CN111211958B - Method and device for providing VPN (virtual private network) service, block chain network and node equipment - Google Patents
Method and device for providing VPN (virtual private network) service, block chain network and node equipment Download PDFInfo
- Publication number
- CN111211958B CN111211958B CN201911370258.XA CN201911370258A CN111211958B CN 111211958 B CN111211958 B CN 111211958B CN 201911370258 A CN201911370258 A CN 201911370258A CN 111211958 B CN111211958 B CN 111211958B
- Authority
- CN
- China
- Prior art keywords
- node
- connection request
- vpn
- vpn connection
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The present disclosure relates to a method and apparatus for providing a VPN service, a blockchain network, and a node device, where the blockchain network includes a plurality of nodes including a service node and a relay node; the intelligent contract of the block chain network records the forwarding sequence information of the nodes; each node is used for determining whether a subsequent node exists in the node according to the forwarding sequence information when receiving a VPN connection request of a client, and forwarding the VPN connection request to the subsequent node if the subsequent node exists in the node; the service node is further configured to provide VPN service to the client when receiving the VPN connection request.
Description
Technical Field
The present disclosure relates to the field of network technologies, and in particular, to a method and an apparatus for providing a VPN service, a block chain network, and a node device.
Background
A VPN (Virtual Private Network) can provide intranet access services for users not belonging to an intranet, so that the users can access the intranet through the internet at any position to access intranet resources. Therefore, VPN is widely used in life and work as a technology that can provide a remote secure access scheme.
However, the VPN server should be able to receive a connection from any node in the public network as an access point in the public network and determine whether to provide VPN services to the access node after verifying the identity of the access node after the connection. However, such disclosure of the address information of the VPN server may cause the VPN server to receive a malicious attack from an accessor, which threatens resources protected by the VPN server.
Disclosure of Invention
An object of the present disclosure is to provide a method and an apparatus for providing a VPN service, a blockchain network, and a node device, so as to solve the above technical problems.
In order to achieve the above object, a first aspect of the present disclosure provides a blockchain network for providing a virtual private network VPN service, including a plurality of nodes, the plurality of nodes being nodes in the blockchain network, the plurality of nodes including a service node and a relay node; the intelligent contract of the block chain network records the forwarding sequence information of the nodes; each node is used for determining whether a subsequent node exists in the node according to the forwarding sequence information when receiving a VPN connection request of a client, and forwarding the VPN connection request to the subsequent node if the subsequent node exists in the node; the service node is further configured to provide VPN service to the client when receiving the VPN connection request.
Optionally, the intelligent contract of the blockchain network is configured to, when receiving a VPN connection request sent by the client, sort the plurality of nodes, and write a result of the sorting into the intelligent contract as the forwarding order information.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; before forwarding the VPN connection request to a next hop node, any node decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
Optionally, each node is specifically configured to determine, according to the forwarding sequence information, a previous-hop node of the node, encrypt an IP address and/or a port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; each node is specifically configured to, when receiving a VPN connection request, replace source address information of the VPN connection request with address information of the node, and replace destination address information of the VPN connection request with address information of a next-hop node of the node, and then send the destination address information.
Optionally, the service node is further configured to provide a VPN service to the client when receiving the VPN connection request, and replace the source address information of the VPN connection request with the address information of the node, and replace the destination address information of the VPN connection request with the address information of the next-hop node of the node, and then send the destination address information.
Optionally, the blockchain network is further configured to send, when receiving a VPN connection request sent by the client, the VPN connection request to a first node in the forwarding order information.
In a second aspect of the present disclosure, a method for providing a VPN service is provided, the method being applied to a node in a blockchain network, and the method including: receiving a VPN connection request of a client; determining subsequent nodes of the nodes according to forwarding sequence information of the nodes recorded in an intelligent contract of the block chain network, wherein the nodes comprise service nodes for providing VPN service; forwarding the received VPN connection request to the subsequent node.
Optionally, the node is a service node providing a VPN service, and the method further includes providing a VPN service for a client after receiving a VPN connection request from the client.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the forwarding the received VPN coupling request to the successor node includes: before forwarding the VPN connection request to a next hop node, the node decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
Optionally, the method further includes determining a previous hop node of the node according to the forwarding sequence information, encrypting the IP address and/or the port of the node by using the public key of the previous hop node, and writing the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; the forwarding the received VPN coupling request to the successor node includes: when receiving a VPN connection request, the source address information of the VPN connection request is replaced by the address information of the node, and the destination address information of the VPN connection request is replaced by the address information of the next hop node of the node and then is transmitted.
In a third aspect of the present disclosure, an apparatus for providing a VPN service is provided, where the apparatus is applied to nodes in a blockchain network, where the nodes include a service node and a relay node, and the apparatus includes: the receiving module is used for receiving a VPN connection request of a client; the determining module is used for determining the subsequent nodes of the nodes according to the forwarding sequence information of the nodes recorded in the intelligent contract of the block chain network; and the forwarding module is used for forwarding the received VPN connection request to the subsequent node.
Optionally, when the apparatus is applied to the service node, the apparatus further includes a service module, configured to provide a VPN service to the client.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the device also comprises a decryption module used for decrypting the access information of the next hop node through a private key of the decryption module, and the forwarding module is used for forwarding the VPN connection request to the next hop node according to the access information after the decrypted access information is obtained.
Optionally, the apparatus further includes an encryption module, configured to determine a previous-hop node of the node according to the forwarding sequence information, encrypt the IP address and/or the port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; and the forwarding module is used for replacing the source address information of the VPN connection request with the address information of the node and replacing the destination address information of the VPN connection request with the address information of the next hop node of the node for sending when receiving the VPN connection request.
In a fourth aspect of the present disclosure, a node device is provided, which is configured as a relay node in a blockchain network according to any one of the first aspect of the present disclosure.
In a fifth aspect of the present disclosure, a node device is provided, which is configured as a serving node in a blockchain network according to any one of the first aspect of the present disclosure.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
fig. 1 is a schematic diagram illustrating a blockchain network according to an exemplary disclosed embodiment.
Fig. 2 is a schematic diagram illustrating a process for providing VPN services in a blockchain network according to an exemplary disclosed embodiment.
Fig. 3 is a flow chart illustrating a method for providing VPN services according to an exemplary disclosed embodiment.
Fig. 4 is a flow chart illustrating an apparatus for providing VPN services according to an exemplary disclosed embodiment.
Fig. 5 is a schematic diagram illustrating a node device according to an exemplary disclosed embodiment.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
First, an implementation scenario of the present disclosure will be explained. The method and the system are applied to the scene of providing the VPN service for the client. If an external user wants to connect the intranet, a connection request needs to be sent to the VPN server through the client, after the identity of the client is confirmed by the VPN server, VPN service is provided for the client, and the user can access resources in the intranet through the client. However, since a VPN server is required to be used as a bridge for communication between an intranet and a client, an address of the VPN server needs to be disclosed in the internet, so that an external user can access the VPN server anywhere through any interface of the internet, and such address information exposure brings great hidden trouble to information security of the VPN server.
In the disclosure, the VPN server is hidden in the blockchain network, and an external user does not directly access an address where the VPN server is located, but a node in the blockchain network forwards a VPN connection request of the external user layer by layer to the VPN server, so that the effect that the external user can access the VPN server from any position through any interface of the internet is achieved, and simultaneously, a real address of the VPN server is hidden, so that information security of the VPN server is guaranteed.
Fig. 1 is a schematic diagram illustrating a blockchain network according to an exemplary disclosed embodiment. As shown in fig. 1, the blockchain network includes a plurality of nodes including a serving node and a relay node. For convenience of description, fig. 1 shows 1 serving node and 5 relay nodes in total, and the number of the serving nodes and the number of the relay nodes are not limited.
An intelligent contract for a blockchain network may be considered a rule that constrains the blockchain network to perform an operation when certain conditions are satisfied. The intelligent contract records the forwarding sequence information of a plurality of nodes (including the service node and the relay node). In fig. 1, the forwarding order among the nodes is "relay node 1" to "relay node 3" to "serving node" to "relay node 5" to "relay node 2" to "relay node 4". The forwarding order information may be a constant order preset by an administrator. The blockchain network may also automatically re-randomly order the nodes after a certain time interval, which may be an hour, a day, a week, a month, etc.
In a possible implementation, the forwarding sequence information is generated by the intelligent contract of the blockchain network sorting the nodes when the blockchain network receives a VPN connection request sent by a client, that is, the intelligent contract of the blockchain network randomly sorts the nodes in the blockchain network once each VPN connection request is received, so that the forwarding sequence information changes each time a VPN connection request is received, and the security of a VPN server (i.e., a service node) in the blockchain network is further increased.
The VPN connection request is forwarded in the blockchain network according to the ordering in the forwarding order information. When receiving the VPN connection request, the node in the blockchain network may determine whether a subsequent node exists according to the forwarding sequence information, and if so, forward the VPN connection request to the subsequent node, and if not (that is, if the node is a chain tail), discard the VPN connection request or do no processing. The VPN connection request may traverse all relay nodes and serving nodes in the blockchain network.
In order to further improve the security of the service node in the blockchain network, the node in the blockchain network can only receive the data sent by the preamble node. That is, the address information (IP address and/or port) of each node may be encrypted by the public key of the previous hop node to obtain access information, and the access information is synchronized into the intelligent contract, so that the previous hop node may decrypt the access information of its next hop node before forwarding, and forward the access information to the next hop node according to the decrypted access information.
In a possible implementation manner, after determining the forwarding order information, each node may determine a public key of its previous-hop node (if any), encrypt its IP address and/or port by using the public key, and write the encrypted IP address and/or port into the intelligent contract.
After receiving a VPN connection request in a blockchain network, forwarding the VPN connection request to a first node in a forwarding sequence, forwarding the first node to a next hop node of the first node, and forwarding the VPN connection request in the blockchain sequentially along the forwarding sequence through all nodes until a last node at the tail of the blockchain discards the VPN connection request; when the VPN connection request passes through the service node on the way, the service node responds to the VPN connection request to provide VPN connection service and forwards the VPN connection service.
When the node receives the VPN connection request, the source address information in the received VPN connection request may be replaced with its own address information, and the destination address information may be replaced with the address information of the next-hop node, so as to implement forwarding of the VPN connection request.
For the service node, in addition to replacing the source address information and the destination address information in the VPN connection request, it is also necessary to provide a responsive VPN service in response to the VPN connection request.
Fig. 2 is a schematic diagram illustrating a process for providing VPN services in a blockchain network according to an exemplary disclosed embodiment. The process of providing VPN services in a blockchain network comprises the steps of:
and S21, when the block chain network receives the VPN connection request of the client, the intelligent contract sequences the nodes in the block chain network and records the sequencing result as the forwarding sequence information. S22, all nodes in the block chain network acquire the public key of the previous hop node (if any) according to the sequencing result, encrypt the address information of the nodes to obtain access information, and upload the encrypted access information to an intelligent contract or send the access information to other nodes. And S23, the block chain network sends the VPN connection request to the first node in the forwarding sequence information. And S24, the first node replaces the source address information in the VPN connection request with the address information of the first node, replaces the destination address information with the address information of the next hop, and forwards the address information. S25, the relay node in the blockchain network replaces the address information in the VPN connection request and sequentially forwards the address information in the VPN connection request in the same manner as the first node, and the service node needs to both forward the VPN connection request and provide the VPN service in response to the VPN connection request until the VPN connection request is forwarded to the node at the end of the chain (the last node in the forwarding order information). And S26, the node at the tail of the chain discards the VPN connection request. It should be noted that, when the service node is a node at the end of the chain, the service node directly provides the VPN service based on the VPN connection request, and the VPN connection request may not be discarded.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Fig. 3 is a flow chart illustrating a method for providing VPN services according to an exemplary disclosed embodiment. The method is applied to a node in a block chain network, wherein the node can be a service node or a relay node, and the method comprises the following steps: receiving a VPN connection request of a client; determining subsequent nodes of the nodes according to forwarding sequence information of the nodes recorded in an intelligent contract of the block chain network, wherein the nodes comprise service nodes for providing VPN service; forwarding the received VPN connection request to the subsequent node. When the node is a serving node, the method further comprises: after receiving a VPN connection request of a client, providing VPN service for the client. As shown in fig. 3, the method comprises the steps of:
and S31, receiving a VPN connection request of the client.
For a first node in the forwarding order information, the VPN connection request is sent by the blockchain network; for other nodes, the VPN coupling request is sent by the preceding node.
S32, determining whether the nodes have subsequent nodes according to the forwarding sequence information of the nodes recorded in the intelligent contract of the block chain network.
If a subsequent node exists, go to step S33; if no subsequent node exists, the VPN connection request is discarded.
The forwarding order information may be a constant order preset by an administrator. The blockchain network may also automatically re-randomly order the nodes after a certain time interval, which may be an hour, a day, a week, a month, etc.
In a possible implementation, the forwarding sequence information is generated by the intelligent contract of the blockchain network sorting the nodes when the blockchain network receives a VPN connection request sent by a client, that is, the intelligent contract of the blockchain network randomly sorts the nodes in the blockchain network once each VPN connection request is received, so that the forwarding sequence information changes each time a VPN connection request is received, and the security of a VPN server (i.e., a service node) in the blockchain network is further increased.
When receiving the VPN connection request, the node in the blockchain network may determine whether a subsequent node exists according to the forwarding sequence information, and if so, forward the VPN connection request to the subsequent node, and if not (that is, if the node is a chain tail), discard the VPN connection request or do no processing. The VPN connection request may traverse all relay nodes and serving nodes in the blockchain network.
And S33, judging whether the node is a relay node or a service node.
If the node is a relay node, go to step S34, and if the node is a serving node, go to step S35.
S34, forwarding the received VPN connection request to the subsequent node.
S35, providing VPN service for the client, and forwarding the received VPN connection request to the subsequent node.
When the service node receives the VPN connection request, the service node may verify the verification information in the VPN connection request, and after the verification is passed, the service node may provide the VPN service for the client (e.g., feed back information to the client through the blockchain network, etc.). After receiving the VPN connection request, the service node not only needs to provide the VPN service to the client, but also needs to forward the VPN connection request to a subsequent node (if the subsequent node exists), so that the VPN connection request is forwarded by all the relay nodes, and other people are difficult to locate a specific address of the service node according to the interrupt position of the forwarding record, thereby further ensuring the information security of the service node.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the forwarding the received VPN coupling request to the successor node includes: before forwarding the VPN connection request to a next hop node, the node decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
Optionally, the method further includes determining a previous hop node of the node according to the forwarding sequence information, encrypting the IP address and/or the port of the node by using the public key of the previous hop node, and writing the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; the forwarding the received VPN coupling request to the successor node includes: when receiving a VPN connection request, the source address information of the VPN connection request is replaced by the address information of the node, and the destination address information of the VPN connection request is replaced by the address information of the next hop node of the node and then is transmitted.
With regard to the method in the above-described embodiment, the detailed implementation of each step has been described in detail in the embodiment related to the blockchain network, and will not be elaborated herein.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Fig. 4 is a flow chart illustrating an apparatus for providing VPN services according to an exemplary disclosed embodiment. The apparatus 400 is applied to a node in a block chain network, where the node may be a serving node or a relay node, and the apparatus 400 includes:
a receiving module 410, configured to receive a VPN connection request of a client.
The determining module 420 is configured to determine a subsequent node of the nodes according to the forwarding sequence information of the plurality of nodes recorded in the intelligent contract of the block chain network.
A forwarding module 430, configured to forward the received VPN connection request to the subsequent node.
When the apparatus 400 is applied to the service node, the apparatus 400 further includes a service module for providing a VPN service to the client.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the device also comprises a decryption module used for decrypting the access information of the next hop node through a private key of the decryption module, and the forwarding module is used for forwarding the VPN connection request to the next hop node according to the access information after the decrypted access information is obtained.
Optionally, the apparatus further includes an encryption module, configured to determine a previous-hop node of the node according to the forwarding sequence information, encrypt the IP address and/or the port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; and the forwarding module is used for replacing the source address information of the VPN connection request with the address information of the node and replacing the destination address information of the VPN connection request with the address information of the next hop node of the node for sending when receiving the VPN connection request.
With regard to the apparatus in the above embodiments, the specific implementation of each module has been described in detail in the embodiments related to the blockchain network, and will not be elaborated herein.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Fig. 5 is a schematic diagram illustrating a node device according to an exemplary disclosed embodiment. The node device may be provided as a relay node or a serving node in the above-described blockchain network. Referring to fig. 5, the electronic device 500 comprises a processor 522, which may be one or more in number, and a memory 532 for storing computer programs executable by the processor 522. The computer programs stored in memory 532 may include one or more modules that each correspond to a set of instructions. Further, the processor 522 may be configured to execute the computer program to perform the above-described method for providing a VPN service.
Additionally, the electronic device 500 may also include a power component 526 and a communication component 550, the power component 526 may be configured to perform power management of the electronic device 500, and the communication component 550 may be configured to enable communication, e.g., wired or wireless communication, of the electronic device 500. In addition, the electronic device 500 may also include input/output (I/O) interfaces 558. The electronic device 500 may operate based on an operating system stored in memory 532, such as Windows Server, Mac OS XTM, UnixTM, Linux, and the like.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described method for providing VPN services is also provided. For example, the computer readable storage medium may be the memory 532 described above including program instructions that are executable by the processor 522 of the electronic device 500 to perform the method for providing VPN services described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned method for providing VPN services when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (12)
1. A blockchain network for providing VPN services comprising a plurality of nodes including a service node and a relay node;
the intelligent contract of the block chain network records the forwarding sequence information of the nodes;
each node in the plurality of nodes is used for determining whether the node has a subsequent node according to the forwarding sequence information when receiving a VPN connection request of a client, and forwarding the VPN connection request to the subsequent node if the node has the subsequent node;
the service node is further configured to provide VPN service to the client when receiving the VPN connection request.
2. A blockchain network according to claim 1, wherein the intelligent contract of the blockchain network is configured to, upon receiving a VPN connection request sent by the client, order the plurality of nodes and write an ordering result as the forwarding order information into the intelligent contract.
3. A blockchain network according to claim 1, wherein access information of a next hop node of the node is further recorded in the intelligent contract for each node in the plurality of nodes, the access information of the next hop node of any node is obtained by encrypting address information of the next hop node of the node through a public key of the node, and the address information includes an IP address and/or a port;
before forwarding the VPN connection request to a next hop node, any node in the plurality of nodes decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
4. The blockchain network of claim 3, wherein each of the plurality of nodes is specifically configured to determine a previous-hop node of the node according to the forwarding sequence information, encrypt an IP address and/or a port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
5. A blockchain network as in claim 1 wherein said VPN connection request includes source address information and destination address information;
each of the plurality of nodes is specifically configured to, when receiving a VPN connection request, replace source address information of the VPN connection request with address information of the node, and replace destination address information of the VPN connection request with address information of a next hop node of the node, and then transmit the destination address information.
6. A blockchain network as recited in claim 1 wherein the blockchain network is further configured to send the VPN connection request to the first node in the forwarding order information upon receiving the VPN connection request sent by the client.
7. A method for providing VPN services, the method being applied to a node in a blockchain network, the method comprising:
receiving a VPN connection request of a client;
determining subsequent nodes of the nodes according to forwarding sequence information of the nodes recorded in an intelligent contract of the block chain network, wherein the nodes comprise service nodes for providing VPN service;
forwarding the received VPN connection request to the subsequent node.
8. The method of claim 7, wherein the node is a service node providing VPN services, and wherein the method further comprises providing VPN services to a client upon receiving a VPN connection request from the client.
9. An apparatus for providing VPN services, the apparatus being applied to a node in a blockchain network, the apparatus comprising:
the receiving module is used for receiving a VPN connection request of a client;
a determining module, configured to determine a subsequent node of the nodes according to forwarding sequence information of the multiple nodes recorded in an intelligent contract of the blockchain network, where the multiple nodes include a service node for providing a VPN service;
and the forwarding module is used for forwarding the received VPN connection request to the subsequent node.
10. The apparatus of claim 9, wherein the apparatus is applied to the service node, and wherein the apparatus further comprises:
and the service module is used for providing VPN service for the client after the receiving module receives the VPN connection request.
11. A node device, characterized in that the node device is configured as a relay node in a blockchain network according to any of claims 1-6.
12. A node device configured as a serving node in a blockchain network according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911370258.XA CN111211958B (en) | 2019-12-26 | 2019-12-26 | Method and device for providing VPN (virtual private network) service, block chain network and node equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911370258.XA CN111211958B (en) | 2019-12-26 | 2019-12-26 | Method and device for providing VPN (virtual private network) service, block chain network and node equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111211958A CN111211958A (en) | 2020-05-29 |
| CN111211958B true CN111211958B (en) | 2021-09-24 |
Family
ID=70788206
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911370258.XA Active CN111211958B (en) | 2019-12-26 | 2019-12-26 | Method and device for providing VPN (virtual private network) service, block chain network and node equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111211958B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114157671A (en) * | 2021-11-26 | 2022-03-08 | 支付宝(杭州)信息技术有限公司 | Method for distributing information carried by blockchain network to a plurality of client nodes |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107579998A (en) * | 2017-10-17 | 2018-01-12 | 光载无限(北京)科技有限公司 | Personal data center and digital identification authentication method based on block chain, digital identity and intelligent contract |
| CN107980216A (en) * | 2017-05-26 | 2018-05-01 | 深圳前海达闼云端智能科技有限公司 | Communication means, device, system, electronic equipment and computer-readable recording medium |
| CN110557290A (en) * | 2019-09-17 | 2019-12-10 | 腾讯科技(深圳)有限公司 | Processing method and device for network acceleration service |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190311148A1 (en) * | 2018-04-10 | 2019-10-10 | Black Gold Coin, Inc. | System and method for secure storage of electronic material |
-
2019
- 2019-12-26 CN CN201911370258.XA patent/CN111211958B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107980216A (en) * | 2017-05-26 | 2018-05-01 | 深圳前海达闼云端智能科技有限公司 | Communication means, device, system, electronic equipment and computer-readable recording medium |
| CN107579998A (en) * | 2017-10-17 | 2018-01-12 | 光载无限(北京)科技有限公司 | Personal data center and digital identification authentication method based on block chain, digital identity and intelligent contract |
| CN110557290A (en) * | 2019-09-17 | 2019-12-10 | 腾讯科技(深圳)有限公司 | Processing method and device for network acceleration service |
Non-Patent Citations (1)
| Title |
|---|
| 企业网络信息安全管控平台的设计与展望;孙强,刘新,于灏;《信息技术》;20181231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111211958A (en) | 2020-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220006627A1 (en) | Quantum key distribution node apparatus and method for quantum key distribution thereof | |
| US10326798B2 (en) | System and method for secure data transmission and storage | |
| CN103067158B (en) | Encrypting and decrypting method, encrypting and decrypting device and key management system | |
| US7016499B2 (en) | Secure ephemeral decryptability | |
| US8068609B2 (en) | Method and system for secured wireless data transmission to and from a remote device | |
| US6826395B2 (en) | System and method for secure trading mechanism combining wireless communication and wired communication | |
| US10397274B2 (en) | Packet inspection and forensics in an encrypted network | |
| US20170149748A1 (en) | Secure Group Messaging and Data Steaming | |
| CN106487802B (en) | The method for detecting abnormal and device of IPSec SA based on DPD agreement | |
| CN111193703B (en) | Communication apparatus and communication method used in distributed network | |
| CN107864129B (en) | Method and device for ensuring network data security | |
| US9626522B1 (en) | Method and apparatus for the network steganographic assessment of a test subject | |
| CN110311884B (en) | Apparatus, method, and storage medium for secure communication in non-deterministic network | |
| CN114938312B (en) | Data transmission method and device | |
| CN112491821A (en) | IPSec message forwarding method and device | |
| KR101479290B1 (en) | Agent for providing security cloud service, security token device for security cloud service | |
| CN111211958B (en) | Method and device for providing VPN (virtual private network) service, block chain network and node equipment | |
| US8670565B2 (en) | Encrypted packet communication system | |
| JP2022523068A (en) | Systems and methods for secure electronic data transfer | |
| US20160036792A1 (en) | Systems, apparatus, and methods for private communication | |
| KR20160123416A (en) | Information security device, terminal, network having information security system and terminal | |
| CN110995730B (en) | Data transmission method and device, proxy server and proxy server cluster | |
| WO2017143541A1 (en) | Data security protection method and apparatus | |
| JP6718466B2 (en) | Dynamic data encryption method and related method for controlling decryption right | |
| CN103973674A (en) | Method and device for synchronizing host and backup information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210308 Address after: 201111 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai Applicant after: Dalu Robot Co.,Ltd. Address before: No.3, 7th floor, unit 1, building 5, No.399, Fucheng Avenue West, Chengdu, Sichuan 610094 Applicant before: CLOUDMINDS (CHENGDU) TECHNOLOGIES Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 201111 Building 8, No. 207, Zhongqing Road, Minhang District, Shanghai Patentee after: Dayu robot Co.,Ltd. Address before: 201111 2nd floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai Patentee before: Dalu Robot Co.,Ltd. |
|
| CP03 | Change of name, title or address |