CN114374563A - Network connection method, device, storage medium and electronic equipment - Google Patents

Network connection method, device, storage medium and electronic equipment Download PDF

Info

Publication number
CN114374563A
CN114374563A CN202210060811.5A CN202210060811A CN114374563A CN 114374563 A CN114374563 A CN 114374563A CN 202210060811 A CN202210060811 A CN 202210060811A CN 114374563 A CN114374563 A CN 114374563A
Authority
CN
China
Prior art keywords
application
application program
network connection
access
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210060811.5A
Other languages
Chinese (zh)
Inventor
雍成飞
谢信凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tianjiyun Information Technology Co ltd
Original Assignee
Shenzhen Tianjiyun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tianjiyun Information Technology Co ltd filed Critical Shenzhen Tianjiyun Information Technology Co ltd
Priority to CN202210060811.5A priority Critical patent/CN114374563A/en
Publication of CN114374563A publication Critical patent/CN114374563A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a network connection method, a network connection device, a storage medium and electronic equipment. The network connection method comprises the steps that when an inbound data packet sent by an application admission client side is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained; determining whether the application is legitimate based on the source port and the source address; and if so, sending the inbound data packet to a service server so as to enable the application program to establish network connection with the service server. The file leakage risk can be reduced by the scheme.

Description

Network connection method, device, storage medium and electronic equipment
Technical Field
The embodiment of the application relates to the technical field of internet, in particular to a network connection method, a network connection device, a storage medium and electronic equipment.
Background
Uploading the encrypted file to the service system can cause that part of functions of the service system can not be normally used, so that the file needs to be automatically decrypted when the encrypted file is uploaded to the service server by the encryption client, and the file needs to be automatically encrypted when the plaintext file is downloaded to the encryption client by the service server.
At present, communication between an encryption client and a service server needs to pass through an encryption gateway, the encryption gateway becomes a bottleneck of a system, high-performance hardware is needed to support the normal operation of the system, and the system construction cost is increased. In addition, in the credit process of the encryption client, the reading of the ciphertext file and the network uploading of the file are two sections of logics which are usually irrelevant, so that the result is that the file uploaded to the network cannot be guaranteed to be the ciphertext file, and the risk of file leakage is caused.
Disclosure of Invention
The embodiment of the application provides a network connection method, a network connection device, a storage medium and electronic equipment, which can reduce the risk of file leakage.
In a first aspect, an embodiment of the present application provides a network connection method, including:
when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained;
determining whether the application is legitimate based on the source port and the source address;
and if so, sending the inbound data packet to a service server so as to enable the application program to establish network connection with the service server.
In a second aspect, an embodiment of the present application provides another network connection method, including:
when an outbound data packet sent by an application program is received, acquiring a source port of the application program;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of the access token;
and when the access mark is allowed to be accessed, the outbound data packet is sent to an application admission server.
In the network connection method provided in this embodiment of the present application, before acquiring the source port of the application program when the outbound packet sent by the application program is received, the method further includes:
when a network registration request initiated by an application program is received, judging whether the application program is a controlled application program;
when the application program is a controlled application program, acquiring a target address and a target port of the network registration request;
determining whether the network registration request is legal or not according to the target address and the target port;
if so, sending the network registration request to an application admission server for network registration, and marking an access mark of the application program as allowing access;
if not, interrupting the network registration request, and marking the access mark of the application program as access prohibition.
In the network connection method provided in the embodiment of the present application, the determining whether the network registration request is legal according to the target address and the target port includes:
judging whether the target address of the network registration request is the same as a preset address or not;
when the target address is the same as the preset address, judging whether a target port of the network registration request is the same as a preset port;
if so, determining that the network registration request is legal;
if not, determining that the network registration request is illegal.
In the network connection method provided in the embodiment of the present application, after the marking the access flag of the application as access-allowed and/or after the marking the access flag of the application as access-prohibited, the method further includes:
and generating a key-value pair based on the source port of the application program and the access mark of the application program, and storing the key-value pair.
In the network connection method provided in the embodiment of the present application, after the generating a key-value pair based on the source port of the application and the access flag of the application and storing the key-value pair, the method further includes:
when a network logout request initiated by an application program is received, a source port of the application program is obtained;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of the access token;
and when the access mark is allowed to be accessed, sending the network logout request to an application admission server.
In a third aspect, an embodiment of the present application provides a network connection device, including:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a source port and a source address of an application program corresponding to an inbound data packet when the inbound data packet sent by an application admission client is received;
a first determination unit configured to determine whether the application is legitimate based on the source port and the source address;
and the network connection unit is used for sending the inbound data packet to a service server when the source port and the source address are legal so as to establish network connection between the application program and the service server.
In a fourth aspect, an embodiment of the present application provides another network connection apparatus, including:
the second acquisition unit is used for acquiring the source port of the application program when receiving the outbound data packet sent by the application program;
a key value searching unit, configured to search for a corresponding key value pair according to the source port;
the mark extraction unit is used for extracting the access mark corresponding to the application program according to the key value pair;
a second determining unit for determining a type of the access flag;
and the data sending unit is used for sending the outbound data packet to an application admission server when the access mark is allowed to access.
In a third aspect, an embodiment of the present application provides a storage medium, where the storage medium stores a plurality of instructions, and the instructions are suitable for a processor to load and execute the steps in the network connection method according to any one of the embodiments of the present application.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps in the network connection method according to any one of the embodiments of the present application.
According to the network connection method provided by the embodiment of the application, when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained; determining whether the application is legitimate based on the source port and the source address; and if so, sending the inbound data packet to a service server so as to enable the application program to establish network connection with the service server. The file leakage risk can be reduced by the scheme.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a network connection method according to an embodiment of the present application.
Fig. 2 is a flowchart illustrating another network connection method according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of a network connection device according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of another network connection device according to an embodiment of the present application.
Fig. 5 is a schematic structural diagram of a network connection system according to an embodiment of the present application.
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first" and "second", etc. in this application are used to distinguish between different objects and not to describe a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or modules is not limited to the listed steps or modules but may alternatively include other steps or modules not listed or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Next, a network connection method, a network connection device, a storage medium, and an electronic apparatus provided in the embodiments of the present application will be described. Specifically, the embodiment of the present application provides a network connection device suitable for an electronic device, where the electronic device may be a mobile device, a tablet computer, a notebook computer, or other terminal devices. In some embodiments, the electronic device may also be a network-side device such as a server, and the server may be a single server, or a server cluster composed of multiple servers, or an entity server, or a virtual server.
The following detailed description will be made separately, and the description sequence of each embodiment below does not limit the specific implementation sequence.
In the present embodiment, description will be made from the perspective of a network connection apparatus, which may be specifically integrated in an Application admission Client (ATC). Referring to fig. 1, fig. 1 is a schematic flow chart illustrating a network connection method according to an embodiment of the present disclosure. It should be noted that, the specific flow of the network connection method may be as follows:
101. when receiving an outbound data packet sent by an application program, obtaining a source port of the application program.
102. And searching a corresponding key value pair according to the source port.
103. And extracting the access mark corresponding to the application program according to the key value pair.
104. The type of access token is determined.
105. When the access flag is allowed, the outbound data packet is sent to the application admission server.
The outbound data packet is a synchronization Sequence number (SYN) data packet. The source port of the application refers to port information of the application.
In this embodiment, when the access flag is access prohibited, the SYN packet may be discarded and the RST packet returned, resetting the connection between the application and the application admission client.
In some embodiments, step 101 may be preceded by the steps of: when a network registration request initiated by an application program is received, judging whether the application program is a controlled application program; when the application program is a controlled application program, acquiring a target address and a target port of a network registration request; determining whether the network registration request is legal or not according to the target address and the target port; if so, sending the network registration request to an application admission server for network registration, and marking an access mark of the application program as allowed access; if not, interrupting the network registration request, and marking the access mark of the application program as access prohibition.
It should be noted that the network registration request may carry the source address and source port of the application. When network registration is performed, it is actually the application admission server that performs authorized registration on the source address and source port of the application.
Wherein, the controlled application refers to an application authorized to access the application admission server. The destination address refers to an Internet Protocol (Internet Protocol) address of a service server to which the application program needs to connect. The target port refers to port information of a service server to which the application program needs to connect.
In some embodiments, after marking the access flag of the application as allowing access, and/or after marking the access flag of the application as prohibiting access, the method may further include: and generating a key-value pair based on the source port of the application program and the access mark of the application program, and storing the key-value pair.
In some embodiments, the step of "determining whether the network registration request is legitimate according to the destination address and the destination port" may include: judging whether the target address of the network registration request is the same as the preset address or not; when the target address is the same as the preset address, judging whether a target port of the network registration request is the same as the preset port; if yes, determining that the network registration request is legal; if not, determining that the network registration request is illegal.
It should be noted that the preset address and the preset port are IP addresses and port information of the application admission server.
In some embodiments, after the step of "generating a key-value pair based on the source port of the application and the access flag of the application, and storing the key-value pair", the method may further include: when a network logout request initiated by an application program is received, a source port of the application program is obtained; searching a corresponding key value pair according to the source port; extracting an access mark corresponding to the application program according to the key value pair; determining a type of access token; when the access is marked as allowed, a network logout request is sent to the application admission server.
In summary, the network connection method provided in this embodiment includes acquiring a source port of an application program when an outbound data packet sent by the application program is received; searching a corresponding key value pair according to the source port; extracting an access mark corresponding to the application program according to the key value pair; determining a type of access token; when the access flag is allowed, the outbound data packet is sent to the application admission server. The file leakage risk can be reduced by the scheme.
Referring to fig. 2, fig. 2 is a flowchart illustrating another network connection method according to an embodiment of the present disclosure. In the present embodiment, description will be made from the viewpoint of a network connection apparatus, which may be specifically integrated in an Application admission Server (ATS). The specific flow of the network connection method may be as follows:
201. when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained.
202. It is determined whether the application is legitimate based on the source port and the source address.
203. And if so, sending the inbound data packet to the service server so as to enable the application program to establish network connection with the service server.
Wherein the source port of the application refers to port information of the application. The source address of the application refers to the IP address of the application. The inbound packet is a SYN packet.
Wherein the step of determining whether the application is legitimate based on the source port and the source address may comprise:
determining whether a source port and a source address are registered;
when the source port and the source address are both registered, determining that the application program is legal;
when the source port and/or source address are unregistered, the application is determined to be illegal.
In some embodiments, when the application is not legitimate, the SYN packet may be dropped and a RST packet returned, thereby resetting the connection between the application admission server and the application admission client.
It should be noted that the terms in the present embodiment are the same as those in the above network connection method, and specific implementation details may refer to the description in the above embodiments.
In summary, the network connection method provided in this embodiment includes acquiring a source port and a source address of an application program corresponding to an inbound data packet when the inbound data packet sent by an application admission client is received; determining whether the application is legitimate based on the source port and the source address; and if so, sending the inbound data packet to the service server so as to enable the application program to establish network connection with the service server. The file leakage risk can be reduced by the scheme.
Referring to fig. 3, an embodiment of the present invention further provides a network connection apparatus, where the network connection apparatus 300 may be integrated in an application admission client, and the network connection apparatus 300 may include:
a second obtaining unit 301, configured to obtain a source port of an application program when receiving an outbound packet sent by the application program;
a key value searching unit 302, configured to search for a corresponding key value pair according to the source port;
a tag extracting unit 303, configured to extract an access tag corresponding to the application according to the key-value pair;
a second determining unit 304 for determining the type of the access flag;
a data sending unit 305, configured to send the outbound data packet to the application admission server when the access flag indicates that the access is allowed.
It should be noted that the terms in this embodiment are the same as those in the above network connection method, and specific implementation details may refer to the description in the above method embodiment.
To sum up, the network connection device 300 according to the embodiment of the present application obtains, by the second obtaining unit 301, a source port of an application when receiving an outbound packet sent by the application; the key value searching unit 302 searches a corresponding key value pair according to the source port; extracting an access mark corresponding to the application program by a mark extraction unit 303 according to the key value pair; determining, by the second determining unit 304, the type of the access flag; the outbound data packet is sent to the application admission server by the data sending unit 305 when the access flag is granted access. The file leakage risk can be reduced by the scheme.
Referring to fig. 4, another network connection apparatus 400 may be integrated in an application admission server, where the network connection apparatus 400 may include:
a first obtaining unit 401, configured to obtain, when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet;
a first determining unit 402 for determining whether the application is legitimate based on the source port and the source address;
a network connection unit 403, configured to send the inbound packet to the service server when the source port and the source address are legal, so that the application program establishes a network connection with the service server.
It should be noted that the terms in this embodiment are the same as those in the above network connection method, and specific implementation details may refer to the description in the above method embodiment.
To sum up, the network connection apparatus 400 provided in this embodiment of the present application obtains, by the first obtaining unit 401, when receiving an inbound data packet sent by an application admission client, a source port and a source address of an application program corresponding to the inbound data packet; determining, by the first determining unit 402, whether the application is legitimate based on the source port and the source address; when the source port and the source address are legitimate, the inbound packet is sent to the traffic server by the network connection unit 403, so that the application establishes a network connection with the traffic server. The file leakage risk can be reduced by the scheme.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a network connection system according to an embodiment of the present application. The network connection system 500 may include an application 501, an application admission client 502, an application admission server 503, and a traffic server 504. Wherein the application 501 and the application admission client 502 may be integrated in the same electronic device. The application admission server 503 and the traffic server 504 may be integrated in the same electronic device.
Among other things, the application admission client 502 may be configured to perform the following steps: when receiving an outbound data packet sent by an application program, acquiring a source port of the application program; searching a corresponding key value pair according to the source port; extracting an access mark corresponding to the application program according to the key value pair; determining a type of access token; when the access flag is allowed, the outbound data packet is sent to the application admission server.
It should be noted that, when an application program sends an outbound data packet to an application admission server, the application admission client 502 needs to obtain an access flag of the application program through a source port, and then determine whether to send the outbound data packet to the application admission server according to the access flag. That is, when the application needs to establish a network connection with the service server, the application admission client 502 intercepts an outbound data packet sent by the application for the first time, and then determines whether the access flag of the application is allowed to be accessed. And if so, releasing the outbound data packet. If not, the outbound data packet is discarded, and the network connection is reset.
The application admission server 503 may be configured to perform the following steps: when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained; determining whether the application is legitimate based on the source port and the source address; and if so, sending the inbound data packet to the service server so as to enable the application program to establish network connection with the service server.
It should be noted that, after an outbound data packet sent by an application program is intercepted for the first time by the application admission client 502, the application admission client 502 may send the outbound data packet to the application admission server 503. At this time, when the application admission server 503 receives the inbound data packet, it may perform a second interception on the inbound data packet, and then determine whether the source port and the source address of the application program corresponding to the inbound data packet are registered. If so, the inbound packet is released. If not, the inbound packet is discarded and the network connection is reset.
In this embodiment, after the application admission server 503 releases the inbound data packet, the inbound data packet is sent to the service server, and when the service server receives the inbound data packet, it indicates that the application program corresponding to the inbound data packet passes the security test, so that the service server can establish a network connection with the application program according to the inbound data packet.
In summary, when a user needs to upload a file to a service server, a network connection between an application program and the service server may be established first through the network connection system provided in this embodiment, and then the user may directly upload the file to the service server through the application program. In the process of establishing the network connection between the application program and the service server, the application program needs to be subjected to double authentication of the application admission client 502 and the application admission server 503, so that the application program is ensured to be a legal application program, and the security of uploading files through the application program is ensured. In addition, the scheme provided by this embodiment can directly implement the processes of uploading decryption, downloading encryption and encrypting credit authorization through an encryption network in the prior art by using an application program, and avoids the problem that in the prior art, in the process of authorization of an encryption client, the reading of a ciphertext file and the network uploading of the file are two sections of generally unrelated logics, which results in that the file uploaded to the network cannot be guaranteed to be the ciphertext file, and thus the risk of file leakage is caused. That is, the function realized by the encryption gateway in the prior art can be directly realized by the application program in the embodiment, and the high-performance hardware is not needed to support the normal operation of the system, thereby reducing the system construction cost. Meanwhile, the risk of file leakage is reduced.
In the above embodiment, the application admission client 502 and the application admission server 503 are connected by default. In actual operation, the network connection between the application admission client 502 and the application admission server 503 is initially broken. In some embodiments, in order to further increase the security of file transmission, during the process of applying the admission client 502 and the admission server 503, bidirectional authentication needs to be performed, which is specifically as follows:
the application admission server 503 may monitor a Transmission Control Protocol (TCP) port preset in the system, the application admission client 502 may connect to the TCP port and send first identity verification information to the application admission server 503, and the application admission server 503 may perform first identity authentication on the application admission client 502 according to the first identity verification information. After the first identity authentication is passed, the application admission server 503 sends second identity verification information to the application admission client 502, and the application admission client 502 may perform identity authentication on the application admission server 503 according to the second identity verification information. After the second identity authentication is passed, the application admission client 502 and the application admission server 503 maintain connection through the TCP port.
All the above technical solutions can be combined arbitrarily to form the optional embodiments of the present application, and are not described herein again. Wherein the terms have the same meanings as those in the above network connection method, and the details of the implementation can be referred to the description in the method embodiment.
The embodiment of the present application further provides a server, as shown in fig. 6, which shows a schematic structural diagram of the server according to the embodiment of the present application, specifically:
the server may include components such as a processor 601 of one or more processing cores, memory 602 of one or more computer-readable storage media, a power supply 603, and an input unit 604. Those skilled in the art will appreciate that the server architecture shown in FIG. 6 is not meant to be limiting, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the processor 601 is a control center of the server, connects various parts of the entire server using various interfaces and lines, and performs various functions of the server and processes data by running or executing software programs and/or modules stored in the memory 602 and calling data stored in the memory 602, thereby performing overall monitoring of the server. Optionally, processor 601 may include one or more processing cores; preferably, the processor 601 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 601.
The memory 602 may be used to store software programs and modules, and the processor 601 executes various functional applications and network connections by operating the software programs and modules stored in the memory 602. The memory 602 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to the use of the server, and the like. Further, the memory 602 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 602 may also include a memory controller to provide the processor 601 with access to the memory 602.
The server further includes a power supply 603 for supplying power to each component, and preferably, the power supply 603 may be logically connected to the processor 601 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The power supply 603 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
The server may also include an input unit 604, which input unit 604 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
Although not shown, the server may further include a display unit and the like, which will not be described in detail herein. Specifically, in this embodiment, the processor 601 in the server loads the executable file corresponding to the process of one or more application programs into the memory 602 according to the following instructions, and the processor 601 runs the application program stored in the memory 602, thereby implementing the following functions:
when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained;
determining whether the application is legitimate based on the source port and the source address;
and if so, sending the inbound data packet to the service server so as to enable the application program to establish network connection with the service server.
Or to perform the following functions:
when receiving an outbound data packet sent by an application program, acquiring a source port of the application program;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of access token;
when the access flag is allowed, the outbound data packet is sent to the application admission server.
The above operations can be specifically referred to the previous embodiments, and are not described herein.
Accordingly, an electronic device according to an embodiment of the present disclosure may include, as shown in fig. 7, a Radio Frequency (RF) circuit 701, a memory 702 including one or more computer-readable storage media, an input unit 703, a display unit 704, a sensor 705, an audio circuit 706, a Wireless Fidelity (WiFi) module 707, a processor 708 including one or more processing cores, and a power supply 709. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 7 does not constitute a limitation of the electronic device and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. Wherein:
the RF circuit 701 may be used for receiving and transmitting signals during a message transmission or communication process, and in particular, for receiving downlink information of a base station and then sending the received downlink information to the one or more processors 708 for processing; in addition, data relating to uplink is transmitted to the base station. In general, the RF circuitry 701 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuit 701 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Messaging Service (SMS), and the like.
The memory 702 may be used to store software programs and modules, and the processor 708 executes various functional applications and network connections by executing the software programs and modules stored in the memory 702. The memory 702 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the electronic device, and the like. Further, the memory 702 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 702 may also include a memory controller to provide the processor 708 and the input unit 703 access to the memory 702.
The input unit 703 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in a particular embodiment, the input unit 703 may include a touch-sensitive surface as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations by a user (e.g., operations by a user on or near the touch-sensitive surface using a finger, a stylus, or any other suitable object or attachment) thereon or nearby, and drive the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface may comprise two parts, a touch detection means and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 708, and can receive and execute commands sent by the processor 708. In addition, touch sensitive surfaces may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. The input unit 703 may include other input devices in addition to the touch-sensitive surface. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 704 may be used to display information input by or provided to a user and various graphical user interfaces of the electronic device, which may be made up of graphics, text, icons, video, and any combination thereof. The Display unit 704 may include a Display panel, and optionally, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch-sensitive surface may overlay the display panel, and when a touch operation is detected on or near the touch-sensitive surface, the touch operation is communicated to the processor 708 to determine the type of touch event, and the processor 708 provides a corresponding visual output on the display panel according to the type of touch event. Although in FIG. 7 the touch-sensitive surface and the display panel are two separate components to implement input and output functions, in some embodiments the touch-sensitive surface may be integrated with the display panel to implement input and output functions.
The electronic device may also include at least one sensor 705, such as a light sensor, motion sensor, and other sensors. In particular, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel according to the brightness of ambient light, and a proximity sensor that may turn off the display panel and/or the backlight when the electronic device is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the mobile phone is stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which may be further configured to the electronic device, detailed descriptions thereof are omitted.
Audio circuitry 706, a speaker, and a microphone may provide an audio interface between the user and the electronic device. The audio circuit 706 can transmit the electrical signal converted from the received audio data to a loudspeaker, and the electrical signal is converted into a sound signal by the loudspeaker and output; on the other hand, the microphone converts the collected sound signal into an electric signal, which is received by the audio circuit 706 and converted into audio data, which is then processed by the audio data output processor 708, and then transmitted to, for example, another electronic device via the RF circuit 701, or output to the memory 702 for further processing. The audio circuitry 706 may also include an earbud jack to provide communication of a peripheral headset with the electronic device.
WiFi belongs to short-range wireless transmission technology, and the electronic device can help the user send and receive e-mail, browse web pages, access streaming media, etc. through the WiFi module 707, which provides wireless broadband internet access for the user. Although fig. 7 shows the WiFi module 707, it is understood that it does not belong to the essential constitution of the electronic device, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 708 is a control center of the electronic device, connects various parts of the entire mobile phone using various interfaces and lines, and performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 702 and calling data stored in the memory 702, thereby performing overall monitoring of the mobile phone. Optionally, processor 708 may include one or more processing cores; preferably, the processor 708 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 708.
The electronic device also includes a power source 709 (e.g., a battery) for supplying power to various components, which may preferably be logically coupled to the processor 708 via a power management system, such that functions of managing charging, discharging, and power consumption may be performed via the power management system. The power supply 709 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
Although not shown, the electronic device may further include a camera, a bluetooth module, and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 708 in the electronic device loads the executable file corresponding to the process of one or more application programs into the memory 702 according to the following instructions, and the processor 708 runs the application programs stored in the memory 702, thereby implementing various functions:
when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained;
determining whether the application is legitimate based on the source port and the source address;
and if so, sending the inbound data packet to the service server so as to enable the application program to establish network connection with the service server.
Or to perform the following functions:
when receiving an outbound data packet sent by an application program, acquiring a source port of the application program;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of access token;
when the access flag is allowed, the outbound data packet is sent to the application admission server.
The above operations can be specifically referred to the previous embodiments, and are not described herein.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, embodiments of the present application provide a storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps in any one of the network connection methods provided in the embodiments of the present application. For example, the instructions may perform the steps of:
when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained;
determining whether the application is legitimate based on the source port and the source address;
and if so, sending the inbound data packet to the service server so as to enable the application program to establish network connection with the service server.
Or performing the following steps:
when receiving an outbound data packet sent by an application program, acquiring a source port of the application program;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of access token;
the specific implementation of the above operations of sending the outbound data packet to the application admission server when the access flag is access-allowed can be referred to the foregoing embodiments, and will not be described herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium may execute the steps in any network connection method provided in the embodiments of the present application, beneficial effects that can be achieved by any network connection method provided in the embodiments of the present application may be achieved, which are detailed in the foregoing embodiments and will not be described herein again.
The network connection method, the network connection device, the storage medium and the electronic device provided by the embodiments of the present application are described in detail above, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A network connection method, comprising:
when an inbound data packet sent by an application admission client is received, a source port and a source address of an application program corresponding to the inbound data packet are obtained;
determining whether the application is legitimate based on the source port and the source address;
and if so, sending the inbound data packet to a service server so as to enable the application program to establish network connection with the service server.
2. A network connection method, comprising:
when an outbound data packet sent by an application program is received, acquiring a source port of the application program;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of the access token;
and when the access mark is allowed to be accessed, the outbound data packet is sent to an application admission server.
3. The network connection method of claim 2, wherein prior to the obtaining the source port of the application upon receiving the outbound packet sent by the application, further comprising:
when a network registration request initiated by an application program is received, judging whether the application program is a controlled application program;
when the application program is a controlled application program, acquiring a target address and a target port of the network registration request;
determining whether the network registration request is legal or not according to the target address and the target port;
if so, sending the network registration request to an application admission server for network registration, and marking an access mark of the application program as allowing access;
if not, interrupting the network registration request, and marking the access mark of the application program as access prohibition.
4. The network connection method of claim 3, wherein said determining whether the network registration request is legitimate based on the destination address and the destination port comprises:
judging whether the target address of the network registration request is the same as a preset address or not;
when the target address is the same as the preset address, judging whether a target port of the network registration request is the same as a preset port;
if so, determining that the network registration request is legal;
if not, determining that the network registration request is illegal.
5. The network connection method of claim 3, further comprising, after the marking the access flag of the application as allowed access and/or after the marking the access flag of the application as prohibited access:
and generating a key-value pair based on the source port of the application program and the access mark of the application program, and storing the key-value pair.
6. The network connection method of claim 5, after the generating and storing a key-value pair based on the source port of the application and the access tag of the application, further comprising:
when a network logout request initiated by an application program is received, a source port of the application program is obtained;
searching a corresponding key value pair according to the source port;
extracting an access mark corresponding to the application program according to the key value pair;
determining a type of the access token;
and when the access mark is allowed to be accessed, sending the network logout request to an application admission server.
7. A network connection device, comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a source port and a source address of an application program corresponding to an inbound data packet when the inbound data packet sent by an application admission client is received;
a first determination unit configured to determine whether the application is legitimate based on the source port and the source address;
and the network connection unit is used for sending the inbound data packet to a service server when the source port and the source address are legal so as to establish network connection between the application program and the service server.
8. A network connection device, comprising:
the second acquisition unit is used for acquiring the source port of the application program when receiving the outbound data packet sent by the application program;
a key value searching unit, configured to search for a corresponding key value pair according to the source port;
the mark extraction unit is used for extracting the access mark corresponding to the application program according to the key value pair;
a second determining unit for determining a type of the access flag;
and the data sending unit is used for sending the outbound data packet to an application admission server when the access mark is allowed to access.
9. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the network connection method of any of claims 1 or 2-6.
10. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the network connection method of any of claims 1 or 2-6 when executing the computer program.
CN202210060811.5A 2022-01-19 2022-01-19 Network connection method, device, storage medium and electronic equipment Pending CN114374563A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210060811.5A CN114374563A (en) 2022-01-19 2022-01-19 Network connection method, device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210060811.5A CN114374563A (en) 2022-01-19 2022-01-19 Network connection method, device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN114374563A true CN114374563A (en) 2022-04-19

Family

ID=81146356

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210060811.5A Pending CN114374563A (en) 2022-01-19 2022-01-19 Network connection method, device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN114374563A (en)

Similar Documents

Publication Publication Date Title
US11488234B2 (en) Method, apparatus, and system for processing order information
EP3200487B1 (en) Message processing method and apparatus
WO2015090248A1 (en) Server overload protection method and device
WO2017185711A1 (en) Method, apparatus and system for controlling smart device, and storage medium
CN106658489B (en) Terminal application processing method and device and mobile terminal
CN110198301B (en) Service data acquisition method, device and equipment
CN108881103B (en) Network access method and device
CN109905380B (en) Node control method and related device in distributed system
CN111355707B (en) Data processing method and related equipment
CN106657165B (en) Network attack defense method, server and terminal
CN109088844B (en) Information interception method, terminal, server and system
CN107466041B (en) Method and device for identifying pseudo base station and mobile terminal
CN104683301B (en) Password storage method and device
US10237291B2 (en) Session processing method and device, server and storage medium
CN109039989B (en) Address resolution protocol spoofing detection method, host and computer-readable storage medium
CN110716850A (en) Page testing method, device and system and storage medium
CN107864086B (en) Information rapid sharing method, mobile terminal and computer readable storage medium
CN113037741A (en) Authentication method and related device
CN109086595B (en) Service account switching method, system, device and server
CN112153032B (en) Information processing method, device, computer readable storage medium and system
CN109600340B (en) Operation authorization method, device, terminal and server
CN111488600B (en) Resource processing method, electronic equipment and server
CN108737341B (en) Service processing method, terminal and server
CN113923005B (en) Method and system for writing data
CN114374563A (en) Network connection method, device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination