CN116846692B

CN116846692B - Method, apparatus and storage medium for multiple persons to access multiple systems simultaneously

Info

Publication number: CN116846692B
Application number: CN202311120864.2A
Authority: CN
Inventors: 黄高明
Original assignee: Beijing Car And Car Technology Co ltd
Current assignee: Beijing Car And Car Technology Co ltd
Priority date: 2023-09-01
Filing date: 2023-09-01
Publication date: 2023-10-31
Anticipated expiration: 2043-09-01
Also published as: CN116846692A

Abstract

The application discloses a method, a device and a storage medium for multiple persons to access multiple systems simultaneously. Relates to the technical field of communication. The method comprises the following steps: the user terminal sends a first access request to a terminal docking server; the terminal docking server sends a first access request to a first virtual gateway through a first virtual private network; the first virtual gateway sends a first access request to the second virtual gateway; under the condition of accessing the first security system, the user terminal sends a second access request to the terminal docking server; the terminal docking server sends a second access request to a third virtual gateway through a third virtual private network; the third virtual gateway sends the second access request to the fourth virtual gateway. The system solves the problems of complex operation and reduced efficiency caused by the fact that the system of a plurality of insurance companies cannot be accessed through one user terminal at the same time and the system of a plurality of insurance companies cannot be accessed through the user terminals at the same time in the prior art.

Description

Method, apparatus and storage medium for multiple persons to access multiple systems simultaneously

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, and a storage medium for multiple persons to access multiple systems simultaneously.

Background

A VPN is a virtual network that is built on a public network and provides a secure communication path for data and IP information transport from an internal network.

VPN is commonly used in the insurance industry to access insurance systems. However, in the prior art, VPNs provided by most companies are not allowed to access multiple systems at the same time, nor are they allowed to access an insurance system through multiple user terminals, for reasons of commercial nature and the like. For example, an insurance company provides only one specific VPN client for logging in to an insurance system, and an insurance agent performs operations such as opening a policy on the VPN client provided on a user terminal. Due to VPN limitations, the insurance agent can only access the corresponding insurance system on the user terminal through the VPN corresponding to the insurance company. For example, when an insurance agent accesses the system of insurance company a through VPN of insurance system a at the user terminal and then wants to access the system of insurance company B again, the insurance agent needs to log out VPN of insurance system a and then log in VPN of insurance company B to access the system of insurance company B through VPN of insurance company B. And when the insurance agent wants to access the insurance system through the user terminal, the insurance agent can only wait for the other insurance agents accessing the insurance system through the user terminal to finish the use, and can perform the bill opening operation.

By the mode, although the data safety of an insurance company can be protected, the operation is more complicated, and the working efficiency is reduced.

The publication number is CN104967567A, and the name is an intelligent social insurance business consultation system and a working method. And polling the control terminal and the intelligent terminal tablet personal computer. The social insurance business consultation server is used for providing information content of the intelligent social insurance business consultation system, safely accessing the social insurance business sponsor system through an interface, pushing control information, business sponsor information and social insurance personal service information, and simultaneously providing performance management, service evaluation, complaints and questionnaire investigation functions; the social insurance business consultation intelligent terminal is used for providing an interactive touch inquiry function; the social insurance business consultation control terminal is used for controlling the content displayed by the consultation terminal; the consultation workload of window business sponsors is reduced, repeated daily consultation contents are completed by the business consultation intelligent terminal, and service objects can clearly deal with business regulations and answer some frequent questions instead of window sponsors.

The publication number is CN112927091A, and the name is complaint early warning method, device, computer equipment and medium for annual gold insurance. Wherein the method comprises the following steps: acquiring client access condition information and emotion information during client access according to policy data and client information of annual insurance to be pre-warned; dividing the life cycle of the insurance policy of the annuity insurance into different life nodes according to the staged characteristics of the insurance policy data of the annuity insurance policy to be pre-warned, and judging whether the current time of the annuity insurance policy to be pre-warned corresponds to the life nodes of the annuity insurance policy; and inputting the client access condition information, emotion information during client access and condition information of a life node of which whether the current time of the annual insurance to be early-warned corresponds to the annual insurance or not into an early-warning model, and outputting policy information predicted as complaints by the early-warning model.

Aiming at the technical problems that the prior art can not access the systems of a plurality of insurance companies through one user terminal at the same time and can not access the systems of one insurance company through a plurality of user terminals at the same time, the operation is complicated and the efficiency is reduced, no effective solution is proposed at present.

Disclosure of Invention

The embodiment of the application provides a method, a device and a storage medium for simultaneously accessing a plurality of systems by a plurality of persons, which at least solve the technical problems of complicated operation and reduced efficiency caused by the fact that the system of a plurality of insurance companies cannot be simultaneously accessed by one user terminal and the system of one insurance company cannot be simultaneously accessed by the plurality of user terminals in the prior art.

According to one aspect of an embodiment of the present application, there is provided a method for multiple persons to access multiple systems simultaneously, comprising: the user terminal sends a first access request for accessing a first security system to a terminal docking server; the terminal docking server sends a first access request to a first virtual gateway through a first virtual private network, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access; the first virtual gateway sends a first access request to a second virtual gateway, wherein the second virtual gateway is arranged at a first user insurance terminal, the first user insurance terminal cannot be connected with the Internet, and the first transfer equipment and the first user insurance terminal are in the same local area network; the second virtual gateway sends the first access request to the first security system through a second virtual private network; under the condition of accessing the first insurance system, the user terminal sends a second access request for accessing a second insurance system to a terminal docking server; the terminal docking server sends a second access request to a third virtual gateway through a third virtual private network, wherein the third virtual gateway is arranged on second transfer equipment, the second transfer equipment can be connected with the Internet, and the third virtual private network is a network allowing multiple persons to access; the third virtual gateway sends a second access request to a fourth virtual gateway, wherein the fourth virtual gateway is arranged at a second user security terminal, the second user security terminal cannot be connected with the Internet, and the second transfer equipment and the second user security terminal are in the same local area network; and the fourth virtual gateway sends the second access request to the second insurance system through the fourth virtual private network.

According to another aspect of an embodiment of the present application, there is also provided a storage medium including a stored program, wherein the method of any one of the above is performed by a processor when the program is run.

According to another aspect of an embodiment of the present application, there is also provided an apparatus for multiple persons to access multiple systems simultaneously, including: the first sending module is used for sending a first access request for accessing the first security system to the terminal docking server by the user terminal; the second sending module is used for sending the first access request to the first virtual gateway through the first virtual private network by the terminal docking server, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access; the third sending module is used for sending the first access request to the second virtual gateway by the first virtual gateway, wherein the second virtual gateway is arranged at the first user insurance terminal, the first user insurance terminal cannot be connected with the Internet, and the first transfer equipment and the first user insurance terminal are in the same local area network; the fourth sending module is used for sending the first access request to the first security system through the second virtual private network by the second virtual gateway; a fifth sending module, configured to send, when accessing the first insurance system, a second access request for accessing a second insurance system to a terminal docking server by the user terminal; a sixth sending module, configured to send, by the terminal docking server, a second access request to a third virtual gateway through a third virtual private network, where the third virtual gateway is disposed in a second transit device, where the second transit device is capable of connecting to the internet, and where the third virtual private network is a network that allows multiple persons to access; the seventh sending module is configured to send the second access request to the fourth virtual gateway by using the third virtual gateway, where the fourth virtual gateway is set in the second user security terminal, where the second user security terminal cannot connect to the internet, and where the second transfer device and the second user security terminal are in the same local area network; and an eighth sending module, configured to send, by the fourth virtual gateway, the second access request to the second insurance system through the fourth virtual private network.

According to another aspect of an embodiment of the present application, there is also provided an apparatus for multiple persons to access multiple systems simultaneously, including: a processor; and a memory, coupled to the processor, for providing instructions to the processor for processing the steps of: the user terminal sends a first access request for accessing a first security system to a terminal docking server; the terminal docking server sends a first access request to a first virtual gateway through a first virtual private network, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access; the first virtual gateway sends a first access request to a second virtual gateway, wherein the second virtual gateway is arranged at a first user insurance terminal, the first user insurance terminal cannot be connected with the Internet, and the first transfer equipment and the first user insurance terminal are in the same local area network; the second virtual gateway sends the first access request to the first security system through a second virtual private network; under the condition of accessing the first insurance system, the user terminal sends a second access request for accessing a second insurance system to a terminal docking server; the terminal docking server sends a second access request to a third virtual gateway through a third virtual private network, wherein the third virtual gateway is arranged on second transfer equipment, the second transfer equipment can be connected with the Internet, and the third virtual private network is a network allowing multiple persons to access; the third virtual gateway sends a second access request to a fourth virtual gateway, wherein the fourth virtual gateway is arranged at a second user security terminal, the second user security terminal cannot be connected with the Internet, and the second transfer equipment and the second user security terminal are in the same local area network; and the fourth virtual gateway sends the second access request to the second insurance system through the fourth virtual private network.

In the embodiment of the application, the insurance agent accesses the insurance system through the user terminal, so that the terminal docking server receives the access request sent by the user terminal and sends the access request to the corresponding virtual network card according to the predetermined routing rule, thereby ensuring the routing speed. In addition, the technical scheme only accesses the two-layer VPN connected with the VPN, so that the problem that the VPN cannot be accessed by multiple persons at the same time is solved through the two-layer VPN which can be accessed by multiple persons at the same time. When the user terminal in the technical scheme accesses the insurance system through the two-layer VPN, the user terminal can access the other insurance system through the two-layer VPN without exiting login, wherein the two-layer VPN and the VPN of the user access insurance system are connected through the virtual gateway of the transit equipment and the virtual gateway of the user insurance terminal, so that an access request can be sent to the VPN capable of accessing the insurance system through the two-layer VPN. And, the user insurance terminal for deploying VPN can not be connected with Internet, but can access the insurance system through VPN, so that the two-layer VPN is deployed through the transit equipment capable of being connected with Internet, and the transit equipment deployed with the two-layer VPN is connected with VPN through the virtual gateway. Thus solving the problem that a plurality of insurance systems cannot be accessed simultaneously through the user terminal. The system and the method solve the technical problems of complex operation and reduced efficiency caused by the fact that a system of a plurality of insurance companies cannot be accessed through one user terminal at the same time and a system of a plurality of insurance companies cannot be accessed through the user terminals at the same time in the prior art.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a block diagram of the hardware architecture of a computing device for implementing the method according to embodiment 1 of the application;

FIG. 2 is a schematic diagram of a system for multiple persons to access multiple systems simultaneously according to embodiment 1 of the present application;

FIG. 3 is a flow chart of a method for multiple persons to access multiple systems simultaneously according to the first aspect of embodiment 1 of the present application;

FIG. 4 is a schematic diagram of an apparatus for multiple persons to access multiple systems simultaneously according to embodiment 2 of the present application; and

fig. 5 is a schematic view of an apparatus for multiple persons to access multiple systems simultaneously according to embodiment 3 of the present application.

Detailed Description

In order to enable those skilled in the art to better understand the technical solution of the present application, the technical solution of the present application in the embodiment of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiment of the present application. It will be apparent that the described embodiments are merely some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Example 1

According to the present embodiment, there is provided a method embodiment of a method for multiple persons to access multiple systems simultaneously, it being noted that the steps shown in the flowchart of the figures may be performed in a computer system such as a set of computer executable instructions, and that, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in an order other than that shown or described herein.

The method embodiments provided by the present embodiments may be performed in a mobile terminal, a computer terminal, a server, or similar computing device. FIG. 1 illustrates a block diagram of a hardware architecture of a computing device for implementing a method for multiple persons to access multiple systems simultaneously. As shown in fig. 1, the computing device may include one or more processors (which may include, but are not limited to, a microprocessor MCU, a programmable logic device FPGA, etc., processing means), memory for storing data, and transmission means for communication functions. In addition, the method may further include: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a power supply, and/or a camera. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the computing device may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.

It should be noted that the one or more processors and/or other data processing circuits described above may be referred to herein generally as "data processing circuits. The data processing circuit may be embodied in whole or in part in software, hardware, firmware, or any other combination. Furthermore, the data processing circuitry may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the computing device. As referred to in embodiments of the application, the data processing circuit acts as a processor control (e.g., selection of the path of the variable resistor termination connected to the interface).

The memory may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the method for multiple persons to access multiple systems simultaneously in the embodiments of the present application, and the processor executes the software programs and modules stored in the memory, thereby performing various functional applications and data processing, that is, implementing the method for multiple persons to access multiple systems simultaneously for the application program. The memory may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, the memory may further include memory remotely located with respect to the processor, which may be connected to the computing device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission means is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communications provider of the computing device. In one example, the transmission means comprises a network adapter (Network Interface Controller, NIC) connectable to other network devices via the base station to communicate with the internet. In one example, the transmission device may be a Radio Frequency (RF) module, which is used to communicate with the internet wirelessly.

The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computing device.

It should be noted herein that in some alternative embodiments, the computing device shown in FIG. 1 described above may include hardware elements (including circuitry), software elements (including computer code stored on a computer-readable medium), or a combination of both hardware and software elements. It should be noted that fig. 1 is only one example of a particular specific example and is intended to illustrate the types of components that may be present in the computing devices described above.

Fig. 2 is a schematic diagram of a system for multiple persons to access multiple systems simultaneously according to the present embodiment. Referring to fig. 2, the system includes: the system comprises a user terminal, a terminal docking server, a plurality of transfer devices, a plurality of user insurance terminals and a plurality of VPN servers connected with corresponding insurance systems.

Wherein the user terminal can be a plurality of user terminals and can be in communication connection with the terminal docking server through a network. And the insurance agent of the insurance agent company sends an access request for accessing the insurance system to the terminal docking server through the user terminal, and then the terminal docking server returns response information to the user terminal according to the access request. Wherein the insurance agent can access a plurality of insurance systems simultaneously through one user terminal, and can also access one insurance system simultaneously through a plurality of user terminals.

The terminal docking server is respectively connected with the user terminal and the transfer equipment, and is used for receiving the access request sent by the user terminal and sending the access request to the corresponding transfer equipment. And the terminal docking server sends the access request returned by the transfer equipment to the corresponding user terminal.

The transfer equipment is respectively connected with the terminal docking server and the user insurance terminal, is provided with a two-layer VPN client, is connected with the terminal docking server through the two-layer VPN client, and is connected with the user insurance terminal in a local area network mode, so that the transfer equipment and the user insurance terminal are in one local area network. And wherein the relay device is a terminal device that can connect to the internet. The transfer equipment receives the access request sent by the terminal docking server by using the two-layer VPN, and then sends the access request to the user insurance terminal through the local area network. And the transfer equipment connects the access request sending terminal returned by the user insurance terminal to the server. The two-layer VPN in the technical scheme can be SSLVPN.

The user insurance department terminal is respectively connected with the transit equipment and the corresponding VPN server, and is provided with a VPN client. Wherein the VPN client makes a VPN connection with the VPN server. The user insurance terminal receives the access request sent by the transfer equipment by using the local area network, and then sends the access request to the VPN server by using the VPN. Wherein the user insurance department terminal and the VPN server are in one-to-one relation. And the user insurance terminal is operated by operation and maintenance personnel of the insurance agency company, so that the operation and maintenance personnel can directly access the corresponding insurance system through the VPN client set by the user insurance terminal. The VPN in the present technical solution may be SSLVPN.

The VPN server is respectively connected with the user insurance terminal and the insurance system, and is used for receiving the access request sent by the user insurance terminal and sending the access request to the insurance system. And the VPN server returns the response information of the response to the user insurance terminal. Wherein the insurance system may be a business platform of an insurance company.

It should be noted that, the above hardware structure may be applied to a user terminal, a terminal docking server, a plurality of transit devices, a plurality of user insurance terminals, and a plurality of VPN servers connected to corresponding insurance systems in the system.

In the above-described operation environment, according to a first aspect of the present embodiment, there is provided a method for a plurality of persons to access a plurality of systems simultaneously, the method being implemented by a terminal docking server, a relay device, and a user security terminal shown in fig. 2. Fig. 3 shows a schematic flow chart of the method, and referring to fig. 3, the method includes:

s302: the user terminal sends a first access request for accessing a first security system to a terminal docking server;

s304: the terminal docking server sends a first access request to a first virtual gateway through a first virtual private network, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access;

S306: the first virtual gateway sends a first access request to a second virtual gateway, wherein the second virtual gateway is arranged at a first user insurance terminal, the first user insurance terminal cannot be connected with the Internet, and the first transfer equipment and the first user insurance terminal are in the same local area network;

s308: the second virtual gateway sends the first access request to the first security system through a second virtual private network;

s310: under the condition of accessing the first insurance system, the user terminal sends a second access request for accessing a second insurance system to a terminal docking server;

s312: the terminal docking server sends a second access request to a third virtual gateway through a third virtual private network, wherein the third virtual gateway is arranged on second transfer equipment, the second transfer equipment can be connected with the Internet, and the third virtual private network is a network allowing multiple persons to access;

s314: the third virtual gateway sends a second access request to a fourth virtual gateway, wherein the fourth virtual gateway is arranged at a second user security terminal, the second user security terminal cannot be connected with the Internet, and the second transfer equipment and the second user security terminal are in the same local area network; and

S316: the fourth virtual gateway sends the second access request to the second insurance system via the fourth virtual private network.

Specifically, for example, the insurance agent wants to access the insurance system 1 (i.e., the first insurance system) through the user terminal 1, so that the insurance agent opens a browser on the user terminal 1 and inputs the domain name of the insurance company 1 in the browser. So that the user terminal 1 transmits an access request (i.e., a first access request) for accessing the insurance system 1 (i.e., the first insurance system) to the terminal docking server.

Further, after the terminal docking server receives the access request (i.e., the first access request) sent by the user terminal 1, the access request (i.e., the first access request) is sent to the virtual gateway 1 (i.e., the first virtual gateway) set in the transit device 1 (i.e., the first transit device) through the two-layer VPN (i.e., the first virtual private network) between the terminal docking server and the transit device 1 (i.e., the first transit device) according to the routing relationship between the terminal docking server and the virtual gateway 1 (i.e., the first virtual gateway) set in the transit device 1 (i.e., the first transit device). And wherein the two-layer VPN is a preset network that can be accessed by multiple persons, and wherein the transit device is a terminal device that can be connected to the internet. And wherein the terminal docking server is also provided with a two-layer VPN connected to the virtual gateway 1, i.e. the first virtual gateway.

Further, the transit device 1 (i.e., the first transit device) and the user insurance terminal (i.e., the first user insurance terminal) are disposed in the same local area network, so that after the virtual gateway 1 (i.e., the first virtual gateway) disposed in the transit device 1 (i.e., the first transit device) receives the access request (i.e., the first access request), the access request (i.e., the first access request) is sent to the virtual gateway 2 (i.e., the second virtual gateway) disposed in the user insurance terminal through the local area network. Wherein the user's department store terminal 1 (i.e., the first user's department store terminal) cannot connect to the internet.

Further, the virtual gateway 2 (i.e., the second virtual gateway) makes a VPN connection with the VPN1 server (i.e., the first virtual private network server). Whereby the virtual gateway 2 (i.e., the second virtual gateway) transmits an access request (i.e., the second access request) to the VPN1 server through the VPN (i.e., the second virtual private network), and thereafter the VPN1 server transmits the access request (i.e., the second access request) to the insurance system 1 (i.e., the first insurance system), whereby the insurance system 1 (i.e., the first insurance system) returns response information to the VPN1 server according to the access request. And the virtual gateway 2 receives the response information returned by the VPN1 server and returns the response information to the virtual gateway 1, and the virtual gateway 1 returns the response information to the terminal docking server after receiving the response information, so that the terminal docking server returns the response information to the user terminal 1. So that the insurance agent accesses the insurance system 1 (i.e., the first insurance system) through the user terminal 1.

In case that the insurance agent is accessing the insurance system 1 (i.e., the first insurance system) through the user terminal 1, the insurance agent needs to continue to access the insurance system 2 (i.e., the second insurance system) through the user terminal 1, so that the insurance agent opens a browser on the user terminal 1 and inputs the domain name of the insurance company 2 in the browser. So that the user terminal 1 transmits an access request (i.e., a second access request) for accessing the insurance system 2 (i.e., the second insurance system) to the terminal docking server.

Further, after the terminal docking server receives the access request (i.e., the second access request) sent by the user terminal 1, the access request (i.e., the second access request) is sent to the virtual gateway 3 (i.e., the third virtual gateway) set in the relay device 2 (i.e., the second relay device) through the two-layer VPN (i.e., the third virtual private network) between the terminal docking server and the relay device 2 according to the routing relationship between the terminal docking server and the virtual gateway 3 (i.e., the third virtual gateway) set in the relay device 2 (i.e., the second relay device). And wherein the two-layer VPN is a preset network that can be accessed by multiple persons, and wherein the transit device is a terminal device that can be connected to the internet. And wherein the terminal docking server is also provided with a two-layer VPN connected to the virtual gateway 3, i.e. the third virtual gateway.

Further, the relay device 2 (i.e., the second relay device) and the user policy terminal 2 (i.e., the second user policy terminal) are disposed in the same local area network, so that after the virtual gateway 3 (i.e., the third virtual gateway) disposed in the relay device 2 (i.e., the second relay device) receives the access request (i.e., the second access request), the access request (i.e., the second access request) is sent to the virtual gateway 4 (i.e., the fourth virtual gateway) disposed in the user policy terminal through the local area network. Wherein the user's department store terminal 2 (i.e. the second user's department store terminal) cannot connect to the internet.

Further, the virtual gateway 4 (i.e., the fourth virtual gateway) makes a VPN connection with a VPN2 server (i.e., the second virtual private network server). Whereby the virtual gateway 4 (i.e., the fourth virtual gateway) transmits an access request (i.e., the second access request) to the VPN2 server through the VPN (i.e., the fourth virtual private network), and thereafter the VPN2 server transmits the access request (i.e., the second access request) to the insurance system 2 (i.e., the second insurance system), whereby the insurance system 2 (i.e., the second insurance system) returns response information to the VPN2 server according to the access request. And the virtual gateway 4 receives the response information returned by the VPN2 server and returns the response information to the virtual gateway 3, and the virtual gateway 3 returns the response information to the terminal docking server after receiving the response information, so that the terminal docking server returns the response information to the user terminal 1. So that the insurance agent accesses the insurance system 2 (i.e., the second insurance system) through the user terminal 1.

In case that an insurance agent is accessing the insurance system 1 (i.e., the first insurance system) through the user terminal 1, another insurance agent needs to access the insurance system 1 through the user terminal 2, so that the insurance agent opens a browser on the user terminal 2 and inputs the domain name of the insurance company 1 in the browser. So that the user terminal 2 sends an access request for accessing the insurance system 1 to the terminal docking server.

Further, after receiving the access request sent by the user terminal 2, the terminal docking server sends the access request to the virtual gateway 1 set in the relay device 1 through the two-layer VPN between the terminal docking server and the relay device 1 according to the routing relationship between the terminal docking server and the virtual gateway 1. And wherein the two-layer VPN is a preset network that can be accessed by multiple persons, and wherein the transit device is a terminal device that can be connected to the internet. And wherein the terminal docking server is also provided with a two-layer VPN connected to the virtual gateway 1.

Further, the transit device 1 and the user insurance terminal 1 are arranged in the same local area network, so that after the virtual gateway 1 arranged in the transit device 1 receives the access request, the access request is sent to the virtual gateway 2 arranged in the user insurance terminal through the local area network. Wherein the user terminal 1 cannot connect to the internet.

Further, the virtual gateway 2 makes VPN connection with the VPN1 server. The virtual gateway 2 thus transmits the access request to the VPN1 server through the VPN, and then the VPN1 server transmits the access request to the insurance system 1, so that the insurance system 1 (i.e., the first insurance system) returns response information to the VPN1 server according to the access request. And the virtual gateway 2 receives the response information returned by the VPN1 server and returns the response information to the virtual gateway 1, and the virtual gateway 1 returns the response information to the terminal docking server after receiving the response information, so that the terminal docking server returns the response information to the user terminal 2. So that the insurance agent accesses the insurance system 1 (i.e., the first insurance system) through the user terminal 2.

As described in the background, the insurance industry typically uses VPNs to access insurance systems. However, in the prior art, VPNs provided by most companies are not allowed to access multiple systems at the same time, nor are they allowed to access an insurance system through multiple user terminals, for reasons of commercial nature and the like. For example, an insurance company provides only one specific VPN client for logging in to an insurance system, and an insurance agent performs operations such as opening a policy on the VPN client provided on a user terminal. Due to VPN limitations, the insurance agent can only access the corresponding insurance system on the user terminal through the VPN corresponding to the insurance company. For example, when an insurance agent accesses the system of insurance company a through VPN of insurance system a at the user terminal and then wants to access the system of insurance company B again, the insurance agent needs to log out VPN of insurance system a and then log in VPN of insurance company B to access the system of insurance company B through VPN of insurance company B. And when the insurance agent wants to access the insurance system through the user terminal, the insurance agent can only wait for the other insurance agents accessing the insurance system through the user terminal to finish the use, and can perform the bill opening operation. By the mode, although the data safety of an insurance company can be protected, the operation is more complicated, and the working efficiency is reduced.

According to the technical scheme provided by the embodiment of the application, the insurance agent accesses the insurance system through the user terminal, so that the terminal docking server receives the access request sent by the user terminal and sends the access request to the corresponding virtual network card according to the predetermined routing rule, and the routing speed is ensured. In addition, the technical scheme only accesses the two-layer VPN connected with the VPN, so that the problem that the VPN cannot be accessed by multiple persons at the same time is solved through the two-layer VPN which can be accessed by multiple persons at the same time. When the user terminal in the technical scheme accesses the insurance system through the two-layer VPN, the user terminal can access the other insurance system through the two-layer VPN without exiting login, wherein the two-layer VPN and the VPN of the user access insurance system are connected through the virtual gateway of the transit equipment and the virtual gateway of the user insurance terminal, so that an access request can be sent to the VPN capable of accessing the insurance system through the two-layer VPN. And, the user insurance terminal for deploying VPN can not be connected with Internet, but can access the insurance system through VPN, so that the two-layer VPN is deployed through the transit equipment capable of being connected with Internet, and the transit equipment deployed with the two-layer VPN is connected with VPN through the virtual gateway. Thus solving the problem that a plurality of insurance systems cannot be accessed simultaneously through the user terminal. The system and the method solve the technical problems of complex operation and reduced efficiency caused by the fact that a system of a plurality of insurance companies cannot be accessed through one user terminal at the same time and a system of a plurality of insurance companies cannot be accessed through the user terminals at the same time in the prior art.

It should be noted that, the technical solution is not limited to the two-layer VPN, and may be three-layer VPN or four-layer VPN according to actual needs, which is not limited herein.

Furthermore, although the process of accessing the insurance system is described here by taking the user terminal 1, the user terminal 2 as an example, the same applies to the user terminal 3. For example, the user terminal device 3 sends an access request to a terminal docking server, the terminal docking server sends the access request to a virtual gateway of the relay device 3, then the virtual gateway of the relay device 3 sends the access request to a virtual gateway of the user policy holder terminal 3, then the virtual gateway of the user policy holder terminal 3 sends the access request to a VPN3 server, and the VPN3 server sends the access request to the insurance system 3.

Optionally, the operation of the terminal docking server sending the first access request to the first virtual gateway through the first virtual private network includes: the terminal docking server receives a first access request sent by a user terminal; and the terminal docking server sends the first access request to the first virtual gateway according to a preset routing rule.

Specifically, the two modes of registering the two-layer VPN by the insurance agent through the user terminal 1 include an agent mode and a VPN application mode. For example, the insurance agent can log in the two-layer VPN by performing agent setting in the browser in the user terminal 1 and inputting the agent account number and the password. Alternatively, the insurance agent may also install a VPN application in the user terminal 1, and log in to the two-layer VPN through the user account and password. The proxy account and the user account are registered by operation staff through transfer equipment.

Specifically, the operation and maintenance personnel send an account registration request to the terminal docking server through the two-layer VPN1 client side set in the transfer equipment 1, and the terminal docking server generates a two-layer VPN account, a plurality of proxy accounts and a plurality of user account according to the received account registration request. Wherein the plurality of proxy account numbers and the plurality of user account numbers are for distribution to a plurality of insurance agents. And then, the operation and maintenance personnel logs in the two-layer VPN in the client of the two-layer VPN1 through the generated two-layer VPN account, so that the terminal docking server and the transfer equipment 1 are connected by the two-layer VPN. After the terminal docking server performs the two-layer VPN connection with the relay device 1, the terminal docking server allocates a fixed IP address to the two-layer VPN. And the terminal docking server automatically monitors whether the IP addresses of the two-layer VPN are communicated or not through a ping command according to a preset time interval. If the ping is normal, the terminal docking server is communicated with the two-layer VPN. If the ping is not conducted, the terminal is indicated that the terminal docking server and the two-layer VPN are disconnected, an alarm notification is sent out in time, and automatic connection is conducted.

Further, for example, the insurance agent inputs the assigned user account number and password in the VPN application in the user terminal 1 to log in. After the login is successful, a domain name of the insurance system to be accessed, for example, a domain name of the insurance system 1 is input in the browser of the user terminal 1. The user terminal 1 then sends an access request (i.e. a first access request) for accessing the insurance system 1 to the terminal docking server. Wherein the access request includes at least the user account number and the domain name of the insurance system 1.

Further, after the terminal docking server receives the access request (i.e., the first access request), the access request is parsed, so as to obtain the user account and the domain name of the insurance system 1. And then the terminal docking server searches in a pre-stored routing relation table according to the user end account number of the insurance agent. Wherein the routing relation table is used for storing the routing relation among the user information of the insurance agent, the IP address of the virtual gateway 1 and the domain name of the insurance system 1. The user information comprises proxy account information and user account information. And the routing relationship in the routing relationship table is a desktop GUI application program set in the transit device 1 by the operation and maintenance personnel, and sets the user account number of the insurance agent, the IP address of the virtual network card 1, and the domain name of the insurance system 1 (i.e., the first insurance system).

And after the terminal docking server retrieves the user end account number of the insurance agent in the routing relation table, acquiring the domain name of the insurance system in routing relation with the user end account number, and judging that the user end account number has the authority to access the insurance system 1 when the domain name of the insurance system is the domain name of the insurance system 1. When the domain name of the insurance system is not the domain name of the insurance system 1, it is determined that the user account does not have the authority to access the insurance system 1.

When the user account is judged to have the authority to access the insurance system 1, the terminal docking server acquires the IP address of the virtual gateway 1 stored in the routing relation table with the user account, and sends an access request (i.e., a first access request) to the virtual gateway 1 according to a preset routing rule. Wherein the routing rule sets a static route for the IP address of the virtual gateway 1, so that the access request (i.e., the first access request) is transmitted to the virtual gateway 1 through the two-layer VPN according to the IP address of the virtual gateway 1.

In addition, the operation and maintenance personnel can register the two-layer VPN account numbers, the plurality of user end account numbers and the plurality of proxy account numbers through a desktop GUI application program arranged in the transfer equipment.

Therefore, in the technical scheme, the routing relation between the domain name of the insurance system and the IP address of the virtual gateway is pre-stored in the terminal docking server, so that the terminal docking server can automatically route to the virtual gateway for accessing the insurance system only by inputting the domain name of the insurance system, thereby facilitating the operation of the user.

Optionally, the operation of the first virtual gateway sending the first access request to the second virtual gateway includes: the first virtual gateway sends a first access request to a first local network card, wherein the first local network card is arranged in first transfer equipment; and the first local network card sends the first access request to the second virtual gateway.

Specifically, the operation and maintenance personnel enter the two-layer VPN1 client set in the transfer device 1 (i.e., the first transfer device) through the transfer device 1 (i.e., the first transfer device), and log in through the two-layer VPN account number and the password. The transfer device 1 then starts up two network cards, and uses one network card as a local network card (i.e., the first local network card) and the other network card as a two-layer VPN network card. Wherein each network card has an IP address.

Further, the operation and maintenance personnel inputs the domain name of the insurance system 1 and the IP address of the virtual gateway 2 (i.e., the second virtual gateway) in the desktop GUI application program in the transit device 1 (i.e., the first transit device), then selects "bypass networking", and clicks "network card auto-identification". And the desktop GUI application program acquires a network card adapter list, and corresponding network card information such as a network card IP address, a network card name, a network card mask and the like of the network card from the configuration information of the transfer equipment 1.

Further, the desktop GUI application determines a network card (i.e., a first local network card) used when accessing an external web site by means of route probing, thereby determining a network card adapter corresponding to the first local network card from the network card adapter list according to the network card name and the network card IP address of the network card. And the desktop GUI application program determines the network card adapter of the network card corresponding to the two-layer VPN from the network card adapter list according to the determined network card IP address of the network card corresponding to the two-layer VPN. When registering the two-layer VPN account, the terminal docking server distributes an IP address for the network card corresponding to the two-layer VPN.

Further, the network card adapter of the network card corresponding to the two-layer VPN automatically identifies the network card information corresponding to the two-layer VPN, and the network card adapter of the first local network card automatically identifies the network card information of the first local network card. And then the operation and maintenance personnel clicks a bypass networking end one-key initialization in a desktop GUI application program, and the desktop GUI application program shares the first local network card with the network card corresponding to the two-layer VPN. Thus, the desktop GUI application automatically generates the virtual gateway 1 (i.e., the first virtual gateway) from the network card corresponding to the two-layer VPN, and determines an IP address for the virtual gateway 1 (i.e., the first virtual gateway), where the IP address is the IP address of the network card corresponding to the two-layer VPN. And the desktop GUI application sets static routing rules for the virtual gateway 1 (i.e., the first virtual gateway) for default routing to the IP address of the first local network card. And the desktop GUI application sets static routing rules for the first local network card for default routing to the IP address of virtual gateway 2 (i.e., the second virtual gateway).

Further, in the process that the insurance agent accesses the insurance system 1 through the user terminal 1, the terminal docking server sends an access request (i.e., a first access request) to the virtual gateway 1 (i.e., a first virtual gateway), and then the virtual gateway 1 (i.e., the first virtual gateway) sends the access request (i.e., the first access request) to the first local network card according to the IP address of the first local network card in the preset static routing rule.

Further, the first local network card sends the received access request (i.e. the first access request) to the virtual gateway 2 (i.e. the second virtual gateway) through the local network according to the IP address of the virtual gateway 2 (i.e. the second virtual gateway) in the preset static routing rule. Wherein the virtual gateway 2 is provided to the user's department terminal 1 which cannot connect to the internet, and the user's department terminal 1 and the transit device 1 are in the same local area network, and wherein the transit device 1 can connect to the internet.

Therefore, in the technical scheme, the two-layer VPN is constructed by the transit equipment capable of being connected with the Internet and the terminal docking server. And the two-layer VPN for multi-person access is connected with the local area network through the virtual gateway, and then the virtual gateway capable of accessing the VPN is connected, so that under the condition that the user insurance terminal cannot be connected with the Internet, the connection between the two-layer VPN and the VPN is realized through the transfer equipment capable of being connected with the Internet.

Optionally, the operation of the second virtual gateway sending the first access request to the first security system through the second virtual private network includes: the second virtual gateway sends the first access request to the first virtual private network server through the second virtual private network; and the first virtual private network server sends the first access request to the first security system.

Specifically, the operation and maintenance personnel enter the VPN1 client set in the user insurance terminal 1 (i.e., the first user insurance terminal) through the user insurance terminal 1 (i.e., the first user insurance terminal), and log in through the VPN account number and the password. Then, the user insurance terminal 1 (i.e. the first user insurance terminal) starts up two network cards, and uses one network card as a local network card and the other network card as a VPN network card. Wherein each network card has an IP address.

Further, the operation and maintenance personnel inputs the domain name and VPN account number of the insurance system 1 in the desktop GUI application program in the user insurance terminal 1 (i.e., the first user insurance terminal), then selects "bypass networking", and clicks "network card automatic identification". The desktop GUI application then obtains the network card adapter list, and corresponding network card information such as the network card IP address, the network card name, and the network card mask of the network card, from the configuration information of the user's port terminal 1 (i.e., the first user port terminal).

Further, the desktop GUI application determines a network card (i.e., a local network card of the user's policy holder terminal 1) used when accessing an external web site by means of route probing, so as to determine a network card adapter corresponding to the local network card of the user's policy holder terminal 1 from the network card adapter list according to the network card name and the network card IP address of the network card. And the desktop GUI application determines a network card (i.e., a network card corresponding to the VPN) used when accessing the insurance system 1 (i.e., the first insurance system) by means of route probing, thereby determining a network card adapter of the network card corresponding to the VPN from the network card adapter list according to the network card name and the network card IP address of the network card.

Further, the network card adapter of the network card corresponding to the VPN automatically identifies the network card information corresponding to the VPN, and the network card adapter of the local network card of the user terminal 1 automatically identifies the network card information of the local network card of the user terminal 1. And then the operation and maintenance personnel clicks a bypass networking one-key initialization in a desktop GUI application program, and the desktop GUI application program shares the VPN network to the local network card of the user insurance terminal 1 through the network card corresponding to the VPN. The desktop GUI application thus automatically generates the virtual gateway 2 (i.e. the second virtual gateway) through the local network card of the user protection terminal 1 and determines an IP address for the virtual gateway 2 (i.e. the second virtual gateway), wherein the IP address is the IP address of the local network card of the user protection terminal 1.

Further, the first local network card sends the received access request (i.e. the first access request) to the virtual gateway 2 (i.e. the second virtual gateway) through the local network according to the IP address of the virtual gateway 2 (i.e. the second virtual gateway) in the preset static routing rule. Wherein the virtual gateway 2 is provided to the user's department terminal 1 which cannot connect to the internet, and the user's department terminal 1 can connect to the VPN1 server through the VPN. And the user terminal 1 and the transit device 1 are in the same local area network, and wherein the transit device 1 can be connected to the internet.

Further, after receiving the access request (i.e., the second access request) sent by the first local network card, the virtual gateway 2 (i.e., the second virtual gateway) sends the access request (i.e., the first access request) to the VPN1 server through the VPN. The VPN1 server then sends an access request (i.e. a first access request) to the insurance system 1.

Wherein the VPN1 server (i.e., the first virtual private network server) is limited to single person access via the VPN. And wherein the virtual gateway 2 is for connecting the local area network with the VPN and the virtual gateway 1 is for connecting the local area network with the two-layer VPN, whereby the two-layer VPN and the VPN can be connected through the virtual gateway 1, the local area network and the virtual gateway 2. A two-layer VPN is a network that allows multiple persons to access, and a VPN is a network that allows only a single person to access. And wherein the VPN1 client is the portal that the insurance company 1 allocates to the insurance agency's insurance system 1 for single person access and conflicts with other insurance systems.

For example, the insurance company 1 assigns the insurance agency a unique one VPN1 client for accessing the insurance system 1 and a corresponding one VPN account number. The insurance agency sets the VPN1 client on the user insurance terminal 1. So that the insurance agent can access the corresponding VPN1 server through the VPN1 client on the user insurance terminal 1 and the VPN account number, thereby accessing the insurance system 1. Likewise, the insurance company 2 assigns to the insurance agency a unique VPN2 client for accessing the insurance system 2 and a corresponding VPN account number. The insurance agency sets the VPN2 client on the user insurance terminal 2. So that the insurance agent can access the corresponding VPN2 server through the VPN2 client on the user insurance terminal 2 and the VPN account number, thereby accessing the insurance system 2. Similarly, the insurance company 3 assigns to the insurance agency a unique VPN3 client for accessing the insurance system 3 and a corresponding VPN account number. The insurance agency sets the VPN3 client on the user insurance terminal 3. So that the insurance agent can access the corresponding VPN3 server through the VPN3 client on the user insurance terminal 3 and the VPN account number, thereby accessing the insurance system 3.

Therefore, referring to fig. 2, in the present technical solution, only one VPN client is provided at each user policy terminal, and a two-layer VPN connected to the VPN through a virtual gateway is provided, so that the user terminal may access the insurance system through the two-layer VPN for multi-person access. That is, one user terminal may access a corresponding plurality of insurance systems simultaneously through a plurality of two-layer VPNs. And a plurality of user terminals can access a corresponding one of the insurance systems simultaneously through a two-layer VPN.

Therefore, the virtual gateway has the capability of allowing multiple persons to access the insurance system simultaneously in a network sharing mode, so that the situation that a user can access one VPN after exiting the other VPN is avoided, and the working efficiency is improved.

Optionally, the operation of the terminal docking server sending the second access request to the third virtual gateway through the third virtual private network includes: the terminal docking server receives a second access request sent by the user terminal; and the terminal docking server sends the second access request to the third virtual gateway according to a preset routing rule.

Specifically, the operation and maintenance personnel send an account registration request to the server through the two-layer VPN2 client side arranged in the transfer equipment 2, and the terminal docking server generates a two-layer VPN account, a plurality of proxy accounts and a plurality of user account according to the received account registration request. Wherein the plurality of proxy account numbers and the plurality of user account numbers are for distribution to a plurality of insurance agents. And then, the operation and maintenance personnel logs in the two-layer VPN2 client through the generated two-layer VPN account, so that the terminal docking server and the transfer equipment 2 are connected by the two-layer VPN. After the terminal docking server performs the two-layer VPN connection with the relay device 2, the terminal docking server allocates a fixed IP address to the two-layer VPN. And the terminal docking server automatically monitors whether the IP addresses of the two-layer VPN are communicated or not through a ping command according to a preset time interval. If the ping is normal, the terminal docking server is communicated with the two-layer VPN. If the ping is not conducted, the terminal is indicated that the terminal docking server and the two-layer VPN are disconnected, an alarm notification is sent out in time, and automatic connection is conducted.

Further, for example, the insurance agent inputs the assigned user account number and password in the VPN application in the user terminal 1 to log in. After the login is successful, the domain name of the insurance system to be accessed, for example, the domain name of the insurance system 2 is input in the browser of the user terminal 1. The user terminal 1 then sends an access request (i.e. a second access request) for accessing the insurance system 2 to the terminal docking server. Wherein the access request includes at least the user account number and the domain name of the insurance system 2.

Further, after the terminal docking server receives the access request (i.e., the second access request), the terminal docking server parses the access request, thereby obtaining the user account and the domain name of the insurance system 2. And then the terminal docking server searches in a pre-stored routing relation table according to the user end account number of the insurance agent. Wherein the routing relation table is used for storing routing relations between user information of the insurance agent, the IP address of the virtual gateway 3 and the domain name of the insurance system 2. The user information comprises proxy account information and user account information. And the routing relationship in the routing relationship table is a desktop GUI application program set in the transit device 2 by the operation and maintenance personnel, and sets the user account number of the insurance agent, the IP address of the virtual network card 3, and the domain name of the insurance system 2 (i.e., the second insurance system).

And after the terminal docking server retrieves the user end account number of the insurance agent in the routing relation table, acquiring the domain name of the insurance system in routing relation with the user end account number, and judging that the user end account number has the authority to access the insurance system 2 when the domain name of the insurance system is the domain name of the insurance system 2. When the domain name of the insurance system is not the domain name of the insurance system 2, it is determined that the user account does not have the authority to access the insurance system 2.

When it is determined that the user account has the authority to access the insurance system 2, the terminal docking server acquires the IP address of the virtual gateway 3 stored in the routing relationship table with the user account, and sends an access request (i.e., a second access request) to the virtual gateway 3 according to a preset routing rule. Wherein the routing rule sets a static route for the IP address of the virtual gateway 3, so that the access request (i.e., the second access request) is transmitted to the virtual gateway 3 through the two-layer VPN according to the IP address of the virtual gateway 3.

Optionally, the operation of the third virtual gateway sending the second access request to the fourth virtual gateway includes: the third virtual gateway sends a second access request to a second local network card, wherein the second local network card is arranged in second transfer equipment; and the second local network card sends the second access request to the fourth virtual gateway.

Specifically, the operation and maintenance personnel enter the two-layer VPN2 client set in the relay device 2 (i.e., the second relay device) through the relay device 2 (i.e., the second relay device), and log in through the two-layer VPN account number and the password. The transfer device 2 then starts up two network cards, and uses one network card as a local network card (i.e., the second local network card) and the other network card as a two-layer VPN network card. Wherein each network card has an IP address.

Further, the operation and maintenance personnel inputs the domain name of the insurance system 2 and the IP address of the virtual gateway 3 (i.e., the third virtual gateway) in the desktop GUI application program in the relay device 2 (i.e., the second relay device), then selects "bypass networking", and clicks "network card auto-identification". And the desktop GUI application program acquires a network card adapter list, a network card IP address, a network card name, a network card mask and other network card information of the corresponding network card from the configuration information of the forwarding device 2.

Further, the desktop GUI application determines a network card (i.e., a second local network card) used when accessing the external web site by means of route probing, so as to determine a network card adapter corresponding to the second local network card from the network card adapter list according to the network card name and the network card IP address of the network card. And the desktop GUI application program determines the network card adapter of the network card corresponding to the two-layer VPN from the network card adapter list according to the determined network card IP address of the network card corresponding to the two-layer VPN. When registering the two-layer VPN account, the terminal docking server distributes an IP address for the network card corresponding to the two-layer VPN.

Further, the network card adapter of the network card corresponding to the two-layer VPN automatically identifies the network card information corresponding to the two-layer VPN, and the network card adapter of the second local network card automatically identifies the network card information of the second local network card. And then the operation and maintenance personnel clicks a bypass networking end one-key initialization in a desktop GUI application program, and the desktop GUI application program shares the second local network card with the network card corresponding to the two-layer VPN. The desktop GUI application thus automatically generates a virtual gateway 3 (i.e., a third virtual gateway) for the network card corresponding to the two-layer VPN and determines an IP address for the virtual gateway 3 (i.e., the third virtual gateway), where the IP address is the IP address of the network card corresponding to the two-layer VPN. And the desktop GUI application sets static routing rules for virtual gateway three (i.e., the third virtual gateway) for default routing to the IP address of the second local network card. And the desktop GUI application sets static routing rules for the second local network card for default routing to the IP address of virtual gateway 3 (i.e., the third virtual gateway).

Further, in the process that the insurance agent accesses the insurance system 2 through the user terminal 1, the terminal docking server sends an access request (i.e., a second access request) to the virtual gateway 3 (i.e., a third virtual gateway), and then the virtual gateway 3 (i.e., the third virtual gateway) sends the access request (i.e., the second access request) to the second local network card according to the IP address of the second local network card in the preset static routing rule.

Further, the second local network card sends the received access request (i.e. the second access request) to the virtual gateway 4 (i.e. the fourth virtual gateway) through the local network according to the IP address of the virtual gateway 4 (i.e. the fourth virtual gateway) in the preset static routing rule. Wherein the virtual gateway 4 is provided to the user's department terminal 2 which cannot connect to the internet, and the user's department terminal 2 and the transit device 2 are in the same local area network, and wherein the transit device 2 can connect to the internet.

Optionally, the operation of the fourth virtual gateway sending the second access request to the second insurance system through the fourth virtual private network includes: the fourth virtual gateway sends a second access request to a second virtual private network server through a fourth virtual private network; and the second virtual private network server sending a second access request to the second insurance system.

Specifically, the operation and maintenance personnel enter the VPN2 client set in the user insurance terminal 2 (i.e., the second user insurance terminal) through the user insurance terminal 2 (i.e., the second user insurance terminal), and log in through the VPN account number and the password. The user insurance terminal 2 (i.e. the second user insurance terminal) then starts up two network cards, with one network card being the local network card and the other being the VPN network card. Wherein each network card has an IP address.

Further, the operation and maintenance personnel inputs the domain name and VPN account number of the insurance system 2 in the desktop GUI application program in the user insurance terminal 2 (i.e., the second user insurance terminal), then selects "bypass networking", and clicks "network card automatic identification". The desktop GUI application then obtains the network card adapter list, and corresponding network card information such as the network card IP address, the network card name, and the network card mask of the network card, from the configuration information of the user's policy holder terminal 2 (i.e., the second user policy holder terminal).

Further, the desktop GUI application determines a network card (i.e., a local network card of the user's policy holder terminal 2) used when accessing an external web site by means of route probing, so as to determine a network card adapter corresponding to the local network card of the user's policy holder terminal 2 from the network card adapter list according to the network card name and the network card IP address of the network card. And the desktop GUI application determines a network card (i.e., a network card corresponding to the VPN) used when accessing the insurance system 2 (i.e., the second insurance system) by means of route probing, thereby determining a network card adapter of the network card corresponding to the VPN from the network card adapter list according to the network card name and the network card IP address of the network card.

Further, the network card adapter of the network card corresponding to the VPN automatically identifies the network card information corresponding to the VPN, and the network card adapter of the local network card of the user's department terminal 2 automatically identifies the network card information of the local network card of the user's department terminal 2. And then the operation and maintenance personnel clicks a bypass networking one-key initialization in a desktop GUI application program, and the desktop GUI application program shares the VPN network to the local network card of the user insurance terminal 2 through the network card corresponding to the VPN. The desktop GUI application thus automatically generates the virtual gateway 4 (i.e. the fourth virtual gateway) through the local network card of the user protection terminal 2 and determines an IP address for the virtual gateway 4 (i.e. the fourth virtual gateway), wherein the IP address is the IP address of the local network card of the user protection terminal 2.

Further, in the process that the insurance agent accesses the insurance system 1 through the user terminal 1, the terminal docking server sends an access request (i.e., a second access request) to the virtual gateway 3 (i.e., a third virtual gateway), and then the virtual gateway 3 (i.e., the third virtual gateway) sends the access request (i.e., the second access request) to the second local network card according to the IP address of the second local network card in the preset static routing rule.

Further, the second local network card sends the received access request (i.e. the second access request) to the virtual gateway 4 (i.e. the fourth virtual gateway) through the local network according to the IP address of the virtual gateway 4 (i.e. the fourth virtual gateway) in the preset static routing rule. Wherein the virtual gateway 4 is provided to the user's department terminal 2 which cannot connect to the internet, and the user's department terminal 2 can connect to the VPN2 server through the VPN. And the user terminal 2 and the relay device 2 are in the same local area network, and wherein the relay device 2 may be connected to the internet.

Further, after receiving the access request (i.e., the second access request) sent by the second local network card, the virtual gateway 4 (i.e., the fourth virtual gateway) sends the access request (i.e., the second access request) to the VPN2 server through the VPN. The VPN2 server then sends an access request (i.e. a second access request) to the insurance system 2.

Wherein the VPN2 server (i.e. the second virtual private network server) is limited to single person access via VPN. And wherein the virtual gateway 4 is configured to connect the local area network with the VPN and the virtual gateway 3 is configured to connect the local area network with the two-layer VPN, such that the two-layer VPN and the VPN can be connected through the virtual gateway 3, the local area network and the virtual gateway 4. A two-layer VPN is a network that allows multiple persons to access, and a VPN is a network that allows only a single person to access. And wherein the VPN2 client is the portal that the insurance company 2 allocates to the insurance agent's insurance system 2 for single person access and conflicts with other insurance systems.

Optionally, a plurality of containers are preset in the terminal docking server, and are used for setting a plurality of virtual client functions, where each virtual client function corresponds to one insurance system. Thus, each virtual client function is isolated through the container, and mutual influence is avoided.

Wherein the mirror image function corresponding to the container includes:

(1) And the security of communication is ensured through encryption of the ssl certificate.

(2) The user (namely, operation and maintenance personnel) login security is ensured through OTP dynamic passwords and two-layer VPN passwords, and the OTP generates an unpredictable random number combination at regular time intervals based on a special algorithm. The crypto expiration date of the OTP is only in one session or transaction and is therefore not vulnerable to attack.

(3) Limiting the failed login times of the user (i.e. the operation and maintenance personnel) to login the two-layer VPN, and automatically locking for a period of time when the user (i.e. the operation and maintenance personnel) fails to login, so as to ensure login safety.

(4) The online time of the user (namely, the operation and maintenance personnel) is limited, the designated online time is reached, the online is automatically performed, and the data security is ensured.

(5) Logging out overtime and automatically exiting.

(6) Limiting the number of online two-layer VPN clients.

(7) And generating a fixed IP address according to the two-layer VPN account.

(8) User account rights of the insurance agent are defined.

Optionally, the step of creating the encryption for the terminal docking server and the batch creation of the multifunctional mirror image by the user includes:

(1) And selecting a certain port from all ports of the terminal docking server, judging whether the port is occupied, and searching other ports in the terminal docking server as server ports if the port is occupied.

The mirror image is started by starting 3 ports on the terminal docking server, namely a tcp port of the SSLVPN connection, a udp port of the SSLVPN connection and a transfer management port for interaction between the server and the transfer equipment (the ports are mainly used for functions such as user registration and the like).

(2) Creating an initial group profile from a configuration

The initial packet configuration file describes the prepended parameters of the udp port, the encryption mode, whether monitoring is started or not, and the like.

(3) Initializing a configuration file according to a configuration

Such as ssl encryption certificate configuration, sessiontimeout, etc.

(4) Creation of certificate files by certtol one-touch

Purchased SSL certificates may be employed, or certtol may be employed to automatically generate self-signed certificate files for cost reduction.

Due to the limitation of the angonnect protocol, different images are adopted to generate different certificate files.

(5) Starting Docker mirror image according to configuration one key

Starting an ocserv mirror image and a transit management service according to the configuration generated in the step (3) and the step (4), and mapping tcp ports and udp ports and transit management ports of SSLVPN connection. While mounting the data and log logical volumes into the mirror container.

(6) Managing mirror internal services through a hypervisor

After the mirror image is started, 3 services, namely a main service, a transit management service and a super service of the ocserv, are mainly started. The super mainly manages the main service and the transit management service of the ocserv, and once the process is abnormally exited, the super automatically pulls up the process; the ocserv's main service is used for interacting with VPN (for network connection, connecting transfer device and terminal docking server), and the transfer management service mainly performs functions of user registration, route binding, etc.

(7) Detecting and judging whether the service is started normally or not through the pipeline and the openconnect

In addition, the local network card information is saved to the local when the operation and maintenance personnel opens the desktop GUI application program for the first time through the user insurance terminal and the transit equipment. Wherein the network card information includes a network card name, a network card address, a network card mask, and dns. When the network is abnormal, an operation and maintenance person clicks on 'network reset', so that the desktop GUI application program automatically reads the local persistent file through the netsh to restore the original network state.

Optionally, the step of automatically reconnecting the two-layer VPN disconnection between the terminal docking server and the relay device includes:

(1) Judging whether the process of the two-layer VPN exists or not, and automatically reconnecting if the process of the two-layer VPN does not exist.

(2) Judging whether the network card of the two-layer VPN is started and the IP information is normal, and automatically reconnecting if the network card is not started and the IP information is abnormal.

(3) Judging whether the network card of the two-layer VPN is communicated with the corresponding gateway IP, and if not, reconnecting automatically.

(4) The automatic reconnection mainly creates background service through sc command to run the disconnection reconnection detection process in real time, and once the disconnection is automatically reconnected.

Optionally, the operation and maintenance personnel automatically set a default route for the two-layer VPN after registering through the two-layer VPN client of the transit device. When the operation and maintenance personnel access the terminal docking server by using the transit equipment, the access terminal docking server can be accessed by using the default route of the two-layer VPN. And the transit device sets other routes for other websites (e.g., hundred degrees or new waves, etc.) that do not point to the terminal docking server. And the operation and maintenance personnel access the corresponding websites by using routes corresponding to other websites through the transfer equipment. Or the operation and maintenance personnel modifies the default route for the two-layer VPN through the terminal docking server, and sets 1 route which is not commonly used for the two-layer VPN of the transfer equipment. Thereby avoiding network congestion and waste caused by forwarding the access request of the transfer equipment to the server through the terminal.

Alternatively, when the VPN application is utilized by the user terminal device to access the insurance system, there may be a risk of user rights overflow without any configuration of the VPN application (e.g., the a account defines access to only the a insurance system, but the a account accesses the B insurance system). The main reason is that the IP addresses of adjacent accounts can be communicated by default after the accounts of the two-layer VPN log in, and once a user terminal is attacked maliciously, all addresses of the whole two-layer VPN can be scanned and acquired through a specific means.

In order to avoid the overflow risk of the user permission, user permission limitation is added when a container of a terminal docking server is set, and the isolation function of the user account is realized. For example, proxy account a can only access xxx.com (10.0.0.100) of system of insurance company a, and when proxy account a logs in the terminal docking server, the terminal docking server automatically creates a custom chain of client proxy, and access is allowed to 10.0.0.100, but is denied. Thereby realizing the permission isolation function of different user account numbers.

Optionally, in order to enhance user security control, a user log-in and log-out function is preset in the terminal docking server for an insurance agent using the user terminal. And (3) converting the common log into a log in a JSON format through a log conversion tool, and storing the log into a shared storage. The terminal docking server collects JSON logs logged in and logged out by the user through a log collecting tool, pushes the JSON logs into a search data analysis engine, and monitors login activity of a user account in real time by combining the search data analysis engine. Once abnormal login activities are found, the alarm is given in time, and even the user is actively shut down. Meanwhile, the operation activities of the user are audited through preset analysis and a visual platform, and the potential safety risk is found in time.

Further, referring to fig. 1, according to a second aspect of the present embodiment, there is provided a storage medium. The storage medium includes a stored program, wherein the method of any one of the above is performed by a processor when the program is run.

Thus, according to the embodiment, the insurance agent accesses the insurance system through the user terminal, so that the terminal docking server receives the access request sent by the user terminal, and sends the access request to the corresponding virtual network card according to the predetermined routing rule, thereby ensuring the routing speed. In addition, the technical scheme only accesses the two-layer VPN connected with the VPN, so that the problem that the VPN cannot be accessed by multiple persons at the same time is solved through the two-layer VPN which can be accessed by multiple persons at the same time. When the user terminal in the technical scheme accesses the insurance system through the two-layer VPN, the user terminal can access the other insurance system through the two-layer VPN without exiting login, wherein the two-layer VPN and the VPN of the user access insurance system are connected through the virtual gateway of the transit equipment and the virtual gateway of the user insurance terminal, so that an access request can be sent to the VPN capable of accessing the insurance system through the two-layer VPN. And, the user insurance terminal for deploying VPN can not be connected with Internet, but can access the insurance system through VPN, so that the two-layer VPN is deployed through the transit equipment capable of being connected with Internet, and the transit equipment deployed with the two-layer VPN is connected with VPN through the virtual gateway. Thus solving the problem that a plurality of insurance systems cannot be accessed simultaneously through the user terminal. The system and the method solve the technical problems of complex operation and reduced efficiency caused by the fact that a system of a plurality of insurance companies cannot be accessed through one user terminal at the same time and a system of a plurality of insurance companies cannot be accessed through the user terminals at the same time in the prior art.

It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present invention is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present invention. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present invention.

From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.

Example 2

Fig. 4 shows an apparatus 400 for multiple persons to access multiple systems simultaneously according to the present embodiment, the apparatus 400 corresponding to the method according to the first aspect of embodiment 1. Referring to fig. 4, the apparatus 400 includes: a first sending module 410, configured to send a first access request for accessing the first security system to the terminal docking server by the user terminal; a second sending module 420, configured to send, by the terminal docking server, a first access request to a first virtual gateway through a first virtual private network, where the first virtual gateway is disposed in a first transit device, where the first transit device is capable of connecting to the internet, and where the first virtual private network is a network that allows multiple persons to access; a third sending module 430, configured to send a first access request to a second virtual gateway by using the first virtual gateway, where the second virtual gateway is disposed at a first user security terminal, where the first user security terminal cannot connect to the internet, and where the first transfer device and the first user security terminal are in the same local area network; a fourth sending module 440, configured to send, by the second virtual gateway, the first access request to the first security system through the second virtual private network; a fifth sending module 450, configured to send, in case of accessing the first insurance system, a second access request for accessing the second insurance system to the terminal docking server by the user terminal; a sixth sending module 460, configured to send, by the terminal docking server, the second access request to a third virtual gateway through a third virtual private network, where the third virtual gateway is disposed in a second transit device, where the second transit device is capable of connecting to the internet, and where the third virtual private network is a network that allows multiple persons to access; a seventh sending module 470, configured to send the second access request to a fourth virtual gateway by using the third virtual gateway, where the fourth virtual gateway is disposed on a second user security terminal, where the second user security terminal cannot connect to the internet, and where the second transfer device and the second user security terminal are in the same local area network; and an eighth transmitting module 480 for transmitting the second access request to the second insurance system through the fourth virtual private network by the fourth virtual gateway.

Optionally, the second sending module 420 includes: the terminal docking server is used for receiving a first access request sent by the user terminal; and the second sending submodule is used for sending the first access request to the first virtual gateway by the terminal docking server according to a preset routing rule.

Optionally, the third sending module 430 includes: the third sending submodule is used for sending the first access request to the first local network card by the first virtual gateway, wherein the first local network card is arranged on the first transfer equipment; and the fourth sending submodule is used for sending the first access request to the second virtual gateway by the first local network card.

Optionally, the fourth transmitting module 440 includes: a fifth sending sub-module, configured to send, by the second virtual gateway, the first access request to the first virtual private network server through the second virtual private network; and a sixth sending sub-module, configured to send the first access request to the first security system by using the first virtual private network server.

Optionally, the sixth transmitting module 460 includes: a seventh sending submodule, configured to receive, by the terminal docking server, a second access request sent by the user terminal; and the eighth sending submodule is used for sending the second access request to the third virtual gateway by the terminal docking server according to a preset routing rule.

Optionally, the seventh sending module 470 includes: the eighth sending submodule is used for sending a second access request to a second local network card by the third virtual gateway, wherein the second local network card is arranged in second transfer equipment; and a ninth sending sub-module, configured to send the second access request to the fourth virtual gateway by using the second local network card.

Optionally, the eighth transmitting module 480 includes: a tenth sending submodule, configured to send a second access request to a second virtual private network server through a fourth virtual private network by using a fourth virtual gateway; and an eleventh transmitting sub-module for transmitting the second access request to the second insurance system by the second virtual private network server.

Example 3

Fig. 5 shows an apparatus 500 for multiple persons to access multiple systems simultaneously according to the first aspect of the present embodiment, the apparatus 500 corresponding to the method according to the first aspect of embodiment 1. Referring to fig. 5, the apparatus 500 includes: a processor 510; and a memory 520 coupled to the processor 510 for providing instructions to the processor 510 for processing the following processing steps: the user terminal sends a first access request for accessing a first security system to a terminal docking server; the terminal docking server sends a first access request to a first virtual gateway through a first virtual private network, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access; the first virtual gateway sends a first access request to a second virtual gateway, wherein the second virtual gateway is arranged at a first user insurance terminal, the first user insurance terminal cannot be connected with the Internet, and the first transfer equipment and the first user insurance terminal are in the same local area network; the second virtual gateway sends the first access request to the first security system through a second virtual private network; under the condition of accessing the first insurance system, the user terminal sends a second access request for accessing the second insurance system to the terminal docking server; the terminal docking server sends a second access request to a third virtual gateway through a third virtual private network, wherein the third virtual gateway is arranged on second transfer equipment, the second transfer equipment can be connected with the Internet, and the third virtual private network is a network allowing multiple persons to access; the third virtual gateway sends a second access request to a fourth virtual gateway, wherein the fourth virtual gateway is arranged at a second user security terminal, the second user security terminal cannot be connected with the Internet, and the second transfer equipment and the second user security terminal are in the same local area network; and the fourth virtual gateway sends the second access request to the second insurance system through the fourth virtual private network.

The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims

1. A method for multiple persons to access multiple systems simultaneously, comprising:

the user terminal sends a first access request for accessing a first security system to a terminal docking server;

the terminal docking server sends the first access request to a first virtual gateway through a first virtual private network, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access;

the first virtual gateway sends the first access request to a second virtual gateway, wherein the second virtual gateway is arranged at a first user insurance terminal, wherein the first user insurance terminal cannot be connected with the Internet, and wherein the first transfer equipment and the first user insurance terminal are in the same local area network;

The second virtual gateway sends the first access request to a first security system through a second virtual private network;

in the case of accessing the first insurance system, the user terminal sends a second access request for accessing a second insurance system to the terminal docking server;

the terminal docking server sends the second access request to a third virtual gateway through a third virtual private network, wherein the third virtual gateway is arranged on second transfer equipment, the second transfer equipment can be connected with the Internet, and the third virtual private network is a network allowing multiple persons to access;

the third virtual gateway sends the second access request to a fourth virtual gateway, wherein the fourth virtual gateway is arranged at a second user insurance terminal, wherein the second user insurance terminal cannot be connected with the Internet, and wherein the second transfer equipment and the second user insurance terminal are in the same local area network; and

the fourth virtual gateway sends the second access request to a second insurance system via a fourth virtual private network.

2. The method of claim 1, wherein the operation of the terminal docking server sending the first access request to the first virtual gateway over the first virtual private network comprises:

The terminal docking server receives the first access request sent by the user terminal; and

and the terminal docking server sends the first access request to the first virtual gateway according to a preset routing rule.

3. The method of claim 1, wherein the operation of the first virtual gateway sending the first access request to the second virtual gateway comprises:

the first virtual gateway sends the first access request to a first local network card, wherein the first local network card is arranged in the first transfer equipment; and

the first local network card sends the first access request to the second virtual gateway.

4. The method of claim 1, wherein the operation of the second virtual gateway sending the first access request to the first security system over the second virtual private network comprises:

the second virtual gateway sends the first access request to a first virtual private network server through the second virtual private network; and

the first virtual private network server sends the first access request to the first security system.

5. The method of claim 1, wherein the operation of the terminal docking server sending the second access request to a third virtual gateway through a third virtual private network comprises:

the terminal docking server receives the second access request sent by the user terminal; and

and the terminal docking server sends the second access request to the third virtual gateway according to a preset routing rule.

6. The method of claim 1, wherein the operation of the third virtual gateway sending the second access request to a fourth virtual gateway comprises:

the third virtual gateway sends the second access request to a second local network card, wherein the second local network card is arranged in the second transfer device; and

and the second local network card sends the second access request to the fourth virtual gateway.

7. The method of claim 1, wherein the operation of the fourth virtual gateway sending the second access request to the second insurance system via the fourth virtual private network comprises:

the fourth virtual gateway sends the second access request to a second virtual private network server through the fourth virtual private network; and

The second virtual private network server sends the second access request to the second insurance system.

8. A storage medium comprising a stored program, wherein the method of any one of claims 1 to 7 is performed by a processor when the program is run.

9. An apparatus for multiple persons to access multiple systems simultaneously, comprising:

the first sending module is used for sending a first access request for accessing the first security system to the terminal docking server by the user terminal;

the second sending module is used for sending the first access request to a first virtual gateway through a first virtual private network by the terminal docking server, wherein the first virtual gateway is arranged on first transfer equipment, the first transfer equipment can be connected with the Internet, and the first virtual private network is a network allowing multiple persons to access;

the third sending module is used for sending the first access request to a second virtual gateway by the first virtual gateway, wherein the second virtual gateway is arranged at a first user insurance terminal, the first user insurance terminal cannot be connected with the internet, and the first transfer equipment and the first user insurance terminal are in the same local area network;

The fourth sending module is used for sending the first access request to the first security system through the second virtual private network by the second virtual gateway;

a fifth sending module, configured to send, when accessing the first insurance system, a second access request for accessing a second insurance system to the terminal docking server by the user terminal;

a sixth sending module, configured to send, by the terminal docking server, the second access request to a third virtual gateway through a third virtual private network, where the third virtual gateway is disposed in a second transit device, where the second transit device is capable of connecting to the internet, and where the third virtual private network is a network that allows access by multiple persons;

a seventh sending module, configured to send the second access request to a fourth virtual gateway by using the third virtual gateway, where the fourth virtual gateway is set in a second user security terminal, where the second user security terminal cannot connect to the internet, and where the second transfer device and the second user security terminal are in the same local area network; and

and the eighth sending module is used for sending the second access request to a second insurance system through a fourth virtual private network by the fourth virtual gateway.

10. An apparatus for multiple persons to access multiple systems simultaneously, comprising:

a processor; and

a memory, coupled to the processor, for providing instructions to the processor to process the following processing steps: