CN113329033A - Method for establishing communication connection between local area networks, user side equipment and gateway equipment - Google Patents

Method for establishing communication connection between local area networks, user side equipment and gateway equipment Download PDF

Info

Publication number
CN113329033A
CN113329033A CN202110701309.3A CN202110701309A CN113329033A CN 113329033 A CN113329033 A CN 113329033A CN 202110701309 A CN202110701309 A CN 202110701309A CN 113329033 A CN113329033 A CN 113329033A
Authority
CN
China
Prior art keywords
equipment
encryption
server
decryption information
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110701309.3A
Other languages
Chinese (zh)
Inventor
陈钦奕
凌郁权
陈锦忠
童龙玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Lyric Robot Automation Co Ltd
Original Assignee
Guangdong Lyric Robot Intelligent Automation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Lyric Robot Intelligent Automation Co Ltd filed Critical Guangdong Lyric Robot Intelligent Automation Co Ltd
Priority to CN202110701309.3A priority Critical patent/CN113329033A/en
Publication of CN113329033A publication Critical patent/CN113329033A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Abstract

The application provides a method for establishing communication connection between local area networks, user equipment and gateway equipment, which is characterized in that interactive data between two local area networks are transferred by a transfer server with a public network IP (Internet protocol) proxy, after a server at a network service end receives a connection request of the user equipment to the specified gateway equipment, the server sends down first encryption and decryption information to realize the safe communication between the user equipment in the first local area network and equipment in a second local area network where the gateway equipment is positioned, and the remote upgrading of software and the debugging of remote equipment are facilitated. The embodiment of the invention establishes the virtual network tunnel of communication connection, provides communication service of the virtual local area network for the user terminal equipment and the equipment in the second local area network, and then carries out remote local equipment debugging, monitoring, upgrading and other services by a debugging tool provided by programming software.

Description

Method for establishing communication connection between local area networks, user side equipment and gateway equipment
Technical Field
The present application relates to the field of communications, and in particular, to a method for establishing a communication connection between local area networks, a user end device, and a gateway device.
Background
When the situation that the existing automation equipment runs abnormally in the running process is solved, the following two operation modes are available:
1. program control personnel carry out equipment maintenance on the site of equipment, however, the maintenance efficiency is low due to the traveling process of the program control personnel, and the maintenance cost is high due to the traveling cost borne by equipment providers;
2. after the field computer opens the remote service, a program control worker logs in a computer remote desktop on the field to update and change equipment, but the remote desktop operation mode needs to copy a local code to the field computer to modify related software, so that a great problem is brought to software protection; in addition, in the communication process, due to the adoption of a remote desktop technology, the control process also correspondingly increases the bandwidth of a software desktop picture.
Therefore, a service for establishing communication connection with devices in different local area networks is considered, through the service, program developers can conveniently and quickly connect to the local area networks of the devices through debugging tools, and local program debugging, updating and upgrading are remotely performed by means of the debugging tools provided by development software; the necessity of business trip maintenance is reduced, the equipment maintenance efficiency is greatly improved, and the equipment maintenance cost is saved.
However, in the local area network, a method of allocating a private address to a terminal is adopted to implement communication between terminals in the local area network, the private address cannot be routed in the public network, and when a terminal configured with the private address in the local area network needs to communicate with a terminal of the public network, address translation needs to be performed through a Network Address Translator (NAT) device. In the process of realizing the above, the inventor finds that at least the following problems exist in the prior art: when two terminals located in different local area networks communicate through a public network, because the addresses of the two terminals located in different local area networks are both private addresses, the NAT device needs to replace the source address and the destination address of a communication data packet transmitted between the two terminals located in different local area networks with the public network address, which may cause a problem that the communication data packet cannot be routed because the source address and the destination address cannot be determined.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method for establishing a communication connection between local area networks, a user end device, and a gateway device, so as to solve a problem that, in the prior art, both a source address and a destination address of a communication data packet transmitted between two terminals in different local area networks need to be replaced by a public network address, which may cause a communication data packet to be unable to be routed because the source address and the destination address cannot be determined.
The method for establishing communication connection between local area networks provided by the embodiment of the invention is applied to user end equipment in a first local area network, and comprises the following steps:
sending a connection request for requesting connection to the gateway device in the second local area network to the server;
receiving first encryption and decryption information which is sent by a server and is required for establishing connection with gateway equipment;
and establishing a virtual network tunnel for communication connection with the gateway equipment through a transit server with a public network IP according to the first encryption and decryption information.
In the technical scheme, the transfer server with the public network IP is used for transferring the interactive data between the two local area networks in an agent mode, after the server at the network service end receives the connection request of the user end equipment to the appointed gateway equipment, the server sends down the first encryption and decryption information, the safe communication between the user end equipment in the first local area network and the equipment in the second local area network where the gateway equipment is located is achieved, and the remote upgrading and the remote equipment debugging of software are facilitated.
In some optional embodiments, further comprising:
and the receiving server returns a trigger signal for rejecting the connection request and stops the connection with the gateway equipment.
In the above technical solution, the server at the network service end manages access to the gateway device and the user end device, and provides services such as related authority management and control, operation record, and the like, and if the server rejects the connection request, the connection between the user end device and the gateway device specified by the connection request is stopped.
In some optional embodiments, after the virtual network tunnel of the communication connection is established with the gateway device, the method further includes:
and acquiring transparent transmission data sent by the user side equipment to the gateway equipment, encrypting the transparent transmission data by using the public key in the first encryption and decryption information, and sending the encrypted transparent transmission data to the gateway equipment through the virtual network tunnel.
In some alternative embodiments, the pass-through data is generated by a development tool that initiates the integrated development environment at the client device.
In some optional embodiments, after the virtual network tunnel of the communication connection is established with the gateway device, the method further includes: and receiving the encryption state information fed back by the gateway equipment, and decrypting the encryption state information by using a private key in the first encryption and decryption information.
The method for establishing communication connection between local area networks provided by the embodiment of the invention is applied to gateway equipment in a second local area network, and comprises the following steps:
receiving second encryption and decryption information sent by the server;
and establishing a virtual network tunnel for communication connection with the user side equipment through a transit server with a public network IP according to the second encryption and decryption information.
The method for establishing communication connection between local area networks provided by the embodiment of the invention is applied to a server and comprises the following steps:
receiving a connection request of a user terminal device for connecting a gateway device in a second local area network;
and generating first encryption and decryption information and second encryption and decryption information according to the connection request, and respectively sending the first encryption and decryption information and the second encryption and decryption information to the user end equipment and the gateway equipment.
In some optional embodiments, before generating and sending the first encryption and decryption information and the second encryption and decryption information to the customer premise equipment and the gateway equipment, respectively, according to the connection request, the method further includes:
and determining the state of the gateway device in the state of the unconnected user end device. The embodiment of the invention provides a user end device, which comprises:
a connection request unit configured to send a connection request for requesting connection to a gateway device in the second local area network to the server;
the first receiving unit is used for receiving first encryption and decryption information which is sent by the server and is required for establishing connection with the gateway equipment;
and the first connection establishing unit is used for establishing a virtual network tunnel for communication connection with the gateway equipment through a transit server with a public network IP (Internet protocol) according to the first encryption and decryption information.
An embodiment of the present invention provides a gateway device, including:
the second receiving unit is used for receiving second encryption and decryption information sent by the server;
and the second connection establishing unit is used for establishing a virtual network tunnel in communication connection with the user side equipment through a transit server with a public network IP (Internet protocol) according to the second encryption and decryption information.
The communication system provided by the embodiment of the invention comprises:
the client device is used for sending a connection request for requesting to connect the gateway device in the second local area network to the server; receiving first encryption and decryption information which is sent by a server and is required for establishing connection with gateway equipment; and establishing a virtual network tunnel for communication connection with the gateway equipment through a transit server with a public network IP according to the first encryption and decryption information.
The gateway equipment is used for receiving second encryption and decryption information sent by the server; and establishing a virtual network tunnel for communication connection with the user side equipment through a transit server with a public network IP according to the second encryption and decryption information.
The server is used for receiving a connection request of the user terminal equipment for connecting the gateway equipment in the second local area network; inquiring the connection state of the gateway equipment; and when the connection state is that the gateway equipment is not connected with the customer premise equipment, generating first encryption and decryption information and second encryption and decryption information and respectively sending the first encryption and decryption information and the second encryption and decryption information to the customer premise equipment and the gateway equipment.
And the transfer server is provided with a public network IP and is used for data forwarding between the user side equipment and the gateway equipment.
An embodiment of the present invention provides a storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the method described in any one of the above.
In one or more embodiments of the invention, at least the following benefits are achieved:
in the method for establishing communication connection between local area networks of the embodiment of the invention, the transfer server with the public network IP is used for transferring the interactive data between the two local area networks in an agent way, and after the server at the network service end receives the connection request of the user end equipment to the appointed gateway equipment, the server transmits the first encryption and decryption information to realize the safe communication between the user end equipment in the first local area network and the equipment in the second local area network where the gateway equipment is positioned, thereby facilitating the remote upgrade of software and the debugging of remote equipment. The embodiment of the invention establishes the virtual network tunnel of communication connection, provides communication service of the virtual local area network for the user terminal equipment and the equipment in the second local area network, and then carries out remote local equipment debugging, monitoring, upgrading and other services by a debugging tool provided by programming software.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;
fig. 2 is a signal transmission diagram of a communication system according to an embodiment of the present application;
fig. 3 is a flowchart of steps of a method for directly establishing a communication connection between local area networks, which is applied to a user equipment according to an embodiment of the present application;
fig. 4 is a flowchart of steps of a method for directly establishing a communication connection between local area networks, which is applied to a gateway device according to an embodiment of the present application;
fig. 5 is a flowchart of steps of a method for directly establishing a communication connection between local area networks, which is applied to a server according to an embodiment of the present application;
fig. 6 is a schematic view of a workflow diagram of a communication system provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
When the existing automation equipment is abnormally operated in the operation process, a program control worker is generally dispatched to an equipment field for equipment maintenance, however, the maintenance efficiency is low due to the traveling process of the program control worker, and the maintenance cost is high due to the traveling cost borne by an equipment provider; if the field computer opens the remote service, the program control personnel logs in the computer remote desktop on the field to update and change the equipment, but the remote desktop operation mode needs to copy the local code to the field computer to modify the related software, which brings great problems to the software protection; in addition, in the communication process, due to the adoption of a remote desktop technology, the control process also correspondingly increases the bandwidth of a software desktop picture. Therefore, a service for establishing communication connections to devices in different local area networks is considered, by which a program developer can connect to a local area network of devices conveniently and quickly. In a possible scenario, for example, by using a debugging tool provided by development software, local program debugging, updating, and upgrading are performed remotely, the necessity of business trip maintenance is reduced, the efficiency of equipment maintenance is greatly improved, and the maintenance cost of equipment is saved.
Based on this, the embodiment of the present invention provides a method for directly establishing communication connection in a local area network, a user end device and a gateway device, wherein virtual local area network communication, data proxy service communication, a communication module, and the like are integrated into a system through innovative application of multiple communication technologies in industrial device maintenance, and a management server is further established based on the communication system service, so as to manage connection among multiple groups of devices, so as to be applied to remote operation and maintenance.
To facilitate understanding of the present embodiment, a communication system disclosed in the present embodiment is first described in detail:
referring to fig. 1, fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention, which specifically includes a server, a client device, a transit server, and a gateway device.
Specifically, referring to fig. 2, fig. 2 is a signal transmission diagram of a communication system. The method comprises the steps that a user end device sends a connection request for requesting connection with a gateway device in a second local area network to a server, the server inquires the connection state of the gateway device after receiving the connection request of the user end device for connecting with the gateway device in the second local area network, and when the connection state is that the gateway device is not connected with the user end device, the server generates first encryption and decryption information and second encryption and decryption information and sends the first encryption and decryption information and the second encryption and decryption information to the user end device and the gateway device respectively. The user end equipment receives first encryption and decryption information which is sent by the server and is needed for establishing connection with the gateway equipment, passes through a transfer server with a public network IP and establishes a virtual network tunnel for communication connection with the gateway equipment according to the first encryption and decryption information. And the gateway equipment receives the second encryption and decryption information issued by the server, passes through a transfer server with a public network IP and establishes a virtual network tunnel in communication connection with the user end equipment according to the second encryption and decryption information. And the transfer server is provided with a public network IP and is used for data forwarding between the user side equipment and the gateway equipment.
When the customer premise equipment communicates with the gateway equipment, the following two situations are included:
the user end equipment encrypts data to be transmitted to the gateway equipment according to the encryption information in the first encryption and decryption information, the encrypted data is forwarded to the gateway equipment through the transfer server with the public network IP, and at the moment, the gateway equipment decrypts the encrypted data according to the decryption information in the second encryption and decryption information.
The gateway device encrypts the data to be transmitted to the user end device according to the encryption information in the second encryption and decryption information, the encrypted data is forwarded to the user end device through the transfer server with the public network IP, and at the moment, the user end device decrypts the encrypted data according to the decryption information in the first encryption and decryption information.
Therefore, in the communication system according to the embodiment of the present invention, the relay server with the public network IP is used to proxy and relay the interactive data between the two lans, after the server at the network service end receives the connection request of the user end device to the specified gateway device, the server issues the first encryption and decryption information of the user end device and the second encryption and decryption information of the gateway device, and then the data is forwarded by the relay server with the public network IP, so that the secure communication between the user end device and the gateway device in different lans is realized.
The following describes in detail a method for establishing a communication connection between local area networks:
as shown in fig. 3, a method for establishing a communication connection between local area networks according to an embodiment of the present invention is applied to a customer premises equipment in a first local area network, and includes:
101. sending a connection request for requesting connection to the gateway device in the second local area network to the server;
the user end device may refer to terminal devices such as a mobile phone and a PC (see fig. 7 for a specific structure), or may refer to a terminal program running on these devices, such as an App (application program) on the mobile phone, an applet (such as a wechat applet) in the App, client software on the PC, a web page, and the like. Taking client software as an example, the client device is installed with client software which provides functions of user authentication login, user manageability of gateway device authority, connectable gateway device list display and the like.
The gateway device includes a gateway and a terminal device (the specific structure can refer to fig. 7).
The server may be deployed by a network platform, and the "server" in this application may refer to both a device serving as a server (a specific structure may refer to fig. 7) and a server program running on the device. The server provides services such as the online state of the gateway equipment, network state information, a data connection mode, connectable equipment management in a local area network, whether the current equipment is occupied, virtual service certificate management and the like; providing services such as authority management, operation record, use duration record, login certificate management and the like for client software;
before sending a connection request to a server, a user terminal device can also send information for identity authentication to the server, if the authentication is successful in the server, login of client software is successful, user manageable gateway device authority is issued according to authority setting of a registered user in the server, after the client software obtains the user manageable gateway device authority, a list of connectable gateway devices is displayed on an operation interface after login, and then the user can select any gateway device from the list display gateway devices to send the connection request.
In the process of providing remote virtual local area network service, a user needs to select connection of different target devices and provide exclusive remote operation and maintenance gateway device service, so that interference caused by upgrading of programs of the devices by multiple persons at the same time is avoided. And the server of the network server side manages the access of the gateway equipment and the user side equipment and provides related services such as authority management and control, operation record and the like, and if the server refuses the connection request, the connection between the user side equipment and the gateway equipment appointed by the connection request is stopped. According to the connection management of the server to the gateway device, if the receiving server returns a trigger signal for rejecting the connection request, the connection with the gateway device is stopped, and the steps 102 and 103 are not performed.
102. Receiving first encryption and decryption information which is sent by a server and is required for establishing connection with gateway equipment;
the first encryption and decryption information, the encryption and decryption process may include a plurality of kinds, which are not limited in the embodiment of the present invention, and are only exemplified by the following:
the first encryption and decryption mode comprises the use of a public key and a private key, wherein the public key can be disclosed for other people to use, and only the private key of the public key is reserved. The public key and the private key are used to encrypt and decrypt data, and if any one is used to encrypt data, only the other will be used to decrypt the data. In order to enable the user terminal device to communicate with the designated gateway device, the user terminal device needs to send a public key and a private key to the designated gateway device, the user terminal device wants to send data to the gateway device, the public key can be used for encrypting the content and then sending the encrypted content to the gateway device, and the gateway device uses the private key of the gateway device for decryption after receiving the encrypted content, so that the data security is ensured.
The second encryption and decryption method adopts a digital signature method besides a public key and a private key: calculating the data by hash software to obtain a hash value, wherein the process can ensure 2 points: 1. the process is irreversible. I.e. the content of the letter cannot be calculated from the message digest. 2. The message digest is not repeated. That is, if there is any change in the data, the message digest calculated by hash again must not be consistent with the message digest before the change. The message digest is encrypted using its own private key. The result of the message digest after encryption is a digital signature. The data is sent along with the digital signature. After the gateway device receives the letter, 2 things are done: 1. the public key is used for decrypting the digital signature, if the decryption is successful, the digital signature is the digital signature issued by the user end equipment, and the digital signature is not issued by others, because the private key of the user end equipment is not disclosed. 2. And the gateway equipment uses the hash software to carry out hash calculation on the data again, compares the data with the message digest obtained by decrypting the digital signature, and if the data are consistent with the message digest, the data are not falsified and are really sent by the user end equipment. This is the process of digital signature. The method can ensure that the message sent by the signer is not tampered and can also prove that the message sent by the signer is true.
In the third encryption and decryption mode, a digital certificate is also used to ensure that a public key is not spoofed: the digital certificate is a public key authenticated by an authority (CA), and by looking at the digital certificate, the certificate is issued by the authority, the certificate uses the information of the user, and the user uses the public key. The process of generating the digital certificate is as follows: 1. the holder sends the public key and identity information to the authority. 2. The authority is responsible for verifying the identity of the holder and ensuring that the public key and the information of the holder are accurate. 3. The authority uses its own private key to digitally sign the holder's public key, generating a digital certificate. 4. In order to ensure that the certificate is not tampered, an authority performs hash calculation on the digital certificate to generate an abstract, and uses a private key of the authority to perform digital signature on the abstract, and the digital signature is put into the digital certificate. After the gateway equipment receives the data, the digital signature in the digital certificate is decrypted by using the public key of the CA (the public key of the CA exists in the root certificate, and the root certificate is absolutely trusted) to obtain the original text of the digital signature, then the hash value of the digital certificate is calculated, the obtained hash value is compared with the obtained original text of the digital signature, whether the digital certificate is trustable or not can be verified, if the verification is passed, the information on the digital certificate is credible, then the real public key of the user end equipment is obtained, the digital signature is verified by using the real public key of the user end equipment, and if the verification is passed, the letter is sent by the user end equipment can be confirmed.
103. And establishing a virtual network tunnel for communication connection with the gateway equipment through a transit server with a public network IP according to the first encryption and decryption information.
Because the network where the gateway equipment is located in the local area network no matter through the 4G/5G wireless network, the WIFI access network, the WAN port and other networks, the public network IP address for providing service cannot be obtained; the network environment of the user side equipment is also positioned in the other local area network; data between two different local area networks are subjected to data proxy transfer through a transfer server with a public network IP (Internet protocol), so that data connection between the two local areas can be realized;
the virtual network tunnel used for communication connection between the user end device and the gateway device is created, and is a user end device localization virtual network.
Through the embodiment, the network where the gateway device is located and the network where the user end device is located can be connected when the networks are not in the same local area.
After the step 103, the method further includes, after the virtual network tunnel of the communication connection is established between the customer premise equipment and the gateway device: and acquiring transparent transmission data sent by the user side equipment to the gateway equipment, encrypting the transparent transmission data by using the public key in the first encryption and decryption information, and sending the encrypted transparent transmission data to the gateway equipment through the virtual network tunnel.
Similarly, after the virtual network tunnel of the communication connection is established between the customer premise equipment and the gateway equipment, the method further includes: and receiving the encryption state information fed back by the gateway equipment, and decrypting the encryption state information by using a private key in the first encryption and decryption information.
Conventional software development tools on the market all provide network debugging tools, such as Beckman, Ohlong, Siemens, VS, and the like; related debugging needs to provide accessible network services for programs, but due to equipment outgoing, a network address provided by an operator is a non-public network IP (Internet protocol), and the like, remote equipment connection cannot be realized under the conventional condition. By means of the communication connection method provided by the embodiment of the invention, communication services of the virtual local area network can be provided for the user side equipment and the equipment in the second local area network, and then services such as remote local equipment debugging, monitoring, upgrading and the like can be carried out by means of a debugging tool provided by programming software.
In summary, the relay server with the public network IP is used for relaying interactive data between two local area networks in proxy, after the server at the network server receives a connection request of the user equipment to the specified gateway equipment, the server sends down the first encryption and decryption information, so that the secure communication between the user equipment in the first local area network and the equipment in the second local area network where the gateway equipment is located is realized, and the remote upgrade and remote equipment debugging of software are facilitated.
Referring to fig. 4, fig. 4 shows a case where the method for establishing a communication connection between local area networks according to the embodiment of the present invention is applied to a gateway device in a second local area network, including:
201. receiving second encryption and decryption information sent by the server;
after the server receives the request of the user end equipment for connecting the gateway equipment, the server sends the first encryption and decryption information to the user end equipment, and meanwhile, the server also issues the second encryption and decryption information to the gateway equipment.
202. And establishing a virtual network tunnel for communication connection with the user side equipment through a transit server with a public network IP according to the second encryption and decryption information.
The first encryption and decryption information and the second encryption and decryption information are used in a matched mode, and when data are encrypted by using the encryption information in the second encryption and decryption information and are sent to the user end equipment, the user end equipment can decrypt the encrypted data through the decryption information of the first encryption and decryption information. Similarly, when the client device encrypts data by using the encryption information of the first encryption/decryption information, the encrypted data can also be decrypted by the decryption information in the second encryption/decryption information of the gateway device. And thus, establishing a virtual network tunnel which is in communication connection with the user end equipment according to the second encryption and decryption information.
Referring to fig. 5, fig. 5 is a flowchart illustrating a method for establishing a communication connection between local area networks according to an embodiment of the present invention, applied to a server, including:
301. receiving a connection request of a user terminal device for connecting a gateway device in a second local area network;
302. inquiring the connection state of the gateway equipment;
after receiving the connection request of the user end device to the gateway device, the server manages the connection gateway device, and in order to avoid the situation that a plurality of user end devices perform remote upgrading and other operations on the interior of the gateway device at the same time, the server enters step 303 only when the connection state is that the gateway device is not connected with the user end device, otherwise, the server sends a connection rejection instruction to prevent the user end device from being connected with the gateway device.
303. And when the connection state is that the gateway equipment is not connected with the customer premise equipment, generating first encryption and decryption information and second encryption and decryption information and respectively sending the first encryption and decryption information and the second encryption and decryption information to the customer premise equipment and the gateway equipment.
Fig. 6 shows a specific workflow of a communication system to which an embodiment of the present invention is applied:
401. user login is carried out on the user side equipment: opening a login interface of client software of user side equipment, and performing user login verification: the method comprises the steps of inputting a user name and a password on a login interface, verifying the user name and the password on a server of a Web management platform, issuing associated gateway equipment list information in an account by the Web management platform, and enabling client software to see information such as the current network connection mode, signal strength and whether the gateway equipment is occupied.
402. The user end equipment requests connection: the method comprises the steps that a target gateway device is selected and connected through client software, when a server of a Web management platform receives a connection request, whether the gateway device is occupied or not is judged according to the connection management function of the Web management platform, if the gateway device is occupied, connection is not accepted, and therefore the phenomenon that a plurality of users perform remote upgrading and other operations on the interior of the gateway device at the same time is avoided.
403. Server generation certificate and key: after receiving the connection request of the client software, the Web management platform generates a root certificate by superposing the random number according to the ID of the target gateway equipment, and generates a certificate and a key of the gateway equipment and a certificate and a key of the client software on the basis of the root certificate.
404. The server issues a certificate and a secret key: the Web management platform communicates with the gateway device through MQTT (MQTT is a message publishing/subscribing transmission protocol based on a client-server), and sends a root certificate of virtual IP service of the gateway device, a certificate of the gateway device and a secret key to the gateway device, and the gateway device updates service configuration after receiving related files.
After the client software receives the connection request, the Web management platform issues a root certificate, a certificate and a secret key of the user side equipment; and the client software is connected to the appointed transit server port through the file information.
405. The gateway equipment updates the virtual network service configuration: the gateway equipment is connected to the transfer proxy server after updating the relevant virtual network service configuration, and the transfer proxy server performs data transfer on data interaction between the gateway equipment and client software, so that the problem of data interaction between two different local area networks is solved.
406. The user end equipment sets the virtual IP address of the local machine: the client software connects the virtual service in the gateway device through the data and the transit server, and the client software starts the virtual IP locally and sets the virtual IP address of the local machine.
407. The user end device is connected with the gateway device in a communication way: the client software is connected with the virtual IP service of the gateway equipment through the virtual IP network to form virtual local area network connection in different local areas and communicate the whole virtual local area network; the user software host computer can carry out network connection on the equipment in the gateway equipment local area network through the link.
408. The user end equipment performs remote operation and maintenance on the equipment which is originally in the same local area network with the gateway equipment: and (3) starting development tools such as PLC (programmable logic controller), Visual studio and the like, and enabling a user to remotely perform operations such as equipment upgrading, monitoring and the like on remote equipment through a virtual data link.
Fig. 7 shows a possible structure of a terminal device provided in an embodiment of the present application. Referring to fig. 7, the terminal device includes: a processor 510, a memory 520, a communication interface 530, and a touch screen 540, which are interconnected and in communication with each other via a communication bus 550 and/or other form of connection mechanism (not shown).
The Memory 520 includes one or more (Only one is shown in the figure), which may be, but not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an electrically Erasable Programmable Read-Only Memory (EEPROM), and the like. The processor 510, as well as possibly other components, may access, read, and/or write data to the memory 520.
The processor 510 includes one or more (only one shown) which may be an integrated circuit chip having signal processing capabilities. The Processor 510 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Micro Control Unit (MCU), a Network Processor (NP), or other conventional processors; the Processor may also be a dedicated Processor, including a Neural-Network Processing Unit (NPU), a Graphics Processing Unit (GPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, and a discrete hardware component. Also, when there are multiple processors 510, some of them may be general-purpose processors and others may be special-purpose processors.
Communication interface 530 includes one or more devices (only one of which is shown) that can be used to communicate directly or indirectly with other devices for data interaction. Communication interface 530 may include an interface to communicate wired and/or wireless.
The touch screen 540 includes one or more touch points (only one touch point is shown), can be used for human-computer interaction, and can be processed by the processor 510 according to the point location information generated by touching the screen.
One or more computer program instructions may be stored in memory 520 and read and executed by processor 510 to implement the methods provided by the embodiments of the present application.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative and that the terminal device may include more or fewer components than shown in fig. 7 or may have a different configuration than shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof. The terminal device may be a physical device, such as a PC, a laptop, a tablet, a mobile phone, a server, an embedded device, etc., or may be a virtual device, such as a virtual machine, a virtualized container, etc. The terminal device is not limited to a single device, and may be a combination of a plurality of devices or a cluster including a large number of devices.
For example, in the terminal device mentioned in the embodiment of the present application, the touch screen 540 in fig. 7 may be a keyboard, a mouse, and a display when implemented.
The embodiment of the present application further provides a computer-readable storage medium, where computer program instructions are stored on the computer-readable storage medium, and when the computer program instructions are read and executed by a processor of a computer, the computer-readable storage medium executes the method provided by the embodiment of the present application. For example, the computer readable storage medium may be embodied as the memory 520 in the electronic device of FIG. 7.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (12)

1. A method for establishing communication connection between local area networks is applied to a customer premise equipment in a first local area network, and comprises the following steps:
sending a connection request for requesting connection to the gateway device in the second local area network to the server;
receiving first encryption and decryption information which is sent by the server and is required for establishing connection with the gateway equipment;
and establishing a virtual network tunnel for communication connection with the gateway equipment through a transit server with a public network IP according to the first encryption and decryption information.
2. The method of claim 1, wherein after sending a connection request to the server requesting connection to a gateway device in the second local area network, further comprising:
and receiving a trigger signal returned by the server for rejecting the connection request, and stopping the connection with the gateway equipment.
3. The method of claim 1, wherein after establishing the virtual network tunnel of the communication connection with the gateway device, further comprising:
and acquiring transparent transmission data sent by the user side equipment to the gateway equipment, encrypting the transparent transmission data by using a public key in the first encryption and decryption information, and sending the encrypted transparent transmission data to the gateway equipment through the virtual network tunnel.
4. The method of claim 3, wherein the passthrough data is generated by the client device launching a debugging tool.
5. The method of claim 1, wherein after establishing the virtual network tunnel of the communication connection with the gateway device, further comprising: and receiving the encryption state information fed back by the gateway equipment, and decrypting the encryption state information by using a private key in the first encryption and decryption information.
6. A method for establishing communication connection between local area networks is applied to a gateway device in a second local area network, and comprises the following steps:
receiving second encryption and decryption information sent by the server;
and establishing a virtual network tunnel for communication connection with the user side equipment through a transit server with a public network IP according to the second encryption and decryption information.
7. A method for establishing communication connection between local area networks is applied to a server and comprises the following steps:
receiving a connection request of a user terminal device for connecting a gateway device in a second local area network;
and generating first encryption and decryption information and second encryption and decryption information according to the connection request, and respectively sending the first encryption and decryption information and the second encryption and decryption information to the user end equipment and the gateway equipment.
8. The method according to claim 7, wherein before generating and sending the first encryption/decryption information and the second encryption/decryption information to the customer premise equipment and the gateway equipment, respectively, according to the connection request, the method further comprises:
and determining that the gateway equipment is in a state of not connecting the user end equipment.
9. A client device, comprising:
a connection request unit configured to send a connection request for requesting connection to a gateway device in the second local area network to the server;
the first receiving unit is used for receiving first encryption and decryption information which is sent by the server and is required for establishing connection with the gateway equipment;
and the first connection establishing unit establishes a virtual network tunnel in communication connection with the gateway equipment through a transit server with a public network IP according to the first encryption and decryption information.
10. A gateway device, comprising: the second receiving unit is used for receiving second encryption and decryption information sent by the server;
and the second connection establishing unit establishes a virtual network tunnel in communication connection with the user side equipment through a transit server with a public network IP according to the second encryption and decryption information.
11. A communication system, comprising:
the client device is used for sending a connection request for requesting to connect the gateway device in the second local area network to the server; receiving first encryption and decryption information which is sent by the server and is required for establishing connection with the gateway equipment; establishing a virtual network tunnel for communication connection with the gateway equipment through a transit server with a public network IP according to the first encryption and decryption information;
the gateway device is used for receiving second encryption and decryption information sent by the server; establishing a virtual network tunnel for communication connection with the user side equipment through the transit server with the public network IP according to the second encryption and decryption information;
the server is used for receiving a connection request of the user end equipment for connecting the gateway equipment in the second local area network; inquiring the connection state of the gateway equipment; when the connection state is that the gateway equipment is not connected with the customer premise equipment, generating first encryption and decryption information and second encryption and decryption information and respectively sending the first encryption and decryption information and the second encryption and decryption information to the customer premise equipment and the gateway equipment;
the transit server with the public network IP is used for forwarding data between the user end equipment and the gateway equipment.
12. A storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method according to any one of claims 1-8.
CN202110701309.3A 2021-06-23 2021-06-23 Method for establishing communication connection between local area networks, user side equipment and gateway equipment Pending CN113329033A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110701309.3A CN113329033A (en) 2021-06-23 2021-06-23 Method for establishing communication connection between local area networks, user side equipment and gateway equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110701309.3A CN113329033A (en) 2021-06-23 2021-06-23 Method for establishing communication connection between local area networks, user side equipment and gateway equipment

Publications (1)

Publication Number Publication Date
CN113329033A true CN113329033A (en) 2021-08-31

Family

ID=77424437

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110701309.3A Pending CN113329033A (en) 2021-06-23 2021-06-23 Method for establishing communication connection between local area networks, user side equipment and gateway equipment

Country Status (1)

Country Link
CN (1) CN113329033A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022325A (en) * 2022-06-07 2022-09-06 深圳市和讯华谷信息技术有限公司 Kafka inter-cluster data transmission method and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009129707A1 (en) * 2008-04-21 2009-10-29 成都市华为赛门铁克科技有限公司 A method, apparatus and communication system for sending and receiving information between local area networks
CN102821020A (en) * 2011-06-09 2012-12-12 李小林 Method for transparent transmission of virtual private network (VPN) communication through copy and transfer of internet protocol (IP) packet
CN102882857A (en) * 2012-09-10 2013-01-16 福建伊时代信息科技股份有限公司 Client side device, encryption storage device, and remote access method and system
CN104468625A (en) * 2014-12-26 2015-03-25 浙江宇视科技有限公司 Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel
US20160294777A1 (en) * 2013-09-11 2016-10-06 Citypassenger Method and system for establishing virtual private networks between local area networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009129707A1 (en) * 2008-04-21 2009-10-29 成都市华为赛门铁克科技有限公司 A method, apparatus and communication system for sending and receiving information between local area networks
CN102821020A (en) * 2011-06-09 2012-12-12 李小林 Method for transparent transmission of virtual private network (VPN) communication through copy and transfer of internet protocol (IP) packet
CN102882857A (en) * 2012-09-10 2013-01-16 福建伊时代信息科技股份有限公司 Client side device, encryption storage device, and remote access method and system
US20160294777A1 (en) * 2013-09-11 2016-10-06 Citypassenger Method and system for establishing virtual private networks between local area networks
CN104468625A (en) * 2014-12-26 2015-03-25 浙江宇视科技有限公司 Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022325A (en) * 2022-06-07 2022-09-06 深圳市和讯华谷信息技术有限公司 Kafka inter-cluster data transmission method and related equipment

Similar Documents

Publication Publication Date Title
WO2022206349A1 (en) Information verification method, related apparatus, device, and storage medium
US10554420B2 (en) Wireless connections to a wireless access point
KR101759193B1 (en) Network authentication method for secure electronic transactions
WO2019120091A1 (en) Identity authentication method and system, and computing device
CN107465689B (en) Key management system and method of virtual trusted platform module in cloud environment
CA2849911C (en) Implementation of secure communications in a support system
CN101350717B (en) Method and system for logging on third party server through instant communication software
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN111970240B (en) Cluster receiving and managing method and device and electronic equipment
US10395052B2 (en) Managing data handling policies
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN111901357A (en) Remote network connection method, system, computer device and storage medium
CN111538977A (en) Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server
CN111726328B (en) Method, system and related device for remotely accessing a first device
CN110659471A (en) Identity authentication login method in cloud environment
CN112446050B (en) Business data processing method and device applied to block chain system
CN114125027A (en) Communication establishing method and device, electronic equipment and storage medium
CN113329033A (en) Method for establishing communication connection between local area networks, user side equipment and gateway equipment
CN108989302B (en) OPC proxy connection system and connection method based on secret key
CN114301967A (en) Narrow-band Internet of things control method, device and equipment
CN113992734A (en) Session connection method, device and equipment
CN104717235B (en) A kind of resources of virtual machine detection method
CN114584299B (en) Data processing method, device, electronic equipment and storage medium
CN117749502A (en) Transparent encryption proxy method, client and proxy server
CN116961973A (en) Data transmission method, device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210831