CN109005179B - Network security tunnel establishment method based on port control - Google Patents
Network security tunnel establishment method based on port control Download PDFInfo
- Publication number
- CN109005179B CN109005179B CN201810905770.9A CN201810905770A CN109005179B CN 109005179 B CN109005179 B CN 109005179B CN 201810905770 A CN201810905770 A CN 201810905770A CN 109005179 B CN109005179 B CN 109005179B
- Authority
- CN
- China
- Prior art keywords
- connection
- client
- bridging
- master control
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Abstract
The invention relates to a network security tunnel establishment method based on port control, which comprises the following steps: establishing a bridging master control; the remote client establishes connection with the bridging master control; the network mapper establishes connection with the bridging master control; the network mapper sends a mapping request command to the bridging master control; the bridging master control sends a connection starting command to the corresponding remote client; the remote client receives the connection command and initiates connection to a target address; after the connection is successful, the remote client establishes new connection with the bridging main control, and the bridging main control logically associates the data connection newly established by the remote client with the data connection initiated by the network mapper and is responsible for data forwarding. The method for establishing the network security tunnel based on the port control accesses the network service which cannot be directly connected, spans an inner network segment and a firewall through a port remote mapping technology, adopts centralized management, can provide high-constraint mapping management in the aspect of security, and can also use a highly flexible function of dynamic configuration according to requirements.
Description
The technical field is as follows:
the invention relates to the field of networks, in particular to a network security tunnel establishment method based on port control, which is mainly applied to access network services in isolated internal networks or access programs among different internal networks.
Background art:
at present, in order to enable the network service of the intranet to be publicly accessed, port mapping is mainly established on a firewall and a route, so that some network services lacking security guarantee are disclosed to the internet, and potential safety hazards are caused. The technical scheme of inter-access across different internal networks mainly depends on VPN, standard VPN is limited by protocols in some complex environments, a nonstandard scheme depends on bottom layer driving schemes such as a simulation network card, a part of programs in a multi-network card mode have compatibility problems, and in addition, the access authority of an attached client is too large under the VPN environment, so that potential safety hazards are caused. Although the above scheme can be constrained by IP policy, multiple firewalls, but at the same time greatly increases the complexity of deployment.
The invention content is as follows:
the invention aims to provide a network security tunnel establishment method based on port control, which aims at overcoming the defects of the prior art, adopts centralized management, can provide high-constraint mapping management in the aspect of security, and can also use a highly flexible function of dynamic configuration on demand.
The invention is realized by the following technical scheme: a network security tunnel establishment method based on port control comprises the following steps:
establishing a bridging master control between the remote client and the network mapper;
the remote client establishes a secure connection with the bridging master control;
the application program is connected with the network mapper, the network mapper obtains the ID of the target remote client and the corresponding target address after receiving the request, and the network mapper establishes safe connection with the bridging master control;
the network mapper sends a mapping request command to the bridge master control, the bridge master control carries out authority detection on the command and detects whether the remote client ID is connected or not;
the bridge master control requests the connection of the current network mapper to dynamically generate a random number containing a corresponding relation, sends a connection starting command to a command channel corresponding to the remote client and waits for the connection of the remote client;
the remote client receives a connection starting command sent by the bridging master control and initiates connection to a target address;
after the connection is successful, the remote client establishes a new connection with the bridging master control, and the bridging master control logically associates the data connection newly established by the remote client with the data connection initiated by the previous network mapper and is responsible for data forwarding for the two connections.
Preferably, the application connects to the network mapper via the TCP protocol. The application program is connected with a local port mapped by the network mapper, and the network mapper inquires configuration information after receiving the connection request to obtain the ID and the corresponding target address of the target remote client.
In addition, the application program can also be connected with the network mapper through a UDP protocol. The application program sends a UDP data packet to a local port mapped by a network mapper, the network mapper acquires source information of the data packet, maintains a memory mapping table, records the relation between the UDP source and the security tunnel, acquires a tunnel handle if the memory mapping table exists, and inquires configuration information if the memory mapping table does not exist to acquire a target remote client ID and a corresponding target address. The remote client provides an acceptance timeout record for each created UDP application program, and when the UDP application program does not receive data in unit time, the remote client forcibly closes the new connection established between the remote client and the bridging master control.
When the remote client RC establishes the secure connection with the bridging master control BC, the remote client sends a login command containing the ID and the password of the remote client, the bridging master control sends a verification success reply after the verification is passed, the connection is maintained, and the ID of the remote client and the network communication handle of the tunnel are stored in a memory record to be used as a command channel of the remote client.
The invention discloses a remote client RC or a network mapper NM and a bridging master control BC to establish a safe connection, which comprises the following steps:
the client establishes connection to the appointed port of the bridge master control;
the client dynamically generates a client key and a client public key by using an RSA algorithm;
the client encrypts a client public key by using a server key to obtain a client public key code;
taking a binary sequence of the handshake identifier attached with the client public key code as an initial handshake data packet, and sending the initial handshake data packet to the bridge master control in a DP (data processing) manner;
the bridge master control receives the DP data packet received for the first time to detect the handshake identifier, and decrypts the client public key code by using the client key to obtain a client public key;
the bridging master control randomly generates an 8-byte key serving as a key of a DES algorithm, and encrypts the key by using a client public key to generate a key code;
the bridging master control uses the server key to sign the key code to generate a key signature;
the bridging master control splices the binary sequences of the key codes and the key signatures and returns the binary sequences to the client in a DP data packet;
after receiving the key code, the client verifies the key code by using the client public key and the key signature, and decrypts the key code by using the client key to obtain the key;
the secure tunnel is initially completed, the client and the bridging master control both possess key keys, and all subsequent DP data packets must be encrypted or decrypted according to the DES algorithm using the key keys.
The invention has the beneficial effects that: the method for establishing the network security tunnel based on the port control accesses the network service which cannot be directly connected and spans an inner network segment and a firewall by a port remote mapping technology, MPOT adopts centralized management, high-constraint mapping management can be provided in the aspect of security, a highly flexible dynamic configuration function according to requirements can be used, a VPN scheme based on an operating system driving layer is not needed, and additional setting on different firewalls or gateways is not needed in a complex multilayer network.
Description of the drawings:
FIG. 1 is a schematic structural diagram of a network security tunnel based on port control according to the present invention;
fig. 2 is a flowchart of a method for establishing a network security tunnel based on port control according to the present invention.
The specific implementation mode is as follows:
the following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, will make the advantages and features of the invention more readily understood by those skilled in the art, and thus will more clearly and distinctly define the scope of the invention.
As shown in fig. 1, the network security tunnel (MPOT) based on port control of the present invention mainly establishes a communication tunnel across a network, and adopts an extensible communication protocol (BNP for short), and is composed of three layers of service architectures, including a remote client (RC for short), a bridge master controller (BC for short), and a network mapper (NetMapper for short NM). In the MPOT system, a bridge controller serves as an open server, and both a RemoteClient and a NetMapper are connected clients.
As shown in fig. 2, a method for establishing a network security tunnel based on port control includes:
establishing a bridging master control between the remote client and the network mapper;
the remote client establishes a secure connection with the bridging master control;
the application program is connected with the network mapper, the network mapper obtains the ID of the target remote client and the corresponding target address after receiving the request, and the network mapper establishes safe connection with the bridging master control;
the network mapper sends a mapping request command to the bridge master control, the bridge master control carries out authority detection on the command and detects whether the remote client ID is connected or not;
the bridge master control requests the connection of the current network mapper to dynamically generate a random number containing a corresponding relation, sends a connection starting command to a command channel corresponding to the remote client and waits for the connection of the remote client;
the remote client receives a connection starting command sent by the bridging master control and initiates connection to a target address;
after the connection is successful, the remote client establishes a new connection with the bridging master control, and the bridging master control logically associates the data connection newly established by the remote client with the data connection initiated by the previous network mapper and is responsible for data forwarding for the two connections.
BNP scalable network protocol description:
1. communication packet control specification
The BNP protocol uses TCP for streaming data transfer with Data Packets (DP) as the minimum transmission unit, each packet using the first 2 bytes (signaled short network byte order) to indicate the packet length, followed by the actual data body, as described in the following table
2. Secure connection rules
Each BC used as a public server needs to use an RSA (2048) encryption algorithm to generate a pair of key server key ServerPrIKey and server public key ServerPubKey, and issues the ServerPubKey to RC and NM clients connected with the BC, and the data connection steps are as follows:
s1: the client establishes TCP connection to the BC appointed port;
s2: a client dynamically generates a pair of key client key ClientPrIKey and client public key ClientPubKey by utilizing an RSA (1024) algorithm;
s3: the client encrypts a ClientPubKey by using the ServerPubKey to obtain a client public key code ClientPubKeyEncoded;
s4: taking a binary sequence with handshake identification added with ClientPubKeyEncoded as a primary handshake data packet, and sending the primary handshake data packet to a BC server by using a DP (data processing) data packet;
s5: the server BC receives the DP packet received for the first time to detect the handshake identifier, and uses the ClientPriKey to decrypt the ClientPubKeyEncocied to obtain the ClientPubKey;
s6: the server randomly generates a key ExKey of 8 bytes as a key of a DES algorithm;
s7: the server encrypts the ExKey by using the ClientPubKey to generate a key code ExKeyEncoded;
s8: the server uses ServerPrIKey to sign ExKeyEncoded to generate a key signature ExKeySigned;
s9: the server splices binary sequences of ExKeyEncoded and ExKeySigned and returns the binary sequences to the client in a DP packet;
s10: after receiving the ExKeyEncoded data, the client verifies the ExKeyEncoded data by using the ClientPubKey and ExKeySigned, and decrypts the ExKeyEncoded data by using the ClientPrIKey to obtain the ExKey;
s11: the secure tunnel is initially completed, the client and the server both have the ExKey, and all subsequent DP packets must be encrypted and decrypted by using the ExKey according to the DES algorithm.
3. Extensible command specification
BNP commands are standard for control messaging between MPOT services, and each command must be transmitted in a single encrypted DP packet at once, transmitted within a secure tunnel. The BNP commands employ formatted text as the basic transmission format including, but not limited to, XML, JSON, and the like. Each extensible command consists of a list of names and parameters, exemplified by JSON below.
Each command corresponds to a returned result response
Subsequent descriptions related to the relevant commands will be reduced to a format such as logic { user, password }.
MPOT service description:
1. bridge controller service description
The BC service is a main control service terminal in the MPOT architecture, is positioned on a network segment or the Internet which can be accessed by each client, and provides user management and port management functions besides the safety tunnel service function provided by the BC service.
(1) The user management function comprises a remotecclient user (RCID) and a NetMapper user (NMID), the remotecclient user and the NetMapper user are respectively used for logging in an RC client and an NM client, and the BC server maintains a record table containing RCID, NMID account information and password information.
(2) The port management function is used as the core of the MPOT patent architecture and is used for maintaining the MPOT mapping specification. The port management is set for each RCID and is divided into the following modes:
a. a fully open mode. In this mode, the RCID can accept any NMID mapping request to any port.
b. Controllability port mapping. In the mode, the BC management terminal maintains a remote port definition table, an NMID authority control table and a privilege NMID table for each RCID. These relational tables are stored in a manner including, but not limited to, databases, profiles, and the like.
The remote port definition table contains a target name TargetName and a target address TargetAddress (each RCID corresponds to a logical mapping table), as shown in the following table:
| TargetName | TargetAddress | NetType (Port type) |
| WebA | InnerHost:80 | TCP |
| DataBaseA | InnerIP:1433 | TCP |
| DataBaseB | InnerIP:1521 | TCP |
NMID entitlement control table, as shown in the following table:
| NMID | TargetName |
| NMID1 | WebA |
| NMID2 | DataBaseA |
| NMID3 | DataBaseB |
privileged NMID mapping table, as shown in the following table:
| RCID |
| NMID4 |
| NMID5 |
| NMID6 |
in the controllable port mapping mode, each NM client applies for port mapping according to a predefined targetName, and the NMID with the privileged mode can request for mapping of any port of the RC client.
2. RemoteClient service description
Each RC client uses the RCID to actively connect with the BC main control server, receives the access control command of the BC, and completes the data exchange task communicated with the target port according to the command.
3. NetMapper service description
Each NM client maintains a configuration table of port mapping, which is saved in a manner including but not limited to a database, a configuration file, and the like, as shown in the following table:
and at the local monitoring port, after receiving a data connection request of a local program, actively connecting the BC main control server by using the NMID, and informing the RemoteClient to create a mapped communication tunnel by the BC according to the authority and the configuration information.
Description of MPOT connection procedure:
all connections of the MPOT are established according to the secure connection rule described above, the client already has a pre-configured server connection public key ServerPubKey, and the commands mentioned below are all transmitted and responded according to the extensible command specification described above.
1. RemoteClient initialization procedure
S1, establishing a safe connection between the RC and the BC;
s2, RC sends login command containing RCID and password
LOGIN{RCID,PASSWORD};
S3, BC sends the reply of successful verification, logic { successful } after passing the verification, and keeps the connection and saves the RCID and the network communication handle of the tunnel in the memory record as the Commandchannel of the RC.
2. NetMapper initialization procedure
S1, according to NM end configuration file (see NetMapper service description), listening corresponding UDP or TCP port.
The invention relates to a network security tunnel establishment method based on TCP port control, which comprises the following steps (TCP mode connection step):
s1, the Application (such as Web Browser, DateBase Application, RDP Client in the figure) connects the NM mapped local port through the respective port (see NetMapper initialization step S1);
s2, NM, after receiving the connection request, queries the configuration information, and obtains the target RCID and the corresponding target address (if the current NMID does not have the privilege, then obtains the target RCID and the TargetName configured in the BC server);
s3, NM and BC establish safe connection;
s4, NM sends login command containing NMID and password
LOGIN{NMID,PASSWORD};
S5 and BC verify the NMID and send a command login { sucseed } which is verified successfully;
s6, NM sends mapping request command, which contains target RCID and target address (or targetName) MAP { RCID, TCPMode, TargetAddress/targetName };
s7, the BC carries out authority detection on the address and the target of the NMID request, and under the condition that the NMID does not have the privilege mode, the BC converts the TargetName into TargetAddress;
s8, BC detecting whether RCID is connected (Command channel established by RemoteClient initialization step S3);
s9, BC dynamically generates a random number ConnectionToken containing a corresponding relation for the current NM request connection;
s10, sending a connection starting command to the CommandChannel corresponding to the RC, and waiting for the connection starting StartConnect of the RC, { ConnectionToken, TargetAddress };
s11, the RC receives a StartConnect command sent by BC, and initiates TCP connection to a target address according to TargetAddress in the parameters;
s12, if S11 successfully connects TargetADDRESS, RC establishes a new connection to BC, which no longer sends RCID' S login request command, but sends connection success notification command
NewConnect{ConnectionToken,Succeeded};
S13, BC logically associates the data connection newly created by RC with the previous NM initiated data connection through the relationship of ConnectionToken, and is responsible for data forwarding for the two RC connections;
s14, RC is the connection of TargetAddress and the NewConnect connection with BC to carry out data forwarding.
The network security tunnel establishment method based on UDP port control is different from TCP, UDP does not have a logical link, MPOT is based on a TCP security tunnel, so UDP is required to be forwarded through TCP, an application program has a great difference on the processing modes of TCP and UDP, TCP is based on a logical link, UDP is based on the record of a source address (which IP is acquired from which IP is the port, and then is sent back to which IP is the port), MPOT adopts an additional management mechanism to keep the compatibility of UDP when processing UDP.
S1, the application program sends UDP data packet to NM mapping local port;
s2: NM obtains the source (IP: port) information of the UDP data packet;
s3, NM maintaining a memory mapping table, recording the relation between UDP source [ IP: port ] and tunnel, NM inquiring in the table according to UDP source, if existing, then obtaining the tunnel communication handle (or object), if not found, then according to TCP mode connection steps S3-S13 are basically the same;
wherein, the parameters in the step of S6 are changed into UDPMode: MAP { RCID, UDPMode, TargetADDRESS/TargetName };
in the step of S11, the RC only needs to create a UDP client Socket, and does not need to complete connection to TargetAddress;
different from the step S14 of the TCP mode connection step, the RC client uses a timeout record mechanism for forwarding the NewConnect connection data of TargetAddress and BC, and in order to avoid resource consumption of TCP connection caused by UDP packets, the RC client provides an acceptance timeout record for each created UDP client Socket, and when the UDP client does not receive data in 5-10 minutes (the timeout time can be adjusted as required), the RC and BC NewConnect connection is forcibly closed.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.
Claims (7)
1. A network security tunnel establishment method based on port control is characterized by comprising the following steps:
establishing a bridging master control between the remote client and the network mapper;
the remote client establishes a secure connection with the bridging master control;
the application program is connected with the network mapper, the network mapper inquires configuration information after receiving the connection request and obtains a target remote client ID and a target name TargetName or a target address TargetAddress, and the network mapper establishes safe connection with the bridging master control;
the network mapper sends a mapping request command to the bridge master control, the bridge master control carries out authority detection on the command and detects whether the remote client ID is connected or not;
the bridge master control requests the connection of the current network mapper to dynamically generate a random number containing a corresponding relation, sends a connection starting command to a command channel corresponding to the remote client and waits for the connection of the remote client;
the remote client receives a connection starting command sent by the bridging master control and initiates connection to a target address TargetAddress;
after the connection is successful, the remote client establishes a new connection with the bridging master control, and the bridging master control logically associates the data connection newly established by the remote client with the data connection initiated by the previous network mapper and is responsible for data forwarding for the two connections.
2. The method for establishing a network security tunnel based on port control as claimed in claim 1, wherein the application program connects the network mapper through TCP protocol.
3. The method for establishing a network security tunnel based on port control as claimed in claim 1, wherein the application program connects to the network mapper through UDP protocol.
4. The method as claimed in claim 3, wherein the application program sends a UDP packet to a local port mapped by the network mapper, and the network mapper obtains source information of the packet, maintains a memory mapping table, records a relationship between the UDP source and the security tunnel, obtains the tunnel handle if it already exists, and obtains the ID and corresponding destination address of the destination remote client by querying configuration information if it does not already exist.
5. The method as claimed in claim 4, wherein the remote client provides an acceptance timeout record for each created UDP application, and when the UDP application does not receive data within a unit time, the new connection between the remote client and the bridging master is forced to be closed.
6. The method according to claim 2 or 3, wherein when the remote client establishes a secure connection with the bridge master, the remote client sends a login command including a remote client ID and a password, the bridge master sends a verification success reply after verification, maintains the connection, and saves the remote client ID and the network communication handle of the tunnel in a memory record as a command channel of the remote client.
7. The method for establishing a network security tunnel based on port control according to claim 2 or 3, wherein when the remote client or the network mapper establishes a secure connection with the bridging master, the method comprises the following steps:
the client establishes connection to the appointed port of the bridge master control;
the client dynamically generates a client key and a client public key by using an RSA algorithm;
the client encrypts a client public key by using a server key to obtain a client public key code;
taking a binary sequence of the handshake identifier attached with the client public key code as an initial handshake data packet, and sending the initial handshake data packet to the bridge master control in a DP (data processing) manner;
the bridge master control receives the DP data packet received for the first time to detect the handshake identifier, and decrypts the client public key code by using the client key to obtain a client public key;
the bridging master control randomly generates an 8-byte key serving as a key of a DES algorithm, and encrypts the key by using a client public key to generate a key code;
the bridging master control uses the server key to sign the key code to generate a key signature;
the bridging master control splices the binary sequences of the key codes and the key signatures and returns the binary sequences to the client in a DP data packet;
after receiving the key code, the client verifies the key code by using the client public key and the key signature, and decrypts the key code by using the client key to obtain the key;
the secure tunnel is initially completed, the client and the bridging master control both possess key keys, and all subsequent DP data packets must be encrypted or decrypted according to the DES algorithm using the key keys.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810905770.9A CN109005179B (en) | 2018-08-10 | 2018-08-10 | Network security tunnel establishment method based on port control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810905770.9A CN109005179B (en) | 2018-08-10 | 2018-08-10 | Network security tunnel establishment method based on port control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109005179A CN109005179A (en) | 2018-12-14 |
| CN109005179B true CN109005179B (en) | 2020-11-06 |
Family
ID=64595497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810905770.9A Expired - Fee Related CN109005179B (en) | 2018-08-10 | 2018-08-10 | Network security tunnel establishment method based on port control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109005179B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110492994B (en) * | 2019-07-25 | 2022-08-09 | 北京笛卡尔盾科技有限公司 | Trusted network access method and system |
| CN113014512B (en) * | 2021-03-14 | 2022-12-09 | 白杨 | Network connection accelerated forwarding method based on N: M connection dynamic mapping |
| CN113329101B (en) * | 2021-08-02 | 2021-11-02 | 杭州钛鑫科技有限公司 | Remote login method and login device for edge computing node |
| CN114124619A (en) * | 2021-12-02 | 2022-03-01 | 深圳通康创智技术有限公司 | Subnet communication method and device, computer equipment and storage medium |
| CN114499976B (en) * | 2021-12-28 | 2022-11-04 | 航天科工智慧产业发展有限公司 | Data exchange method for realizing cross-network exchange |
| CN115694901B (en) * | 2022-09-27 | 2023-09-26 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101945141A (en) * | 2010-09-17 | 2011-01-12 | 北京神州泰岳软件股份有限公司 | TCP-based method and system for traversing NAT devices |
| CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
| CN103765406A (en) * | 2011-06-30 | 2014-04-30 | 亚马逊科技公司 | Methods and apparatus for remotely updating executing processes |
| CN105681487A (en) * | 2009-10-28 | 2016-06-15 | 惠普发展公司,有限责任合伙企业 | Method and device for detecting NAT device |
| CN106793013A (en) * | 2017-01-22 | 2017-05-31 | 深圳国人通信股份有限公司 | Wireless access system and its exchange method based on L2TP |
| US9843505B2 (en) * | 2015-05-28 | 2017-12-12 | Cisco Technology, Inc. | Differentiated quality of service using tunnels with security as a service |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8296437B2 (en) * | 2005-12-29 | 2012-10-23 | Logmein, Inc. | Server-mediated setup and maintenance of peer-to-peer client computer communications |
-
2018
- 2018-08-10 CN CN201810905770.9A patent/CN109005179B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681487A (en) * | 2009-10-28 | 2016-06-15 | 惠普发展公司,有限责任合伙企业 | Method and device for detecting NAT device |
| CN101945141A (en) * | 2010-09-17 | 2011-01-12 | 北京神州泰岳软件股份有限公司 | TCP-based method and system for traversing NAT devices |
| CN103765406A (en) * | 2011-06-30 | 2014-04-30 | 亚马逊科技公司 | Methods and apparatus for remotely updating executing processes |
| CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
| US9843505B2 (en) * | 2015-05-28 | 2017-12-12 | Cisco Technology, Inc. | Differentiated quality of service using tunnels with security as a service |
| CN106793013A (en) * | 2017-01-22 | 2017-05-31 | 深圳国人通信股份有限公司 | Wireless access system and its exchange method based on L2TP |
Non-Patent Citations (2)
| Title |
|---|
| 《Http隧道在穿越NAT/防火墙技术中的应用》;韩风等;《计算机技术与发展》;20060510;第16卷(第5期);全文 * |
| 《Performance evaluation and analysis of layer 3 tunneling between OpenSSH and OpenVPN in a wide area network environment》;Irfaan Coonjah等;《2015 International Conference on Computing, Communication and Security (ICCCS)》;20160107;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109005179A (en) | 2018-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109005179B (en) | Network security tunnel establishment method based on port control | |
| US6101543A (en) | Pseudo network adapter for frame capture, encapsulation and encryption | |
| US8205074B2 (en) | Data communication method and data communication system | |
| US8161301B2 (en) | Method and apparatus for waking remote terminal | |
| US7870261B2 (en) | Information processing device, an information processing method, and a computer program to securely connect clients on an external network to devices within an internal network | |
| US7287269B2 (en) | System and method for authenticating and configuring computing devices | |
| US7346770B2 (en) | Method and apparatus for traversing a translation device with a security protocol | |
| US7908472B2 (en) | Secure sockets layer cut through architecture | |
| US7159242B2 (en) | Secure IPsec tunnels with a background system accessible via a gateway implementing NAT | |
| US8037538B2 (en) | Access control processing method | |
| US8010793B2 (en) | Data communication method and system | |
| US20190068592A1 (en) | Uncloneable Registration of an Internet of Things (IoT) Device in a Network | |
| US9154487B2 (en) | Registration server, gateway apparatus and method for providing a secret value to devices | |
| US20030014628A1 (en) | Secure sockets layer proxy architecture | |
| US20030014625A1 (en) | Bufferless secure sockets layer architecture | |
| US20030014650A1 (en) | Load balancing secure sockets layer accelerator | |
| WO2022151867A1 (en) | Method and apparatus for converting http into https bidirectional transparent proxy | |
| Chadalapaka et al. | Internet small computer system interface (iSCSI) protocol (consolidated) | |
| US10547589B2 (en) | System for implementing a small computer systems interface protocol over a content centric network | |
| US20110055571A1 (en) | Method and system for preventing lower-layer level attacks in a network | |
| JPH06318939A (en) | Cipher communication system | |
| JP3714850B2 (en) | Gateway device, connection server device, Internet terminal, network system | |
| JP4779639B2 (en) | Security communication system | |
| JPH1132088A (en) | Network system | |
| WO2018225158A1 (en) | Communication device, relay device, information processing system, and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201106 Termination date: 20210810 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |