CN111193712A - Agent access method and device based on enterprise browser - Google Patents
Agent access method and device based on enterprise browser Download PDFInfo
- Publication number
- CN111193712A CN111193712A CN201911222759.3A CN201911222759A CN111193712A CN 111193712 A CN111193712 A CN 111193712A CN 201911222759 A CN201911222759 A CN 201911222759A CN 111193712 A CN111193712 A CN 111193712A
- Authority
- CN
- China
- Prior art keywords
- udp
- data packet
- preset
- enterprise browser
- flow data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses an agent access method and device based on an enterprise browser, wherein the method comprises the following steps: when a user accesses a terminal server based on an enterprise browser, obtaining accessed flow data; packaging the flow data based on a preset UDP protocol to obtain a UDP data packet; performing SPA verification on the UDP data packet, opening a corresponding port after the verification is passed and establishing connection; and forwarding the UDP data packet to a preset gateway through the connection, and decrypting and restoring the UDP data packet based on the preset gateway to obtain the original flow data so as to realize safe communication. By adopting the proxy access method based on the enterprise browser, the flow data can be transmitted in a UDP (user Datagram protocol) packaging mode, and the flow data is forwarded by utilizing the preset intermediate gateway after being verified by SPA (SPA authentication), so that the safety of the data when the proxy access method based on the enterprise browser is used for accessing is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of network data transmission, in particular to a proxy access method and a proxy access device based on an enterprise browser, and further relates to electronic equipment and a computer readable storage medium.
Background
With the rapid development of network technology and the popularization of intelligent office business systems, accessing internal business system data based on an enterprise browser becomes a daily working mode of people. The enterprise browser enables developers to establish Web application programs with rich functions, and is an important means for realizing intelligent management of enterprises in the future. Therefore, how to improve the security of internal data when accessing a business system based on an enterprise browser becomes a major concern to those skilled in the art.
At present, after a user logs in an enterprise browser, the user can directly access internal business system data without further verification, or the user simply verifies the user ID and then accesses the internal business system data, so that the safety of the business system data is low, and the effective guarantee cannot be obtained. Therefore, how to provide a safe and efficient proxy access method based on an enterprise browser becomes a problem to be solved in the field.
Disclosure of Invention
Therefore, the embodiment of the invention provides an agent access method based on an enterprise browser, so as to solve the problems that the security of a mode for accessing data of an enterprise internal business system based on the enterprise browser is low and the data cannot be effectively protected in the prior art.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
in a first aspect, an embodiment of the present invention provides an agent access method based on an enterprise browser, including: when a user accesses a terminal server based on an enterprise browser, obtaining accessed flow data; packaging the flow data based on a preset UDP protocol to obtain a UDP data packet; performing SPA verification on the UDP data packet, opening a corresponding port after the verification is passed, establishing connection, and forwarding the UDP data packet to a preset gateway through the connection; and decrypting and restoring the UDP data packet based on the preset gateway to obtain the original flow data, thereby realizing safe communication.
Further, the proxy access method based on the enterprise browser further includes: and encrypting the UDP data packet according to a preset encryption algorithm in the process of packaging the flow data based on a preset UDP protocol.
Further, the encapsulating the traffic data based on the preset UDP protocol to obtain a UDP data packet specifically includes: generating a UDP header based on the destination port information, the source port information and the UDP checksum field; and encapsulating the flow data and the UDP header according to a preset encapsulation rule to obtain the UDP data packet.
Further, opening a corresponding port after the verification passes, establishing a connection, and forwarding the UDP packet to a preset gateway through the connection, specifically including: after the verification passes, identifying the source port information and the destination port information in the UDP header; opening corresponding source ports and destination ports according to the source port information and the destination port information, and establishing connection based on the opened source ports and the opened destination ports; and forwarding the UDP data packet from the source port to the destination port of a preset gateway through the connection.
Further, the terminal server is a server corresponding to a business system accessed based on the enterprise browser.
In a second aspect, an embodiment of the present invention further provides an agent access apparatus based on an enterprise browser, including: the flow data acquisition unit is used for acquiring accessed flow data when a user accesses the terminal server based on the enterprise browser; the encapsulation unit encapsulates the flow data based on a preset UDP protocol to obtain a UDP data packet; the verification and sending unit is used for performing SPA verification on the UDP data packet, opening a corresponding port and establishing connection after the verification is passed, and forwarding the UDP data packet to a preset gateway through the connection; and the decryption reduction unit is used for decrypting and reducing the UDP data packet based on the preset gateway to obtain the original flow data so as to realize safe communication.
Further, the proxy access device based on the enterprise browser further includes: and the encryption unit is used for encrypting the UDP data packet according to a preset encryption algorithm in the process of packaging the flow data based on a preset UDP protocol.
Further, the encapsulation unit is specifically configured to: generating a UDP header based on the destination port information, the source port information and the UDP checksum field; and encapsulating the flow data and the UDP header according to a preset encapsulation rule to obtain the UDP data packet.
Further, the verification and sending unit is specifically configured to: after the verification passes, identifying the source port information and the destination port information in the UDP header; opening corresponding source ports and destination ports according to the source port information and the destination port information, and establishing connection based on the opened source ports and the opened destination ports; and forwarding the UDP data packet from the source port to the destination port of a preset gateway through the connection.
Further, the terminal server is a server corresponding to a business system accessed based on the enterprise browser.
In a third aspect, an embodiment of the present invention further provides an agent access method based on an enterprise browser, including: when a user accesses an enterprise browser based on a source end, receiving a UDP data packet which is sent by the enterprise browser and obtained by encapsulating flow data based on a preset UDP protocol; and analyzing the UDP data packet based on a preset decryption rule to obtain the accessed original flow data.
In a fourth aspect, an embodiment of the present invention further provides an agent access apparatus based on an enterprise browser, including: the device comprises a UDP data packet receiving unit, a UDP data packet processing unit and a UDP packet processing unit, wherein the UDP data packet receiving unit is used for receiving a UDP data packet which is sent by an enterprise browser and obtained by packaging flow data based on a preset UDP protocol when a user accesses the enterprise browser based on a source end; and the analysis unit is used for analyzing the UDP data packet based on a preset decryption rule to obtain the accessed original flow data.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, including: a processor and a memory; the memory is used for storing a program of an enterprise browser-based proxy access method, and after the electronic device is powered on and runs the program of the enterprise browser-based proxy access method through the processor, the electronic device executes any one of the above-mentioned enterprise browser-based proxy access methods.
In a sixth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium contains one or more program instructions, and the one or more program instructions are used for a server to execute any one of the above-mentioned enterprise browser based proxy access methods.
By adopting the proxy access method based on the enterprise browser, the flow data can be transmitted in a UDP (user Datagram protocol) packaging mode, and the flow data can be forwarded by utilizing the preset intermediate gateway after the SPA verification is passed, so that the safety of the internal data when the enterprise browser is used for accessing the service system is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
Fig. 1 is a flowchart of a first method for proxy access based on an enterprise browser according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a first proxy access device based on an enterprise browser according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an electronic device according to an embodiment of the present invention;
fig. 4 is a flowchart of a second method for proxy access based on an enterprise browser according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a second proxy access device based on an enterprise browser according to an embodiment of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first proxy access method based on the enterprise browser disclosed by the invention can transmit the flow data in a UDP (user Datagram protocol) packaging mode, and forward the flow data by using the preset intermediate gateway after the SPA verification is passed, so that the safety of the internal data when the business system is accessed based on the enterprise browser is greatly improved. The following describes an embodiment of a first proxy access method based on an enterprise browser according to the present invention in detail. As shown in fig. 1, which is a flowchart of a first proxy access method based on an enterprise browser according to an embodiment of the present invention, a specific implementation process includes the following steps:
step S101: when a user accesses a terminal server based on an enterprise browser, accessed traffic data is obtained.
Specifically, when a user sends data for accessing a terminal server of a service system to an enterprise browser at a source end through a Web, the data of the traffic accessed by the user can be obtained first. The enterprise browser is an industrial browser for realizing intelligent management of enterprises in the future, can enable developers to establish Web application programs with rich functions, is generally compatible with a Chrome kernel, an IE kernel and the like, and can realize deep customization and integrated management of business system data for the enterprises. The business system can comprise various types of business systems such as an ERP (enterprise resource planning management) business system, a CRM (customer relationship management) business system and an OA business system (office automation process management). Based on the terminal servers of different business systems that can be accessed by the enterprise browser, the access rights corresponding to different access users are different.
Step S102: and encapsulating the flow data based on a preset UDP protocol to obtain a UDP data packet.
After the accessed traffic data is obtained in step S101, the traffic data may be encapsulated based on a preset UDP protocol to obtain a UDP packet in this step.
Specifically, the predetermined UDP Protocol, i.e., a User Datagram Protocol (User Datagram Protocol), is a private Protocol belonging to a transport layer, and for a data packet from an application layer, a UDP header may be added and then transmitted to a terminal device of a corresponding destination IP address. Wherein, checksum field and the like can be set in the UDP header for error detection.
The encapsulating of the traffic data based on the preset UDP protocol to obtain the UDP data packet may specifically include: obtaining source port information corresponding to a UDP data packet, destination port information of a gateway or a terminal server receiving the UDP data packet, and a UDP checksum field for checking the UDP data packet sending condition; generating a UDP header according to a preset design rule based on the destination port information, the source port information and the UDP checksum field; and encapsulating the flow data and the UDP header according to a preset encapsulation rule to obtain the UDP data packet.
In a specific implementation process, in order to ensure security of data transmission, during the process of encapsulating the traffic data based on a preset UDP protocol, the UDP data packet may be encrypted according to a preset encryption algorithm. The UDP data packet is an encrypted data packet which is packaged based on a preset UDP protocol and contains a flow data packet to be transmitted.
Step S103: performing SPA verification on the UDP data packet, opening a corresponding port after the verification is passed, establishing connection, and forwarding the UDP data packet to a preset gateway through the connection.
After the UDP packet is obtained in step S102, in this step, SPA verification may be performed on the UDP packet, and the UDP packet is forwarded to the preset intermediate gateway by using the connection, and the intermediate gateway decrypts and restores the UDP packet to implement data communication.
After the verification is passed, opening a corresponding port, establishing a connection, and forwarding the UDP packet to a preset gateway through the connection, where the specific implementation process may include: after passing the verification, first identifying the source port information and the destination port information in the UDP header; opening a corresponding source port and a corresponding destination port according to the source port information and the destination port information, establishing connection based on the opened source port and the opened destination port, and forwarding the UDP data packet to the destination port of a preset gateway from the source port through the connection. And the terminal server is a server corresponding to the business system accessed based on the enterprise browser.
Step S104: and decrypting and restoring the UDP data packet based on the preset gateway to obtain the original flow data, thereby realizing safe communication.
By adopting the proxy access method based on the enterprise browser, the flow data can be transmitted in a UDP (user Datagram protocol) packaging mode, the SPA (SPA authentication protocol) is verified, and the flow data is forwarded by utilizing the preset intermediate gateway after the verification is passed, so that the safety of the internal data when the enterprise browser is used for accessing the service system is greatly improved.
Corresponding to the first proxy access method based on the enterprise browser, the invention also provides a first proxy access device based on the enterprise browser. Since the embodiment of the device is similar to the above method embodiment, the description is simple, and please refer to the description of the above method embodiment, and the following description of the embodiment of the proxy access device based on the enterprise browser is only illustrative. Fig. 2 is a schematic diagram of a first proxy access apparatus based on an enterprise browser according to an embodiment of the present invention.
The first proxy access device based on the enterprise browser comprises the following parts:
a traffic data obtaining unit 201, configured to obtain accessed traffic data when a user accesses a terminal server based on an enterprise browser. Specifically, when a user sends data for accessing a terminal server of a service system to an enterprise browser at a source end through a Web, the user needs to first obtain accessed traffic data, i.e., a traffic packet.
The encapsulating unit 202 encapsulates the traffic data based on a preset UDP protocol to obtain a UDP data packet.
After the traffic data obtaining unit 201 obtains the accessed traffic data, the traffic data may be encapsulated in the encapsulating unit 202 based on a preset UDP protocol to obtain a UDP packet.
The encapsulating of the traffic data based on the preset UDP protocol to obtain the UDP data packet may include: obtaining source port information corresponding to a UDP data packet, destination port information of a gateway or a terminal server receiving the UDP data packet, and a UDP checksum field for checking the UDP data packet sending condition; generating a UDP header according to a preset design rule based on the destination port information, the source port information and the UDP checksum field; and encapsulating the flow data and the UDP header according to a preset encapsulation rule to obtain the UDP data packet.
In addition, in order to further ensure the security of the transmitted data, during the process of encapsulating the traffic data based on a preset UDP protocol, the UDP data packet may be encrypted according to a preset encryption algorithm. The UDP data packet is an encrypted data packet which is packaged based on a preset UDP protocol and contains a flow data packet to be transmitted.
A sending unit 203, configured to perform SPA verification on the UDP data packet, open a corresponding port after the SPA verification passes, establish a connection, and forward the UDP data packet to a preset gateway through the connection.
After the UDP packet is obtained in the encapsulating unit 202, the sending unit 203 may perform SPA verification on the UDP packet, and forward the UDP packet to the terminal server through the port by using a preset intermediate gateway.
After the verification is passed, opening a corresponding port, establishing a connection, and forwarding the UDP packet to a preset gateway through the connection, where the specific implementation process may include: after passing the verification, first identifying the source port information and the destination port information in the UDP header; opening a corresponding source port and a corresponding destination port according to the source port information and the destination port information, establishing connection based on the opened source port and the opened destination port, and forwarding the UDP data packet to the destination port of a preset gateway from the source port through the connection.
And the decryption reduction unit 204 is configured to decrypt and reduce the UDP data packet based on the preset gateway to obtain the original traffic data, so as to implement secure communication.
By adopting the proxy access device based on the enterprise browser, the flow data can be transmitted in a UDP (user Datagram protocol) packaging mode, the SPA verification is carried out, and the flow data is forwarded by utilizing the preset intermediate gateway after the verification is passed, so that the safety of the internal data when the enterprise browser is used for accessing the service system is greatly improved.
Corresponding to the first method and device for proxy access based on the enterprise browser, the invention also provides a second method and device for proxy access based on the enterprise browser. Since the embodiments of the method and the apparatus are similar to the above-mentioned method embodiments, the description is simple, and for the relevant points, reference may be made to the description of the above-mentioned method embodiments, and the electronic device described below is only schematic.
As shown in fig. 4, which is a flowchart of a second proxy access method based on an enterprise browser according to an embodiment of the present invention, a specific implementation process includes the following steps:
step S401: when a user accesses an enterprise browser based on a source end, receiving a UDP data packet which is sent by the enterprise browser and obtained by encapsulating flow data based on a preset UDP protocol.
Step S402: and analyzing the UDP data packet based on a preset decryption rule to obtain the accessed original flow data.
Fig. 5 is a schematic diagram of a second proxy access device based on an enterprise browser according to an embodiment of the present invention.
The second proxy access device based on the enterprise browser comprises the following parts:
a UDP packet receiving unit 501, configured to receive, when a user accesses an enterprise browser based on a source end, a UDP packet obtained by encapsulating traffic data based on a preset UDP protocol and sent by the enterprise browser.
An analyzing unit 502, configured to analyze the UDP packet based on a preset decryption rule, to obtain the original accessed traffic data.
Corresponding to the first and second proxy access methods based on the enterprise browser, the invention also provides electronic equipment. Since the embodiment of the electronic device is similar to the above method embodiment, the description is relatively simple, and please refer to the description of the above method embodiment, and the electronic device described below is only schematic. Fig. 3 is a schematic view of an electronic device according to an embodiment of the present invention.
The electronic device specifically includes: a processor 301 and a memory 302; the memory 302 is configured to run one or more program instructions, and is configured to store a program of an enterprise browser based proxy access method, where after the server is powered on and runs the program of the enterprise browser based proxy access method through the processor 301, the server executes any one of the above-mentioned enterprise browser based proxy access methods. The electronic device can be a terminal server correspondingly accessed by the enterprise browser.
Corresponding to the agent access method based on the enterprise browser, the invention also provides a computer storage medium. Since the embodiment of the computer storage medium is similar to the above method embodiment, the description is simple, and please refer to the description of the above method embodiment, and the computer storage medium described below is only schematic.
The computer storage medium contains one or more program instructions for execution by a server of the enterprise browser based proxy access method described above. The server may refer to a terminal server accessed by a business system accessed by an enterprise browser.
In an embodiment of the invention, the processor or processor module may be an integrated circuit chip having signal processing capabilities. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The processor reads the information in the storage medium and completes the steps of the method in combination with the hardware.
The storage medium may be a memory, for example, which may be volatile memory or nonvolatile memory, or which may include both volatile and nonvolatile memory.
The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory.
The volatile Memory may be a Random Access Memory (RAM) which serves as an external cache. By way of example and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (ddr Data Rate SDRAM), Enhanced SDRAM (ESDRAM), synclink DRAM (SLDRAM), and Direct memory bus RAM (DRRAM).
The storage media described in connection with the embodiments of the invention are intended to comprise, without being limited to, these and any other suitable types of memory.
Those skilled in the art will appreciate that the functionality described in the present invention may be implemented in a combination of hardware and software in one or more of the examples described above. When software is applied, the corresponding functionality may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (10)
1. An agent access method based on an enterprise browser is characterized by comprising the following steps:
when a user accesses a terminal server based on an enterprise browser, obtaining accessed flow data;
packaging the flow data based on a preset UDP protocol to obtain a UDP data packet;
performing SPA verification on the UDP data packet, opening a corresponding port and establishing connection after the verification is passed, and forwarding the UDP data packet to a preset gateway through the connection;
and decrypting and restoring the UDP data packet based on the preset gateway to obtain the original flow data, thereby realizing safe communication.
2. The enterprise browser-based proxy access method of claim 1, further comprising: and encrypting the UDP data packet according to a preset encryption algorithm in the process of packaging the flow data based on a preset UDP protocol.
3. The agent access method based on an enterprise browser according to claim 1, wherein the encapsulating the traffic data based on a preset UDP protocol to obtain a UDP packet specifically includes:
generating a UDP header based on the destination port information, the source port information and the UDP checksum field;
and encapsulating the flow data and the UDP header according to a preset encapsulation rule to obtain the UDP data packet.
4. The agent access method based on the enterprise browser as claimed in claim 3, wherein the step of opening the corresponding port and establishing a connection after the verification is passed, and forwarding the UDP packet to a predetermined gateway through the connection specifically comprises:
after the verification passes, identifying the source port information and the destination port information in the UDP header; opening corresponding source ports and destination ports according to the source port information and the destination port information, and establishing connection based on the opened source ports and the opened destination ports;
and forwarding the UDP data packet from the source port to the destination port of a preset gateway through the connection.
5. The proxy access method based on the enterprise browser as claimed in claim 1, wherein the terminal server is a server corresponding to a business system accessed based on the enterprise browser.
6. An enterprise browser-based proxy access device, comprising:
the flow data acquisition unit is used for acquiring accessed flow data when a user accesses the terminal server based on the enterprise browser;
the encapsulation unit encapsulates the flow data based on a preset UDP protocol to obtain a UDP data packet;
the verification and sending unit is used for performing SPA verification on the UDP data packet, opening a corresponding port and establishing connection after the verification is passed, and forwarding the UDP data packet to a preset gateway through the connection;
and the decryption reduction unit is used for decrypting and reducing the UDP data packet based on the preset gateway to obtain the original flow data so as to realize safe communication.
7. An agent access method based on an enterprise browser is characterized by comprising the following steps:
when a user accesses an enterprise browser based on a source end, receiving a UDP data packet which is sent by the enterprise browser and obtained by encapsulating flow data based on a preset UDP protocol;
and analyzing the UDP data packet based on a preset decryption rule to obtain the accessed original flow data.
8. An enterprise browser-based proxy access device, comprising:
the device comprises a UDP data packet receiving unit, a UDP data packet processing unit and a UDP packet processing unit, wherein the UDP data packet receiving unit is used for receiving a UDP data packet which is sent by an enterprise browser and obtained by packaging flow data based on a preset UDP protocol when a user accesses the enterprise browser based on a source end;
and the analysis unit is used for analyzing the UDP data packet based on a preset decryption rule to obtain the accessed original flow data.
9. An electronic device, comprising:
a processor; and
a memory for storing a program of an enterprise browser based proxy access method, wherein the electronic device executes the enterprise browser based proxy access method according to any one of the above claims 1 to 5 or claim 7 after being powered on and running the program of the enterprise browser based proxy access method through the processor.
10. A computer readable storage medium having one or more program instructions embodied therein for execution by a server of the enterprise browser based proxy access method of any one of claims 1-5 or claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911222759.3A CN111193712A (en) | 2019-12-03 | 2019-12-03 | Agent access method and device based on enterprise browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911222759.3A CN111193712A (en) | 2019-12-03 | 2019-12-03 | Agent access method and device based on enterprise browser |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111193712A true CN111193712A (en) | 2020-05-22 |
Family
ID=70707258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911222759.3A Pending CN111193712A (en) | 2019-12-03 | 2019-12-03 | Agent access method and device based on enterprise browser |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111193712A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866297A (en) * | 2021-04-02 | 2021-05-28 | 中国工商银行股份有限公司 | Method, device and system for processing access data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399671A (en) * | 2008-11-18 | 2009-04-01 | 中国科学院软件研究所 | Cross-domain authentication method and system thereof |
| US20130298218A1 (en) * | 2006-03-22 | 2013-11-07 | Michael B. Rash | Method for secure single-packet authorization within cloud computing networks |
| CN103763308A (en) * | 2013-12-31 | 2014-04-30 | 北京明朝万达科技有限公司 | Method and device for having access to webpage safely and downloading data through intelligent terminal |
| CN105898775A (en) * | 2016-03-31 | 2016-08-24 | 网宿科技股份有限公司 | Method and system for realizing directional UDP flow guiding of mobile app |
| CN108494793A (en) * | 2018-04-11 | 2018-09-04 | 北京指掌易科技有限公司 | Network Access Method, apparatus and system |
| CN110049046A (en) * | 2019-04-19 | 2019-07-23 | 北京奇安信科技有限公司 | Access control method, terminal, server and system |
-
2019
- 2019-12-03 CN CN201911222759.3A patent/CN111193712A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130298218A1 (en) * | 2006-03-22 | 2013-11-07 | Michael B. Rash | Method for secure single-packet authorization within cloud computing networks |
| CN101399671A (en) * | 2008-11-18 | 2009-04-01 | 中国科学院软件研究所 | Cross-domain authentication method and system thereof |
| CN103763308A (en) * | 2013-12-31 | 2014-04-30 | 北京明朝万达科技有限公司 | Method and device for having access to webpage safely and downloading data through intelligent terminal |
| CN105898775A (en) * | 2016-03-31 | 2016-08-24 | 网宿科技股份有限公司 | Method and system for realizing directional UDP flow guiding of mobile app |
| CN108494793A (en) * | 2018-04-11 | 2018-09-04 | 北京指掌易科技有限公司 | Network Access Method, apparatus and system |
| CN110049046A (en) * | 2019-04-19 | 2019-07-23 | 北京奇安信科技有限公司 | Access control method, terminal, server and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866297A (en) * | 2021-04-02 | 2021-05-28 | 中国工商银行股份有限公司 | Method, device and system for processing access data |
| CN112866297B (en) * | 2021-04-02 | 2023-02-24 | 中国工商银行股份有限公司 | Method, device and system for processing access data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9021251B2 (en) | Methods, systems, and computer program products for providing a virtual private gateway between user devices and various networks | |
| CA2909799C (en) | Selectively performing man in the middle decryption | |
| US9306933B2 (en) | Ensuring network connection security between a wrapped app and a remote server | |
| US7412539B2 (en) | Method and apparatus for resource locator identifier rewrite | |
| US20100228962A1 (en) | Offloading cryptographic protection processing | |
| US7657737B2 (en) | Method for mapping an encrypted https network packet to a specific url name and other data without decryption outside of a secure web server | |
| US11700239B2 (en) | Split tunneling based on content type to exclude certain network traffic from a tunnel | |
| WO2019062666A1 (en) | System, method, and apparatus for securely accessing internal network | |
| US20160248734A1 (en) | Multi-Wrapped Virtual Private Network | |
| US10262146B2 (en) | Application-to-application messaging over an insecure application programming interface | |
| CN104734903B (en) | The safety protecting method of OPC agreements based on Dynamic Tracing Technology | |
| US10075424B2 (en) | Application authentication wrapper | |
| CN112202715A (en) | System, method and device for credible interaction between Internet of things and block chain | |
| CN108243143A (en) | A kind of gateway penetrating method and system based on different web agent | |
| CN109309684A (en) | A kind of business access method, apparatus, terminal, server and storage medium | |
| JP6666441B2 (en) | IP address obtaining method and apparatus | |
| CN111147451A (en) | Service system security access method, device and system based on cloud platform | |
| CN111756751A (en) | Message transmission method and device and electronic equipment | |
| CN110474922B (en) | Communication method, PC system and access control router | |
| CN113992642B (en) | Flow auditing method, device and related equipment of gateway proxy server | |
| CN111193707A (en) | Pre-verification access method and device based on enterprise browser | |
| CN110855656B (en) | Plug-in flow proxy method, device and system capable of realizing application server protection | |
| CN111193712A (en) | Agent access method and device based on enterprise browser | |
| CN111200499B (en) | System data access method and device based on PC (personal computer) end enterprise browser | |
| CN111211902A (en) | Digital signature method and device based on enterprise browser |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200522 |