CN1300721C - Method for realizing peer-to-peer network system architecture - Google Patents
Method for realizing peer-to-peer network system architecture Download PDFInfo
- Publication number
- CN1300721C CN1300721C CNB021134928A CN02113492A CN1300721C CN 1300721 C CN1300721 C CN 1300721C CN B021134928 A CNB021134928 A CN B021134928A CN 02113492 A CN02113492 A CN 02113492A CN 1300721 C CN1300721 C CN 1300721C
- Authority
- CN
- China
- Prior art keywords
- entity
- peer
- online
- network
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a method for realizing a peer-to-peer network architecture. The peer-to-peer network of the architecture is arranged on the basis of a TCP/IP protocol, and a logic network without a hierarchical structure comprises abstract peer-to-peer entities; the ranks of the entities are completely equal, and each entity not only serves as a server for providing service for other entities, but also serves as a client for using the service provided by other entities; the concrete realization form of each entity is a specific software instance running on a computer or special information terminal equipment. The method can realize a peer-to-peer network structure of a light load without a central exchange or a central server in both a normal network form and a network with a fire wall or an NAT router, and any entity of the type is authenticated to immediately know whether other relevant entities are online, notify the online entities and notify the other relevant entities of the online information of the entity after being connected to the Internet.
Description
One, technical field
The present invention relates to network and communication technique field, be specifically related to a kind of implementation method of peer-to-peer network architecture.
Two, background technology
(P2P is a kind of being used between the different pc users peer-to-peer) to so-called peer-to-peer network, and without the technology of direct swap data of server or service, it allows Internet user directly to use the other side's resource or directly exchanges.Each on-line customer can be directly connected on other user's computer, and the exchange of the line data of going forward side by side is not browsed on the server again and downloaded and do not need to be connected to.Because eliminated intermediate link, the peer-to-peer network technology makes the communication on the network become quicker, more direct.
The software that can realize the peer-to-peer network technology at present has Napstere and ICQ abroad, domestic have OICQ, an Ezpeer etc., wherein the concrete function mode of Ezpeer is: at first, all usefulness that Ezpeer software has been installed can be landed the server of Ezpeer per family, and server can be grasped the archives material that each computer is stored; When a certain user is connected into Internet, can see all other networking user and shared information thereof that this software is housed, behind the keyword that the input desire is searched, the Ezpeer server can be sought other computer informations that stores this class file, be presented at then in this user's the search result, the user is with can directly passing required data down from other users' computer.The transmission of whole data is only carried out between user's computer, and need not pass through the server of Ezpeer, but the connection between the user is not directly, needs the server that is positioned at the center and coordinates.
Existing related invention is existing, but with the present invention fundamental difference is arranged.As patent of invention " system and method for the secret peer-to-peer communications between the program that is used to download (notification number: 1163433) " is to be used for from same secure domain but operate in the system and method for setting up the peer-to-peer communications contact between the computer program on first and second computing machines, the process of setting up of its reciprocity communication is: first computer program moves on first computing machine, send an information simultaneously to second computing machine, the peer-to-peer communications contact is set up in request.When on second computing machine, receiving this information, second computing machine determines whether that second computer program that satisfies the predetermined condition of setting up the peer-to-peer communications contact operates on second computing machine, if second computing machine sends an answer information of accepting this request to first computing machine.After first computing machine was received this answer information, the peer-to-peer communications contact between first and second computer programs of being asked promptly was established.Above-mentioned peer-to-peer network software and the method P2P server when specific implementation or by telecommunications company is realized in the mode of ASP or is set up the P2P server by enterprise oneself in the IDC of telecommunications company and realize, so they are not complete equity, just alleviated load of server, can not break away from server fully, and can not firewall-penetrating and NAT router, also existence trust and safety problem simultaneously.
Three, summary of the invention
The present invention is directed to above-mentioned the deficiencies in the prior art part, proposed a kind of peer-to-peer network architecture implementation method, the technical solution adopted for the present invention to solve the technical problems is:
Peer-to-peer network in this architecture is based upon on the ICP/IP protocol, by the logical network of forming non-hierarchical structure between the abstract peer-entities, the complete equality in status between the entity, each entity is both as the server that service is provided to other entity, as the client of the service that other entity provides of use, the specific implementation form of entity is the specific software example or the special-purpose information terminal apparatus of operation on computers again.
The step of setting up peer-to-peer network between the entity is as follows: (1) newly is connected to the entity A in the network, by udp port one of them entity B in the online entity list of this entity, sends the online announcement information of this entity A of expression.(2) receive the entity B of this information, return one to the entity A of sending information and reply, acknowledge receipt of this information, send a packet to it simultaneously, its content is all online entity titles of knowing of entity B; (3) entity A adds the list of being received the online entity list of this entity; (4) entity B adds entity A the online entity list of this entity; (5) entity A is chosen the online entity of the next one from online entity list, and repeats above-mentioned four steps, until finishing above-mentioned communication process with all online entities.
Communication steps is as follows between the network entity: when (1) need communicate by letter with entity B when entity A, entity A was sent a communication request to entity B; (2) entity B of receiving this information is returned one to the entity A of sending information and is replied, and acknowledges receipt of this information; (3) entity A and entity B consult to be determined by a side wherein as server, the other end is as client, and its selection principle is: if entity A and entity B be all in same transparent network environment, the centre does not isolate fire wall, then entity B is as server, and entity A is as client; If there is and has only one of them entity to be in after the fire wall, then be not in fire wall entity afterwards as server, be in fire wall entity afterwards as client; If both sides all are in after the fire wall and belong to different fire walls, then ask one not to be in fire wall entity C afterwards as the service broker, entity B is as server, and its service is by entity C agency, and entity A is as client; (4) communicate with server and client computer mode between entity B and entity A.(5) behind the Content of Communication end of transmission, initiated to remove services request by entity A, entity B is replied, and communication process finishes.
Implementation method among the present invention is in normal network form and have the peer network architecture that all can realize the light load of no center switch or central server in the network of fire wall or NAT router, and can make the entity connection online back of any the type can know immediately by authentication whether other related entities is online, and the online entity of notice, inform the information that this entity is online.Thereby can make and carry out information interchange and resource sharing between various networking enterprises and the user safely.
The present invention by authentication, authorize and encrypt three key elements and combine and create the peer-to-peer network architecture of a safety.Authentication relates in a network (as the Internet) peer and authenticates they oneself to other peer; Mandate relates to the process that an entity that authenticated is implemented some behavior or visited the permission of some resource of authorizing.In one was used P2P, a peer may be authenticated to be only to visit the part resource of another peer; Encryption relate to intelligible information be converted into a kind of concerning undelegated individual and system the process of indigestible form, deciphering is the inverse process of this process.Encryption can be protected information flowing between peer in an insecure network (as the Internet); and this combines by the safety certification with each peer; can guarantee that swap data can not eavesdropped in communication; if information be digitally signed or added MAC (message authentication code) therein, both sides can also determine that this information was not modified so.
Four, description of drawings
The invention will be further described below in conjunction with drawings and Examples.
Fig. 1 is a synoptic diagram of setting up peer-to-peer network among the present invention between network entity.
Fig. 2 is based on the end-to-end communication flow figure of proprietary protocol among the present invention.
Fig. 3 is a communication process process flow diagram between the network entity that is among the present invention in the different fire-proof.
Five, embodiment
The step of setting up peer-to-peer network between the entity (peer) is as shown in Figure 1: the entity A that (1) newly is connected in the network is sent the online announcement information of this entity A of expression by udp port one of them entity B in online entity list; (2) entity B of receiving this information is returned one to the entity A of sending information and is replied, and acknowledges receipt of this information and requires entity A certification entity B, sends a packet to it simultaneously, and its content is all online entity titles of knowing of entity B.Entity A and entity B are all used the information of a shared key change secret in the verification process; (3) after entity A authenticates entity B, the list of being received is added the online entity list of entity A and requires entity B certification entity A; (4) after entity B authenticates entity A, entity A is added the online entity list of this entity, and come authorized entity A to visit some resource by the mode of distributing to the entity A privilege; (5) before further communication takes place, the passage that these two peer can consult to encrypt between them connects.Then, entity A is chosen next one line entity again from online entity list, and repeats above-mentioned four steps, is connected until finishing above-mentioned peer-to-peer network with all online entities.
The mechanism based on digital signature is adopted in the checking of content between peer-entities, and its process is: (1) as shown in Figure 1, entity A has been set up being connected of a safety with entity B; (2) after they have set up passage, entity A requires a content to entity B, if entity B has been created this content, it will be its digital signature before transmitting this content, if entity B just is distributed on the content that create in other places, this content was signed so; (3) after entity A is received content, it is attached to digital signature on the content with checking.
(Firewall Special Protocol FSP) can make entity behind the fire wall move without restriction and variously use end to end the proprietary protocol on the TCP/IP of being based upon that is proposed among the present invention.Its core technology is the encapsulation again of TCP/IP packet, introduce end-to-end communication process below: as shown in Figure 2 based on this agreement, at first, the application program that is positioned on the outer entity A of fire wall sends a network requests to the entity B that is positioned at fire wall, through after the network layer, packet is by the FSP software processes of this locality, through encoding and being encapsulated into a HTTP packet, send to the HTTP/TCP/IP passage then, arrive entity B by fire wall via 80 ports.In entity B, packet is delivered above FSP software by the HTTP/TCP/IP passage earlier, through the network protocol stack of this entity of decoding back insertion, arrives the application program of entity B at last, just as not passing through fire wall.In FSP, each TCP/IP bag all occurs with the GET request of HTTP or the form of response GET request message, thereby can not cause compatibility issue by fire wall the time.IP bag becomes HTTP message body through the MIME coding, and the TCP header packet information is encoded in the HTTP header after analyzed.Wherein packet is defined as the bundle of any size of being made up of envelope and text.Envelope is a standard format, it comprises: header, source endpoint information (URI form), destination terminal point information (URI form), eap-message digest (being used for the security purpose), the length of message text is arbitrarily, comprises an optional credential (being used for the security purpose) and content.
Specific embodiments of the invention are the application in the product collaborative exploitation of networking, as shown in Figure 3, the LAN (Local Area Network) of oneself is all set up in enterprise 1 and enterprise 2, and link to each other with the wide area network in the external world by fire wall, the computer A and the computing machine B that realize FSP protocol application software are installed belong to LAN (Local Area Network) 1 and LAN (Local Area Network) 2 respectively.Computer A and the computing machine B method in according to the present invention is set up the architecture of peer-to-peer network: because of both sides all are in after the fire wall and belong to different fire walls, then computer A request one is not in fire wall Net-connected computer C afterwards as the service broker, computing machine B is as server, its service is by computing machine C agency, and computer A is as client.Carry out peer-to-peer communications with server and client computer mode between computing machine B and the computer A.After the communication process of computer A and computing machine B is set up, two parties only needs in the product collaborative design process in the various design documentations preservations of oneself or this machine of the being dragged and dropped into Shared Folders, the other side just can conduct interviews to these files, and two parties can also be carried out real-time online communation simultaneously.Can set up the peer-to-peer network relation by above method between all departments in enterprise 1 and the enterprise 2, the business partner, and directly not share and transmission data, file, information, code or multimedia messages etc. by server.
Claims (1)
1, a kind of peer-to-peer network architecture implementation method, the peer-to-peer network that this method realizes is based upon on the ICP/IP protocol, by the logical network of forming non-hierarchical structure between the abstract peer-entities, the complete equality in the status between the entity; Each entity is both as the server that service is provided to other entity, again as the client of the service that other entity provides of use; The specific implementation form of entity is the specific software example or the special-purpose information terminal apparatus of operation on computers; It is characterized in that:
The step of setting up peer-to-peer network between I, the entity is as follows:
(1) newly is connected to entity A in the network,, sends the online announcement information of this entity A of expression by udp port one of them entity B in the online entity list of this entity;
(2) receive the entity B of this information, return one to the entity A of sending information and reply, acknowledge receipt of this information, send a packet to it simultaneously, its content is all online entity titles of having known of entity B;
(3) entity A adds the list of being received the online entity list of this entity;
(4) entity B adds entity A the online entity list of this entity;
(5) entity A is chosen the online entity of the next one from online entity list, and repeats above-mentioned four steps, until finishing above-mentioned communication process with all online entities;
Communication steps is as follows between II, the network entity:
(1) when entity A need be communicated by letter with entity B, entity A was sent a communication request to entity B;
(2) entity B of receiving this information is returned one to the entity A of sending information and is replied, and acknowledges receipt of this information;
(3) entity A and entity B consult to be determined by a side wherein as server, the other end is as client, and its selection principle is: if entity A and entity B be all in same transparent network environment, the centre does not isolate fire wall, then entity B is as server, and entity A is as client; If there is and has only one of them entity to be in after the fire wall, then be not in fire wall entity afterwards as server, be in fire wall entity afterwards as client; If both sides all are in after the fire wall and belong to different fire walls, then ask one not to be in fire wall entity C afterwards as the service broker, entity B is as server, and its service is by entity C agency, and entity A is as client;
(4) communicate with server and client computer mode between entity B and entity A;
(5) behind the Content of Communication end of transmission, initiated to remove services request by entity A, entity B is replied, and communication process finishes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021134928A CN1300721C (en) | 2002-03-21 | 2002-03-21 | Method for realizing peer-to-peer network system architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021134928A CN1300721C (en) | 2002-03-21 | 2002-03-21 | Method for realizing peer-to-peer network system architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1447256A CN1447256A (en) | 2003-10-08 |
| CN1300721C true CN1300721C (en) | 2007-02-14 |
Family
ID=28048578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021134928A Expired - Fee Related CN1300721C (en) | 2002-03-21 | 2002-03-21 | Method for realizing peer-to-peer network system architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1300721C (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7496955B2 (en) * | 2003-11-24 | 2009-02-24 | Cisco Technology, Inc. | Dual mode firewall |
| US20060004837A1 (en) * | 2004-06-30 | 2006-01-05 | Genovker Victoria V | Advanced switching peer-to-peer protocol |
| DE102004047370A1 (en) * | 2004-09-29 | 2006-03-30 | Siemens Ag | Method for operating an ad hoc communication network and corresponding device |
| CN100401683C (en) * | 2005-07-11 | 2008-07-09 | 华为技术有限公司 | Method for peer-to-peer resources in network for receiving reports between entities in sub system controlled |
| CA2633966C (en) * | 2005-12-15 | 2014-04-15 | Lehman Brothers Inc. | System and method for secure remote desktop access |
| CN101083581B (en) * | 2006-05-30 | 2010-05-26 | 明基电通(上海)有限公司 | Method and apparatus for controlling multicasting in self-organizing peer-to-peer network |
| US8533327B2 (en) * | 2007-04-04 | 2013-09-10 | Zte Corporation | System and method of providing services via a peer-to-peer-based next generation network |
| CN101123610B (en) * | 2007-09-13 | 2011-04-27 | 北京交通大学 | A mixed distributed overlapped network device and its service registration method |
| CN101340457B (en) * | 2008-08-29 | 2011-12-14 | 北京邮电大学 | Peer-to-peer network starting method and system independent of central server |
| CN101534309B (en) | 2009-04-14 | 2013-03-13 | 华为技术有限公司 | A node registration method, a routing update method, a communication system and the relevant equipment |
| CN101834895B (en) * | 2010-04-20 | 2013-03-06 | 南京邮电大学 | Trust data management method in peer-to-peer network |
| CN105693508A (en) * | 2016-03-01 | 2016-06-22 | 苏州艾缇克药物化学有限公司 | Method for synthesizing 4-(4-phenylbutoxy) benzoic acid |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6144992A (en) * | 1997-05-09 | 2000-11-07 | Altiris, Inc. | Method and system for client/server and peer-to-peer disk imaging |
| WO2001046843A2 (en) * | 1999-12-21 | 2001-06-28 | Tivo, Inc. | Intelligent peer-to-peer system and method for collaborative suggestions and propagation of media |
-
2002
- 2002-03-21 CN CNB021134928A patent/CN1300721C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6144992A (en) * | 1997-05-09 | 2000-11-07 | Altiris, Inc. | Method and system for client/server and peer-to-peer disk imaging |
| WO2001046843A2 (en) * | 1999-12-21 | 2001-06-28 | Tivo, Inc. | Intelligent peer-to-peer system and method for collaborative suggestions and propagation of media |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1447256A (en) | 2003-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Security issues and requirements for internet-scale publish-subscribe systems | |
| Acquisti et al. | Digital privacy: theory, technologies, and practices | |
| US7328247B2 (en) | Self-contained instant messaging appliance | |
| Traversat et al. | Project JXTA virtual network | |
| US7610332B2 (en) | Overlay networks | |
| CN1300721C (en) | Method for realizing peer-to-peer network system architecture | |
| JP2011008803A (en) | Electronic commerce community network and intra/inter community secure routing implementation | |
| Farrell et al. | AAA authorization requirements | |
| US6651174B1 (en) | Firewall port switching | |
| CN100596068C (en) | Safety multicast method based on protocol of conversation initialization | |
| Abdulaziz et al. | A decentralized application for secure messaging in a trustless environment | |
| Liao | Design of the secure smart home system based on the blockchain and cloud service | |
| WO2006084331A1 (en) | Communication system | |
| CN109067905B (en) | Method for realizing decentralized network application | |
| US20010044905A1 (en) | System and method for secure data communications | |
| CN111541710B (en) | Authentication and authorization method for data content in network and computer readable storage medium | |
| WO2006118535A2 (en) | Method and device for transferring digital information | |
| Luís Osório et al. | Reliable and secure communications infrastructure for virtual enterprises | |
| JP3472098B2 (en) | Mobile computer device, relay device, and data transfer method | |
| Kavakli et al. | Addressing privacy: matching user requirements with implementation techniques | |
| Nagy | Secure and usable services in opportunistic networks | |
| Barry et al. | Instant messaging: Standards, protocols, applications, and research directions | |
| Sniffen | Trust Economies in the Free Haven Project | |
| Liu et al. | Formal Verification and Security Analysis of AMQP | |
| Pinto et al. | HTTP-DTNSec: An HTTP-Based Security Extension for Delay/Disruption Tolerant Networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070214 Termination date: 20130321 |