CN107579966A - Control method, device, system and the terminal device of remote access to intranet - Google Patents

Control method, device, system and the terminal device of remote access to intranet Download PDF

Info

Publication number
CN107579966A
CN107579966A CN201710748798.1A CN201710748798A CN107579966A CN 107579966 A CN107579966 A CN 107579966A CN 201710748798 A CN201710748798 A CN 201710748798A CN 107579966 A CN107579966 A CN 107579966A
Authority
CN
China
Prior art keywords
app
vpn
intranet
authentication client
vpn tunneling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710748798.1A
Other languages
Chinese (zh)
Other versions
CN107579966B (en
Inventor
代庆瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710748798.1A priority Critical patent/CN107579966B/en
Publication of CN107579966A publication Critical patent/CN107579966A/en
Application granted granted Critical
Publication of CN107579966B publication Critical patent/CN107579966B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

Present disclose provides a kind of control method of remote access to intranet, device, system and terminal device;This method is applied to terminal device, and the installing terminal equipment has Authentication Client, and being established between the Authentication Client and Intranet has vpn tunneling, and preserves the legal AP P information of vpn tunneling;This method includes:When Authentication Client receives APP Intranet access request, judge APP whether with access to vpn tunneling according to legal AP P information;If it is, the APP is allowed to access Intranet by vpn tunneling.The disclosure can take into account the convenience and security that terminal device accesses Intranet, the performance of lifting system.

Description

Control method, device, system and the terminal device of remote access to intranet
Technical field
This disclosure relates to Internet technical field, more particularly, to a kind of control method of remote access to intranet, device, is System and terminal device.
Background technology
With the popularization of the mobile terminals such as mobile phone, tablet personal computer, (Application, application are soft by the APP on mobile terminal Part) also become more diverse.Office work, many enterprises, administrative unit etc., which is handled, in order to facilitate employee develops internal office work APP, these APP enter row data communication by Intranet registering service server (server i.e. in corporate intranet).
If the service server of enterprises is opened into public network, corporate intranet can be constituted a threat to safely;It is if strong Mobile terminal APP processed can only be accessed under corporate intranet environment, then many inconvenience can be brought to user's use.It is existing in such case Have and a kind of mode for accessing enterprises server is introduced in technology, which is based primarily upon VPN (Virtual Private Network, VPN) technology realization, the identity of mobile terminal is first verified that, after checking is legal, then passes through vpn tunneling Establish and connect for the mobile terminal and intranet server, each APP on such mobile terminal can access intranet server.
The mode of intranet server is accessed above by authentication control mobile terminal APP, only accesses Intranet from user Convenience angle is improved.Once mobile terminal is legal, all APP thereon can access intranet server, and for The higher APP of security requirement, because the APP is opened under the VPN technologies of public network, certain potential safety hazard be present.For The convenience and security that this Intranet accesses are difficult to take into account the problem of realizing, not yet propose effective solution at present.
The content of the invention
In view of this, the purpose of the disclosure is to provide a kind of control method of remote access to intranet, device, system and end End equipment, the convenience of Intranet is accessed to take into account Intranet security in itself and user simultaneously.
To achieve these goals, the technical scheme that the disclosure uses is as follows:
In a first aspect, present disclose provides a kind of control method of remote access to intranet, this method is applied to terminal device, The installing terminal equipment has Authentication Client, and being established between Authentication Client and Intranet has vpn tunneling, and preserves vpn tunneling Legal AP P information;Method includes:When Authentication Client receives APP Intranet access request, sentenced according to legal AP P information Whether disconnected APP is with access to vpn tunneling;If it is, the APP is allowed to access Intranet by vpn tunneling.
Second aspect, present disclose provides a kind of control method of remote access to intranet, methods described services applied to MDM Device, methods described include:When the facility registration request that the Authentication Client for receiving terminal device is sent, to certification visitor Family end carries out facility registration;After the facility registration succeeds, provided to the Authentication Client in the Authentication Client correspondence The VPN configuration files of net, and the Associate Command of APP and vpn tunneling, the Associate Command carry the vpn tunneling association APP mark;So that the Authentication Client establishes vpn tunneling according to the VPN configuration files, and by the Associate Command In APP mark added to the vpn tunneling legal AP P information, according to the legal AP P information determine with access to institute State the APP of vpn tunneling, it is allowed to which the APP accesses Intranet by the vpn tunneling.
The third aspect, present disclose provides a kind of control device of remote access to intranet, the device is arranged at terminal device, The installing terminal equipment has Authentication Client, and being established between Authentication Client and Intranet has vpn tunneling, and preserves vpn tunneling Legal AP P information;The device includes:Judge module, during Intranet access request for receiving APP when Authentication Client, root Judge APP whether with access to vpn tunneling according to legal AP P information;Tunnel uses module, if for APP with access to VPN tunnels Road, it is allowed to which the APP accesses Intranet using vpn tunneling.
Fourth aspect, present disclose provides a kind of control device of remote access to intranet, described device services applied to MDM Device, described device include:Facility registration module, the facility registration for being sent when the Authentication Client for receiving terminal device please When asking, facility registration is carried out to the Authentication Client;Module is provided, after facility registration success, to the certification Client provides the VPN configuration files that the Authentication Client corresponds to Intranet, and the Associate Command of APP and vpn tunneling, described Associate Command carries the APP of vpn tunneling association mark;So that the Authentication Client configures text according to the VPN Part establishes vpn tunneling, and the mark of the APP in the Associate Command is added to the legal AP P information of the vpn tunneling, root The APP with access to the vpn tunneling is determined according to the legal AP P information, it is allowed to which the APP is accessed by the vpn tunneling Intranet.
5th aspect, present disclose provides a kind of control system of remote access to intranet, the system include Authentication Client, MDM (Mobile Device Management, mobile device management) servers and certificate server;Certificate server be used for pair Authentication Client is authenticated, when certification by after, notify MDM servers and Authentication Client;MDM servers include above-mentioned the The control device of remote access to intranet in four aspects;Authentication Client includes the remote access to intranet in the above-mentioned third aspect Control device.
6th aspect, present disclose provides a kind of terminal device, including memory and processor;Wherein, memory is used for One or more computer instruction is stored, one or more computer instruction is executed by processor, to realize above-mentioned remote access The control method of Intranet.
7th aspect, present disclose provides a kind of machinable medium, machinable medium is stored with machine Executable instruction, for machine-executable instruction when being called and being performed by processor, machine-executable instruction promotes processor to realize The control method of above-mentioned remote access to intranet.
The disclosure brings following beneficial effect:
Control method, device, system, terminal device and the machinable medium of above-mentioned remote access to intranet, terminal Being established between the Authentication Client and Intranet of equipment has vpn tunneling, and preserves the legal AP P information of vpn tunneling;Receiving During APP Intranet access request, if the Authentication Client judges the APP with access to VPN tunnels according to above-mentioned legal AP P information Road, then vpn tunneling is opened so that the APP accesses Intranet;By this way, even if terminal device is in public network environment, have permission APP still Intranet can safely and fast be accessed by vpn tunneling, ensure that terminal device access Intranet convenience, together When, for the higher APP of security level, it does not use the authority of vpn tunneling, and so this APP only can be in Intranet ring Run under border, ensure that the APP safeties in operation, and then taken into account convenience and security that terminal device accesses Intranet, carried The performance of system is risen.
Other feature and advantage of the disclosure will illustrate in the following description, or, Partial Feature and advantage can be with Deduce from specification or unambiguously determine, or the above-mentioned technology by implementing the disclosure can be learnt.
To enable the above-mentioned purpose of the disclosure, feature and advantage to become apparent, preferred embodiment cited below particularly, and coordinate Appended accompanying drawing, is described in detail below.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of disclosure embodiment or technical scheme of the prior art The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below Accompanying drawing is some embodiments of the disclosure, for those of ordinary skill in the art, before creative work is not paid Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of application environment schematic diagram of the control method for remote access to intranet that the embodiment of the present disclosure provides;
Fig. 2 is the flow chart of the control method for the first remote access to intranet that the embodiment of the present disclosure provides;
Fig. 3 is the flow chart of the control method for second of remote access to intranet that the embodiment of the present disclosure provides;
Fig. 4 is the flow chart of the control method for the third remote access to intranet that the embodiment of the present disclosure provides;
Fig. 5 is the flow chart of the control method for the 4th kind of remote access to intranet that the embodiment of the present disclosure provides;
Fig. 6 is a kind of structural representation of the control device for remote access to intranet that the embodiment of the present disclosure provides;
Fig. 7 is the flow chart of the control method for the 5th kind of remote access to intranet that the embodiment of the present disclosure provides;
Fig. 8 is the structural representation of the control device for another remote access to intranet that the embodiment of the present disclosure provides;
Fig. 9 is the structural representation of the control system for the first remote access to intranet that the embodiment of the present disclosure provides;
Figure 10 is the structural representation of the control system for second of remote access to intranet that the embodiment of the present disclosure provides;
Figure 11 is a kind of structural representation for terminal device that the embodiment of the present disclosure provides.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present disclosure clearer, below in conjunction with accompanying drawing to the disclosure Technical scheme be clearly and completely described, it is clear that described embodiment is disclosure part of the embodiment, rather than Whole embodiments.Based on the embodiment in the disclosure, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belong to the scope of disclosure protection.
A kind of application environment schematic diagram of the control method of remote access to intranet shown in Figure 1;On terminal device Multiple APP (including APP1, APP2 ..., APPn etc.) by VPN be that (including business takes for the service server that may have access in Intranet Be engaged in device 1, service server 2 ..., service server n etc.).
In order to when user accesses Intranet, take into account Intranet security in itself and user access Intranet convenience, it is necessary to The establishment of a mechanism between the terminal device of user and Intranet so that terminal device only partly refers under public network environment Fixed APP can access the service server of enterprises;Based on the purpose, the embodiment of the present disclosure provides a kind of long-range visit Ask control method, device, system, terminal device and the machinable medium of Intranet;The technology can be widely used in end In the terminal devices such as end equipment, the Intranet can be the LANs such as corporate intranet, internal institution Office Network, campus network;The skill Art can use related software or hardware to realize, be described below by embodiment.
Embodiment one:
A kind of control method of remote access to intranet is present embodiments provided, this method is applied to terminal device, the terminal Equipment is provided with Authentication Client, and being established between the Authentication Client and Intranet has vpn tunneling, and preserves the legal of vpn tunneling APP information;
The Authentication Client can be the application software or plug-in unit being installed in terminal device;The Authentication Client can be with Above-mentioned vpn tunneling is established between the equipment such as service server or gateway in Intranet, for being communicated with the Intranet;Above-mentioned conjunction Method APP information can be the APP lists for allowing to access Intranet using the vpn tunneling, and the letters such as APP marks are preserved in the list Breath.
The flow chart of the control method of the first remote access to intranet shown in Figure 2, this method comprise the following steps:
Step S202, when Authentication Client receives APP Intranet access request, APP is judged according to legal AP P information Whether with access to vpn tunneling;
Step S204, if it is, allowing the APP to access Intranet by vpn tunneling.
For example, whether above-mentioned Authentication Client can will access Intranet with the APP started in real-time monitoring terminal equipment;Work as end When APP is used in a enterprise's office of user's triggering startup of end equipment, or, the APP after startup wants to communicate with Intranet During behavior, the Authentication Client can receive the Intranet access request of the APP;This can be carried in the Intranet access request APP relevant information, for example, APP marks, parameter etc.;Authentication Client can be according to the phase of the APP in Intranet access request Information is closed, and above-mentioned legal AP P information judges the APP whether with access to vpn tunneling;If so, Authentication Client is then permitted Perhaps the APP uses vpn tunneling;If not provided, the Authentication Client refuses the Intranet access request of the APP, meanwhile, can to Family sends prompting message, the reason for prompt user that the APP is denied access to Intranet and suggestion for operation etc..
The control method for a kind of remote access to intranet that the present embodiment provides, between the Authentication Client and Intranet of terminal device Foundation has vpn tunneling, and preserves the legal AP P information of vpn tunneling;When receiving APP Intranet access request, if should Authentication Client judges that the APP with access to vpn tunneling, then allows the APP to use vpn tunneling according to above-mentioned legal AP P information Access Intranet;By this way, even if terminal device is in public network environment, the APP having permission can still be pacified by vpn tunneling Entirely, Intranet is rapidly accessed, ensure that terminal device accesses the convenience of Intranet.It is meanwhile higher for security level APP, it does not use the authority of vpn tunneling, and so this APP can only be run under intranet environment, ensure that the APP is run Security, and then the convenience and security of mobile terminal accessing Intranet have been taken into account, improve the performance of system.
Embodiment two:
The flow chart of the control method of second of remote access to intranet shown in Figure 3, this method carry in embodiment one On the basis of the control method of the remote access to intranet of confession, in addition to:
Authentication Client carries out facility registration to MDM servers, after facility registration success, obtains VPN from MDM servers and matches somebody with somebody File, and the Associate Command of APP and vpn tunneling are put, the Associate Command carries the APP of vpn tunneling association mark;
Vpn tunneling, and the conjunction by the mark of the APP in Associate Command added to vpn tunneling are established according to VPN configuration files In method APP information, to judge APP whether there is the authority using vpn tunneling.Such as:When Authentication Client receives APP Intranet During access request, the mark of the APP is searched whether in legal AP P information;If so, determine the APP with access to VPN tunnels Road.
Above-mentioned Associate Command can be arranged in VPN configuration files, can also be not arranged in VPN configuration files, but Individually obtain, opportunity of acquisition can after Authentication Client downloads APP and installs the APP, can also installation APP it Before.The specific acquisition modes of VPN configuration files and Associate Command, can be that Authentication Client is actively downloaded or MDM takes Device active push of being engaged in etc., the present embodiment is to this without limiting.
Referring to Fig. 3, this method illustrates so that terminal device adds Intranet first as an example, and this method comprises the following steps:
Step S302, Authentication Client carry out facility registration to MDM servers;
In general, in networking, a MDM server, but the MDM servers can be generally configured with an Intranet It can be arranged in Intranet, outer net can be arranged at, be not limited for the location of MDM servers.
Pre-save multiple APP of Intranet installation kit in the MDM servers, and for each APP be configured with whether The authority of vpn tunneling can be used, the MDM servers also prestore the VPN configuration files of Intranet.
In above-mentioned steps S302, Authentication Client can use the accounts information of Authentication Client, or certification client Mark of the facility information (for example, MAC Address of terminal device etc.) of the residing terminal device in end as unique Authentication Client Knowledge is registered.
Step S304, after facility registration success, APP the and VPN configuration files of Intranet are downloaded from MDM servers;
Step S306, APP is installed;
Step S308, the vpn tunneling for accessing Intranet is established according to VPN configuration files;
Step S310, when receiving associated AP P and the vpn tunneling order that MDM servers issue, APP mark is added Add in the legal AP P information of vpn tunneling.
When the APP is configured to use the authority of vpn tunneling in MDM servers, then MDM servers are objective to certification Family end, which issues, associates the APP and vpn tunneling order;When the APP is configured to that vpn tunneling cannot be used in MDM servers During authority, then MDM servers do not issue to Authentication Client and associate the APP and vpn tunneling order.
In addition, it is not limited for the execution sequence of step 306, step 308 and step 310.I.e. can also be Before APP installations, associated AP P and vpn tunneling order that MDM servers issue are received.
Step S312, when Authentication Client receives APP Intranet access request, being searched in legal AP P information is The no mark for having the APP;If so, perform step S314;If not provided, perform step S316;
In view of the time delay reason of network processes, when above-mentioned APP mark is added to the legal AP P information of vpn tunneling In after, or, when Authentication Client receives APP Intranet access request, one section of waiting time can be set and start to count When, after timing reaches the waiting time, Authentication Client can search the mark of the APP in legal AP P information, to ensure Lookup action is carried out after APP marks are added in legal AP P information and come into force, and lifts the accuracy of lookup result.
Step S314, determine the APP with access to vpn tunneling, it is allowed to which the APP accesses Intranet by vpn tunneling;
Step S316, determine that the APP with access to vpn tunneling, does not refuse to open vpn tunneling for the APP.
A kind of control method of remote access to intranet provided in an embodiment of the present invention, the Authentication Client of terminal device are inside After the MDM servers of net carry out facility registration, installation APP, it can be established according to the VPN configuration files of download and access Intranet Vpn tunneling, and the mark of the APP is added in legal AP P information according to the Associate Command that MDM servers issue;Receiving To APP Intranet access request when, if find the mark of the APP in legal AP P information, allow the APP use Vpn tunneling accesses Intranet;By this way, even if terminal device is in public network environment, the APP having permission can still pass through Vpn tunneling safely and fast accesses Intranet, ensure that terminal device accesses the convenience of Intranet, meanwhile, for security level Higher APP, it does not use the authority of vpn tunneling, and so this APP can only be run under intranet environment, ensure that this APP safeties in operation, and then convenience and security that terminal device accesses Intranet have been taken into account, improve the performance of system.
Further, in aforesaid way, Authentication Client directly receives the VPN configuration files of MDM servers download, avoids The troublesome operations of user's manual configuration VPN parameters, improve the efficiency and convenience of vpn tunneling foundation.
Embodiment three:
The flow chart of the control method of the third remote access to intranet shown in Figure 4;This method carries in embodiment two On the basis of the control method of the remote access to intranet of confession, this method also includes:Authentication Client is recognized to certificate server Card;When certification by after, the mark of Authentication Client is sent to MDM servers by certificate server, to notify MDM to service Device Authentication Client passes through certification;Correspondingly, the step of above-mentioned Authentication Client is to MDM servers progress facility registration, including: Facility registration request is sent to MDM servers, the facility registration asks to carry the mark of Authentication Client, so that MDM is serviced After the Authentication Client mark that device is sent according to certificate server determines that Authentication Client is legal, equipment is carried out for Authentication Client Registration.
Referring to Fig. 4, this method illustrates so that terminal device adds Intranet first as an example, and this method comprises the following steps:
Step S402, Authentication Client are authenticated to the certificate server of Intranet;
Specifically, when the Authentication Client on terminal device starts, the Authentication Client uses the account of Authentication Client Family information, or facility information (for example, MAC Address of terminal device etc.) conduct of the terminal device residing for the Authentication Client The mark of unique Authentication Client carries out VPN login authentications to the certificate server.
Step S404, when certification by after, pass through certificate server obtain Intranet MDM servers address, Yi Jitong Certificate server is crossed to send the mark of Authentication Client to MDM servers;
Step S406, send facility registration to MDM servers using address above mentioned and ask, facility registration request, which carries, to be recognized The mark of client is demonstrate,proved, so that after MDM servers determine that Authentication Client is legal, facility registration is carried out for Authentication Client.
To certificate server certification by rear, certificate server sends this to MDM servers to be recognized above-mentioned Authentication Client The mark of client is demonstrate,proved, MDM servers preserve the mark of the Authentication Client;When MDM servers receive facility registration request When, if the mark for the Authentication Client that facility registration request carries has been stored in MDM servers, illustrate the facility registration Authentication Client corresponding to request is legitimate client, and MDM servers are that the Authentication Client carries out facility registration;If this sets The mark for the Authentication Client that standby registration request carries is not stored in MDM servers, illustrates that facility registration request is corresponding Authentication Client be illegitimate client, MDM servers refusal carries out facility registration for the Authentication Client.
Step S408, after facility registration success, APP the and VPN configuration files of Intranet are downloaded from MDM servers, installation should APP;
Step S410, according to the log-on message during facility registration, the loading parameter of the vpn tunneling of Intranet is determined, should Loading parameter includes but is not limited to:Gateway address, user name and password, and the information such as Cookies settings;Joined using the loading Corresponding parameter in number modification VPN configuration files;
Wherein, gateway address can when carrying out facility registration, be added during user log-in authentication client.User name and Password is the username and password that during facility registration, user fills in, and the username and password is used for when using vpn tunneling User is authenticated.
It is above-mentioned from MDM servers download VPN configuration files in, it is blank that may have partial parameters, or with current end End equipment or Authentication Client are not inconsistent, it is then desired to relevant parameter be filled into the VPN configuration files of load, for example, above-mentioned gateway Address, user name and password, and Cookies configuration informations etc., so that VPN configuration files are more complete, realize automatic establish Vpn tunneling, reduce cost of labor.
Step S412, using amended VPN configuration files, establish the vpn tunneling for accessing Intranet.
In a kind of optional embodiment, VPN plug-in units are installed, above-mentioned steps S412 is in reality in above-mentioned Authentication Client Now, after Authentication Client starts amended VPN configuration files, VPN can be received by the VPN plug-in units and starts request, and it is raw Into above-mentioned vpn tunneling.
Step S414, when receiving associated AP P and the vpn tunneling order that MDM servers issue, APP mark is added Add in the legal AP P information of vpn tunneling.
When actually realizing, after a certain APP mark is added in the legal AP P information of vpn tunneling, Authentication Client It can send and notify to above-mentioned VPN plug-in units;Can be that the vpn tunneling associates the APP after VPN plug-in units receive the notice, so that The APP can use the vpn tunneling.
Step S416, when Authentication Client receives APP Intranet access request, being searched in legal AP P information is The no mark for having the APP;If so, perform step S418;If not provided, perform step S420;
Step S418, determine the APP with access to vpn tunneling, it is allowed to which the APP accesses Intranet by vpn tunneling;
Step S420, determine that the APP with access to vpn tunneling, does not refuse to open vpn tunneling for the APP.
A kind of control method of remote access to intranet provided in an embodiment of the present invention, the Authentication Client of terminal device is first It is authenticated to certificate server, then facility registration is carried out to MDM servers, and is supplemented to improve in registration process and taken from MDM Business device downloads VPN configuration files, to establish the vpn tunneling for accessing Intranet, is easy to follow-up APP to pass through the vpn tunneling and accesses Intranet; By this way, even if terminal device is in public network environment, the APP having permission still can be by vpn tunneling safely and fast Intranet is accessed, ensure that terminal device accesses the convenience of Intranet, meanwhile, for the higher APP of security level, it does not make With the authority of vpn tunneling, so this APP can only be run under intranet environment, ensure that the APP safeties in operation, and then Convenience and security that terminal device accesses Intranet have been taken into account, has improved the performance of system.
Further, in aforesaid way, Authentication Client directly receive MDM servers download VPN configuration files, and from The loading parameter of the vpn tunneling of Intranet, and then automatic modification VPN configuration files are determined in log-on message;It is manual to avoid user The troublesome operation of VPN parameters is configured, improves the efficiency and convenience of vpn tunneling foundation.
Example IV:
The flow chart of the control method of 4th kind of remote access to intranet shown in Figure 5;This method carries in embodiment one Realized on the basis of the control method of the remote access to intranet of confession;Wherein, it is allowed to the step of APP accesses Intranet by vpn tunneling Including:Pass through the startup of SDK (Software Development Kit, SDK) interfaces to vpn tunneling Message, determine whether vpn tunneling can use according to the initiation message;When it is determined that the vpn tunneling is available, passed by vpn tunneling Send the data between APP and Intranet.
Determine that whether vpn tunneling can use by SDK interfaces, can automatic sensing vpn tunneling it is whether normal, improve system Performance.
Referring to Fig. 5, this method comprises the following steps:
Step S500, Authentication Client receive APP Intranet access request;
Step S502, judge APP whether with access to vpn tunneling according to legal AP P information;If so, perform step S504;If not provided, perform step S510;
Step S504, starts vpn tunneling, and the startup vpn tunneling establishes vpn tunneling, specifically establishes process and be same as above, here Repeat no more;
Step S506, when having been turned on finishing message by SDK interfaces to vpn tunneling, determine that vpn tunneling can use; Data between APP and Intranet are transmitted by vpn tunneling.
From above-described embodiment, the installation kit of the APP is pre-stored in MDM servers, and the APP is special SDK Exploitation;When the APP is installed on the terminal device, by calling the interface of the SDK, the relevant information of vpn tunneling can be received.
Step S508, when starting failed message by SDK interfaces to vpn tunneling or disconnecting message, again Start vpn tunneling, untill vpn tunneling can use or start time-out.
When vpn tunneling start it is overtime when, user can be notified in form of a message so that user trigger again the APP to Authentication Client sends Intranet access request.
Step S510, refuse to open vpn tunneling for the APP.
A kind of control method of remote access to intranet provided in an embodiment of the present invention, the Authentication Client of terminal device with it is interior Being established between net has vpn tunneling, and preserves the legal AP P information of vpn tunneling;When receiving APP Intranet access request, such as The fruit Authentication Client judges the APP with access to vpn tunneling according to legal AP P information, by calling SDK corresponding to APP The initiation message of interface vpn tunneling, after vpn tunneling starts successfully, the APP can access Intranet;By this way, even if Terminal device is in public network environment, and the APP having permission still can safely and fast access Intranet by vpn tunneling, ensure that Terminal device accesses the convenience of Intranet, meanwhile, for the higher APP of security level, it does not use the power of vpn tunneling Limit, so this APP can only be run under intranet environment, ensure that the APP safeties in operation, and then taken into account terminal device The convenience and security of Intranet are accessed, improves the performance of system.
Further, in VPN start-up courses, above-mentioned SDK interfaces can monitor the state of vpn tunneling in real time, work as reception When starting failed message to vpn tunneling or disconnect message, the SDK interfaces can avoid user with Auto-reconnect vpn tunneling The troublesome operation of manual reconnection, improve the efficiency and convenience of vpn tunneling startup.
Embodiment five:
Corresponding to above method embodiment, a kind of structure of the control device of remote access to intranet shown in Figure 6 is shown It is intended to;The device is arranged at terminal device, and the installing terminal equipment has Authentication Client, is established between the Authentication Client and Intranet There is vpn tunneling, and preserve the legal AP P information of vpn tunneling;The device includes such as lower part:
Judge module 60, during Intranet access request for receiving APP when Authentication Client, according to legal AP P information Judge APP whether with access to vpn tunneling;
Tunnel uses module 62, if for APP with access to vpn tunneling, it is allowed in the APP is accessed by vpn tunneling Net.
A kind of control device of remote access to intranet provided in an embodiment of the present invention, the Authentication Client of terminal device with it is interior Being established between net has vpn tunneling, and preserves the legal AP P information of vpn tunneling;When receiving APP Intranet access request, such as The fruit Authentication Client judges that the APP with access to vpn tunneling, then allows the APP to use VPN tunnels according to legal AP P information Road accesses Intranet;By this way, even if terminal device is in public network environment, the APP having permission can still pass through vpn tunneling Intranet is safely and fast accessed, ensure that terminal device accesses the convenience of Intranet, meanwhile, it is higher for security level APP, it does not use the authority of vpn tunneling, and so this APP can only be run under intranet environment, ensure that the APP is run Security, and then convenience and security that terminal device accesses Intranet have been taken into account, improve the performance of system.
Further, said apparatus also includes:Registering modules, for carrying out facility registration to MDM servers;File acquisition Module, after facility registration success, VPN configuration files are obtained from MDM servers, and APP and vpn tunneling associate life Order, Associate Command carry the APP of vpn tunneling association mark;Tunnel building module, for being established according to VPN configuration files The vpn tunneling of Intranet is accessed, and determines the APP of vpn tunneling association;Add module is identified, for by the APP in Associate Command Mark added to vpn tunneling legal AP P information in.
Further, above-mentioned judge module is used for the mark that APP is searched whether in legal AP P information, if so, really APP is determined with access to vpn tunneling.
Further, device also includes:
Authentication module, it is authenticated for Authentication Client to certificate server;When certification by after, pass through authentication service Device sends the mark of Authentication Client to MDM servers, to notify MDM that server authenticating client passes through certification;
Then, Registering modules are used to send facility registration request to MDM servers, and facility registration request carries certification client The mark at end, so that after the Authentication Client mark that MDM servers are sent according to certificate server determines that Authentication Client is legal, Facility registration is carried out for Authentication Client.
Further, above-mentioned tunnel building module is used for:According to the log-on message during facility registration, Intranet is determined The loading parameter of vpn tunneling;Changed using loading parameter in VPN configuration files and correspond to parameter;Text is configured using amended VPN Part, establish vpn tunneling.
Further, above-mentioned tunnel is used for using module:By the initiation message of SDK interfaces to vpn tunneling, according to Initiation message determines whether vpn tunneling can use;When it is determined that vpn tunneling is available, transmitted by vpn tunneling between APP and Intranet Data.When it is determined that vpn tunneling is unavailable, such as:Start failed message or disconnection to vpn tunneling when passing through SDK interfaces During connection message, vpn tunneling is again started up, untill vpn tunneling can use or start time-out.
The above method and device are mainly the description carried out from terminal equipment side, corresponding, in the embodiment of the present disclosure, Additionally provide the scheme from the description of MDM server sides, the control method flow of the shown in Figure 7 the 5th kind of remote access to intranet Figure, this method are applied to MDM servers, comprised the following steps:
Step S702, when the facility registration request that the Authentication Client for receiving terminal device is sent, to certification client End carries out facility registration;
Step S704, after facility registration success, the VPN that Intranet is corresponded to Authentication Client offer Authentication Client configures text Part, and the Associate Command of APP and vpn tunneling, Associate Command carry the APP of vpn tunneling association mark;So that certification is objective Vpn tunneling is established in family end according to VPN configuration files, and the mark of the APP in Associate Command is added into the legal of vpn tunneling APP information, the APP with access to vpn tunneling is determined according to legal AP P information, it is allowed to which APP accesses Intranet by vpn tunneling.
Corresponding to method shown in Fig. 7, the control device of another remote access to intranet is additionally provided in the embodiment of the present disclosure, The device is applied to MDM servers, the structured flowchart of the control device of remote access to intranet shown in Figure 8, the device bag Include:
Facility registration module 82, when the facility registration for being sent when the Authentication Client for receiving terminal device is asked, Facility registration is carried out to Authentication Client;
Module 84 is provided, after facility registration success, the VPN of Intranet is corresponded to Authentication Client offer Authentication Client Configuration file, and the Associate Command of APP and vpn tunneling, Associate Command carry the APP of vpn tunneling association mark;So that Authentication Client establishes vpn tunneling according to VPN configuration files, and the mark of the APP in Associate Command is added into vpn tunneling Legal AP P information, the APP with access to vpn tunneling is determined according to legal AP P information, it is allowed in APP is accessed by vpn tunneling Net.
The structural representation of the control system of the first remote access to intranet shown in Figure 9;The system includes certification Client 90, MDM servers 92 and certificate server 94;Certificate server 94 is used to be authenticated Authentication Client, when recognizing After card passes through, MDM servers and Authentication Client are notified;MDM servers 92 include the control of the remote access to intranet shown in Fig. 8 Device;Authentication Client 90 includes the control device of the remote access to intranet shown in above-mentioned Fig. 6.
The control device and system of a kind of remote access to intranet provided in an embodiment of the present invention, provided with above-described embodiment A kind of control method of remote access to intranet has identical technical characteristic, so can also solve identical technical problem, reaches Identical technique effect.
The structural representation of the control system of second of remote access to intranet shown in Figure 10;The certification of terminal device Client carries out facility registration by being authenticated to certificate server, then to MDM servers, and Intranet is accessed so as to establish Vpn tunneling and the legal AP P information for obtaining vpn tunneling;On terminal device multiple APP (including APP1, APP2 ..., APPn Deng) by the Authentication Client comprising tunnelling function, vpn tunneling can be opened, and then access by vpn gateway more in Intranet Individual service server (including service server 1, service server 2 ..., service server n etc.).
Based on the control system of the remote access to intranet described in Figure 10, the control method of above-mentioned remote access to intranet, specifically It can be accomplished in the following manner:
Step 1:APP using SDK exploitations is uploaded to MDM servers;Generally, the APP is to be installed on terminal device APP;
Step 2:In the APP that above-mentioned upload is configured in MDM servers, which can use vpn tunneling;For example, generation One APP list, being saved in the list can use the APP of vpn tunneling to identify.
Step 3:After Authentication Client starts, VPN login authentications are carried out to certificate server;Certification is by rear, certification clothes Unique mark of the business device using the information of Authentication Client as Authentication Client, sends to MDM servers, is sent out to Authentication Client The notice that certification passes through is sent, while the address of MDM servers is informed to Authentication Client.
Step 4:After Authentication Client receives the notice that certification passes through, facility registration request is sent to MDM servers.
Step 5:After MDM servers receive facility registration request, starting device register flow path;After facility registration success, Send and notify to Authentication Client.Generally, facility registration success after, MDM server cans manage the equipment, for example, to this Equipment installation application, push configuration file etc..
Step 6:MDM servers issue VPN configuration files to the equipment, until successfully issuing VPN configuration files.Generally, During configuration file is issued, Authentication Client may send inquiry message to MDM servers, and now, MDM servers need Authentication Client is responded, is issuing VPN configuration files, so that Authentication Client waits VPN configuration files to issue completion.
Step 7:After the completion of VPN configuration files issue, Authentication Client loading VPN configuration files, and change VPN configuration texts Part parameter;The VPN profile parameters include gateway address, user name password, cookie information etc.;After the completion of parameter modification, The request for starting the VPN configuration files is sent to VPN plug-in units.
Step 8:After the VPN plug-in units of Authentication Client receive above-mentioned VPN configuration files startup request, terminal device is established To the secure tunnel of vpn gateway, forwarded for follow-up message.
Step 9:MDM servers push APP to terminal device, so that the installing terminal equipment APP;APP is installed successfully Afterwards, MDM servers send the order for licensing vpn tunneling to the APP, and due to network reason, the authorization command may need Delay a period of time can just come into force.
Step 10:After above-mentioned authorization command comes into force, the VPN plug-in units APP of Authentication Client notice Authentication Client can be with Use vpn tunneling.
Step 11:After the VPN plug-in units of Authentication Client receive above-mentioned notice, above-mentioned APP is associated for the vpn tunneling, so as to The APP can use the vpn tunneling.
Step 12:After the APP starts, Authentication Client judges whether the APP has the right by calling corresponding SDK interfaces Using vpn tunneling, if it is, the APP can pass through the service server of the access enterprises of vpn tunneling safety.
A kind of structural representation of terminal device shown in Figure 11;The terminal device includes memory 100 and processing Device 101;Wherein, memory 100 is used to store one or more computer instruction, and one or more computer instruction is by processor Perform, to realize the control method of above-mentioned remote access to intranet.
Further, the terminal device shown in Figure 11 also includes bus 102 and communication interface 103, and processor 101, communication connect Mouth 103 and memory 100 are connected by bus 102.
Wherein, memory 100 may include high-speed random access memory (RAM, Random Access Memory), Non-labile memory (non-volatile memory), for example, at least a magnetic disk storage may also be included.By extremely A few communication interface 103 (can be wired or wireless) is realized logical between the system network element and at least one other network element Letter connection, can use internet, wide area network, LAN, Metropolitan Area Network (MAN) etc..Bus 102 can be isa bus, pci bus or Eisa bus etc..The bus can be divided into address bus, data/address bus, controlling bus etc..For ease of representing, only used in Figure 11 One four-headed arrow represents, it is not intended that an only bus or a type of bus.
Processor 101 is probably a kind of IC chip, has the disposal ability of signal.It is above-mentioned in implementation process Each step of method can be completed by the integrated logic circuit of the hardware in processor 101 or the instruction of software form.On The processor 101 stated can be general processor, including central processing unit (Central Processing Unit, referred to as CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), application specific integrated circuit (Application Specific Integrated Circuit, abbreviation ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or Person other PLDs, discrete gate or transistor logic, discrete hardware components.It can realize or perform sheet Disclosed each method, step and logic diagram in inventive embodiments.General processor can be microprocessor or the processing Device can also be any conventional processor etc..The step of method with reference to disclosed in the embodiment of the present disclosure, can be embodied directly in Hardware decoding processor performs completion, or performs completion with the hardware in decoding processor and software module combination.Software mould Block can be located at random access memory, flash memory, read-only storage, programmable read only memory or electrically erasable programmable storage In the ripe storage medium in this areas such as device, register.The storage medium is located at memory 100, and processor 101 reads memory Information in 100, with reference to its hardware complete previous embodiment method the step of.
Further, the embodiment of the present invention additionally provides a kind of machinable medium, and the machinable medium is deposited Machine-executable instruction is contained, when being called and being performed by processor, machine-executable instruction promotes the machine-executable instruction Processor realizes the control method of above-mentioned remote access to intranet.
Control method, device, system, terminal device and the machine for a kind of remote access to intranet that the embodiment of the present disclosure is provided Device readable storage medium storing program for executing, including the computer-readable recording medium of program code is stored, the instruction that described program code includes Available for the method performed described in previous methods embodiment, specific implementation can be found in embodiment of the method, will not be repeated here.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, the technical scheme of the disclosure is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform each embodiment methods described of the disclosure all or part of step. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
To illustrate the technical scheme of the disclosure, rather than its limitations, the protection domain of the disclosure is not limited thereto, although The disclosure is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It is any to be familiar with For those skilled in the art in the technical scope that the disclosure discloses, it still can be to the skill described in previous embodiment Art scheme is modified or can readily occurred in change, or carries out equivalent substitution to which part technical characteristic;And these modifications, Change is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of embodiment of the present disclosure technical scheme, all It should cover within the protection domain of the disclosure.Therefore, the protection domain of the disclosure should be described with scope of the claims It is defined.

Claims (16)

1. a kind of control method of remote access to intranet, it is characterised in that methods described is applied to terminal device, and the terminal is set Standby to be provided with Authentication Client, being established between the Authentication Client and the Intranet has vpn tunneling, and preserves the VPN tunnels The legal AP P information in road;Methods described includes:
When the Authentication Client receives APP Intranet access request, the APP is judged according to the legal AP P information Whether with access to the vpn tunneling;
If it is, the APP is allowed to access the Intranet by the vpn tunneling.
2. according to the method for claim 1, it is characterised in that methods described also includes:
The Authentication Client carries out facility registration to MDM servers;
After the facility registration success, VPN configuration files, and the Associate Command of APP and vpn tunneling are obtained from MDM servers, The Associate Command carries the APP of vpn tunneling association mark;
The vpn tunneling is established according to the VPN configuration files;
The mark of APP in the Associate Command is added in the legal AP P information of the vpn tunneling.
3. according to the method for claim 2, it is characterised in that described to judge that the APP is according to the legal AP P information It is no with access to the vpn tunneling the step of, including:
The mark of the APP is searched whether in the legal AP P information;
If so, determine the APP with access to the vpn tunneling.
4. according to the method for claim 2, it is characterised in that methods described also includes:The Authentication Client is to certification Server is authenticated;When certification by after, the mark of the Authentication Client is sent to institute by the certificate server MDM servers are stated, to notify Authentication Client described in the MDM servers to pass through certification;
Then, the step of Authentication Client is to MDM servers progress facility registration, including:
Facility registration request is sent to the MDM servers, the facility registration request carries the mark of the Authentication Client Know, so that the Authentication Client mark that the MDM servers are sent according to the certificate server determines the Authentication Client After legal, facility registration is carried out for the Authentication Client.
5. according to the method for claim 2, it is characterised in that described that the VPN tunnels are established according to the VPN configuration files The step of road, including:
According to the log-on message during the facility registration, the loading parameter of the vpn tunneling of the Intranet is determined;
Changed using the loading parameter in the VPN configuration files and correspond to parameter;
Using the amended VPN configuration files, the vpn tunneling is established.
6. according to the method described in claim 1-5 any one, it is characterised in that described to allow the APP to pass through the VPN Tunnel accesses the step of Intranet, including:
Initiation message by SDK interfaces to the vpn tunneling, determine that the vpn tunneling is according to the initiation message It is no available;
When it is determined that the vpn tunneling is available, the data between the APP and the Intranet are transmitted by the vpn tunneling.
7. a kind of control method of remote access to intranet, it is characterised in that methods described is applied to MDM servers, methods described Including:
When the facility registration request that the Authentication Client for receiving terminal device is sent, equipment is carried out to the Authentication Client Registration;
After the facility registration success, the VPN that Intranet is corresponded to the Authentication Client offer Authentication Client configures text Part, and the Associate Command of APP and vpn tunneling, the Associate Command carry the APP of vpn tunneling association mark;With The Authentication Client is set to establish vpn tunneling according to the VPN configuration files, and by the mark of the APP in the Associate Command Added to the legal AP P information of the vpn tunneling, determined according to the legal AP P information with access to the vpn tunneling APP, it is allowed to which the APP accesses Intranet by the vpn tunneling.
8. a kind of control device of remote access to intranet, it is characterised in that described device is arranged at terminal device, and the terminal is set Standby to be provided with Authentication Client, being established between the Authentication Client and the Intranet has vpn tunneling, and preserves the VPN tunnels The legal AP P information in road;Described device includes:
Judge module, during Intranet access request for receiving APP when the Authentication Client, believed according to the legal AP P Whether breath judges the APP with access to the vpn tunneling;
Tunnel uses module, if for the APP with access to the vpn tunneling, it is allowed to which the APP passes through the VPN tunnels Road accesses the Intranet.
9. device according to claim 8, it is characterised in that described device also includes:
Registering modules, for carrying out facility registration to MDM servers;
File acquisition module, for the facility registration success after, from MDM servers obtain VPN configuration files, and APP with The Associate Command of vpn tunneling, the Associate Command carry the APP of vpn tunneling association mark;
Tunnel building module, the vpn tunneling of the Intranet is accessed for being established according to the VPN configuration files, and determine institute State the APP of vpn tunneling association;
Add module is identified, for legal AP P of the mark of the APP in the Associate Command added to the vpn tunneling to be believed In breath.
10. device according to claim 9, it is characterised in that the judge module is used in the legal AP P information The mark of the APP is searched whether, if so, determining the APP with access to the vpn tunneling.
11. device according to claim 9, it is characterised in that described device also includes:
Authentication module, it is authenticated for the Authentication Client to certificate server;When certification by after, pass through the certification Server sends the mark of the Authentication Client to the MDM servers, to notify certification visitor described in the MDM servers Family end passes through certification;
Then, the Registering modules are used to send facility registration request to the MDM servers, and the facility registration request carries The mark of the Authentication Client, so that the Authentication Client that the MDM servers are sent according to the certificate server identifies After determining that the Authentication Client is legal, facility registration is carried out for the Authentication Client.
12. device according to claim 9, it is characterised in that the tunnel building module is used for:
According to the log-on message during the facility registration, the loading parameter of the vpn tunneling of the Intranet is determined;
Changed using the loading parameter in the VPN configuration files and correspond to parameter;
Using the amended VPN configuration files, the vpn tunneling is established.
13. device according to claim 8, it is characterised in that the tunnel is used for using module:
Initiation message by SDK interfaces to the vpn tunneling, determine that the vpn tunneling is according to the initiation message It is no available;
When it is determined that the vpn tunneling is available, the data between the APP and the Intranet are transmitted by the vpn tunneling.
14. a kind of control device of remote access to intranet, it is characterised in that described device is applied to MDM servers, described device Including:
Facility registration module, when the facility registration for being sent when the Authentication Client for receiving terminal device is asked, to described Authentication Client carries out facility registration;
Module is provided, after succeeding for the facility registration, provided to the Authentication Client in the Authentication Client correspondence The VPN configuration files of net, and the Associate Command of APP and vpn tunneling, the Associate Command carry the vpn tunneling association APP mark;So that the Authentication Client establishes vpn tunneling according to the VPN configuration files, and by the Associate Command In APP mark added to the vpn tunneling legal AP P information, according to the legal AP P information determine with access to institute State the APP of vpn tunneling, it is allowed to which the APP accesses Intranet by the vpn tunneling.
15. a kind of control system of remote access to intranet, it is characterised in that the system includes Authentication Client, MDM servers And certificate server;
The certificate server be used for the Authentication Client is authenticated, when certification by after, notify the MDM servers With the Authentication Client;
The MDM servers include the device described in claim 14;
The Authentication Client includes the device described in claim 8-13 any one.
16. a kind of terminal device, it is characterised in that including memory and processor;Wherein, the memory is used to store one Or a plurality of computer instruction, one or more computer instruction is by the computing device, to realize claim 1 to 6 Method described in any one.
CN201710748798.1A 2017-08-28 2017-08-28 Control method, device and system for remotely accessing intranet and terminal equipment Active CN107579966B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710748798.1A CN107579966B (en) 2017-08-28 2017-08-28 Control method, device and system for remotely accessing intranet and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710748798.1A CN107579966B (en) 2017-08-28 2017-08-28 Control method, device and system for remotely accessing intranet and terminal equipment

Publications (2)

Publication Number Publication Date
CN107579966A true CN107579966A (en) 2018-01-12
CN107579966B CN107579966B (en) 2020-12-08

Family

ID=61029676

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710748798.1A Active CN107579966B (en) 2017-08-28 2017-08-28 Control method, device and system for remotely accessing intranet and terminal equipment

Country Status (1)

Country Link
CN (1) CN107579966B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450766A (en) * 2018-09-21 2019-03-08 北京奇安信科技有限公司 A kind of access processing method and device of workspace grade VPN
CN109460642A (en) * 2018-11-13 2019-03-12 北京天融信网络安全技术有限公司 The method, device and equipment of application program network access perception
CN109995792A (en) * 2019-04-11 2019-07-09 苏州浪潮智能科技有限公司 A kind of safety management system storing equipment
CN110166536A (en) * 2019-04-30 2019-08-23 广州微算互联信息技术有限公司 A kind of cloud mobile phone cross-region control method, system, device and storage medium
CN110278181A (en) * 2019-01-29 2019-09-24 广州金越软件技术有限公司 A kind of instant protocol conversion technology about inter-network data exchange
CN110768886A (en) * 2019-09-17 2020-02-07 广州供电局有限公司 Method, device, computer equipment and medium for automatically connecting VPN (virtual private network) by application program
TWI699645B (en) * 2018-02-13 2020-07-21 致伸科技股份有限公司 Network framework for detection operation and information management method applied thereto
CN111953633A (en) * 2019-05-15 2020-11-17 北京奇安信科技有限公司 Access control method and access control device based on terminal environment
CN112637034A (en) * 2020-12-18 2021-04-09 中国农业银行股份有限公司 Method and device for accessing application program
CN112651522A (en) * 2021-01-13 2021-04-13 广州视源电子科技股份有限公司 Method, system, computer readable storage medium and processor for configuring device
CN114885331A (en) * 2022-07-12 2022-08-09 中国电力科学研究院有限公司 Network access control method, system and storage medium based on communication module

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483594A (en) * 2009-02-11 2009-07-15 成都市华为赛门铁克科技有限公司 Packet sending method and customer terminal based on virtual private network tunnel
CN101635730A (en) * 2009-08-28 2010-01-27 深圳市永达电子股份有限公司 Method and system for safe management of internal network information of small and medium-sized enterprises
CN101848206A (en) * 2010-04-02 2010-09-29 北京邮电大学 Method for supporting 802.1X extensible authentication protocol in edge router
CN102170451A (en) * 2011-05-17 2011-08-31 深信服网络科技(深圳)有限公司 VPN (Virtual Private Network) client access method and device
CN102271132A (en) * 2011-07-26 2011-12-07 北京星网锐捷网络技术有限公司 Control method and system for network access authority and client
CN103020531A (en) * 2012-12-06 2013-04-03 中国科学院信息工程研究所 Method and system for trusted control of operating environment of Android intelligent terminal
CN103840994A (en) * 2012-11-23 2014-06-04 华耀(中国)科技有限公司 System and method for user side to access intranet through VPN
CN103888459A (en) * 2014-03-25 2014-06-25 深信服网络科技(深圳)有限公司 Method and device for detecting intranet intrusion of network
US8990920B2 (en) * 2011-02-11 2015-03-24 Mocana Corporation Creating a virtual private network (VPN) for a single app on an internet-enabled device or system
CN104767752A (en) * 2015-04-07 2015-07-08 西安汇景倬元信息技术有限公司 Distributed network isolating system and method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483594A (en) * 2009-02-11 2009-07-15 成都市华为赛门铁克科技有限公司 Packet sending method and customer terminal based on virtual private network tunnel
CN101635730A (en) * 2009-08-28 2010-01-27 深圳市永达电子股份有限公司 Method and system for safe management of internal network information of small and medium-sized enterprises
CN101848206A (en) * 2010-04-02 2010-09-29 北京邮电大学 Method for supporting 802.1X extensible authentication protocol in edge router
US8990920B2 (en) * 2011-02-11 2015-03-24 Mocana Corporation Creating a virtual private network (VPN) for a single app on an internet-enabled device or system
CN102170451A (en) * 2011-05-17 2011-08-31 深信服网络科技(深圳)有限公司 VPN (Virtual Private Network) client access method and device
CN102271132A (en) * 2011-07-26 2011-12-07 北京星网锐捷网络技术有限公司 Control method and system for network access authority and client
CN103840994A (en) * 2012-11-23 2014-06-04 华耀(中国)科技有限公司 System and method for user side to access intranet through VPN
CN103020531A (en) * 2012-12-06 2013-04-03 中国科学院信息工程研究所 Method and system for trusted control of operating environment of Android intelligent terminal
CN103888459A (en) * 2014-03-25 2014-06-25 深信服网络科技(深圳)有限公司 Method and device for detecting intranet intrusion of network
CN104767752A (en) * 2015-04-07 2015-07-08 西安汇景倬元信息技术有限公司 Distributed network isolating system and method

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI699645B (en) * 2018-02-13 2020-07-21 致伸科技股份有限公司 Network framework for detection operation and information management method applied thereto
CN109450766A (en) * 2018-09-21 2019-03-08 北京奇安信科技有限公司 A kind of access processing method and device of workspace grade VPN
CN109450766B (en) * 2018-09-21 2021-05-25 北京奇安信科技有限公司 Access processing method and device for work area level VPN
CN109460642A (en) * 2018-11-13 2019-03-12 北京天融信网络安全技术有限公司 The method, device and equipment of application program network access perception
CN109460642B (en) * 2018-11-13 2021-12-14 北京天融信网络安全技术有限公司 Application program network access sensing method, device and equipment
CN110278181B (en) * 2019-01-29 2021-09-17 广州金越软件技术有限公司 Instant protocol conversion system for cross-network data exchange
CN110278181A (en) * 2019-01-29 2019-09-24 广州金越软件技术有限公司 A kind of instant protocol conversion technology about inter-network data exchange
CN109995792B (en) * 2019-04-11 2021-08-31 苏州浪潮智能科技有限公司 Safety management system of storage equipment
CN109995792A (en) * 2019-04-11 2019-07-09 苏州浪潮智能科技有限公司 A kind of safety management system storing equipment
CN110166536A (en) * 2019-04-30 2019-08-23 广州微算互联信息技术有限公司 A kind of cloud mobile phone cross-region control method, system, device and storage medium
CN111953633A (en) * 2019-05-15 2020-11-17 北京奇安信科技有限公司 Access control method and access control device based on terminal environment
CN110768886A (en) * 2019-09-17 2020-02-07 广州供电局有限公司 Method, device, computer equipment and medium for automatically connecting VPN (virtual private network) by application program
CN110768886B (en) * 2019-09-17 2021-11-02 广东电网有限责任公司广州供电局 Method, device, computer equipment and medium for automatically connecting VPN (virtual private network) by application program
CN112637034A (en) * 2020-12-18 2021-04-09 中国农业银行股份有限公司 Method and device for accessing application program
CN112651522A (en) * 2021-01-13 2021-04-13 广州视源电子科技股份有限公司 Method, system, computer readable storage medium and processor for configuring device
CN114885331A (en) * 2022-07-12 2022-08-09 中国电力科学研究院有限公司 Network access control method, system and storage medium based on communication module
CN114885331B (en) * 2022-07-12 2023-07-18 中国电力科学研究院有限公司 Network access control method, system and storage medium based on communication module

Also Published As

Publication number Publication date
CN107579966B (en) 2020-12-08

Similar Documents

Publication Publication Date Title
CN107579966A (en) Control method, device, system and the terminal device of remote access to intranet
EP2454915B1 (en) Method and apparatus to register with external networks in wireless network environments
CN106779716B (en) Authentication method, device and system based on block chain account address
CN103297408B (en) Login method and device and terminal, the webserver
WO2015196664A1 (en) Wireless routing device and method for preventing use of network for free, and computer storage medium
JP6411629B2 (en) Terminal authentication method and apparatus used in mobile communication system
CN103329091B (en) Cross access login controller
CN104767713B (en) Account binding method, server and system
CN103152331A (en) Method and system for logging in/registering through mobile terminal and cloud server
CN106060034A (en) Account login method and device
CN101986598B (en) Authentication method, server and system
CN112351471B (en) Method for accessing device to gateway, gateway device and computer readable storage medium
CN1885770B (en) Authentication method
CN101621527A (en) Method, system and device for realizing safety certificate based on Portal in VPN
CN105681258A (en) Session method and session device based on third-party server
CN103176987A (en) Method and device for controlling database access
CN103957194A (en) IP access method and device
CN107872773A (en) Cut-in method and server
CN106341374A (en) Method and device for restricting access of unlicensed user device to home gateway
CN113645054B (en) Wireless network equipment configuration method and system
US11716426B2 (en) Techniques for implementing phone number-based user accounts with permissions to access varying levels of services utilizing visible and hidden contact addresses
CN111741465B (en) Soft SIM protection method and equipment
CN108200046B (en) Registration method and device of terminal equipment, terminal equipment and proxy server
CN105472125A (en) Information processing method and electronic device
CN102204308A (en) Method and device for using wireless local area network service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant