Item recovers service.It causes a huge commercial risks to user potentially, is important because of in communication Link may damage but without recourse.
Fig. 5 shows can be how via the point-to-point communication carrying out registering in a middle routing server 112 Logically access an embodiment of privately owned cloud server 108.In step 500, privately owned high in the clouds Server 108 first by its public the Internet protocol address and privately owned Internet Protocol address thereof on a middle road By registration in server 112 and obtain one group of ID and password from server.Smart client 109 Then by its public the Internet protocol address and privately owned Internet Protocol address thereof in same middle route service Device 112 is registered and obtains one group of ID and password, as shown in step 501.Privately owned cloud server 108 And smart client 109 logs in middle routing server 112, as shown in step 502.
Before smart client 109 can access privately owned cloud server 108, it is necessary to carry out many Individual step.First, smart client 109 and privately owned cloud server 108 are from middle route service Device obtains the public the Internet protocol address of the opposing party and privately owned Internet Protocol address, such as institute in step 503 Show.Both sides make a call to one during attempting with the initial outputting communication carried out each other in its respective router Hole, as shown in step 504.Institute between smart client 109 and privately owned cloud server 108 There is communication to be all bound to together, and then set up a point-to-point communication channel betwixt, as shown in step 505. Finally, smart client 109 can start to access privately owned cloud server 108, as in step 506 Shown in.
Contrary with the traditional method of Fig. 2, Fig. 3 and Fig. 4, the middle routing server method tool of the present embodiment Have and set up the benefit of point-to-point communication between a client and a server and more preferably usefulness is provided.But, still Can suffer all communications all via single public high in the clouds type routing server " Single Point of Faliure " problem.Make Being a public high in the clouds type server, middle routing server 112 can be to the institute of smart client 109 The person of having causes all scrupulous.First, always there is query in sense of trust, be because of middle routing server 112 be for One intermediate, it holds all user of smart client 109 and privately owned cloud server 108 The Internet Protocol address of accounts information, password and its correspondence.
Second, as an outside and public high in the clouds type routing server, the business of middle routing server 112 Model may will not be consistent or Tong Bu with the owner of smart client 109 always.If middle route Server 112 is out of service because of any business reason, the most there is not the choosing of any means to save the situation or replacement Item recovers service.It causes a huge commercial risks to user potentially, is important because of in communication Link may damage but without recourse.
A system in accordance with the present invention and method are better than the great advantage therein of above-mentioned traditional method and exist In eliminating the role of public high in the clouds type routing server during accessing, as at virtual private networks route clothes In the situation of business device or middle routing server typically.It is a further advantage of the present invention that in intelligent device The secret informations such as such as account password are no longer exchanged between client 109 and privately owned cloud server 108.
Figure 1B system is the block chart of the cloud network capital construction according to an embodiment.With reference Figure 1A The assembly that the assembly of elaboration is identical has identical labelling.But, in this embodiment, also there are two and disappear Breath box: client message box message_box_S 115 and routing server message box message_box_P 116, the purposes of these two message box will be described in detail below.
As shown in Figure 1A, it is private for smart client 106,107, after LAN 104 There are high in the clouds routing server (PCRS) 108 and a private network service (PNS) 128.Figure 1A Central Plains The privately owned cloud server (PCS) 108 having has changed into the privately owned high in the clouds of in Figure 1B routing server (PCRS) 108 and a private network service (PNS) 128.It is for intelligent after LAN 105 Device client 109,110 and 111.Smart client can be to be a personal computer, notes type Computer, tablet PC, electronic book reading machine, global positioning system, intelligent electric regard, box on machine, MP3 player or any can network connect embedded device.Such smart client net beyond the clouds Network capital construction is represented as 101,106,107,109,110 and 111.Above intelligent device Client therein any one context and discuss in interchangeable.This discussion focuses on intelligent device client End 109, and in this context using it as representative.
For inventive feature is explained in more detail, referring now to Fig. 6, Fig. 7 and Fig. 8, wherein Fig. 6, Fig. 7 And Fig. 8 contains initial setup phase and the access phase of the present invention.
Fig. 6 illustrates the privately owned high in the clouds routing server 108 according to the present invention and smart client 109 An initial setting up.Privately owned high in the clouds routing server 108 and smart client 109 form a principal and subordinate (server-client) relation.Privately owned high in the clouds routing server 108 is first with client account title and right The message box information answered sets up an authorized client inventory.Message box information can be the electronics postal for client The form of the public accounts information of part account, text message account or other uniqueness.
In step 601, in routing server 108 side, privately owned high in the clouds, it sends a conversational and invites to making For one of them the message_box_S 115 of expection smart client 109 of the person of being authorized to use. This conversational is invited can comprise routing server message box address message_box_P 116.Privately owned high in the clouds road It is then attempt to capture conversational from routing server message box message_box_P 116 by server 108 deposit Taking request, this conversational access request comprises client message box address message_box_S 115, client End public the Internet protocol address Public_IP_S 119 and privately owned Internet Protocol address private_IP_S 120, as shown in step 602.
If access request system is invalid, then it is back to step 601.If access request system is effective, then Privately owned high in the clouds routing server 108 registers the client message box 115 of smart client 109, public affairs With Internet Protocol address 119 and privately owned Internet Protocol address 120, as shown in step 604. Privately owned high in the clouds routing server 108 send one carry its current routing server public the Internet protocol address and The conversational of privately owned Internet Protocol address public_IP_P 117 and private_IP_P 118 confirms to client End message box message_box_S 115, as shown in step 605.Privately owned high in the clouds routing server 108 Can start to send to smart client 109, as shown in step 606 communication request.
In smart client 109 side, first it capture from the messge_box_S 115 of their own Conversational is invited, as shown in step 611.The conversational invitation packet message containing privately owned high in the clouds routing server Box address message_box_P 116.If the invitation system from privately owned high in the clouds routing server 108 is invalid , then it is back to step 611.If the invitation system from privately owned high in the clouds routing server 108 is effective, Then a conversational access request can be returned back to privately owned high in the clouds routing server by smart client 109 108 message box message_box_P 116, to need to access privately owned high in the clouds routing server 108 whenever it Its current client message box address of Shi Dengji, public the Internet protocol address and privately owned Internet Protocol ground Location, as shown in step 613.Conversational access request can comprise smart client 109 message box Address message_box_S 115 and client public Internet Protocol address and privately owned Internet Protocol Address public_IP_S 119 and private_IP_S 120.Smart client 109 is then from visitor Family end message_box_S 115 captures and carries the public the Internet agreement that privately owned high in the clouds routing server is current The conversational of address and privately owned Internet Protocol address public_IP_P 117 and private_IP_P 118 is true Recognize, as shown in step 614.Smart client 109 can start to send to privately owned communication request High in the clouds routing server, as shown in step 615.After these two independent processes, just complete privately owned cloud End routing server 108 and the initial setting up of smart client 109.
Message box server for Entrust Server or client message box can be to be an E-mail service Device, text message service device, maybe can be privately owned high in the clouds routing server 108 (as a server) and intelligence Any kind of the information exchange trustship security message between energy type device client 109 (as a client) Server.In the industry cycle, safety and the business prototype person of having been used of message box server knows and expects. No matter cause message box server fail because of any reason, its all can be replaced immediately or be redeployed and Not communication between server and client in entail dangers to privately owned high in the clouds capital construction.
Fig. 7 shows the communication flow of the smart client 109 according to the present invention.Intelligent device visitor Family end 109 can be not via middle routing server 112 or a virtual private networks routing server 114 In the case of start with privately owned high in the clouds routing server 108 carry out point-to-point communication.Smart client First a communication request through its Router_S 103 is sent to privately owned high in the clouds routing server 108 by 109 Router_P 102, as indicated in step 700.Router_S 103 registers smart client 109 With public the Internet protocol address and the privately owned Internet Protocol address of privately owned high in the clouds routing server 108, as Shown in step 701.Router_S103 output route keeps open, so make a call to a hole and wait from The response of privately owned high in the clouds routing server 108, as shown in step 702.Then Router_S 103 checks Incoming (incoming) whether is had to respond from privately owned high in the clouds routing server 108, such as institute in step 703 Show.If incoming response system is invalid and overtime, the then initialization procedure of smart client 109 Restart, as shown in step 708.If its non-overtime, then it is back to step 702.But, if passing It is effective for entering response system, then Router_S 103 understands incoming public by privately owned high in the clouds routing server 108 Internet Protocol address and privately owned Internet Protocol address are registered output with smart client 109 Privately owned Internet Protocol address is bound, as shown in step 704.Then will be from privately owned high in the clouds route service The incoming request of device 108 routes to smart client 109, as shown in step 705.Intelligent Device client 109 can start to carry out safe point-to-point communication selfishness with privately owned high in the clouds routing server 108 There is high in the clouds routing server 108 access service, as shown in step 706.
Fig. 8 shows the communication flow of the privately owned high in the clouds routing server 108 according to the present invention.Privately owned high in the clouds road Can be not via a middle routing server 112 or a VPN routing server 114 by server 108 In the case of start with smart client 109 carry out point-to-point communication.Privately owned high in the clouds routing server 108 communication request first passing through its Router_P 102 by send to smart client 109 Router_S 103, as indicated in step 800.Router_P 102 is then in response in the communication request of output And register the public the Internet agreement ground of smart client 109 and privately owned high in the clouds routing server 108 Location and privately owned Internet Protocol address, as shown in step 801.The output route of Router_P 102 keeps Open, and then make a call to a hole and wait the response from smart client 109, as in step 802 Shown in.Router_P 102 checks whether have incoming response, to determine whether that incoming response is from intelligence Type device client 109, as shown in step 803.If incoming response system is invalid and its overtime, The initialization procedure of privately owned high in the clouds routing server 108 reappears and starts, as shown in step 808.If its Non-overtime, then be back to step 802.But, if incoming response system is effective, then Router_P 102 Can be by the incoming public the Internet protocol address of smart client 109 and privately owned Internet Protocol address Bind, such as step with the privately owned Internet Protocol address of output of being registered of privately owned high in the clouds routing server 108 Shown in 804.Then the incoming request from smart client 109 is routed to privately owned high in the clouds road By server 108.Privately owned high in the clouds routing server 108 can start to carry out with smart client 109 Safe point-to-point communication also receives the access of service from smart client 109, such as step 806 Shown in.
For guaranteeing point-to-point communication channel safety, dispose many safety measures, comprise AES encryption and/or peace Fully enclosed layer agreement (secure socket layer;And transport layer security agreement (transport layer SSL) security;TLS).Conversational communication between server and client (comprises invitation, access request and really Recognize) also utilize random number seed (random number seed), time stamp (time stamp), add Close and hashing (hashing) is defeated go-between (man-in-the middle) and fights back from public The attack in high in the clouds, to guarantee the safety of communication and complete.
Owing to the present invention is independent of a public high in the clouds type routing server, therefore can solve and alleviate intelligent device Client is possessory all scrupulous.First, the most there is not Single Point of Faliure.The Two, any communication transaction phase between smart client 109 and privately owned high in the clouds routing server 108 Between there is not intermediate.Therefore, usefulness can be more preferably.3rd, any communication that can make centre is the most monitored, Hence in so that process is the safest for client and server.Smart client 109 and private Have high in the clouds routing server 108 user accounts information, password and correspondence thereof Internet Protocol address from It is not exposed to a public high in the clouds.Between smart client 109 and privately owned high in the clouds routing server 108 Information exchange in the external communication channel that utilized be only to be two private message box message_box_S 115 and message_box_P 116.In privately owned high in the clouds routing server 108 and smart client Never encrypted message is exchanged between 109 (as clients).The safety of communication with for trustship The message box server of message_box_S 115 and message_box_P 116 is the best.If because of any former Thus make message box be compromised or out of service, then can dispose another immediately and replace or standby message box.At this In invention, replaceable any key component (comprises router, the network switch, message box, intelligent dress Put client 109 or privately owned high in the clouds routing server 108) without affecting intelligent device client The efficiency of the communication link between end 109 and privately owned high in the clouds routing server 108 and integrity.
Fig. 9 shows the block chart of the privately owned high in the clouds routing server 108 according to the present invention.It comprises a process Device 900, random access memory (RAM) 902, network interface 903, input and output (input/output; I/O) 904 and non-volatile (non-volatile storage) 905.Non-volatile 905 more accommodate an operating system (operating system;OS) 909, device driver 908 and private There is high in the clouds routing server driver 907.
Network interface 903 is connectable to LAN, Wide Area Network or 3G/4G network.Input and output 904 is the User's Interface for being connected to the external world, comprises such as keyboard, mouse, message and video signal etc. defeated Enter output device.Non-volatile 905 is mounted with the software of necessity and (comprises operating system and various dress Set driver).
Privately owned high in the clouds routing server driver 907 be deployed in order to from smart client 109 The client driver communication of correspondence privately owned high in the clouds.The routing server driver 907 initiation invitation of privately owned high in the clouds, Process access request, then will confirm that and send back smart client 109.Subsequently, it sends communication Request makes a call to a hole to smart client 109 and along outbound course in its router.Once from The incoming request of smart client arrives the hole beaten, and both-way communication channel is just bound to together. Privately owned high in the clouds routing server driver 907 can start to carry out point of safes pair with smart client 109 Point communication.
Figure 10 shows the block chart of the smart client 109 according to the present invention.Intelligent device visitor Family end 109 comprises a processor 1000, RAM 1002, network interface 1003, input and output (I/O) 1004 and a non-volatile 1005.Non-volatile 1005 further includes an operating system (OS) 1009, one device driver 1008 and a privately owned high in the clouds client driver 1007.Intelligence Type device client 109 also can be mounted with application program 1006 to lead to privately owned high in the clouds routing server 108 News.Network interface 1003 is connectable to LAN, Wide Area Network or 3G/4G network.
Input and output 1004 are the User's Interface for being connected to the external world, comprise such as touch pad, message And the input/output unit such as video signal.Non-volatile can be for hard disk storage or flash type (flash Based) solid magnetic disc (solid state disk).In non-volatile 1005, it is mounted with necessity Software (comprising OS and device driver).Privately owned high in the clouds client driver 1007 be deployed in order to Correspondence privately owned high in the clouds routing server driver 907 communication from privately owned high in the clouds routing server 108.Private There is high in the clouds client driver 1007 to invite in response to server, and reply with access request, then accept Confirmation from privately owned high in the clouds routing server 108.Subsequently, it sends communication request to privately owned high in the clouds route Server 108 also makes a call to a hole along outbound course in its router.
Once the incoming request from privately owned high in the clouds routing server 108 arrives the hole beaten, and both-way communication is believed Road is just bound to together.Smart client 109 can start and privately owned high in the clouds routing server 108 Carry out safe point-to-point communication.Private network service 128 then can be by smart client via public High in the clouds 100 is managed and accesses.Middle wording " access " or " can access " contain management maybe can manage The meaning of reason.
Consider for usefulness, in certain environments, privately owned high in the clouds routing server 108 and corresponding router Router_P 102 can be to be an entity.In any case of these two kinds of situations, privately owned high in the clouds route clothes Business device 108 attainable any private network service all can be by smart client via public high in the clouds 100 access.
Figure 11 is shown mounted on a privately owned high in the clouds program of this smart client.This privately owned high in the clouds journey Sequence provides three kinds of functions for this smart client.This functional packet contains, in this privately owned high in the clouds road Under server, how such as same host side (host) initial one conversational communication, the most same visitor Body end (guest) adds a conversational communication and enters in entity LAN (physical LAN) or void Intend the upper palp service of LAN (virtual LAN).The left side of this communication flow represents a main frame How end (host) smart client initiates a conversational communication.The bottom right side table of this communication flow Show how object end (guest) smart client receives a communication and invite and add this conversational communication.
Figure 12 show be used between smart client and via this publicly-owned high in the clouds for this secret and One cloud network capital construction of safety communication.This smart client 1201,1211 and 1221, Respectively via this communication path 1222,1224 and 1223, can arrange with the structure of aforementioned Fig. 6,7 and 8 In this privately owned high in the clouds routing server 1208.It is virtual that this privately owned high in the clouds routing server 1208 then sets up one LAN (figure do not illustrate) with allow this privately owned high in the clouds routing server 1201,1211 being authorized to and 1221 participate in this Virtual Local Area Network such as member.A this smart client 1201 such as host side (host) program via this installation can an initial secret and the communication of safety.This intelligent device client End 1211 or 1221 can be invited also as an object end (guest) receives this communication via the program of this installation With the communication-type session that this host side smart client 1201 carries out this secret and safety.
As shown in Figure 11 and 12, when a smart client 1201 is intended to such as a host side (host) Initial one conversational communication, this installation (locat) is in the program first warp of this host side smart client Arranged and login (log-in) to this privately owned high in the clouds routing server (Private Cloud by this communication path 1222 Routing Server)1100.In step 1102, it is being arranged at this privately owned high in the clouds routing server 1208 Afterwards, under this server, add this Virtual Local Area Network (figure does not illustrates).This smart client As a host side 1104,1105 promises the communication that engages in conversation.This program allows this smart client 1201 set up and trustship (host) communication-type session (communication session) 1106.This program Broadcast this host side session to invite communication object end 1107.Afterwards, this program is cognizable object end 1108 start scanning.Once this object end is authorized to, and this smart client 1201 can be such as a master Machine end and this authorized object end smart client initial secret and the communication 1109 of safety.This private Close and safe communication comprises video (video), audio frequency (audio), word (text) or application program (application) communication.This application program system is all by this host side and a program of object end identification (program), effectiveness (utility), operation (operation) or remote desktop (remote desk).
When this smart client 1211 or 1221 is intended to lead to as an object end 1104,1105 adds one News formula session, this program is installed on this object end smart client the most respectively via this communication path 1224 or 1223 arrange and log into this privately owned high in the clouds routing server 1100.In arranging this privately owned high in the clouds road After server 1208, it adds this Virtual Local Area Network (figure does not illustrates) in step 1102.Should Smart client such as object end 1104,1105 promises the communication that engages in conversation.This program waits that one leads to News invitation 1112.Once it receives a communication invitation, this smart client 1211 or 1221 such as one Object end can add a communication-type session.This program then proceeds by for cognizable host side 1113 Scanning.When defining this host side, this program logins checking by this communication of this host side 1114.When Being authorized to, this smart client then can add this conversational communication 1115.This intelligent device client End 1211,2121 such as one object end 1116 and this host side smart client 1201 initial secret And the communication of safety.The communication of this secret and safety comprises video, audio frequency, word or application program communication. This application program can be all by this host side and a program of object end identification, effectiveness, operation or long-range table Face.
In other embodiments of the invention, this smart client can take with in this privately owned high in the clouds route In this entity LAN under business device or this Virtual Local Area Network, to set up one private in any palp service Close and safe communication.As shown in Figure 11 and 12, when this smart client 1201,1211 or 1221 arrange and log into this privately owned high in the clouds routing server 1208, and it can be via this communication path 1225 Access any this entity LAN under this privately owned high in the clouds routing server or Virtual Local Area Network Palp private network service 1110,1228.This private network services package contains message, video content, reality Time or archive information and the execution of application program, Social Media, message transmission (messaging), electricity Sub-mail, store, back up, calendar, telephone directory (contact), synchronize, share, remote desktop (remote Desktop), Internet of Things (Internet of Things;IoT) and other.
Although elaborating the present invention according to illustrated embodiment, but the usual skill in technique will be easily Know, such embodiment can be changed and such change will be in spirit and scope of the present invention.Therefore, Usual skill under conditions of without departing substantially from the spirit and scope of appended claims, in technique Many retouchings can be made.

Claims (21)

1., for a method for a public cloud network, the method comprises:
One at least one privately owned high in the clouds routing server and at least one smart client are arranged Becoming a master slave relation, wherein this at least one privately owned high in the clouds routing server comprises associated there one first Message box, this first message box is positioned on a public cloud network;Wherein this at least one intelligent device visitor Family end comprises one second message box associated there;This second message box is positioned on this public cloud network;
Between this first message box and this second message box, conversational message is transmitted, wherein with a secured fashion This conversational message is by this at least one privately owned high in the clouds routing server and this at least one intelligent device visitor Family end checking, wherein this at least one smart client and this at least one privately owned high in the clouds routing server exist This conversational message is mutual communication after being verified, and wherein at least one private network service is subsequently based on this The conversational message being verified by this at least one smart client via this public cloud network safety Ground access;And
One at least one another smart client is set into this master slave relation, wherein disappears in this conversational Breath be verified after, this at least one smart client and this at least another smart client with This at least one privately owned high in the clouds routing server is linked up, wherein this at least one smart client and this at least One another smart client secret and safely via this mutual communication of public cloud network.
2. the method for claim 1, it is characterised in that wherein this at least one privately owned high in the clouds road Comprised by server:
One calculates device;
A connection of a network is led to via a router;
One program, in order to make this at least one privately owned high in the clouds routing server:
A () creates and manages an authorized client inventory, to accommodate multiple smart client;
B () sends a conversational and invites to this second message box;
A c conversational that () receives this at least one smart client from this first message box is deposited Take request;And
D () sends a conversational and confirms to this second message box.
3. method as claimed in claim 2, it is characterised in that wherein this program makes this at least one private There is a high in the clouds routing server:
E () sends a communication request to this at least one smart client;
F () makes a call to a hole in this router, so that a smart client response keeps open and treats Certainly;
G () waits that this router binds this at least one smart client and this at least one privately owned high in the clouds A network between routing server connects;
H an incoming request from this at least one smart client is routed to this at least one private by () There is high in the clouds routing server;
I () and this at least one smart client set up a safe point-to-point communication;
J () makes this at least one smart client access this at least one private network service;And
K () makes the communication of a secret and safety in this at least one smart client and this is at least one another Carry out between one smart client.
4. method as claimed in claim 2, it is characterised in that wherein this at least one intelligent device client End comprises:
One calculates device;
A connection of a network is led to via a router;
Wherein this router has a program, and this program makes this at least one smart client:
A () captures a conversational from a smart client message box and invites;
B () sends a conversational access request to a privately owned high in the clouds routing server message box;
C () captures a conversational from this smart client message box and confirms;
D () sends a communication request to this at least one privately owned high in the clouds routing server;
E () makes a call to a hole in this router, so that a privately owned high in the clouds routing server response keeps Open co-pending;
F () waits that this router binds this at least one privately owned high in the clouds routing server and this at least one intelligence A network between energy type device client connects;
G () will route to this extremely from an incoming request of this at least one privately owned high in the clouds routing server A few smart client;
H () and this at least one privately owned high in the clouds routing server set up a safe point-to-point communication;
I () is via this at least one privately owned high in the clouds routing server access private network service;And
K () is via this at least one privately owned high in the clouds routing server and this at least one another intelligent device Client carries out communication.
5. method as claimed in claim 2, it is characterised in that wherein this at least one intelligent device client End comprises:
One calculates device;
Towards a network one is wired and one of them of wireless connections;
Having an appendage, this appendage makes this at least one smart client:
A () captures a conversational from a smart client message box and invites;
B () sends a conversational and returns back to a privately owned high in the clouds routing server message box;
C () captures a conversational from this smart client message box and confirms;
D () sends an access request to this at least one privately owned high in the clouds routing server;
E () waits a privately owned high in the clouds routing server response;
F () binds this at least one privately owned high in the clouds routing server and this at least one intelligent device client A network between end connects;
G () will route to this extremely from an incoming request of this at least one privately owned high in the clouds routing server A few smart client;
H () and this at least one privately owned high in the clouds routing server set up a safe point-to-point communication;
I () is via this at least one privately owned high in the clouds routing server access private network service;And
J () is via this at least one privately owned high in the clouds routing server and this at least one another intelligent device Client carries out communication.
6. method as claimed in claim 4, it is characterised in that this program performs:
Access this at least one privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this at least one privately owned high in the clouds route is accessed with fixing or dynamic Internet Protocol address Server;Wherein this at least one smart client need not an outside or public cloud in Wide Area Network End type routing server;In LAN LAN, need not extra router arrange;And with this extremely A few privately owned high in the clouds routing server sets up a point-to-point communication channel of safety;
Via this at least one privately owned high in the clouds routing server access private network service;And
Enter with this at least one another smart client via this at least one privately owned high in the clouds routing server Row communication.
7. method as claimed in claim 5, it is characterised in that this program performs:
Access this at least one privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this at least one privately owned high in the clouds route is accessed with fixing or dynamic Internet Protocol address Server;Wherein this at least one smart client need not an outside or public cloud in Wide Area Network End type routing server;In LAN LAN, need not extra router arrange;And with this extremely A few privately owned high in the clouds routing server sets up a point-to-point communication channel of safety;
Via this at least one privately owned high in the clouds routing server access private network service;And
Enter with this at least one another smart client via this at least one privately owned high in the clouds routing server Row communication.
8. method as claimed in claim 4, it is characterised in that this program performs:
Access this at least one privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this at least one privately owned high in the clouds route is accessed with fixing or dynamic Internet Protocol address Server;Wherein this at least one smart client need not an outside or public cloud in Wide Area Network End type routing server;In LAN LAN, need not extra router arrange;And with this extremely A few privately owned high in the clouds routing server sets up a point-to-point communication channel of safety;
By virtual for local entities's input-output mappings to privately owned high in the clouds routing server input and output;
Via this at least one privately owned high in the clouds routing server access private network service;And
Lead to this at least one another smart client via this at least one privately owned high in the clouds routing server News.
9. method as claimed in claim 5, it is characterised in that this program performs:
Access this at least one privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this at least one privately owned high in the clouds route is accessed with fixing or dynamic Internet Protocol address Server;Wherein this at least one smart client need not an outside or public cloud in Wide Area Network End type routing server;In LAN LAN, need not extra router arrange;And with this extremely A few privately owned high in the clouds routing server sets up a point-to-point communication channel of safety;
By local entities's input-output mappings to virtual server input and output;
Via this at least one privately owned high in the clouds routing server access private network service;And
Enter with this at least one another smart client via this at least one privately owned high in the clouds routing server Row communication.
10. a privately owned high in the clouds routing server, comprises:
One calculates device;
A connection of a network is led to via a router;
One program, is performed so that this privately owned high in the clouds routing server by this calculating device: create and manage one and award Power client inventory, to accommodate multiple smart client;Send a conversational to invite to the plurality of intelligence At least one of one second message box of energy type device client;This is received at least from one first message box One conversational access request of one smart client;Send a conversational to confirm to this at least one intelligence This second message box of type device client;Make this at least one smart client access private network clothes Business;And between this at least one smart client and one at least one another smart client Carry out the communication of secret and safety.
11. privately owned high in the clouds as claimed in claim 10 routing servers, it is characterised in that this program Perform:
Send a communication request to this at least one smart client;
A hole is made a call to, so that a smart client response keeps open co-pending in this router;
Wait that this router binds this at least one smart client and this privately owned high in the clouds routing server Between one network connect;
An incoming request from this at least one smart client is routed to this privately owned high in the clouds route Server;
A safe point-to-point communication is set up with this at least one smart client;
This at least one smart client is made to access private network service;And
Enter between this at least one smart client and this at least one another smart client Row secret and the communication of safety.
12. 1 kinds of smart client, comprise:
One calculates device;And
A connection of a network is led to via a router;Wherein this router has a program, and this program makes This smart client: capture a conversational from a smart client message box and invite;Send One conversational access request is to a privately owned high in the clouds routing server message box;Disappear from this smart client Breath box captures a conversational and confirms;Send a communication request to a privately owned high in the clouds routing server;In this route Device is made a call to a hole, so that a privately owned high in the clouds routing server response keeps open co-pending;Wait this router Bind this privately owned high in the clouds routing server to be connected with the network between this smart client;Will be from this One incoming request of privately owned high in the clouds routing server routes to this smart client;With this privately owned high in the clouds Routing server sets up a safe point-to-point communication;Via this privately owned high in the clouds routing server access private network Service;And via between this privately owned high in the clouds routing server and one at least one another smart client Carry out communication.
13. smart client as claimed in claim 12, it is characterised in that this program is held OK:
Access this privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this privately owned high in the clouds routing server is accessed with fixing or dynamic Internet Protocol address; Wherein this smart client need not an outside or public high in the clouds type route service in Wide Area Network Device;In LAN LAN, need not extra router arrange;And take with this privately owned high in the clouds route A point-to-point communication channel of safety set up by business device;
Via this privately owned high in the clouds routing server access private network service;And
Carry out via between this privately owned high in the clouds routing server and this at least one another smart client Communication.
14. smart client as claimed in claim 12, it is characterised in that this program makes :
Access this privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this privately owned high in the clouds routing server is accessed with fixing or dynamic Internet Protocol address; Wherein this smart client need not an outside or public high in the clouds type route service in Wide Area Network Device;In LAN, need not extra router arrange;And with this server set up one safety the most point-to-point Communication channel;
By local entities's input-output mappings to virtual server input and output;
Via this privately owned high in the clouds routing server access private network service;And
Carry out via between this privately owned high in the clouds routing server and this at least one another smart client Communication.
15. 1 kinds of smart client, comprise:
One calculates device;
A connection towards a network;And
One program, this program makes this smart client: pick from this smart client message box Take a conversational to invite;Send a conversational and return back to a privately owned high in the clouds routing server message box;From an intelligence A conversational confirmation can be captured by type device client message box;Send an access request to route to a privately owned high in the clouds Server;Wait this privately owned high in the clouds routing server response;Bind this privately owned high in the clouds routing server and this intelligence A network between energy type device client connects;By the incoming request from this privately owned high in the clouds routing server Route to this smart client;To set up a safety the most point-to-point logical with this privately owned high in the clouds routing server News;Via this privately owned high in the clouds routing server access private network service;And route via this privately owned high in the clouds Communication is carried out between server and one at least one another smart client.
16. smart client as claimed in claim 15, it is characterised in that this program is held OK:
Access this privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this privately owned high in the clouds routing server is accessed with fixing or dynamic Internet Protocol address; Wherein this smart client need not an outside or public high in the clouds type route service in Wide Area Network Device;In LAN LAN, need not extra router arrange;And set up a peace with this server Full point-to-point communication channel;
Via this privately owned high in the clouds routing server access private network service;And
Carry out via between this privately owned high in the clouds routing server and this at least one another smart client Communication.
17. smart client as claimed in claim 15, it is characterised in that this program is held OK:
Access this privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this privately owned high in the clouds routing server is accessed with fixing or dynamic Internet Protocol address; Wherein this smart client need not an outside or public high in the clouds type route service in Wide Area Network Device;In LAN LAN, need not extra router arrange;And take with this privately owned high in the clouds route A point-to-point communication channel of safety set up by business device;
By local entities's input-output mappings to virtual privately owned high in the clouds routing server input and output;
Via this privately owned high in the clouds routing server access private network service;And
Carry out via between this privately owned high in the clouds routing server and this at least one another smart client Communication.
18. 1 kinds of smart client, comprise:
One calculates device;
A connection towards a network;And
One program, this program is in order to arrange a privately owned high in the clouds routing server and to make this intelligent device client End: capture a conversational from a smart client message box and invite;Send a conversational and return back to one Privately owned high in the clouds routing server message box;A conversational is captured true from this smart client message box Recognize;Send an access request to this privately owned high in the clouds routing server;Wait that this privately owned high in the clouds routing server rings Should;Bind this privately owned high in the clouds routing server to be connected with the network between this smart client;In the future This smart client is routed to from an incoming request of this privately owned high in the clouds routing server;Privately owned with this High in the clouds routing server sets up a safe point-to-point communication;One is added empty on this privately owned high in the clouds routing server Intend LAN;Via this privately owned high in the clouds routing server access private network service;
Role's initial one conversational communication with a host side;Set up and this conversational communication of trustship;Invitation communication visitor Body end;Object end for being identified is scanned;With this object end initial one secret and the communication of safety; And
Receive a communication with the role of an object end invite and add this conversational communication;For the main frame that can be identified End is scanned;Login communication checking;Add this conversational communication;And with this this secret of host side initial and peace Full communication.
19. smart client as claimed in claim 18, it is characterised in that this program is held OK:
Access this privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this privately owned high in the clouds routing server is accessed with fixing or dynamic Internet Protocol address; Wherein this smart client need not an outside or public high in the clouds type route service in Wide Area Network Device;In LAN LAN, need not extra router arrange;And set up a peace with this server Full point-to-point communication channel;And
Via this privately owned high in the clouds routing server access private network service.
20. smart client as claimed in claim 18, it is characterised in that this program Perform:
Access this privately owned high in the clouds routing server whenever and wherever possible;
After fire wall, this privately owned high in the clouds routing server is accessed with fixing or dynamic Internet Protocol address; Wherein this smart client need not an outside or public high in the clouds type route service in Wide Area Network Device;In LAN LAN, need not extra router arrange;And take with this privately owned high in the clouds route A safe point-to-point communication set up by business device;And
Secret is carried out via this privately owned high in the clouds routing server and this at least one another smart client And the communication of safety.
21. smart client as claimed in claim 18, it is characterised in that this secret and The communication of safety comprises:
One of them of one video, an audio frequency, word and an application program, and this application program be all by One of them of one program, effectiveness, operation and the remote desktop of this host side and object end identification.
CN201510186124.8A 2014-10-28 2015-04-17 Utilize the method for privately owned routing server, global network and smart client Active CN106161394B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/526,393 2014-10-28
US14/526,393 US9781087B2 (en) 2011-09-09 2014-10-28 Private and secure communication architecture without utilizing a public cloud based routing server

Publications (2)

Publication Number Publication Date
CN106161394A true CN106161394A (en) 2016-11-23
CN106161394B CN106161394B (en) 2019-11-12

Family

ID=53190151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510186124.8A Active CN106161394B (en) 2014-10-28 2015-04-17 Utilize the method for privately owned routing server, global network and smart client

Country Status (3)

Country Link
CN (1) CN106161394B (en)
GB (1) GB2531831B (en)
TW (1) TWI629598B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991642A (en) * 2015-03-19 2016-10-05 金士顿数位股份有限公司 Method for use with public cloud network, private cloud routing server and smart device client
CN110691059A (en) * 2018-07-05 2020-01-14 资富电子股份有限公司 Apparatus and method for dynamic VPN and computer readable recording medium
CN111585942A (en) * 2019-02-19 2020-08-25 华东科技股份有限公司 Device verification method
CN114928459A (en) * 2021-02-12 2022-08-19 金士顿数位股份有限公司 Connection method and computer readable medium for private communication architecture

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7636764B1 (en) * 2008-09-29 2009-12-22 Gene Fein Cloud resource usage in data forwarding storage
US20120236796A1 (en) * 2003-01-16 2012-09-20 Research In Motion Limited System and method of exchanging identification information for mobile stations
CN103001999A (en) * 2011-09-09 2013-03-27 金士顿数位股份有限公司 Private cloud server and client architecture without utilizing a routing server

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2496380B (en) * 2011-11-04 2014-03-05 Kingston Digital Inc Private cloud server and client archictecture without utilizing a routing server
GB2532832B (en) * 2014-08-01 2017-03-22 Kingston Digital Inc Private and secure communication architecture without utilizing a public cloud based routing server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120236796A1 (en) * 2003-01-16 2012-09-20 Research In Motion Limited System and method of exchanging identification information for mobile stations
US7636764B1 (en) * 2008-09-29 2009-12-22 Gene Fein Cloud resource usage in data forwarding storage
CN103001999A (en) * 2011-09-09 2013-03-27 金士顿数位股份有限公司 Private cloud server and client architecture without utilizing a routing server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MATT SMOLLINGER: "lomega Home Media Network Hard Drive-Cloud Edition Reviewed", 《HTTPS://WWW.SMALLNETBUILDER.COM/OTHER/CLOUD/CLOUD-STORAGE/311-IOMEGA-HOME-MEDIA-NETWORK-HARD-DRIVE-CLOUD-EDITION-REVIEWED?LIMITSTART=0》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991642A (en) * 2015-03-19 2016-10-05 金士顿数位股份有限公司 Method for use with public cloud network, private cloud routing server and smart device client
CN105991642B (en) * 2015-03-19 2019-06-28 金士顿数位股份有限公司 Utilize the method for publicly-owned cloud network, privately owned cloud routing server and intelligent apparatus client
CN110691059A (en) * 2018-07-05 2020-01-14 资富电子股份有限公司 Apparatus and method for dynamic VPN and computer readable recording medium
CN111585942A (en) * 2019-02-19 2020-08-25 华东科技股份有限公司 Device verification method
CN111585942B (en) * 2019-02-19 2022-09-27 华东科技股份有限公司 Device verification method
CN114928459A (en) * 2021-02-12 2022-08-19 金士顿数位股份有限公司 Connection method and computer readable medium for private communication architecture

Also Published As

Publication number Publication date
GB2531831B (en) 2021-12-15
GB2531831A (en) 2016-05-04
TW201616374A (en) 2016-05-01
TWI629598B (en) 2018-07-11
GB201505761D0 (en) 2015-05-20
CN106161394B (en) 2019-11-12

Similar Documents

Publication Publication Date Title
CN103001999B (en) For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network
US10812526B2 (en) Moving target defense for securing internet of things (IoT)
US11356417B2 (en) Private cloud routing server connection mechanism for use in a private communication architecture
CN105991642B (en) Utilize the method for publicly-owned cloud network, privately owned cloud routing server and intelligent apparatus client
CN100456739C (en) Remote access vpn mediation method and mediation device
US10237253B2 (en) Private cloud routing server, private network service and smart device client architecture without utilizing a public cloud based routing server
CN107690793A (en) Micro- VPN tunnellings for mobile platform
US9935930B2 (en) Private and secure communication architecture without utilizing a public cloud based routing server
CN106257888A (en) Privately owned high in the clouds routing server connection mechanism for privately owned communication construction
US20150163213A1 (en) Private and secure communication architecture without utilizing a public cloud based routing server
US20170111269A1 (en) Secure, anonymous networking
CN104408777B (en) Internet attendance management system and method based on P2P communication realized by NAT traversal
CN106161394A (en) The method utilizing privately owned routing server, global network and smart client
CN105323138B (en) Privately owned cloud routing server and smart client framework
CN111901315B (en) VPN user access method and system
Tawfik et al. A review: the risks and weakness security on the IoT
WO2007138068A1 (en) A type of management method and device for network equipment
Kakanakov et al. Adaptive models for security and data protection in IoT with Cloud technologies
CN103001931A (en) Communication system of terminals interconnected among different networks
GB2496380A (en) Private cloud server and client architecture using e-mail/SMS to establish communication
Panwar et al. IoT security issues and solutions with blockchain
Jara Trust extension protocol for authentication in networks oriented to management (TEPANOM)
KR20180099293A (en) Method for communicating between trust domains and gateway therefor
GB2532832A (en) Private and secure communication architecture without utilizing a public cloud based routing server
KR20190103292A (en) Asymmetric System and Network Architecture

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant