CN114979350A - Port mapping method and device based on mobile phone - Google Patents
Port mapping method and device based on mobile phone Download PDFInfo
- Publication number
- CN114979350A CN114979350A CN202210446005.1A CN202210446005A CN114979350A CN 114979350 A CN114979350 A CN 114979350A CN 202210446005 A CN202210446005 A CN 202210446005A CN 114979350 A CN114979350 A CN 114979350A
- Authority
- CN
- China
- Prior art keywords
- address
- terminal
- connection
- establishing
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013507 mapping Methods 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000001960 triggered effect Effects 0.000 claims abstract description 13
- 238000012546 transfer Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/72409—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a port mapping method and a device based on a mobile phone, comprising the following steps: when detecting that a target application program is triggered, acquiring a first address, wherein the first address is an IP address of a first terminal, and establishing connection with the first terminal; after establishing connection with the first terminal, acquiring a second address, wherein the second address is an IP address of a second terminal; after the second address is obtained, connection is established with the second terminal; after establishing connection with the second terminal, configuring the mapping relation between the first address and the second address; and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation. The invention aims to provide a practical and convenient port mapping method and device based on a mobile phone.
Description
Technical Field
The invention belongs to the field of terminal communication, and particularly relates to a port mapping method and device based on a mobile phone.
Background
When working with a work computer (hereinafter referred to as a work computer) provided by a company, an enterprise employee is often connected to a local area network of an enterprise, and uses some resources of an enterprise server, such as a database, a cache, a work-dependent program, and the like. These common resources are often installed on the servers of the enterprise to relieve the operating pressure of the working computers.
In some enterprises, the use of VPN or VPN software is prohibited for the working computers due to security issues. If the staff normally works in the enterprise and normally uses the local area network in the enterprise to connect and use the server resources of the enterprise, the prohibition will not cause great influence. However, if the employee goes on business, the working computer carried by the employee cannot connect and use the server and the resources of the enterprise through the VPN, and the like, and in order to operate normally, the public resources need to be installed locally in the working computer, which brings great pressure to the computer, consumes great traffic, and reduces working efficiency.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, the present invention provides a method and apparatus for handset-based, practical and convenient port mapping.
The scheme of the application provides a port mapping method based on a mobile phone, which comprises the following steps:
when detecting that a target application program is triggered, acquiring a first address, wherein the first address is an IP address of a first terminal, and establishing connection with the first terminal;
after establishing connection with the first terminal, acquiring a second address, wherein the second address is an IP address of a second terminal;
after the second address is obtained, connection is established with the second terminal;
after establishing connection with the second terminal, configuring the mapping relation between the first address and the second address;
and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation.
Further, the acquiring a first address when it is detected that the target application is triggered, where the first address is an IP address of the first terminal, and establishing a connection with the first terminal includes:
when the target application program is detected to be triggered, acquiring the authority for connecting the first terminal;
and when the authority for connecting the first terminal is successfully acquired, acquiring the first address and establishing connection with the first terminal.
Specifically, the authority for connecting the first terminal is obtained by logging in a target account in the target application program; the target account is preset, has the authority of connecting the first terminal, and records the first address.
Further, after establishing a connection with the first terminal, acquiring a second address, including:
after establishing connection with the first terminal, judging whether a connection request of a second terminal is received;
if the connection request of the second terminal is not received, popping up warning information;
and if a connection request of the second terminal is received, acquiring the second address.
Further, after the second address is obtained, establishing a connection with the second terminal includes:
after the second address is acquired, judging whether connection of the second address is allowed;
and if the second address allows connection, connection is established with the second terminal.
Specifically, an IP address white list is pre-established, and whether the second address allows connection is determined by determining whether the second address is in the white list.
Further, after a data channel between the first terminal and the second terminal is established, the data flow of the data channel is monitored.
Further, if the data flow of the data channel exceeds a threshold value within a certain time, a flow alarm is popped up.
A port mapping apparatus based on, comprising:
the first connection establishing unit is used for acquiring a first address when detecting that a target application program is triggered, wherein the first address is an IP address of a first terminal, and establishing connection with the first terminal;
a second IP obtaining unit, configured to obtain a second address after establishing connection with the first terminal, where the second address is an IP address of a second terminal;
a second connection establishing unit, which establishes connection with the second terminal after acquiring the second address;
a configuration mapping unit, configured to configure a mapping relationship between the first address and the second address after establishing a connection with the second terminal;
and the data channel establishing unit is used for establishing a data channel between the first terminal and the second terminal according to the mapping relationship after the mapping relationship is established.
Further, the second connection unit specifically includes:
after the second address is acquired, judging whether connection of the second address is allowed;
if the second address allows connection, connection is established with the second terminal;
and judging whether the second address allows connection or not by a method of pre-establishing an IP address white list to determine whether the second address is in the white list.
The improvement of this application brings the following advantage:
(1) the method solves the problem that the work computer of the personnel on business trip cannot be interconnected with the company server because of the forced information security, and by adopting the port mapping method, the interconnection between the two terminals can be realized only by using the mobile phone basically equipped by the personnel as an intermediary, thereby reducing the operating pressure of the work computer, reducing the flow consumption and improving the work efficiency.
(2) By adopting the method for interconnecting the two terminals, the terminals outside the enterprise local area network can be isolated from the server inside the enterprise, only the mobile phone with the connection authority is allowed to be connected with the enterprise server, and the information safety of the enterprise server and the working computer is effectively ensured.
Drawings
Fig. 1 is a schematic diagram illustrating implementation steps of a port mapping method based on a mobile phone according to an embodiment of the present application.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention.
The embodiment of the application discloses a port mapping method based on a mobile phone, which mainly establishes a data channel between two terminals by configuring a mapping relation of IP addresses of the two terminals in the mobile phone and using the mobile phone as data transfer, thereby achieving the purpose of data interconnection and intercommunication between the two terminals. The problem that the enterprise server cannot be connected when a working computer in the enterprise local area network is forbidden to use the VPN in the prior art is solved. The operating pressure of a working computer is reduced, the flow consumption is reduced, and the working efficiency is improved.
As shown in fig. 1, the method includes steps S100-S500, and will be described in detail from the perspective of the mobile phone.
S100: and when the target application program is detected to be triggered, acquiring the IP address of the first terminal, namely the first address, and establishing connection with the first terminal. The target application program is an application program which is installed on the mobile phone, is used for port mapping and realizes interconnection between two terminals. The system can be an independent APP and has higher information security and expansion performance; one of the functional modules on a certain APP, such as a certain WeChat applet, can be developed more easily and does not need to be installed; or the application interface of the webpage end is simpler and more convenient. The target application being triggered may be actively opened by the user, or opened by a program, etc. The first terminal refers to an enterprise server, a database and the like. For security reasons, the target application or handset should have the right to connect to access the first terminal.
S200: and after the connection with the first terminal is established, acquiring the IP address of the second terminal, namely a second address. The second terminal may be a computer which needs to be connected to the enterprise server outside the enterprise lan and accesses the enterprise server, but cannot use the VPN due to security problems, such as a working computer of an employee who is on business. The second terminal cannot directly connect to the enterprise server using the VPN because of security problems. The second address may be preset and configured, or may be obtained after the second terminal actively sends the connection request.
S300: and after the second address is acquired, establishing connection with the second terminal.
S400: and after the connection with the second terminal is established, configuring the mapping relation between the first address and the second address. And establishing mapping relation between the first address and the second address in the two connection ports.
S500: and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation. After the mapping relationship is established, if the mobile phone receives data from the second terminal, the data can be forwarded to the first terminal according to the mapping relationship; on the contrary, if the mobile phone receives the data from the first terminal, the data are forwarded to the second terminal according to the mapping relation, and finally a data channel for data circulation is established between the first terminal and the second terminal through data transfer of the mobile phone.
As an example, step S100 comprises the following sub-steps:
s101: when the target application program is detected to be triggered, acquiring the authority for connecting the first terminal;
s102, when the authority for connecting the first terminal is successfully acquired, the first address is acquired and connection is established with the first address.
Due to the security of the first terminal, only the authenticated mobile phone or the target application program with the authority of connecting and accessing the first terminal can acquire the IP address of the first terminal and connect the first terminal. As a specific example, the authority for connecting to the first terminal may be acquired by logging in an account. And acquiring the authority for connecting and accessing the first terminal by presetting the account number and the password in advance and finally confirming the first terminal. The user can acquire the authority of connecting the first terminal only by logging in the account in the target application program of the mobile phone of the user, and records the first address in the account. The IP address of the mobile phone can also be added into a white list accessed by the first terminal connection, so that the account does not need to be logged in.
In order to enhance the user experience, as an embodiment, the step S200 includes the following sub-steps:
s201: after establishing connection with a first terminal, judging whether a connection request of a second terminal is received;
s202: if the connection request of the second terminal is not received, popping up warning information;
s203: and if a connection request of the second terminal is received, acquiring a second address.
To further enhance information security, step S300 includes, as an embodiment, the following sub-steps:
s301: after the second address is acquired, judging whether connection of the second address is allowed;
s302: and if the second address allows connection, connection is established with the second terminal.
And information security is further enhanced by carrying out information security check on the second terminal. As a specific example, an IP address white list may be established in the target application, and after the second address is obtained, it is determined whether the IP address is in the white list, and if the IP address is in the white list, the connection with the second terminal is allowed to be established; if not, the connection is not allowed to be established to further control information risk.
In order to better serve the work of the outside staff, as an embodiment, the data traffic of the data channel established after the step S500 is performed is monitored, and whether the traffic exceeds a threshold value within a certain period of time is determined, so as to analyze the usage frequency of the user. If the threshold is exceeded, a flow alarm or other alarm may be popped. For example, when the user views the usage frequency in the target application, since the data size used by the user at each time point has been previously acquired, a "time-flow rate statistical graph" may be drawn in the target application, where the horizontal axis represents time, the vertical axis represents the data size, a coordinate point is marked every 1 minute to represent the flow rate used by the user at the time point, and an analysis description is added to the right side of the graph, for example: zhang III uses the flow rate to exceed 1GB in the time quantum of 15: 00-16: 00 and 17: 00-18: 00, and then adds a description that the used flow rate of you is over 1GB between 15: 00-16: 00 and 17: 00-18: 00 and the use frequency is too high.
As a specific example, a target application is installed on a cell phone and a VPN service is used, i.e. a first address to which a first terminal (e.g. a company's server) can be connected. The target application may connect to the first terminal because using a VPN on the handset amounts to having the handset and the first terminal in the same local area network.
The mobile phone and the second terminal (for example, a working computer of an external employee) are connected to the same WiFi (a hot spot can be opened by the mobile phone for computer connection), so that the target application program and the second terminal are in the same local area network, and thus, the networks of the second terminal and the target application program are intercommunicated.
In this case, the second terminal is connected to the first address through the intermediary of the target application.
The mapping relation between the IP address of the mobile phone and the first address and the mapping relation between the IP address of the mobile phone and the second address are configured on the target application program, which is equivalent to the configuration of the mapping relation between the first address and the second address. Since the target application is interworking with the network of the second terminal, the IP address of the handset can be connected to the second terminal, and when the handset is connected to the second terminal, the target application will forward the connection to the first address of the first terminal. This allows the second terminal to connect to the second address in a manner equivalent to the second terminal connecting to the first address of the first terminal. But actually the first terminal and the second terminal are separated by the mobile phone, which is equivalent to that an information firewall is established between the first terminal and the second terminal, and the prevention and control of information risks are enhanced.
At this point, a data channel for data circulation is successfully established between the first terminal and the second terminal by using the mobile phone as a relay.
As one embodiment, a port mapping apparatus based on, includes:
the first connection establishing unit is used for acquiring a first address and establishing connection with a first terminal when the target application program is detected to be triggered;
the second IP obtaining unit is used for obtaining a second address after establishing connection with the first terminal;
a second connection establishing unit, configured to establish a connection with a second terminal after the second address is obtained;
the configuration mapping unit is used for configuring the mapping relation between the first address and the second address after establishing connection with the second terminal;
and the data channel establishing unit is used for establishing a data channel between the first terminal and the second terminal according to the mapping relationship after the mapping relationship is established.
Wherein, the second linkage unit specifically includes:
after the second address is acquired, judging whether connection of the second address is allowed;
if the second address allows connection, connection is established with the second terminal;
and judging whether the second address allows connection or not by a method of pre-establishing an IP address white list to determine whether the second address is in the white list.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A port mapping method based on a mobile phone is characterized by comprising the following steps:
when detecting that a target application program is triggered, acquiring a first address, wherein the first address is an IP address of a first terminal, and establishing connection with the first terminal;
after establishing connection with the first terminal, acquiring a second address, wherein the second address is an IP address of a second terminal;
after the second address is obtained, connection is established with the second terminal;
after establishing connection with the second terminal, configuring the mapping relation between the first address and the second address;
and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation.
2. The port mapping method according to claim 1, wherein the obtaining a first address when detecting that the target application is triggered, the first address being an IP address of a first terminal, and establishing a connection with the first terminal, comprises:
when the target application program is detected to be triggered, acquiring the authority for connecting the first terminal;
and when the authority for connecting the first terminal is successfully acquired, acquiring the first address and establishing connection with the first terminal.
3. The port mapping method according to claim 2, wherein the right to connect to the first terminal is obtained by logging in a target account in the target application; the target account is preset, has the authority of connecting the first terminal, and records the first address.
4. The port mapping method according to claim 1, wherein obtaining the second address after establishing the connection with the first terminal comprises:
after establishing connection with the first terminal, judging whether a connection request of a second terminal is received;
if the connection request of the second terminal is not received, popping up warning information;
and if a connection request of the second terminal is received, acquiring the second address.
5. The port mapping method according to claim 1, wherein the establishing a connection with the second terminal after acquiring the second address comprises:
after the second address is acquired, judging whether connection of the second address is allowed;
and if the second address allows connection, connection is established with the second terminal.
6. The port mapping method according to claim 5, wherein the method for determining whether the second address is in the white list is used to determine whether the second address allows connection by pre-establishing a white list of IP addresses.
7. The port mapping method according to claim 1, wherein after the data channel between the first terminal and the second terminal is established, the data traffic of the data channel is monitored.
8. The port mapping method according to claim 7, wherein if the data traffic of the data channel exceeds a threshold within a certain time, a traffic alarm is popped.
9. A port mapping apparatus, comprising:
the first connection establishing unit is used for acquiring a first address when detecting that a target application program is triggered, wherein the first address is an IP address of a first terminal, and establishing connection with the first terminal;
a second IP obtaining unit, configured to obtain a second address after establishing a connection with the first terminal, where the second address is an IP address of the second terminal;
a second connection establishing unit, which establishes connection with the second terminal after acquiring the second address;
the configuration mapping unit is used for configuring the mapping relation between the first address and the second address after the connection is established with the second terminal;
and the data channel establishing unit is used for establishing a data channel between the first terminal and the second terminal according to the mapping relationship after the mapping relationship is established.
10. The port mapping device according to claim 9, wherein the second connection unit specifically includes:
after the second address is acquired, judging whether connection of the second address is allowed;
if the second address allows connection, connection is established with the second terminal;
and judging whether the second address allows connection or not by a method of pre-establishing an IP address white list to determine whether the second address is in the white list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210446005.1A CN114979350B (en) | 2022-04-26 | 2022-04-26 | Port mapping method and device based on mobile phone |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210446005.1A CN114979350B (en) | 2022-04-26 | 2022-04-26 | Port mapping method and device based on mobile phone |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114979350A true CN114979350A (en) | 2022-08-30 |
| CN114979350B CN114979350B (en) | 2024-06-25 |
Family
ID=82980078
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210446005.1A Active CN114979350B (en) | 2022-04-26 | 2022-04-26 | Port mapping method and device based on mobile phone |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114979350B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067257A (en) * | 2012-12-14 | 2013-04-24 | 腾讯科技(深圳)有限公司 | Method and server and system for achieving data mutual communication in social networking service |
| WO2016146046A1 (en) * | 2015-03-18 | 2016-09-22 | 中兴通讯股份有限公司 | Data access method and device |
| CN108924165A (en) * | 2018-08-24 | 2018-11-30 | 北京和利时工业软件有限公司 | A kind of Intranet remote access method and its device and Intranet gateway |
| CN113098990A (en) * | 2021-03-12 | 2021-07-09 | 北京北信源软件股份有限公司 | Server system, client and communication method for communication |
-
2022
- 2022-04-26 CN CN202210446005.1A patent/CN114979350B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067257A (en) * | 2012-12-14 | 2013-04-24 | 腾讯科技(深圳)有限公司 | Method and server and system for achieving data mutual communication in social networking service |
| WO2016146046A1 (en) * | 2015-03-18 | 2016-09-22 | 中兴通讯股份有限公司 | Data access method and device |
| CN108924165A (en) * | 2018-08-24 | 2018-11-30 | 北京和利时工业软件有限公司 | A kind of Intranet remote access method and its device and Intranet gateway |
| CN113098990A (en) * | 2021-03-12 | 2021-07-09 | 北京北信源软件股份有限公司 | Server system, client and communication method for communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114979350B (en) | 2024-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101788495B1 (en) | Security gateway for a regional/home network | |
| KR101501669B1 (en) | Behavior detection system for detecting abnormal behavior | |
| US7788366B2 (en) | Centralized network control | |
| US20040022258A1 (en) | System for providing access control platform service for private networks | |
| US20030070084A1 (en) | Managing a network security application | |
| CN101355459B (en) | Method for monitoring network based on credible protocol | |
| CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
| AU2020217317B2 (en) | Tunneled monitoring service and methods | |
| US8103756B2 (en) | Network access device capability alert mechanism | |
| CN108833425A (en) | A kind of network safety system and method based on big data | |
| US20060143717A1 (en) | Computer network monitoring method and device | |
| CN103139056B (en) | A kind of security gateway and the exchange method of a kind of network data | |
| CN114979350B (en) | Port mapping method and device based on mobile phone | |
| WO2024016593A1 (en) | Edge node access method and apparatus | |
| JP4039361B2 (en) | Analysis system using network | |
| CN113965388A (en) | Safe transmission device for calculating check sum according to classification | |
| CN113055427A (en) | Service-based server cluster access method and device | |
| CN104363276A (en) | Subdomain-based third-party cloud monitoring method | |
| KR20200098181A (en) | Network security system by integrated security network card | |
| CN114785761B (en) | Advanced k8s cluster intercommunication method in Internet of things operating system | |
| KR102658384B1 (en) | A method and apparatus for In-house mobile security agent cyber attack response | |
| CN118246915A (en) | ESB service transaction security control method and system | |
| CN117834306A (en) | Construction method of network security controllable gateway of station hotel clothes equipment | |
| KR20020096194A (en) | Network security method and system for integration security network card | |
| CN113556329A (en) | Industrial data safety protection system of industrial internet technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |