TW202241089A - Connection method and computer-readable medium for use in a private communication architecture - Google Patents
Connection method and computer-readable medium for use in a private communication architecture Download PDFInfo
- Publication number
- TW202241089A TW202241089A TW111100303A TW111100303A TW202241089A TW 202241089 A TW202241089 A TW 202241089A TW 111100303 A TW111100303 A TW 111100303A TW 111100303 A TW111100303 A TW 111100303A TW 202241089 A TW202241089 A TW 202241089A
- Authority
- TW
- Taiwan
- Prior art keywords
- private cloud
- server
- client
- callback
- pccbs
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2871—Implementation details of single intermediate entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/288—Distributed intermediate devices, i.e. intermediate devices for interaction with other intermediate devices on the same level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Sub-Exchange Stations And Push- Button Telephones (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
本發明係與網路相關。具體而言,本發明係關於一種私有雲端網路上之運用。The present invention is related to network. Specifically, the present invention relates to the application on a private cloud network.
在網際網路連結的環境中,智慧型裝置用戶端,包含智慧型手機、平板電腦、電子書閱讀器、筆記型電腦、個人電腦以及各式各樣的智慧型器具,是非常普遍且無所不在的。除了網際網路連結外,智慧型裝置用戶端之其中一個價值是可以隨時隨地從一種或多種的伺服器取得服務。這些服務包含語音、視訊內容、直播或已存檔的資訊、應用程式的執行、社群媒體、訊息、電子郵件、儲存媒體、備份、日曆、聯絡人、同步、共享、遠端桌面以及物聯網(Internet of Things;IoT)等。其他服務包含至少二個智慧型裝置用戶端之間的即時私有且安全的視訊、語音、文字以及應用通訊。In an Internet-connected environment, smart device clients, including smartphones, tablets, e-book readers, laptops, PCs, and a wide variety of smart appliances, are ubiquitous and ubiquitous . In addition to the Internet connection, one of the values of the smart device client is the ability to obtain services from one or more servers anytime, anywhere. These services include voice, video content, live or archived information, application execution, social media, messaging, email, storage media, backup, calendar, contacts, synchronization, sharing, remote desktop, and Internet of Things ( Internet of Things; IoT), etc. Other services include real-time private and secure video, voice, text and application communications between at least two smart device clients.
具有不同型態的伺服器,可用以滿足各式各樣智慧型裝置用戶端的需要。一般而言,這些型態的伺服器可分為兩族群:一公用雲端及一私有雲端。公用雲端伺服器,正如其名「公用」,提供免費但有限功能或付費而較精緻的服務,以及與公眾互動。公用雲端伺服器的例子包括資料中心、社群媒體服務以及網路上的儲存內容供應者。另一方面,私有雲端伺服器傾向於滿足私有需求。相較於公用雲端,私有雲端裡的伺服器提供較隱私與個人化的服務。There are different types of servers to meet the needs of various smart device clients. Generally, these types of servers can be divided into two groups: a public cloud and a private cloud. Public cloud servers, just like the name "public", provide free but limited functions or paid and more refined services, and interact with the public. Examples of public cloud servers include data centers, social media services, and content providers on the Internet. On the other hand, private cloud servers tend to cater to private needs. Compared with public clouds, servers in private clouds provide more private and personalized services.
私有雲端伺服器應用的一個例子為一私有雲端儲存伺服器(Private Cloud Storage Server;PCSS)。所述私有雲端儲存伺服器位於一使用者管理的區域網路(Local Area Network;LAN)。它為使用者提供線上及備份儲存在區域網路或廣域網路(Wide Area Network;WAN)。使用者可以使用智慧型裝置用戶端於任何時刻任何地點從私有雲端儲存伺服器存取資訊。所述私有雲端伺服器與相關的智慧型裝置用戶端因此組成一個私有雲端伺服器與用戶端的架構。An example of a private cloud server application is a private cloud storage server (Private Cloud Storage Server; PCSS). The private cloud storage server is located in a user-managed local area network (Local Area Network; LAN). It provides users with online and backup storage in a local area network or wide area network (Wide Area Network; WAN). Users can use the smart device client to access information from the private cloud storage server anytime and anywhere. The private cloud server and the associated smart device client thus constitute a private cloud server and client architecture.
傳統上,存在許多儲存伺服器之解決方案,包括網路附加儲存裝置(Network Attached Storage;NAS)、Windows/Mac/Linux伺服器以及直接附加儲存裝置(Direct Attached Storage;DAS)以滿足私有雲端儲存伺服器的需求。然而,所述領域的智慧型裝置用戶端所遭遇的挑戰為如何避免累贅的安裝以穿透區域網路路由器後端的防火牆,以存取家中或辦公室環境中的私有雲端儲存伺服器。對於這項挑戰,有至少四種解決方案。Traditionally, there are many storage server solutions, including Network Attached Storage (NAS), Windows/Mac/Linux servers, and Direct Attached Storage (DAS) to meet private cloud storage Server needs. However, the challenge encountered by the smart device client in the field is how to avoid cumbersome installation to penetrate the firewall at the back end of the LAN router to access the private cloud storage server in the home or office environment. There are at least four solutions to this challenge.
一種解決方案為安排一個固定的網際網路協定(Internet Protocol;IP)位址以及打開在私有雲端儲存伺服器前端路由器的連接埠,諸如智慧型裝置用戶端可以從區域網路外側探出私有雲端儲存伺服器並進行自我驗證、穿透防火牆及建立一個與私有雲端儲存伺服器間的一安全通訊通道。One solution is to arrange a fixed Internet Protocol (Internet Protocol; IP) address and open a connection port on the front-end router of the private cloud storage server, such as a smart device client that can probe out of the private cloud from the outside of the LAN The storage server performs self-authentication, penetrates the firewall and establishes a secure communication channel with the private cloud storage server.
第二種解決方案適用於未取得固定網際網路協定位址。使用者安裝私有雲端儲存伺服器區域網路的路由器以及打開對應至私有雲端儲存伺服器的連接埠。所述路由器因此可以經由廣域網路上的浮動式網域名稱系統(Dynamic Domain Name System;DDNS)服務被智慧型裝置用戶端探出。所述智慧型裝置用戶端可自我驗證、穿透防火牆及建立一個連結於私有雲端儲存伺服器的安全通訊通道。The second solution is for those who do not have a fixed IP address. The user installs a router of the LAN of the private cloud storage server and opens a connection port corresponding to the private cloud storage server. Therefore, the router can be detected by the smart device client via the Dynamic Domain Name System (DDNS) service on the WAN. The smart device client can self-authenticate, penetrate firewalls and establish a secure communication channel connected to a private cloud storage server.
第三種解決方案仰賴於廣域網路中的另一路由伺服器以導通智慧型裝置用戶端與私有雲端儲存伺服器間的虛擬私有網路(Virtual Private Network;VPN)。所述虛擬私有網路通訊允許所述智慧型裝置用戶端探出私有雲端儲存伺服器的位置、自我驗證、穿透防火牆以及建立一個連結於私有雲端儲存伺服器的一安全通訊通道。The third solution relies on another routing server in the WAN to connect the virtual private network (Virtual Private Network; VPN) between the smart device client and the private cloud storage server. The VPN communication allows the smart device client to discover the location of the private cloud storage server, self-authenticate, penetrate firewalls, and establish a secure communication channel connected to the private cloud storage server.
第四種解決方案仰賴於廣域網路中的另一路由伺服器以導通智慧型裝置用戶端與私有雲端伺服器間的遙控桌面協定(Remote Desktop Protocol;RDP)或虛擬網路計算(Virtual Network Computing;VNC)通訊。所述RDP或VNC通訊允許所述智慧型裝置用戶端探出私有雲端伺服器的位置、自我驗證、穿透防火牆以及建立一個與私有雲端伺服器連結的一安全通訊通道。其他的解決方案為上述解決方案的組合。The fourth solution relies on another routing server in the wide area network to conduct Remote Desktop Protocol (Remote Desktop Protocol; RDP) or Virtual Network Computing (Virtual Network Computing) between the smart device client and the private cloud server; VNC) communication. The RDP or VNC communication allows the smart device client to discover the location of the private cloud server, self-authenticate, penetrate firewalls, and establish a secure communication channel with the private cloud server. Other solutions are combinations of the above solutions.
在第一個方案中,固定的網際網路協定位址是需要的,且所述路由器需要被安裝。固定的網際網路協定位址涉及較多的成本且通常無法適用於家庭以及小型商業環境。因此,所述路由器安裝非常複雜而對大多數消費者而言是不容易上手的。In the first solution, a fixed IP address is required and the router needs to be installed. Fixed IP addresses involve more cost and are usually not suitable for home and small business environments. Therefore, the router installation is very complicated and not easy for most consumers.
在第二個方案中,一種DDNS服務是需要的,且所述路由器需要更複雜的安裝。所述DDNS涉及額外的成本與系統複雜度。因此,所述路由器安裝非常複雜而對大多數消費者而言是不容易上手的。In the second scenario, a DDNS service is required, and the router requires more complicated installation. The DDNS involves additional cost and system complexity. Therefore, the router installation is very complicated and not easy for most consumers.
在第三及第四個方案中,當一個路由器的安裝不是必要時,一個外部的路由伺服器或服務需要被安裝。外部的路由伺服器或服務用以控制及管理智慧型裝置用戶端與伺服器間的登入或驗證。透過公用雲端伺服器或服務,私有雲端變成較不具隱私性及安全性。此外,如果因任何原因伺服器或服務減弱,將危害私有雲端伺服器的通訊或可用性。In the third and fourth scenarios, when the installation of a router is not necessary, an external routing server or service needs to be installed. The external routing server or service is used to control and manage the login or authentication between the smart device client and the server. With public cloud servers or services, private clouds become less private and less secure. In addition, if the server or service is compromised for any reason, it will jeopardize the communication or availability of the private cloud server.
上述方案所需要的技術專門知識可能適用於傳統整體環境,然而並不適用於以消費者導向的智慧型裝置用戶端為中心的佈置。The technical expertise required for the above solutions may be suitable for traditional monolithic environments, but not for consumer-oriented smart device client-centric deployments.
在大多數傳統系統中,一個外部或公用雲端的路由伺服器在存取私有雲端服務的過程中被智慧型裝置用戶端使用。使用外部伺服器為智慧型裝用戶端擁有者帶來許多疑慮。In most conventional systems, a routing server in an external or public cloud is used by the smart device client in the process of accessing private cloud services. Using an external server creates many concerns for smartphone client owners.
第一,信任感一直是一個問題,因為外側或公用雲端的路由伺服器在智慧型智慧用戶端與私有雲端服務間的通訊處置中扮演中間人的角色。它會掌握所有智慧型裝置用戶端與私有雲端服務之使用者的帳戶資訊、密碼以及他們的網際網路協定位址。因路由伺服器可以發覺中間的任何一種通訊使得它變得不安全。First, trust has always been an issue because the routing server in the external or public cloud acts as a middleman in the communication handling between the smart client and the private cloud service. It holds account information, passwords and their IP addresses for all users of smart device clients and private cloud services. This makes it insecure because the routing server can detect any kind of communication in between.
第二,身為一個外部或公用雲端的路由伺服器,其伺服器之所有者的商業模型或許不會總是與智慧型裝置用戶端擁有者一致。如果路由伺服器因為任何商業原因而無法服務,沒有修補方法或替代的選擇方法以恢復服務。路由伺服器潛在地對使用者造成巨大的商業風險,例如通訊中不可少的連結會不費資源得被破壞。Second, as an external or public cloud routing server, the server owner's business model may not always be consistent with the smart device client owner. If the routing server is out of service for any commercial reason, there is no fix or alternative option to restore service. Routing servers potentially pose a huge commercial risk to users, such as links that are essential for communication being destroyed without costing resources.
傳統上,在二個智慧型裝置用戶端之間通訊的情況下,雙方需要登入公用雲端伺服器才能進行即時視訊、語音、文字以及應用通訊。如上所述,由於所述通訊必須通過公用雲端伺服器,故私有性及安全性容易受到危及。Traditionally, in the case of communication between two smart device clients, both parties need to log in to a public cloud server to perform real-time video, voice, text and application communication. As mentioned above, since the communication must pass through a public cloud server, privacy and security are easily compromised.
有鑑於此,亟需一種解決上述問題的系統及方法。本發明滿足這個需求。In view of this, there is an urgent need for a system and method for solving the above problems. The present invention meets this need.
為了解決至少上述的問題,本發明的實施例提供了一種與公用雲端網路一同使用之方法。該方法可包含設定至少一虛擬機器、至少一私有雲端回呼伺服器、用以提供雲端網路服務的該私有雲端回呼伺服器一側的至少一智慧型裝置用戶端、至少一私有雲端路由伺服器以及該私有雲端路由伺服器一側的該至少一智慧型裝置用戶端,該至少一虛擬機器、該至少一私有雲端回呼伺服器、用以提供雲端網路服務的該私有雲端回呼伺服器一側的該至少一智慧型裝置用戶端、該至少一私有雲端路由伺服器以及該私有雲端路由伺服器一側的該至少一智慧型裝置用戶端處於一用戶端伺服器關係中。該虛擬機器及該私有雲端回呼伺服器通常架設於一超大型數據中心,而該私有雲端路由伺服器架設於用戶端的遠端廠區設備。In order to solve at least the above problems, embodiments of the present invention provide a method for use with a public cloud network. The method may include setting at least one virtual machine, at least one private cloud callback server, at least one smart device client on the side of the private cloud callback server for providing cloud network services, and at least one private cloud router The server and the at least one smart device client on the side of the private cloud routing server, the at least one virtual machine, the at least one private cloud callback server, and the private cloud callback for providing cloud network services The at least one smart device client on the server side, the at least one private cloud routing server, and the at least one smart device client on the private cloud routing server side are in a client server relationship. The virtual machine and the private cloud callback server are usually set up in a super-large data center, and the private cloud routing server is set up in the remote factory equipment at the client end.
該私有雲端回呼伺服器作為中間人中繼該私有雲端回呼伺服器一側的該智慧型裝置用戶端及該私有雲端路由伺服器之間的通訊。該私有雲端回呼伺服器可根據該智慧型裝置的要求回呼至該私有雲端路由伺服器。該至少一私有雲端回呼伺服器包含與其相關之一第一訊息盒。該第一訊息盒位於一公用雲端網路上的該私有雲端回呼伺服器內。該智慧型裝置用戶端包含與其相關之一第二訊息盒。該第二訊息盒位於該公用雲端網路上的該私有雲端回呼伺服器內。該至少一私有雲端回呼伺服器位於一公用雲端網路內。與該私有雲端路由伺服器相關的該第三訊息盒位於該公用雲端網路上的該私有雲端回呼伺服器內。該方法還包含於該第一訊息盒與該第二訊息盒之間傳遞一會談訊息,且用一安全之方法於該第二訊息盒與該第三訊息盒之間傳遞一會談訊息。The private cloud callback server acts as an intermediary to relay the communication between the smart device client on the side of the private cloud callback server and the private cloud routing server. The private cloud callback server can call back to the private cloud routing server according to the request of the smart device. The at least one private cloud callback server includes a first message box associated therewith. The first message box is located in the private cloud callback server on a public cloud network. The smart device client includes a second message box associated therewith. The second message box is located in the private cloud callback server on the public cloud network. The at least one private cloud callback server is located in a public cloud network. The third message box related to the private cloud routing server is located in the private cloud callback server on the public cloud network. The method also includes transmitting a session message between the first message box and the second message box, and transmitting a session message between the second message box and the third message box in a secure manner.
該私有雲端路由伺服器、該私有雲端回呼伺服器及至少一智慧型裝置用戶端之間的安全之會談訊息連接機制包含:初始化及預備該私有雲端回呼伺服器,創建一私有雲端回呼伺服器用戶端,查看該私有雲端回呼伺服器用戶端,透過一系統管理者編輯一私有雲端回呼伺服器點對點密碼及一狀態,透過該至少一智慧型裝置用戶端修改該私有雲端回呼伺服器點對點密碼,透過一系統管理者從一私有雲端回呼伺服器區域網路重置該私有雲端回呼伺服器點對點密碼及該狀態,以及透過該至少一智慧型裝置用戶端連接至該私有雲端回呼伺服器。其中該會談訊息被該私有雲端路由伺服器、該私有雲端回呼伺服器及至少一智慧型裝置用戶端驗證。該智慧型裝置用戶端、該私有雲端路由伺服器及該私有雲端回呼伺服器於該會談訊息被驗證後可相互通訊。The secure session message connection mechanism between the private cloud routing server, the private cloud callback server and at least one smart device client includes: initializing and preparing the private cloud callback server, creating a private cloud callback Server client, view the private cloud callback server client, edit a private cloud callback server point-to-point password and a status through a system administrator, modify the private cloud callback through the at least one smart device client Server point-to-point password, reset the private cloud callback server point-to-point password and the status from a private cloud callback server area network by a system administrator, and connect to the private cloud through the at least one smart device client The cloud calls back to the server. The session message is verified by the private cloud routing server, the private cloud callback server and at least one smart device client. The smart device client, the private cloud routing server and the private cloud callback server can communicate with each other after the session message is verified.
根據被驗證的該會談訊息,該至少一智慧型裝置用戶端通過該公用雲端網路安全地存取一私有網路服務。該方法還包含設定該至少另一智慧型裝置用戶端,該至少另一智慧型裝置用戶端與該至少一私有雲端路由伺服器及該至少一私有雲端回呼伺服器處於一用戶端伺服器關係中。該至少二個智慧型裝置用戶端於該會談訊息被驗證後可相互通訊。該至少二個智慧型裝置用戶端可通過公用雲端網路進行私有且安全的通訊。透過在該智慧型裝置用戶端及該私有雲端路由伺服器之間採用該私有雲端回呼伺服器,可以更有效地通過區域網路環境中所有類型的網際網路協定位址轉換(Network Address Translation;NAT)路由器,而不需使用傳統的打洞技術(Hole-punching)。由於5G、6G及Wi-Fi 6網路技術的出現,通過該私有雲端回呼伺服器顯著地增進通訊的性能,以使得通訊的延遲降至最低。為了從世界上的任何地方的一智慧型裝置用戶端存取另一智慧型裝置用戶端或家中的物聯網裝置,本發明具備了易於部署、高度隱私且安全、完全兼容性以及高性能的優點。According to the verified session information, the at least one smart device client securely accesses a private network service through the public cloud network. The method also includes configuring the at least another smart device client in a client server relationship with the at least one private cloud routing server and the at least one private cloud callback server middle. The at least two smart device clients can communicate with each other after the session message is verified. The at least two smart device clients can communicate privately and securely through the public cloud network. By using the private cloud callback server between the smart device client and the private cloud routing server, all types of IP address translation (Network Address Translation) in the local area network environment can be more effectively passed. ; NAT) router without using traditional hole-punching technology (Hole-punching). Due to the emergence of 5G, 6G and Wi-
本發明係與網路相關。具體而言,本發明係關於一種私有雲端網路上之運用。以下的描述用以使本發明所屬技術領域中具有通常知識者知悉且使用本發明,並呈現本發明專利申請案所需之相關內容。本發明所屬技術領域中具有通常知識者可根據以下所述各實施例以及與本發明本質上相同的原理及特徵,輕易理解本發明之其他實施例。因此,本發明並非局限於下述各實施例的實施態樣,而是被授予與本發明本質上相同的原理及特徵一致之最大範圍。The present invention is related to network. Specifically, the present invention relates to the application on a private cloud network. The following descriptions are intended to enable those skilled in the art to understand and use the present invention, and to present relevant content required for a patent application of the present invention. Those skilled in the technical field of the present invention can easily understand other embodiments of the present invention according to the embodiments described below and the principles and features substantially the same as the present invention. Therefore, the present invention is not limited to the implementation aspects of the following embodiments, but is given the widest scope consistent with the essentially same principles and features of the present invention.
在以下的敍述中,「用戶端」可等同「智慧型裝置用戶端」,「路由器」可等同「閘道」、「存取點」或「網際網路協定位址轉換」。In the following description, "client" can be equated with "smart device client", and "router" can be equated with "gateway", "access point" or "IP address translation".
本發明之廣域網路中的智慧型裝置用戶端可從私有雲端儲存伺服器(Private Cloud Storage Server;PCSS)或任何私有雲端伺服器(Private Cloud Server;PCS)中獲得服務,因此本發明之系統及方法解決了使用者於使用環境中所面臨的以下挑戰: 1.於隨時隨地存取私有雲端伺服器。 2.存取位於一防火牆後具有一固定或一浮動網際網路協定(下稱IP)位址之私有雲端伺服器。 3.不需要於廣域網路中基於公用雲端的路由伺服器。 4.不需要於區域網路中設置額外的路由器。 5.驗證私有雲端伺服器。 6.與私有雲端伺服器建立一安全通訊通道。 The smart device client in the wide area network of the present invention can obtain services from the private cloud storage server (Private Cloud Storage Server; PCSS) or any private cloud server (Private Cloud Server; PCS), so the system of the present invention and The method solves the following challenges faced by users in the usage environment: 1. Access the private cloud server anytime, anywhere. 2. Access to a private cloud server with a fixed or a floating Internet Protocol (IP) address behind a firewall. 3. No routing server based on public cloud in WAN. 4. There is no need to set up additional routers in the LAN. 5. Verify the private cloud server. 6. Establish a secure communication channel with the private cloud server.
本發明若能克服及解決上述的挑戰,因本發明具有即插即用的簡單特性,私有雲端伺服器或服務之部署將能呈指數級的成長。即使不使用基於公用雲端的路由伺服器,與本發明領域相關的技術及商業問題亦將獲得排除。因此,用於儲存、遠端桌面以及物聯網的私有雲端伺服器在私有雲端的基礎架構中,將可變得非常實惠且普及。If the present invention can overcome and solve the above-mentioned challenges, the deployment of private cloud servers or services will be able to grow exponentially due to the simple plug-and-play feature of the present invention. Even without the use of public cloud-based routing servers, technical and commercial problems associated with the field of the invention are eliminated. Therefore, private cloud servers for storage, remote desktops, and the Internet of Things will become very affordable and popular in the private cloud infrastructure.
於私有雲端的環境中,若有多個私有雲端伺服器或服務同時並存,則將私有雲端伺服器劃分為私有雲端路由服務(Private Cloud Routing Service;PRS)及私有網路服務(Private Network Service;PNS)二個功能區塊係有利的。透過智慧型裝置用戶端,私有網路服務係在私有網路環境(有線或無線)進行管理及存取。例如:遠端桌面協定(Remote Desktop Protocol;RDP)、VNC軟體(Virtual Network Computing)、Office Tools軟體、媒體播放器以及其他特殊的使用者應用程式。私有網路服務還可作為一儲存伺服器,其中可包含為私有雲端提供的複數個TB的儲存空間。接著,複數個私有雲端路由伺服器(下稱「PCRS」)的私有網路服務功能可整合至一PCRS之中。PCRS通常亦可稱為「私有雲端路由器」。In a private cloud environment, if there are multiple private cloud servers or services coexisting at the same time, the private cloud servers are divided into Private Cloud Routing Service (PRS) and Private Network Service (Private Network Service); PNS) two functional blocks are advantageous. Through the smart device client, the private network service is managed and accessed in the private network environment (wired or wireless). For example: Remote Desktop Protocol (Remote Desktop Protocol; RDP), VNC software (Virtual Network Computing), Office Tools software, media players, and other special user applications. The private network service can also be used as a storage server, which can include multiple terabytes of storage space for the private cloud. Then, the private network service functions of multiple private cloud routing servers (hereinafter referred to as "PCRS") can be integrated into one PCRS. PCRS is also commonly referred to as a "private cloud router".
本發明之廣域網路中的智慧型裝置用戶端可從PCRS管理及存取私有網路服務,因此本發明之系統及方法解決了使用者於使用環境中所面臨的以下挑戰: 1.於隨時隨地存取PCRS。 2.存取位於一防火牆後具有一固定或一浮動IP位址之PCRS。 3. 不需要於廣域網路中基於外部或公用雲端的路由伺服器。 4. 不需要於區域網路中設置額外的路由器。 5.驗證PCRS。 6.與私有網路服務建立一安全通訊通道。 The smart device client in the wide area network of the present invention can manage and access private network services from the PCRS, so the system and method of the present invention solve the following challenges faced by users in the use environment: 1. Access PCRS anytime, anywhere. 2. Access PCRS behind a firewall with a fixed or a floating IP address. 3. No need for external or public cloud-based routing servers in the WAN. 4. There is no need to set up additional routers in the LAN. 5. Verify PCRS. 6. Establish a secure communication channel with the private network service.
若本發明之PCRS能解決上述挑戰,則可將不同製造商及供應商之相異的私有雲端伺服器拆分為更簡單的私有網路服務,並排除私有雲端設定、配置及存取的複雜性之問題。If the PCRS of the present invention can solve the above challenges, the different private cloud servers of different manufacturers and suppliers can be split into simpler private network services, and the complexity of private cloud setting, configuration and access can be eliminated sexual issues.
本發明的系統與方法目的在於不需利用路由伺服器情況下提供一種PCRS、私有網路伺服器與用戶端架構。本發明的系統與方法滿足上述的挑戰,亦即一用戶端可以隨時隨地存取所述私有網路伺服器。所述系統與方法還可存取在一固定式或浮動式IP防火牆後端之該私有網路伺服器,以與該PCRS進行驗證並與該私有網路伺服器直接建立安全通訊通道,而不需要於廣域網路中增加額外的路由設定或公用雲端的路由伺服器。The purpose of the system and method of the present invention is to provide a PCRS, private network server and client architecture without using a routing server. The system and method of the present invention meet the above-mentioned challenges, that is, a client can access the private network server anytime and anywhere. The system and method can also access the private network server at the back end of a fixed or floating IP firewall to authenticate with the PCRS and establish a secure communication channel directly with the private network server without It is necessary to add additional routing settings or public cloud routing servers in the WAN.
如圖1所示,一個雲端網路架構包含一公用雲端100,一公用雲端伺服器113、一公用路由伺服器112、一虛擬私有網路(下稱VPN)路由伺服器114、在廣域網路中之一智慧型裝置用戶端101、一路由器(Router_P)102以及一路由器(Router_S)103。路由器103用以連結區域網路(LAN)105與公用雲端100的網路。路由器102用以連結區域網路(LAN)104與公用雲端100的網路。在區域網路104後端,存在智慧型裝置用戶端106、107以及一私有雲端伺服器108。在區域網路105後端,存在智慧型裝置用戶端109、110以及111。這些智慧型裝置用戶端可以是一個人電腦、筆記型電腦、平板電腦、電子書閱讀器、GPS、智慧型電視、機上盒、MP3播放器或任何可上網的嵌入式裝置。As shown in Figure 1, a cloud network architecture includes a
他們在雲端網路架構中被標示為101、106、107、109、110以及111。上述任何一種智慧型裝置用戶端在本文中皆可任意替換。以下將以具有代表性之智慧型裝置用戶端109進行說明。They are marked as 101, 106, 107, 109, 110 and 111 in the cloud network architecture. Any of the smart device clients mentioned above can be replaced arbitrarily herein. The following will illustrate with a representative
物理上來說,智慧型裝置用戶端101、107或109連結至私有雲端伺服器108存有三種情況。第一,智慧型裝置用戶端107判斷是否目標置於區域網路104之可存取區域,並決定直接連接到私有雲端伺服器108。第二,智慧型裝置用戶端101判斷目標並非置於區域網路104之可存取區域,並決定經由廣域網路連結到公開雲端100。廣域網路可探出路由器102以及區域網路104之位置,然後連結到私有雲端伺服器108。第三,智慧型裝置用戶端109判斷目標並非置於區域網路105之可存取區域,並決定通過區域網路105、路由器103連結至廣域網路中之公開雲端100。Physically speaking, there are three situations in which the
智慧型裝置用戶端109之後探出路由器102、區域網路104之位置並連結至私有雲端伺服器108。上述第一情況與第二情況為上述第三情況之兩個衍生特例。因此,應用的範圍與複雜度更廣泛的第三情況是有益的。The
路由伺服器訊息盒(未繪示)或用戶端訊息盒215可被代管於一電子郵件伺服器、一文字訊息伺服器、一網頁伺服器或任何類型的伺服器其中之一,該等伺服器可代管一伺服器(PCRS 208及私有雲端回呼伺服器(下稱「PCCBS」)216)及一用戶端(智慧型裝置用戶端206、207、209、210、211、201及221)之間資訊交換的一安全訊息。回呼伺服器訊息盒(未繪示)或用戶端訊息盒_S(Client Message Box Message_box_S)215係可存取地,且在一伺服器(PCRS 208及PCCBS 216)及一用戶端(智慧型裝置用戶端206、207、209、210、211、201及221)的安全及私有的控制之下。所述訊息盒的安全性及商業模型在業界獲得了使用者的充分理解及期待。無論出於何種原因,當訊息盒停止時,可立即地替換或重新部署,而不會危害私有雲端架構中的伺服器及用戶端之間的通訊。The routing server message box (not shown) or the
本發明的第一實施例為一雲端網路基礎設施,其描繪於圖2。於本實施方式中,PCRS、PCCBS以及智慧型裝置用戶端之間的安全之連接機制,用於跨公用雲端之私有網路服務的探索及存取。如圖5至圖15所揭露的機制,智慧型裝置用戶端201、211及221分別通過通訊路徑222、224及223,據以定位PCRS 208。另外,PCRS 208及PCCBS 216建造一虛擬區域網路(VLAN)240及一虛擬區域網路2400,其允許被授權的智慧型裝置用戶端201、211及221加入虛擬區域網路240及虛擬區域網路2400以作為會員。智慧型裝置用戶端201通過安裝的程序可作為一主機,以發起一個私有且安全的通訊。智慧型裝置用戶端201或221通過安裝的程序可作為一訪客,以接收該通訊邀請,並加入與智慧型裝置用戶端201的私有且安全之通訊會談。The first embodiment of the present invention is a cloud network infrastructure, which is depicted in FIG. 2 . In this embodiment, the secure connection mechanism between PCRS, PCCBS and smart device client is used for the discovery and access of private network services across public clouds. In the mechanisms disclosed in FIGS. 5 to 15 , the
如圖2所示,當智慧型裝置用戶端201作為一主機欲開始一通訊會談時,安裝於作為主機的智慧型裝置用戶端的程序先通過通訊路徑222,定位並登錄至PCCBS 216。PCCBS 216定位至PCRS 208後,加入虛擬區域網路240。智慧型裝置用戶端作為主機201承諾加入聊天通訊。該程序允許智慧型裝置用戶端創建及代管一通訊會談。該程序廣播該主機會談,以邀請通訊訪客221。接著,該程序為可識別的訪客開始掃描。一旦訪客的身分被驗證,智慧型裝置用戶端201可作為主機與被驗證的訪客(智慧型裝置用戶端)221進行私有且安全之通訊。該私有且安全之通訊包含視訊、語音、文字以及應用通訊。該應用通訊可以是被主機及訪客都識別的一程序、公用程式(下稱Utility)、操作或遠端桌面。As shown in FIG. 2 , when the smart device client 201 as a host wants to start a communication session, the program installed on the smart device client as the host first locates and logs into the
若智慧型裝置用戶端211或221作為一訪客欲加入一通訊會談,安裝於訪客(智慧型裝置用戶端)程序先通過通訊路徑224或223,分別地定位並登錄至PCCBS 216。PCCBS 216定位至PCRS 208後,加入伺服器下的虛擬區域網路240。智慧型裝置用戶端作為用戶端承諾加入聊天通訊。該程序等待一通訊邀請。一旦它接收該通訊邀請,智慧型裝置用戶端211或221作為一訪客可加入一通訊會談。接著,該程序為可識別的訪客開始掃描。該程序識別到主機後,進行主機提示的通訊登入驗證。一旦驗證後,智慧型裝置用戶端可加入該通訊會談。智慧型裝置用戶端211或221作為一訪客與該主機(智慧型裝置用戶端)201進行私有且安全之通訊。該私有且安全之通訊包含視訊、語音、文字以及應用通訊。該應用通訊可以是被主機及訪客都識別的一程序、Utility、操作或遠端桌面。If the
在本發明的另一實施例中,該智慧型裝置用戶端可與任何服務建立一私有且安全之通訊,只要是在實體區域網路250或PCRS及PCCBS下的虛擬區域網路240及虛擬區域網路2400可達到的任何服務。如圖2所示,一旦智慧型裝置用戶端201、211或221定位並登錄至PCCBS 216,其可通過通訊路徑225存取在實體區域網路250、260或PCRS及PCCBS下的虛擬區域網路240及虛擬區域網路2400可達到的私有網路服務228。該私有網路服務包含語音、視訊內容、直播或已存檔的資訊、應用程式的執行、社群媒體、訊息、電子郵件、儲存媒體、備份、日曆、聯絡人、同步視訊、共享、遠端桌面以及物聯網(Internet of Things;IoT)等。In another embodiment of the present invention, the smart device client can establish a private and secure communication with any service, as long as it is in the physical area network 250 or the
在某些實施例中,PCRS、PCCBS以及智慧型裝置用戶端之間的通訊路徑225可包含以下複數組指令:
1.初始化及預備一PCRS(透過來自該PCRS之區域網路的管理員)。
2.初始化及預備一PCCBS(透過來自該PCCBS之廣域網路的管理員)。
3.創建一PCRS用戶端(透過來自區域網路之該PCRS的管理員)。
4.註冊至一PCCBS(透過來自廣域網路的該PCCBS用戶端)。
5.連接至一PCCBS(透過來自廣域網路的該PCCBS伺服器用戶端)。
6.查看一PCCBS用戶端(透過來自該PCCBS之廣域網路的系統管理員)。
7.重置一PCCBS點對點密碼及狀態(透過來自該PCCBS之廣域網路的系統管理員)。
8. 修改一PCCBS點對點密碼及狀態(透過來自廣域網路且通過一VPN的該PCCBS用戶端)。
In some embodiments, the
許多種的實體被引入以作為安全通訊通道225,包含但不限於:系統管理員、管理員裝置、PCRS Utility、PCCBS Utility、PCRS裝置用戶端、PCCBS裝置用戶端、受邀者、受邀者裝置。該些實體之定義如下。Utility係指於該PCRS中運行的公用程式。管理員裝置係指系統管理員用以配置該PCRS的裝置。PCRS裝置用戶端係指受邀者用來與該PCRS通訊的裝置。受邀者係指被邀請的一實體方,其透過管理員存取該PCRS的服務及資源。受邀者裝置係指受邀者用來與該PCRS通訊的一智慧型裝置用戶端。Many kinds of entities are introduced as the
許多的相關術語被引入,包含:存取代碼(Access_Code)、代碼之逾期時間(Code_Expiration)、受邀者位址(Address_Invitee)、PCRS用戶端位址(Address_PCRS_Client)、PCRS用戶端之點對點雜湊密碼(Hash_Password_PCRS_P2P)、PCRS點對點密碼之逾期時間(Password_PCRS_P2P_Expiration)以及PCRS用戶端資料庫之狀態(Status in PCRS Client database)。該些術語之定義如下。Access_Code係指透過管理員由該PCRS經由訊息盒216所發出的一受邀者存取代碼。Code_Expiration係指基於安全性目的之存取代碼的逾期日期/時間。Address_Invitee係指受邀者的訊息盒位址。Address_PCRS_Client係指該PCRS用戶端的訊息盒位址,其可能與受邀者的訊息盒位址不同。Hash_Password_PCRS_P2P係指用以與該PCRS進行點對點通訊的一雜湊密碼,其儲存於該PCRS用戶端資料庫(PCRS Client database)中,且基於安全性的考量,實際的該雜湊密碼從不儲存於該PCRS中。Password_PCRS_P2P_Expiration係指Hash_Password_PCRS_P2P的逾期時間。Status in PCRS Client database係指該PCRS用戶端記錄於該PCRS Client database的服務中、非服務中或已刪除狀態。Many related terms are introduced, including: access code (Access_Code), code expiration time (Code_Expiration), invitee address (Address_Invitee), PCRS client address (Address_PCRS_Client), PCRS client point-to-point hash password ( Hash_Password_PCRS_P2P), the expiration time of the PCRS point-to-point password (Password_PCRS_P2P_Expiration), and the status of the PCRS client database (Status in PCRS Client database). These terms are defined below. Access_Code refers to an invitee access code sent by the PCRS via the
另外,其他與該PCRS用戶端資料庫無關的術語包含:PCRS位址(Address_PCRS)、PCRS密碼(Password_PCRS)、PCRS用戶端密碼(Password_PCRS_Client)以及虛擬區域網路的子網路(Virtual LAN subnet)。該些術語之定義如下。Address_PCRS及Password_PCRS係用於配置該PCRS的訊息盒帳戶,其僅於該PCRS的初始化及預備之期間使用一次,且不會因安全性目的而儲存。Address_PCRS_Client以及Password_PCRS_Client係用於配置該PCRS用戶端的訊息盒帳戶,其僅於在資料庫中創建PCRS用戶端之期間使用一次。雖然Address_PCRS_Client儲存於資料庫中,但基於安全性目的,Password_PCRS_Client從不會儲存。Virtual LAN subnet係指VPN的子網路,其基於安全性目的係可配置及可修改的。In addition, other terms unrelated to the PCRS client database include: PCRS address (Address_PCRS), PCRS password (Password_PCRS), PCRS client password (Password_PCRS_Client), and virtual LAN subnet (Virtual LAN subnet). These terms are defined below. Address_PCRS and Password_PCRS are message box accounts used to configure the PCRS, which are only used once during initialization and preparation of the PCRS, and are not stored for security purposes. Address_PCRS_Client and Password_PCRS_Client are used to configure the message box account of the PCRS client, which are only used once during the creation of the PCRS client in the database. Although Address_PCRS_Client is stored in the database, Password_PCRS_Client is never stored for security purposes. Virtual LAN subnet refers to a VPN subnet, which is configurable and modifiable for security purposes.
如圖2所示,PCRS 208包含一PCRS_Utility 270,其中又包含一PCRS用戶端資料庫(PCRS Client database)271及一路由器伺服器訊息盒Utility 272。PCRS Client database 271包含PCRS用戶端的註冊清單。路由器伺服器訊息盒Utility 272可與回呼伺服器訊息盒通訊(未繪示)。As shown in FIG. 2 , the
管理員裝置273即是一智慧型裝置用戶端207,其包含一PCRS之應用程式Utility(PCRS_App)274,其中又包含一PCRS伺服器資料庫(PCRS Server database)275及一用戶端訊息盒Utility 276。PCRS Server database 275包含PCRS的註冊清單。用戶端訊息盒Utility 276可與用戶端訊息盒215通訊。The
PCCBS裝置用戶端201即是一智慧型裝置用戶端,其包含一PCCBS之應用程式Utility(PCCBS_App)278,其中又包含一PCCBS伺服器資料庫(PCCBS Server database)279及一用戶端訊息盒Utility(Client Message Box utility)280。PCCBS Server database 279包含PCCBS的註冊清單。訊息盒Utility(Message Box utility)280可與用戶端訊息盒215通訊。The PCCBS device client 201 is a smart device client, which includes a PCCBS application program Utility (PCCBS_App) 278, which also includes a PCCBS server database (PCCBS Server database) 279 and a client message box Utility ( Client Message Box utility) 280.
受邀者裝置(Invitee Device)281即是一智慧型裝置用戶端221,其包含一用戶端訊息盒公用程式(Client Message Box utility)282。用戶端訊息盒公用程式282可與用戶端訊息盒215通訊。如圖5所示,系統管理員從管理員裝置207使用PCRS_App 274來初始化及預備PCRS 208。管理員裝置207與PCRS 208皆位於實體區域網路204上,以基於安全性目的進行配置,避免於網際網路或廣域網路上遭受駭客攻擊。首先,系統管理員透過設定其帳戶名稱及密碼,用以配置PCRS訊息盒的身分驗證。之後,PCRS訊息盒的身分驗證被傳送至PCRS 208中的PCRS Utility 270。The invitee device (Invitee Device) 281 is a
PCCBS 216包含一PCCBS Utility 2700,其中又包含PCCBS用戶端資料庫(PCCBS Client database)2710及一路由伺服器訊息盒Utility(Routing Server Message Box utility)2720。PCCBS Client database 2710包含PCCBS用戶端的註冊清單。訊息盒Utility 2720可與回呼伺服器訊息盒(未繪示)通訊。如圖6所示,系統管理員277還使用PPCBS_App 278來創建一PCCBS用戶端帳戶。系統管理員277即是一PCCBS裝置用戶端201,其在PCCBS_Device_App(標示為605)中設置受邀者通知位址。接著,要求PCCBS通過回呼伺服器訊息盒Utility 2720,傳送連接邀請至回呼伺服器訊息盒(未繪示),通過用戶端訊息盒215,最後傳送至受邀者裝置281,受邀者裝置281即是用戶端訊息盒Utility 282。需注意,回呼伺服器訊息盒及用戶端訊息盒215皆被代管於訊息盒伺服器之內。舉例而言:電子郵件伺服器、網頁伺服器及訊息伺服器。另外,於邏輯上,回呼伺服器訊息盒及用戶端訊息盒215可以相同或不同。在受邀者收到邀請(標示為620)之後,其會從PPCBS_App link(標示為621)中擷取PCCBS_Device_App,並安裝PPCBS_App於預期的PCCBS裝置用戶端201上。在與PCCBS裝置用戶端201相同的實體裝置上,受邀者裝置281不是必需的。系統管理員必須知道受邀者的訊息盒位址(標示為605)才能發出邀請。The
如圖7所示,於預期的PCCBS裝置用戶端201上,受邀者啟動PCCBS_Device_App(標示為700)且註冊至PCCBS(標示為701)。此時受邀者的角色修改為PCCBS裝置用戶端201上的PCCBS用戶端。之後,PCCBS用戶端透過設置帳戶名稱及密碼,用以配置其用戶端訊息盒的身分驗證,並將該身分驗證註冊至用戶端訊息盒215。接著,從受邀者裝置281擷取先前接收的Address_PCCBS及Access_Code,並將其與用戶端訊息帳戶Address_PCCBS_Client經由740傳送至PCCBS(標示為710)。透過PCCBS 216內的PCCBS Utility 2700驗證之後,產生包含Password_PCCBS_P2P的一組點對點連接身分驗證714。實際的密碼通過用戶端訊息盒215傳送至受邀者裝置281。該雜湊密碼與其他用戶端的身分驗證儲存於PCCBS用戶端資料庫(PCCBS Client database)中。基於安全性原因,實際的用戶端點對點密碼從不儲存於PCCBS 216中。然而,該雜湊值被儲存以用於在身分驗證716中進行比較。一旦PCCBS裝置用戶端201從PCCBS 216接收到其對註冊707的確認,即會在PCCBS_Device_App 278中的PCCBS伺服器資料庫(PCCBS server database)279記錄PCCBS的Address_PCCBS。As shown in FIG. 7 , on the intended PCCBS device client 201 , the invitee launches the PCCBS_Device_App (denoted as 700 ) and registers to the PCCBS (denoted as 701 ). At this time, the role of the invitee is changed to be the PCCBS client on the PCCBS device client 201 . Afterwards, the PCCBS client configures the identity verification of its client message box by setting the account name and password, and registers the identity verification to the
如圖6、9及10所示,PCCBS_Device_App為管理員裝置提供了以下四個指令:初始化及預備(Initialize and Provision)、創建一用戶端(Create a Client)、查看PCCBS用戶端(View PCCBS Client)以及重置PCCBS點對點密碼/編輯屬性(Reset PCCBS P2P Password/Edit Attributes)。每當管理員操作時,基於安全性原因,只允許從PCCBS虛擬區域網路(實體或虛擬)存取該PCCBS。由於對於存取的限制,僅在PCCBS虛擬區域網路上進行該PCCBS的設置及配置,以避免網路流量的監聽及駭客攻擊。As shown in Figures 6, 9 and 10, PCCBS_Device_App provides the following four instructions for the administrator device: Initialize and Provision, Create a Client, View PCCBS Client And reset PCCBS P2P Password/Edit Attributes (Reset PCCBS P2P Password/Edit Attributes). Whenever an administrator operates, access to the PCCBS is only allowed from the PCCBS virtual area network (physical or virtual) for security reasons. Due to restrictions on access, the setting and configuration of the PCCBS are only performed on the PCCBS virtual area network to avoid network traffic monitoring and hacker attacks.
如圖7、8及11所示,PCCBS_Device_App為PCCBS用戶端提供了以下三個指令:「註冊至PCCBS(Register to a PCCBS)」、「修改點對點密碼(Change P2P Password)」以及「連接至PCCBS(Connect to PCCBS)」。如圖7所示,關於「註冊是一PCCBS(Register to a PCCBS)」指令,PCCBS用戶端可運行PCCBS_Device_App,並從廣域網路或PCCBS虛擬網路連接至PCCBS Utility,係因為PCCBS用戶端與用於Register to a PCCBS的PCCBS Utility之間的通訊交換,是通過用戶端訊息盒215及回呼伺服器訊息盒(未繪示)。如圖11所示,關於「修改點對點密碼(Change P2P Password)」指令,基於安全性原因,於廣域網路安全地連接VPN之後,PCCBS裝置用戶端必須在PCCBS虛擬網路上運行PCCBS_Device_App,因為點對點密碼僅能於PCCBS虛擬網路上重置。PCCBS裝置用戶端連接至PCCBS虛擬網路的唯一方法,即是通過一安全地VPN進行連接。如圖8所示,關於「連接至私有雲端回呼伺服器(Connect to PCCBS)」指令,PCCBS裝置用戶端尚未從廣域網路或PCCBS虛擬網路連接至該PCCBS。PCCBS裝置用戶端及該PCCBS之間安全且私有的連接,係該指令於運行PCCBS_Device_App時的條件。PCCBS 216作為一中間人中繼智慧型裝置用戶端201、211、221以及該PCRS 218之間的通訊。它將根據該智慧型裝置用戶端的要求回呼PCRS。As shown in Figures 7, 8 and 11, PCCBS_Device_App provides the following three commands for the PCCBS client: "Register to a PCCBS (Register to a PCCBS)", "Change P2P Password" and "Connect to PCCBS ( Connect to PCCBS)". As shown in Figure 7, regarding the "Register to a PCCBS (Register to a PCCBS)" command, the PCCBS client can run the PCCBS_Device_App and connect to the PCCBS Utility from the WAN or the PCCBS virtual network, because the PCCBS client is used for The communication exchange between the PCCBS Utility of Register to a PCCBS is through the
圖3例示了本發明的第二實施例。類似於圖2所揭露的方法,亦即PCRS 208連接至區域網路的路由器(Router_P)202,其中PCRS 308連接至區域網路的路由器(Router_P)302。PCRS 308還可連接至下行的實體虛擬網路360。一私有網路服務336及一智慧型裝置用戶端335於下行連接。私有網路服務336可通過通訊路徑326存取,且可通過區域網路334連接至PCRS 308。只要通過PCCBS316,虛擬區域網路網路340、實體區域網路350、360皆可被智慧型裝置用戶端311、309、301、321、306及335跨雲端探索及存取,且PCRS 308、私有網路服務328、336及智慧型裝置用戶端306、335皆變為可存取的。Fig. 3 illustrates a second embodiment of the present invention. Similar to the method disclosed in FIG. 2 , the
圖3例示了本發明的第三實施例。PCRS 408連接至雲端且具有一公用IP(public_IP_P)417。PCRS 408還連接至下行的實體區域網路460。一私有網路服務436及一智慧型裝置用戶端435於下行連接。私有網路服務436可通過通訊路徑426存取,且可通過區域網路434連接至PCRS 408。只要通過PCCBS416,虛擬區域網路網路440、實體區域網路450、460皆可被智慧型裝置用戶端411、410、409、401、421及435跨雲端探索及存取,且PCRS 408、私有網路服務436及智慧型裝置用戶端435皆變為可存取的。Fig. 3 illustrates a third embodiment of the present invention.
圖5例示了根據本發明之透過PCRS管理員初始化及預備該PCRS的通訊之流程圖。如圖5所示,從PCRS管理員裝置(PCRS Admin Device)的角度觀之,於步驟500,將PCRS管理員裝置連接至區域網路上的PCRS網路。於步驟501,於PCRS區域網路開啟PCRS_Device_App。於步驟502,檢測並選擇區域網路上的PCRS Address_PCRS。於步驟503,選擇PCRS_Device_App上的「初始化及預備(Initialize and Provision)」指令。於步驟504,透過設定位址(Address_PCRS)、密碼(Password_PCRS)以作為PCRS的身分。於步驟505,使用管理員的身分驗證(Initialize及Provision、Admin_name、Admin_password、Address_PCRS、Password_PCRS)登錄PCRS。於步驟540,該身分驗證被傳送至PCRS Utility(標示為510)。於步驟506,該管理員等待PCRS驗證。於步驟507,配置虛擬區域網路的子網路及PCRS App link。於步驟542,發送PCRS Utility(標示為514)。於步驟508,若需要的話,將PCRS作為一用戶端,以加入現有的存取點路由器。於步驟543,將此資訊傳送至PCRS Utility(標示為516)。FIG. 5 illustrates a flowchart of communication by a PCRS administrator to initialize and prepare the PCRS according to the present invention. As shown in FIG. 5 , from the perspective of a PCRS administrator device (PCRS Admin Device), in
於步驟510,從PCRS Utility的角度觀之,接受PCRS管理員(PCRS Admin)的身分驗證(Initialize及Provision、Admin_name、Admin_password、Address_PCRS、Password_PCRS)。於步驟511,驗證管理員的身分驗證(Admin_name、Admin_password)。於步驟541,將身分驗證(Address_PCRS、Password_PCRS)傳送至管理員裝置(標示為506)。於步驟512,該身分驗證(Address_PCRS、Password_PCRS)被儲存為PCRS的身分。於步驟513,將該身分驗證(Address_PCRS、Password_PCRS)註冊至路由器伺服器訊息盒。於步驟514,儲存虛擬區域網路的子網路及PCRS App link。於步驟515,產生且保存PCRS_Profile檔案,其包含介面協定、證書及鑰匙。於步驟516,若需要的話,作為一用戶端加入現有的存取點路由器。In step 510, from the perspective of PCRS Utility, the identity verification (Initialize and Provision, Admin_name, Admin_password, Address_PCRS, Password_PCRS) of the PCRS administrator (PCRS Admin) is accepted. In
圖6例示了根據本發明之透過PCRS管理員(PCCBS Admin),為PCCBS創建一用戶端的通訊之流程圖。從PCRS管理員裝置201(PCCBS Admin Device 201)的角度觀之,首先,於步驟600,於廣域網路開啟PCCBS_Device_App。於步驟601,檢測並選擇位於Address_PCCBS的PCCBS 216。於步驟602,選擇PCCBS_Device_App上的「創建一用戶端(Create a Client)」指令。於步驟603,設定受邀者通知位址Address_Invitee。於步驟604,使用管理員的身分驗證(Create a Client、Admin_name、Admin_password、Address_Invitee)登錄PCCBS 216。於步驟640,該身分驗證被發送至PCCBS_Device Utility。於步驟605,系統管理員277等待PCCBS驗證。FIG. 6 illustrates a flow chart of creating a client communication for PCCBS through a PCRS administrator (PCCBS Admin) according to the present invention. From the perspective of the PCRS administrator device 201 (PCCBS Admin Device 201 ), firstly, at
於步驟610,從PCCBS裝置Utility的角度觀之,首先接受PCCBS管理員(PCCBS Admin)的身分驗證(Create a Client、Admin_name、Admin_password、Address_Invitee)。於步驟611,驗證管理員的身分驗證(Admin_name、Admin_password)。於步驟641,將該身分驗證傳送至管理員裝置。於步驟612,產生Access_Code,並產生其Code_Expiration。於步驟613,將Access_Code、Code_Expiration、Address_Invitee儲存至PCCBS裝置用戶端資料庫(PCCBS_Device Client database)的項目(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration、Status)中。於步驟614,傳送一邀請至受邀者通知位址Address_Invitee,其包含PCCBS_Device應用鏈接、Address_PCCBS_Device、Access_Code及Code_Expiration。於步驟642,傳送至受邀者(標示為620)。In
從受邀者裝置(Invitee Device)的角度觀之,於步驟620,接受對於Address_Invitee、PCCBS_Device app link、Address_PCCBS_Device、Access_Code及Code_Expiration的邀請。於步驟621,從PCCBS_Device app link擷取PCCBS_Device_App。於步驟622,安裝PCCBS_Device_App於PCCBS裝置用戶端201、209、210或211上。From the perspective of the invitee device (Invitee Device), at step 620, the invitation for Address_Invitee, PCCBS_Device app link, Address_PCCBS_Device, Access_Code and Code_Expiration is accepted. In
圖7例示了根據本發明之PCCBS裝置用戶端(PCCBS Device Client)註冊至PCCBS的通訊之流程圖。從PCCBS裝置用戶端的角度觀之,於步驟700,於廣域網路或PCRS區域網路開啟PCCBS_Device_App。於步驟701,若有必要,先創建PCCBS裝置用戶端位址(Address_PCCBS_Device_Client)(未繪示),再選擇PCCBS_Device_App上的「註冊一PCCBS(Register a Private Cloud Call-Back Server)」指令。於步驟702,若尚未配置PCCBS裝置用戶端,則設定Address_PCCBS_Device_Client及Password_PCCBS_Device_Client。另外,於步驟702,Password_PCCBS_Device_P2P係與用於點對點通訊的Address_PCCBS_Device_Client之用戶端的訊息盒(未繪示)位址相關的訊息盒密碼,且Address_PCCBS_Device_Client及Password_PCCBS_Device_Client註冊至用戶端訊息盒。於步驟703,從受邀者擷取Address_PCCBS_Device及Access_Code。該資訊最初係由受邀者裝置(標示為620)所接收。FIG. 7 illustrates a communication flow chart of a PCCBS device client (PCCBS Device Client) registering to PCCBS according to the present invention. From the point of view of the PCCBS device client, in
接著,於步驟704,通過用戶端訊息盒傳送Address_PCCBS_Device、Access_Code及用戶端身分驗證(Register a Private Cloud Call-Back Server、Address_PCCBS_Device、Address_PCCBS_Device_Client、Access_Code)至PCCBS。於步驟740,將Address_PCCBS_Device及Access_Code傳送至PCCBS裝置(標示為710)。於步驟705,PCCBS裝置用戶端通過用戶端訊息盒等待PCCBS驗證。於步驟706,PCCBS裝置用戶端通過用戶端訊息盒等待PCCBS註冊完成之確認。於步驟707,若此為新項目,則於PCCBS_Device_App上註冊PCCBS裝置伺服器資料庫(PCCBS_Device Server database)中的Address_PCCBS_Device項目。Next, in
於步驟710,從PCCBS_Device Utility的角度觀之,接受PCCBS裝置用戶端的身分驗證(Register a Private Cloud Call-Back Server、Address_PCCBS_Device、Address_PCCBS_Device_Client及Access_Code)。於步驟711,進行驗證以檢查Address_PCCBS_Device_Client是否於PCCBS裝置用戶端資料庫(PCCBS_Device Client database)中。若是,則受邀者指定的PCCBS裝置用戶端位址(Address_PCCBS_Device_Client)及PCCBS裝置位址(Address_PCCBS_Device)被確認(標示為719),然後返回。若否,Access_Code被驗證(標示為712);於步驟713,Access_Code上的Code_Expiration於PCCBS_Device Client database中被驗證。於步驟741,Access_Code上的Code_Expiration被傳送至PCCBS裝置用戶端(標示為705)。於步驟714,產生Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status與相關的Access_Code、Code_Expiration、Address_Invitee及Address_PCCBS_Device_Client。於步驟715,Password_PCCBS_Device_P2P的雜湊值保存為Hash_Password_PCCBS_Device_P2P。於步驟716,將Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status儲存至PCCBS_Device Client database的項目(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)中。於步驟717,將Password_PCCBS_Device_P2P傳送至受邀者通知位址Address_Invitee。於步驟743,將Password_PCCBS_Device_P2P傳送至受邀者(標示為720);於步驟718,清除Password_PCCBS_Device_P2P。於步驟719,受邀者指定的PCCBS裝置用戶端位址(Address_PCCBS_Device_Client)及PCCBS裝置位址(Address_PCCBS_Device)被確認。於步驟744,將受邀者指定的PCCBS裝置用戶端位址傳送至PCCBS裝置用戶端(標示為706);於步驟720,從受邀者裝置的角度觀之,接受Password_PCCBS_Device_P2P,並保存以備將來使用。In
圖8例示了根據本發明之PCCBS裝置用戶端連接至PCCBS的通訊之流程圖。從PCCBS裝置用戶端的角度觀之,於步驟800,於廣域網路開啟PCCBS_VPN_App。於步驟801,從已註冊的PCCBS VPN資料庫(PCCBS_VPN database)選擇一Address_PCCBS_VPN。於步驟802,於PCCBS_VPN_App上選擇「連接至PCCBS_VPN(Connect to PCCBS_VPN)」指令。於步驟803,將點對點連接要求傳送至Address_PCCBS_VPN。於步驟840,將該點對點連接要求傳送至PCCBS_VPN Utility(標示為810)。於步驟804,點對點協商啟動使用Address_PCCBS_VPN_Client與位於Address_PCCBS_VPN的PCCBS_VPN通訊。於步驟841,PCCBS裝置用戶端與PCCBS_VPN Utility(標示為811)通訊。於步驟805,接受PCCBS_VPN_Profile檔案以在Address_PCCBS_VPN啟動與PCCBS_VPN的智慧型VPN連接。於步驟806,建立PCCBS_VPN及裝置用戶端之間的點對點連接。於步驟843,PCCBS裝置用戶端與PCCBS_VPN Utility(標示為813)通訊。於步驟807,使用用戶端的身分驗證(Connect to PCCBS_VPN、Address_PCCBS_VPN、Address_PCCBS_VPN_Client及Password_PCCBS_VPN_P2P)登錄PCCBS_VPN。於步驟844,該用戶端的身分驗證被發送至PCCBS_VPN Utility(標示為814)。於步驟808,PCCBS裝置用戶端等待驗證。於步驟809,啟動安全的點對點通訊。於步驟846,PCCBS裝置用戶端與PCCBS_VPN Utility(標示為817)通訊。於步驟820,PCCBS裝置用戶端安全地連接至位於PCCBS_VPN的虛擬私有區域網路。FIG. 8 illustrates a communication flow chart of a PCCBS device UE connecting to a PCCBS according to the present invention. From the point of view of the PCCBS device client, at
從PCCBS_VPN Utility的角度觀之,於步驟810,接受來自Address_PCCBS_VPN_Client的點對點連接要求。於步驟811,點對點協商開始使用Address_PCCBS_VPN與位於Address_PCCBS_VPN_Client的PCCBS_VPN Client通訊。於步驟841,PCCBS_VPN Utility與PCCBS裝置用戶端(標示為804)通訊。於步驟812,將PCCBS_VPN_Profile檔案傳送至Address_PCCBS_VPN_Client以啟動智慧型VPN連接。於步驟842,將PCCBS_VPN_Profile檔案傳送至PCCBS裝置用戶端(標示為805)。於步驟813,建立PCCBS_VPN及裝置用戶端之間的點對點連接。於步驟843,PCCBS_VPN Utility與PCCBS裝置用戶端(標示為806)通訊。於步驟814,接受PCCBS_VPN用戶端的身分驗證(Connect to PCCBS_VPN、Address_PCCBS_VPN、Address_PCCBS_VPN_Client及Password_PCCBS_VPN_P2P)。於步驟815,檢索基於PCCBS VPN用戶端資料庫(PCCBS_VPN Client database)的Address_PCCBS_VPN_Client的項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_VPN_Client、Hash_Password_PCCBS_VPN_P2P、Password_PCCBS_VPN_P2P_Expiration及Status)。於步驟816,透過檢查該雜湊值是否與基於PCCBS_VPN Client database的Address_PCCBS_VPN_Client的Hash_Password_PCCBS_VPN_P2P項目相匹配,以驗證現有的點對點(P2P)密碼。於步驟845,將現有的點對點(P2P)密碼傳送至PCCBS裝置用戶端(標示為808)。於步驟817,啟動安全的點對點通訊。於步驟846,PCCBS_VPN Utility與PCCBS裝置用戶端(標示為809)通訊。於步驟818,PCCBS_VPN Utility回呼至PCRS並啟動與PCRS的點對點通訊。於步驟847,PCCBS裝置用戶端安全地連接至PCRS上的虛擬私有區域網路(標示為820)。於步驟819,PCCBS_VPN Utility於PCRS裝置用戶端及PCCBS裝置用戶端或另一PCCBS裝置用戶端之間建立點對點通訊通道。於步驟848,PCCBS裝置用戶端開始連接至PCRS裝置用戶端或另一PCCBS裝置用戶端(標示為821)。From the perspective of PCCBS_VPN Utility, at
圖9例示了根據本發明之PCCBS管理員查看PCCBS之用戶端的通訊之流程圖。從管理員裝置的角度觀之,於步驟900,於廣域網路開啟PCCBS_Device_App。於步驟901,從已註冊的PCCBS裝置資料庫(PCCBS_Device database)選擇一Address_PCCBS_Device。於步驟902,於PCCBS_Device_App上選擇「查看私有雲端回呼伺服器裝置用戶端(View PCCBS_Device Client)」指令。於步驟903,選擇PCCBS裝置用戶端資料庫(PCCBS_Device Client database)的一查看項目作為一查閱索引。於步驟904,使用管理員的身分驗證(View PCCBS_Device Client、Admin_name、Admin_password及View entry)登錄PCCBS。於步驟940,將該身分驗證傳送至PCCBS_Device Utility(標示為910)。於步驟905,管理員裝置等待PCCBS驗證。於步驟906,基於該查閱索引顯示PCCBS_Device Client database的項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)。FIG. 9 illustrates a flow chart of the PCCBS administrator checking the communication of the PCCBS client according to the present invention. From the point of view of the administrator device, at
於步驟910,從PCCBS_Device Utility的角度觀之,接受PCCBS_Device用戶端的身分驗證(View PCCBS_Device Client、Admin_name、Admin_password及View entry)。於步驟911,驗證該管理員的身分驗證(Admin_name、Admin_password)。於步驟941,將該管理員的身分驗證傳送至管理員裝置(標示為905)。於步驟912,將該查看項目作為該查閱索引,以基於該查閱索引從PCCBS_Device Client database的項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)作出回覆。於步驟942,將該回覆傳送至管理員裝置(標示為906)。In
圖10例示了根據本發明之PCCBS管理員對於PCCBS裝置用戶端重設定點對點密碼及編輯屬性的通訊之流程圖。從管理員裝置的角度觀之,於步驟1000,於廣域網路開啟PCCBS_Device_App。於步驟1001,從已註冊的PCCBS裝置資料庫(PCCBS_Device database)選擇一Address_PCCBS_Device。於步驟1002,於PCCBS_Device_App選擇「重置點對點密碼(Reset P2P Password)」或「編輯屬性(Edit Attributes)」指令。於步驟1003,輸入受邀人通知位址Address_Invitee作為查閱索引。於步驟1004,使用管理員的身分驗證(Reset P2P Password/Edit Attributes、Admin_name、Admin_password及Address_Invitee)登錄PCCBS。於步驟1040,將該管理員的身分驗證傳送至PCCBS_Device Utility(標示為1010)。於步驟1005,該管理員裝置等待PCCBS裝置驗證。於步驟1006,基於PCCBS裝置用戶端資料庫(PCCBS_Device Client database)的Address_Invitee顯示項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)。於步驟1007,若選擇「重置點對點密碼」指令,則管理員裝置等待完成。於步驟1008,若選擇「編輯屬性」指令,則根據需要來編輯屬性。其中,該屬性包含PCCBS裝置用戶端的狀態(Active、Inactive、Deleted)、虛擬區域網路的子網路及PPCBS_App link,但不限於此。於步驟1044,將該屬性傳送至PCCBS_Device Utility(標示為1017)。FIG. 10 illustrates a flow chart of the PCCBS administrator's communication for resetting the P2P password and editing the attributes for the PCCBS device client according to the present invention. From the perspective of the administrator device, at
從PCCBS_Device Utility的角度觀之,於步驟1010,接受PCCBS管理員的身分驗證(P2P Password/編輯屬性、Admin_name、Admin_password及Address_Invitee)。於步驟1011,驗證該管理員的身分驗證(Admin_name、Admin_password)。於步驟1041,將PCCBS管理員的身分驗證傳送至管理員裝置(標示為1005)。於步驟1012,將Address_Invitee作為該查閱索引,以基於PCCBS_Device Client database內的Address_Invite之項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)作出回覆。於步驟1042,將該回覆傳送至PCCBS_Device Utility(標示為1006)。於步驟1013,若選擇「重置點對點密碼」指令。於步驟1014,產生一新的Password_PCCBS_Device_P2P,並保存位於Hash_Password_PCCBS_Device_P2P的Password_PCCBS_Device_P2P的雜湊值。於步驟1043,將該新的Password_PCCBS_Device_P2P傳送至管理員裝置(標示為1007)。於步驟1015,將Access_Code、Password_PCCBS_Device_P2P傳送至受邀者通知位址Address_Invitee,並清除Password_PCCBS_Device_P2P。於步驟1045,將Access_Code, Password_PCCBS_Device_P2P傳送至受邀者(標示為1020)。於步驟1016,若選擇「編輯屬性」指令。於步驟1017,接受該編輯屬性且儲存於PCCBS裝置(PCCBS_Device)。From the perspective of PCCBS_Device Utility, in
從受邀者裝置的角度觀之,於步驟1020,受邀人通知位址Address_Invitee接受Access_Code及Password_PCCBS_Device_P2P。From the perspective of the invitee's device, in
圖11例示了根據本發明之PCCBS裝置用戶端(PCCBS Device Client)修改PCCBS裝置用戶端的點對點密碼的通訊之流程圖。從PCCBS裝置用戶端的角度觀之,於步驟1100,從廣域網路建立安全的VPN連接後,於廣域網路開啟PCCBS_Device_App。於步驟1101,從已註冊的PCCBS裝置資料庫(PCCBS_Device database)選擇一Address_PCCBS_Device。於步驟1102,於PCCBS_Device_App選擇「修改點對點密碼(Change P2P Password)」指令。於步驟1103,使用用戶端的身分驗證(Change P2P Password、Address_PCCBS_Device、Address_PCCBS_Device_Client及Password_PCCBS_Device_P2P)登錄PCCBS。於步驟1140,將該用戶端的身分驗證傳送至PCCBS_Device Utility(標示為1110)。於步驟1104,PCCBS裝置用戶端等待PCCBS裝置驗證。於步驟1105,輸入新的點對點密碼以及重新輸入直到它們匹配。於步驟1142,將新的密碼傳送至PCCBS_Device Utility(標示為1113)。FIG. 11 illustrates a flow chart of the PCCBS Device Client modifying the point-to-point password of the PCCBS Device Client according to the present invention. From the perspective of the PCCBS device client, in
從PCCBS_Device Utility的角度觀之,於步驟1110,接受PCCBS裝置用戶端的身分驗證(Change P2P Password、Address_PCCBS_Device、Address_PCCBS_Device_Client及Password_PCCBS_Device_P2P)。於步驟1111,基於PCCBS裝置用戶端資料庫(PCCBS_Device Client database)的Address_PCCBS_Device_Client檢索Hash_Password_PCCBS_Device_P2P項目。於步驟1112,透過檢查該雜湊值是否與基於該PCCBS_Device Client database的Address_PCCBS_Device_Client的Hash_Password_PCCBS_Device_P2P項目(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)相匹配,以驗證現有的點對點密碼。於步驟1141,將現有的點對點密碼傳送至PCCBS Device Client(標示為1104)。於步驟1113,接受新的點對點密碼Password_PCCBS_Device_P2P。於步驟1114,將該新的點對點密碼雜湊為Hash_Password_PCCBS_Device_P2P。於步驟1115,基於該PCCBS_Device Client database的Address_PCCBS_Device_Client(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)更新Hash_Password_PCCBS_Device_P2P。清除該點對點密碼Password_PCCBS_Device_P2P。From the perspective of PCCBS_Device Utility, in
圖12例示了通過一雲端網際網路(先前技術)的裝置用戶端(Device Client1)1及裝置用戶端(Device Client2)2之間的點對點連接機制的通訊之流程圖。於雲端網路上的裝置用戶端1及裝置用戶端2可通過一公用路由伺服器(Public Routing Server)112或一公用VPN路由伺服器(Public VPN Routing Server)114相互通訊。首先,裝置用戶端1之應用程式(Device Client1 App)(標示為1201)使用其在傳輸控制協定(Transmission Control Protocol;TCP)/使用者資料包協定(User Datagram Protocol;UDP)的IP位址及通訊埠的性能註冊至公用VPN路由伺服器Utility(Public VPN Routing Server Utility)(標示為1200),Device Client1 App、IP位址及通訊埠與路由伺服器保持活動狀態(標示為1203)。接著,裝置用戶端1之應用程式(Device Client1 App)(標示為1201)要求Public VPN Routing Server Utility 1200連接至裝置用戶端2(標示為1204);Public VPN Routing Server Utility(標示為1200)將裝置用戶端1在TCP/UDP協定的IP位址及通訊埠的性能與其連接意圖通知裝置用戶端2(標示為1205);裝置用戶端2之應用程式(Device Client2 App)(標示為1202)以其註冊回覆Public VPN Routing Server Utility(標示為1200),其中該註冊包含在TCP/UDP協定的IP位址及通訊埠的性能,裝置用戶端2的IP位址及通訊埠的性能通過與Public VPN Routing Server Utility(標示為1200)的連接,而保持活動狀態(標示為1206);Public VPN Routing Server Utility(標示為1200)將裝置用戶端2在TCP/UDP協定的IP位址及通訊埠的性能回應至裝置用戶端1(標示為1207);裝置用戶端1接收到裝置用戶端2在TCP/UDP協定的IP位址及通訊埠的性能後,Device Client1 App(標示為1201)通過裝置用戶端2的防火牆開始穿孔(標示為1208);Device Client2 App(標示為1202)通過裝置用戶端1的防火牆也開始穿孔(標示為1209);最後,防火牆的兩側都被穿孔,裝置用戶端1及裝置用戶端2之間開始點對點通訊(標示為1210)。需注意,若沒有Public VPN Routing Server,則不可能有Routing Server Utility及裝置用戶端1或裝置用戶端2之間的連接機制,該連接機制的基本流程係必須依賴於Public VPN Routing Server。FIG. 12 exemplifies the flow chart of the communication between the device client (Device Client 1 ) 1 and the device client (Device Client 2 ) 2 via a point-to-point connection mechanism in a cloud Internet (prior art). The
圖13例示了通過一雲端網際網路(先前技術)的PCRS及PCCBS之間的點對點連接機制的通訊之流程圖。如圖13所示,根據本發明之通過雲端網路的裝置用戶端,其不需要公用VPN路由伺服器(Public VPN Routing Server)來連接及存取至另一裝備用戶端或於伺服器下的網路服務。裝置用戶端1及雲端網路上的PCCBS可相互通訊,而不需要通過一公用路由伺服器112或公用VPN路由伺服器114。裝置用戶端1之應用程式(Device Client1 App)(標示為1301)通過用戶端訊息盒215,要求連接至PCRS Utility(伺服器部分)(標示為1300),且如圖8所示,PCRS Utility具有在TCP/UDP協定的IP位址及通訊埠的性能。PCRS Device Client1 App、際網路協定位址及通訊埠與PCRS Utility保持活動狀態(標示為1303);PCRS Utility(伺服器部分)通過回呼伺服器訊息盒接收註冊(未繪示);通過用戶端訊息盒215,PCRS裝置用戶端1要求PCRS Utility(伺服器部分)連接至PCRS Utility(用戶端部分)(標示為1304);PCRS Utility(伺服器部分)1300通過回呼伺服器訊息盒(未繪示)接收要求,於標示1305,並將PCRS裝置用戶端1在TCP/UDP協定的IP位址及通訊埠的性能與其連接意圖通知PCRS Utility(用戶端部分)(標示為1302);PCRS Utility(用戶端部分)(標示為1302)以其註冊回覆PCRS Utility(伺服器部分)(標示為1300),其中該註冊包含在TCP/UDP協定的IP位址及通訊埠的性能。裝置用戶端2的IP位址及通訊埠的性能通過與PCRS Utility(伺服器部分)(標示為1300)的連接,而保持活動狀態。PCRS Utility(伺服器部分)(標示為1300)通過回呼伺服器訊息盒(未繪示)以將裝置用戶端2在TCP/UDP協定的IP位址及通訊埠的性能回應至Device Client1 App(標示為1301)。在通過用戶端訊息盒215接收到PCRS Utility(用戶端部分)在TCP/UDP協定的IP位址及通訊埠的性能後,PCRS Device Client1 App(標示為1301)通過PCRS Utility(用戶端部分)的防火牆開始穿孔(標示為1308)。PCRS Utility(用戶端部分)(標示為1302)通過PCRS Device Client1的防火牆也開始穿孔(標示為1309);最後,防火牆的兩側都被穿孔,PCRS Utility(用戶端部分)及PCRS Utility(用戶端部分)之間開始點對點通訊(標示為1310)。PCRS Utility及PCRS Device Client1之間的所有資訊交換皆是通過回呼伺服器訊息盒(未繪示),而不是通過一公用路由伺服器212或一公用VPN路由伺服器214。如步驟820所示,PCRS Device Client1可安全地連接至PCRS上的虛擬私有區域網路。PCRS Device Client1可存取PCRS下可存取的任何裝置用戶端206或私有網路服務228。如圖13所示,其他的PCRS Device Client1(未201、221、209、210及211)可通過相同的連接機制連接至PCRS。一旦任何一對的PCRS裝置用戶端(PCRS Device Clients)及PCCBS裝置用戶端(PCCBS Device Clients)連接至PCRS及PCCBS的虛擬私有區域網路240、2400,即可以在彼此之間進行用於文字、語音及視訊的私有且安全之通訊。Fig. 13 illustrates a flow chart of communication between PCRS and PCCBS via a point-to-point connection mechanism over a cloud Internet (prior art). As shown in Figure 13, according to the device client through the cloud network of the present invention, it does not need a public VPN routing server (Public VPN Routing Server) to connect and access to another device client or under the server Internet service. The
圖14例示了通過一雲端網際網路的PCRS、PCCBS、PCRS裝置用戶端(PCRS Device Clients)及PCCBS裝置用戶端(PCCBS Device Clients)之間的點對點連接機制的通訊之流程圖。根據本發明之通過雲端網路的裝置用戶端,其不需要公用雲端路由伺服器來連接及存取至PCCBS、PCCBS、另一裝置用戶端或另一於伺服器下的網路服務。如圖14所述,裝置用戶端1及雲端網路上的PCRS可相互通訊,而不需要通過一公用路由伺服器112或公用VPN路由伺服器114。如圖5及圖14的代號0(標示為1400)所述,首先通過PCRS Device Utility(標示為1421),PCCBS管理員裝置(標示為1420)初始化及預備PCCBS(標示為1428)。之後,PCRS Utility(標示為1421)將PCCBS(標示為1428)內部的訊息傳送至PCRS_VPN Utility(標示為1422)。接著,請參圖14的代號1(標示為1401)及圖15,向PCCBS VPN Utility(標示為1423)註冊PCCBS註冊訊息,其包含在TCP/UDP協定的IP位址及通訊埠的性能。如圖16所示,還建立PCCBS元組(Tuple)及通訊接口(Communication Socket)(標示為1600)。通過與PCCBS Utility(標示為1401)的連接,裝置用戶端2的IP位址及通訊埠的性能保持活動狀態。於註冊後,PCRS_VPN Utility連接至PCCBS_VPN(標示為1602),並於PCRS_VPN及PCCBS_VPN(標示為1619)之間建立點對點通訊通道。PCCBS_VPN Utility(標示為1423)透過PCCBS(標示為1427)內部的訊息與PCCBS_Device Utility(標示為1424)通訊。請參圖14的代號2(標示為1402),PCCBS_Device Utility保持於一循環且等待該PCCBS裝置用戶端的要求。如圖7所示,首先PCCBS Device Client1(標示為1405)使用在TCP/UDP協定的IP位址及通訊埠的性能,以註冊至PCCBS_Device Utility(標示為1424);通過PCCBS_Device Utility(標示為1424),PCCBS Device Client1、IP位址及通訊埠保持活動狀態(請參圖7及圖14的代號3-1(標示為1403))。The PCCBS_Device Utility(標示為1424)將PCCBS(標示為1427)內部的註冊及連接要求傳送至PCCBS_VPN Utility(標示為1423)。如圖8所示,於註冊後,PCCBS Device Client1(標示為1425)連接至PCCBS_VPN(請參圖8的步驟802),並於PCCBS Device Client1(標示為1424)及PCCBS_VPN(請參圖8的817)之間建立點對點通訊通道。請參圖14的代號5(標示為1405)、代號7(標示為1407)及圖8的步驟818,PCCBS_VPN Utility(標示為1423)回呼至PCRS_VPN Utility(標示為1422),以在PCCBS_VPN Utility(標示為1423)與PCRS_VPN Utility(標示為1422)之間建立點對點通訊通道。當PCCBS_VPN Utility(標示為1423)至PCRS_VPN Utility(標示為1422)的回呼動作成功後,終於在PCCBS_Device Client1及PCRS_VPN之間建立點對點通訊通道,進而連接至PCRS Device Client2(標示為1426)、或另一個PCCBS裝置用戶端3(PCCBS Device Client3)(標示為1401),假設PCCBS Device Client3也成功連接至PCCBS_VPN Utility(標示為1423)。圖17例示了從PCCBS_VPN Utility至PCRS_VPN的回呼動作(請參圖8的步驟818)。FIG. 14 illustrates a flow chart of communication between PCRS, PCCBS, PCRS Device Clients (PCRS Device Clients) and PCCBS Device Clients (PCCBS Device Clients) through a cloud Internet. According to the device client through cloud network of the present invention, it does not need a public cloud routing server to connect and access to PCCBS, PCCBS, another device client or another network service under the server. As shown in FIG. 14 , the PCRS on the
圖15例示了根據本發明之PCRS註冊至PCCBS的通訊之流程圖。從PCRS的角度觀之,於步驟1500,建立PCCBS元組及通訊接口。若有必要(未繪示),創建PCCBS裝置用戶端位址(Address_PCCBS_Device_Client)。接著,於步驟1501,發布「註冊一PCCBS(Register a Private Cloud Call-Back Server)」指令。於步驟1502,若尚未配置PCCBS_Device Client,則配置Address_PCCBS_Device_Client及Password_PCCBS_Device_Client。其中Password_PCCBS_Device_P2P係與用戶端的訊息盒(未繪示)位址相關的訊息盒密碼,其訊息盒位址係用於Address_PCCBS_Device_Client的點對點通訊。於步驟1502,Address_PCCBS_Device_Client及Password_PCCBS_Device_Client註冊至用戶端訊息盒。於步驟1503,從受邀者擷取Address_PCCBS_Device及Access_Code。該資訊最初係透過受邀者裝置620接收。FIG. 15 illustrates a flow chart of communication of PCRS registration to PCCBS according to the present invention. From the perspective of PCRS, at
於步驟1504,通過用戶端訊息盒傳送Address_PCCBS_Device、Access_Code及用戶端身分驗證(Register a Private Cloud Call-Back Server、Address_PCCBS_Device、Address_PCCBS_Device_Client及Access_Code)至PCCBS。於步驟1540,將Address_PCCBS_Device及Access_Code傳送至PCCBS(標示為1510)。於步驟1505,該PCRS通過用戶端訊息盒等待該PCCBS的驗證。於步驟1506,該PCRS通過用戶端訊息盒等待該PCCBS的註冊完成確認。於步驟1507,若是新項目,則在PCCBS_Device_App上註冊PCCBS裝置伺服器資料庫(PCCBS_Device Server database)中的Address_PCCBS_Device項目。In
從PCCBS_Device Utility的角度觀之,於步驟1510,接收PCCBS裝置用戶端(PCCBS_Device Client)的身分驗證(Register a Private Cloud Call-Back Server、Address_PCCBS_Device、Address_PCCBS_Device_Client及Access_Code)。於步驟1512,進行驗證以檢查Address_PCCBS_Device_Client是否於PCCBS裝置用戶端資料庫(PCCBS_Device Client database)中。若是,則受邀者指定的PCCBS裝置用戶端位址(Address_PCCBS_Device_Client)及PCCBS裝置位址(Address_PCCBS_Device)被確認(標示為1519),然後返回。若否,Access_Code被驗證(標示為1512);於步驟1513,Access_Code上的Code_Expiration於PCCBS_Device Client database中被驗證。於步驟1541,Access_Code上的Code_Expiration被傳送至PCCBS裝置用戶端(標示為1505)。於步驟1514,產生Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status與相關的Access_Code、Code_Expiration、Address_Invitee及Address_PCCBS_Device_Client。於步驟1515,將Password_PCCBS_Device_P2P的雜湊值保存為Hash_Password_PCCBS_Device_P2P。於步驟1516,將Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status儲存至PCCBS_Device Client database的項目(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status)中。於步驟1517,將Password_PCCBS_Device_P2P傳送至PCRS訊息盒。於步驟1518,清除Password_PCCBS_Device_P2P。於步驟1519,受邀者指定的PCCBS裝置用戶端位址(Address_PCCBS_Device_Client)及PCCBS裝置位址(Address_PCCBS_Device)被確認。於步驟1544,將受邀者指定的PCCBS裝置用戶端位址傳送至PCCBS裝置用戶端(標示為1506)。於步驟1520,從受邀者裝置的角度觀之,接受Password_PCCBS_Device_P2P,並保存以備將來使用。From the perspective of PCCBS_Device Utility, in
圖16例示了根據本發明之PCRS連接至PCCBS的通訊之流程圖。從PCRS的角度觀之,於步驟1600,建立PCCBS元組及通訊接口。於步驟1601,從已註冊的PCCBS VPN資料庫(PCCBS_VPN database)選擇一Address_PCCBS_VPN。於步驟1602,於PCCBS_VPN_App選擇「連接至PCCBS_VPN(Connect to PCCBS_VPN)」指令。於步驟1603,將點對點連接要求傳送至Address_PCCBS_VPN。於步驟1640,將點對點連接要求傳送至PCCBS_VPN Utility(標示為1610)。點對點協商開始使用Address_PCCBS_VPN_Client與位於Address_PCCBS_VPN的PCCBS_VPN通訊。於步驟1641,PCCBS_VPN與PCCBS_VPN Utility(標示為1611)通訊。於步驟1605,接受PCCBS_VPN_Profile檔案以在Address_PCCBS_VPN啟動與PCCBS_VPN的智慧型VPN連接。於步驟1606,建立PCCBS_VPN及裝置用戶端之間的點對點連接。於步驟1643,PCCBS_VPN與PCCBS_VPN Utility(標示為1613)通訊。於步驟1607,使用用戶端的身分驗證(Connect to PCCBS_VPN、Address_PCCBS_VPN、Address_PCCBS_VPN_Client及Password_PCCBS_VPN_P2P)登錄PCCBS_VPN。於步驟1644,該用戶端的身分驗證被發送至PCCBS_VPN Utility(標示為1614)。於步驟1608,PCCBS_VPN等待驗證。於步驟1609,開始安全的點對點通訊。於步驟1646,PCCBS_VPN與PCCBS_VPN Utility(標示為1617)通訊。於步驟1620,PCCBS_VPN安全地連接至位於PCCBS_VPN的虛擬私有區域網路。FIG. 16 illustrates a flowchart of the communication of the PCRS connected to the PCCBS according to the present invention. From the perspective of PCRS, at
從PCCBS_VPN Utility的角度觀之,於步驟1610,接受來自Address_PCCBS_VPN_Client的點對點連接要求。於步驟1611,點對點協商開始使用Address_PCCBS_VPN與位於Address_PCCBS_VPN_Client的PCCBS_VPN Client通訊。於步驟1641,PCCBS_VPN Utility與PCRS_VPN(標示為1604)通訊。於步驟1612,將PCCBS_VPN_Profile檔案傳送至Address_PCCBS_VPN_Client以啟動智慧型VPN連接。於步驟1642,將PCCBS_VPN_Profile檔案傳送至PCRS_VPN(標示為1605)。於步驟1613,建立PCCBS_VPN及裝置用戶端之間的點對點連接。於步驟1643,PCCBS_VPN Utility與PCCBS_VPN(標示為1606)通訊。於步驟1614,接受PCCBS_VPN用戶端的身分驗證(Connect to PCCBS_VPN、Address_PCCBS_VPN、Address_PCCBS_VPN_Client及Password_PCCBS_VPN_P2P)。於步驟1615,檢索基於PCCBS VPN用戶端資料庫(PCCBS_VPN Client database)的Address_PCCBS_VPN_Client的項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_VPN_Client、Hash_Password_PCCBS_VPN_P2P、Password_PCCBS_VPN_P2P_Expiration及Status)。於步驟1616,透過檢查該雜湊值是否與基於PCCBS_VPN Client database的Address_PCCBS_VPN_Client的Hash_Password_PCCBS_VPN_P2P項目相匹配,以驗證現有的點對點(P2P)密碼。於步驟1645,將現有的點對點(P2P)密碼傳送至PCRS_VPN(標示為1608)。於步驟1617,啟動安全的點對點通訊。於步驟1646,PCCBS_VPN Utility與PCRS_VPN(標示為1609)通訊。於步驟1619,PCCBS_VPN Utility於PCRS_VPN及PCCBS_VPN之間建立點對點通訊通道。於步驟1645,PCRS_VPN開始連接至PCCBS_VPN(標示為1621)。From the point of view of PCCBS_VPN Utility, in
圖17例示了根據本發明之PCCBS回呼至PCRS的通訊之流程圖。從PCCBS的角度觀之,於步驟1700,建立PCCBS元組及通訊接口。於步驟1701,從已註冊的PCRS VPN資料庫(PCRS_VPN database)選擇一Address_PCRS_VPN。於步驟1702,於PCRS_VPN_App選擇「連接至PCRS_VPN(Connect to PCRS_VPN)」指令。於步驟1703,將點對點連接要求傳送至Address_PCRS_VPN。於步驟1740,將點對點連接要求傳送至PCRS_VPN Utility(標示為1710)。點對點協商開始使用Address_PCRS_VPN_Client與位於Address_PCRS_VPN的PCRS_VPN通訊。於步驟1741,PCRS_VPN與PCRS_VPN Utility(標示為1711)通訊。於步驟1705,接受PCRS_VPN_Profile檔案以在Address_PCRS_VPN啟動與PCRS_VPN的智慧型VPN連接。於步驟1706,建立PCRS_VPN及裝置用戶端之間的點對點連接。於步驟1743,PCRS_VPN與PCRS_VPN Utility(標示為1713)通訊。於步驟1707,使用用戶端的身分驗證(Connect to PCRS_VPN、Address_PCRS_VPN、Address_PCRS_VPN_Client及Password_PCRS_VPN_P2P)登錄PCCBS_VPN。於步驟1744,該用戶端的身分驗證被發送至PCRS_VPN Utility(標示為1714)。於步驟1708,PCRS_VPN等待驗證。於步驟1709,開始安全的點對點通訊。於步驟1746,PCRS_VPN與PCRS_VPN Utility(標示為1717)通訊。PCCBS_VPN Utility於PCRS_VPN及PCCBS_VPN之間建立點對點連接通道(標示為1719)。於步驟1721,PCCBS於PCCBS_VPN Device Client及PCRS Device Client或另一PCCBS_VPN Device Client之間建立點對點連接通道。FIG. 17 illustrates a flow chart of the PCCBS calling back to the PCRS communication according to the present invention. From the perspective of PCCBS, at
從PCRS_VPN Utility的角度觀之,於步驟1710,接受來自Address_PCRS_VPN_Client的點對點連接要求。於步驟1711,點對點協商開始使用Address_PCRS_VPN與位於Address_PCRS_VPN_Client的PCRS_VPN Client通訊。於步驟1741,PCRS_VPN Utility與PCRS_VPN(標示為1704)通訊。於步驟1712,將PCRBS_VPN_Profile檔案傳送至Address_PCRS_VPN_Client以啟動智慧型VPN連接。於步驟1742,將PCRS_VPN_Profile檔案傳送至PCRS_VPN(標示為1705)。於步驟1713,建立PCRS_VPN及裝置用戶端之間的點對點連接。於步驟1743,PCRS_VPN Utility與PCRS_VPN(標示為1706)通訊。於步驟1714,接受PCRS_VPN用戶端的身分驗證(Connect to PCRS_VPN、Address_PCRS_VPN、Address_PCRS_VPN_Client及Password_PCRS_VPN_P2P)。於步驟1715,檢索基於PCCBS VPN用戶端資料庫(PCRS_VPN Client database)的Address_PCRS_VPN_Client的項目清單(Access_Code、Code_Expiration、Address_Invitee、Address_PCRS_VPN_Client、Hash_Password_PCRS_VPN_P2P、Password_PCRS_VPN_P2P_Expiration及Status)。於步驟1716,透過檢查該雜湊值是否與基於PCRS_VPN Client database的Address_PCRS_VPN_Client的Hash_Password_PCRS_VPN_P2P項目相匹配,以驗證現有的點對點(P2P)密碼。於步驟1745,將現有的點對點(P2P)密碼傳送至PCRS_VPN(標示為1708)。於步驟1717,啟動安全的點對點通訊。於步驟1746,PCCBS_VPN Utility與PCRS_VPN(標示為1709)通訊。PCCBS_VPN Utility於PCRS_VPN及PCCBS_VPN之間建立點對點通訊通道(標示為1709)。於步驟1748,PCRS於PCCBS_VPN Device Client及PCRS Device Client或另一PCCBS_VPN Device Client之間建立點對點連接通道(標示為1721)。From the perspective of PCRS_VPN Utility, at
圖18例示了通過了基於伺服器叢集、計算機資源聚合及虛擬機器之雲端網路的PCRS、PCCBS、PCRS裝置用戶端及PCCBS裝置用戶端的點對點連接機制之流程圖。另外,圖18是圖14的延伸,其增加了伺服器叢集1830、計算機資源聚合1831及虛擬機器1832,以舉例說明PCRS連接機制於一超大型數據中心的實施。該超大型數據中心可具有至少一伺服器叢集1830、至少一計算機資源聚合1831及至少一虛擬機器1832。該至少一虛擬機器的數量及大小是可擴充的。該超大型數據中心或該服務提供者的至少一個可將大量的獨立PCCBS建構在對應的複數個對應的虛擬機器中,以提供服務給對應的PCRS及PCRS裝置用戶端。在本質上,透過該網路平台所有者建構及部署該PCCBS裝置用戶端及該PCRS裝置用戶端之間的點對點通訊關係的一社群對,其中該網路平台所有者係負責維護具有或不具有計算機資源聚合及伺服器叢集之拓撲的該虛擬機器。舉例而言,一種可能的商業模型係指一網路平台所有者於該虛擬機器中,向大量的個人用戶提供他們的私有及安全的PCCBS的代管。再者,該網路平台所有者還提供了單獨私有且安全的PCRS,以供個人用戶於他們自己的區域網路中安裝該PCRS。通過本發明,該平台用戶可從任何地方建立自己的該PCCBS裝置用戶端(例如:一智慧型手機或一平板電腦(Tablet))及該PCRS裝置用戶端(例如:筆記型電腦(Notebook;NB)、物聯網裝置、網路附加儲存(Network Attached Storage;NAS)或媒體伺服器),且架設在該用戶的私有且安全的區域網路。圖18例示了根據本發明之技術,裝置用戶端不需要公用雲端路由伺服器即可連接及存取該PCRS、PCCBS、其他裝置用戶端或是通過伺服器下的雲端網路之網路服務。如圖18所示,一PCCBS裝置用戶端1(PCCBS Device Client1)1825及雲端網路上的一PCRS可在不通過一公用路由伺服器112(未繪示)或公用VPN路由伺服器114(未繪示)的情況下彼此通訊。PCRS Utility(標示為1821)將PCRS(標示為1828)內部的訊息傳送至PCRS_VPN Utility(標示為1822)。如圖15及圖18的代號1所示,PCRS_VPN Utility(標示為1822)使用PCRS註冊訊息向PCCBS VPN Utility(標示為1823)註冊,其中該註冊訊息包含在TCP/UDP協定的IP位址及通訊埠的性能。如圖16所示,PCRS_VPN Utility(標示為1822)還建立PCCBS元組及通訊接口(標示為1600)。通過與PCCBS Utility(標示為1801)的連接,裝置用戶端2(標示為1826)的IP位址及通訊埠的性能保持活動狀態。於註冊後,PCRS_VPN Utility連接至PCCBS_VPN(標示為1602),並於PCRS_VPN及PCCBS_VPN(標示為1619)之間建立點對點通訊通道。PCCBS_VPN Utility(標示為1823)透過PCCBS(標示為1827)內部的訊息與PCCBS_Device Utility(標示為1824)通訊。請參圖18的代號2(標示為1802),PCCBS_Device Utility保持於一循環且等待該PCCBS裝置用戶端的要求。如圖7所示,首先PCCBS Device Client1(標示為1805)使用在TCP/UDP協定的IP位址及通訊埠的性能,以註冊至PCCBS_Device Utility(標示為1824);通過PCCBS_Device Utility(標示為1824),PCCBS Device Client1、IP位址及通訊埠保持活動狀態(請參圖7及圖14的代號3-1(標示為1803)。The PCCBS_Device Utility(標示為1824)將PCCBS(標示為1827)內部的註冊及連接要求傳送至PCCBS_VPN Utility(標示為1823)。如圖8所示,於註冊後,PCCBS Device Client1(標示為1825)連接至PCCBS_VPN(請參圖8的步驟802),並於PCCBS Device Client1(標示為1824)及PCCBS_VPN(請參圖8的步驟817)之間建立點對點通訊通道。請參圖18的代號5(標示為1805)、代號7(標示為1807)及圖8的步驟818,PCCBS_VPN Utility(標示為1823)回呼至PCRS_VPN Utility(標示為1822),以在PCCBS_VPN Utility(標示為1823)與PCRS_VPN Utility(標示為1822)之間建立點對點通訊通道。當PCCBS_VPN Utility(標示為1823)至PCRS_VPN Utility(標示為1822)的回呼動作成功後,在PCCBS_Device Client1(標示為1825)及PCRS_VPN之間建立點對點通訊通道,並連接至PCRS Device Client2(標示為1826)。圖17例示了從PCCBS_VPN Utility至PCRS_VPN的回呼動作(請參圖8的步驟818)。18 illustrates a flow chart of the point-to-point connection mechanism of PCRS, PCCBS, PCRS device client and PCCBS device client through the cloud network based on server cluster, computer resource aggregation and virtual machine. In addition, FIG. 18 is an extension of FIG. 14, which adds a
雖然本發明已經根據上述實施例被描述,所屬領域具通常知識者亦可輕易地明瞭這些實施例還可以有更多的變化,而這些變化不會脫離本發明的基本精神。據此,所屬領域具通常知識者可以不脫離專利申請範圍而做出更多本發明的實施例改變。Although the present invention has been described according to the above-mentioned embodiments, those skilled in the art can easily understand that there are more changes to these embodiments without departing from the basic spirit of the present invention. Accordingly, those skilled in the art can make more changes to the embodiments of the present invention without departing from the scope of the patent application.
如以下所示: 0、1~8、3-1、3-3、4-1、4-3、6-3:代號 100、200、300、400:公用雲端 102、103、202、203、302、303、403:路由器、Router_P、Router_S 104、105、204、205、304、305、334、405、434:區域網路、LAN、Local Area Network 101、106、107、109、110、111:智慧型裝置用戶端 108:私有雲端伺服器 112、212、312、412、1200:公用路由伺服器 113、213、313、413:公用雲端伺服器 114、214、314、414:公用VPN路由伺服器 201、209、210、211、221、301、309、310、311、321、401、409、410、411、421:PCCBS裝置用戶端 206、207、306、307、335、435:PCRS裝置用戶端 208、308、408:PCRS 216、316、416:PCCBS 215、315、415:用戶端訊息盒 222、223、224、225、322、323、324、325、326、422、423、424、426:通訊路徑 228、328、336、436:私有網路服務 240、2400、340、440:VLAN 360、460:LAN2 270、1300、1302:PCRS Utility 271:PCRS用戶端資料庫 272、276、280、282:用戶端訊息盒Utility 273:PCRS管理員裝置 274:PCRS裝置App 275:PCRS資料庫 277:PCCBS管理員裝置 278:PCCBS裝置App 279:PCCBS資料庫 281:受邀者裝置 1201:裝置用戶端1 1202:裝置用戶端2 1301:PCRS裝置用戶端1 App 1420:PCCBS管理員裝置 1421:PCRS裝置Utility 1422:PCRS VPN Utility 1423:PCCBS VPN Utility 1424:PCCBS裝置Utility 1425:PCCBS裝置用戶端1 1830:伺服器叢集 1831:計算機資源聚合 1832:虛擬機器 2700:PCCBS Utility 2710:PCCBS用戶端資料庫 2720:伺服器訊息盒Utility 500~508、510~516、540~543:步驟 600~605、610~614、620~622、640~642:步驟 700~707、710~720、740~744:步驟 800~821、840~848:步驟 900~906、910~912、940~942:步驟 1000~1008、1010~1017、1020、1040~1045:步驟 1100~1105、1110~1116、1140~1142:步驟 1203~1210:步驟 1303~1310:步驟 1400~1407、1411、1413~1414、1416、1427~1428:步驟 1500~1507、1510~1520、1540~1544:步驟 1600~1617、1619~1620、1640~1646、1648:步驟 1700~1717、1719、1721、1740~1746、1748:步驟 1801~1807、1811、1827~1828:步驟 As shown below: 0, 1~8, 3-1, 3-3, 4-1, 4-3, 6-3: Code 100, 200, 300, 400: public cloud 102, 103, 202, 203, 302, 303, 403: Router, Router_P, Router_S 104, 105, 204, 205, 304, 305, 334, 405, 434: area network, LAN, Local Area Network 101, 106, 107, 109, 110, 111: smart device client 108: Private cloud server 112, 212, 312, 412, 1200: public routing server 113, 213, 313, 413: public cloud server 114, 214, 314, 414: public VPN routing server 201, 209, 210, 211, 221, 301, 309, 310, 311, 321, 401, 409, 410, 411, 421: PCCBS device client 206, 207, 306, 307, 335, 435: PCRS device client 208, 308, 408: PCRS 216, 316, 416: PCCBS 215, 315, 415: client message box 222, 223, 224, 225, 322, 323, 324, 325, 326, 422, 423, 424, 426: communication path 228, 328, 336, 436: private network service 240, 2400, 340, 440: VLAN 360, 460: LAN2 270, 1300, 1302: PCRS Utility 271: PCRS client database 272, 276, 280, 282: Message Box Utility at the client side 273: PCRS administrator device 274: PCRS Device App 275: PCRS database 277: PCCBS administrator device 278: PCCBS device software 279: PCCBS database 281: Invitee device 1201: device client 1 1202: device client 2 1301: PCRS device client 1 App 1420: PCCBS administrator device 1421: PCRS device Utility 1422:PCRS VPN Utility 1423:PCCBS VPN Utility 1424: PCCBS device Utility 1425: PCCBS device client 1 1830: Server cluster 1831: Computer Resource Aggregation 1832: Virtual Machine 2700: PCCBS Utility 2710: PCCBS client database 2720: Server Message Box Utility 500~508, 510~516, 540~543: steps 600~605, 610~614, 620~622, 640~642: steps 700~707, 710~720, 740~744: steps 800~821, 840~848: steps 900~906, 910~912, 940~942: steps 1000~1008, 1010~1017, 1020, 1040~1045: steps 1100~1105, 1110~1116, 1140~1142: steps 1203~1210: steps 1303~1310: steps 1400~1407, 1411, 1413~1414, 1416, 1427~1428: steps 1500~1507, 1510~1520, 1540~1544: steps 1600~1617, 1619~1620, 1640~1646, 1648: steps 1700~1717, 1719, 1721, 1740~1746, 1748: steps 1801~1807, 1811, 1827~1828: steps
圖1例示了一種傳統雲端網路架構的示意圖。FIG. 1 illustrates a schematic diagram of a traditional cloud network architecture.
圖2例示了根據本發明第一實施例的連接機制之示意圖,該連接機制係介於私有雲端路由伺服器、私有雲端回呼伺服器及智慧型裝置用戶端之間。FIG. 2 illustrates a schematic diagram of a connection mechanism according to a first embodiment of the present invention. The connection mechanism is between a private cloud routing server, a private cloud callback server, and a smart device client.
圖3例示了根據本發明第二實施例的連接機制之示意圖,該連接機制係介於私有雲端路由伺服器、私有雲端回呼伺服器及智慧型裝置用戶端之間。FIG. 3 illustrates a schematic diagram of a connection mechanism according to a second embodiment of the present invention, and the connection mechanism is between a private cloud routing server, a private cloud callback server, and a smart device client.
圖4例示了根據本發明第三實施例的連接機制之示意圖,該連接機制係介於私有雲端路由伺服器、私有雲端回呼伺服器及智慧型裝置用戶端之間。FIG. 4 illustrates a schematic diagram of a connection mechanism according to a third embodiment of the present invention. The connection mechanism is between a private cloud routing server, a private cloud callback server, and a smart device client.
圖5例示了根據本發明的私有雲端路由伺服器管理員初始化及預備私有雲端路由伺服器之流程圖。FIG. 5 illustrates a flow chart of initializing and preparing the private cloud routing server by the administrator of the private cloud routing server according to the present invention.
圖6例示了根據本發明的私有雲端回呼伺服器管理員為私有雲端回呼伺服器創建一用戶端之流程圖。FIG. 6 illustrates a flow chart of creating a client for the private cloud callback server by the administrator of the private cloud callback server according to the present invention.
圖7例示了根據本發明的私有雲端回呼伺服器裝置用戶端註冊至一私有雲端回呼伺服器之流程圖。FIG. 7 illustrates a flow chart of registering a client terminal of a private cloud callback server device to a private cloud callback server according to the present invention.
圖8例示了根據本發明從私有雲端回呼伺服器裝置用戶端至私有雲端回呼伺服器之流程圖。FIG. 8 illustrates a flow chart from the client end of the private cloud callback server device to the private cloud callback server according to the present invention.
圖9例示了根據本發明的管理員查看私有雲端路由伺服器之用戶端之流程圖。FIG. 9 illustrates a flow chart of an administrator viewing a client terminal of a private cloud routing server according to the present invention.
圖10例示了根據本發明的管理員重置私有雲端回呼伺服器裝置用戶端點對點密碼以及編輯屬性之流程圖。FIG. 10 illustrates a flow chart of the administrator resetting the user end-to-point password of the private cloud callback server device and editing attributes according to the present invention.
圖11例示了根據本發明修改私有雲端回呼伺服器裝置用戶端點對點密碼之流程圖。FIG. 11 illustrates a flow chart of modifying the end-to-point password of the user terminal of the private cloud callback server device according to the present invention.
圖12例示了一種點對點連接機制之流程圖,該點對點連接機制係通過雲端網路而介於裝置用戶端1及裝置用戶端2之間(先前技術)。FIG. 12 illustrates a flowchart of a point-to-point connection mechanism between the
圖13例示了一種點對點連接機制之流程圖,該點對點連接機制係通過雲端網路而介於私有雲端路由伺服器及私有雲端路由伺服器裝置用戶端之間(先前技術)。FIG. 13 illustrates a flow chart of a point-to-point connection mechanism between a private cloud routing server and a client of a private cloud routing server device through a cloud network (prior art).
圖14例示了一種點對點連接機制之流程圖,該點對點連接機制係通過雲端網路而介於私有雲端路由伺服器、私有雲端回呼伺服器、私有雲端路由伺服器裝置用戶端及私有雲端回呼伺服器裝置用戶端之間。Fig. 14 illustrates a flow chart of a point-to-point connection mechanism, the point-to-point connection mechanism is between the private cloud routing server, the private cloud callback server, the private cloud routing server device client and the private cloud callback through the cloud network between server devices and clients.
圖15例示了根據本發明的私有雲端路由伺服器註冊至私有雲端回呼伺服器虛擬私有網路之流程圖。FIG. 15 illustrates a flow chart of the private cloud routing server registering with the private cloud callback server virtual private network according to the present invention.
圖16例示了根據本發明的私有雲端路由伺服器至私有雲端回呼伺服器虛擬私有網路之流程圖。FIG. 16 illustrates a flowchart of a virtual private network from a private cloud routing server to a private cloud callback server according to the present invention.
圖17例示了根據本發明的私有雲端回呼伺服器回呼至私有雲端路由伺服器虛擬私有網路之流程圖。FIG. 17 illustrates a flow chart of the private cloud callback server calling back to the private cloud routing server virtual private network according to the present invention.
圖18例示了通過了基於伺服器叢集、計算機資源聚合及虛擬機器之雲端網路的私有雲端路由伺服器、私有雲端回呼伺服器、私有雲端路由伺服器裝置用戶端及私有雲端回呼伺服器裝置用戶端的點對點連接機制之流程圖。Figure 18 illustrates a private cloud routing server, a private cloud callback server, a private cloud routing server device client, and a private cloud callback server through a cloud network based on server clusters, computer resource aggregation, and virtual machines Flowchart of the peer-to-peer connection mechanism at the device client.
無none
200:公用雲端 200: Public cloud
202、203:路由器 202, 203: router
204、205:區域網路 204, 205: area network
201、209、210、211、221:PCCBS裝置用戶端 201, 209, 210, 211, 221: PCCBS device user end
216:PCCBS 216:PCCBS
206、207:PCRS裝置用戶端 206, 207: PCRS device client
208:PCRS 208: PCRS
212:公用路由伺服器 212: Public routing server
213:公用雲端伺服器 213: Public cloud server
214:公用VPN路由伺服器 214: Public VPN routing server
215:用戶端訊息盒 215: Client message box
222、223、224、225:通訊路徑 222, 223, 224, 225: communication path
228:私有網路服務 228: Private network service
240、2400:VLAN 240, 2400: VLAN
270:PCRS Utility 270: PCRS Utility
271:PCRS用戶端資料庫 271: PCRS client database
272、276、280、282:用戶端訊息盒Utility 272, 276, 280, 282: Message Box Utility at the client side
273:PCRS管理員裝置 273: PCRS administrator device
274:PCRS裝置App 274: PCRS Device App
275:PCRS資料庫 275: PCRS database
277:PCCBS管理員裝置 277: PCCBS administrator device
278:PCCBS裝置App 278: PCCBS device software
279:PCCBS資料庫 279: PCCBS database
281:受邀者裝置 281: Invitee device
2700:PCCBS Utility 2700: PCCBS Utility
2710:PCCBS用戶端資料庫 2710: PCCBS client database
2720:伺服器訊息盒Utility 2720: Server Message Box Utility
Claims (18)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/229,156 US11863529B2 (en) | 2011-09-09 | 2021-04-13 | Private cloud routing server connection mechanism for use in a private communication architecture |
US17/229,156 | 2021-04-13 |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI769965B TWI769965B (en) | 2022-07-01 |
TW202241089A true TW202241089A (en) | 2022-10-16 |
Family
ID=78806037
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW111100303A TWI769965B (en) | 2021-04-13 | 2022-01-04 | Connection method and computer-readable medium for use in a private communication architecture |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN115208603A (en) |
GB (1) | GB2609677A (en) |
TW (1) | TWI769965B (en) |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6542497B1 (en) * | 1997-03-11 | 2003-04-01 | Verizon Services Corp. | Public wireless/cordless internet gateway |
US8886714B2 (en) * | 2011-08-08 | 2014-11-11 | Ctera Networks Ltd. | Remote access service for cloud-enabled network devices |
US8650299B1 (en) * | 2010-02-03 | 2014-02-11 | Citrix Systems, Inc. | Scalable cloud computing |
US10601810B2 (en) * | 2011-09-09 | 2020-03-24 | Kingston Digital, Inc. | Private cloud routing server connection mechanism for use in a private communication architecture |
US9781087B2 (en) * | 2011-09-09 | 2017-10-03 | Kingston Digital, Inc. | Private and secure communication architecture without utilizing a public cloud based routing server |
US9203807B2 (en) * | 2011-09-09 | 2015-12-01 | Kingston Digital, Inc. | Private cloud server and client architecture without utilizing a routing server |
CN105991735A (en) * | 2015-02-25 | 2016-10-05 | 台湾艾特维股份有限公司 | Distributor private cloud management system and method |
TWI632465B (en) * | 2015-03-19 | 2018-08-11 | 美商金士頓數位股份有限公司 | Method for use with a public cloud network, private cloud routing server and smart device client |
CN113542389A (en) * | 2015-06-16 | 2021-10-22 | 金士顿数位股份有限公司 | Private cloud routing server connection mechanism for private communication architecture |
CN111100302B (en) * | 2018-10-26 | 2022-07-08 | 中国石油化工股份有限公司 | Preparation method of metal particle @ ZIFs core-shell particle |
GB2607362A (en) * | 2021-02-12 | 2022-12-07 | Kingston Digital Inc | Private cloud routing server connection mechanism for use in a private communication architecture |
-
2021
- 2021-10-26 GB GB2115368.9A patent/GB2609677A/en active Pending
-
2022
- 2022-01-04 TW TW111100303A patent/TWI769965B/en active
- 2022-01-07 CN CN202210016648.2A patent/CN115208603A/en active Pending
Also Published As
Publication number | Publication date |
---|---|
TWI769965B (en) | 2022-07-01 |
CN115208603A (en) | 2022-10-18 |
GB2609677A (en) | 2023-02-15 |
GB202115368D0 (en) | 2021-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11356417B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
TWI545446B (en) | A method and system for use with a public cloud network | |
US10237253B2 (en) | Private cloud routing server, private network service and smart device client architecture without utilizing a public cloud based routing server | |
US9781087B2 (en) | Private and secure communication architecture without utilizing a public cloud based routing server | |
US11863529B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
TWI574164B (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
US9935930B2 (en) | Private and secure communication architecture without utilizing a public cloud based routing server | |
TWI632465B (en) | Method for use with a public cloud network, private cloud routing server and smart device client | |
TWI629598B (en) | Method for use with a public cloud network, private cloud routing server and smart device client | |
TWI537744B (en) | Private cloud routing server, private network service and smart device client architecture without utilizing a public cloud based routing server | |
US20230254292A1 (en) | Private and Secure Chat Connection Mechanism for Use in a Private Communication Architecture | |
TW202233007A (en) | Connection method and computer-readable medium for use in a private communication architecture | |
US11683292B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
US20220385638A1 (en) | Private Matter Gateway Connection Mechanism for Use in a Private Communication Architecture | |
US20220329569A1 (en) | Metaverse Application Gateway Connection Mechanism for Use in a Private Communication Architecture | |
TWI769965B (en) | Connection method and computer-readable medium for use in a private communication architecture | |
CN113709163A (en) | Method and system for realizing remote operation of computer based on wireless terminal | |
TWI829487B (en) | Private matter gateway connection mechanism for use in a private communication architecture | |
TWI836974B (en) | Private and secure chat connection mechanism for use in a private communication architecture | |
TWI829435B (en) | Metaverse application gateway connection mechanism for use in a private communication architecture | |
US20230083939A1 (en) | Private Matter Gateway Connection Mechanism for Use in a Private Communication Architecture | |
TW202345559A (en) | Private and secure chat connection mechanism for use in a private communication architecture | |
CN117014251A (en) | Private substance gateway linking mechanism for private communication architecture | |
CN117014177A (en) | Meta universe application gateway linking mechanism for private communication architecture | |
GB2532831A (en) | Private cloud routing server connection mechanism for use in a private communication architecture |