CN107566355A - A kind of cloud Information Exchange System - Google Patents
A kind of cloud Information Exchange System Download PDFInfo
- Publication number
- CN107566355A CN107566355A CN201710732467.9A CN201710732467A CN107566355A CN 107566355 A CN107566355 A CN 107566355A CN 201710732467 A CN201710732467 A CN 201710732467A CN 107566355 A CN107566355 A CN 107566355A
- Authority
- CN
- China
- Prior art keywords
- service
- connection
- client
- machine
- information exchange
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
A kind of cloud Information Exchange System, it includes:Configure concatenate rule:Cloud Information Exchange System connected mode includes service connection and client's connection;Configuration forwarding rule:Cloud Information Exchange System only forwards to information, does not handle specific information service;Configuration audit rule:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection can just send information to system and be connected by system forwards corresponding to;Configuration information exchange rule:Information in cloud Information Exchange System is swapped in units of frame, and in cloud Information Exchange System, comprising two kinds of frames, one kind is control frame, and one kind is data frame;Cryptographic means are used in the information exchanging process of cloud Information Exchange System;And receiving party is authenticated.
Description
Technical field
The present invention relates to cloud areas of information technology, more particularly to a kind of cloud Information Exchange System.
Background technology
Following defect be present in existing information service:1:Information service contains goods entry, stock and sales service, POS system service, ERP
Service, Customer Relation Management etc..2:Each little Wei enterprises to provide information service just need to provide on the internet server,
One fixed IP address, the PC that could be supplied in enterprise, mobile phone, flat board access.Each little Wei enterprises will carry on the internet
For information service, it is also desirable to which there are a fixed IP address in each little Wei enterprises, and the IPV4 addresses on internet have currently been drawn
Divide and finish, a fixed IP address can not be provided to each little Wei enterprises.3:Most of little Wei enterprises are accessed using ADSL
Internet, interconnection is accessed in the dynamic IP that the server of enterprises lan offer information service provides also by ADSL connections
Net, so the mobile phone or flat board in enterprise external (for example accessing internet by mobile network) are can not to have access to enterprises
Server.4:The budget that the technical forces of little Wei enterprises is weaker, information service is supported is low, lays one on the internet
The individual server for having fixed ip address can be easier to be attacked, the problem of bringing security.
It is as shown in figure 1, increasing with mobile devices such as mobile phone and flat boards, the problem of present situation:A:It there is currently quantity
Numerous medium and small micro- enterprises, the IP address on internet are limited, it is impossible to distribute a fixation for each medium and small micro- enterprise
IP address.B:Pass through the mobile phone or flat board of internet in mobile network's connection, it is impossible to have access to intra-company's LAN
Server A or server B.C:Little Wei enterprises are lacked qualified technical personnel, and a fixed IP is safeguarded without special technical force
The safety of the server of address, easily triggered safety by network attack so as to cause information service unavailable or data is stolen
Problem.
The content of the invention
In view of this, the present invention proposes a kind of cloud Information Exchange System, and it includes:
Configure concatenate rule:Cloud Information Exchange System connected mode includes service connection and client's connection;
Configuration forwarding rule:Cloud Information Exchange System only forwards to information, does not handle specific information service;
Configuration audit rule:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection could send information
Connected to system and by system forwards corresponding to;
Configuration information exchange rule:Information in cloud Information Exchange System is swapped in units of frame, is handed in cloud information
Change in system, comprising two kinds of frames, one kind is control frame, and one kind is data frame;
Cryptographic means are used in the information exchanging process of cloud Information Exchange System;
And receiving party is authenticated.
In cloud Information Exchange System of the present invention,
The service connection connects for service provider, and service provider includes POS, card system, integration system
System;
Client's connection connects for terminal, and terminal includes mobile phone, flat board, PC.
In cloud Information Exchange System of the present invention,
In client's connection, identified by customer name;Customer name includes two parts, and a part is service mark
Know, a part is title, and service identifiers of the cloud Information Exchange System in customer name count how many some services
Individual user.
In cloud Information Exchange System of the present invention,
Client's connection includes two following attribute:
Same service identifiers attribute
In the client connects, the service identifiers part in the customer name of all information is all identical;
Single client terminal attribute
In the client connects, the information of only one client sends, and the customer name in all information only has
One, multiple customer names are not included in the client connects.
In cloud Information Exchange System of the present invention,
It is specific that the service connection accesses a service connection the inside using service number+system service title+machine number
System service;
Cloud Information Exchange System defines three kinds of service connection attributes:
(1) service number attribute
The connection can be sent to by representing all information of the service number, and the connection can route information to the service
Number all purposes;
(2) system service attribute
The connection can be sent to by representing all information of the system service of the service number, and the connection can be by information
With being routed to all purposes of the system service of the service number;
(3) machine number attribute
The connection can be sent to by representing all information of the machine number of the system service of the service number, the connection
The machine number of the system service of the service number can be routed information to;
Different access control rules is configured,
(1) service number 1 arrives service number 2
Represent any system in all system services and all transmittable information to service number 2 of machine of the inside of service number 1
Service and machine;
(2) service number 1 arrives the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine
Any machine;
(3) machine Q of the service number 1 to the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine
Machine Q;
(4) the system service A of service number 1 is to service number 2
Represent any system service that the system service A of service number 1 all machines can be sent information in service number 2
And machine;
(5) system service Bs of the system service A of service number 1 to service number 2
Appointing for the system service B of service number 2 can be sent information to by representing the system service A of service number 1 all machines
What machine;
(6) machine Qs of the system service A of service number 1 to the system service B of service number 2
The system service B of service number 2 machine can be sent information to by representing the system service A of service number 1 all machines
Device Q;
(7) the system service A of service number 1 machine P is to service number 2
Represent the system service A of service number 1 any system services that can send information in service number 2 of machine P and
Machine;
(8) system service Bs of the system service A of the service number 1 machine P to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 machine P
Device;
(9) machine Qs of the system service A of the service number 1 machine P to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 machine P;
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
Under the access control rule, following relationship between superior and subordinate is configured, it is assumed that service number 2 is the higher level of service number 1:
Regular X:System service Bs of the system service A of service number 1 to service number 2;
Regular Y:Service number 2 arrives service number 1;
According to two configuration rules above, the interaction of control information, first, the system service A of service number 1 send information
To the system service B of service number 2, the purpose for sending the message is generally information request, and service number 2 receives information, and after processing,
The system service A that information returns to service number 1 is sent, cloud Information Exchange System can be by the response of service number 2 according to regular Y
Information is sent to the system service A of service number 1;Exchange between information is completed according to above rule X and regular Y.
In cloud Information Exchange System of the present invention,
The configuration forwarding rule specifically includes:Information in cloud Information Exchange System is swapped in units of frame,
In cloud Information Exchange System, comprising two kinds of frames, one kind is control frame, and one kind is data frame;Control frame be used for connect examination & verification and
Control of connection etc.;Data frame be used for connect between data exchange, each data frame must include purpose link address and
Source link address, information exchange regulation is defined in cloud Information Exchange System, only meets the data frame of information exchange regulation
It can just be forwarded.
In cloud Information Exchange System, each data frame must include purpose link address and source link address, such as
Fruit address connects for service, then address uses the form of above-mentioned " service number+system service title+machine number ";If address
Connected for client, then address uses the form that above-mentioned " customer name " is service identifiers+title.
In cloud Information Exchange System of the present invention,
Configuration audit rule includes:
In cloud Information Exchange System, the corresponding machine identification of each connection (service connection or client's connection) is (even
The machine identification for the side of connecing), it is necessary to which machine identification is sent into cloud Information Exchange System after connection, the inspection of cloud Information Exchange System
Look into by rear, the interaction of normal information can be just carried out in the connection;
The corresponding machine identification of each service number+system service title+machine number is set (to provide the server of the service
Machine identification), the machine identification upon connection, it is necessary to be sent to cloud Information Exchange System come, cloud Information Exchange System inspection is led to
Later, the interaction of normal information can be just carried out in the connection;
1:Under TCP/IP environment, connection selection is TCP length connections, and some service ends are that possess the fixation on Internet
IP address, configure some service number+system service title+machine number will some specific IP address can just connect into
Enter;
2:To prevent network attack, the IP address range of setting service connection, in cloud Information Exchange System, it is determined that service
Provider is to be in which region, and there is individual IP address range in each region, so for not being in the range of particular ip address
Service connection, directly closed;
Corresponding to client, each client can only correspond to a machine identification, and each client is connected to cloud information
After exchange system, it is also necessary to which machine identification sends corresponding to, and systems inspection can just carry out other information by rear
Exchange;Under TCP/IP environment, client connection selection is TCP length connections, and some clients are that have the fixation on Internet
IP address, entrance will can just be connected in some specific IP address by configuring some client.
In cloud Information Exchange System of the present invention,
Configuration information exchange rule includes:
Access control between client and service end is set in cloud Information Exchange System, there is following access control:
(1) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter
Cease all machines of all system services of service number 1
(2) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
System service A
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter
Cease the system service A of service number 1 all machines
(3) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
System service A machine P
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter
Cease the system service A of service number 1 machine P
(4) service number 1 arrives the customer name server01.aaa of the client or service identifiers server01 of client
The customer name of client can be sent information to by representing all machines of all system services of service number 1
Server01.aaa or client service identifiers server01
(5) the system service A of service number 1 to the customer name server01.aaa of client or the service identifiers of client
server01
The customer name of client can be sent information to by representing the system service A of service number 1 all machines
Server01.aaa or client service identifiers server01
(6) the customer name server01.aaa or client of the system service A of service number 1 machine P to client
Service identifiers server01
The customer name of client can be sent information to by representing the system service A of service number 1 machine P
Server01.aaa or client service identifiers server01
Cloud Information Exchange System is according to the information exchange regulation of system configuration, to complete the exchange of information.
Under the access control rule, following access rule is configured, it is assumed that client server01.aaa, service number 1
System service A:
Rule P:System service As of the client server01.aaa to service number 1
Regular Q:Service number 1 arrives client server01.aaa
According to two configuration rules above, the interaction of information is can control, first, client server01.aaa sends letter
The system service A of service number 1 machine number 1 is ceased, cloud Information Exchange System is according to rule P, by client server01.aaa
Solicited message be sent to service number 1 system service A machine number 1, service end processing after, send echo message to client
Server01.aaa, cloud Information Exchange System can will forward information in client server01.aaa according to regular Q;
The information between client and service number is completed according to above rule P and regular Q to exchange;
Cloud Information Exchange System of the present invention, it is characterised in that
Exchange and the routing rule of connection includes:
(1) in a service number, due to the difference of connection attribute, have it is multiple be connected to cloud Information Exchange System,
In cloud Information Exchange System, according to immediate connection route information, searched according to the order of following connection attribute
Route:
A:Machine number attribute
B:System service attribute
C:Service number attribute
The connection for finding the attribute most matched just will send information to the connection;
When cloud Information Exchange System receives a message that be transmitted to the system service A machines H of service number 1,
a:First check for whetheing there is the connection of machine number attribute and for " the system service A machine H " of service number 1, if any then should
Message is sent to the connection;
b:Such as the connection without the machine number attribute, then the connection of system service attribute is checked for, and be " service number 1
System service A ", if any the message then is sent into the connection;
c:Such as the connection without the system service attribute, then the connection of service number attribute, and the service number category are checked for
Property is connected as " service number 1 ", if any the message then is sent into the connection;
d:If the connection of three attribute more than not all being consistent, the message can not be sent;
(2) in cloud Information Exchange System, the service connection of same attribute can only have one;The service number of service number 1
The connection of attribute only has one, and when the connection connection for the service number attribute for having a newest service number 1 comes up, cloud information is handed over
System is changed if it find that having there is the connection of the Service Properties of the service number 1 before, then the connection before closing is same to ensure
The service of one attribute, which is connected in cloud Information Exchange System, only has a connection;
Likewise, the connection of system service attribute and machine number attribute also ensures only one connection;
So the system service A of service number 1 machine H is according to different service connection attributes, in cloud Information Exchange System
In be up to three connection:
The service connection of the service number 1 of service number attribute;
The system service A of the service number 1 of system service attribute service connection;
The system service A of the service number 1 of machine number attribute machine H service connection;
(3) in cloud Information Exchange System, client's connection is similar with the processing mode of service connection, according to different connections
Attribute, message is sent according to the purpose customer name of message;Cloud Information Exchange System receives a purpose customer name
Server12345678.aaa message, cloud Information Exchange System first look for the customer name either with or without single client terminal attribute
Connected for server12345678.aaa client, if so, being then sent to client connection;
If it is not, search the client for being server12345678 either with or without the service identifiers of same service identifiers attribute
Connection, if so, being then sent to client connection;
If not provided, cloud Information Exchange System can not then send out the message;
(4) in cloud Information Exchange System, client's connection of same attribute can only have one.For example customer name is
Client's connection that the service identifiers of server12345678.aaa same service identifiers attribute are server12345678 can only
There is one;If in cloud Information Exchange System, there is client connection before, then cloud Information Exchange System can be by before
The connection closed.
So customer name be server12345678.aaa client be connected in cloud Information Exchange System at most just like
Under two clients connection:
The client that the service identifiers of same service identifiers attribute are server12345678 connects
The client that the customer name of single client terminal attribute is server12345678.aaa connects.
Cloud Information Exchange System provided by the invention, relative to prior art, it can realize:
1:Cloud Information Exchange System, which is laid, on the internet, fixed IP address, can be accessed for multiple enterprises.(solution
Certainly each little Wei enterprises are required for a fixed IP address)
2:Comprising two kinds of connections in cloud Information Exchange System, to service connection, one kind connects one kind for client.
Service connection in cloud Information Exchange System connects for service provider, service provider such as POS,
Card system, integrating system etc..
Client's connection in cloud Information Exchange System connects for terminal, such as mobile phone, flat board, PC etc..
(the little Wei enterprises for solving the problems, such as only dynamic IP can not provide information service)
Service connection or client's connection are not limited solely to IP connections, also can be by non-IP links (such as optical fiber high-speed link) even
Tap into cloud Information Exchange System.
3:Cloud Information Exchange System only forwards to information, does not handle specific information service.
4:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection can just send information to system and by being
System is forwarded to corresponding connection.
When the connection of cloud Information Exchange System, connected comprising service connection with client, after connection comes up, it is necessary to by examining
It could start to send data after core, the means of examination & verification include:
(1) key of both sides' agreement whether is used during encrypted transmission
(2) whether connection has IP address limits or territorial scope limits etc.
(3) whether the machine-recognition code of connection has whether the machine-recognition code of binding or the connection can connect to the friendship of cloud information
Change system.
(solve unauthorized access and reduce the possibility of network attack)
In addition, in safety, service connection connects the authenticity that can select to verify cloud Information Exchange System with client, than
Such as, the authenticity of cloud Information Exchange System is verified by rivest, shamir, adelman, to avoid the cloud information for being connected to falseness from handing over
Change in system.
5:Information in cloud Information Exchange System is swapped in units of frame, in cloud Information Exchange System, includes two
Kind frame, one kind is control frame, and one kind is data frame;Control frame is used for control of the examination & verification and connection connected etc.;Data frame is used for
Data exchange between connection, each data frame must include purpose link address and source link address, be handed in cloud information
The system of changing defines information exchange regulation, only meets the data frame of information exchange regulation and can just be forwarded.
Brief description of the drawings
Fig. 1 is network connection schematic diagram in the prior art;
Fig. 2 is the cloud Information Exchange System network connection schematic diagram of the embodiment of the present invention.
Embodiment
It is as shown in figure 1, increasing with mobile devices such as mobile phone and flat boards, the problem of present situation:
A:It there is currently large number of medium and small micro- enterprise, the IP address on internet is limited, it is impossible in each
Little Wei enterprises all distribute a fixed IP address.
B:Pass through the mobile phone or flat board of internet in mobile network's connection, it is impossible to have access to the clothes of intra-company's LAN
Business device A or server B.
C:Little Wei enterprises are lacked qualified technical personnel, and the service of a fixed ip address is safeguarded without special technical force
The safety of device, easily triggered safety problem by network attack so as to cause information service unavailable or data is stolen.
As shown in Fig. 2 cloud Information Exchange System is a network, by multiple servers and other corollary equipments (as exchanged
Machine, router, fiber link etc.) form, in order to simplify the network diagram of cloud Information Exchange System, in fig. 2, by cloud information
Exchange system is reduced to a cloud information exchange server.
Example 1:The cloud information that server A in company A LAN (LAN) is connected to by ADSL on Internet exchanges clothes
Business device, the connection are also connected to the cloud information on Internet by mobile network as connection, mobile phone 10 or flat board 11 is serviced
Swap server, the connection connect as client, and so, mobile phone 10 or the can of flat board 11 pass through the cloud information on Internet
Swap server obtains the information service of the server A in company A LAN (LAN).Meanwhile the PCA1 and PCA2 of company A
The cloud information exchange server that can also be connected to by ADSL on Internet, the connection connect as client, and so, A is public
The PCA1 and PCA2 of department can also be obtained in company A LAN (LAN) by the cloud information exchange server on Internet
The information service of server A, advantage of this is that, can be in company A LAN (LAN) by server A and PC (PCA1
And PCA2) do and isolate, after avoiding PC from being infected, server A is also infected.
Example 2:Assuming that the server 1 (fixed ip address) in figure two belongs to B companies, the service in B corporate lans (LAN)
Device B falls within B companies, and server 1 and server B are required for providing information service, then, server B and server 1 connect respectively
Cloud information exchange server on to Internet, these connections are as service connection;PCB1, PCB2, mobile phone B 1, flat board B2
The cloud information exchange server being connected to by ADSL on Internet, these connections connect as client,
In addition, it is assumed that mobile phone 10, flat board 11 belong to B companies, mobile phone 10, flat board 11 are also connected to by mobile network
Cloud information exchange server on Internet, these connections also serve as client's connection;So, PCB1, PCB2, mobile phone B 1, flat
Plate B2, mobile phone 10, flat board 11 these terminal devices can have access to server 1 and server by cloud information exchange server
The information service that B is provided.
Example 3:Assuming that server Y belongs to B companies, server Y is connected to cloud by non-IP connections (high-speed link such as optical fiber)
On swap server, connected as service;PCB1, PCB2, mobile phone B 1, flat board B2 are connected to the cloud on Internet by ADSL
Information exchange server, these connections connect as client, in addition, it is assumed that mobile phone 10, flat board 11 belong to B companies, mobile phone 10,
Flat board 11 is also connected to the cloud information exchange server on Internet by mobile network, and these connections also serve as client company
Connect;So, PCB1, PCB2, mobile phone B 1, flat board B2, mobile phone 10, flat board 11 these terminal devices can be exchanged by cloud information
The information service that server access provides to server Y.
So being connected for service connection or client, not limiting must be attached by TCP/IP.
Example 4:Assuming that server M belongs to B companies, server M is connected to cloud information by mobile base station and Internet and handed over
Change on server, connected as service;The cloud that PCB1, PCB2, mobile phone B 1, flat board B2 are connected to by ADSL on Internet is believed
Swap server is ceased, these connections connect as client, in addition, it is assumed that mobile phone 10, flat board 11 belong to B companies, mobile phone 10, put down
Plate 11 is also connected to the cloud information exchange server on Internet by mobile network, and these connections also serve as client's connection;
So, PCB1, PCB2, mobile phone B 1, flat board B2, mobile phone 10, flat board 11 these terminal devices can pass through cloud information and exchange clothes
Business device has access to the information service of server M offers.
Because server M is to be connected to by mobile base station on Internet, so server M acquisitions is also one
Dynamic IP, it is not a fixed IP on Internet, according to existing method, PCB1, PCB2, mobile phone B 1, flat board B2, mobile phone
10, these terminals of flat board 11 are impossible to have access to the information service of server M offers, and pass through cloud information Exchange Service
Device, the information service that server M is provided are changed into addressable.
Four:System survey
Comprising two kinds of connections in cloud Information Exchange System, to service connection, one kind connects one kind for client.
Service connection in cloud Information Exchange System connects for service provider, service provider such as POS,
Card system, integrating system etc..
Client's connection in cloud Information Exchange System connects for terminal, such as mobile phone, flat board, PC etc..
(2) in cloud Information Exchange System, connect corresponding to client, identified with customer name;
Customer name is made up of two parts, and a part is service identifiers, and a part is title, such as:
SERVER012345678.aaa customer name represents that service identifiers are SERVER012345678, entitled aaa
Cloud Information Exchange System can count how many use some services according to the service identifiers in customer name
Family.
1:In actual environment, the paving POS of multiple solid shop/brick and mortar store all can be connected to cloud information as service provider
Exchange system,
Because each solid shop/brick and mortar store is independent main body, ownership is independent, so, it is desirable to cloud Information Exchange System needs
Control the access profile of client, it is impossible to be the mobile phone P1 (mobile phone is as client) in A shops, go to access the service end in B shops;
Service identifiers can be understood as the title of a group or an enterprise, such as a solid shop/brick and mortar store, there is more clients
End, the service identifiers in client name, so that it may find out the client belongs to which enterprise or some group.
2:In client connects, a linkup transmit information can be shared with multiple client and gives cloud Information Exchange System,
Cloud Information Exchange System can be given using a linkup transmit information with a client, so regulation client is connected with following two
Attribute:
(1) same service identifiers attribute
In the client connects, the service identifiers part of the customer name of all information is all identical.
(2) single client terminal attribute
In the client connects, the information of only one client sends, and the customer name in all information only has
One, multiple customer names are not included in the client connects.
(3) description of connection is serviced in cloud Information Exchange System:
In cloud Information Exchange System, a service connection can provide a variety of services, such as, inside a StoreFront, have
POS, attendance checking system, monitoring system etc., in addition, for system reliability service, system is realized by active and standby two machines
Run without interruption, so, a specific system in service connection the inside is accessed using service number+system service title+machine number
System service, in systems, it is specified that default represents the default system service name of a service connection;
Such as:In an actual StoreFront, the service number for setting it is server1234567890, and check-out services are the clothes
The default system service of business number, default system service names of the default as it can be set, the default name of machine number is 1, table
Show First machine, so, service connection may be defined as:server1234567890:default:1
In cloud Information Exchange System, a connection, all Service names of the service number can be taken with a service number
Claim and machine number is all communicated by the connection with cloud Information Exchange System;Can also a service number+system service name
Claim to take a connection, all machines of the service number+system service title all by the connection come with cloud Information Exchange System
Communicated;Can also service number+system service title+one connection of machine number occupancy.
So in specific implement, a small sub- cloud information can be provided at the physical location of a service number and handed over
System is changed, all system services of the service number are connected to the sub- cloud Information Exchange System, are converged by the sub- cloud Information Exchange System
Pass through a linkup transmit with cloud Information Exchange System to cloud Information Exchange System after collection.
So in a complicated service number, there are multiple system services, also there are more machines, then, in cloud information
In exchange system, a service number has been possible to multiple connections and come up, and cloud Information Exchange System needs each connection to show oneself
Attribute, so that cloud Information Exchange System can correctly will send information to destination, cloud Information Exchange System defines three kinds
Connection attribute:
(1) service number attribute
The connection can be sent to by representing all information of the service number, and the connection can route information to the service
Number all purposes.
(2) system service attribute
The connection can be sent to by representing all information of the system service of the service number, and the connection can be by information
With being routed to all purposes of the system service of the service number.
(3) machine number attribute
The connection can be sent to by representing all information of the machine number of the system service of the service number, the connection
The machine number of the system service of the service number can be routed information to.
4:, it is necessary to access between controlling service number in cloud Information Exchange System, the control by cloud Information Exchange System Lai
Complete.In cloud Information Exchange System, different access control rules is can configure, such as:
(1) service number 1 arrives service number 2
Represent any system in all system services and all transmittable information to service number 2 of machine of the inside of service number 1
Service and machine.
(2) service number 1 arrives the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine
Any machine.
(3) machine Q of the service number 1 to the system service B of service number 2
Represent that information all can be transmitted to the system service B's of service number 2 in all system services of the inside of service number 1 and machine
Machine Q.
(4) the system service A of service number 1 is to service number 2
Represent any system service that the system service A of service number 1 all machines can be sent information in service number 2
And machine.
(5) system service Bs of the system service A of service number 1 to service number 2
Appointing for the system service B of service number 2 can be sent information to by representing the system service A of service number 1 all machines
What machine.
(6) machine Qs of the system service A of service number 1 to the system service B of service number 2
The system service B of service number 2 machine can be sent information to by representing the system service A of service number 1 all machines
Device Q.
(7) the system service A of service number 1 machine P is to service number 2
Represent the system service A of service number 1 any system services that can send information in service number 2 of machine P and
Machine.
(8) system service Bs of the system service A of the service number 1 machine P to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 machine P
Device.
(9) machine Qs of the system service A of the service number 1 machine P to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 machine P.
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
Under the access control rule, following relationship between superior and subordinate can be configured (assuming that service number 2 is the upper of service number 1
Level):
System service Bs of the system service A of (regular X) service number 1 to service number 2
(regular Y) service number 2 arrives service number 1
According to two configuration rules above, the interaction of information is can control, first, the system service A of service number 1 sends letter
The system service B (regular X) of service number 2 is ceased, the purpose for sending the message is generally information request, and service number 2 receives information,
And after handling, the system service A that information returns to service number 1 is sent, cloud Information Exchange System will can service according to regular Y
Numbers 2 echo message is sent to the system service A of service number 1.
The exchange between information is just completed according to above rule X and regular Y.
Cloud Information Exchange System is only responsible for information packet switch or is routed to correct service end or client, does not handle letter
Specifically serviced in breath bag.Service end or client are just responsible for the processing to specific affairs.
Information in cloud Information Exchange System is swapped in units of frame, in cloud Information Exchange System, includes two kinds
Frame, one kind is control frame, and one kind is data frame;Control frame is used for control of the examination & verification and connection connected etc.;Data frame is used to connect
Data exchange between connecing, each data frame must include purpose link address and source link address, be exchanged in cloud information
System defines information exchange regulation, only meets the data frame of information exchange regulation and can just be forwarded.
In cloud Information Exchange System, each data frame must include purpose link address and source link address, such as
Fruit address connects for service, then address uses the form of above-mentioned " service number+system service title+machine number ";If address
Connected for client, then address uses the form of above-mentioned " customer name " (service identifiers+title).
In cloud Information Exchange System, the corresponding machine identification of each connection (service connection or client's connection) is (even
The machine identification for the side of connecing), it is necessary to which machine identification is sent into cloud Information Exchange System after connection, the inspection of cloud Information Exchange System
Look into by rear, the interaction of normal information can be just carried out in the connection;
In cloud Information Exchange System, to check the security of service end, each service number+system service title can be set
The corresponding machine identification (machine identification (the unique code of machine) that the server of the service is provided) of+machine number, the machine identification
Upon connection, it is necessary to be sent to cloud Information Exchange System, after cloud Information Exchange System inspection passes through, can just be carried out in the connection
The interaction of normal information.
1:Under TCP/IP environment, connection may be selected to be TCP length connections, and some service ends are that possess consolidating on Internet
Determine IP address, can configure some service number+system service title+machine number will can just connect in some specific IP address
Tap into can so mask unnecessary connection.
2:Preferably to prevent network attack, the IP address range of service connection can be set, in cloud Information Exchange System
In, system generally knows that service provider is to be in which region, such as Guangdong, Henan etc., and each region typically has
IP address range, so not being the service connection in the range of particular ip address, directly close, can so reduce network attack.
The option can determine whether to realize according to actual conditions.
In cloud Information Exchange System, corresponding to client, each client can only correspond to a machine identification, each
After client is connected to cloud Information Exchange System, it is also necessary to which machine identification sends corresponding to, and systems inspection is by rear,
Other information exchanges can be carried out.In addition, under TCP/IP environment, client connection may be selected to be TCP length connections, some visitors
Family end is that have the fixed ip address on Internet, and can configure some client will just can be with some specific IP address
Connection enters, and can so mask unnecessary connection.
, it is necessary to set the access control between client and service end in cloud Information Exchange System, there is following access
Control:
(1) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter
Cease all machines of all system services of service number 1
(2) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
System service A
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter
Cease the system service A of service number 1 all machines
(3) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
System service A machine P
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can send letter
Cease the system service A of service number 1 machine P
(4) service number 1 arrives the customer name server01.aaa of the client or service identifiers server01 of client
The customer name of client can be sent information to by representing all machines of all system services of service number 1
Server01.aaa or client service identifiers server01
(5) the system service A of service number 1 to the customer name server01.aaa of client or the service identifiers of client
server01
The customer name of client can be sent information to by representing the system service A of service number 1 all machines
Server01.aaa or client service identifiers server01
(6) the customer name server01.aaa or client of the system service A of service number 1 machine P to client
Service identifiers server01
The customer name of client can be sent information to by representing the system service A of service number 1 machine P
Server01.aaa or client service identifiers server01
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
Under the access control rule, following ambit rule can be configured (assuming that client server01.aaa, service
Number 1 system service A):
System service As of (rule P) the client server01.aaa to service number 1
(regular Q) service number 1 arrives client server01.aaa
Two configuration rules above, the interaction of information is can control, first, client server01.aaa is sent information to
The system service A of service number 1 machine number 1, cloud Information Exchange System is according to rule P, by asking for client server01.aaa
Ask information to be sent to the system service A of service number 1 machine number 1, after service end processing, send echo message to client
Server01.aaa, cloud Information Exchange System can will forward information in client server01.aaa according to regular Q.
Exchanged so just completing the information between client and service number according to above rule P and regular Q.
Cloud Information Exchange System, it is characterised in that
Exchange and the routing rule of connection includes:
(1) in a service number, due to the difference of connection attribute, have it is multiple be connected to cloud Information Exchange System,
In cloud Information Exchange System, according to immediate connection route information, searched according to the order of following connection attribute
Route:
A:Machine number attribute
B:System service attribute
C:Service number attribute
The connection is will send information to once the connection for finding the attribute most matched.
When cloud Information Exchange System receives a message that be transmitted to the system service A machines H of service number 1,
a:First check for whetheing there is the connection of machine number attribute and for " the system service A machine H " of service number 1, if any then should
Message is sent to the connection;
b:Such as the connection without the machine number attribute, then the connection of system service attribute is checked for, and be " service number 1
System service A ", if any the message then is sent into the connection;
c:Such as the connection without the system service attribute, then the connection of service number attribute, and the service number category are checked for
Property is connected as " service number 1 ", if any the message then is sent into the connection;
d:If the connection of three attribute more than not all being consistent, the message can not be sent.
(2) in cloud Information Exchange System, the service connection of same attribute can only have one.Such as the clothes of service number 1
The connection of business attribute only has one, when the connection connection for the service number attribute for having a newest service number 1 comes up, Yun Xin
Exchange system is ceased if it find that having there is the connection of the Service Properties of the service number 1 before, then the connection before closing, to protect
The service for demonstrate,proving same attribute is connected in cloud Information Exchange System an only connection.
Likewise, the connection of system service attribute and machine number attribute also ensures only one connection.
So the system service A of service number 1 machine H is according to different service connection attributes, in cloud Information Exchange System
In be up to three connection:
The service connection of the service number 1 of service number attribute;
The system service A of the service number 1 of system service attribute service connection
The system service A of the service number 1 of machine number attribute machine H service connection
(3) in cloud Information Exchange System, client's connection is similar with the processing mode of service connection, and according to different
Connection attribute, message is sent according to the purpose customer name of message, such as:Cloud Information Exchange System receives a purpose client
Entitled server12345678.aaa message, cloud Information Exchange System first look for the visitor either with or without single client terminal attribute
Name in an account book is referred to as server12345678.aaa client's connection, if so, being then sent to client connection;
If it is not, search the client for being server12345678 either with or without the service identifiers of same service identifiers attribute
Connection, if so, being then sent to client connection;
If not provided, cloud Information Exchange System can not then send out the message.
(4) in cloud Information Exchange System, client's connection of same attribute can only have one.For example customer name is
Client's connection that the service identifiers of server12345678.aaa same service identifiers attribute are server12345678 can only
There is one;If in cloud Information Exchange System, there is client connection before, then cloud Information Exchange System can be by before
The connection closed.
So customer name be server12345678.aaa client be connected in cloud Information Exchange System at most just like
Under two clients connection:
The client that the service identifiers of same service identifiers attribute are server12345678 connects
The client that the customer name of single client terminal attribute is server12345678.aaa connects.
Hardware, computing device can be directly used with reference to the method or algorithm that the embodiments described herein describes
Software module, or the two combination are implemented.Software module can be placed in random access memory, internal memory, read-only storage, electricity can
Well known in programming ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In the storage medium of any other forms.
It is understood that for the person of ordinary skill of the art, it can be conceived with the technique according to the invention and done
Go out other various corresponding changes and deformation, and all these changes and deformation should all belong to the protection model of the claims in the present invention
Enclose.
Claims (9)
1. a kind of cloud Information Exchange System, it is characterised in that it includes:
Configure concatenate rule:Cloud Information Exchange System connected mode includes service connection and client's connection;
Configuration forwarding rule:Cloud Information Exchange System only forwards to information, does not handle specific information service;
Configuration audit rule:After the connection of cloud Information Exchange System has only passed through examination & verification, the connection, which can just be sent information to, is
Unite and connected by system forwards corresponding to;
Configuration information exchange rule:Information in cloud Information Exchange System is swapped in units of frame, and system is exchanged in cloud information
In system, comprising two kinds of frames, one kind is control frame, and one kind is data frame;
Cryptographic means are used in the information exchanging process of cloud Information Exchange System;
And receiving party is authenticated.
2. cloud Information Exchange System as claimed in claim 1, it is characterised in that
The service connection connects for service provider;
Client's connection connects for terminal.
3. cloud Information Exchange System as claimed in claim 2, it is characterised in that
In client's connection, identified by customer name;Customer name includes two parts, and a part is service identifiers, and one
Part is title.
4. cloud Information Exchange System as claimed in claim 3, it is characterised in that
Client's connection includes two following attribute:
Same service identifiers attribute
In the client connects, the service identifiers part of the customer name of all information is all identical;
Single client terminal attribute
In the client connects, the information of only one client sends, and the customer name in all information only has one,
Multiple customer names are not included in the client connects.
5. cloud Information Exchange System as claimed in claim 4, it is characterised in that
The service connection accesses a specific system in service connection the inside using service number+system service title+machine number
System service;
Cloud Information Exchange System defines three kinds of service connection attributes:
(1) service number attribute
The connection can be sent to by representing all information of the service number, and the connection can route information to the service number
All purposes;
(2) system service attribute
The connection can be sent to by representing all information of the system service of the service number, and the connection can be by information router
To all purposes of the system service of the service number;
(3) machine number attribute
The connection can be sent to by representing all information of the machine number of the system service of the service number, and the connection can be with
Route information to the machine number of the system service of the service number;
Different access control rules is configured,
(1) service number 1 arrives service number 2
Represent any system service in all system services and all transmittable information to service number 2 of machine of the inside of service number 1
And machine;
(2) service number 1 arrives the system service B of service number 2
Represent that information all can be transmitted to any of the system service B of service number 2 in all system services of the inside of service number 1 and machine
Machine;
(3) machine Q of the service number 1 to the system service B of service number 2
Represent that information all can be transmitted to the system service B of service number 2 machine in all system services of the inside of service number 1 and machine
Q;
(4) the system service A of service number 1 is to service number 2
Represent any system service and machine that the system service A of service number 1 all machines can be sent information in service number 2
Device;
(5) system service Bs of the system service A of service number 1 to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 all machines
Device;
(6) machine Qs of the system service A of service number 1 to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 all machines;
(7) the system service A of service number 1 machine P is to service number 2
Represent any system service and machine that the system service A of service number 1 machine P can be sent information in service number 2;
(8) system service Bs of the system service A of the service number 1 machine P to service number 2
The system service B of service number 2 any machine can be sent information to by representing the system service A of service number 1 machine P;
(9) machine Qs of the system service A of the service number 1 machine P to the system service B of service number 2
The system service B of service number 2 machine Q can be sent information to by representing the system service A of service number 1 machine P;
Cloud Information Exchange System is according to the access control rule of system configuration, to complete the exchange of information.
6. cloud Information Exchange System as claimed in claim 5, it is characterised in that
The configuration forwarding rule specifically includes:Information in cloud Information Exchange System is swapped in units of frame, therein
The data exchange that data frame is used between connecting, each data frame must include purpose link address and source link address,
If address connects for service, address uses the form of above-mentioned " service number+system service title+machine number ";If ground
Location connects for client, then address uses the form that above-mentioned " customer name " is service identifiers+title.
7. cloud Information Exchange System as claimed in claim 6, it is characterised in that
Configuration audit rule includes:
In cloud Information Exchange System, each connection (service connection or client's connection) corresponds to a machine identification (connection side
Machine identification), after connection, it is necessary to by machine identification be sent to cloud Information Exchange System come, cloud Information Exchange System inspection is led to
Later, the interaction of normal information can be just carried out in the connection.
8. cloud Information Exchange System as claimed in claim 7, it is characterised in that
Configuration information exchange rule includes:
Access control between client and service end is set in cloud Information Exchange System, there is following access control:
(1) the customer name server01.aaa of the client or service identifiers server01 of client is to service number 1
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can be sent information to
All machines of all system services of service number 1
(2) systems of the customer name server01.aaa of the client or service identifiers server01 of client to service number 1
Service A
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can be sent information to
The system service A of service number 1 all machines
(3) systems of the customer name server01.aaa of the client or service identifiers server01 of client to service number 1
Service A machine P
Represent that the customer name server01.aaa of client or the service identifiers server01 of client can be sent information to
The system service A of service number 1 machine P
(4) service number 1 arrives the customer name server01.aaa of the client or service identifiers server01 of client
The customer name of client can be sent information to by representing all machines of all system services of service number 1
Server01.aaa or client service identifiers server01
(5) the system service A of service number 1 to the customer name server01.aaa of client or the service identifiers of client
server01
The customer name of client can be sent information to by representing the system service A of service number 1 all machines
Server01.aaa or client service identifiers server01
(6) the system service A of service number 1 machine P to the customer name server01.aaa of client or the service of client
Identify server01
Represent service number 1 system service A machine P can send information to client customer name server01.aaa or
The service identifiers server01 of client
Cloud Information Exchange System is according to the information exchange regulation of system configuration, to complete the exchange of information.
9. cloud Information Exchange System as claimed in claim 8, it is characterised in that
The routing rule for exchanging and connecting:
(1) in a service number, due to the difference of connection attribute, there are multiple cloud Information Exchange System that are connected to next, in cloud
In Information Exchange System, according to immediate connection route information, route is searched according to the order of following connection attribute:
A:Machine number attribute
B:System service attribute
C:Service number attribute
The connection for finding the attribute most matched just will send information to the connection;
When cloud Information Exchange System receives a message that be transmitted to the system service A machines H of service number 1,
a:First check for whetheing there is the connection of machine number attribute and be " the system service A machine H " of service number 1, if any then by the message
It is sent to the connection;
b:Such as the connection without the machine number attribute, then the connection of system service attribute is checked for, and be the " system of service number 1
A " is serviced, if any the message then is sent into the connection;
c:Such as the connection without the system service attribute, then the connection of service number attribute is checked for, and the service number attribute connects
It is connected in " service number 1 ", if any the message then is sent into the connection;
d:If the connection of three attribute more than not all being consistent, the message can not be sent;
(2) in cloud Information Exchange System, the service connection of same attribute can only have one;The service number attribute of service number 1
Connection there was only one;
Likewise, the connection of system service attribute and machine number attribute also only has a connection;
So the system service A of service number 1 machine H is according to different service connection attributes, in cloud Information Exchange System most
There are three connections more:
The service connection of the service number 1 of service number attribute;
The system service A of the service number 1 of system service attribute service connection;
The system service A of the service number 1 of machine number attribute machine H service connection;
(3) in cloud Information Exchange System, client's connection according to different connection attributes, according to the purpose customer name of message come
Send message;Cloud Information Exchange System receives the message that a purpose customer name is server12345678.aaa, cloud information
Exchange system first looks for connecting for server12345678.aaa client either with or without the customer name of single client terminal attribute,
If so, then it is sent to client connection;
Connect if it is not, searching the client for being server12345678 either with or without the service identifiers of same service identifiers attribute
Connect, if so, being then sent to client connection;
If not provided, cloud Information Exchange System can not then send out the message;
(4) in cloud Information Exchange System, client's connection of same attribute can only have one;
So customer name be server12345678.aaa client be connected in cloud Information Exchange System be up to it is following
Two client's connections:
The client that the service identifiers of same service identifiers attribute are server12345678 connects
The client that the customer name of single client terminal attribute is server12345678.aaa connects.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710732467.9A CN107566355A (en) | 2017-08-24 | 2017-08-24 | A kind of cloud Information Exchange System |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710732467.9A CN107566355A (en) | 2017-08-24 | 2017-08-24 | A kind of cloud Information Exchange System |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107566355A true CN107566355A (en) | 2018-01-09 |
Family
ID=60976797
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710732467.9A Pending CN107566355A (en) | 2017-08-24 | 2017-08-24 | A kind of cloud Information Exchange System |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107566355A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI655550B (en) * | 2018-03-20 | 2019-04-01 | 廣達電腦股份有限公司 | Data forwarding system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103763383A (en) * | 2014-01-27 | 2014-04-30 | 西安雷迪维护系统设备有限公司 | Integrated cloud storage system and storage method thereof |
CN103973784A (en) * | 2014-05-06 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Method for effectively utilizing cloud storage server resources |
CN106464742A (en) * | 2015-05-12 | 2017-02-22 | 环球互连及数据中心公司 | Programmable network platform for a cloud-based services exchange |
CN107517249A (en) * | 2017-08-14 | 2017-12-26 | 宁波甬凌新材料科技有限公司 | A kind of cloud Information Exchange System |
-
2017
- 2017-08-24 CN CN201710732467.9A patent/CN107566355A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103763383A (en) * | 2014-01-27 | 2014-04-30 | 西安雷迪维护系统设备有限公司 | Integrated cloud storage system and storage method thereof |
CN103973784A (en) * | 2014-05-06 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Method for effectively utilizing cloud storage server resources |
CN106464742A (en) * | 2015-05-12 | 2017-02-22 | 环球互连及数据中心公司 | Programmable network platform for a cloud-based services exchange |
CN107517249A (en) * | 2017-08-14 | 2017-12-26 | 宁波甬凌新材料科技有限公司 | A kind of cloud Information Exchange System |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI655550B (en) * | 2018-03-20 | 2019-04-01 | 廣達電腦股份有限公司 | Data forwarding system |
US10931647B2 (en) | 2018-03-20 | 2021-02-23 | Quanta Computer Inc. | Data forwarding system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108306887A (en) | Internet of Things safety based on block chain protects system with data-privacy | |
CN100456739C (en) | Remote access vpn mediation method and mediation device | |
CN108009825A (en) | A kind of identity management system and method based on block chain technology | |
CN100469032C (en) | Method and system for catching connection information of network auxiliary request part | |
KR101276092B1 (en) | Method and system for communication between a secure information storage device and at least one third party, corresponding entity, device and third party | |
CN106302346A (en) | The safety certifying method of API Calls, device, system | |
US20020156867A1 (en) | Virtual private volume method and system | |
US8040883B2 (en) | Probe insertion for one or more network address translated addresses | |
CN103716213B (en) | The method run in fixed access network and in a user device | |
ES2875963T3 (en) | Method and system related to user authentication to access data networks | |
CN108154439A (en) | Asset data processing unit and method | |
CN108496380A (en) | server, mobile terminal and program | |
CN104662839B (en) | The link identification in multiple domains | |
CN108683645A (en) | A kind of information-distribution type domain name and data transacting system based on block chain | |
WO2010123385A1 (en) | Identifying and tracking users in network communications | |
CN103812836A (en) | System and method for website to send user reserved information | |
CN108022100A (en) | A kind of cross-certification system and method based on block chain technology | |
CN110225049A (en) | Data transmission method, client and server | |
CN108900484A (en) | A kind of generation method and device of access authority information | |
CN110177015A (en) | A kind of method and device of management terminal access network | |
CN109302397A (en) | A kind of network safety managing method, platform and computer readable storage medium | |
CN106060097A (en) | Management system and management method for information security competition | |
CN106027356A (en) | Tunnel identifier conversion method and device | |
CN107517249A (en) | A kind of cloud Information Exchange System | |
CN100433750C (en) | Network access control method based onuser's account number |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180109 |