CN106487513B - Remote router request relaying - Google Patents
Remote router request relaying Download PDFInfo
- Publication number
- CN106487513B CN106487513B CN201510551338.0A CN201510551338A CN106487513B CN 106487513 B CN106487513 B CN 106487513B CN 201510551338 A CN201510551338 A CN 201510551338A CN 106487513 B CN106487513 B CN 106487513B
- Authority
- CN
- China
- Prior art keywords
- web site
- dedicated router
- public web
- router
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This application involves remote router requests to relay.This document describes the various system and method requested for relaying remote.In one example, a method includes the request received at public web site to access dedicated router.This method, which may also include via authentication service, authenticates the request.In addition, this method may include providing the access to dedicated router via public web site when certification.
Description
Technical field
This application involves remote request more particularly to remote router request relayings.
Background technique
Calculating equipment can be communicated with one another by network.Router is arranged to forward data packet between computer network
Computer networking equipment.Data packet usually can be forwarded to another road from a router by constituting the network of internet
By device, until the data packet reaches its destination node.For example, in a local network, router can be configured to offer pair
The internet access of equipment is calculated in local area network.For example, when in a local network, network administrator can be by logging on to and local
The associated website of router in net configures the router.
Summary of the invention
Simplified general introduction is provided below, in order to provide the basic comprehension to some aspects described herein.The general introduction
It is not the extensive overview of claim theme.This general introduction is neither intended to the crucial or important member for identifying theme claimed
Element, nor is it intended to delineate the scope of the claimed subject matter.The sole purpose of this summary is to present to be wanted in simplified form
Certain concepts of the theme of protection are sought, as a prelude to the more detailed description presented later.
One embodiment provides the method for relaying remote request.This method, which is included at public web site, to be received to access
The request of dedicated router.This method, which may also include via authentication service, authenticates the request.In addition, this method may include recognizing
The access to dedicated router is provided via public web site when card.
Another embodiment provides the system for relaying remote request.The system includes being configured to connect in public web site
The server of the request to access dedicated router is received, which is configured to provide when certification via public web site
Access to dedicated router.The system further includes being configured to authenticate the authentication service of the request.
Another embodiment provides one or more computer readable storage devices for storing computer-readable instruction,
The computer-readable instruction makes one or more of processing equipments public when being executed by one or more processing equipments
Website receives the request to access dedicated router.The instruction can also make one or more of processing equipments via authentication service
To authenticate the request.The instruction provides one or more processing equipments to special when certification via public web site
With the access of router.
Attached drawing description
The following detailed description may be better understood by reference to each attached drawing, each attached drawing includes disclosed theme
The specific example of numerous features.
Fig. 1 is to exemplify the exemplary block diagram for the computing system for being configured to provide the remote access to dedicated router;
Fig. 2 is to exemplify the exemplary frame for the computing system environment for being configured to provide the remote access to dedicated router
Figure;
Fig. 3 is to exemplify the flow chart of the registration process for dedicated router;
Fig. 4 is to exemplify the flow chart of the access process for accessing dedicated router;
Fig. 5 is exemplified for accessing dedicated router and dedicated router being nullified (sign out from remote computer
Of the flow chart of access process);
Fig. 6 is to exemplify the block diagram of the method for relaying remote request;And
Fig. 7 is the block diagram for the exemplary computer readable storage medium storing program for executing of relaying remote request.
Specific embodiment
As discussed above, in some cases, when local area network (LAN) is interior, a user (such as network administrator)
Configurable dedicated router.For example, dedicated router may be provided in the upper website run of the dedicated router itself.Network management
Member the web browser in an equipment in the lan environment of the dedicated router can be used access the website, with user name and mouth
Enable login etc..However, can be and be difficult to the remote access of the dedicated router when at the outside of the LAN of dedicated router
It provides.For example, network administrator can reserve a port number on the side wide area network (WAN) to be exclusively used in and dedicated router
The communication of website.The end WAN that remote client may have access to the router wan interface Internet protocol address (IP) and be configured
Mouth comes access router website.In this case, remote client access dedicated router wan interface IP rather than be easy to remember
Uniform resource locator (URL).In addition, in some cases, dedicated router website is hypertext transfer protocol (HTTP)
Website, the communication between remote device and dedicated router website are unprotected.If dedicated router website is
Secure HTTP (HTTPS), it can need to be configured with from self-signing certificate or by the certificate of certificate authority signs.In this feelings
Under condition, fixed domain name or fixed wan interface IP address are required for the certificate.Fixed domain name or fixed wan interface IP address
The maintenance load of the manufacturer of private home router can be increased.
Technology described herein includes that be used to access the public web site of dedicated router.Access dedicated router is asked
It asks and is certified service authentication.In some cases, authentication service is the Third Party Authentication that do not safeguarded by dedicated router manufacturer
Service.Authentication service can provide to effective access request at the public web site with secure transfer protocol (such as HTTPS)
Certification.In other words, technology described herein can be provided via the remote access at portal associated with public web site
The secure connection of round-trip dedicated router website.Secure access can be achieved using the remote access for holding catchy URL, thus slow
The difficulty of remote access discussed above is solved.
Each example technique can be used relay services and the request being certified be relayed to dedicated routing from public web site
Device website.In this case, the response from dedicated router website can be also relayed to public web site by relay services.Relaying
Service can be configured to be embedded in target information in HTTPS request cookie.In this case, remote with web browser
Journey client computer may have access to dedicated router website, without installing additional software.
As quotation, some attached drawings are to be referred to as one or more structural components of function, module, feature, element etc.
Context each concept described.Various assemblies shown in the accompanying drawings can realize in any way, for example, by software,
Any combination of hardware (for example, discrete logic module etc.), firmware etc. or these embodiments.In one embodiment,
Various assemblies can reflect the use of corresponding component in practical implementations.In other embodiments, in attached drawing it is illustrated go out
Any single component can be realized by multiple actual components.Description to any two in attached drawing or more separated component
It can reflect the different function executed by single actual component.Fig. 1 discussed below is provided and be can be used for realizing in attached drawing
Shown in function the related details of a system.
Other accompanying drawings describe concept in flow diagram form.In this format, certain operations are described as constituting with a certain suitable
The different frames that sequence executes.Such realization is exemplary and not limiting.Certain frames described herein can be grouped in
Execute together and in single operation, certain frames may be logically divided into multiple component blocks, and certain frames can by with it is exemplified herein
The different order of order out executes (parallel mode including executing these frames).Frame shown in flow chart can be by soft
Part, hardware, firmware, etc. or these any combination realized realize.As used herein, hardware may include computer
Discreet logic component of system, specific integrated circuit (ASIC) etc etc. and their any combination.
About term, phrase " being configured to ", which is covered, can construct any kind of structural components to execute identified behaviour
Any mode made.Structural components may be configured to execute behaviour using software, hardware, firmware, etc., or any combination thereof
Make.
Term " logic " covers any function for executing task.For example, each operation pair shown in flow chart
Ying Yu is used to execute the logic of the operation.Software, hardware, firmware, etc., or any combination thereof can be used to execute in operation.
As used herein, term " component ", " system ", " client computer " etc. are intended to refer to computer-related entity, it
Can be hardware, (for example, in execution) software and/or firmware, or combinations thereof.For example, component can be on a processor
Process, object, executable code, program, function, library, subroutine and/or the computer of operation or the combination of software and hardware.
By example, the application and the server run on the server can both be component.One or more components can station
In a certain process, and component can be located on a computer and/or be distributed between two or more computers.
In addition, theme claimed can be used generate control computer with realize disclosed theme software,
The standard program and/or engineering technology of firmware, hardware or any combination thereof and be implemented as method, apparatus or product.As herein
Used term " product " may include can be from the computer journey of any tangible computer readable device or medium access
Sequence.
Computer readable storage medium can include but is not limited to magnetic storage apparatus (for example, hard disk, floppy disk and tape
Etc.), CD (for example, compact-disc (CD) and digital versatile disc (DVD) etc.), smart card and flash memory device (example
Such as, card, stick and Keyed actuator etc.).On the contrary, computer-readable medium (that is, non-computer readable storage medium storing program for executing) is general
It can include additionally communication media, such as the transmission medium of wireless signal etc.
Fig. 1 is to exemplify the exemplary block diagram for the computing system for being configured to provide the remote access to dedicated router.
Computing system 100 may include calculating equipment 102, which for example can be mobile phone, laptop computer, platform
Formula computer or tablet computer etc..
Calculating equipment 102 may include the processor 104 for being adapted for carrying out stored instruction, and storage can be by processor
The memory cell 106 of 102 instructions executed.Memory cell 106 can be impermanent storage related with storage equipment 108
Device, storage equipment may include such as hard disk drive.Processor 104 can be single core processor, multi-core processor, calculate group
Collection or any number of other configurations.Memory cell 106 may include that random access memory (such as deposit by static random-access
Reservoir (SRAM), dynamic random access memory (DRAM), zero capacitance RAM, silicon-oxide-nitride-oxide-silicon
(SONOS) memory, embedded DRAM, growth data output RAM, double data rate (DDR) (DDR) RAM, resistive random access storage
Device (RRAM), parameter random access memory (PRAM) etc.), read-only memory (ROM) (such as mask model ROM (Mask ROM),
Programmable read only memory (PRAOM), Erasable Programmable Read Only Memory EPROM (EPROM), the read-only storage of electrically erasable
Device (EEPROM) etc.), flash memory or any other suitable storage system.It can be used for setting by the instruction that processor 104 executes
In standby resource enumeration.Processor 104 can (such as peripheral assembly interconnects (PCI), Industry Standard Architecture by system bus 110
(ISA), PCI-Express, NuBus etc.) it is connected to network interface 112.
Storing equipment 108 may include hard disk drive, CD drive, universal serial bus (USB) flash drive, drive
Dynamic device array, or any combination thereof.Public web site 114 can be to be stored in storage equipment 108 in some cases
Executable instruction.Calculating equipment 102 can be configured to the public web site 114 that master control includes router portal 116.
Public web site 114 may include being configured so that user is able to access that remote router (such as via network interface
122 dedicated router 118 on network 120) fixation public web site.Dedicated router 118 may include dedicated router net
It stands and 124 enables to realize the configuration to dedicated router 118.Router portal 116 can be configured to by using certification
Service authenticates given user to provide the remote access to dedicated router 118.Calculating equipment 102 can also be via network
Interface 122 accesses the remote client 126 on network 120.
Fig. 2 is to exemplify the exemplary frame for the computing system environment for being configured to provide the remote access to dedicated router
Figure.In some cases, computing system environment 200 may include such as being configured to access router door above with respect to Fig. 1 discussion
The remote client 126 at family 116.As shown in Figure 2, router portal 116 may include webpage 202, authorization service processing journey
Sequence 204, router load balancer 206 etc..Authorization service processing routine 204, which can be configured to communicate with authentication service 208, to be come
Authenticate the user of remote client 126.Router load balancer can provide from via relay agent 210 and access dedicated router
Load balance obtained in 118.Relay agent can be configured to communicate with relay services, which generates and to dedicated road
By the associated one or more relaying worker examples 212 of the access of device 118.As shown in Figure 2, each relaying worker
Example 212 may include router authorized component 214 to provide the authorization of authorization with via the web browser of remote client 126
Cookie 202 coordinates as shown in Fig. 2 and discussed further below, although dedicated router website 124 can be configured to
Http communication, but relay agent provides security socket layer transmission control protocol (SSL/TCP), wherein being provided by HTTPS
Access to remote client 126.
Fig. 3 is to exemplify the flow chart of the registration process for dedicated router.In Fig. 3, user 302 is registrable to be had
The dedicated router 118 of router website, such as above with respect to the dedicated router website 124 of Fig. 1 and Fig. 2 discussion.Dedicated road
Registration by device 118 may include that dedicated router 118 is registered with authentication service 208, so that user 302 can be via public web site
114 access dedicated router website 124.
In frame 304, user 302 can be by being logged in dedicated router manufacturer the user name and password predetermined come clear
Look at dedicated router website 124.In frame 306, dedicated router website 124 can be configured to check the user name and password, and lead to
It crosses and provides and to be responded by session cookie that request later uses.In frame 308, start button, which can be easily selected by a user, to be come
Starting device registration.In frame 310, the weight that the browser of user 302 is directed toward to authentication service 208 of dedicated router website 124
It orients (as indicated at 312) and is responded.Authentication service voucher can be provided authentication service 208 or used by user 302
Authentication service 208 registers new account.
User browser voucher and is redirected to dedicated by authentication service 208 provided by can be configured to check 314
The URL of router website 124.In other words, provided URL can be on dedicated router website 124 for checking authorization code
Dedicated URL.It may include authorization in the URL for being provided to dedicated router website 124 at frame 316 in 314 redirection
Code, and then token is requested access to authentication service 208 318, which is certified service 208 at 320 and provides.It visits
Ask that token be used to request account profile at 322, this account profile is provided at 324.326, access token and by
It is configured to indicate that the identifier of the dedicated router 118 of Fig. 1 is provided to public web site 114.Access token then passes through 328
Public web site 114 is examined using authentication service 208, which provides back account identifier to public web site 330
114, wherein account identifier is associated with user 302.As indicated at 332, dedicated router 118 is to public web site 114
Confirmation and registration be provided back to dedicated router website 124.334, the instruction that facility registration and account log in is provided
Return to browser associated with user 302.336, remote access can be realized by user 302 and remotely access realization can be
It is identified at 338.
Fig. 4 is to exemplify the flow chart of the access process for accessing dedicated router.In this flow chart 400, use
Family (user 302 of such as Fig. 3) can be enabled to via the relay agent 210 above with respect to Fig. 2 discussion and with relaying in fact
The associated relay services 402 of example 212 access dedicated router website (all dedicated router websites as discussed above
124)。
404, process 400 is opened at dedicated router website 124 and relay agent 210 by what is indicated such as at 406
Relay agent's program is moved to imitate.Relay agent 210 can be configured to establish the peace of the relay services 402 in cloud computing environment
Full TCP connection.The connection can be used for that dedicated router website 124 will be relayed to from the remote request of relay services 402, and
Http response from dedicated router website 124 is relayed to relay services 402.User 302 may have access to public web site 114 simultaneously
Authorization service 208 is logged on to, as indicated at 408.Public web site will be just redirected to by the browser that user 302 uses and award
Power service 208, as indicated at 410.User 302 can at authorization service 308 input document, as at 412 indicate.It awards
Power service 308 can check voucher and provide resetting to the URL on dedicated router website 124 to the browser of user 302
To as indicated at 414.The URL may include authorization code.In other words, which is in public web site 114 for checking authorization
The dedicated URL of code.The browser of user 302 may have access to the URL provided at 416.The URL then can be used in public web site 114
To authentication service 208 token is requested access to, as indicated at 418.Authentication service 208 can be configured to check the authorization code
And the backward reference token at 420.422, public web site retrieves owner's letter from authentication service 208 using the access token
Shelves.424, authentication service 208 can be configured to respond public web site 114 with the profile of user 302.Public web site
User 302 is requested to respond, a session cookie is set so that the browser of user 302 can log on to authentication service
208 and one cookie is set with the associated discretionary account of the identifier of user 302 and user 302, is indicated such as at 426
's.The latter cookie is referred to alternatively as account cookie herein.User 302 can request to check in public web site 114 with
The associated all-router in family 302, as indicated at 428.Public web site 114 can be configured to use and user at 430
302 associated router-lists are responded.The information provided at 430 may include associated with dedicated router 118
Data, description, title, owner, connection status etc..A router on 432,302 selectable list of user,
Such as dedicated router 118.434, public web site 114 can be configured to the browser of user 302 being redirected to middle following the service
The URL of business 402.In some cases, public web site 114 and relay services 402 can share same domain name.In this case,
In the HTTPS request for the browser that account cookie and router cookie can be included in user 302.
436, relay services 402 can be configured to check in the database for dominion register account cookie and
Router cookie, and entire request is relayed to relay agent 210 by safe TCP.438, relay agent is received by
After request and be provided to dedicated router website 124, as at 438 indicate.440, dedicated router website 124
The request relayed can be responded.Since the request does not have the session cookie for dedicated router website 124, ring
It should be the redirection to 208 website of authentication service.Relay agent 210 can relay the response by TCP connection at 442.?
444, relay services 402 receive the response relayed and send entire response to as HTTPS response the browsing of user 302
Device.Process 400 may include the additional step summarized below in relation to Fig. 5.
Fig. 5 is exemplified for accessing dedicated router and dedicated router being nullified (sign out from remote computer
Of the flow chart of access process).In some cases, the response relayed is received in relay services 402 and make the response
After being sent to the browser of user 302 for HTTPS response, which can be redirected to authentication service 208, such as 502
Place's instruction.Do not have the authen session cookie at 414 in Fig. 4 due to the browser, authen session cookie exists
It is sent at 502 with web request.
504, authentication service 208 can be configured to check authen session cookie and use relay services 402 at 506
Redirect URL responded.The URL may include that the path of authentication code and the URL can be dedicated router website 124
On for checking the path of authorization code.The browser router cookie and account cookie of user 302 is reset at 506
To arrive URL.Relay services 402 can be configured to check account cookie and router in the database for dominion register
Cookie, and then relay entire request by safe TCP connection 508.510, relay agent 210 can be configured
At sending the request to dedicated router website 124.The dedicated router 118 of Fig. 1 can be configured to receive from request URL
Authorization code.Dedicated router website 124 can be configured to providing authorization code into authentication service 208 for retrieving user 302
Account profile, as at 512 indicate.514, authentication service is responded with the account profile of user 302.
516, the request relayed of 124 pairs of dedicated router website is responded and is arranged for the session of router website
Cookie.Thus the request relayed in the future from same browser can include same session cookie and the browsing
Device will be in logging state.518, relay agent 210 relays response by safe TCP connection, and 520, middle following the service
Business 402 responds entire response as HTTPS to be sent to the browser of user 302.The browser of user 302 receives session
Cookie, and the browsable dedicated router website of user 302 and remotely management dedicated router 118 configuration.Web request connects
Can be sent to relay services 402 with account cookie, router cookie and router session cookie, such as 522
Place's instruction.
524, relay services 402 check account cookie and router in database associated with user's registration
Cookie, and entire request is relayed by safe TCP connection.526, relay agent 402 is in a HTTP request
Send the request to dedicated router website 124.Dedicated router website 124 can use public affairs at 528 in http response
The redirection of list of devices page on common network station 114 is to respond the request relayed.
530, relay agent sends response by safe TCP connection, and 532, relay services will be responded entirely
The browser of user 302 is sent to as HTTPS response.Process shown in Fig. 4 and Fig. 5 (such as step 522-532) can
It is repeated, until user 302 nullifies.534, once user 302 indicates to nullify, then the instruction is provided to relay services 208.
Relay services 402 check account cookie and router cookie in the database for registration, and will entirely request 536
It is relayed by safe TCP connection.Relay agent 210 receive the request that is relayed and at 538 by the request provide to
Dedicated router website 124.540, setting in public web site 114 is used by relay agent 210 in dedicated router website 124
The redirection of standby list page is to respond the request relayed, as indicated at 542.
544, relay services receive the response relayed and send user 302 as HTTPS response for entire response
Browser.The browser of user 302 will then be removed router cookie, router website session cookie and be accessed public
List of devices page on website 114, as indicated at 546.Public web site 114 can then be configured to router-list come pair
The browser of user 302 responds, and wherein browser shows the information of all-router, including description title, owner, company
Connect state etc..
Fig. 6 is to exemplify the block diagram of the method for relaying remote request.In frame 602, method 600 may include in public network
Stand place receive to access dedicated router request.In frame 604, method 600 may include that the request is authenticated via authentication service.
In frame 606, method 600 may include providing the access to dedicated router via public web site when certification.
Public web site can be in the long-range of dedicated router.In some cases, the certification at 604 may include authenticating
Service center receives the voucher from public web site, provides authorization code to public web site based on the voucher received, takes to certification
Business request receives account profile associated with access token, Yi Jixiang to the access token of public web site at public web site
The browser of user associated with the voucher received provides session cookie.In this scene, session cookie includes
Account cookie, this account cookie include the identifier associated with the user for being certified service and providing.In some cases,
There is provided access may include providing account cookie to relay services, and pass through when receiving account cookie at relay services
Relay agent associated with dedicated router is relayed the request to by relay services.In some cases, method 600 can be into one
Step includes the browser that the response to the request to dedicated router is relayed to user associated with the voucher received, with
And access account associated with the user and dedicated router.
In some cases, wherein dedicated router to authentication service it is registered in advance at public web site by dedicated routing
Device is associated with the user of dedicated router.In addition, public web site can be in the long-range of the local area network of dedicated router.Change speech
It, public web site does not include the wide area network Internet protocol address of dedicated router.
Fig. 7 is the block diagram for the exemplary computer readable storage medium storing program for executing of relaying remote request.Tangible is computer-readable
Storage medium 700 can be accessed by processor 702 by computer bus 704.In addition, tangible computer-readable storage medium
Matter 700 may include the code for each step that bootstrap processor 702 executes current method.
Various component softwares discussed herein can be stored on tangible computer readable storage medium 700, in Fig. 5
Indicated.For example, tangible computer readable storage medium 700 may include remote application 606.Remote application 706 can be matched
It is set to the request received at public web site to access dedicated router, the request is authenticated via authentication service, and recognizing
The access to dedicated router is provided via public web site when card.
It is appreciated that depending on concrete application, unshowned any number of additional component software can be included in Fig. 7
In tangible computer readable storage medium 700.Although originally with the language description of special description scheme feature and/or method
Theme, it is to be understood that, the theme limited in appended claims is not necessarily limited to above-mentioned specific structure feature
Or method.On the contrary, specific structural features as described above and method be as realize claims exemplary forms disclose
's.
Example 1
The example provides a kind of example system for relaying remote request.The example system includes being configured in public affairs
The server of the request to access dedicated router is received at common network station.Public web site is configured to when certification via public
Website provides the access to dedicated router.The example system further includes being configured to authenticate the authentication service of the request.It replaces
Change ground or additionally, public web site can be in the long-range of dedicated router.Alternatively or cumulatively, authentication service can be configured to
The voucher from public web site is received at authentication service.Alternatively or cumulatively, authentication service can be configured to based on reception
The voucher arrived provides authorization code to public web site.Alternatively or cumulatively, authentication service can be configured to ask to authentication service
Seek the access token to public web site.Alternatively or cumulatively, authentication service can be configured to receive and visit at public web site
Ask token associated account profile.Alternatively or cumulatively, authentication service can be configured to related to the voucher received
The browser of the user of connection provides session cookie.Alternatively or cumulatively, session cookie may include account cookie, the account
Family cookie includes the identifier associated with the user for being certified service and providing.Alternatively or cumulatively, public web site can quilt
It is configured to provide account cookie to relay services.Alternatively or cumulatively, public web site can be configured in relay services
Place via relay services relays the request to relay agent associated with dedicated router when receiving account cookie.It replaces
Change ground or additionally, which can further comprise being configured to that the response of the request to dedicated router will be relayed to
The relay services of the browser of user associated with the voucher received.Alternatively or cumulatively, relay services can be configured
At access account associated with the user and dedicated router.Alternatively or cumulatively, relay services can be further configured to
Account cookie is removed after receiving cancellation instruction.Alternatively or cumulatively, dedicated router can be infused in advance to authentication service
Volume is with associated with the user of dedicated router by dedicated router at public web site.
Example 2
The example provides a kind of exemplary method for relaying remote request.The exemplary method is included at public web site
Receive the request to access dedicated router.The exemplary method includes that the request is authenticated via authentication service.The exemplary method
It may additionally include and provide the access to dedicated router via public web site when authenticating.Alternatively or cumulatively, public web site
It can be in the long-range of dedicated router.Alternatively or cumulatively, certification may include receiving at authentication service from public web site
Voucher.Alternatively or cumulatively, certification may include providing authorization code to public web site based on the voucher received.Replacement
Ground or additionally, certification may include the access token to authentication service request to public web site.Alternatively or cumulatively, certification can
It is included at public web site and receives account profile associated with access token.Alternatively or cumulatively, certification may include to
The browser of the associated user of the voucher received provides session cookie.Alternatively or cumulatively, session cookie can be wrapped
Account cookie is included, this account cookie includes the identifier associated with the user for being certified service and providing.It is alternatively or attached
Add ground, providing access may include providing account cookie to relay services.Alternatively or cumulatively, provide access may include
It is relayed the request in associated with dedicated router when receiving account cookie at relay services via relay services
After agency.Alternatively or cumulatively, which can further comprise that will relay to the response of the request to dedicated router
To the browser of user associated with the voucher received.Alternatively or cumulatively, the exemplary method may also include access with
The associated account of user and dedicated router.Alternatively or cumulatively, which, which may additionally include, receives cancellation and refers to
Account cookie is removed after showing.Alternatively or cumulatively, dedicated router can be registered in advance in public web site to authentication service
Place is associated with the user of dedicated router by dedicated router.Alternatively or cumulatively, public web site can be in dedicated routing
The local area network of device it is long-range.Alternatively or cumulatively, public web site does not include the wide area network Internet protocol of dedicated router
Location.
Example 3
The example one or more computer-readable memory that the example provides for storing computer-readable instruction is deposited
Equipment is stored up, described instruction indicates the relaying of remote request when being executed by one or more processing equipments.The computer-readable finger
Order may include the code for receiving the request to access dedicated router at public web site.The computer-readable instruction can wrap
Include the code that the request is authenticated via authentication service.The computer-readable instruction may include coming when certification via public web site
The code of access to dedicated router is provided.Alternatively or cumulatively, public web site is in the long-range of dedicated router.
Example 4
The example provides a kind of example system for relaying remote request.The example system includes in public network
Stand place receive to access dedicated router request device.Public web site is configured to come when certification via public web site
Access to dedicated router is provided.The example system further includes the device for authenticating the request.Alternatively or cumulatively, public
It common network station can be in the long-range of dedicated router.Alternatively or cumulatively, which may include for connecing from public web site
Receive the device of voucher.Alternatively or cumulatively, which may include for based on the voucher received, authorization code to be provided
To the device of public web site.Alternatively or cumulatively, which may include for requesting to authentication service to public web site
Access token device.Alternatively or cumulatively, which may include enabling for receiving at public web site with access
The device of the associated account profile of board.Alternatively or cumulatively, the example system may include for the voucher that receives
The browser of associated user provides the device of session cookie.Alternatively or cumulatively, session cookie may include account
Cookie, this account cookie include the identifier associated with the user for being certified service and providing.Alternatively or cumulatively, should
Example system may include for providing account cookie to the device of relay services.Alternatively or cumulatively, the example system
It may include for being relayed the request in associated with dedicated router when receiving account cookie at relay services
After the device of agency.Alternatively or cumulatively, which may include for will be to the response of the request to dedicated router
It is relayed to the device of the browser of user associated with the voucher received.Alternatively or cumulatively, which can wrap
Include the device for accessing account associated with the user and dedicated router.Alternatively or cumulatively, which can wrap
Include the device for removing account cookie after receiving cancellation instruction.Alternatively or cumulatively, dedicated router can be to recognizing
Card service is registered in advance at public web site that dedicated router is associated with the user of dedicated router.
Content already described above includes the example of the various aspects of theme claimed.Certainly, for description institute
The purpose of claimed theme and to describe each combination being contemplated that of component or method be impossible, but this field
Interior those of ordinary skill is it should be appreciated that many other combination and permutation of theme claimed are all possible.Cause
This, theme claimed be intended to comprising fall within the spirit and scope of the following claims all such changes,
Modifications and variations.
Particularly, unless otherwise specified, no for the various functions by execution such as said modules, equipment, circuit, systems
The term (including the reference to " device ") for then being used to describe these components is intended to correspond to the described execution of execution, and this is in
The specified function (for example, functionally equivalent) of the component of function shown in the illustrative aspect of theme claimed is appointed
What component, though these components in structure inequivalence in disclosed structure.About this point, it will also be appreciated that the innovation
It is for execute the movement of the various methods of theme claimed and the computer executable instructions of event including having
System and computer readable storage medium.
There are many modes for realizing theme claimed, for example, application and service is enable to use skill described herein
The API appropriate of art, kit, driver code, operating system, control, independent or Downloadable software object etc..Institute
Claimed theme is also conceived from the purposes from the perspective of API (or other software objects), and from according to herein
The software of the technical operation proposed or the purposes of hardware.In this way, theme claimed described herein is various
Realize can have completely with hardware, partially with hardware and part with software and with software come the various aspects realized.
Foregoing system is described by reference to the interaction between several components.It is appreciated that these systems and group
Part may include component or specified sub-component, certain specified components or sub-component and additional component, and according to above-mentioned
The various displacements and combination of content.Sub-component, which also can be used as, is communicatively coupled to the components of other assemblies to realize, rather than by
Including in parent component (layering).
In addition, it is also important to note that one or more components, which can be combined into, provides the single component of polymerizable functional, or by
Be divided into several individual sub-components, and can provide such as management level etc any one or more middle layer to communicate
On be coupled in such sub-component, in order to provide integrated function.Any component described herein can also be with one or more
Other assemblies do not describe specially herein but that those skilled in the art are commonly known interact.
In addition, although may realize certain for disclosing theme claimed relative to one in several realizations
One feature, but as can to desired by any given or specific application and as advantageous, such feature can with it is other
The one or more of the other feature realized is combined.Moreover, with regard to term " includes ", " containing ", " having ", "comprising", its modification
And for use of the other similar word in detailed description or the claims, such term is intended to be similar to term
" comprising " as the mode of open transitional word be inclusive and be not excluded for any additional or other elements.
Claims (20)
1. a kind of method for relaying remote request, comprising:
Receive the request to access dedicated router at public web site, the dedicated router include dedicated router website with
Make it possible to realize the configuration to dedicated router;
The request is authenticated via authentication service;
The request being certified is relayed to the dedicated router website simultaneously from the public web site using relay services
And the response from the dedicated router website is relayed to the public web site;And
Access to the dedicated router is provided when certification via the public web site.
2. the method as described in claim 1, which is characterized in that the public web site is long-range the dedicated router.
3. the method as described in claim 1, which is characterized in that the certification includes:
The voucher from the public web site is received at the authentication service;
Based on the voucher received, authorization code is provided to the public web site;
To authentication service request to the access token of the public web site;
Account profile associated with the access token is received at the public web site;
There is provided session cookie to the browser of user associated with the voucher received.
4. method as claimed in claim 3, which is characterized in that the session cookie includes account cookie, the account
Cookie includes the identifier associated with the user provided by the authentication service.
5. method as claimed in claim 4, which is characterized in that providing access includes:
There is provided the account cookie to relay services;And
When receiving the account cookie at the relay services, the request is relayed to via the relay services
Relay agent associated with the dedicated router.
6. method as claimed in claim 5, further comprises:
Response to the request to the dedicated router is relayed to the browser of user associated with the voucher received;
And
Access account associated with the user and the dedicated router.
7. method as claimed in claim 4 further comprises: after receiving cancellation instruction, removing the account
cookie。
8. the method as described in claim 1, which is characterized in that wherein the dedicated router is infused in advance to the authentication service
Volume is with associated with the user of the dedicated router by the dedicated router at the public web site.
9. the method as described in claim 1, which is characterized in that local area network of the public web site in the dedicated router
Remotely.
10. the method as described in claim 1, which is characterized in that the public web site does not include the wide of the dedicated router
Domain net Internet protocol address.
11. a kind of system for relaying remote request, comprising:
It is configured to receive the server of the request to access dedicated router in public web site, the dedicated router includes special
It is enabled to realize the configuration to dedicated router with router website;And
Relay services, the request that the relay services are configured to be certified are relayed to described special from the public web site
The public web site, the public web site are relayed to router website and by the response from the dedicated router website
It is configured to provide the access to the dedicated router via the public web site when certification;
It is configured to authenticate the authentication service of the request.
12. system as claimed in claim 11, which is characterized in that the public web site is long-range the dedicated router.
13. system as claimed in claim 11, which is characterized in that the authentication service is configured to:
The voucher from the public web site is received at the authentication service;
Based on the voucher received, authorization code is provided to the public web site;
To authentication service request to the access token of the public web site;
Account profile associated with the access token is received at the public web site;
There is provided session cookie to the browser of user associated with the voucher received.
14. system as claimed in claim 13, which is characterized in that the session cookie includes account cookie, the account
Family cookie includes the identifier associated with the user provided by the authentication service.
15. system as claimed in claim 14, which is characterized in that the public web site is configured to:
There is provided the account cookie to relay services;And
When receiving the account cookie at the relay services, the request is relayed to via the relay services
Relay agent associated with the dedicated router.
16. system as claimed in claim 15, which is characterized in that further include relay services, the relay services are configured to:
Response to the request to the dedicated router is relayed to the browser of user associated with the voucher received;
And
Access account associated with the user and the dedicated router.
17. system as claimed in claim 16, which is characterized in that the relay services are further configured to receiving note
After pin instruction, the account cookie is removed.
18. system as claimed in claim 11, which is characterized in that wherein the dedicated router is preparatory to the authentication service
Registration is with associated with the user of the dedicated router by the dedicated router at the public web site.
19. one or more computer readable storage devices for storing computer-readable instruction, the computer-readable finger
It enables and makes one or more of processing equipments when being executed by one or more processing equipments:
Receive the request to access dedicated router at public web site, the dedicated router include dedicated router website with
Make it possible to realize the configuration to dedicated router;
The request is authenticated via authentication service;
The request being certified is relayed to the dedicated router website simultaneously from the public web site using relay services
And the response from the dedicated router website is relayed to the public web site;And
Access to the dedicated router is provided when certification via the public web site.
20. one or more computer readable storage devices as claimed in claim 19, which is characterized in that the public web site
In the long-range of the dedicated router.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510551338.0A CN106487513B (en) | 2015-09-01 | 2015-09-01 | Remote router request relaying |
| PCT/US2016/049537 WO2017040552A1 (en) | 2015-09-01 | 2016-08-31 | Remote router request relaying |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510551338.0A CN106487513B (en) | 2015-09-01 | 2015-09-01 | Remote router request relaying |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106487513A CN106487513A (en) | 2017-03-08 |
| CN106487513B true CN106487513B (en) | 2019-08-13 |
Family
ID=56926288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510551338.0A Active CN106487513B (en) | 2015-09-01 | 2015-09-01 | Remote router request relaying |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106487513B (en) |
| WO (1) | WO2017040552A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109194584B (en) * | 2018-08-13 | 2022-04-26 | 中国平安人寿保险股份有限公司 | Flow monitoring method and device, computer equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867476A (en) * | 2010-06-22 | 2010-10-20 | 杭州华三通信技术有限公司 | 3G virtual private dialing network user safety authentication method and device thereof |
| CN102752149A (en) * | 2012-07-18 | 2012-10-24 | 贝尔特物联技术无锡有限公司 | 4G (The Fourth Generation Telecommunication) network management system |
| WO2014070811A1 (en) * | 2012-10-31 | 2014-05-08 | Unisys Corporation | Secure connection for a remote device through a virtual relay device |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9231904B2 (en) * | 2006-09-25 | 2016-01-05 | Weaved, Inc. | Deploying and managing networked devices |
| GB2449923B (en) * | 2007-06-09 | 2011-09-28 | King's College London | Inter-working of networks |
| JP5281644B2 (en) * | 2007-09-07 | 2013-09-04 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | Method and apparatus for enabling a nomadic terminal to access a home network on a layer 2 level |
| US20110122774A1 (en) * | 2009-11-25 | 2011-05-26 | T-Mobile Usa, Inc. | Time or Condition-Based Reestablishment of a Secure Connection |
| US8812670B2 (en) * | 2011-10-11 | 2014-08-19 | Telefonaktiebolaget L M Ericsson (Publ) | Architecture for virtualized home IP service delivery |
| CN202425065U (en) * | 2011-12-24 | 2012-09-05 | 成都市汉云星河网络系统有限公司 | Wireless router supporting mobile phone remote control |
| JP5856015B2 (en) * | 2012-06-15 | 2016-02-09 | 日立マクセル株式会社 | Content transmission device |
| CN102882857B (en) * | 2012-09-10 | 2015-07-15 | 福建伊时代信息科技股份有限公司 | Client side device, encryption storage device, and remote access method and system |
| CN104243210B (en) * | 2014-09-17 | 2018-01-05 | 湖北盛天网络技术股份有限公司 | The method and system of remote access router administration page |
-
2015
- 2015-09-01 CN CN201510551338.0A patent/CN106487513B/en active Active
-
2016
- 2016-08-31 WO PCT/US2016/049537 patent/WO2017040552A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867476A (en) * | 2010-06-22 | 2010-10-20 | 杭州华三通信技术有限公司 | 3G virtual private dialing network user safety authentication method and device thereof |
| CN102752149A (en) * | 2012-07-18 | 2012-10-24 | 贝尔特物联技术无锡有限公司 | 4G (The Fourth Generation Telecommunication) network management system |
| WO2014070811A1 (en) * | 2012-10-31 | 2014-05-08 | Unisys Corporation | Secure connection for a remote device through a virtual relay device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017040552A1 (en) | 2017-03-09 |
| CN106487513A (en) | 2017-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108200099B (en) | Mobile application, personal status relationship management | |
| JP7434342B2 (en) | Container builder for personalized network services | |
| CN105007280B (en) | A kind of application login method and device | |
| JP6605056B2 (en) | Automatic directory join for virtual machine instances | |
| US10320776B2 (en) | Protection of application passwords using a secure proxy | |
| CN105684388B (en) | Utilize the network-based single-sign-on of form filling agent application | |
| CN108475312A (en) | Single-point logging method for equipment safety shell | |
| JP5998284B2 (en) | Dynamic registration of applications to enterprise systems | |
| JP6820054B2 (en) | Methods and devices for managing resources using external accounts | |
| JP6533871B2 (en) | System and method for controlling sign-on to web applications | |
| CN110999213A (en) | Hybrid authentication system and method | |
| US20150188906A1 (en) | Multi-domain applications with authorization and authentication in cloud environment | |
| CN109076057A (en) | System and method for passing through firewall protection network equipment | |
| CN103369022B (en) | Method and system for communication with memory device | |
| CN106664291A (en) | Systems and methods for providing secure access to local network devices | |
| CN110519240A (en) | A kind of single-point logging method, apparatus and system | |
| CN106331003A (en) | Method and device for accessing application portal system on cloud desktop | |
| CN106487513B (en) | Remote router request relaying | |
| CN106302479B (en) | A kind of single-point logging method and system for multi-service internet site | |
| CN109600342A (en) | Uniform authentication method and device based on one-point technique | |
| US11956639B2 (en) | Internet of things device provisioning | |
| CN112417403A (en) | Automatic system authentication and authorization processing method based on GitLab API | |
| CN117201155A (en) | Security processing method, cloud platform for realizing method and computer readable medium | |
| CN117786647A (en) | Login method, device, equipment and storage medium of code management system | |
| CN105516153B (en) | A kind of method and apparatus of account verifying |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |