CN108063816B - Private data cloud storage penetration type access method - Google Patents

Private data cloud storage penetration type access method Download PDF

Info

Publication number
CN108063816B
CN108063816B CN201711364067.3A CN201711364067A CN108063816B CN 108063816 B CN108063816 B CN 108063816B CN 201711364067 A CN201711364067 A CN 201711364067A CN 108063816 B CN108063816 B CN 108063816B
Authority
CN
China
Prior art keywords
data
local
network
terminal
private
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711364067.3A
Other languages
Chinese (zh)
Other versions
CN108063816A (en
Inventor
赵海林
周晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhao Hailin
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201711364067.3A priority Critical patent/CN108063816B/en
Publication of CN108063816A publication Critical patent/CN108063816A/en
Application granted granted Critical
Publication of CN108063816B publication Critical patent/CN108063816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a private data cloud storage penetration type access method, which comprises the following steps: judging the network access types of the private storage terminal and the data access terminal by respectively carrying out a data packet transmission mode between the private storage terminal and the remote server and between the data access terminal and the remote server; establishing a temporary penetrating point-to-point credible UDP data packet transmission direct connection channel between the private storage terminal and the data access terminal based on the judged network access type; and performing data access of the private storage terminal by using the established UDP transmission channel. In addition, by adopting the private data cloud storage service system and the corresponding method, the remote exchange and storage of data are realized, the data can be strictly encrypted, transmitted and protected, the safety of the data and the legality of operation are ensured, and the private data cloud storage service system and the corresponding method can be widely applied to numerous industrial fields as the most basic private data cloud storage service.

Description

Private data cloud storage penetration type access method
Related patent
The application is a divisional application of Chinese invention patent applications with application numbers of 2017102712517, application dates of 2017, 4 and 24 months and entitled 'private data cloud storage system and private data cloud storage method'.
Technical Field
The invention relates to the field of data cloud storage, in particular to a private data cloud storage penetration type access method which is convenient and quick and can automatically build a temporary penetration type point-to-point data communication connection link.
Background
In recent years, the cloud storage technology and the service thereof are the dominant era, the cloud storage technology provides a great deal of convenience for the development of various industries, and the big data analysis technology developed by benefiting from the cloud storage technology is also the most important productivity tool in the present and future. With the increasing number of objects participating in internet activities, people from traditional ginseng and the internet are participating in internet activities. However, these application and service modes can not get rid of the common mode, that is, the service provider provides the media and devices for storing data, the numerous users or devices provide data information, the data information is centrally stored in the storage media of the service provider through the internet, and the data is uniformly stored by the service provider, and actually, the data is captured and used by the service provider finally.
With the further development and differentiation of the internet technology, the emerging internet of things technology is becoming the current focus, more and more devices are added into the big families of the internet, the devices often continuously generate huge data volume in real time, the data production capacity of the devices is far greater than that of the man-made era, the continuous increase of the data volume requires a service provider to pay larger cost to build an infrastructure to meet the increased demand of data storage, the cost of the service provider can be seriously increased, and finally the mode of providing storage service free of charge is terminated. The storage of the internet data can be completely divided into smaller units, and the blocks are mutually associated through the internet cloud computing technology; each block is a separate cloud storage server serving a smaller area, which greatly reduces the cost and disadvantages of providing service by a single service provider.
Secondly, participants of the internet generally have stable and 24-hour continuous network connection and bandwidth resources, such as home ADSL broadband access, LAN broadband access, Cable broadband access, fiber broadband access, and mobile cellular 2G/3G/4G wireless technology access. But now these resources are essentially idle most of the time, overlap each other, and are essential. How to fully utilize the idle resources brings great benefits to the progress of the whole society and the energy conservation. By adopting the cloud storage technology of the private data, the data storage is advanced towards the direction of privatization and micronization, so that the development mode of the internet is reconstructed, the defects of the internet mode that resources are intensively stored in a service provider medium are completely overcome, and the development era of the next generation of internet and the privatization era of the internet are promoted.
The bandwidth resources owned by the internet participants are usually low-price ADSLs, Cable, optical fibers or wireless shared bandwidths, the internet private data cloud storage server constructed based on the low-price resources has great prospect and attraction, meanwhile, the era that data are owned and stored by a service provider is changed into the era that the data are owned and stored by the internet participants, the problems of safety, privacy and convenience of data storage are thoroughly solved, and the internet private data cloud storage server is beneficial to the nation and the people and the world.
However, there is no perfect product that can construct a cloud storage service technology that can be placed in a user's home and is direct and global, plug and play, and that allows a user to directly store and retrieve data to a communication opposite end of both parties in parallel via the internet, based on a mobile storage medium space of a private user, so that the user can form a cloud storage system for remote control of private data.
Disclosure of Invention
In view of the defects of the existing public cloud storage products and services and the idle and waste problems of the bandwidth resources common to the society, the invention aims to provide an internet private data cloud storage server and a private data cloud storage service system for solving the defects of the existing public cloud storage service mode and the internet broadband resources common to idle and waste. The invention provides a private data cloud storage-based penetration access method.
In order to achieve the purpose, the internet private data cloud storage service system provided by the invention can perform data cloud storage by connecting an external storage medium or a data storage device unit and an internal storage medium unit, access a local area network and the internet by connecting a wire or a wireless communication unit, and realize the functions of data synchronization, uploading, downloading, sharing and control by a built-in specific data management system.
Specifically, the invention provides a private data cloud storage penetration access method, which comprises the following steps:
(1) judging the network access types of the private storage terminal and the data access terminal by respectively carrying out a data packet transmission mode between the private storage terminal and the remote server and between the data access terminal and the remote server;
(2) establishing a temporary penetrating point-to-point credible UDP data packet transmission direct connection path between the private storage terminal and the data access terminal by utilizing an improved UDP data packet transmission method based on the judged network access type;
(3) and performing data access of the private storage terminal by using the established UDP transmission channel.
Preferably, the method further comprises:
(0.1) initializing a UDP socket;
(0.2) broadcasting and sending the UDP socket through a local area network;
(0.3) judging whether a response message is received within preset time, if so, judging whether the received message is the response message sent by the local computer, and if not, judging that the private storage terminal and the data access terminal are in the same local area network to establish local area network connection of both sides;
(0.4) if no response message is received or the received response message is a response message sent by the local computer, entering the step (1).
Preferably, the method comprises: the network types of the private storage terminal and the data access terminal are judged by adopting a mode that the first server and the second server respectively send data packets.
Preferably, the method further comprises:
if the local IP is not the public IP, indirectly requesting a second remote server to send data to the local address; judging whether data sent by a second remote server is received or not, and if so, judging that the local computer is in a Full Cone NAT structure network; or directly requesting the second remote server to send back the seen local address, comparing the address with the IP address recorded by the first remote server 1, if the two addresses are different, determining that the network where the local machine is positioned is in a symmetry NAT structure, if the two addresses are the same, requesting the second remote server to change the Port to send data to the local address, if the local machine receives the data, determining that the local machine is in a verified Cone NAT structure network, otherwise, determining that the local machine is in a verified Port NAT structure network.
Preferably, the method comprises:
(2.1) if the UDP data is blocked in the step (1.1), informing a user of communication blockage;
(2.2) if the local machine is judged to be the public network IP, the local machine can directly establish connection;
(2.3) if the local machine is judged to be in a Full Cone NAT structure network, sending a local machine address and a port to the first remote server, requesting an opposite end to send a protocol to the local machine through the first remote server, and directly establishing communication connection with the opposite end based on the opposite end protocol;
(2.4) if the local computer is judged to be in the verified Cone NAT structure network, sending a protocol to an IP address and a port of an opposite terminal, informing the first remote server of the local address and the port, requesting the opposite terminal to send the protocol to the local, and directly establishing communication connection with the opposite terminal based on the opposite terminal protocol;
(2.5) if the local machine is judged to be in the verified Port NAT structure network, if the opposite end is also in the verified Port NAT structure network, or one end is in the network environment outside the public network at the other end of the Symmetric NAT structure network, or both ends are in the Symmetric NAT structure network, informing the user that the direct connection cannot be established, inquiring whether the user changes the network access environment or establishes the transfer type interconnection through the first remote server or the second remote server, and if not, requesting the opposite end to send a protocol to the local machine, and directly establishing communication connection with the opposite end based on the opposite end protocol.
Preferably, the method further comprises:
(3.1) carrying out UDP monitoring and judging whether a protocol message sent by an opposite terminal is received;
(3.2) if the protocol message of the opposite terminal is received, establishing contact with the opposite terminal, otherwise, returning to the step (3.1);
(3.3) sending the window data to a local cache;
and (3.4) judging whether the data exceeds the window value, if so, continuing to wait, and otherwise, sending the data to the opposite terminal.
In another aspect, the present invention provides a private data cloud storage system, where the cloud storage system includes:
a private storage terminal, a data access module and a server,
the private storage terminal is provided with a control unit, an internal storage medium unit and a communication connection unit, wherein the control unit is used for controlling the internal storage medium unit and the communication connection unit to store and communicate data, and the communication connection unit is used for communicating data with the server and the data access module;
the data access module is used for generating a data access request to perform data access operation on the private storage terminal;
the server is used for establishing a temporary penetrating point-to-point direct connection communication connection link between the data access module and the private storage terminal based on the data sent by the data access module and the private storage terminal.
In a preferred implementation, the server comprises a first remote server and a second remote server, the first remote server and the second remote server determine a network type of the private storage terminal and the data access module based on data packets sent by the private storage terminal and the data access module, and establish a penetrating point-to-point direct access connection between the private storage terminal and the data access module based on the network type.
In another preferred implementation, the private storage terminal and the data access module have an encryption module, and the encryption module is configured to encrypt the transmitted data.
In another preferred implementation manner, the private storage terminal has a storage expansion interface, and the storage expansion interface is connected with an external storage medium to expand the storage capacity of the private storage terminal.
On the other hand, the invention provides a method for realizing private data cloud storage, which comprises the following steps:
(1) judging the network access types of the private storage terminal and the data access terminal by respectively sending data packets from the private storage terminal and the data access terminal to a remote server;
(2) establishing a temporary and credible penetration type UDP data packet transmission direct connection link channel between the private storage terminal and the data access terminal by utilizing an improved UDP data packet transmission method based on the judged network access type;
(3) and performing data access of the private storage terminal by using the established temporary penetration type direct connection UDP transmission link path.
In a preferred implementation, the method further comprises:
(0.1) initializing a UDP socket;
(0.2) broadcasting and sending the UDP socket through a local area network;
(0.3) judging whether a response message is received within preset time, if so, judging whether the received message is the response message sent by the local computer, and if not, judging that the private storage terminal and the data access terminal are in the same local area network to establish local area network connection of both sides;
(0.4) if no response message is received or the received response message is a response message sent by the local computer, entering the step (1).
In another preferred implementation, the method includes:
(1.1) sending a predetermined data packet to the first remote server and requesting the first server to return a local address;
(1.2) judging whether a local address returned by the first remote server is received or not, and if not, prompting a user that the network is not communicated or cannot be communicated; if the IP record is received, the returned IP record is recorded and compared with the IP address of the local machine, if the IP record is the same as the IP address of the local machine, the IP of the local machine is judged to be the public network IP, if the IP record is different from the public network IP, the local machine is judged to be connected behind the NAT, and the second remote server is indirectly requested to send data to the local address;
(1.3) judging whether data sent by the second remote server are received or not, and if so, judging that the local machine is in a Full Cone NAT structure network; or directly requesting the second remote server to send back the seen local address, comparing the address with the IP address recorded by the first remote server 1, if the two addresses are different, determining that the network where the local computer is located is in a symmetry NAT structure, if the two addresses are the same, requesting the second remote server to change the Port to send data to the local address, if the local computer receives the data, determining that the local computer is in a verified Cone NAT structure network, otherwise, determining that the local computer is in a verified Port NAT structure network.
In another preferred implementation, the method includes:
(2.1) if the UDP data is blocked in the step (1.1), informing a user of communication blockage;
(2.2) if the local machine is judged to be the public network IP, the local machine can directly establish connection;
(2.3) if the local machine is judged to be in a Full Cone NAT structure network, sending a local machine address and a port to the first remote server, requesting an opposite end to send a protocol to the local machine through the first remote server, and establishing communication connection with the opposite end based on the opposite end protocol;
(2.4) if the local computer is judged to be in the verified Cone NAT structure network, sending a protocol to an IP address and a port of an opposite terminal, informing the local address and the port of the first remote server, and requesting the opposite terminal to send the protocol to the local;
(2.5) if the local machine is judged to be in the verified Port NAT structure network, if the opposite end is also in the verified Port NAT structure network, or one end is in the network environment outside the public network at the other end of the Symmetric NAT structure network, or both ends are in the Symmetric NAT structure network, informing the user that the direct connection cannot be established, inquiring whether the user changes the network access environment or establishes the transfer type interconnection through the first remote server or the second remote server, and if not, requesting the opposite end to send a protocol to the local machine, and directly establishing communication connection with the opposite end based on the opposite end protocol.
In another preferred implementation, the method includes:
(3.1) carrying out UDP monitoring and judging whether a protocol message sent by an opposite terminal is received;
(3.2) if the protocol message of the opposite terminal is received, establishing contact with the opposite terminal, otherwise, returning to the step (3.1);
(3.3) receiving the data of the sending window to a local cache;
and (3.4) judging whether the data exceeds the window value, if so, continuing to wait, and otherwise, sending the data to the opposite terminal.
In the step (2.4), the process of requesting the peer to send the protocol includes: the server informs the opposite side to send a protocol packet to the server.
In another aspect, the present invention provides a method for determining a type of a network where a local computer is located through a dual server, where the method includes:
(2.1) if the UDP data is judged to be blocked, if the UDP data is blocked, informing a user of communication blockage;
(2.2) judging whether the local machine is a public network IP, and if the local machine is judged to be the public network IP, directly establishing connection by the local machine;
(2.3) if the local machine is judged to be in a Full Cone NAT structure network, sending a local machine address and a port to the first remote server, requesting an opposite end to send a protocol to the local machine through the first remote server, and establishing communication connection with the opposite end based on the opposite end protocol;
(2.4) if the local computer is judged to be in the verified Cone NAT structure network, sending a protocol to an IP address and a port of an opposite terminal, informing the local address and the port of the first remote server, and requesting the opposite terminal to send the protocol to the local;
(2.5) if the local machine is judged to be in the verified Port NAT structure network, if the opposite end is also in the verified Port NAT structure network, or one end is in the network environment outside the public network at the other end of the Symmetric NAT structure network, or both ends are in the Symmetric NAT structure network, informing the user that the direct connection cannot be established, inquiring whether the user changes the network access environment or establishes the transfer type interconnection through the first remote server or the second remote server, and if not, requesting the opposite end to send a protocol to the local machine, and directly establishing communication connection with the opposite end based on the opposite end protocol.
The internal storage unit in the present invention may be used to store only the unique program or may be used as data storage. Preferably, it is used only as storage for native programs, storing data on an externally connected private data storage device.
It should be noted that The internal storage unit or The external storage medium mentioned in The present invention may adopt The same or different universal standard interfaces, and The interface standard may be selected from CF interface, SM interface, MMC interface, SD interface, MS interface, PCMCIA interface, USB OTG (USB On-The-GO) interface, IDE, SCSI interface, IEEE1394 interface, SATA interface, PATA interface, SAS interface, Fiber Channel interface, ISA interface, PCI interface, PCIE series standard interface, NAND series, ONE-NAND series interface, SPI interface, non-standard interface parallel data address interface; the external storage medium includes, but is not limited to, a hard disk, a removable hard disk, an SD card, a Micro SD card external storage medium device, and the like.
The interface standard adopts a semiconductor storage medium, a magnetic medium and an optical medium, wherein the semiconductor storage medium is selected from FLASH, DRAM, SRAM, SDRAM, FRAM, MRAM, EPROM, EEPROM, NAND, EMMC, eMCP, One-NAND, SSD solid state hard disk, the magnetic medium comprises a floppy disk, a hard disk and a removable hard disk, and the optical medium is selected from CD-R, CD-RW and DVD-R, DVD-RW.
The private storage terminal can be connected with the internal or external storage medium unit through a USB bus, an SPI bus, an SD bus, an I2C bus, a parallel data bus, a parallel address bus and a NAND connection bus to form the data storage space of the whole cloud storage terminal.
The private storage terminal may be designed as a portable model that can be carried with great or small size, or as a model that is fixed in one place and moved infrequently. The private data cloud storage server is provided with a corresponding shape transformation mechanism.
The private data cloud storage system can communicate through Ethernet, can communicate through a WIFI wireless local area network, and can also communicate through Bluetooth, WiMAX, 2G, 3G, 4G and 5G mobile standards; the private data cloud storage system is provided with a corresponding wired and wireless communication mode conversion mechanism.
The private data cloud storage system can be designed to be powered by a battery, and can also be designed to be directly powered by commercial power or a power line. The private data cloud storage server is provided with a corresponding power supply conversion mechanism.
The data access module is used as a data access end, can be basically the same as a data access end of a common cloud storage server, only has the function of constructing a temporary point-to-point penetrating direct communication link, can establish a remote end-to-end direct access connection technology with a corresponding private storage terminal through the cooperation of a communication algorithm with the server, ensures that all data transmission between the data access module and the private storage terminal does not pass through the transfer of an intermediate server, and ensures the non-monitoring property and the absolute privacy property of the data transmission.
The system and the method of the invention can comprise functions of user authentication and encryption, and only when the client passes the authentication, the client is allowed to carry out data storage and transmission operation on the private storage terminal.
By adopting the private data cloud storage service system and the corresponding method provided by the invention, not only can remote control, exchange and storage of data be realized, but also strict encryption transmission and protection can be carried out on the data, the safety of the data and the legality of operation can be ensured, and the private data cloud storage service system and the corresponding method can be widely applied to numerous industrial fields as the most basic data cloud storage service.
Drawings
Fig. 1 is a block diagram of the structure of a private data cloud storage system of a first embodiment of the present invention;
FIG. 2 is an architecture diagram and application model of the software (firmware program) of the first embodiment of the present invention;
FIG. 3 is a flowchart of a point-to-point (peer) network type identification method or steps employed in a first embodiment of the present invention
FIG. 4 is a flow chart of a point-to-point (peer) connection method or steps used in the first embodiment of the present invention
FIG. 5 is a block diagram of the trusted UDP transport service architecture during the transmission and processing of data records according to the first embodiment of the present invention;
FIG. 6 is a block diagram of a proxy service architecture during data record transmission and processing according to a first embodiment of the present invention;
fig. 7 is a block diagram of a file service structure during data record transmission and processing according to the first embodiment of the present invention.
Detailed Description
The present invention is described in detail below with reference to the drawings and the embodiments thereof so as to facilitate understanding of those skilled in the art, but the scope of the present invention is not limited thereto.
Fig. 1 shows a block diagram of a private data cloud storage system of a first embodiment of the present invention. As shown, the private data cloud storage system 100 in this embodiment includes a private storage terminal 110, a data access module 120, and a server 130.
The private storage terminal 110 is a removable device or a fixed-location device, and may be a self-contained storage or an external basic storage or an extended storage. The private storage terminal 110 has a control unit 111, an internal storage medium unit 112, and a communication connection unit 113. The control unit 111 of the private storage terminal 110 may be composed of one or more integrated circuit chips, and the control unit 111 in the private storage terminal 110 is used for coordinating operations of the units in the terminal, and controlling the internal storage medium unit 112 and the communication connection unit 113 to perform data storage and communication. The communication connection unit is used for data communication with the server 130 and the data access module 120.
The server 130 may have one or more computers, and is configured to undertake all computing and cloud computing of the private data cloud storage system and assist in establishing the temporary direct connection communication link between the 120 and 110, and even provide a transfer service of the transmission data between the 120 and 110 in an environment where the temporary direct connection communication link between the 120 and 110 cannot be established.
In order to meet the requirement that a penetrating point-to-point direct connection can be established between the private data terminal 110 and the data access module 120 under various network types, the private data cloud storage system 100 of the present invention includes a first server 131 and a second server 132, where the first server and the second server may be two different computing cores of a same server using different communication addresses, or two independent servers located at different network addresses.
The internal storage media unit 112 may provide non-volatile storage of the firmware program for the control unit 111, such non-volatile storage media including, but not limited to, programmable program storage media or electrically erasable storage media, flash storage media and magnetic storage media, ferromagnetic storage media, optical storage media, and the like. In a first embodiment of the invention an electrically erasable storage medium is used.
The private data terminal 110 includes one or more interfaces to various external storage devices for storing and exchanging data with one or more data storage devices or one or more data storage media. The control unit 111 performs the logging or fetching operation of data according to the request of the data access module 120.
The communication connection unit 113 includes, but is not limited to, any connection mode that can be adopted with external connection, including ethernet, token ring network, wired LAN, WIFI wireless LAN, optical fiber transceiver, bluetooth LAN, WiMAX wireless network, Zigbee wireless network and other intelligent home wireless networking technologies, including, but not limited to, TCP/IP and other LANs, and internet communication protocol standard. The connection ports of the Ethernet include but are not limited to RJ45, USB-RJ45, USB-c type Ethernet conversion port and the like.
The communication connection unit 113 may further employ communication rates, frequencies and standards of 10M, 100M, 1000M and gigabit ethernet, and WIFI includes 2.4G, 5G, 802.11abgn or 802.11ac, etc.
Fig. 2 shows an architecture block diagram of a private data cloud storage system and an application architecture block diagram on each platform according to a first embodiment of the present invention, the architecture diagram is at a software level and is implemented based on hardware of the system of the present invention; as shown in the figure, the architecture block diagram of the private data cloud storage service system in this embodiment is totally divided into 5 layers, the first layer is a UDP layer based on a UDP protocol, which is the lowest layer of the communication protocol of the present invention and is responsible for transmitting the most primitive UDP data packet, the second layer is a layer of protocol for completing the mutual connection between two peer-to-peer parties based on the first layer UDP protocol, and transmitting the control command and data, and the third layer is a trusted and reliable transmission service layer based on a peer-to-peer communication technology, which ensures the integrity of data transmitted by the two peer-to-peer parties, ensures that the control command and data transmitted by the two peer-to-peer parties are 100% completely correct, and achieves 100% reliability through a verification algorithm and a retransmission mechanism. The fourth layer is a proxy service protocol layer based on a trusted UDP protocol, which is mainly used to provide standard TCP application services to an upper application layer, so that the present invention can be applied to both UDP protocol-based applications and known and widely used internet application protocols based on a transmission TCP protocol, including but not limited to http, ftp, tftp, email, etc., and thus the present invention becomes a basic service of a general peer-to-peer connection service. The fifth layer is an application layer of the private data cloud storage server, the file service function of the private data cloud storage server is realized, and application interfaces such as communication, control, transmission and management are provided for the cloud storage of data; the application architecture block diagram on each platform in the embodiment shows an SDK architecture diagram for supporting development of an application program and a firmware program of the whole private data cloud storage server, which is a core application model of the system and method of the present invention and is a key guiding architecture for development of application programs of all platforms. The application programs running on the two communication parties are roughly divided into 4 peer-to-peer layers, the upper two layers realize an application layer based on a TCP protocol, the lower two layers realize an application architecture block diagram on each platform of a most basic RUDP (trusted UDP) transmission layer, and the data transmission between the two communication parties is completely completed based on the RUDP protocol (trusted UDP protocol).
Fig. 3 is a flow chart illustrating a Peer-to-Peer (Peer-to-Peer) communication network type identification method or steps employed by the private data cloud storage system and corresponding method according to the first embodiment of the present invention; the method and steps are performed on a private storage terminal and a data access module, respectively.
As shown in the figure, the algorithm starts from initializing UDP socket, after establishing the basic UDP socket, first sends data to the first server, requests the first server 131 to send back the native address it sees, and if not, determines that UDP is blocked. If the return IP is returned, the returned IP is recorded and compared with the local IP, if the return IP is different, the local IP is behind the NAT internet access device (network address translation device), if the return IP is the same, the local IP is the public IP, and the situation is friendly to P2P and the connection can be directly established based on the public IP. If it is detected that the data is behind the NAT, the first server 131 is notified to request the second server 132 to send the data to the local address, and if the data is received back, it can be determined that the local server is in the Full Cone NAT structure network, which is friendly to P2P, and a peer-to-peer direct connection communication mode can be established. Otherwise, the second server 132 is requested to send back the seen local address, and this address is compared with the IP address recorded by the first server 131, and if different, it is detected that the network where the local computer is located is the Symmetric NAT structure. If the two are the same, the second server 132 is notified to change the Port to send protocol data to the local address, if the local machine receives the return data, the local machine is detected to be in the network of the Restricted Cone NAT structure type, the type can establish P2P connection, otherwise, the local machine is detected to be in the Restricted Port NAT structure type. Therefore, the network type of the local machine (the data access module or the private storage terminal) can be judged through the method, so that the local machine (the data access module or the private storage terminal) can be used for establishing a temporary communication connection link subsequently.
Fig. 4 shows a flow chart of a Peer-to-Peer (Peer-to-Peer) connection algorithm employed by the private data cloud storage system and method according to the first embodiment of the present invention. The connection algorithm is executed on the data access module and the private storage terminal, respectively. The user generates and sends a data access request through the data access module so as to carry out data cloud storage operation, and the private storage terminal stores data and carries out corresponding access operation according to the access request of the data access module.
As shown in the figure, the algorithm firstly initializes a UDP socket, then sends the broadcast message through the local area network, if the response message is received and the response message is judged not to be sent by the algorithm, the point-to-point communication parties are in the same local area network, and then the local area network connection of the two parties is directly established. If the local area network reply message is not received, entering a point-to-point NAT network type identification process (the process shown in figure 3), and respectively carrying out corresponding communication connection processes according to the identified NAT type. If detecting that the UDP packet is blocked, notifying the network where the user equipment is located that the UDP network service is blocked; if the IP is detected to be the public network IP, the communication can be directly carried out with the other party; if the NAT type of the Full Cone is detected, the point-to-point communication connection service is established next, the data access module (also called as a client) or the private storage terminal informs the address and the port of the first server and/or the second server (normally only the first server is informed), after the response is received, the opposite end waits for sending the message according to the address and the port of the opposite end provided in the response message, after the message is received, the point-to-point connection paths of the two parties are established, and if the message is not received, the user is informed that the point-to-point connection paths of the two parties are not established successfully. If the network is judged to be the Restricted Cone NAT type, then the protocol is sent to the IP address and the port of the opposite terminal, the server is informed of the local address and the port, and the opposite terminal is requested to send the protocol to the local. If the protocol of the opposite terminal is received, the point-to-point connection is successful, and if the message replied by the opposite terminal cannot be received, the user is informed that the point-to-point connection is failed to be established; if the detected type is the verified Port NAT type, judging whether the opposite terminal is also in the verified Port NAT structure network, if both are in the verified Port NAT structure network, reminding the user that the current network access point where the local machine is located cannot establish direct connection, reminding the user whether to change the network access environment (to the network type which can establish direct connection) or establish a transfer communication service, transferring data transmitted by the two parties through the first server or the second server, or changing the network access environment; if the detected type is the type of the symmetry NAT, if the opposite end is in a network environment outside a public network or both ends are in a network with the symmetry NAT structure, the user is directly reminded that the current network access point where the local machine is located cannot establish direct connection, and the user is inquired whether to change the network access environment or establish a transfer communication service, and data transmitted by the two parties is transferred through the server.
Fig. 5 shows a flowchart of a trusted UDP algorithm in the data record transmission processing method of the private data cloud storage system according to the first embodiment of the present invention; as shown in the figure, the sending of the trusted UDP is also a persistent thread, and the program starts from initialization, enters the UDP interception process after initializing and establishing the UDP Socket, and if the UDP message is received and is judged not to be the predetermined message, discards the UDP message and returns to the interception process to wait for the arrival of the next UDP packet. If the received UDP message packet is the preset message, after the contact with the opposite terminal is established, a sending timer is started, the point-to-point heartbeat packet is sent, the heartbeat packet connected with the server and the heartbeat packet from the point-to-point opposite terminal are kept, and relevant processing work is carried out.
After establishing contact with the peer-to-peer end, a window value sent by the trusted UDP is set, and a thread monitoring mechanism is started to dynamically adjust the window value to ensure that data is sent to the maximum extent or the sending rate is dynamically adjusted. After the window value is set, if there is data to be sent, the data is sent to the local buffer area, whether the window value exceeds the defined window value is judged in real time, if not, the work of sending the data to the opposite end is executed, and if the window value exceeds the defined window value, the operation of waiting for sending new data is returned.
Fig. 6 shows a block diagram of a proxy service structure in the data record transmission and processing method of the private data cloud storage service system according to the first embodiment of the present invention, where the proxy service is mainly used for TCP programs that are fully compatible with the opposite end, and the program needs to select a local port to match with the opposite end port, and certainly, if there is no other port occupied locally, the same port as the remote port may be selected. As shown, TCP Listen for this port is established first, and then a trusted UDP communication is established with the peer. Once successful, the Socket obtained in this TCP Listen is associated with this trusted UDP. Two threads are started at this time, one for receiving messages of the local Socket and the other for receiving messages of the trusted UDP. After receiving the local Socket message, sending the data to the opposite terminal through the trusted UDP; after receiving the message of the trusted UDP, the message is sent back to the TCP Listen through the Socket as the received data.
Fig. 7 shows a file service structure block diagram in the data record transmission and processing method of the private data cloud storage service system according to the first embodiment of the present invention; as shown in the figure, the file service of the present invention is designed based on the TCP protocol, the program enters the interception process of the TCP message after the initialization is completed, the processing of the file service instruction starts after receiving the TCP related message, and the corresponding instruction processing flow is entered after determining that the instruction is the predetermined correct instruction, the instruction of the first version of the present invention temporarily includes: the method comprises the steps of obtaining a directory and a file instruction below a corresponding directory, obtaining a file instruction below the corresponding directory, sending a file to the corresponding directory, deleting the file below the corresponding directory, deleting the directory below the corresponding directory, newly adding the directory below the corresponding directory, modifying the file name below the corresponding directory, modifying the directory name below the corresponding directory, and obtaining a file change instruction below the corresponding directory.
The private cloud storage system of the invention can realize the remote uploading, downloading and synchronization of private data through the private local area network, the public metropolitan area network and the internet, transmit and store files generated by various internet participants and owned by the participants in real time, the private storage terminal can adopt any type of storage medium as a data storage carrier, including but not limited to a traditional magnetic disk, a flash disk, a hard disk, a mobile hard disk, a solid state hard disk, an optical storage disk, a CD disk, a DVD disk, a Blu-ray disk, various memory card TF cards, a Micro SD card, an SD card, a CF card, an MMC, an MMS, an XD, a CF, a SmartMedia card and the like.
While the principles of the invention have been described in detail in connection with the preferred embodiments thereof, it will be understood by those skilled in the art that the foregoing embodiments are merely illustrative of exemplary implementations of the invention and are not limiting of the scope of the invention. The details of the embodiments are not to be interpreted as limiting the scope of the invention, and any obvious changes, such as equivalent alterations, simple substitutions and the like, based on the technical solution of the invention, can be interpreted without departing from the spirit and scope of the invention.

Claims (4)

1. A private data cloud storage penetration type access method comprises the following steps:
(1) judging the network access types of the private storage terminal and the data access terminal by respectively carrying out a data packet transmission mode between the private storage terminal and the remote server and between the data access terminal and the remote server;
(2) establishing a temporary penetrating point-to-point credible UDP data packet transmission direct connection path between the private storage terminal and the data access terminal by utilizing an improved UDP data packet transmission method based on the judged network access type;
(3) and performing data access of the private storage terminal by using the established UDP transmission channel, wherein the method comprises the following steps: the network types of the private storage terminal and the data access terminal are judged by adopting a mode that the first server and the second server respectively send data packets,
wherein, this step includes:
(1.1) sending a predetermined data packet to the first remote server and requesting the first server to return a local address;
(1.2) judging whether a local address returned by the first remote server is received or not, and if not, prompting a user that the network is not communicated or cannot be communicated; if the IP record is received, the returned IP record is recorded and compared with the IP address of the local machine, if the IP record is the same as the IP address of the local machine, the IP of the local machine is judged to be the public network IP, if the IP record is different from the public network IP, the local machine is judged to be connected behind the NAT, and the second remote server is indirectly requested to send data to the local address;
(1.3) judging whether data sent by the second remote server are received or not, and if so, judging that the local machine is in a Full Cone NAT structure network; or directly requesting the second remote server to send back the seen local address, comparing the address with the IP address recorded by the first remote server 1, if the two addresses are different, determining that the network where the local computer is located is in a symmetry NAT structure, if the two addresses are the same, requesting the second remote server to change the Port to send data to the local address, if the local computer receives the data, determining that the local computer is in a verified Cone NAT structure network, otherwise, determining that the local computer is in a verified Port NAT structure network,
the method further comprises the following steps: selecting a local port to be matched with an opposite port, establishing a TCP Listen of the port in advance, establishing credible UDP communication with the opposite port, associating a Socket obtained from the TCP Listen with the credible UDP once the TCP Listen is successfully established, starting two threads, one thread is used for receiving a message of the local Socket, the other thread is used for receiving a message of the credible UDP, and after receiving the message of the local Socket, sending the data to the opposite port through the credible UDP; after receiving the message of the trusted UDP, the message is sent back to the TCP Listen through Socket as the received data to be processed.
2. The private data cloud storage penetration access method of claim 1, wherein the method further comprises:
(0.1) initializing a UDP socket;
(0.2) broadcasting and sending the UDP socket through a local area network;
(0.3) judging whether a response message is received within preset time, if so, judging whether the received message is the response message sent by the local computer, and if not, judging that the private storage terminal and the data access terminal are in the same local area network to establish local area network connection of both sides;
(0.4) if no response message is received or the received response message is a response message sent by the local computer, entering the step (1).
3. The private data cloud storage penetration access method of claim 1, wherein the method comprises:
(2.1) if the UDP data is blocked in the step (1.1), informing a user of communication blockage;
(2.2) if the local machine is judged to be the public network IP, the local machine can directly establish connection;
(2.3) if the local machine is judged to be in a Full Cone NAT structure network, sending a local machine address and a port to the first remote server, requesting an opposite end to send a protocol to the local machine through the first remote server, and directly establishing communication connection with the opposite end based on the opposite end protocol;
(2.4) if the local computer is judged to be in the verified Cone NAT structure network, sending a protocol to an IP address and a port of an opposite terminal, informing the first remote server of the local address and the port, requesting the opposite terminal to send the protocol to the local, and directly establishing communication connection with the opposite terminal based on the opposite terminal protocol;
(2.5) if the local machine is judged to be in the verified Port NAT structure network, if the opposite end is also in the verified Port NAT structure network, or one end is in the network environment outside the public network at the other end of the Symmetric NAT structure network, or both ends are in the Symmetric NAT structure network, informing the user that the direct connection cannot be established, inquiring whether the user changes the network access environment or establishes the transfer type interconnection through the first remote server or the second remote server, and if not, requesting the opposite end to send a protocol to the local machine, and directly establishing communication connection with the opposite end based on the opposite end protocol.
4. The private data cloud storage penetration access method of claim 3, wherein the method comprises:
(3.1) carrying out UDP monitoring and judging whether a protocol message sent by an opposite terminal is received;
(3.2) if the protocol message of the opposite terminal is received, establishing contact with the opposite terminal, otherwise, returning to the step (3.1);
(3.3) sending the window data to a local cache;
and (3.4) judging whether the data exceeds the window value, if so, continuing to wait, and otherwise, sending the data to the opposite terminal.
CN201711364067.3A 2017-04-24 2017-04-24 Private data cloud storage penetration type access method Active CN108063816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711364067.3A CN108063816B (en) 2017-04-24 2017-04-24 Private data cloud storage penetration type access method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710271251.7A CN107071039B (en) 2017-04-24 2017-04-24 A kind of private data cloud storage system and private data cloud storage method
CN201711364067.3A CN108063816B (en) 2017-04-24 2017-04-24 Private data cloud storage penetration type access method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201710271251.7A Division CN107071039B (en) 2017-04-24 2017-04-24 A kind of private data cloud storage system and private data cloud storage method

Publications (2)

Publication Number Publication Date
CN108063816A CN108063816A (en) 2018-05-22
CN108063816B true CN108063816B (en) 2021-05-18

Family

ID=59603542

Family Applications (3)

Application Number Title Priority Date Filing Date
CN201711364067.3A Active CN108063816B (en) 2017-04-24 2017-04-24 Private data cloud storage penetration type access method
CN201711364360.XA Active CN108063817B (en) 2017-04-24 2017-04-24 Private data cloud storage system and method based on double servers
CN201710271251.7A Active CN107071039B (en) 2017-04-24 2017-04-24 A kind of private data cloud storage system and private data cloud storage method

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN201711364360.XA Active CN108063817B (en) 2017-04-24 2017-04-24 Private data cloud storage system and method based on double servers
CN201710271251.7A Active CN107071039B (en) 2017-04-24 2017-04-24 A kind of private data cloud storage system and private data cloud storage method

Country Status (2)

Country Link
CN (3) CN108063816B (en)
WO (1) WO2018196643A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063816B (en) * 2017-04-24 2021-05-18 赵海林 Private data cloud storage penetration type access method
CN107766176A (en) * 2017-09-14 2018-03-06 北京春鸿科技有限公司 A kind of data access method and system
CN108521449B (en) * 2018-03-22 2020-05-05 于洋 Remote backup method and system for operation records of network equipment
US10592363B2 (en) * 2018-06-04 2020-03-17 International Business Machines Corporation Asynchronous remote mirror cloud archival
CN110611693A (en) * 2018-06-15 2019-12-24 上海宽翼通信科技股份有限公司 Online storage method and system based on private cloud and private cloud client
EP3793159A1 (en) * 2019-09-10 2021-03-17 Connexcom Ag Access control for private messages
CN112152992A (en) * 2020-07-21 2020-12-29 北京天顶星智能信息技术有限公司 End-to-end data secure transmission network communication method and device
CN111935290B (en) * 2020-08-14 2023-07-21 易联众信息技术股份有限公司 Distributed data management system based on intelligent networking
CN112115495B (en) * 2020-09-25 2024-07-02 深圳赛安特技术服务有限公司 Offline cloud data storage method, system, computer equipment and storage medium
CN112367715A (en) * 2020-10-27 2021-02-12 Tcl通讯(宁波)有限公司 Data transmission method, device, equipment and storage medium
CN112447291B (en) * 2020-11-23 2023-03-28 四川大学华西医院 Block chain-based method for sharing hospital data
CN113468553B (en) * 2021-06-02 2022-07-19 湖北工业大学 Privacy protection analysis system and method for industrial big data
CN113542414A (en) * 2021-07-16 2021-10-22 深圳市广联智通科技有限公司 Data storage method of network camera
CN115499410B (en) * 2022-07-29 2023-06-23 天翼云科技有限公司 NAT penetration method, device, equipment and storage medium based on Linux

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196057A (en) * 2010-03-03 2011-09-21 腾讯科技(深圳)有限公司 Network address translation (NAT) type determination method and device
CN102739815A (en) * 2011-06-03 2012-10-17 北京天地互连信息技术有限公司 Method for reducing system time delaying of network address translation of video conference system
CN104378410A (en) * 2014-09-30 2015-02-25 东莞市联讯系统科技有限公司 Minitype private cloud storage and transmission system and method
CN105430066A (en) * 2015-11-06 2016-03-23 浪潮软件集团有限公司 Tax control equipment interconnection method based on P2P technology

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7599370B1 (en) * 2002-05-07 2009-10-06 Cisco Technology, Inc. Methods and apparatus for optimizing NAT traversal in Mobile IP
AU2002951013A0 (en) * 2002-08-27 2002-09-12 Sunbay Software Ag System for improved network data access
CN1863157A (en) * 2005-10-28 2006-11-15 华为技术有限公司 Method and apparatus for implementing network communication through NAT
CN100469022C (en) * 2006-05-29 2009-03-11 腾讯科技(深圳)有限公司 Method and system for detecting network types
US7725597B2 (en) * 2007-04-24 2010-05-25 Sony Computer Entertainment Inc. Network address translation type for flexible neighbor selection in overlay networks
US9569771B2 (en) * 2011-04-29 2017-02-14 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
CN105610999A (en) * 2016-03-30 2016-05-25 上海斐讯数据通信技术有限公司 Method, device, server and system for implementing P2P communication by penetrating NAT (network address translator)
CN106210092B (en) * 2016-07-19 2019-08-06 天彩电子(深圳)有限公司 A kind of P2P traversing method and its system merging UPNP and STUN
CN108063816B (en) * 2017-04-24 2021-05-18 赵海林 Private data cloud storage penetration type access method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196057A (en) * 2010-03-03 2011-09-21 腾讯科技(深圳)有限公司 Network address translation (NAT) type determination method and device
CN102739815A (en) * 2011-06-03 2012-10-17 北京天地互连信息技术有限公司 Method for reducing system time delaying of network address translation of video conference system
CN104378410A (en) * 2014-09-30 2015-02-25 东莞市联讯系统科技有限公司 Minitype private cloud storage and transmission system and method
CN105430066A (en) * 2015-11-06 2016-03-23 浪潮软件集团有限公司 Tax control equipment interconnection method based on P2P technology

Also Published As

Publication number Publication date
CN107071039B (en) 2017-12-12
CN108063816A (en) 2018-05-22
CN108063817B (en) 2021-05-14
WO2018196643A1 (en) 2018-11-01
CN108063817A (en) 2018-05-22
CN107071039A (en) 2017-08-18

Similar Documents

Publication Publication Date Title
CN108063816B (en) Private data cloud storage penetration type access method
US9801120B2 (en) Client-initiated tethering for electronic devices
US8639934B2 (en) Radio channel metrics for secure wireless network pairing
US20100034386A1 (en) Device manager repository
WO2013143352A1 (en) Method and terminal device for establishing wireless network connection
JP6756009B2 (en) Data transmission
CN111787517A (en) Method and device for binding activation of intelligent equipment
CN102811335B (en) Set up the method, apparatus and system of video session
TWM462408U (en) Wireless storage device and system having capability of autonomous backup
CN109561054B (en) Data transmission method, controller and access device
US12015674B2 (en) Virtual private network connection status detection
WO2014067293A1 (en) Remote access method and device
CN108616547A (en) A kind of method and device of transmission file
US8677127B2 (en) Method and apparatus for secure setup of an encrypted connection between two communication devices
CN105245359A (en) Remote router management method, system and device
CN104539517A (en) Chatting method and system based on intelligent terminal local server
CN110417632B (en) Network communication method, system and server
US20150047009A1 (en) Access control method, access control system and access control device
US10432714B2 (en) Data processing method and system based on asymmetric P2P network
CN106597873A (en) Method, device and system for carrying out remote maintenance of automation equipment
WO2016029854A1 (en) Wireless network connection method, device and system
US10476919B2 (en) System and method for reliable messaging between application sessions across volatile networking conditions
WO2014205703A1 (en) Method and device for detecting shared access, and terminal device
CN103067282A (en) Data backup method, device and system
JP2015103996A (en) Communication integration system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20180823

Address after: 518057 East, seven building, HYT building, North Ring Road, Nanshan District high tech Zone, Guangzhou, Guangdong

Applicant after: Zhao Hailin

Address before: 518102 Baosheng Industrial Park, Xixiang Street, Baoan District, Shenzhen City, Guangdong Province

Applicant before: SHENZHEN ZSUN CLOUD TECHNOLOGY CO., LTD.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant