CN114979350B - Port mapping method and device based on mobile phone - Google Patents
Port mapping method and device based on mobile phone Download PDFInfo
- Publication number
- CN114979350B CN114979350B CN202210446005.1A CN202210446005A CN114979350B CN 114979350 B CN114979350 B CN 114979350B CN 202210446005 A CN202210446005 A CN 202210446005A CN 114979350 B CN114979350 B CN 114979350B
- Authority
- CN
- China
- Prior art keywords
- address
- terminal
- connection
- establishing
- established
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013507 mapping Methods 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000001960 triggered effect Effects 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims 1
- 238000012546 transfer Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/72409—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a port mapping method and device based on a mobile phone, comprising the following steps: when the triggering of a target application program is detected, a first address is acquired, wherein the first address is the IP address of a first terminal, and connection is established with the first terminal; after connection is established with the first terminal, a second address is acquired, wherein the second address is the IP address of the second terminal; when the second address is acquired, connection is established with the second terminal; after establishing connection with the second terminal, configuring the mapping relation between the first address and the second address; and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation. The invention aims to provide a practical and convenient port mapping method and device based on a mobile phone.
Description
Technical Field
The invention belongs to the field of terminal communication, and particularly relates to a port mapping method and device based on a mobile phone.
Background
Enterprise employees often connect to an enterprise's local area network when working with a work computer (hereinafter work computer) that the enterprise is equipped with, using resources of some enterprise servers, such as databases, caches, work-dependent programs, etc. These common resources are typically installed on servers of the enterprise to relieve operating pressures of the work computers.
In some enterprises, the use of VPN or VPN software is prohibited due to the security problem. If staff normally works in the enterprise, the local area network connection inside the enterprise is normally used to use the server resources of the enterprise, and the prohibition cannot cause great influence. However, if the staff goes out from the outside, the work computer carried by the staff cannot be connected with the server of the enterprise and the resources thereof through VPN and the like, and for normal operation, the public resources are required to be installed locally on the work computer, so that great pressure is brought to the computer, the flow consumption is great, and the work efficiency is also reduced.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, an object of the present invention is to provide a practical and convenient port mapping method and device based on a mobile phone.
The application provides a port mapping method based on a mobile phone, which comprises the following steps:
when the triggering of a target application program is detected, a first address is acquired, wherein the first address is the IP address of a first terminal, and connection is established with the first terminal;
after connection is established with the first terminal, a second address is acquired, wherein the second address is the IP address of the second terminal;
When the second address is acquired, connection is established with the second terminal;
After establishing connection with the second terminal, configuring the mapping relation between the first address and the second address;
and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation.
Further, when the triggering of the target application program is detected, a first address is obtained, where the first address is an IP address of a first terminal, and a connection is established with the first terminal, including:
When the target application program is detected to be triggered, acquiring the authority for connecting the first terminal;
and after the right of connecting the first terminal is successfully acquired, acquiring the first address and establishing connection with the first terminal.
Specifically, the authority for connecting the first terminal is obtained by logging in a target account in the target application program; the target account number is preset, has the authority of connecting the first terminal and records the first address.
Further, after establishing connection with the first terminal, a second address is acquired, including:
After establishing connection with the first terminal, judging whether a connection request of a second terminal is received;
if the connection request of the second terminal is not received, popping up warning information;
and if the connection request of the second terminal is received, acquiring the second address.
Further, after the second address is obtained, connection is established with the second terminal, including:
After the second address is acquired, judging whether the second address is allowed to be connected or not;
And if the second address allows connection, establishing connection with the second terminal.
Specifically, by pre-establishing an IP address white list, whether the second address allows connection is determined by using a method for determining whether the second address is in the white list.
Further, after the data channel between the first terminal and the second terminal is established, the data flow of the data channel is monitored.
Further, if the data flow of the data channel exceeds a threshold value within a certain time, a flow alarm is popped up.
A handset-based port mapping apparatus comprising:
the first connection establishment unit is used for acquiring a first address when the triggering of the target application program is detected, wherein the first address is the IP address of the first terminal and establishes connection with the first terminal;
The second IP acquisition unit acquires a second address after establishing connection with the first terminal, wherein the second address is the IP address of the second terminal;
The second connection establishing unit establishes connection with the second terminal after acquiring the second address;
The configuration mapping unit is used for configuring the mapping relation between the first address and the second address after establishing connection with the second terminal;
And the data channel establishing unit is used for establishing a data channel between the first terminal and the second terminal according to the mapping relation after the mapping relation is established.
Further, the second connection unit specifically includes:
After the second address is acquired, judging whether the second address is allowed to be connected or not;
if the second address allows connection, connection is established with the second terminal;
And judging whether the second address allows connection or not by a method of establishing an IP address white list in advance to determine whether the second address is in the white list.
The improvement of the application brings the following advantages:
(1) The port mapping method solves the problem that staff outside business trips are forced to be safe in information, and the working computers of the staff cannot be interconnected with the company server.
(2) The method of the application is adopted to interconnect two terminals, which can isolate the terminals outside the enterprise local area network from the servers inside the enterprise, only allows the mobile phone with the connection authority to be connected with the enterprise server, and effectively ensures the information security of the enterprise server and the working computer.
Drawings
Fig. 1 is a schematic diagram of implementation steps of a port mapping method based on a mobile phone according to an embodiment of the present application.
Detailed Description
Other advantages and effects of the present invention will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present invention with reference to specific examples. The invention may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present invention.
The port mapping method based on the mobile phone mainly comprises the steps of configuring the mapping relation of the IP addresses of the two terminals in the mobile phone, and establishing a data channel between the two terminals by using the mobile phone as data transfer so as to achieve the aim of data interconnection and intercommunication between the two terminals. The method solves the problem that in the prior art, when a working computer which is not in an enterprise local area network is forbidden to use VPN, the working computer cannot be connected with the enterprise server. The operating pressure of the working computer is reduced, the flow consumption is reduced, and the working efficiency is improved.
As shown in fig. 1, the method includes steps S100-S500, and the method will be described in detail from the perspective of the mobile phone end.
S100: when the triggering of the target application program is detected, the IP address of the first terminal, namely the first address, is acquired and connection is established with the first terminal. The target application is an application installed on the handset for port mapping and for interconnection between two terminals. The system can be an independent APP, and has higher information security and expansion performance; one of the functional modules on a certain APP, such as a certain WeChat applet, can be developed more easily, and does not need to be installed; or an application interface of the webpage end, and is simpler and more convenient. The target application may be triggered by the user being actively opened, by a program being opened, etc. The first terminal refers to an enterprise server, a database, etc. For security reasons, the target application or handset should be provided with the right to connect to access the first terminal.
S200: after the connection is established with the first terminal, the IP address of the second terminal, namely the second address, is acquired. The second terminal may be a computer outside the enterprise lan that needs to be connected to access the enterprise server, but that is not capable of using the VPN due to security issues, such as a work computer of an employee outside the business trip. The second terminal cannot directly connect to the enterprise server using VPN because of security issues. The second address may be configured in advance, or may be obtained after the second terminal actively sends out the connection request.
S300: and after the second address is acquired, establishing connection with the second terminal.
S400: after establishing connection with the second terminal, configuring the mapping relation between the first address and the second address. And establishing a mapping relation in the two connection ports, namely the first address and the second address.
S500: and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation. After the mapping relation is established, if the mobile phone receives data from the second terminal, the mobile phone can forward the data to the first terminal according to the mapping relation; otherwise, if the mobile phone receives the data from the first terminal, the data are forwarded to the second terminal according to the mapping relation, and finally a data channel for data circulation is established between the first terminal and the second terminal through data transfer of the mobile phone.
As an embodiment, step S100 comprises the following sub-steps:
S101: when the triggering of the target application program is detected, acquiring the authority for connecting the first terminal;
s102, after the right of the first terminal is successfully acquired, acquiring a first address and establishing connection with the first address.
For the security of the first terminal, only the authenticated handset or target application with the right to connect to access the first terminal can acquire the IP address of the first terminal and connect to the first terminal. As one specific example, the right to connect to the first terminal may be obtained through a login account. And acquiring the authority of the connection access to the first terminal through presetting an account password in advance and through final confirmation of the first terminal. The user can acquire the authority of connecting the first terminal only by logging in the account number in the target application program of the mobile phone, and the first address is recorded in the account number. The IP address of the mobile phone can be added into a white list accessed by the first terminal connection, so that a login account is not needed.
To enhance the user experience, as one embodiment, step S200 includes the following substeps:
s201: after establishing connection with the first terminal, judging whether a connection request of the second terminal is received;
s202: if the connection request of the second terminal is not received, popping up warning information;
S203: and if the connection request of the second terminal is received, acquiring a second address.
To further enhance information security, as an embodiment, step S300 includes the following sub-steps:
S301: after the second address is acquired, judging whether the second address is allowed to be connected or not;
s302: if the second address allows connection, connection is established with the second terminal.
By checking the information security of the second terminal, the information security is further enhanced. As one specific example, an IP address white list may be established in the target application, after the second address is acquired, whether the IP address is in the white list is determined, and if so, connection with the second terminal is allowed to be established; if not in the white list, no connection is allowed to be established to further control information risk.
To better serve the work of the outside staff, as an embodiment, the data traffic of the data channel established after implementing step S500 is monitored, and it is determined whether the magnitude of the traffic exceeds a threshold value for a certain period of time to analyze the frequency of use of the user. If the threshold is exceeded, a flow alert or other alert may be popped up. For example, when the user looks at the frequency of use in the target application, since the data size used by the user at each time point has been acquired before, a "time-flow statistics chart" may be drawn in the target application, the horizontal axis being time, the vertical axis being the data size, a coordinate point being marked every 1 minute, representing the flow size used by the user at this time point, and an analysis description being added to the right side of the chart, for example: zhang three uses the flow to exceed 1GB in 15:00-16:00 and 17:00-18:00, just add a description "you have used more than 1GB flow between 15:00-16:00 and 17:00-18:00, the frequency of use is too high".
As a specific example, the target application is installed on the handset and the VPN service is used, i.e. the first address of the first terminal (e.g. the company's server) can be connected. The target application may be connected to the first terminal here because using a VPN on the handset is equivalent to having the handset and the first terminal in the same local area network.
The mobile phone and the second terminal (e.g. the working computer of the external staff) are connected to the same WiFi (the mobile phone can be used for supplying power to the power connection through an open hot spot), so that the target application program and the second terminal are positioned in the same local area network, and the networks of the second terminal and the target application program are communicated.
At this time, the second terminal is connected to the first address via the target application as an intermediary.
The mapping relation between the IP address of the mobile phone and the first address and the mapping relation between the IP address of the mobile phone and the second address are configured on the target application program, which is equivalent to the mapping relation between the first address and the second address. Because the target application is interworking with the network of the second terminal, the IP address of the handset can be connected to the second terminal, and when the handset is connected to the second terminal, the target application forwards the connection to the first address of the first terminal. This allows the second terminal to correspond to the first address of the first terminal to which the second terminal is connected when the second terminal is connected to the second address. But in practice, the first terminal and the second terminal are isolated by the mobile phone, which is equivalent to establishing an information firewall between the first terminal and the second terminal, thereby enhancing the prevention and control of information risks.
So far, the data channel for data circulation is successfully established between the first terminal and the second terminal by using the mobile phone as the transfer.
As one embodiment, a port mapping device based on a mobile phone includes:
The first connection establishment unit is used for acquiring a first address and establishing connection with the first terminal when the triggering of the target application program is detected;
The second IP acquisition unit is used for acquiring a second address after establishing connection with the first terminal;
The second connection establishing unit is used for establishing connection with the second terminal after the second address is acquired;
The configuration mapping unit is used for configuring the mapping relation between the first address and the second address after establishing connection with the second terminal;
And the data channel establishing unit is used for establishing a data channel between the first terminal and the second terminal according to the mapping relation after the mapping relation is established.
Wherein the second connection unit specifically includes:
after the second address is acquired, judging whether the second address is allowed to be connected or not;
If the second address allows connection, establishing connection with the second terminal;
And judging whether the second address allows connection or not by a method of establishing an IP address white list in advance to determine whether the second address is in the white list.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.
Claims (10)
1. The port mapping method based on the mobile phone is characterized by comprising the following steps:
when the triggering of a target application program is detected, a first address is acquired, wherein the first address is the IP address of a first terminal, and connection is established with the first terminal;
after connection is established with the first terminal, a second address is acquired, wherein the second address is the IP address of the second terminal;
When the second address is acquired, connection is established with the second terminal;
After establishing connection with the second terminal, configuring the mapping relation between the first address and the second address;
and after the mapping relation is established, establishing a data channel between the first terminal and the second terminal according to the mapping relation.
2. The port mapping method according to claim 1, wherein when the target application is detected to be triggered, acquiring a first address, where the first address is an IP address of a first terminal, and establishing a connection with the first terminal, includes:
When the target application program is detected to be triggered, acquiring the authority for connecting the first terminal;
and after the right of connecting the first terminal is successfully acquired, acquiring the first address and establishing connection with the first terminal.
3. The port mapping method according to claim 2, wherein the right to connect the first terminal is obtained by logging in a target account in the target application; the target account number is preset, has the authority of connecting the first terminal and records the first address.
4. The port mapping method according to claim 1, wherein after establishing a connection with the first terminal, obtaining a second address includes:
After establishing connection with the first terminal, judging whether a connection request of a second terminal is received;
if the connection request of the second terminal is not received, popping up warning information;
and if the connection request of the second terminal is received, acquiring the second address.
5. The port mapping method according to claim 1, wherein the establishing a connection with the second terminal after the second address is acquired includes:
After the second address is acquired, judging whether the second address is allowed to be connected or not;
And if the second address allows connection, establishing connection with the second terminal.
6. The port mapping method according to claim 5, wherein the determination of whether the second address allows connection is made by pre-establishing an IP address white list using a method of determining whether the second address is in the white list.
7. The port mapping method according to claim 1, wherein after the data channel between the first terminal and the second terminal is established, monitoring the data traffic of the data channel.
8. The port mapping method according to claim 7, wherein if the data traffic of the data channel exceeds a threshold value within a certain time, a traffic alert is popped up.
9. A cell phone based port mapping device, comprising:
the first connection establishment unit is used for acquiring a first address when the triggering of the target application program is detected, wherein the first address is the IP address of the first terminal and establishes connection with the first terminal;
The second IP acquisition unit acquires a second address after establishing connection with the first terminal, wherein the second address is the IP address of the second terminal;
The second connection establishing unit establishes connection with the second terminal after acquiring the second address;
The configuration mapping unit is used for configuring the mapping relation between the first address and the second address after establishing connection with the second terminal;
And the data channel establishing unit is used for establishing a data channel between the first terminal and the second terminal according to the mapping relation after the mapping relation is established.
10. The port mapping device according to claim 9, wherein the second connection establishment unit specifically comprises:
After the second address is acquired, judging whether the second address is allowed to be connected or not;
if the second address allows connection, connection is established with the second terminal;
And judging whether the second address allows connection or not by a method of establishing an IP address white list in advance to determine whether the second address is in the white list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210446005.1A CN114979350B (en) | 2022-04-26 | 2022-04-26 | Port mapping method and device based on mobile phone |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210446005.1A CN114979350B (en) | 2022-04-26 | 2022-04-26 | Port mapping method and device based on mobile phone |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114979350A CN114979350A (en) | 2022-08-30 |
| CN114979350B true CN114979350B (en) | 2024-06-25 |
Family
ID=82980078
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210446005.1A Active CN114979350B (en) | 2022-04-26 | 2022-04-26 | Port mapping method and device based on mobile phone |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114979350B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067257A (en) * | 2012-12-14 | 2013-04-24 | 腾讯科技(深圳)有限公司 | Method and server and system for achieving data mutual communication in social networking service |
| CN108924165A (en) * | 2018-08-24 | 2018-11-30 | 北京和利时工业软件有限公司 | A kind of Intranet remote access method and its device and Intranet gateway |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106034130A (en) * | 2015-03-18 | 2016-10-19 | 中兴通讯股份有限公司 | Data access method and device |
| CN113098990B (en) * | 2021-03-12 | 2022-12-13 | 北京北信源软件股份有限公司 | Server system, client and communication method for communication |
-
2022
- 2022-04-26 CN CN202210446005.1A patent/CN114979350B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067257A (en) * | 2012-12-14 | 2013-04-24 | 腾讯科技(深圳)有限公司 | Method and server and system for achieving data mutual communication in social networking service |
| CN108924165A (en) * | 2018-08-24 | 2018-11-30 | 北京和利时工业软件有限公司 | A kind of Intranet remote access method and its device and Intranet gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114979350A (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101788495B1 (en) | Security gateway for a regional/home network | |
| KR101501669B1 (en) | Behavior detection system for detecting abnormal behavior | |
| CN101072108B (en) | SSL VPN client end safety inspection method, system and device | |
| US20100197293A1 (en) | Remote computer access authentication using a mobile device | |
| MXPA05002559A (en) | System and method for remotely monitoring wirless networks. | |
| CN106332070B (en) | Secure communication method, device and system | |
| CN101257678A (en) | Method, terminal and system for realizing mobile terminal software safe detection | |
| CN112383524A (en) | Operation and maintenance auditing method, device and medium | |
| CN108833425A (en) | A kind of network safety system and method based on big data | |
| US20060143717A1 (en) | Computer network monitoring method and device | |
| CN112615858A (en) | Internet of things equipment monitoring method, device and system | |
| CN103139056B (en) | A kind of security gateway and the exchange method of a kind of network data | |
| CN102185867A (en) | Method for realizing network security and star network | |
| CN114979350B (en) | Port mapping method and device based on mobile phone | |
| KR101506223B1 (en) | Automatic Reconnection System For Virtualization Service | |
| CN115150209A (en) | Data processing method, industrial control system, electronic device, and storage medium | |
| CN105391720A (en) | User terminal login method and device | |
| JP4039361B2 (en) | Analysis system using network | |
| GB2523123A (en) | Method and hardware device for remotely connecting to and controlling a private branch exchange | |
| KR101365889B1 (en) | Control method of connecting to mobile-network for smart phone, the system and the computer readable medium able running the program thereof | |
| CN111988333B (en) | Proxy software work abnormality detection method, device and medium | |
| CN113055427A (en) | Service-based server cluster access method and device | |
| KR102658384B1 (en) | A method and apparatus for In-house mobile security agent cyber attack response | |
| KR101500448B1 (en) | Nonnormal access detection method using normal behavior profile | |
| CN106100889A (en) | The Enhancement Method of a kind of snmp protocol safety and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |