CN109462606A - Point-to-point remote access method - Google Patents

Point-to-point remote access method Download PDF

Info

Publication number
CN109462606A
CN109462606A CN201811559771.9A CN201811559771A CN109462606A CN 109462606 A CN109462606 A CN 109462606A CN 201811559771 A CN201811559771 A CN 201811559771A CN 109462606 A CN109462606 A CN 109462606A
Authority
CN
China
Prior art keywords
point
node
component
ptpremoteacce
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811559771.9A
Other languages
Chinese (zh)
Inventor
李晨
叶静萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Dian Dian Science And Technology Development Co Ltd
Original Assignee
Anhui Dian Dian Science And Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Dian Dian Science And Technology Development Co Ltd filed Critical Anhui Dian Dian Science And Technology Development Co Ltd
Priority to CN201811559771.9A priority Critical patent/CN109462606A/en
Publication of CN109462606A publication Critical patent/CN109462606A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of point-to-point remote access methods, specifically includes the following steps: connection identifier (CID, address and the port of uniform registration PtPRemoteAcce component;Using or equipment uniform registration connect ID number;If two applications or equipment connection ID number having the same are connected by the point-to-point both-way communication that PtPRemoteAcce component establishes firewall-penetrating.Behind the connection identifier (CID of uniform registration PtPRemoteAcce component, address and port, similar firewall problem, routing issue only need once to configure to be completed the present invention.

Description

Point-to-point remote access method
Technical field
The present invention relates to a kind of point-to-point remote access methods.
Background technique
Currently, most of application software frameworks mostly use B/S (browsing/service mode) or C/S (client/service mode) to tie Structure, no matter above-mentioned any implementation, be provided to make full use of both sides (server-side and client) respective software and hardware Advantage will execute task arranged rational and reallocation, reduce resource loss rate, load and unevenly pass with the network of big data quantity Defeated expense.
The bilayer or multilayer structure of B/S or C/S is actually by artificially dividing, for example, certain applications are divided into client End and two parts of server-side, user use client request order, issuing function, and server-side is responsible for information sharing, executes meter Calculate, complete storage movement etc., both sides' cooperative cooperating completes the application of whole system.
In the level framework of B/S or C/S, the importance of the end S (server-side) is likely more protrusion, therefore, many times, For considering for secure context, the software and hardware device of similar firewall etc can be widely used around the end S (server-side), be made With needing to verify such or such safety regulation before the end S (server-side), otherwise possibly can not access.
On the other hand, many applications under actual environment can not divide above-mentioned two layers or repeatedly structure very bright Aobvious, the communication with one another between user (or between application) has no point of primary and secondary, each has all in the state of relative equality Identical function or purposes can be interacted directly between each other, need not rely on special centralized services, for example, building system In controller between or parking lot master control between, both can be used as the requestor of function between application or equipment, can also make For the publisher of response, resource can be both provided for other people, service is provided, needed for resource can also be obtained from other people, is obtained Content.
Two privates in the other end, especially internet are connected by internet at one end between existing application or equipment There is the interconnection between network, need to set necessary safety regulation or port mapping in firewall or router, so connects Primary configuration is primary, in cycles.
Summary of the invention
The present invention proposes a kind of point-to-point remote access method, solves in the prior art between application or equipment by mutual Networking connects the interconnection in the other end, especially internet between two private networks at one end, needs on firewall or road By setting necessary safety regulation or port mapping in device, so primary configuration of connection is primary, in cycles the problem of.
The technical scheme of the present invention is realized as follows:
A kind of point-to-point remote access method, specifically includes the following steps:
(1) connection identifier (CID of uniform registration PtPRemoteAcce component, address and port;
(2) application or equipment uniform registration connect ID number;
(3) it if two applications or equipment connection ID number having the same, is penetrated by the foundation of PtPRemoteAcce component The point-to-point both-way communication of firewall connects.
Preferably, in step (3), PtPRemoteAcce component connects in the point-to-point both-way communication for establishing firewall-penetrating Before connecing, the legitimacy of two applications or equipment is verified.
Preferably, legal application or equipment include:
Generated by UsersRuleFrame component automatic mapping and distributed the application or equipment of permission;
The PRAREADER user that sets up is defaulted by PtPRemoteAcce component, the permission of PRAREADER user be read, Start, shut down.
Preferably, the PtPRemoteAcce component establishes the specific packet of point-to-point both-way communication connection of firewall-penetrating Include following steps:
(301) node A issues connection request, PtPRemoteAcce module testing connection section to PtPRemoteAcce component The connectivity of point B returns to connection identifier position if success;
(302) the user's checking mode for checking component is verified and starts connection preparation;
(303) node A and B opening assembly related port;
(304) under active call mode, node A actively to node B connection, establish, and is always maintained at connection by communication link, Hereafter, node A actively can read or be written the data of node B;
(305) under passive method of calling, after node B unlatching port, connection logical links is disconnected, and waits the data of node A Request, if node A has request of data, node B can send data to node A.
Preferably, active call mode is applied to LAN environment.
Preferably, passive method of calling is applied to internet environment.
The beneficial effects of the present invention are: the equipment of PtPRemoteAcce component connection is not by between actual hardware Association (for example, hardware port, address etc.) is established, but passes through the PtPRemoteAcce group of on hardware (hardware context) The problem of connection, address and port are established between part is unrelated with hardware;When the company of uniform registration PtPRemoteAcce component After connecing identifier, address and port, similar firewall problem, routing issue, which only need once to configure, to be completed.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow chart of point-to-point remote access method one embodiment of the present invention;
Fig. 2 is the connection figure of PtPRemoteAcce component and UsersRuleFrame component;
Fig. 3 is more equipment, multiport exemplary diagram;
Fig. 4 is more equipment, PtPRemoteAcce component, single port example;
Fig. 5 is the exchanging visit logic chart between A, B, C equipment that PtPRemoteAcce component is realized.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the invention proposes a kind of point-to-point remote access sides based on AtomBaseFrame application framework Method, specifically includes the following steps:
(1) connection identifier (CID of uniform registration PtPRemoteAcce component, address and port;
(2) application or equipment uniform registration connect ID number;
(3) it if two applications or equipment connection ID number having the same, is penetrated by the foundation of PtPRemoteAcce component The point-to-point both-way communication of firewall connects.
Point-to-point remote access component PtPRemoteAcce be it is a kind of established between peer device (or application) connection, The distributed structure/architecture of execution task is a kind of logical connection form of peer-to-peer network model;Exist when using identical connection ID number Under application framework after uniform registration, it is legal that the installations and facilities (or application) of PtPRemoteAcce component connection also can be used Form firewall-penetrating (needs permission to support).
Under internet environment, PtPRemoteAcce component can equally be established special between two equipment (or application) , encrypted form long-range connection, that is, in internet, two hardware devices (or application) pass through PtPRemoteAcce Component can also directly establish the communication modes of point to point system, to meet the Direct Communication under many strange land environment.
It is the position for being in equity between two equipment (or application) that PtPRemoteAcce component is directly connected to, identical Function divide without client, service, be each other both the offer of resource or function therebetween without main, secondary point Person and the requestor of resource or function, the transmission of data is directly to carry out between, without intermediate node or center The direct intervention of server etc..
In an embodiment of the present invention, the safety direct-connected for Logistics networks, in step (3), PtPRemoteAcce group Part verifies the legitimacy of two applications or equipment before the point-to-point both-way communication connection for establishing firewall-penetrating.
As shown in Fig. 2, legal application or equipment include
Generated by UsersRuleFrame component (multi-user authority allocation component) automatic mapping and distributed the application of permission Or equipment;UsersRuleFrame component automatically generates corresponding user's name, such as parking lot according to the title of application or equipment There is a set of access device (including 1 banister, 1 video camera, 1 wagon detector), then UsersRuleFrame can be automatic Three estrade equipment in access device are respectively corresponded into user: park_name@base_name@switch, park_name@ Arch_name@camera, park_name@base_name@checker;(wherein park_name indicates the identifier in parking lot Or identification character, base_name indicate the identification of corresponding AtomBaseFrame application framework in the system of parking lot foundation Number).
The PRAREADER user that sets up is defaulted by PtPRemoteAcce component, the permission of PRAREADER user be read, Start, shut down.In many actual control system environment, since software systems relatively fixed (being encapsulated in onboard ROM) more, and repair Change and needs through specific means or method, so, it reads, start, to shut down this three operations more common, so PtPRemoteAcce component default contains special PRAREADER user to inherit above-mentioned three Xiang Gongneng, and default pair automatically The hardware device facility of all connections is open.Although the privilege feature of PRAREADER user is limited, it is not necessarily to The support of UsersRuleFrame component, the process that two equipment directly establish connection is relatively simple, efficient, is The user's checking mode of PtPRemoteAcce component default.
Preferably, the PtPRemoteAcce component establishes the specific packet of point-to-point both-way communication connection of firewall-penetrating Include following steps:
(301) node A issues connection request, PtPRemoteAcce module testing connection section to PtPRemoteAcce component The connectivity of point B returns to connection identifier position if success;
(302) the user's checking mode for checking component is verified and starts connection preparation;
(303) node A and B opening assembly related port;
(304) under active call mode, node A actively to node B connection, establish, and is always maintained at connection by communication link, Hereafter, node A actively can read or be written the data of node B;Active call mode is applied to LAN environment.
(305) under passive method of calling, after node B unlatching port, connection logical links is disconnected, and waits the data of node A Request, if node A has request of data, node B can send data to node A.Passive method of calling is applied to internet environment, by In the connection scarcity of internet, narrower bandwidth, the logical links disconnected can largely save network bandwidth.
Remote access component PtPRemoteAcce is to be directly connected to provide interactive means end to end, either limited In range between equipment, for example, between equipment on certain single parking lot or internet, for example, all of some city stop Parking lot can accomplish to exchange each other's needs using PtPRemoteAcce component, even if legal can also cross over comprising several firewalls.
(1) equipment is direct-connected, does not rely on central node excessively: PtPRemoteAcce component (or answers the hardware device of connection With) data, service and resource distribution are in each child node, the control of order and the transmission of data are all using point to point system It is directly connected to, there is no the concept of (or not needing) central server, when connection quantity is more, can effectively avoid the bottle in transmission The undue concentration of neck and resource;
(2) load balancing: the node of PtPRemoteAcce component connection is both client computer and server, is reduced pair The requirement of the executive capability, storage capacity, extended capability, computing capability of central apparatus facility, task under traditional B/S, C/S structure Execution, resource use all cover on multiple nodes, and be more than and rely on some (or a kind of) equipment merely Facility, security risk reduces as a result, and the load balancing of total system can be preferably evenly distributed;
(3) legal firewall-penetrating can connect remote equipment by internet: under normal circumstances, by internet one Interconnection in end the connection other end, especially internet between two private networks, needs to set in firewall or router The primary configuration of fixed necessary safety regulation or port mapping, so connection is primary, in cycles.PtPRemoteAcce component connects The equipment connect is not instead of by establishing association (for example, hardware port, address etc.) between actual hardware, by hardware The problem of establishing connection, address and port between the PtPRemoteAcce component of (hardware context) is unrelated with hardware;Work as system After one registers connection identifier (CID, address and the port of PtPRemoteAcce component, similar firewall problem, routing issue are only needed Once to configure completion.As shown in Figure 3 and Figure 4.
(4) highly-safe: the direct-connected mode due to using point-to-point between equipment and equipment needs not move through some center ring A possibility that section, data information is disturbed, is truncated, substantially reduces, the direct-connected relay request without in similar internet, Forwarding request, reliability significantly increase.The PRAREADER user that PtPRemoteAcce component default uses only has read-only power Limit not directly writes data or change data, thus can not break the normal operation of block device facility.
(5) PtPRemoteAcce component can legal firewall-penetrating, and can the direct-connected hardware device after the firewall Or application, it is suitable among farther away communication device, e.g., (mobile phone of PtPRemoteAcce component connection needs mobile phone terminal Want 3G standard or more) handheld terminal etc. is sent to by internet by internet access monitoring device, alarm system;Mesh The end-to-end device type of preceding support specifically include that mobile terminal (Android and iOS), business terminal (Windows, Linux) and Part industrial system (ABB AC500/700 series, Siemens S7-200/300/1200/1500 series, Omron NX/NJ/ CJ/CS series, MUDBUS agreement, PCL communication device of compatible RS232/485 Port Profile etc.).
Above-mentioned technical proposal discloses improvement of the invention, the technology contents not being disclosed in detail, can be by art technology Personnel are achieved by the prior art.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (6)

1. a kind of point-to-point remote access method, it is characterised in that: specifically includes the following steps:
(1) connection identifier (CID of uniform registration PtPRemoteAcce component, address and port;
(2) application or equipment uniform registration connect ID number;
(3) if two applications or equipment connection ID number having the same, fire prevention is penetrated by the foundation of PtPRemoteAcce component The point-to-point both-way communication of wall connects.
2. point-to-point remote access method according to claim 1, it is characterised in that: in step (3), PtPRemoteAcce component is before the point-to-point both-way communication connection for establishing firewall-penetrating, to two applications or equipment Legitimacy is verified.
3. point-to-point remote access method according to claim 2, it is characterised in that: legal application or equipment include:
Generated by UsersRuleFrame component automatic mapping and distributed the application or equipment of permission;
The PRAREADER user set up is defaulted by PtPRemoteAcce component, the permission of PRAREADER user is to read, open It moves, shut down.
4. point-to-point remote access method according to claim 1, it is characterised in that: the PtPRemoteAcce component Establish firewall-penetrating point-to-point both-way communication connection specifically includes the following steps:
(301) node A issues connection request, PtPRemoteAcce module testing connecting node B to PtPRemoteAcce component Connectivity, if success, return connection identifier position;
(302) the user's checking mode for checking component is verified and starts connection preparation;
(303) node A and B opening assembly related port;
(304) under active call mode, node A actively to node B connection, establish, and is always maintained at connection by communication link, this Afterwards, node A actively can read or be written the data of node B;
(305) under passive method of calling, after node B unlatching port, connection logical links is disconnected, and waits the request of data of node A, If node A has request of data, node B can send data to node A.
5. point-to-point remote access method according to claim 4, it is characterised in that: active call mode is applied to local Net environment.
6. point-to-point remote access method according to claim 4, it is characterised in that: passive method of calling is applied to interconnection Net environment.
CN201811559771.9A 2018-12-19 2018-12-19 Point-to-point remote access method Pending CN109462606A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811559771.9A CN109462606A (en) 2018-12-19 2018-12-19 Point-to-point remote access method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811559771.9A CN109462606A (en) 2018-12-19 2018-12-19 Point-to-point remote access method

Publications (1)

Publication Number Publication Date
CN109462606A true CN109462606A (en) 2019-03-12

Family

ID=65613907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811559771.9A Pending CN109462606A (en) 2018-12-19 2018-12-19 Point-to-point remote access method

Country Status (1)

Country Link
CN (1) CN109462606A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1561066A (en) * 2004-03-10 2005-01-05 福州骏飞信息科技有限公司 UDP datagram communication transmission method
CN1825828A (en) * 2005-02-24 2006-08-30 北京风行在线技术有限公司 Method and apparatus for controlling direct transmission communication with two terminals under different NAT
US20080301233A1 (en) * 2006-02-17 2008-12-04 Nhn Corporation P2p file transmission system and method
CN101501665A (en) * 2005-04-25 2009-08-05 微软公司 Trans-network roaming and resolution with web services for devices
CN102917082A (en) * 2012-10-10 2013-02-06 青岛海信传媒网络技术有限公司 Information push method and system of transit-network address translation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1561066A (en) * 2004-03-10 2005-01-05 福州骏飞信息科技有限公司 UDP datagram communication transmission method
CN1825828A (en) * 2005-02-24 2006-08-30 北京风行在线技术有限公司 Method and apparatus for controlling direct transmission communication with two terminals under different NAT
CN101501665A (en) * 2005-04-25 2009-08-05 微软公司 Trans-network roaming and resolution with web services for devices
US20080301233A1 (en) * 2006-02-17 2008-12-04 Nhn Corporation P2p file transmission system and method
CN102917082A (en) * 2012-10-10 2013-02-06 青岛海信传媒网络技术有限公司 Information push method and system of transit-network address translation

Similar Documents

Publication Publication Date Title
CN102710669B (en) A kind of method that firewall policy controls and device
CN109510760A (en) A kind of block chain gateway that internet of things oriented is applied and the method with the gateway management Internet of Things
CN105678647A (en) Intelligent household energy internet of things system for intelligent city system
CN102882828A (en) Information safe transmission control method between inside network and outside network and gateway thereof
CN102224470A (en) A system and a method for providing control and automation services
CN111885026B (en) Block chain-based interconnection and intercommunication method and device, storage medium and electronic device
CN101808096B (en) Method for sharing and controlling large screen among local area networks in different positions
CN109150685A (en) A kind of intelligent interconnection method and system towards heterogeneous network
CN105654699A (en) Many-to-many Internet-of -things intelligent gas meter system used for smart city system
CN107566196A (en) Network-building method and network device, customer edge and readable storage medium storing program for executing
CN105743751A (en) Internet of Things (IOT) system applicable to smart city system
CN107809365A (en) It is a kind of to provide the VPN implementation methods of service based on OpenStack frameworks
CN103067531B (en) A kind of public network IP address resources management distribution method
CN103067216A (en) Reverse communication method of crossing safety zone, device and system
CN108966368B (en) Networking method and system of LTE private network in public security field
CN110933015B (en) Data transmission method, device and system
CN103580979B (en) The virtual bridged website in method for building up and system, edge and bridge of logical channel
CN110475291A (en) Application traffic control, safe Check System and method based on the 5G communication technology
CN109743316A (en) Data transmission method, egress router, firewall and dual stage firewall system
CN102983988A (en) Equipment agent device and network management device
CN109462606A (en) Point-to-point remote access method
CN108183936A (en) For providing the method for network communication, communication web services and server between BACnet equipment
CN105869067A (en) Many-to-many Internet of Things smart gas meter system for smart city system
CN110185937A (en) A kind of pipeline inspection monitoring method, server and system
CN106302695A (en) Internet of Things service platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190312

RJ01 Rejection of invention patent application after publication