CN107426339B - Access method, device and system of data connection channel - Google Patents

Access method, device and system of data connection channel Download PDF

Info

Publication number
CN107426339B
CN107426339B CN201710787753.5A CN201710787753A CN107426339B CN 107426339 B CN107426339 B CN 107426339B CN 201710787753 A CN201710787753 A CN 201710787753A CN 107426339 B CN107426339 B CN 107426339B
Authority
CN
China
Prior art keywords
proxy
proxy server
session
client
agent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710787753.5A
Other languages
Chinese (zh)
Other versions
CN107426339A (en
Inventor
肖翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Maiyue Information Technology Co ltd
Original Assignee
Zhuhai Maiyue Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Maiyue Information Technology Co ltd filed Critical Zhuhai Maiyue Information Technology Co ltd
Priority to CN201710787753.5A priority Critical patent/CN107426339B/en
Publication of CN107426339A publication Critical patent/CN107426339A/en
Application granted granted Critical
Publication of CN107426339B publication Critical patent/CN107426339B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an access method, a device and a system of a data connection channel, wherein the method comprises the following steps: generating an agent registration request and sending the agent registration request to an agent server; receiving port resources allocated by the proxy server based on the proxy registration request; according to the port resources, establishing control information connection with the proxy server side, and receiving a session control instruction sent by the proxy server side; and establishing a data connection channel between the proxy server and the proxy server according to the session control instruction. According to the method, in the process of data connection channel connection between the agent client and the agent server, the unique session ID and the random numerical value are added in the session control instruction, verification is carried out through the session ID and the random numerical value, and after the agent server passes the verification, the data connection channel is established between the agent client and the agent server, so that the access security of the data connection channel between the agent client and the agent server is improved.

Description

Access method, device and system of data connection channel
Technical Field
The present application relates to the field of network technologies, and in particular, to an access method and system for a data connection channel.
Background
Reverse Proxy (Reverse Proxy) is a server which receives a connection request on the Internet by a Proxy server and then forwards the request to an internal network; and the result obtained from the server is returned to the client end requesting connection on the Internet, and the proxy server is externally represented as a server at the moment.
In a typical proxy server, which is used only to proxy a connection request to the Internet from an internal network, a client must specify the proxy server and send an http request to the proxy server, which is to be sent directly to a Web server. When a proxy server is capable of acting on hosts on an external network to access an internal network, this type of proxy service is referred to as a reverse proxy service.
As shown in fig. 1, the reverse proxy service is generally separated into a proxy server and a proxy client, the proxy server is deployed in the Internet public network, and the proxy client is deployed in the internal network. The external client directly accesses the proxy server on the public network, and the proxy server indirectly establishes connection with the household internal equipment through the proxy client.
In the distributed reverse proxy mechanism, there are two types of message communication logically between the proxy client and the proxy server, one is communication of control messages and one is communication of data messages.
When a client accesses a certain proxy port of the proxy server, the proxy server sends a message to the proxy client through the control message channel, and the proxy client establishes a new connection with the data port of the reverse proxy server.
In the above process, it can be seen that after the proxy server sends the command and before the proxy client establishes the data connection channel request, there is a vulnerable window, and there is a risk of carrying or replacing the data being sent, so the security of the access process of the data connection channel between the proxy client and the proxy server is low at present.
Disclosure of Invention
The embodiment of the invention provides an access method, device and system of a data connection channel, which are used for solving the problem of low security of an access process of the data connection channel between an agent client and an agent server in the prior art.
The specific technical scheme is as follows:
an access method of a data connection channel, the method comprising:
generating an agent registration request and sending the agent registration request to an agent server;
receiving port resources allocated by the agent server based on the agent registration request;
according to the port resources, establishing control information connection with the proxy server side, and receiving a session control instruction sent by the proxy server side;
and establishing a data connection channel between the proxy server and the proxy server according to the session control instruction.
Optionally, before generating the proxy registration request and sending the proxy registration request to the proxy server, the method further includes:
and establishing control connection with the proxy server through a secure socket layer SSL.
Optionally, after sending the proxy registration request to the proxy server, the method further includes:
and receiving an agent identifier distributed by the agent server, and storing the agent identifier, wherein the agent identifier is used for uniquely identifying the current agent service.
Optionally, receiving the session control instruction sent by the proxy server includes:
analyzing the session control instruction to obtain a unique session ID and a random numerical value distributed by the proxy server;
and saving the session ID and the random value.
Optionally, the establishing a data connection channel with the proxy server according to the session control instruction includes:
generating authentication information including the session ID and the random number;
sending the authentication information to the proxy server for verification;
and when the verification passing feedback of the proxy server is obtained, establishing a data connection channel between the proxy server and the proxy server.
An access method of a data connection channel comprises the following steps:
receiving an agent registration request sent by an agent client;
according to the agent registration request, port resources are distributed for the agent client and sent to the agent client;
when the proxy client is successfully registered, sending a session control instruction to the proxy client;
and establishing a data connection channel between the proxy client and the proxy client according to feedback information returned by the proxy client based on the session control instruction.
Optionally, establishing a data connection channel with the proxy client according to feedback information returned by the proxy client based on the session control instruction includes:
acquiring a session ID and a random number value from the feedback information of the proxy client;
determining whether the session ID and the random number value are the same as the stored session ID and the random number value;
and if the data connection channel is the same as the data connection channel, establishing a data connection channel between the proxy client and the proxy client.
An access device for a data connection channel, comprising:
the registration module is used for generating an agent registration request and sending the agent registration request to an agent server;
a receiving module, configured to receive a port resource allocated by the proxy server based on the proxy registration request;
the control module is used for establishing control information connection with the proxy server according to the port resources and receiving a session control instruction sent by the proxy server; and establishing a data connection channel between the proxy server and the proxy server according to the session control instruction.
An access device for a data connection channel, comprising:
the receiving module is used for receiving an agent registration request sent by an agent client;
the resource allocation module is used for allocating port resources for the agent client according to the agent registration request and sending the port resources to the agent client;
the control module is used for sending a session control instruction to the proxy client when the proxy client is successfully registered; and establishing a data connection channel between the proxy client and the proxy client according to feedback information returned by the proxy client based on the session control instruction.
An access system for a data connection path, comprising: a proxy client and a proxy server, wherein,
the proxy client is used for generating a proxy registration request and sending the proxy registration request to a proxy server; receiving port resources allocated by the agent server based on the agent registration request; according to the port resources, establishing control information connection with the proxy server side, and receiving a session control instruction sent by the proxy server side; establishing a data connection channel between the proxy server and the proxy server according to the session control instruction;
the proxy server is used for receiving a proxy registration request sent by the proxy client; according to the agent registration request, port resources are distributed for the agent client and sent to the agent client; when the proxy client is successfully registered, sending a session control instruction to the proxy client; and establishing a data connection channel between the proxy client and the proxy client according to feedback information returned by the proxy client based on the session control instruction.
According to the method provided by the embodiment of the invention, in the process of connecting the data connection channel between the proxy client and the proxy server, firstly, the password is carried out on the control information to ensure that the control information is not intercepted, and when a session control instruction is initiated, a unique session ID and a random numerical value are added in the session control instruction, then the proxy client generates authentication information containing the session ID and the random numerical value, and after the proxy server verifies that the authentication information passes, the data connection channel is established between the proxy client and the proxy server, so that the access security of the data connection channel between the proxy client and the proxy server is improved.
Drawings
FIG. 1 is a schematic diagram of a reverse proxy server, an internal network and an external network according to the prior art;
FIG. 2 is a flowchart of an accessing method of a data connection channel according to an embodiment of the present invention;
FIG. 3 is an interaction flow diagram of a distributed reverse proxy system in an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a second method for accessing a data connection channel according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of one of the access devices of the data connection channel according to an embodiment of the present invention;
FIG. 6 is a second exemplary embodiment of an access device for data connection channel;
fig. 7 is a schematic structural diagram of an access system of a data connection channel according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention are described in detail with reference to the drawings and the specific embodiments, and it should be understood that the embodiments and the specific technical features in the embodiments of the present invention are merely illustrative of the technical solutions of the present invention, and are not restrictive, and the embodiments and the specific technical features in the embodiments of the present invention may be combined with each other without conflict.
The first embodiment is as follows:
fig. 2 is a flowchart of an access method of a data connection channel in an embodiment of the present invention, where the method includes:
s201, generating an agent registration request and sending the agent registration request to an agent client;
s202, receiving port resources distributed by the agent server side to the agent registration request;
s203, according to the port resources, establishing control information connection with the proxy server and receiving a session control instruction sent by the proxy server;
and S204, establishing a data connection channel with the proxy server according to the session control instruction.
In the embodiment of the invention, the method can be applied to a reverse proxy server which is divided into a proxy client and a proxy server.
Fig. 3 is an interaction flow diagram of the distributed reverse proxy system, which includes:
1, the proxy client establishes a control connection to a proxy server control port
2, the proxy client sends a ProxyReg proxy registration request to the proxy server
3, the proxy server side allocates resources including public ports, data ports and the like
And 4, the proxy server side returns a registration request result which comprises the allocated resource information.
5, the external client connects to the public port and requests to establish a new connection
6, the agent server side initiates a Start Session command to the agent client side through the control channel to request to establish a new Session
7, the proxy client establishes a data connection channel to the data port of the proxy server
8, the agent client establishes a data connection channel to the target server of the intranet
Specifically, in the embodiment of the invention, the proxy client establishes the control connection with the proxy server firstly, and in order to ensure the security of the connection, the control connection is established between the secure socket layer SSL and the proxy server, so that the encryption of the control message can be ensured, the control message is not easily acquired by the outside, and the security of the connection is ensured.
After the control connection of security is established, the proxy client generates a ProxyReg proxy registration request and sends the proxy registration request to the proxy server, after the proxy server receives the proxy registration request, the proxy server allocates port resources such as a public port for the proxy client, wherein the port resources also comprise a data port and the like, after the registration is successful, the proxy server allocates a proxy identifier for the proxy service at this time and stores the proxy identifier, and the proxy identifier is used for uniquely identifying the current proxy service.
The proxy server generates a registration result based on the proxy registration request, and the resource information allocated in Chinese can not be required in the registration result. And the proxy server side returns the registration result to the proxy client side. The proxy client generates a registration response based on the registration result and returns the registration response to the proxy server.
After the proxy server receives the registration response, the proxy server initiates a session control instruction, requests to establish a new session request, allocates a unique session ID and a random number value to the proxy server, stores the session ID and the random number value, and stores the IP of the control channel.
When the proxy server side initiates a session control instruction, the session control instruction contains a session ID and a random number value. After the agent client receives the session control instruction, the agent client establishes a data connection with the agent server, and when the data connection is established, the agent client generates authentication information which contains a session ID and a random number.
In addition, in order to further ensure the security of the authentication information, after the proxy client generates the authentication information, the authentication information may be encrypted by an RSA algorithm. Therefore, the authentication information can be prevented from being directly used after being intercepted by other equipment, and the safety of data transmission is further improved.
The proxy client sends authentication information containing session ID and random values to the proxy server, if the authentication information is encrypted, the proxy server decrypts the authentication information, and after decryption is completed, the proxy server verifies the session ID and the random values obtained by decryption, namely, whether the obtained session ID and the random values are the same as the stored session ID and the random values is judged, if yes, the verification is passed, and at the moment, the proxy server informs the proxy client that the verification is passed.
After the verification is passed, the proxy client establishes a data connection channel to the data port of the proxy server, and then the proxy client establishes a data connection channel to the intranet target server, so that all channels among the client, the proxy server and the intranet server are communicated, and bidirectional data transmission can be realized.
According to the method provided by the embodiment of the invention, in the process of connecting the data connection channel between the proxy client and the proxy server, firstly, the password is carried out on the control information to ensure that the control information is not intercepted, and when a session control instruction is initiated, a unique session ID and a random numerical value are added in the session control instruction, then the proxy client generates authentication information containing the session ID and the random numerical value, and after the proxy server verifies that the authentication information passes, the data connection channel is established between the proxy client and the proxy server, so that the access security of the data connection channel between the proxy client and the proxy server is improved.
Example two:
an embodiment of the present invention further provides an access method for a data connection channel, and as shown in fig. 4, a flowchart of an access method for a data connection channel in an embodiment of the present invention is shown, where the method includes:
s401, receiving an agent registration request sent by an agent client;
s402, according to the proxy registration request, allocating port resources for the proxy client and sending the port resources to the proxy client;
s403, when the proxy client is successfully registered, sending a session control instruction to the proxy client;
s404, establishing a data connection channel with the proxy client according to the feedback information returned by the proxy client based on the session control instruction.
In the embodiment of the invention, the method can be applied to a reverse proxy server which is divided into a proxy client and a proxy server.
Fig. 3 is an interaction flow diagram of the distributed reverse proxy system, which includes:
1, the proxy client establishes a control connection to a proxy server control port
2, the proxy client sends a ProxyReg proxy registration request to the proxy server
3, the proxy server side allocates resources including public ports, data ports and the like
And 4, the proxy server side returns a registration request result which comprises the allocated resource information.
5, the external client connects to the public port and requests to establish a new connection
6, the agent server side initiates a Start Session command to the agent client side through the control channel to request to establish a new Session
7, the proxy client establishes a data connection channel to the data port of the proxy server
8, the agent client establishes a data connection channel to the target server of the intranet
Specifically, in the embodiment of the invention, the proxy client establishes the control connection with the proxy server firstly, and in order to ensure the security of the connection, the control connection is established between the secure socket layer SSL and the proxy server, so that the encryption of the control message can be ensured, the control message is not easily acquired by the outside, and the security of the connection is ensured.
After the control connection of security is established, the proxy client generates a ProxyReg proxy registration request and sends the proxy registration request to the proxy server, after the proxy server receives the proxy registration request, the proxy server allocates port resources such as a public port for the proxy client, wherein the port resources also comprise a data port and the like, after the registration is successful, the proxy server allocates a proxy identifier for the proxy service at this time and stores the proxy identifier, and the proxy identifier is used for uniquely identifying the current proxy service.
The proxy server generates a registration result based on the proxy registration request, and the resource information allocated in Chinese can not be required in the registration result. And the proxy server side returns the registration result to the proxy client side. The proxy client generates a registration response based on the registration result and returns the registration response to the proxy server.
After the proxy server receives the registration response, the proxy server initiates a session control instruction, requests to establish a new session request, allocates a unique session ID and a random number value to the proxy server, stores the session ID and the random number value, and stores the IP of the control channel.
When the proxy server side initiates a session control instruction, the session control instruction contains a session ID and a random number value. After the agent client receives the session control instruction, the agent client establishes a data connection with the agent server, and when the data connection is established, the agent client generates authentication information which contains a session ID and a random number.
In addition, in order to further ensure the security of the authentication information, after the proxy client generates the authentication information, the authentication information may be encrypted by an RSA algorithm. Therefore, the authentication information can be prevented from being directly used after being intercepted by other equipment, and the safety of data transmission is further improved.
The proxy client sends authentication information containing session ID and random values to the proxy server, if the authentication information is encrypted, the proxy server decrypts the authentication information, and after decryption is completed, the proxy server verifies the session ID and the random values obtained by decryption, namely, whether the obtained session ID and the random values are the same as the stored session ID and the random values is judged, if yes, the verification is passed, and at the moment, the proxy server informs the proxy client that the verification is passed.
After the verification is passed, the proxy client establishes a data connection channel to the data port of the proxy server, and then the proxy client establishes a data connection channel to the intranet target server, so that all channels among the client, the proxy server and the intranet server are communicated, and bidirectional data transmission can be realized.
According to the method provided by the embodiment of the invention, in the process of connecting the data connection channel between the proxy client and the proxy server, firstly, the password is carried out on the control information to ensure that the control information is not intercepted, and when a session control instruction is initiated, a unique session ID and a random numerical value are added in the session control instruction, then the proxy client generates authentication information containing the session ID and the random numerical value, and after the proxy server verifies that the authentication information passes, the data connection channel is established between the proxy client and the proxy server, so that the access security of the data connection channel between the proxy client and the proxy server is improved.
Example three:
corresponding to an access method of a data connection channel in a first embodiment, an access apparatus of a data connection channel is further provided in an embodiment of the present invention, and as shown in fig. 5, a schematic structural diagram of an access apparatus of a data connection channel in an embodiment of the present invention is shown, where the apparatus includes:
the registration module 501 is configured to generate an agent registration request, and send the agent registration request to an agent server;
a receiving module 502, configured to receive a port resource allocated by the proxy server based on the proxy registration request;
the control module 503 is configured to establish a control information connection with the proxy server according to the port resource, and receive a session control instruction sent by the proxy server; and establishing a data connection channel between the proxy server and the proxy server according to the session control instruction.
Example four:
corresponding to the method for accessing a data connection channel in the second embodiment, an access apparatus for a data connection channel is further provided in the second embodiment of the present invention, and as shown in fig. 6, the access apparatus for a data connection channel in the second embodiment of the present invention is schematically configured, and the apparatus includes:
a receiving module 601, configured to receive an agent registration request sent by an agent client;
a resource allocation module 602, configured to allocate port resources to the proxy client according to the proxy registration request, and send the port resources to the proxy client;
the control module 603 is configured to send a session control instruction to the proxy client when the proxy client is successfully registered; and establishing a data connection channel with the proxy client according to feedback information returned by the proxy client based on the session control instruction.
Example five:
fig. 7 is a schematic structural diagram of an access system of a data connection channel in an embodiment of the present invention, where the access system includes: a proxy client 701 and a proxy server 702, wherein,
the proxy client 701 is configured to generate a proxy registration request and send the proxy registration request to the proxy server 702; receiving port resources allocated by the proxy server 702 based on the proxy registration request; according to the port resources, establishing control information connection with the proxy server 702, and receiving a session control instruction sent by the proxy server 702; and establishing a data connection channel with the proxy server 702 according to the session control instruction.
The proxy server 702 is configured to receive a proxy registration request sent by the proxy client 701; according to the proxy registration request, port resources are allocated to the proxy client 701 and sent to the proxy client 701; when the proxy client 701 is successfully registered, sending a session control instruction to the proxy client 701; and establishing a data connection channel with the proxy client 701 according to feedback information returned by the proxy client 701 based on the session control instruction.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (7)

1. An access method of a data connection channel, the method comprising:
generating an agent registration request and sending the agent registration request to an agent server;
receiving port resources allocated by the agent server based on the agent registration request;
according to the port resources, establishing control information connection with the proxy server side, and receiving a session control instruction sent by the proxy server side; receiving a session control instruction sent by the proxy server includes:
analyzing the session control instruction to obtain a unique session ID and a random numerical value distributed by the proxy server;
saving the session ID and the random number value;
establishing a data connection channel between the proxy server and the proxy server according to the session control instruction; the method specifically comprises the following steps:
generating authentication information including the session ID and the random number;
sending the authentication information to the proxy server for verification, judging whether the obtained session ID and the random numerical value are the same as the stored session ID and the random numerical value, if so, the verification is passed, and at the moment, the proxy server informs the proxy client that the verification is passed;
and when the verification passing feedback of the proxy server is obtained, establishing a data connection channel between the proxy server and the proxy server.
2. The method of claim 1, wherein prior to generating the proxy registration request and sending the proxy registration request to the proxy server, the method further comprises:
and establishing control connection with the proxy server through a secure socket layer SSL.
3. The method of claim 1, wherein after sending the proxy registration request to a proxy server, the method further comprises:
and receiving an agent identifier distributed by the agent server, and storing the agent identifier, wherein the agent identifier is used for uniquely identifying the current agent service.
4. An access method of a data connection channel, comprising:
receiving an agent registration request sent by an agent client;
according to the agent registration request, port resources are distributed for the agent client and sent to the agent client;
when the proxy client is successfully registered, sending a session control instruction to the proxy client;
establishing a data connection channel with the proxy client according to feedback information returned by the proxy client based on the session control instruction; the method specifically comprises the following steps:
acquiring a session ID and a random number value from the feedback information of the proxy client;
determining whether the session ID and the random number value are the same as the stored session ID and the random number value;
and if the data connection channel is the same as the data connection channel, establishing a data connection channel between the proxy client and the proxy client.
5. An access device for a data connection channel, comprising:
the registration module is used for generating an agent registration request and sending the agent registration request to an agent server;
a receiving module, configured to receive a port resource allocated by the proxy server based on the proxy registration request;
the control module is used for establishing control information connection with the proxy server according to the port resources and receiving a session control instruction sent by the proxy server; establishing a data connection channel between the proxy server and the proxy server according to the session control instruction; receiving a session control instruction sent by the proxy server includes:
analyzing the session control instruction to obtain a unique session ID and a random numerical value distributed by the proxy server;
saving the session ID and the random number value;
establishing a data connection channel with the proxy server according to the session control instruction, specifically comprising:
generating authentication information including the session ID and the random number;
sending the authentication information to the proxy server for verification, judging whether the obtained session ID and the random numerical value are the same as the stored session ID and the random numerical value, if so, the verification is passed, and at the moment, the proxy server informs the proxy client that the verification is passed;
and when the verification passing feedback of the proxy server is obtained, establishing a data connection channel between the proxy server and the proxy server.
6. An access device for a data connection channel, comprising:
the receiving module is used for receiving an agent registration request sent by an agent client;
the resource allocation module is used for allocating port resources for the agent client according to the agent registration request and sending the port resources to the agent client;
the control module is used for sending a session control instruction to the proxy client when the proxy client is successfully registered;
establishing a data connection channel with the proxy client according to feedback information returned by the proxy client based on the session control instruction; the method specifically comprises the following steps:
acquiring a session ID and a random number value from the feedback information of the proxy client;
determining whether the session ID and the random number value are the same as the stored session ID and the random number value;
and if the data connection channel is the same as the data connection channel, establishing a data connection channel between the proxy client and the proxy client.
7. An access system for a data connection path, comprising: a proxy client and a proxy server, wherein,
the proxy client is used for generating a proxy registration request and sending the proxy registration request to a proxy server; receiving port resources allocated by the agent server based on the agent registration request; according to the port resources, establishing control information connection with the proxy server side, and receiving a session control instruction sent by the proxy server side; establishing a data connection channel between the proxy server and the proxy server according to the session control instruction; receiving a session control instruction sent by the proxy server includes:
analyzing the session control instruction to obtain a unique session ID and a random numerical value distributed by the proxy server;
saving the session ID and the random number value;
establishing a data connection channel with the proxy server according to the session control instruction, specifically comprising:
generating authentication information including the session ID and the random number;
sending the authentication information to the proxy server for verification, judging whether the obtained session ID and the random numerical value are the same as the stored session ID and the random numerical value, if so, the verification is passed, and at the moment, the proxy server informs the proxy client that the verification is passed;
when the verification of the proxy server side is fed back, a data connection channel between the proxy server side and the proxy server side is established;
the proxy server is used for receiving a proxy registration request sent by the proxy client; according to the agent registration request, port resources are distributed for the agent client and sent to the agent client; when the proxy client is successfully registered, sending a session control instruction to the proxy client; establishing a data connection channel with the proxy client according to feedback information returned by the proxy client based on the session control instruction, and specifically comprising:
acquiring a session ID and a random number value from the feedback information of the proxy client;
determining whether the session ID and the random number value are the same as the stored session ID and the random number value;
and if the data connection channel is the same as the data connection channel, establishing a data connection channel between the proxy client and the proxy client.
CN201710787753.5A 2017-09-04 2017-09-04 Access method, device and system of data connection channel Active CN107426339B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710787753.5A CN107426339B (en) 2017-09-04 2017-09-04 Access method, device and system of data connection channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710787753.5A CN107426339B (en) 2017-09-04 2017-09-04 Access method, device and system of data connection channel

Publications (2)

Publication Number Publication Date
CN107426339A CN107426339A (en) 2017-12-01
CN107426339B true CN107426339B (en) 2020-05-26

Family

ID=60435684

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710787753.5A Active CN107426339B (en) 2017-09-04 2017-09-04 Access method, device and system of data connection channel

Country Status (1)

Country Link
CN (1) CN107426339B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978583A (en) * 2018-03-05 2022-08-30 上海可鲁系统软件有限公司 Intelligent virtual private network system for industrial Internet of things
CN109067798B (en) * 2018-09-28 2021-03-05 中国联合网络通信集团有限公司 Reverse interconnection authentication method and device
CN110324397B (en) * 2019-03-21 2021-09-21 国网山东省电力公司 Intelligent substation station control layer application service interface access method based on dynamic connection
CN111726384A (en) * 2019-03-22 2020-09-29 阿里巴巴集团控股有限公司 Communication method and device
CN110365741B (en) * 2019-06-13 2022-04-05 网宿科技股份有限公司 Connection establishing method and transfer server
CN110557383A (en) * 2019-08-12 2019-12-10 中国南方电网有限责任公司 Network security data processing method, device, equipment and medium for power monitoring system
CN111092911B (en) * 2019-12-31 2021-11-02 成都科来网络技术有限公司 Network agent realizing method for enhancing safety
CN111556024B (en) * 2020-03-31 2022-07-05 中国航天系统科学与工程研究院 Reverse access control system and method
CN113364842B (en) * 2021-05-31 2022-12-16 深圳市光网世纪科技有限公司 Network data transmission method
CN115037525A (en) * 2022-05-18 2022-09-09 深圳奇迹智慧网络有限公司 Multi-connection dynamic security shell protocol reverse proxy system and method
CN117082134A (en) * 2022-11-29 2023-11-17 中移(杭州)信息技术有限公司 Proxy connection method, server, communication system and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1738255A (en) * 2004-08-17 2006-02-22 迈普(四川)通信技术有限公司 Access control method and safety proxy server
CN101127600A (en) * 2006-08-14 2008-02-20 华为技术有限公司 A method for user access authentication
CN101977234A (en) * 2010-11-02 2011-02-16 中南大学 Parallel TCP (Transmission Control Protocol) technology based wide area network (WAN) communication acceleration method
CN106357732A (en) * 2016-08-25 2017-01-25 珠海迈科智能科技股份有限公司 Method for distributed reverse proxy server and client as well as device and system thereof
CN106487812A (en) * 2016-12-02 2017-03-08 努比亚技术有限公司 A kind of method for authenticating and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3859667B2 (en) * 2004-10-26 2006-12-20 株式会社日立製作所 Data communication method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1738255A (en) * 2004-08-17 2006-02-22 迈普(四川)通信技术有限公司 Access control method and safety proxy server
CN101127600A (en) * 2006-08-14 2008-02-20 华为技术有限公司 A method for user access authentication
CN101977234A (en) * 2010-11-02 2011-02-16 中南大学 Parallel TCP (Transmission Control Protocol) technology based wide area network (WAN) communication acceleration method
CN106357732A (en) * 2016-08-25 2017-01-25 珠海迈科智能科技股份有限公司 Method for distributed reverse proxy server and client as well as device and system thereof
CN106487812A (en) * 2016-12-02 2017-03-08 努比亚技术有限公司 A kind of method for authenticating and device

Also Published As

Publication number Publication date
CN107426339A (en) 2017-12-01

Similar Documents

Publication Publication Date Title
CN107426339B (en) Access method, device and system of data connection channel
CN113615142B (en) Method and apparatus for providing authentication in a network-based media processing (NBMP) system
US8220042B2 (en) Creating secure interactive connections with remote resources
EP2605471B1 (en) Relay-based media channel establishing method and the system thereof
US20140289839A1 (en) Resource control method and apparatus
CN110933084B (en) Cross-domain shared login state method, device, terminal and storage medium
WO2016201732A1 (en) Virtual sim card parameter management method, mobile terminal, and server
US10257171B2 (en) Server public key pinning by URL
US10348687B2 (en) Method and apparatus for using software defined networking and network function virtualization to secure residential networks
CN106209727B (en) Session access method and device
US20230143835A1 (en) Network slice connection management method, terminal, and computer-readable storage medium
CN104426656A (en) Data transceiving method and system, and message processing method and device
CN109905450B (en) Inter-device communication method, device and storage medium
CN107819888B (en) Method, device and network element for distributing relay address
US20180295162A1 (en) Communications methods, apparatus and systems for correlating registrations, service requests and calls
CN110138765B (en) Data processing method, data processing device, computer equipment and computer readable storage medium
CN109067729B (en) Authentication method and device
CN112583599B (en) Communication method and device
CN105516070B (en) A kind of method and device that Service Ticket substitutes
CN101998405B (en) WLAN access authentication based method for accessing services
CN108462681B (en) Communication method, device and system of heterogeneous network
CN114125025B (en) Data transmission method and device under multi-target network
US20160080276A1 (en) Methods and arrangement for adapting quality of service for a private channel based on service awareness
CN113949730A (en) Communication method and device of equipment
CN114124378B (en) AUTBUS bus-based communication method, system, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant