CN106850668B - Mobile application secure network tunnel - Google Patents
Mobile application secure network tunnel Download PDFInfo
- Publication number
- CN106850668B CN106850668B CN201710122530.7A CN201710122530A CN106850668B CN 106850668 B CN106850668 B CN 106850668B CN 201710122530 A CN201710122530 A CN 201710122530A CN 106850668 B CN106850668 B CN 106850668B
- Authority
- CN
- China
- Prior art keywords
- mobile
- network
- data
- tunnel
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a mobile application secure network tunnel, which mainly comprises mobile internet data, a mobile secure network SDK software package, a firewall interface, a data forwarding server, a firewall in an enterprise network and a mobile secure tunnel management server; after the mobile device APP integrates the SDK software package, after mobile internet data is distributed in a DMZ (distributed mobile switching) zone of an enterprise intranet through a mobile security tunnel server, a user can access the data of the enterprise intranet through a mobile application security network tunnel, the communication type of the tunnel network is a TCP (transmission control protocol) type and is compatible with HTTP (hyper text transport protocol) and UDP (user datagram protocol) type protocol encryption, SSL (secure socket layer) encryption is carried out in the forwarding process of the mobile application data, the mobile security tunnel is used for the secure transmission of the mobile network data between the enterprise intranet and a public network, and all background servers can be accessed only by opening one port on.
Description
Technical Field
The invention relates to the technical field of mobile security networks, in particular to a mobile application security network tunnel.
Background
With the development of society, the number of enterprise BYOD mobile devices is increasing, and the functional defects of the traditional enterprise network are more and more highlighted under the condition: the traditional enterprise network is difficult to adapt to the requirements of modern enterprises based on a special line connection mode of a fixed physical place. Therefore, users put higher demands on their own network construction, mainly expressed in the aspects of network flexibility, security, economy, expansibility and the like.
The traditional enterprise intranet access public network technology is realized by means of IP mapping port mapping and the like, although the requirement of accessing the intranet by public network mobile application can be met, data does not need to be encrypted, data safety cannot be achieved in safety, and multiple ports need to be mapped according to a background service server.
At present, enterprises use gateways and background intranet servers as network data interaction tunnels, different ports can be opened on a firewall aiming at different background services, and resource consumption and data security protection cost are greatly increased.
Therefore, there is a need to develop mobile application secure network tunnels.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a mobile application secure network tunnel which is used for the secure transmission of mobile network data between an enterprise intranet and a public network, and the invention adopts the following technical scheme for realizing the aim:
mobile application secure network tunnel, mainly include mobile internet data, mobile secure network SDK software package, prevent hot wall interface, data forwarding server, prevent hot wall and mobile secure tunnel management server in the enterprise network, mobile internet data install mobile secure network SDK software package by mobile terminal APP, through preventing hot wall interface input mobile internet data, data forwarding server bear the weight of the encryption through TCP agreement, receive mobile internet data in enterprise network's DMZ district to prevent hot wall through in the enterprise network and give data transmission to mobile secure tunnel management server, the user visits enterprise intranet data through mobile application secure network tunnel, it is one to prevent hot wall interface quantity
The further scheme is as follows: the data forwarding server performs SSL encryption in the forwarding process of the mobile internet data, and http, tcp and udp protocol data are borne on the channel.
The further scheme is as follows: the mobile security tunnel management server comprises a management server, an authentication server and a service system server group, and the mobile security tunnel management server transmits or accesses to the security network data application of the enterprise intranet through the mobile security network tunnel.
Compared with the prior art, the invention has the beneficial effects that: the mobile security tunnel is used for safely transmitting mobile network data between an enterprise intranet and a public network, the mobile internet data can encrypt the transmission content of the mobile application network on the basis of an original network protocol on the mobile security tunnel, and the data forwarding requirement can be met only by opening an external port on a firewall while the data security is ensured.
Drawings
Fig. 1 is a schematic diagram of mobile internet data transmission according to the present invention.
Detailed Description
In order to more fully understand the technical content of the present invention, the technical solution of the present invention will be further described and illustrated with reference to the following specific embodiments, but not limited thereto.
As shown in figure 1, the invention mainly comprises mobile internet data, a mobile security network SDK software package, a firewall interface, a data forwarding server, a firewall in an enterprise network and a mobile security tunnel management server, wherein the mobile internet data is provided with the mobile security network SDK software package by a mobile terminal APP, the mobile internet data is input through the firewall interface, the data forwarding server carries encryption through a TCP protocol, the mobile internet data is received in a DMZ area of the enterprise network and is transmitted to the mobile security tunnel management server through the firewall in the enterprise network, and a user accesses the enterprise network data through the mobile application security network tunnel.
The data forwarding server performs SSL encryption in the forwarding process of the mobile Internet data, and carries http, tcp and udp protocol data on the channel, so that the method is safe, has no data packet analysis process, and increases the transmission efficiency.
The mobile safety tunnel management server comprises a management server, an authentication server and a service system server group, and the safety network data application of the enterprise intranet is transmitted or accessed through the mobile safety network tunnel.
As shown in fig. 1, when a mobile internet device such as a mobile phone mobile terminal or an apple message push center (APNS) downloads an APP (when the APP needs to use a scenario of intranet and intranet data transmission), after an SDK software package of the present invention is integrated, an external interface is input through a firewall, after mobile internet data is deployed in a DMZ area of an enterprise intranet through a mobile security tunnel server, a user can access data of the enterprise intranet through a mobile application security network tunnel, a tunnel network communication type is a TCP type, and is compatible with HTTP and UDP type protocol encryption, and access of all background service servers can be supported only by opening an external port on the firewall.
Compared with the prior art, the invention has the beneficial effects that: the mobile security tunnel is used for safely transmitting mobile network data between an enterprise intranet and a public network, mobile application data forwarding is carried through a TCP (transmission control protocol), the transmission efficiency is increased in the process of no data packet analysis, SSL (secure sockets layer) encryption is carried out in the process of mobile application data forwarding, data security is guaranteed, occupation of firewall ports is saved, resource consumption is reduced, and the intranet security coefficient is increased.
The technical contents of the present invention are further illustrated by the examples only for the convenience of the reader, but the embodiments of the present invention are not limited thereto, and any technical extension or re-creation based on the present invention is protected by the present invention. The protection scope of the invention is subject to the claims.
Claims (3)
1. A mobile application secure network tunnel, characterized by: mainly including mobile internet data, mobile security network SDK software package, prevent hot wall interface, data forwarding server, prevent hot wall and mobile security tunnel management server in the enterprise network, mobile internet data by mobile terminal APP application installation mobile security network SDK software package, through preventing hot wall interface input mobile internet data, data forwarding server bear the weight of the encryption through TCP agreement, receive mobile internet data in enterprise network's DMZ district to prevent hot wall through in the enterprise network and give mobile security tunnel management server data transmission, the user passes through mobile application security network tunnel access enterprise intranet data, it is one to prevent hot wall interface quantity.
2. The mobile application secure network tunnel of claim 1, wherein: the data forwarding server performs SSL encryption in the forwarding process of the mobile internet data, and http, tcp and udp protocol data are borne on the channel.
3. The mobile application secure network tunnel of claim 1, wherein: the mobile security tunnel management server comprises a management server, an authentication server and a service system server group, and the mobile security tunnel management server transmits or accesses to the security network data application of the enterprise intranet through the mobile security network tunnel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710122530.7A CN106850668B (en) | 2017-03-03 | 2017-03-03 | Mobile application secure network tunnel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710122530.7A CN106850668B (en) | 2017-03-03 | 2017-03-03 | Mobile application secure network tunnel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850668A CN106850668A (en) | 2017-06-13 |
| CN106850668B true CN106850668B (en) | 2020-11-17 |
Family
ID=59137180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710122530.7A Active CN106850668B (en) | 2017-03-03 | 2017-03-03 | Mobile application secure network tunnel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106850668B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314242B (en) * | 2022-06-24 | 2024-06-21 | 贵州省气象信息中心(贵州省气象档案馆、贵州省气象职工教育培训中心) | Network data security encryption method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
| CN103840994A (en) * | 2012-11-23 | 2014-06-04 | 华耀(中国)科技有限公司 | System and method for user side to access intranet through VPN |
| CN104052748A (en) * | 2014-06-24 | 2014-09-17 | 浪潮电子信息产业股份有限公司 | Safety configuration method of remote control server group |
| US8869235B2 (en) * | 2011-10-11 | 2014-10-21 | Citrix Systems, Inc. | Secure mobile browser for protecting enterprise data |
| CN105376239A (en) * | 2015-11-25 | 2016-03-02 | 成都三零瑞通移动通信有限公司 | Method and device for supporting mobile terminal to perform IPSec VPN message transmission |
-
2017
- 2017-03-03 CN CN201710122530.7A patent/CN106850668B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8869235B2 (en) * | 2011-10-11 | 2014-10-21 | Citrix Systems, Inc. | Secure mobile browser for protecting enterprise data |
| CN103840994A (en) * | 2012-11-23 | 2014-06-04 | 华耀(中国)科技有限公司 | System and method for user side to access intranet through VPN |
| CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
| CN104052748A (en) * | 2014-06-24 | 2014-09-17 | 浪潮电子信息产业股份有限公司 | Safety configuration method of remote control server group |
| CN105376239A (en) * | 2015-11-25 | 2016-03-02 | 成都三零瑞通移动通信有限公司 | Method and device for supporting mobile terminal to perform IPSec VPN message transmission |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106850668A (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9923871B1 (en) | Application-aware connection for network access client | |
| US11659385B2 (en) | Method and system for peer-to-peer enforcement | |
| CN107836104B (en) | Method and system for internet communication with machine equipment | |
| AU2016266557B2 (en) | Secure dynamic communication network and protocol | |
| US20230133809A1 (en) | Traffic forwarding and disambiguation by using local proxies and addresses | |
| CN101138218B (en) | Security protocols method and device on incompatible transports | |
| US7769871B2 (en) | Technique for sending bi-directional messages through uni-directional systems | |
| US8065402B2 (en) | Network management using short message service | |
| US10237253B2 (en) | Private cloud routing server, private network service and smart device client architecture without utilizing a public cloud based routing server | |
| US11700239B2 (en) | Split tunneling based on content type to exclude certain network traffic from a tunnel | |
| US9825914B2 (en) | Secure network tunnel between a computing device and an endpoint | |
| CN103391234A (en) | Method for realizing multi-user fixed port mapping and PPTP VPN server side | |
| CN109982281A (en) | A kind of communication system and method based on LoRaWAN | |
| US8015406B2 (en) | Method to create an OSI network layer 3 virtual private network (VPN) using an HTTP/S tunnel | |
| CN106302416B (en) | Corporate intranet access method, Android terminal, transfer processing method, transfer server | |
| CN106850668B (en) | Mobile application secure network tunnel | |
| CN108064441B (en) | Method and system for accelerating network transmission optimization | |
| Castilho et al. | Proposed model to implement high-level information security in internet of things | |
| US10079812B1 (en) | Secure content storage by customer-premises equipment | |
| CN115664738A (en) | Communication method, communication device, electronic device, and computer storage medium | |
| CN101465858A (en) | Method for implementing private network penetration of monitoring business, network appliance and server | |
| US8885481B2 (en) | System and method for hybrid telecommunication | |
| US12052219B2 (en) | Chassis system management through data paths | |
| US11968237B2 (en) | IPsec load balancing in a session-aware load balanced cluster (SLBC) network device | |
| KR101807695B1 (en) | Mobile communication router apparatus and ip sharing system comprising the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |