CN107566355A - A kind of cloud Information Exchange System - Google Patents

A kind of cloud Information Exchange System Download PDF

Info

Publication number
CN107566355A
CN107566355A CN201710732467.9A CN201710732467A CN107566355A CN 107566355 A CN107566355 A CN 107566355A CN 201710732467 A CN201710732467 A CN 201710732467A CN 107566355 A CN107566355 A CN 107566355A
Authority
CN
China
Prior art keywords
service
connection
client
machine
information exchange
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710732467.9A
Other languages
Chinese (zh)
Inventor
林少雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUANGZHOU MIDDLEWAY TECHNOLOGY CO LTD
Original Assignee
GUANGZHOU MIDDLEWAY TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUANGZHOU MIDDLEWAY TECHNOLOGY CO LTD filed Critical GUANGZHOU MIDDLEWAY TECHNOLOGY CO LTD
Priority to CN201710732467.9A priority Critical patent/CN107566355A/en
Publication of CN107566355A publication Critical patent/CN107566355A/en
Pending legal-status Critical Current

Links

Abstract

A kind of cloud Information Exchange System, it includes:Configure concatenate rule:Cloud Information Exchange System connected mode includes service connection and client's connection;Configuration forwarding rule:Cloud Information Exchange System only forwards to information, does not handle specific information service;Configuration audit rule:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection can just send information to system and be connected by system forwards corresponding to;Configuration information exchange rule:Information in cloud Information Exchange System is swapped in units of frame, and in cloud Information Exchange System, comprising two kinds of frames, one kind is control frame, and one kind is data frame;Cryptographic means are used in the information exchanging process of cloud Information Exchange System;And receiving party is authenticated.

Description

A kind of cloud Information Exchange System
Technical field
The present invention relates to cloud areas of information technology, more particularly to a kind of cloud Information Exchange System.
Background technology
Following defect be present in existing information service:1:Information service contains goods entry, stock and sales service, POS system service, ERP Service, Customer Relation Management etc..2:Each little Wei enterprises to provide information service just need to provide on the internet server, One fixed IP address, the PC that could be supplied in enterprise, mobile phone, flat board access.Each little Wei enterprises will carry on the internet For information service, it is also desirable to which there are a fixed IP address in each little Wei enterprises, and the IPV4 addresses on internet have currently been drawn Divide and finish, a fixed IP address can not be provided to each little Wei enterprises.3:Most of little Wei enterprises are accessed using ADSL Internet, interconnection is accessed in the dynamic IP that the server of enterprises lan offer information service provides also by ADSL connections Net, so the mobile phone or flat board in enterprise external (for example accessing internet by mobile network) are can not to have access to enterprises Server.4:The budget that the technical forces of little Wei enterprises is weaker, information service is supported is low, lays one on the internet The individual server for having fixed ip address can be easier to be attacked, the problem of bringing security.
It is as shown in figure 1, increasing with mobile devices such as mobile phone and flat boards, the problem of present situation:A:It there is currently quantity Numerous medium and small micro- enterprises, the IP address on internet are limited, it is impossible to distribute a fixation for each medium and small micro- enterprise IP address.B:Pass through the mobile phone or flat board of internet in mobile network's connection, it is impossible to have access to intra-company's LAN Server A or server B.C:Little Wei enterprises are lacked qualified technical personnel, and a fixed IP is safeguarded without special technical force The safety of the server of address, easily triggered safety by network attack so as to cause information service unavailable or data is stolen Problem.
The content of the invention
In view of this, the present invention proposes a kind of cloud Information Exchange System, and it includes:
Configure concatenate rule:Cloud Information Exchange System connected mode includes service connection and client's connection;
Configuration forwarding rule:Cloud Information Exchange System only forwards to information, does not handle specific information service;
Configuration audit rule:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection could send information Connected to system and by system forwards corresponding to;
Configuration information exchange rule:Information in cloud Information Exchange System is swapped in units of frame, is handed in cloud information Change in system, comprising two kinds of frames, one kind is control frame, and one kind is data frame;
Cryptographic means are used in the information exchanging process of cloud Information Exchange System;
And receiving party is authenticated.
In cloud Information Exchange System of the present invention,
The service connection connects for service provider, and service provider includes POS, card system, integration system System;
Client's connection connects for terminal, and terminal includes mobile phone, flat board, PC.
In cloud Information Exchange System of the present invention,
In client's connection, identified by customer name;Customer name includes two parts, and a part is service mark Know, a part is title, and service identifiers of the cloud Information Exchange System in customer name count how many some services Individual user.
In cloud Information Exchange System of the present invention,
Client's connection includes two following attribute:
Same service identifiers attribute
In the client connects, the service identifiers part in the customer name of all information is all identical;
Single client terminal attribute
In the client connects, the information of only one client sends, and the customer name in all information only has One, multiple customer names are not included in the client connects.
In cloud Information Exchange System of the present invention,
It is specific that the service connection accesses a service connection the inside using service number+system service title+machine number System service;
Cloud Information Exchange System defines three kinds of service connection attributes:
(1) service number attribute
The connection can be sent to by representing all information of the service number, and the connection can route information to the service Number all purposes;
(2) system service attribute
The connection can be sent to by representing all information of the system service of the service number, and the connection can be by information With being routed to all purposes of the system service of the service number;
(3) machine number attribute
The connection can be sent to by representing all information of the machine number of the system service of the service number, the connection The machine number of the system service of the service number can be routed information to;
Different access control rules is configured,
(1) service number 1 arrives service number 2
Represent any system in all system services and all transmittable information to service number 2 of machine of the inside of service number 1 Service and machine;
(2) service number 1 arrives the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine Any machine;
(3) machine Q of the service number 1 to the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine Machine Q;
(4) the system service A of service number 1 is to service number 2
Represent any system service that the system service A of service number 1 all machines can be sent information in service number 2 And machine;
(5) system service Bs of the system service A of service number 1 to service number 2
Appointing for the system service B of service number 2 can be sent information to by representing the system service A of service number 1 all machines What machine;
(6) machine Qs of the system service A of service number 1 to the system service B of service number 2
The system service B of service number 2 machine can be sent information to by representing the system service A of service number 1 all machines Device Q;
(7) the system service A of service number 1 machine P is to service number 2
Represent the system service A of service number 1 any system services that can send information in service number 2 of machine P and Machine;
(8) system service Bs of the system service A of the service number 1 machine P to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 machine P Device;
(9) machine Qs of the system service A of the service number 1 machine P to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 machine P;
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
Under the access control rule, following relationship between superior and subordinate is configured, it is assumed that service number 2 is the higher level of service number 1:
Regular X:System service Bs of the system service A of service number 1 to service number 2;
Regular Y:Service number 2 arrives service number 1;
According to two configuration rules above, the interaction of control information, first, the system service A of service number 1 send information To the system service B of service number 2, the purpose for sending the message is generally information request, and service number 2 receives information, and after processing, The system service A that information returns to service number 1 is sent, cloud Information Exchange System can be by the response of service number 2 according to regular Y Information is sent to the system service A of service number 1;Exchange between information is completed according to above rule X and regular Y.
In cloud Information Exchange System of the present invention,
The configuration forwarding rule specifically includes:Information in cloud Information Exchange System is swapped in units of frame, In cloud Information Exchange System, comprising two kinds of frames, one kind is control frame, and one kind is data frame;Control frame be used for connect examination & verification and Control of connection etc.;Data frame be used for connect between data exchange, each data frame must include purpose link address and Source link address, information exchange regulation is defined in cloud Information Exchange System, only meets the data frame of information exchange regulation It can just be forwarded.
In cloud Information Exchange System, each data frame must include purpose link address and source link address, such as Fruit address connects for service, then address uses the form of above-mentioned " service number+system service title+machine number ";If address Connected for client, then address uses the form that above-mentioned " customer name " is service identifiers+title.
In cloud Information Exchange System of the present invention,
Configuration audit rule includes:
In cloud Information Exchange System, the corresponding machine identification of each connection (service connection or client's connection) is (even The machine identification for the side of connecing), it is necessary to which machine identification is sent into cloud Information Exchange System after connection, the inspection of cloud Information Exchange System Look into by rear, the interaction of normal information can be just carried out in the connection;
The corresponding machine identification of each service number+system service title+machine number is set (to provide the server of the service Machine identification), the machine identification upon connection, it is necessary to be sent to cloud Information Exchange System come, cloud Information Exchange System inspection is led to Later, the interaction of normal information can be just carried out in the connection;
1:Under TCP/IP environment, connection selection is TCP length connections, and some service ends are that possess the fixation on Internet IP address, configure some service number+system service title+machine number will some specific IP address can just connect into Enter;
2:To prevent network attack, the IP address range of setting service connection, in cloud Information Exchange System, it is determined that service Provider is to be in which region, and there is individual IP address range in each region, so for not being in the range of particular ip address Service connection, directly closed;
Corresponding to client, each client can only correspond to a machine identification, and each client is connected to cloud information After exchange system, it is also necessary to which machine identification sends corresponding to, and systems inspection can just carry out other information by rear Exchange;Under TCP/IP environment, client connection selection is TCP length connections, and some clients are that have the fixation on Internet IP address, entrance will can just be connected in some specific IP address by configuring some client.
In cloud Information Exchange System of the present invention,
Configuration information exchange rule includes:
Access control between client and service end is set in cloud Information Exchange System, there is following access control:
(1) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter Cease all machines of all system services of service number 1
(2) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1 System service A
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter Cease the system service A of service number 1 all machines
(3) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1 System service A machine P
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter Cease the system service A of service number 1 machine P
(4) service number 1 arrives the customer name server01.aaa of the client or service identifiers server01 of client
The customer name of client can be sent information to by representing all machines of all system services of service number 1 Server01.aaa or client service identifiers server01
(5) the system service A of service number 1 to the customer name server01.aaa of client or the service identifiers of client server01
The customer name of client can be sent information to by representing the system service A of service number 1 all machines Server01.aaa or client service identifiers server01
(6) the customer name server01.aaa or client of the system service A of service number 1 machine P to client Service identifiers server01
The customer name of client can be sent information to by representing the system service A of service number 1 machine P Server01.aaa or client service identifiers server01
Cloud Information Exchange System is according to the information exchange regulation of system configuration, to complete the exchange of information.
Under the access control rule, following access rule is configured, it is assumed that client server01.aaa, service number 1 System service A:
Rule P:System service As of the client server01.aaa to service number 1
Regular Q:Service number 1 arrives client server01.aaa
According to two configuration rules above, the interaction of information is can control, first, client server01.aaa sends letter The system service A of service number 1 machine number 1 is ceased, cloud Information Exchange System is according to rule P, by client server01.aaa Solicited message be sent to service number 1 system service A machine number 1, service end processing after, send echo message to client Server01.aaa, cloud Information Exchange System can will forward information in client server01.aaa according to regular Q;
The information between client and service number is completed according to above rule P and regular Q to exchange;
Cloud Information Exchange System of the present invention, it is characterised in that
Exchange and the routing rule of connection includes:
(1) in a service number, due to the difference of connection attribute, have it is multiple be connected to cloud Information Exchange System, In cloud Information Exchange System, according to immediate connection route information, searched according to the order of following connection attribute Route:
A:Machine number attribute
B:System service attribute
C:Service number attribute
The connection for finding the attribute most matched just will send information to the connection;
When cloud Information Exchange System receives a message that be transmitted to the system service A machines H of service number 1,
a:First check for whetheing there is the connection of machine number attribute and for " the system service A machine H " of service number 1, if any then should Message is sent to the connection;
b:Such as the connection without the machine number attribute, then the connection of system service attribute is checked for, and be " service number 1 System service A ", if any the message then is sent into the connection;
c:Such as the connection without the system service attribute, then the connection of service number attribute, and the service number category are checked for Property is connected as " service number 1 ", if any the message then is sent into the connection;
d:If the connection of three attribute more than not all being consistent, the message can not be sent;
(2) in cloud Information Exchange System, the service connection of same attribute can only have one;The service number of service number 1 The connection of attribute only has one, and when the connection connection for the service number attribute for having a newest service number 1 comes up, cloud information is handed over System is changed if it find that having there is the connection of the Service Properties of the service number 1 before, then the connection before closing is same to ensure The service of one attribute, which is connected in cloud Information Exchange System, only has a connection;
Likewise, the connection of system service attribute and machine number attribute also ensures only one connection;
So the system service A of service number 1 machine H is according to different service connection attributes, in cloud Information Exchange System In be up to three connection:
The service connection of the service number 1 of service number attribute;
The system service A of the service number 1 of system service attribute service connection;
The system service A of the service number 1 of machine number attribute machine H service connection;
(3) in cloud Information Exchange System, client's connection is similar with the processing mode of service connection, according to different connections Attribute, message is sent according to the purpose customer name of message;Cloud Information Exchange System receives a purpose customer name Server12345678.aaa message, cloud Information Exchange System first look for the customer name either with or without single client terminal attribute Connected for server12345678.aaa client, if so, being then sent to client connection;
If it is not, search the client for being server12345678 either with or without the service identifiers of same service identifiers attribute Connection, if so, being then sent to client connection;
If not provided, cloud Information Exchange System can not then send out the message;
(4) in cloud Information Exchange System, client's connection of same attribute can only have one.For example customer name is Client's connection that the service identifiers of server12345678.aaa same service identifiers attribute are server12345678 can only There is one;If in cloud Information Exchange System, there is client connection before, then cloud Information Exchange System can be by before The connection closed.
So customer name be server12345678.aaa client be connected in cloud Information Exchange System at most just like Under two clients connection:
The client that the service identifiers of same service identifiers attribute are server12345678 connects
The client that the customer name of single client terminal attribute is server12345678.aaa connects.
Cloud Information Exchange System provided by the invention, relative to prior art, it can realize:
1:Cloud Information Exchange System, which is laid, on the internet, fixed IP address, can be accessed for multiple enterprises.(solution Certainly each little Wei enterprises are required for a fixed IP address)
2:Comprising two kinds of connections in cloud Information Exchange System, to service connection, one kind connects one kind for client.
Service connection in cloud Information Exchange System connects for service provider, service provider such as POS, Card system, integrating system etc..
Client's connection in cloud Information Exchange System connects for terminal, such as mobile phone, flat board, PC etc..
(the little Wei enterprises for solving the problems, such as only dynamic IP can not provide information service)
Service connection or client's connection are not limited solely to IP connections, also can be by non-IP links (such as optical fiber high-speed link) even Tap into cloud Information Exchange System.
3:Cloud Information Exchange System only forwards to information, does not handle specific information service.
4:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection can just send information to system and by being System is forwarded to corresponding connection.
When the connection of cloud Information Exchange System, connected comprising service connection with client, after connection comes up, it is necessary to by examining It could start to send data after core, the means of examination & verification include:
(1) key of both sides' agreement whether is used during encrypted transmission
(2) whether connection has IP address limits or territorial scope limits etc.
(3) whether the machine-recognition code of connection has whether the machine-recognition code of binding or the connection can connect to the friendship of cloud information Change system.
(solve unauthorized access and reduce the possibility of network attack)
In addition, in safety, service connection connects the authenticity that can select to verify cloud Information Exchange System with client, than Such as, the authenticity of cloud Information Exchange System is verified by rivest, shamir, adelman, to avoid the cloud information for being connected to falseness from handing over Change in system.
5:Information in cloud Information Exchange System is swapped in units of frame, in cloud Information Exchange System, includes two Kind frame, one kind is control frame, and one kind is data frame;Control frame is used for control of the examination & verification and connection connected etc.;Data frame is used for Data exchange between connection, each data frame must include purpose link address and source link address, be handed in cloud information The system of changing defines information exchange regulation, only meets the data frame of information exchange regulation and can just be forwarded.
Brief description of the drawings
Fig. 1 is network connection schematic diagram in the prior art;
Fig. 2 is the cloud Information Exchange System network connection schematic diagram of the embodiment of the present invention.
Embodiment
It is as shown in figure 1, increasing with mobile devices such as mobile phone and flat boards, the problem of present situation:
A:It there is currently large number of medium and small micro- enterprise, the IP address on internet is limited, it is impossible in each Little Wei enterprises all distribute a fixed IP address.
B:Pass through the mobile phone or flat board of internet in mobile network's connection, it is impossible to have access to the clothes of intra-company's LAN Business device A or server B.
C:Little Wei enterprises are lacked qualified technical personnel, and the service of a fixed ip address is safeguarded without special technical force The safety of device, easily triggered safety problem by network attack so as to cause information service unavailable or data is stolen.
As shown in Fig. 2 cloud Information Exchange System is a network, by multiple servers and other corollary equipments (as exchanged Machine, router, fiber link etc.) form, in order to simplify the network diagram of cloud Information Exchange System, in fig. 2, by cloud information Exchange system is reduced to a cloud information exchange server.
Example 1:The cloud information that server A in company A LAN (LAN) is connected to by ADSL on Internet exchanges clothes Business device, the connection are also connected to the cloud information on Internet by mobile network as connection, mobile phone 10 or flat board 11 is serviced Swap server, the connection connect as client, and so, mobile phone 10 or the can of flat board 11 pass through the cloud information on Internet Swap server obtains the information service of the server A in company A LAN (LAN).Meanwhile the PCA1 and PCA2 of company A The cloud information exchange server that can also be connected to by ADSL on Internet, the connection connect as client, and so, A is public The PCA1 and PCA2 of department can also be obtained in company A LAN (LAN) by the cloud information exchange server on Internet The information service of server A, advantage of this is that, can be in company A LAN (LAN) by server A and PC (PCA1 And PCA2) do and isolate, after avoiding PC from being infected, server A is also infected.
Example 2:Assuming that the server 1 (fixed ip address) in figure two belongs to B companies, the service in B corporate lans (LAN) Device B falls within B companies, and server 1 and server B are required for providing information service, then, server B and server 1 connect respectively Cloud information exchange server on to Internet, these connections are as service connection;PCB1, PCB2, mobile phone B 1, flat board B2 The cloud information exchange server being connected to by ADSL on Internet, these connections connect as client,
In addition, it is assumed that mobile phone 10, flat board 11 belong to B companies, mobile phone 10, flat board 11 are also connected to by mobile network Cloud information exchange server on Internet, these connections also serve as client's connection;So, PCB1, PCB2, mobile phone B 1, flat Plate B2, mobile phone 10, flat board 11 these terminal devices can have access to server 1 and server by cloud information exchange server The information service that B is provided.
Example 3:Assuming that server Y belongs to B companies, server Y is connected to cloud by non-IP connections (high-speed link such as optical fiber) On swap server, connected as service;PCB1, PCB2, mobile phone B 1, flat board B2 are connected to the cloud on Internet by ADSL Information exchange server, these connections connect as client, in addition, it is assumed that mobile phone 10, flat board 11 belong to B companies, mobile phone 10, Flat board 11 is also connected to the cloud information exchange server on Internet by mobile network, and these connections also serve as client company Connect;So, PCB1, PCB2, mobile phone B 1, flat board B2, mobile phone 10, flat board 11 these terminal devices can be exchanged by cloud information The information service that server access provides to server Y.
So being connected for service connection or client, not limiting must be attached by TCP/IP.
Example 4:Assuming that server M belongs to B companies, server M is connected to cloud information by mobile base station and Internet and handed over Change on server, connected as service;The cloud that PCB1, PCB2, mobile phone B 1, flat board B2 are connected to by ADSL on Internet is believed Swap server is ceased, these connections connect as client, in addition, it is assumed that mobile phone 10, flat board 11 belong to B companies, mobile phone 10, put down Plate 11 is also connected to the cloud information exchange server on Internet by mobile network, and these connections also serve as client's connection; So, PCB1, PCB2, mobile phone B 1, flat board B2, mobile phone 10, flat board 11 these terminal devices can pass through cloud information and exchange clothes Business device has access to the information service of server M offers.
Because server M is to be connected to by mobile base station on Internet, so server M acquisitions is also one Dynamic IP, it is not a fixed IP on Internet, according to existing method, PCB1, PCB2, mobile phone B 1, flat board B2, mobile phone 10, these terminals of flat board 11 are impossible to have access to the information service of server M offers, and pass through cloud information Exchange Service Device, the information service that server M is provided are changed into addressable.
Four:System survey
Comprising two kinds of connections in cloud Information Exchange System, to service connection, one kind connects one kind for client.
Service connection in cloud Information Exchange System connects for service provider, service provider such as POS, Card system, integrating system etc..
Client's connection in cloud Information Exchange System connects for terminal, such as mobile phone, flat board, PC etc..
(2) in cloud Information Exchange System, connect corresponding to client, identified with customer name;
Customer name is made up of two parts, and a part is service identifiers, and a part is title, such as:
SERVER012345678.aaa customer name represents that service identifiers are SERVER012345678, entitled aaa
Cloud Information Exchange System can count how many use some services according to the service identifiers in customer name Family.
1:In actual environment, the paving POS of multiple solid shop/brick and mortar store all can be connected to cloud information as service provider Exchange system,
Because each solid shop/brick and mortar store is independent main body, ownership is independent, so, it is desirable to cloud Information Exchange System needs Control the access profile of client, it is impossible to be the mobile phone P1 (mobile phone is as client) in A shops, go to access the service end in B shops;
Service identifiers can be understood as the title of a group or an enterprise, such as a solid shop/brick and mortar store, there is more clients End, the service identifiers in client name, so that it may find out the client belongs to which enterprise or some group.
2:In client connects, a linkup transmit information can be shared with multiple client and gives cloud Information Exchange System, Cloud Information Exchange System can be given using a linkup transmit information with a client, so regulation client is connected with following two Attribute:
(1) same service identifiers attribute
In the client connects, the service identifiers part of the customer name of all information is all identical.
(2) single client terminal attribute
In the client connects, the information of only one client sends, and the customer name in all information only has One, multiple customer names are not included in the client connects.
(3) description of connection is serviced in cloud Information Exchange System:
In cloud Information Exchange System, a service connection can provide a variety of services, such as, inside a StoreFront, have POS, attendance checking system, monitoring system etc., in addition, for system reliability service, system is realized by active and standby two machines Run without interruption, so, a specific system in service connection the inside is accessed using service number+system service title+machine number System service, in systems, it is specified that default represents the default system service name of a service connection;
Such as:In an actual StoreFront, the service number for setting it is server1234567890, and check-out services are the clothes The default system service of business number, default system service names of the default as it can be set, the default name of machine number is 1, table Show First machine, so, service connection may be defined as:server1234567890:default:1
In cloud Information Exchange System, a connection, all Service names of the service number can be taken with a service number Claim and machine number is all communicated by the connection with cloud Information Exchange System;Can also a service number+system service name Claim to take a connection, all machines of the service number+system service title all by the connection come with cloud Information Exchange System Communicated;Can also service number+system service title+one connection of machine number occupancy.
So in specific implement, a small sub- cloud information can be provided at the physical location of a service number and handed over System is changed, all system services of the service number are connected to the sub- cloud Information Exchange System, are converged by the sub- cloud Information Exchange System Pass through a linkup transmit with cloud Information Exchange System to cloud Information Exchange System after collection.
So in a complicated service number, there are multiple system services, also there are more machines, then, in cloud information In exchange system, a service number has been possible to multiple connections and come up, and cloud Information Exchange System needs each connection to show oneself Attribute, so that cloud Information Exchange System can correctly will send information to destination, cloud Information Exchange System defines three kinds Connection attribute:
(1) service number attribute
The connection can be sent to by representing all information of the service number, and the connection can route information to the service Number all purposes.
(2) system service attribute
The connection can be sent to by representing all information of the system service of the service number, and the connection can be by information With being routed to all purposes of the system service of the service number.
(3) machine number attribute
The connection can be sent to by representing all information of the machine number of the system service of the service number, the connection The machine number of the system service of the service number can be routed information to.
4:, it is necessary to access between controlling service number in cloud Information Exchange System, the control by cloud Information Exchange System Lai Complete.In cloud Information Exchange System, different access control rules is can configure, such as:
(1) service number 1 arrives service number 2
Represent any system in all system services and all transmittable information to service number 2 of machine of the inside of service number 1 Service and machine.
(2) service number 1 arrives the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine Any machine.
(3) machine Q of the service number 1 to the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine Machine Q.
(4) the system service A of service number 1 is to service number 2
Represent any system service that the system service A of service number 1 all machines can be sent information in service number 2 And machine.
(5) system service Bs of the system service A of service number 1 to service number 2
Appointing for the system service B of service number 2 can be sent information to by representing the system service A of service number 1 all machines What machine.
(6) machine Qs of the system service A of service number 1 to the system service B of service number 2
The system service B of service number 2 machine can be sent information to by representing the system service A of service number 1 all machines Device Q.
(7) the system service A of service number 1 machine P is to service number 2
Represent the system service A of service number 1 any system services that can send information in service number 2 of machine P and Machine.
(8) system service Bs of the system service A of the service number 1 machine P to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 machine P Device.
(9) machine Qs of the system service A of the service number 1 machine P to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 machine P.
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
Under the access control rule, following relationship between superior and subordinate can be configured (assuming that service number 2 is the upper of service number 1 Level):
System service Bs of the system service A of (regular X) service number 1 to service number 2
(regular Y) service number 2 arrives service number 1
According to two configuration rules above, the interaction of information is can control, first, the system service A of service number 1 sends letter The system service B (regular X) of service number 2 is ceased, the purpose for sending the message is generally information request, and service number 2 receives information, And after handling, the system service A that information returns to service number 1 is sent, cloud Information Exchange System will can service according to regular Y Numbers 2 echo message is sent to the system service A of service number 1.
The exchange between information is just completed according to above rule X and regular Y.
Cloud Information Exchange System is only responsible for information packet switch or is routed to correct service end or client, does not handle letter Specifically serviced in breath bag.Service end or client are just responsible for the processing to specific affairs.
Information in cloud Information Exchange System is swapped in units of frame, in cloud Information Exchange System, includes two kinds Frame, one kind is control frame, and one kind is data frame;Control frame is used for control of the examination & verification and connection connected etc.;Data frame is used to connect Data exchange between connecing, each data frame must include purpose link address and source link address, be exchanged in cloud information System defines information exchange regulation, only meets the data frame of information exchange regulation and can just be forwarded.
In cloud Information Exchange System, each data frame must include purpose link address and source link address, such as Fruit address connects for service, then address uses the form of above-mentioned " service number+system service title+machine number ";If address Connected for client, then address uses the form of above-mentioned " customer name " (service identifiers+title).
In cloud Information Exchange System, the corresponding machine identification of each connection (service connection or client's connection) is (even The machine identification for the side of connecing), it is necessary to which machine identification is sent into cloud Information Exchange System after connection, the inspection of cloud Information Exchange System Look into by rear, the interaction of normal information can be just carried out in the connection;
In cloud Information Exchange System, to check the security of service end, each service number+system service title can be set The corresponding machine identification (machine identification (the unique code of machine) that the server of the service is provided) of+machine number, the machine identification Upon connection, it is necessary to be sent to cloud Information Exchange System, after cloud Information Exchange System inspection passes through, can just be carried out in the connection The interaction of normal information.
1:Under TCP/IP environment, connection may be selected to be TCP length connections, and some service ends are that possess consolidating on Internet Determine IP address, can configure some service number+system service title+machine number will can just connect in some specific IP address Tap into can so mask unnecessary connection.
2:Preferably to prevent network attack, the IP address range of service connection can be set, in cloud Information Exchange System In, system generally knows that service provider is to be in which region, such as Guangdong, Henan etc., and each region typically has IP address range, so not being the service connection in the range of particular ip address, directly close, can so reduce network attack. The option can determine whether to realize according to actual conditions.
In cloud Information Exchange System, corresponding to client, each client can only correspond to a machine identification, each After client is connected to cloud Information Exchange System, it is also necessary to which machine identification sends corresponding to, and systems inspection is by rear, Other information exchanges can be carried out.In addition, under TCP/IP environment, client connection may be selected to be TCP length connections, some visitors Family end is that have the fixed ip address on Internet, and can configure some client will just can be with some specific IP address Connection enters, and can so mask unnecessary connection.
, it is necessary to set the access control between client and service end in cloud Information Exchange System, there is following access Control:
(1) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter Cease all machines of all system services of service number 1
(2) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1 System service A
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter Cease the system service A of service number 1 all machines
(3) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1 System service A machine P
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter Cease the system service A of service number 1 machine P
(4) service number 1 arrives the customer name server01.aaa of the client or service identifiers server01 of client
The customer name of client can be sent information to by representing all machines of all system services of service number 1 Server01.aaa or client service identifiers server01
(5) the system service A of service number 1 to the customer name server01.aaa of client or the service identifiers of client server01
The customer name of client can be sent information to by representing the system service A of service number 1 all machines Server01.aaa or client service identifiers server01
(6) the customer name server01.aaa or client of the system service A of service number 1 machine P to client Service identifiers server01
The customer name of client can be sent information to by representing the system service A of service number 1 machine P Server01.aaa or client service identifiers server01
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
Under the access control rule, following ambit rule can be configured (assuming that client server01.aaa, service Number 1 system service A):
System service As of (rule P) the client server01.aaa to service number 1
(regular Q) service number 1 arrives client server01.aaa
Two configuration rules above, the interaction of information is can control, first, client server01.aaa is sent information to The system service A of service number 1 machine number 1, cloud Information Exchange System is according to rule P, by asking for client server01.aaa Ask information to be sent to the system service A of service number 1 machine number 1, after service end processing, send echo message to client Server01.aaa, cloud Information Exchange System can will forward information in client server01.aaa according to regular Q.
Exchanged so just completing the information between client and service number according to above rule P and regular Q.
Cloud Information Exchange System, it is characterised in that
Exchange and the routing rule of connection includes:
(1) in a service number, due to the difference of connection attribute, have it is multiple be connected to cloud Information Exchange System, In cloud Information Exchange System, according to immediate connection route information, searched according to the order of following connection attribute Route:
A:Machine number attribute
B:System service attribute
C:Service number attribute
The connection is will send information to once the connection for finding the attribute most matched.
When cloud Information Exchange System receives a message that be transmitted to the system service A machines H of service number 1,
a:First check for whetheing there is the connection of machine number attribute and for " the system service A machine H " of service number 1, if any then should Message is sent to the connection;
b:Such as the connection without the machine number attribute, then the connection of system service attribute is checked for, and be " service number 1 System service A ", if any the message then is sent into the connection;
c:Such as the connection without the system service attribute, then the connection of service number attribute, and the service number category are checked for Property is connected as " service number 1 ", if any the message then is sent into the connection;
d:If the connection of three attribute more than not all being consistent, the message can not be sent.
(2) in cloud Information Exchange System, the service connection of same attribute can only have one.Such as the clothes of service number 1 The connection of business attribute only has one, when the connection connection for the service number attribute for having a newest service number 1 comes up, Yun Xin Exchange system is ceased if it find that having there is the connection of the Service Properties of the service number 1 before, then the connection before closing, to protect The service for demonstrate,proving same attribute is connected in cloud Information Exchange System an only connection.
Likewise, the connection of system service attribute and machine number attribute also ensures only one connection.
So the system service A of service number 1 machine H is according to different service connection attributes, in cloud Information Exchange System In be up to three connection:
The service connection of the service number 1 of service number attribute;
The system service A of the service number 1 of system service attribute service connection
The system service A of the service number 1 of machine number attribute machine H service connection
(3) in cloud Information Exchange System, client's connection is similar with the processing mode of service connection, and according to different Connection attribute, message is sent according to the purpose customer name of message, such as:Cloud Information Exchange System receives a purpose client Entitled server12345678.aaa message, cloud Information Exchange System first look for the visitor either with or without single client terminal attribute Name in an account book is referred to as server12345678.aaa client's connection, if so, being then sent to client connection;
If it is not, search the client for being server12345678 either with or without the service identifiers of same service identifiers attribute Connection, if so, being then sent to client connection;
If not provided, cloud Information Exchange System can not then send out the message.
(4) in cloud Information Exchange System, client's connection of same attribute can only have one.For example customer name is Client's connection that the service identifiers of server12345678.aaa same service identifiers attribute are server12345678 can only There is one;If in cloud Information Exchange System, there is client connection before, then cloud Information Exchange System can be by before The connection closed.
So customer name be server12345678.aaa client be connected in cloud Information Exchange System at most just like Under two clients connection:
The client that the service identifiers of same service identifiers attribute are server12345678 connects
The client that the customer name of single client terminal attribute is server12345678.aaa connects.
Hardware, computing device can be directly used with reference to the method or algorithm that the embodiments described herein describes Software module, or the two combination are implemented.Software module can be placed in random access memory, internal memory, read-only storage, electricity can Well known in programming ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field In the storage medium of any other forms.
It is understood that for the person of ordinary skill of the art, it can be conceived with the technique according to the invention and done Go out other various corresponding changes and deformation, and all these changes and deformation should all belong to the protection model of the claims in the present invention Enclose.

Claims (9)

1. a kind of cloud Information Exchange System, it is characterised in that it includes:
Configure concatenate rule:Cloud Information Exchange System connected mode includes service connection and client's connection;
Configuration forwarding rule:Cloud Information Exchange System only forwards to information, does not handle specific information service;
Configuration audit rule:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection, which can just be sent information to, is Unite and connected by system forwards corresponding to;
Configuration information exchange rule:Information in cloud Information Exchange System is swapped in units of frame, and system is exchanged in cloud information In system, comprising two kinds of frames, one kind is control frame, and one kind is data frame;
Cryptographic means are used in the information exchanging process of cloud Information Exchange System;
And receiving party is authenticated.
2. cloud Information Exchange System as claimed in claim 1, it is characterised in that
The service connection connects for service provider;
Client's connection connects for terminal.
3. cloud Information Exchange System as claimed in claim 2, it is characterised in that
In client's connection, identified by customer name;Customer name includes two parts, and a part is service identifiers, and one Part is title.
4. cloud Information Exchange System as claimed in claim 3, it is characterised in that
Client's connection includes two following attribute:
Same service identifiers attribute
In the client connects, the service identifiers part of the customer name of all information is all identical;
Single client terminal attribute
In the client connects, the information of only one client sends, and the customer name in all information only has one, Multiple customer names are not included in the client connects.
5. cloud Information Exchange System as claimed in claim 4, it is characterised in that
The service connection accesses a specific system in service connection the inside using service number+system service title+machine number System service;
Cloud Information Exchange System defines three kinds of service connection attributes:
(1) service number attribute
The connection can be sent to by representing all information of the service number, and the connection can route information to the service number All purposes;
(2) system service attribute
The connection can be sent to by representing all information of the system service of the service number, and the connection can be by information router To all purposes of the system service of the service number;
(3) machine number attribute
The connection can be sent to by representing all information of the machine number of the system service of the service number, and the connection can be with Route information to the machine number of the system service of the service number;
Different access control rules is configured,
(1) service number 1 arrives service number 2
Represent any system service in all system services and all transmittable information to service number 2 of machine of the inside of service number 1 And machine;
(2) service number 1 arrives the system service B of service number 2
Represent that information all can be transmitted to any of the system service B of service number 2 in all system services of the inside of service number 1 and machine Machine;
(3) machine Q of the service number 1 to the system service B of service number 2
Represent that information all can be transmitted to the system service B of service number 2 machine in all system services of the inside of service number 1 and machine Q;
(4) the system service A of service number 1 is to service number 2
Represent any system service and machine that the system service A of service number 1 all machines can be sent information in service number 2 Device;
(5) system service Bs of the system service A of service number 1 to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 all machines Device;
(6) machine Qs of the system service A of service number 1 to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 all machines;
(7) the system service A of service number 1 machine P is to service number 2
Represent any system service and machine that the system service A of service number 1 machine P can be sent information in service number 2;
(8) system service Bs of the system service A of the service number 1 machine P to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 machine P;
(9) machine Qs of the system service A of the service number 1 machine P to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 machine P;
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
6. cloud Information Exchange System as claimed in claim 5, it is characterised in that
The configuration forwarding rule specifically includes:Information in cloud Information Exchange System is swapped in units of frame, therein The data exchange that data frame is used between connecting, each data frame must include purpose link address and source link address, If address connects for service, address uses the form of above-mentioned " service number+system service title+machine number ";If ground Location connects for client, then address uses the form that above-mentioned " customer name " is service identifiers+title.
7. cloud Information Exchange System as claimed in claim 6, it is characterised in that
Configuration audit rule includes:
In cloud Information Exchange System, each connection (service connection or client's connection) corresponds to a machine identification (connection side Machine identification), after connection, it is necessary to by machine identification be sent to cloud Information Exchange System come, cloud Information Exchange System inspection is led to Later, the interaction of normal information can be just carried out in the connection.
8. cloud Information Exchange System as claimed in claim 7, it is characterised in that
Configuration information exchange rule includes:
Access control between client and service end is set in cloud Information Exchange System, there is following access control:
(1) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can be sent information to All machines of all system services of service number 1
(2) systems of the customer name server01.aaa of the client or service identifiers server01 of client to service number 1 Service A
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can be sent information to The system service A of service number 1 all machines
(3) systems of the customer name server01.aaa of the client or service identifiers server01 of client to service number 1 Service A machine P
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can be sent information to The system service A of service number 1 machine P
(4) service number 1 arrives the customer name server01.aaa of the client or service identifiers server01 of client
The customer name of client can be sent information to by representing all machines of all system services of service number 1 Server01.aaa or client service identifiers server01
(5) the system service A of service number 1 to the customer name server01.aaa of client or the service identifiers of client server01
The customer name of client can be sent information to by representing the system service A of service number 1 all machines Server01.aaa or client service identifiers server01
(6) the system service A of service number 1 machine P to the customer name server01.aaa of client or the service of client Identify server01
Represent service number 1 system service A machine P can send information to client customer name server01.aaa or The service identifiers server01 of client
Cloud Information Exchange System is according to the information exchange regulation of system configuration, to complete the exchange of information.
9. cloud Information Exchange System as claimed in claim 8, it is characterised in that
The routing rule for exchanging and connecting:
(1) in a service number, due to the difference of connection attribute, there are multiple cloud Information Exchange System that are connected to next, in cloud In Information Exchange System, according to immediate connection route information, route is searched according to the order of following connection attribute:
A:Machine number attribute
B:System service attribute
C:Service number attribute
The connection for finding the attribute most matched just will send information to the connection;
When cloud Information Exchange System receives a message that be transmitted to the system service A machines H of service number 1,
a:First check for whetheing there is the connection of machine number attribute and be " the system service A machine H " of service number 1, if any then by the message It is sent to the connection;
b:Such as the connection without the machine number attribute, then the connection of system service attribute is checked for, and be the " system of service number 1 A " is serviced, if any the message then is sent into the connection;
c:Such as the connection without the system service attribute, then the connection of service number attribute is checked for, and the service number attribute connects It is connected in " service number 1 ", if any the message then is sent into the connection;
d:If the connection of three attribute more than not all being consistent, the message can not be sent;
(2) in cloud Information Exchange System, the service connection of same attribute can only have one;The service number attribute of service number 1 Connection there was only one;
Likewise, the connection of system service attribute and machine number attribute also only has a connection;
So the system service A of service number 1 machine H is according to different service connection attributes, in cloud Information Exchange System most There are three connections more:
The service connection of the service number 1 of service number attribute;
The system service A of the service number 1 of system service attribute service connection;
The system service A of the service number 1 of machine number attribute machine H service connection;
(3) in cloud Information Exchange System, client's connection according to different connection attributes, according to the purpose customer name of message come Send message;Cloud Information Exchange System receives the message that a purpose customer name is server12345678.aaa, cloud information Exchange system first looks for connecting for server12345678.aaa client either with or without the customer name of single client terminal attribute, If so, then it is sent to client connection;
Connect if it is not, searching the client for being server12345678 either with or without the service identifiers of same service identifiers attribute Connect, if so, being then sent to client connection;
If not provided, cloud Information Exchange System can not then send out the message;
(4) in cloud Information Exchange System, client's connection of same attribute can only have one;
So customer name be server12345678.aaa client be connected in cloud Information Exchange System be up to it is following Two client's connections:
The client that the service identifiers of same service identifiers attribute are server12345678 connects
The client that the customer name of single client terminal attribute is server12345678.aaa connects.
CN201710732467.9A 2017-08-24 2017-08-24 A kind of cloud Information Exchange System Pending CN107566355A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710732467.9A CN107566355A (en) 2017-08-24 2017-08-24 A kind of cloud Information Exchange System

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710732467.9A CN107566355A (en) 2017-08-24 2017-08-24 A kind of cloud Information Exchange System

Publications (1)

Publication Number Publication Date
CN107566355A true CN107566355A (en) 2018-01-09

Family

ID=60976797

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710732467.9A Pending CN107566355A (en) 2017-08-24 2017-08-24 A kind of cloud Information Exchange System

Country Status (1)

Country Link
CN (1) CN107566355A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI655550B (en) * 2018-03-20 2019-04-01 廣達電腦股份有限公司 Data forwarding system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763383A (en) * 2014-01-27 2014-04-30 西安雷迪维护系统设备有限公司 Integrated cloud storage system and storage method thereof
CN103973784A (en) * 2014-05-06 2014-08-06 浪潮电子信息产业股份有限公司 Method for effectively utilizing cloud storage server resources
CN106464742A (en) * 2015-05-12 2017-02-22 环球互连及数据中心公司 Programmable network platform for a cloud-based services exchange
CN107517249A (en) * 2017-08-14 2017-12-26 宁波甬凌新材料科技有限公司 A kind of cloud Information Exchange System

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763383A (en) * 2014-01-27 2014-04-30 西安雷迪维护系统设备有限公司 Integrated cloud storage system and storage method thereof
CN103973784A (en) * 2014-05-06 2014-08-06 浪潮电子信息产业股份有限公司 Method for effectively utilizing cloud storage server resources
CN106464742A (en) * 2015-05-12 2017-02-22 环球互连及数据中心公司 Programmable network platform for a cloud-based services exchange
CN107517249A (en) * 2017-08-14 2017-12-26 宁波甬凌新材料科技有限公司 A kind of cloud Information Exchange System

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI655550B (en) * 2018-03-20 2019-04-01 廣達電腦股份有限公司 Data forwarding system
US10931647B2 (en) 2018-03-20 2021-02-23 Quanta Computer Inc. Data forwarding system

Similar Documents

Publication Publication Date Title
CN108306887A (en) Internet of Things safety based on block chain protects system with data-privacy
CN100456739C (en) Remote access vpn mediation method and mediation device
CN108009825A (en) A kind of identity management system and method based on block chain technology
CN100469032C (en) Method and system for catching connection information of network auxiliary request part
KR101276092B1 (en) Method and system for communication between a secure information storage device and at least one third party, corresponding entity, device and third party
CN106302346A (en) The safety certifying method of API Calls, device, system
US20020156867A1 (en) Virtual private volume method and system
US8040883B2 (en) Probe insertion for one or more network address translated addresses
CN103716213B (en) The method run in fixed access network and in a user device
ES2875963T3 (en) Method and system related to user authentication to access data networks
CN108154439A (en) Asset data processing unit and method
CN108496380A (en) server, mobile terminal and program
CN104662839B (en) The link identification in multiple domains
CN108683645A (en) A kind of information-distribution type domain name and data transacting system based on block chain
WO2010123385A1 (en) Identifying and tracking users in network communications
CN103812836A (en) System and method for website to send user reserved information
CN108022100A (en) A kind of cross-certification system and method based on block chain technology
CN110225049A (en) Data transmission method, client and server
CN108900484A (en) A kind of generation method and device of access authority information
CN110177015A (en) A kind of method and device of management terminal access network
CN109302397A (en) A kind of network safety managing method, platform and computer readable storage medium
CN106060097A (en) Management system and management method for information security competition
CN106027356A (en) Tunnel identifier conversion method and device
CN107517249A (en) A kind of cloud Information Exchange System
CN100433750C (en) Network access control method based onuser's account number

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180109