TW202241089A - Connection method and computer-readable medium for use in a private communication architecture - Google Patents

Abstract

A method for use with a public cloud network is disclosed. The method includes setting up at least one virtual machine, at least one private cloud call-back server (PCCBS) and at least one smart device client on the side of the PCCBS to provide cloud based web services, and at least one private cloud routing server (PCRS) and at least one smart device client on the side of the PCRS in a client server relationship. The virtual machine and PCCBS usually reside in a hyperscale data center, while the PCRS resides in the client’s remote premises. The private cloud call-back server acts as a middleman to relay communication between the smart device client on the side of the PCCBS and the private cloud routing server. The PCCBS will call back the private cloud routing server on demand based on the smart device client request. The at least one private cloud call-back server includes a first message box associated therewith.

Description

Connection method and computer-readable medium for proprietary communication framework

The present invention is related to network. Specifically, the present invention relates to the application on a private cloud network.

In an Internet-connected environment, smart device clients, including smartphones, tablets, e-book readers, laptops, PCs, and a wide variety of smart appliances, are ubiquitous and ubiquitous . In addition to the Internet connection, one of the values of the smart device client is the ability to obtain services from one or more servers anytime, anywhere. These services include voice, video content, live or archived information, application execution, social media, messaging, email, storage media, backup, calendar, contacts, synchronization, sharing, remote desktop, and Internet of Things ( Internet of Things; IoT), etc. Other services include real-time private and secure video, voice, text and application communications between at least two smart device clients.

There are different types of servers to meet the needs of various smart device clients. Generally, these types of servers can be divided into two groups: a public cloud and a private cloud. Public cloud servers, just like the name "public", provide free but limited functions or paid and more refined services, and interact with the public. Examples of public cloud servers include data centers, social media services, and content providers on the Internet. On the other hand, private cloud servers tend to cater to private needs. Compared with public clouds, servers in private clouds provide more private and personalized services.

An example of a private cloud server application is a private cloud storage server (Private Cloud Storage Server; PCSS). The private cloud storage server is located in a user-managed local area network (Local Area Network; LAN). It provides users with online and backup storage in a local area network or wide area network (Wide Area Network; WAN). Users can use the smart device client to access information from the private cloud storage server anytime and anywhere. The private cloud server and the associated smart device client thus constitute a private cloud server and client architecture.

Traditionally, there are many storage server solutions, including Network Attached Storage (NAS), Windows/Mac/Linux servers, and Direct Attached Storage (DAS) to meet private cloud storage Server needs. However, the challenge encountered by the smart device client in the field is how to avoid cumbersome installation to penetrate the firewall at the back end of the LAN router to access the private cloud storage server in the home or office environment. There are at least four solutions to this challenge.

One solution is to arrange a fixed Internet Protocol (Internet Protocol; IP) address and open a connection port on the front-end router of the private cloud storage server, such as a smart device client that can probe out of the private cloud from the outside of the LAN The storage server performs self-authentication, penetrates the firewall and establishes a secure communication channel with the private cloud storage server.

The second solution is for those who do not have a fixed IP address. The user installs a router of the LAN of the private cloud storage server and opens a connection port corresponding to the private cloud storage server. Therefore, the router can be detected by the smart device client via the Dynamic Domain Name System (DDNS) service on the WAN. The smart device client can self-authenticate, penetrate firewalls and establish a secure communication channel connected to a private cloud storage server.

The third solution relies on another routing server in the WAN to connect the virtual private network (Virtual Private Network; VPN) between the smart device client and the private cloud storage server. The VPN communication allows the smart device client to discover the location of the private cloud storage server, self-authenticate, penetrate firewalls, and establish a secure communication channel connected to the private cloud storage server.

The fourth solution relies on another routing server in the wide area network to conduct Remote Desktop Protocol (Remote Desktop Protocol; RDP) or Virtual Network Computing (Virtual Network Computing) between the smart device client and the private cloud server; VNC) communication. The RDP or VNC communication allows the smart device client to discover the location of the private cloud server, self-authenticate, penetrate firewalls, and establish a secure communication channel with the private cloud server. Other solutions are combinations of the above solutions.

In the first solution, a fixed IP address is required and the router needs to be installed. Fixed IP addresses involve more cost and are usually not suitable for home and small business environments. Therefore, the router installation is very complicated and not easy for most consumers.

In the second scenario, a DDNS service is required, and the router requires more complicated installation. The DDNS involves additional cost and system complexity. Therefore, the router installation is very complicated and not easy for most consumers.

In the third and fourth scenarios, when the installation of a router is not necessary, an external routing server or service needs to be installed. The external routing server or service is used to control and manage the login or authentication between the smart device client and the server. With public cloud servers or services, private clouds become less private and less secure. In addition, if the server or service is compromised for any reason, it will jeopardize the communication or availability of the private cloud server.

The technical expertise required for the above solutions may be suitable for traditional monolithic environments, but not for consumer-oriented smart device client-centric deployments.

In most conventional systems, a routing server in an external or public cloud is used by the smart device client in the process of accessing private cloud services. Using an external server creates many concerns for smartphone client owners.

First, trust has always been an issue because the routing server in the external or public cloud acts as a middleman in the communication handling between the smart client and the private cloud service. It holds account information, passwords and their IP addresses for all users of smart device clients and private cloud services. This makes it insecure because the routing server can detect any kind of communication in between.

Second, as an external or public cloud routing server, the server owner's business model may not always be consistent with the smart device client owner. If the routing server is out of service for any commercial reason, there is no fix or alternative option to restore service. Routing servers potentially pose a huge commercial risk to users, such as links that are essential for communication being destroyed without costing resources.

Traditionally, in the case of communication between two smart device clients, both parties need to log in to a public cloud server to perform real-time video, voice, text and application communication. As mentioned above, since the communication must pass through a public cloud server, privacy and security are easily compromised.

In view of this, there is an urgent need for a system and method for solving the above problems. The present invention meets this need.

In order to solve at least the above problems, embodiments of the present invention provide a method for use with a public cloud network. The method may include setting at least one virtual machine, at least one private cloud callback server, at least one smart device client on the side of the private cloud callback server for providing cloud network services, and at least one private cloud router The server and the at least one smart device client on the side of the private cloud routing server, the at least one virtual machine, the at least one private cloud callback server, and the private cloud callback for providing cloud network services The at least one smart device client on the server side, the at least one private cloud routing server, and the at least one smart device client on the private cloud routing server side are in a client server relationship. The virtual machine and the private cloud callback server are usually set up in a super-large data center, and the private cloud routing server is set up in the remote factory equipment at the client end.

The private cloud callback server acts as an intermediary to relay the communication between the smart device client on the side of the private cloud callback server and the private cloud routing server. The private cloud callback server can call back to the private cloud routing server according to the request of the smart device. The at least one private cloud callback server includes a first message box associated therewith. The first message box is located in the private cloud callback server on a public cloud network. The smart device client includes a second message box associated therewith. The second message box is located in the private cloud callback server on the public cloud network. The at least one private cloud callback server is located in a public cloud network. The third message box related to the private cloud routing server is located in the private cloud callback server on the public cloud network. The method also includes transmitting a session message between the first message box and the second message box, and transmitting a session message between the second message box and the third message box in a secure manner.

The secure session message connection mechanism between the private cloud routing server, the private cloud callback server and at least one smart device client includes: initializing and preparing the private cloud callback server, creating a private cloud callback Server client, view the private cloud callback server client, edit a private cloud callback server point-to-point password and a status through a system administrator, modify the private cloud callback through the at least one smart device client Server point-to-point password, reset the private cloud callback server point-to-point password and the status from a private cloud callback server area network by a system administrator, and connect to the private cloud through the at least one smart device client The cloud calls back to the server. The session message is verified by the private cloud routing server, the private cloud callback server and at least one smart device client. The smart device client, the private cloud routing server and the private cloud callback server can communicate with each other after the session message is verified.

According to the verified session information, the at least one smart device client securely accesses a private network service through the public cloud network. The method also includes configuring the at least another smart device client in a client server relationship with the at least one private cloud routing server and the at least one private cloud callback server middle. The at least two smart device clients can communicate with each other after the session message is verified. The at least two smart device clients can communicate privately and securely through the public cloud network. By using the private cloud callback server between the smart device client and the private cloud routing server, all types of IP address translation (Network Address Translation) in the local area network environment can be more effectively passed. ; NAT) router without using traditional hole-punching technology (Hole-punching). Due to the emergence of 5G, 6G and Wi-Fi 6 network technologies, the communication performance can be significantly improved through the private cloud callback server, so that the communication delay can be minimized. For accessing from one smart device client anywhere in the world to another smart device client or IoT devices at home, the present invention has the advantages of easy deployment, high privacy and security, full compatibility and high performance .

The present invention is related to network. Specifically, the present invention relates to the application on a private cloud network. The following descriptions are intended to enable those skilled in the art to understand and use the present invention, and to present relevant content required for a patent application of the present invention. Those skilled in the technical field of the present invention can easily understand other embodiments of the present invention according to the embodiments described below and the principles and features substantially the same as the present invention. Therefore, the present invention is not limited to the implementation aspects of the following embodiments, but is given the widest scope consistent with the essentially same principles and features of the present invention.

In the following description, "client" can be equated with "smart device client", and "router" can be equated with "gateway", "access point" or "IP address translation".

The smart device client in the wide area network of the present invention can obtain services from the private cloud storage server (Private Cloud Storage Server; PCSS) or any private cloud server (Private Cloud Server; PCS), so the system of the present invention and The method solves the following challenges faced by users in the usage environment: 1. Access the private cloud server anytime, anywhere. 2. Access to a private cloud server with a fixed or a floating Internet Protocol (IP) address behind a firewall. 3. No routing server based on public cloud in WAN. 4. There is no need to set up additional routers in the LAN. 5. Verify the private cloud server. 6. Establish a secure communication channel with the private cloud server.

If the present invention can overcome and solve the above-mentioned challenges, the deployment of private cloud servers or services will be able to grow exponentially due to the simple plug-and-play feature of the present invention. Even without the use of public cloud-based routing servers, technical and commercial problems associated with the field of the invention are eliminated. Therefore, private cloud servers for storage, remote desktops, and the Internet of Things will become very affordable and popular in the private cloud infrastructure.

In a private cloud environment, if there are multiple private cloud servers or services coexisting at the same time, the private cloud servers are divided into Private Cloud Routing Service (PRS) and Private Network Service (Private Network Service); PNS) two functional blocks are advantageous. Through the smart device client, the private network service is managed and accessed in the private network environment (wired or wireless). For example: Remote Desktop Protocol (Remote Desktop Protocol; RDP), VNC software (Virtual Network Computing), Office Tools software, media players, and other special user applications. The private network service can also be used as a storage server, which can include multiple terabytes of storage space for the private cloud. Then, the private network service functions of multiple private cloud routing servers (hereinafter referred to as "PCRS") can be integrated into one PCRS. PCRS is also commonly referred to as a "private cloud router".

The smart device client in the wide area network of the present invention can manage and access private network services from the PCRS, so the system and method of the present invention solve the following challenges faced by users in the use environment: 1. Access PCRS anytime, anywhere. 2. Access PCRS behind a firewall with a fixed or a floating IP address. 3. No need for external or public cloud-based routing servers in the WAN. 4. There is no need to set up additional routers in the LAN. 5. Verify PCRS. 6. Establish a secure communication channel with the private network service.

If the PCRS of the present invention can solve the above challenges, the different private cloud servers of different manufacturers and suppliers can be split into simpler private network services, and the complexity of private cloud setting, configuration and access can be eliminated sexual issues.

The purpose of the system and method of the present invention is to provide a PCRS, private network server and client architecture without using a routing server. The system and method of the present invention meet the above-mentioned challenges, that is, a client can access the private network server anytime and anywhere. The system and method can also access the private network server at the back end of a fixed or floating IP firewall to authenticate with the PCRS and establish a secure communication channel directly with the private network server without It is necessary to add additional routing settings or public cloud routing servers in the WAN.

As shown in Figure 1, a cloud network architecture includes a public cloud 100, a public cloud server 113, a public routing server 112, a virtual private network (hereinafter referred to as VPN) routing server 114, in the wide area network A smart device client 101 , a router (Router_P) 102 and a router (Router_S) 103 . The router 103 is used to connect a local area network (LAN) 105 and a network of the public cloud 100 . The router 102 is used for connecting a local area network (LAN) 104 and a network of the public cloud 100 . At the back end of the local area network 104 , there are smart device clients 106 , 107 and a private cloud server 108 . At the back end of the LAN 105 , there are smart device clients 109 , 110 and 111 . These smart device clients can be a personal computer, laptop, tablet, e-book reader, GPS, smart TV, set-top box, MP3 player or any embedded device with Internet access.

They are marked as 101, 106, 107, 109, 110 and 111 in the cloud network architecture. Any of the smart device clients mentioned above can be replaced arbitrarily herein. The following will illustrate with a representative smart device client 109 .

Physically speaking, there are three situations in which the smart device client 101 , 107 or 109 is connected to the private cloud server 108 . First, the smart device client 107 judges whether the target is located in the accessible area of the LAN 104 , and decides to directly connect to the private cloud server 108 . Second, the smart device client 101 determines that the target is not located in the accessible area of the LAN 104, and decides to connect to the public cloud 100 via the WAN. The WAN can detect the location of the router 102 and the LAN 104 , and then connect to the private cloud server 108 . Third, the smart device client 109 judges that the target is not placed in the accessible area of the LAN 105, and decides to connect to the public cloud 100 in the WAN through the LAN 105 and the router 103.

The smart device client 109 then discovers the location of the router 102 and the local area network 104 and connects to the private cloud server 108 . The above-mentioned first case and the second case are two derived special cases of the above-mentioned third case. Therefore, a third case of wider scope and complexity of application is beneficial.

The routing server message box (not shown) or the client message box 215 can be hosted on an email server, a text message server, a web server, or any type of server that It can host a server (PCRS 208 and Private Cloud Callback Server (hereinafter referred to as "PCCBS") 216) and a client (smart device clients 206, 207, 209, 210, 211, 201 and 221) A secure message for information exchange between The callback server message box (not shown) or the client message box_S (Client Message Box Message_box_S) 215 is accessible, and in a server (PCRS 208 and PCCBS 216) and a client (intelligent device clients 206, 207, 209, 210, 211, 201 and 221) under the security and private control. The security and business model of the message box have been fully understood and expected by users in the industry. When a message box goes down for whatever reason, it can be replaced or redeployed immediately without compromising communication between servers and clients in the private cloud architecture.

The first embodiment of the present invention is a cloud network infrastructure, which is depicted in FIG. 2 . In this embodiment, the secure connection mechanism between PCRS, PCCBS and smart device client is used for the discovery and access of private network services across public clouds. In the mechanisms disclosed in FIGS. 5 to 15 , the smart device clients 201 , 211 and 221 locate the PCRS 208 through the communication paths 222 , 224 and 223 respectively. In addition, PCRS 208 and PCCBS 216 construct a virtual area network (VLAN) 240 and a virtual area network 2400, which allow authorized smart device clients 201, 211 and 221 to join the virtual area network 240 and the virtual area network Road 2400 as a member. The smart device client 201 can act as a host through the installed program to initiate a private and secure communication. The installed program on the smart device client 201 or 221 can be used as a guest to receive the communication invitation and join the private and secure communication session with the smart device client 201 .

As shown in FIG. 2 , when the smart device client 201 as a host wants to start a communication session, the program installed on the smart device client as the host first locates and logs into the PCCBS 216 through the communication path 222 . After the PCCBS 216 locates to the PCRS 208, it joins the virtual area network 240. The smart device client as the host 201 promises to join the chat communication. The program allows the smart device client to create and host a communication session. The program broadcasts the host chat to invite communication visitors 221 . Next, the program starts scanning for identifiable visitors. Once the visitor's identity is authenticated, the smart device client 201 can act as a host to communicate privately and securely with the authenticated visitor (smart device client) 221 . This private and secure communication includes video, voice, text and application communication. The application communication can be a program recognized by both the host and the guest, a utility program (hereinafter referred to as Utility), an operation or a remote desktop.

If the smart device client 211 or 221 as a guest wants to join a communication session, the program installed on the guest (smart device client) first locates and logs into the PCCBS 216 through the communication path 224 or 223 respectively. After the PCCBS 216 locates to the PCRS 208, it joins the virtual area network 240 under the server. The smart device client acts as the client committing to join the chat communication. The program waits for a communication invitation. Once it receives the communication invitation, the smart device client 211 or 221 can join a communication session as a guest. Next, the program starts scanning for identifiable visitors. After the program recognizes the host, it performs the communication login verification prompted by the host. Once authenticated, the smart device client can join the communication session. The smart device client 211 or 221 performs private and secure communication with the host (smart device client) 201 as a guest. This private and secure communication includes video, voice, text and application communication. The application communication can be a program, utility, operation or remote desktop recognized by both the host and the guest.

In another embodiment of the present invention, the smart device client can establish a private and secure communication with any service, as long as it is in the physical area network 250 or the virtual area network 240 and virtual area under PCRS and PCCBS Any service that the network 2400 can reach. As shown in FIG. 2, once the smart device client 201, 211 or 221 is located and logged into the PCCBS 216, it can access the virtual area network under the physical area network 250, 260 or PCRS and PCCBS through the communication path 225 240 and the private network service 228 reachable by the virtual area network 2400. The private network services include voice, video content, live or archived information, application execution, social media, messaging, email, storage media, backup, calendar, contacts, simultaneous video, sharing, remote desktop And the Internet of Things (IoT) and so on.

In some embodiments, the communication path 225 between the PCRS, the PCCBS, and the smart device client may include the following complex set of commands: 1. Initialize and provision a PCRS (by the administrator from the local network of the PCRS). 2. Initialize and provision a PCCBS (by the administrator from the PCCBS's WAN). 3. Create a PCRS client (via the PCRS administrator from the LAN). 4. Register to a PCCBS (via the PCCBS client from the WAN). 5. Connect to a PCCBS (via the PCCBS server client from the WAN). 6. View a PCCBS client (via a system administrator from the PCCBS's WAN). 7. Reset a PCCBS peer-to-peer password and status (via system administrator from the PCCBS's WAN). 8. Modify a PCCBS point-to-point password and status (through the PCCBS client from the WAN and through a VPN).

Many kinds of entities are introduced as the secure communication channel 225, including but not limited to: System Administrator, Administrator Device, PCRS Utility, PCCBS Utility, PCRS Device Client, PCCBS Device Client, Invitee, Invitee Device . These entities are defined below. Utility refers to the utility program running in the PCRS. The administrator device refers to the device used by the system administrator to configure the PCRS. A PCRS device client refers to a device that an invitee uses to communicate with the PCRS. An invitee refers to an invited entity that accesses the services and resources of the PCRS through an administrator. The invitee device refers to a smart device client used by the invitee to communicate with the PCRS.

Many related terms are introduced, including: access code (Access_Code), code expiration time (Code_Expiration), invitee address (Address_Invitee), PCRS client address (Address_PCRS_Client), PCRS client point-to-point hash password ( Hash_Password_PCRS_P2P), the expiration time of the PCRS point-to-point password (Password_PCRS_P2P_Expiration), and the status of the PCRS client database (Status in PCRS Client database). These terms are defined below. Access_Code refers to an invitee access code sent by the PCRS via the message box 216 by the administrator. Code_Expiration refers to the expiration date/time of the access code for security purposes. Address_Invitee refers to the address of the invitee's message box. Address_PCRS_Client refers to the message box address of the PCRS client, which may be different from the message box address of the invitee. Hash_Password_PCRS_P2P refers to a hash password used for peer-to-peer communication with the PCRS, which is stored in the PCRS client database (PCRS Client database), and based on security considerations, the actual hash password is never stored in the PCRS middle. Password_PCRS_P2P_Expiration refers to the expiration time of Hash_Password_PCRS_P2P. Status in PCRS Client database refers to the status of the PCRS client recorded in the PCRS Client database as being in service, not in service or deleted.

In addition, other terms unrelated to the PCRS client database include: PCRS address (Address_PCRS), PCRS password (Password_PCRS), PCRS client password (Password_PCRS_Client), and virtual LAN subnet (Virtual LAN subnet). These terms are defined below. Address_PCRS and Password_PCRS are message box accounts used to configure the PCRS, which are only used once during initialization and preparation of the PCRS, and are not stored for security purposes. Address_PCRS_Client and Password_PCRS_Client are used to configure the message box account of the PCRS client, which are only used once during the creation of the PCRS client in the database. Although Address_PCRS_Client is stored in the database, Password_PCRS_Client is never stored for security purposes. Virtual LAN subnet refers to a VPN subnet, which is configurable and modifiable for security purposes.

As shown in FIG. 2 , the PCRS 208 includes a PCRS_Utility 270 , which further includes a PCRS client database (PCRS Client database) 271 and a router server message box Utility 272 . The PCRS Client database 271 contains registration lists of PCRS clients. The router server message box Utility 272 can communicate with the callback server message box (not shown).

The administrator device 273 is a smart device client 207, which includes a PCRS application program Utility (PCRS_App) 274, which also includes a PCRS server database (PCRS Server database) 275 and a client message box Utility 276 . PCRS Server database 275 contains PCRS registration lists. The client message box Utility 276 can communicate with the client message box 215 .

The PCCBS device client 201 is a smart device client, which includes a PCCBS application program Utility (PCCBS_App) 278, which also includes a PCCBS server database (PCCBS Server database) 279 and a client message box Utility ( Client Message Box utility) 280. PCCBS Server database 279 contains the PCCBS registration list. The message box utility (Message Box utility) 280 can communicate with the message box 215 of the client.

The invitee device (Invitee Device) 281 is a smart device client 221 , which includes a client message box utility (Client Message Box utility) 282 . The client message box utility 282 can communicate with the client message box 215 . As shown in FIG. 5 , the system administrator uses the PCRS_App 274 from the administrator device 207 to initialize and provision the PCRS 208 . Both the administrator device 207 and the PCRS 208 are located on the physical area network 204 and are configured for security purposes to avoid hacker attacks on the Internet or the WAN. First, the system administrator configures the authentication of the PCRS message box by setting its account name and password. Afterwards, the identity verification of the PCRS message box is sent to the PCRS Utility 270 in the PCRS 208 .

The PCCBS 216 includes a PCCBS Utility 2700 , which further includes a PCCBS Client database (PCCBS Client database) 2710 and a Routing Server Message Box Utility (Routing Server Message Box utility) 2720 . PCCBS Client database 2710 contains registration lists of PCCBS clients. The message box utility 2720 can communicate with the callback server message box (not shown). As shown in FIG. 6, the system administrator 277 also uses the PPCBS_App 278 to create a PCCBS client account. The system administrator 277 is a PCCBS device client 201, which sets the invitee notification address in the PCCBS_Device_App (marked as 605). Then, PCCBS is required to transmit the connection invitation to the callback server message box (not shown) through the callback server message box Utility 2720, and finally send it to the invitee device 281 through the client message box 215. The invitee device 281 is the message box Utility 282 at the user end. It should be noted that both the callback server message box and the client message box 215 are hosted in the message box server. For example: email server, web server and messaging server. In addition, logically, the callback server message box and the client message box 215 can be the same or different. After the invitee receives the invitation (marked as 620 ), he retrieves the PCCBS_Device_App from the PPCBS_App link (marked as 621 ), and installs the PPCBS_App on the expected PCCBS device client 201 . The invitee device 281 is not required to be on the same physical device as the PCCBS device client 201 . The system administrator must know the address of the invitee's message box (marked as 605) to send the invitation.

As shown in FIG. 7 , on the intended PCCBS device client 201 , the invitee launches the PCCBS_Device_App (denoted as 700 ) and registers to the PCCBS (denoted as 701 ). At this time, the role of the invitee is changed to be the PCCBS client on the PCCBS device client 201 . Afterwards, the PCCBS client configures the identity verification of its client message box by setting the account name and password, and registers the identity verification to the client message box 215 . Next, the previously received Address_PCCBS and Access_Code are retrieved from the invitee device 281 and sent to the PCCBS via 740 (denoted as 710 ) together with the client messaging account Address_PCCBS_Client. After being authenticated by the PCCBS Utility 2700 in the PCCBS 216, a set of peer-to-peer connection authentication 714 including Password_PCCBS_P2P is generated. The actual password is sent to the invitee device 281 via the client message box 215 . The hash password is stored in the PCCBS Client database (PCCBS Client database) together with the identity verification of other clients. For security reasons, the actual user end-to-point passwords are never stored in the PCCBS 216 . However, this hash value is stored for comparison in authentication 716 . Once the PCCBS device client 201 receives its confirmation of registration 707 from the PCCBS 216 , it will record the Address_PCCBS of the PCCBS in the PCCBS server database 279 in the PCCBS_Device_App 278 .

As shown in Figures 6, 9 and 10, PCCBS_Device_App provides the following four instructions for the administrator device: Initialize and Provision, Create a Client, View PCCBS Client And reset PCCBS P2P Password/Edit Attributes (Reset PCCBS P2P Password/Edit Attributes). Whenever an administrator operates, access to the PCCBS is only allowed from the PCCBS virtual area network (physical or virtual) for security reasons. Due to restrictions on access, the setting and configuration of the PCCBS are only performed on the PCCBS virtual area network to avoid network traffic monitoring and hacker attacks.

As shown in Figures 7, 8 and 11, PCCBS_Device_App provides the following three commands for the PCCBS client: "Register to a PCCBS (Register to a PCCBS)", "Change P2P Password" and "Connect to PCCBS ( Connect to PCCBS)". As shown in Figure 7, regarding the "Register to a PCCBS (Register to a PCCBS)" command, the PCCBS client can run the PCCBS_Device_App and connect to the PCCBS Utility from the WAN or the PCCBS virtual network, because the PCCBS client is used for The communication exchange between the PCCBS Utility of Register to a PCCBS is through the client message box 215 and the callback server message box (not shown). As shown in Figure 11, regarding the "Change P2P Password" command, for security reasons, after the WAN is securely connected to the VPN, the PCCBS device client must run the PCCBS_Device_App on the PCCBS virtual network, because the P2P password is only Can be reset on PCCBS virtual network. The only way for PCCBS device clients to connect to the PCCBS virtual network is through a secure VPN. As shown in FIG. 8 , regarding the “Connect to PCCBS” command, the PCCBS device client has not yet connected to the PCCBS from the WAN or the PCCBS virtual network. A secure and private connection between the PCCBS device client and the PCCBS is a condition of this command when running the PCCBS_Device_App. The PCCBS 216 acts as a middleman to relay the communication between the smart device clients 201 , 211 , 221 and the PCRS 218 . It will call back the PCRS according to the request of the smart device client.

Fig. 3 illustrates a second embodiment of the present invention. Similar to the method disclosed in FIG. 2 , the PCRS 208 is connected to the router (Router_P) 202 of the LAN, wherein the PCRS 308 is connected to the router (Router_P) 302 of the LAN. The PCRS 308 can also be connected to a downstream PVM 360 . A private network service 336 and a smart device client 335 are connected downlink. Private network service 336 is accessible through communication path 326 and connectable to PCRS 308 through local area network 334 . As long as the PCCBS316 is passed, the virtual area network 340 and the physical area network 350 and 360 can be explored and accessed across the cloud by the smart device clients 311, 309, 301, 321, 306 and 335, and the PCRS 308, private Both web services 328, 336 and smart device clients 306, 335 become accessible.

Fig. 3 illustrates a third embodiment of the present invention. PCRS 408 is connected to the cloud and has a public IP (public_IP_P) 417 . The PCRS 408 is also connected to a downstream PAN 460 . A private network service 436 and a smart device client 435 are connected downlink. Private network service 436 is accessible through communication path 426 and connectable to PCRS 408 through local area network 434 . As long as the PCCBS416 is passed, the virtual area network 440 and the physical area network 450 and 460 can be explored and accessed across the cloud by the smart device clients 411, 410, 409, 401, 421 and 435, and the PCRS 408, private Both web service 436 and smart device client 435 become accessible.

FIG. 5 illustrates a flowchart of communication by a PCRS administrator to initialize and prepare the PCRS according to the present invention. As shown in FIG. 5 , from the perspective of a PCRS administrator device (PCRS Admin Device), in step 500, the PCRS administrator device is connected to the PCRS network on the local area network. In step 501, the PCRS_Device_App is opened on the PCRS LAN. In step 502, PCRS Address_PCRS on the LAN is detected and selected. In step 503, select the "Initialize and Provision" command on the PCRS_Device_App. In step 504, set the address (Address_PCRS) and password (Password_PCRS) as the identity of the PCRS. In step 505, use the identity authentication of the administrator (Initialize and Provision, Admin_name, Admin_password, Address_PCRS, Password_PCRS) to log in to PCRS. At step 540, the identity verification is sent to the PCRS Utility (designated 510). In step 506, the administrator waits for PCRS verification. In step 507, configure the subnet and PCRS App link of the virtual area network. In step 542, the PCRS Utility (designated as 514) is sent. In step 508, if necessary, use the PCRS as a client to join the existing AP router. At step 543, this information is sent to the PCRS Utility (designated 516).

In step 510, from the perspective of PCRS Utility, the identity verification (Initialize and Provision, Admin_name, Admin_password, Address_PCRS, Password_PCRS) of the PCRS administrator (PCRS Admin) is accepted. In step 511 , verify the identity of the administrator (Admin_name, Admin_password). In step 541, the identity verification (Address_PCRS, Password_PCRS) is sent to the administrator device (designated 506). In step 512, the identity verification (Address_PCRS, Password_PCRS) is stored as the identity of the PCRS. In step 513, the identity verification (Address_PCRS, Password_PCRS) is registered to the router server message box. In step 514, the virtual area network subnet and the PCRS App link are stored. In step 515, a PCRS_Profile file is generated and saved, which includes interface protocols, certificates and keys. In step 516, join the existing AP router as a client if necessary.

FIG. 6 illustrates a flow chart of creating a client communication for PCCBS through a PCRS administrator (PCCBS Admin) according to the present invention. From the perspective of the PCRS administrator device 201 (PCCBS Admin Device 201 ), firstly, at step 600 , the PCCBS_Device_App is opened on the WAN. In step 601, the PCCBS 216 at Address_PCCBS is detected and selected. In step 602, select the "Create a Client" command on the PCCBS_Device_App. In step 603, the invitee notification address Address_Invitee is set. In step 604 , log in to PCCBS 216 using the administrator's authentication (Create a Client, Admin_name, Admin_password, Address_Invitee). In step 640, the identity verification is sent to PCCBS_Device Utility. At step 605, the system administrator 277 waits for PCCBS verification.

In step 610, from the perspective of the PCCBS device Utility, first accept the identity verification (Create a Client, Admin_name, Admin_password, Address_Invitee) of the PCCBS administrator (PCCBS Admin). In step 611 , verify the identity of the administrator (Admin_name, Admin_password). In step 641, the identity verification is sent to the administrator device. In step 612, an Access_Code is generated, and its Code_Expiration is generated. In step 613, the Access_Code, Code_Expiration, and Address_Invitee are stored in the items (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_Device_Client, Hash_Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Stus, and Password_PCCBS_Device_P2P_Stus) of the PCCBS device client database (PCCBS_Device Client database). In step 614, an invitation is sent to the invitee notification address Address_Invitee, which includes the PCCBS_Device application link, Address_PCCBS_Device, Access_Code and Code_Expiration. At step 642, it is sent to the invitees (indicated as 620).

From the perspective of the invitee device (Invitee Device), at step 620, the invitation for Address_Invitee, PCCBS_Device app link, Address_PCCBS_Device, Access_Code and Code_Expiration is accepted. In step 621, retrieve the PCCBS_Device_App from the PCCBS_Device app link. In step 622 , install the PCCBS_Device_App on the PCCBS device client 201 , 209 , 210 or 211 .

FIG. 7 illustrates a communication flow chart of a PCCBS device client (PCCBS Device Client) registering to PCCBS according to the present invention. From the point of view of the PCCBS device client, in step 700, the PCCBS_Device_App is opened on the WAN or the PCRS LAN. In step 701, if necessary, create a PCCBS device client address (Address_PCCBS_Device_Client) (not shown), and then select the "Register a PCCBS (Register a Private Cloud Call-Back Server)" command on the PCCBS_Device_App. In step 702, if the PCCBS device client has not been configured, Address_PCCBS_Device_Client and Password_PCCBS_Device_Client are set. In addition, in step 702, Password_PCCBS_Device_P2P is the message box password related to the address of the message box (not shown) of the client of Address_PCCBS_Device_Client used for peer-to-peer communication, and Address_PCCBS_Device_Client and Password_PCCBS_Device_Client are registered to the client message box. In step 703, Address_PCCBS_Device and Access_Code are retrieved from the invitee. The information is initially received by the invitee device (designated 620).

Next, in step 704, the Address_PCCBS_Device, Access_Code and the identity verification of the client (Register a Private Cloud Call-Back Server, Address_PCCBS_Device, Address_PCCBS_Device_Client, Access_Code) are sent to the PCCBS through the client message box. At step 740, the Address_PCCBS_Device and Access_Code are sent to the PCCBS device (designated 710). In step 705, the PCCBS device UE waits for PCCBS verification through the UE message box. In step 706, the PCCBS device UE waits for confirmation of PCCBS registration completion through the UE message box. In step 707, if this is a new item, register the Address_PCCBS_Device item in the PCCBS Device Server database (PCCBS_Device Server database) on the PCCBS_Device_App.

In step 710, from the perspective of PCCBS_Device Utility, accept the identity verification of the PCCBS device client (Register a Private Cloud Call-Back Server, Address_PCCBS_Device, Address_PCCBS_Device_Client and Access_Code). In step 711, verification is performed to check whether the Address_PCCBS_Device_Client is in the PCCBS device client database (PCCBS_Device Client database). If yes, the PCCBS device client address (Address_PCCBS_Device_Client) and PCCBS device address (Address_PCCBS_Device) specified by the invitee are confirmed (marked as 719 ), and then returns. If not, the Access_Code is verified (marked as 712); in step 713, the Code_Expiration on the Access_Code is verified in the PCCBS_Device Client database. In step 741 , the Code_Expiration on the Access_Code is sent to the PCCBS device client (denoted as 705 ). In step 714, Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration and Status and related Access_Code, Code_Expiration, Address_Invitee and Address_PCCBS_Device_Client are generated. In step 715, the hash value of Password_PCCBS_Device_P2P is saved as Hash_Password_PCCBS_Device_P2P.於步驟716，將Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status儲存至PCCBS_Device Client database的項目（Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status）中。 In step 717, the Password_PCCBS_Device_P2P is sent to the invitee notification address Address_Invitee. In step 743, the Password_PCCBS_Device_P2P is sent to the invitee (marked as 720); in step 718, the Password_PCCBS_Device_P2P is cleared. In step 719, the PCCBS device client address (Address_PCCBS_Device_Client) and PCCBS device address (Address_PCCBS_Device) specified by the invitee are confirmed. In step 744, send the PCCBS device client address specified by the invitee to the PCCBS device client (marked as 706); in step 720, accept Password_PCCBS_Device_P2P from the perspective of the invitee device, and save it for future use use.

FIG. 8 illustrates a communication flow chart of a PCCBS device UE connecting to a PCCBS according to the present invention. From the point of view of the PCCBS device client, at step 800, the PCCBS_VPN_App is opened on the WAN. In step 801, an Address_PCCBS_VPN is selected from the registered PCCBS VPN database (PCCBS_VPN database). In step 802, select the command "Connect to PCCBS_VPN (Connect to PCCBS_VPN)" on the PCCBS_VPN_App. In step 803, the P2P connection request is sent to Address_PCCBS_VPN. In step 840, the point-to-point connection request is sent to PCCBS_VPN Utility (designated as 810). In step 804, the peer-to-peer negotiation is initiated using the Address_PCCBS_VPN_Client to communicate with the PCCBS_VPN at the Address_PCCBS_VPN. In step 841 , the PCCBS device client communicates with the PCCBS_VPN Utility (marked as 811 ). In step 805, accept the PCCBS_VPN_Profile to initiate the smart VPN connection with the PCCBS_VPN at the Address_PCCBS_VPN. In step 806, a point-to-point connection between the PCCBS_VPN and the device client is established. In step 843, the PCCBS device client communicates with the PCCBS_VPN Utility (marked as 813). In step 807 , log in to PCCBS_VPN using the identity authentication of the client (Connect to PCCBS_VPN, Address_PCCBS_VPN, Address_PCCBS_VPN_Client and Password_PCCBS_VPN_P2P). In step 844, the authentication of the client is sent to PCCBS_VPN Utility (designated as 814). In step 808, the PCCBS device UE waits for authentication. In step 809, secure peer-to-peer communication is initiated. In step 846, the PCCBS device client communicates with the PCCBS_VPN Utility (marked as 817). In step 820, the PCCBS device client securely connects to the VPN located in the PCCBS_VPN.

From the perspective of PCCBS_VPN Utility, at step 810, the point-to-point connection request from Address_PCCBS_VPN_Client is accepted. In step 811, the point-to-point negotiation starts using Address_PCCBS_VPN to communicate with the PCCBS_VPN Client located at Address_PCCBS_VPN_Client. In step 841 , the PCCBS_VPN Utility communicates with the PCCBS device client (marked as 804 ). In step 812, the PCCBS_VPN_Profile is sent to the Address_PCCBS_VPN_Client to activate the smart VPN connection. In step 842, the PCCBS_VPN_Profile is sent to the PCCBS device client (marked as 805). In step 813, a point-to-point connection between the PCCBS_VPN and the device client is established. In step 843, the PCCBS_VPN Utility communicates with the PCCBS device client (marked as 806). In step 814, accept the identity authentication of the PCCBS_VPN client (Connect to PCCBS_VPN, Address_PCCBS_VPN, Address_PCCBS_VPN_Client and Password_PCCBS_VPN_P2P). In step 815 , retrieve the item list (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_VPN_Client, Hash_Password_PCCBS_VPN_P2P, Password_PCCBS_VPN_P2P_Expiration and Status) based on the Address_PCCBS_VPN_Client of the PCCBS VPN client database (PCCBS_VPN Client database). In step 816, the existing peer-to-peer (P2P) password is verified by checking whether the hash value matches the Hash_Password_PCCBS_VPN_P2P entry of the Address_PCCBS_VPN_Client based on the PCCBS_VPN Client database. At step 845, the existing peer-to-peer (P2P) password is transmitted to the PCCBS device client (designated 808). In step 817, secure peer-to-peer communication is initiated. In step 846, the PCCBS_VPN Utility communicates with the PCCBS device client (marked as 809). In step 818, the PCCBS_VPN Utility calls back to the PCRS and initiates peer-to-peer communication with the PCRS. At step 847, the PCCBS device client securely connects to the VPN on the PCRS (denoted as 820). In step 819, the PCCBS_VPN Utility establishes a point-to-point communication channel between the PCRS device client and the PCCBS device client or another PCCBS device client. In step 848, the PCCBS device UE starts to connect to the PCRS device UE or another PCCBS device UE (indicated as 821).

FIG. 9 illustrates a flow chart of the PCCBS administrator checking the communication of the PCCBS client according to the present invention. From the point of view of the administrator device, at step 900, the PCCBS_Device_App is opened on the WAN. In step 901, an Address_PCCBS_Device is selected from the registered PCCBS device database (PCCBS_Device database). In step 902, select the "View PCCBS_Device Client" command on the PCCBS_Device_App. In step 903, a viewing item of the PCCBS_Device Client database is selected as a viewing index. In step 904, log in to PCCBS using the identity authentication of the administrator (View PCCBS_Device Client, Admin_name, Admin_password and View entry). At step 940, the authentication is sent to the PCCBS_Device Utility (designated 910). In step 905, the administrator device waits for PCCBS authentication. In step 906 , a list of items (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_Device_Client, Hash_Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration, and Status) of the PCCBS_Device Client database is displayed based on the lookup index.

In step 910, from the perspective of PCCBS_Device Utility, accept the identity verification of the PCCBS_Device client (View PCCBS_Device Client, Admin_name, Admin_password and View entry). In step 911, verify the identity of the administrator (Admin_name, Admin_password). In step 941, the administrator's identity verification is sent to the administrator's device (denoted as 905). In step 912 , use the checked item as the lookup index to make a reply from the item list (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_Device_Client, Hash_Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration, and Status) of the PCCBS_Device Client database based on the lookup index. At step 942, the reply is sent to the administrator device (designated 906).

FIG. 10 illustrates a flow chart of the PCCBS administrator's communication for resetting the P2P password and editing the attributes for the PCCBS device client according to the present invention. From the perspective of the administrator device, at step 1000, the PCCBS_Device_App is opened on the WAN. In step 1001, an Address_PCCBS_Device is selected from the registered PCCBS device database (PCCBS_Device database). In step 1002, select the "Reset P2P Password" or "Edit Attributes" command in the PCCBS_Device_App. In step 1003, the invitee notification address Address_Invitee is input as a lookup index. In step 1004, log in to the PCCBS using the administrator's authentication (Reset P2P Password/Edit Attributes, Admin_name, Admin_password, and Address_Invitee). In step 1040, the authentication of the administrator is sent to PCCBS_Device Utility (denoted as 1010). In step 1005, the administrator device waits for PCCBS device authentication. In step 1006, a list of items (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_Device_Client, Hash_Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration and Status) is displayed based on the Address_Invitee of the PCCBS_Device Client database. In step 1007, if the "reset peer-to-peer password" command is selected, the administrator device waits for completion. In step 1008, if the "edit attribute" command is selected, the attribute can be edited as required. Wherein, the attribute includes the state of the PCCBS device client (Active, Inactive, Deleted), the subnet of the virtual area network and the PPCBS_App link, but not limited thereto. In step 1044, the attribute is sent to PCCBS_Device Utility (designated 1017).

From the perspective of PCCBS_Device Utility, in step 1010, accept the identity verification of the PCCBS administrator (P2P Password/edit attribute, Admin_name, Admin_password and Address_Invitee). In step 1011, verify the identity of the administrator (Admin_name, Admin_password). In step 1041, the PCCBS administrator's identity verification is sent to the administrator's device (denoted as 1005). In step 1012, address_Invitee is used as the lookup index, and a reply and Status are made based on the Address_Invite item list (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_Device_Client, Hash_Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration) in the PCCBS_Device Client database. At step 1042, the reply is sent to PCCBS_Device Utility (designated 1006). In step 1013, if the "reset peer-to-peer password" command is selected. In step 1014, a new Password_PCCBS_Device_P2P is generated, and the password_PCCBS_Device_P2P hash value located in Hash_Password_PCCBS_Device_P2P is stored. In step 1043, the new Password_PCCBS_Device_P2P is sent to the administrator device (designated 1007). In step 1015, the Access_Code and Password_PCCBS_Device_P2P are sent to the invitee notification address Address_Invitee, and the Password_PCCBS_Device_P2P is cleared. In step 1045, the Access_Code, Password_PCCBS_Device_P2P is sent to the invitee (marked as 1020). In step 1016, if the "Edit Attribute" command is selected. In step 1017, the edited attribute is accepted and stored in the PCCBS device (PCCBS_Device).

From the perspective of the invitee's device, in step 1020, the invitee notifies the address Address_Invitee to accept the Access_Code and Password_PCCBS_Device_P2P.

FIG. 11 illustrates a flow chart of the PCCBS Device Client modifying the point-to-point password of the PCCBS Device Client according to the present invention. From the perspective of the PCCBS device client, in step 1100, after establishing a secure VPN connection from the WAN, the PCCBS_Device_App is opened on the WAN. In step 1101, an Address_PCCBS_Device is selected from the registered PCCBS device database (PCCBS_Device database). In step 1102, select the "Change P2P Password" command in the PCCBS_Device_App. In step 1103 , log in to PCCBS using the identity verification (Change P2P Password, Address_PCCBS_Device, Address_PCCBS_Device_Client and Password_PCCBS_Device_P2P) of the client. In step 1140, the authentication of the client is sent to PCCBS_Device Utility (denoted as 1110). In step 1104, the PCCBS device UE waits for PCCBS device verification. At step 1105, a new peer-to-peer password is entered and re-entered until they match. At step 1142, the new password is sent to PCCBS_Device Utility (designated 1113).

From the perspective of PCCBS_Device Utility, in step 1110, accept the identity verification of the PCCBS device client (Change P2P Password, Address_PCCBS_Device, Address_PCCBS_Device_Client and Password_PCCBS_Device_P2P). In step 1111 , retrieve the Hash_Password_PCCBS_Device_P2P item based on the Address_PCCBS_Device_Client of the PCCBS_Device Client database.於步驟1112，透過檢查該雜湊值是否與基於該PCCBS_Device Client database的Address_PCCBS_Device_Client的Hash_Password_PCCBS_Device_P2P項目（Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status）相匹配，以驗證現有的點對點密碼。 In step 1141, the existing P2P password is sent to PCCBS Device Client (marked as 1104). In step 1113, accept the new peer-to-peer password Password_PCCBS_Device_P2P. In step 1114, the new peer-to-peer password is hashed into Hash_Password_PCCBS_Device_P2P. In step 1115, Hash_Password_PCCBS_Password_PCCBS_Password_Client (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_Device_Client, Hash_Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration and Status) of the PCCBS_Device Client database is updated. Clear the peer-to-peer password Password_PCCBS_Device_P2P.

FIG. 12 exemplifies the flow chart of the communication between the device client (Device Client 1 ) 1 and the device client (Device Client 2 ) 2 via a point-to-point connection mechanism in a cloud Internet (prior art). The device client 1 and the device client 2 on the cloud network can communicate with each other through a public routing server (Public Routing Server) 112 or a public VPN routing server (Public VPN Routing Server) 114 . First, the device client 1 application program (Device Client1 App) (marked as 1201) uses its IP address and The performance of the communication port is registered to the Public VPN Routing Server Utility (Public VPN Routing Server Utility) (marked as 1200), and the Device Client1 App, IP address and communication port remain active with the routing server (marked as 1203). Then, the application program (Device Client1 App) (marked as 1201) of the device client 1 requires the Public VPN Routing Server Utility 1200 to connect to the device client 2 (marked as 1204); the Public VPN Routing Server Utility (marked as 1200) connects the device Client 1 notifies Device Client 2 (marked as 1205) of the IP address and communication port performance of the TCP/UDP protocol and its connection intention; the device Client 2 application (Device Client2 App) (marked as 1202) uses its Register to reply to Public VPN Routing Server Utility (marked as 1200), wherein the registration includes the IP address and communication port performance of the TCP/UDP protocol, and the IP address and communication port performance of the device client 2 are connected with Public VPN Routing Server Utility (marked as 1200) connection, while keeping active (marked as 1206); Public VPN Routing Server Utility (marked as 1200) will install client 2's IP address and communication port performance response in TCP/UDP protocol To the device client 1 (marked as 1207); after the device client 1 receives the IP address of the device client 2 in the TCP/UDP protocol and the performance of the communication port, the Device Client1 App (marked as 1201) passes the device client 2 The firewall of Device Client2 App (marked as 1208) began to penetrate (marked as 1208); Device Client2 App (marked as 1202) also began to punch through the firewall of Device Client 1 (marked as 1209); finally, both sides of the firewall were pierced, and Device Client 1 and Device The peer-to-peer communication (marked as 1210 ) starts between the client terminals 2 . It should be noted that if there is no Public VPN Routing Server, it is impossible to have a connection mechanism between Routing Server Utility and Device Client 1 or Device Client 2, and the basic flow of the connection mechanism must depend on Public VPN Routing Server.

Fig. 13 illustrates a flow chart of communication between PCRS and PCCBS via a point-to-point connection mechanism over a cloud Internet (prior art). As shown in Figure 13, according to the device client through the cloud network of the present invention, it does not need a public VPN routing server (Public VPN Routing Server) to connect and access to another device client or under the server Internet service. The device client 1 and the PCCBS on the cloud network can communicate with each other without going through a public routing server 112 or a public VPN routing server 114 . The application program (Device Client1 App) (marked as 1301) of the device client 1 requests to be connected to the PCRS Utility (server part) (marked as 1300 ) through the client message box 215, and as shown in FIG. 8 , the PCRS Utility has The performance of IP address and communication port in TCP/UDP protocol. PCRS Device Client1 App, IP address and port remain active with PCRS Utility (marked as 1303); PCRS Utility (server part) receives registration by calling back server message box (not shown); through user Terminal message box 215, the PCRS device client 1 requires PCRS Utility (server part) to be connected to PCRS Utility (client part) (marked as 1304); PCRS Utility (server part) 1300 passes the callback server message box (not As shown) receive the request, at 1305, and notify the PCRS Utility (the client part) (marked as 1302 ) of the IP address and communication port performance of the PCRS device client 1 in the TCP/UDP protocol and its connection intention; (the client part) (marked as 1302 ) replies to the PCRS Utility (server part) (marked as 1300 ) with its registration, wherein the registration includes the IP address and the performance of the communication port in the TCP/UDP protocol. The IP address and communication port capabilities of the device client 2 are kept active through the connection with the PCRS Utility (server part) (labeled 1300). PCRS Utility (server part) (marked as 1300) responds to Device Client1 App ( marked as 1301). After receiving the IP address of the PCRS Utility (the client part) in the TCP/UDP protocol and the performance of the communication port through the client message box 215, the PCRS Device Client1 App (marked as 1301) passes the PCRS Utility (the client part) The firewall begins to punch holes (marked as 1308). PCRS Utility (client part) (marked as 1302) also began to perforate through the firewall of PCRS Device Client1 (marked as 1309); finally, both sides of the firewall were perforated, PCRS Utility (client part) and PCRS Utility (client part) to start peer-to-peer communication (marked as 1310). All information exchange between PCRS Utility and PCRS Device Client 1 is through the callback server message box (not shown), not through a public routing server 212 or a public VPN routing server 214 . As shown in step 820, the PCRS Device Client1 can be securely connected to the VPN on the PCRS. PCRS Device Client1 can access any device client 206 or private network service 228 accessible under PCRS. As shown in FIG. 13 , other PCRS Device Clients 1 (201, 221, 209, 210 and 211) can connect to PCRS through the same connection mechanism. Once any pair of PCRS device clients (PCRS Device Clients) and PCCBS device clients (PCCBS Device Clients) are connected to the virtual private area networks 240 and 2400 of PCRS and PCCBS, they can be used for text, Private and secure communication by voice and video.

FIG. 14 illustrates a flow chart of communication between PCRS, PCCBS, PCRS Device Clients (PCRS Device Clients) and PCCBS Device Clients (PCCBS Device Clients) through a cloud Internet. According to the device client through cloud network of the present invention, it does not need a public cloud routing server to connect and access to PCCBS, PCCBS, another device client or another network service under the server. As shown in FIG. 14 , the PCRS on the device client 1 and the cloud network can communicate with each other without going through a public routing server 112 or a public VPN routing server 114 . As described in code 0 (marked as 1400 ) in FIG. 5 and FIG. 14 , firstly, through the PCRS Device Utility (marked as 1421 ), the PCCBS administrator device (marked as 1420 ) initializes and prepares the PCCBS (marked as 1428 ). Afterwards, the PCRS Utility (marked as 1421 ) transmits the internal messages of the PCCBS (marked as 1428 ) to the PCRS_VPN Utility (marked as 1422 ). Next, please refer to the code 1 (marked as 1401) in Figure 14 and Figure 15 to register the PCCBS registration message with the PCCBS VPN Utility (marked as 1423), which includes the performance of the IP address and communication port in the TCP/UDP protocol. As shown in FIG. 16 , a PCCBS tuple (Tuple) and a communication interface (Communication Socket) (marked as 1600 ) are also established. Through the connection with the PCCBS Utility (labeled 1401), the IP address and communication port capabilities of the device client 2 remain active. After registration, PCRS_VPN Utility connects to PCCBS_VPN (marked as 1602), and establishes a point-to-point communication channel between PCRS_VPN and PCCBS_VPN (marked as 1619). PCCBS_VPN Utility (marked as 1423 ) communicates with PCCBS_Device Utility (marked as 1424 ) through messages inside PCCBS (marked as 1427 ). Please refer to code 2 (marked as 1402 ) in FIG. 14 , the PCCBS_Device Utility keeps in a loop and waits for the request from the PCCBS device client. As shown in Figure 7, first PCCBS Device Client1 (marked as 1405) uses the IP address and communication port performance of the TCP/UDP protocol to register to PCCBS_Device Utility (marked as 1424); through PCCBS_Device Utility (marked as 1424) , PCCBS Device Client1, IP address and communication port remain active (please refer to the code 3-1 (marked as 1403) in Figure 7 and Figure 14). The PCCBS_Device Utility (marked as 1424 ) transmits the internal registration and connection requirements of the PCCBS (marked as 1427 ) to the PCCBS_VPN Utility (marked as 1423 ). As shown in Figure 8, after registration, PCCBS Device Client1 (marked as 1425) connects to PCCBS_VPN (please refer to step 802 in Figure 8), and connects PCCBS Device Client1 (marked as 1424) and PCCBS_VPN (please refer to step 817 in Figure 8) ) to establish a point-to-point communication channel. Please refer to the code number 5 (marked as 1405) and code number 7 (marked as 1407) in Figure 14 and step 818 in Figure 8, the PCCBS_VPN Utility (marked as 1423) calls back to the PCRS_VPN Utility (marked as 1422), so as to enter the PCCBS_VPN Utility (marked as 1422) Marked as 1423) and PCRS_VPN Utility (marked as 1422) to establish a point-to-point communication channel. When the callback action from PCCBS_VPN Utility (marked as 1423) to PCRS_VPN Utility (marked as 1422) is successful, a point-to-point communication channel is finally established between PCCBS_Device Client1 and PCRS_VPN, and then connected to PCRS Device Client2 (marked as 1426), or another A PCCBS device client 3 (PCCBS Device Client3) (marked as 1401), assuming that the PCCBS Device Client3 is also successfully connected to the PCCBS_VPN Utility (marked as 1423). FIG. 17 illustrates the callback action from PCCBS_VPN Utility to PCRS_VPN (please refer to step 818 in FIG. 8 ).

FIG. 15 illustrates a flow chart of communication of PCRS registration to PCCBS according to the present invention. From the perspective of PCRS, at step 1500, a PCCBS tuple and a communication interface are established. If necessary (not shown), create a PCCBS device client address (Address_PCCBS_Device_Client). Next, in step 1501, issue a "register a PCCBS (Register a Private Cloud Call-Back Server)" command. In step 1502, if the PCCBS_Device Client has not been configured, Address_PCCBS_Device_Client and Password_PCCBS_Device_Client are configured. Wherein, Password_PCCBS_Device_P2P is the message box password related to the address of the message box (not shown) of the client, and the message box address is used for point-to-point communication of Address_PCCBS_Device_Client. In step 1502, Address_PCCBS_Device_Client and Password_PCCBS_Device_Client are registered to the client message box. In step 1503, Address_PCCBS_Device and Access_Code are retrieved from the invitee. The information is initially received via invitee device 620 .

In step 1504, send Address_PCCBS_Device, Access_Code and client identity verification (Register a Private Cloud Call-Back Server, Address_PCCBS_Device, Address_PCCBS_Device_Client and Access_Code) to PCCBS through the client message box. At step 1540, the Address_PCCBS_Device and Access_Code are sent to the PCCBS (designated 1510). In step 1505, the PCRS waits for the verification of the PCCBS through the UE message box. In step 1506, the PCRS waits for the registration completion confirmation of the PCCBS through the UE message box. In step 1507, if it is a new item, register the Address_PCCBS_Device item in the PCCBS Device Server database (PCCBS_Device Server database) on the PCCBS_Device_App.

From the perspective of PCCBS_Device Utility, in step 1510, the identity verification (Register a Private Cloud Call-Back Server, Address_PCCBS_Device, Address_PCCBS_Device_Client and Access_Code) of the PCCBS device client (PCCBS_Device Client) is received. In step 1512, verification is performed to check whether the Address_PCCBS_Device_Client is in the PCCBS device client database (PCCBS_Device Client database). If yes, the PCCBS device client address (Address_PCCBS_Device_Client) and PCCBS device address (Address_PCCBS_Device) specified by the invitee are confirmed (marked as 1519 ), and then returns. If not, the Access_Code is verified (marked as 1512); at step 1513, the Code_Expiration on the Access_Code is verified in the PCCBS_Device Client database. In step 1541, the Code_Expiration on the Access_Code is sent to the PCCBS device client (denoted as 1505). In step 1514, Password_PCCBS_Device_P2P, Password_PCCBS_Device_P2P_Expiration and Status and related Access_Code, Code_Expiration, Address_Invitee and Address_PCCBS_Device_Client are generated. In step 1515, save the hash value of Password_PCCBS_Device_P2P as Hash_Password_PCCBS_Device_P2P.於步驟1516，將Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status儲存至PCCBS_Device Client database的項目（Access_Code、Code_Expiration、Address_Invitee、Address_PCCBS_Device_Client、Hash_Password_PCCBS_Device_P2P、Password_PCCBS_Device_P2P_Expiration及Status）中。 In step 1517, the Password_PCCBS_Device_P2P is sent to the PCRS message box. In step 1518, Password_PCCBS_Device_P2P is cleared. In step 1519, the PCCBS device client address (Address_PCCBS_Device_Client) and PCCBS device address (Address_PCCBS_Device) specified by the invitee are confirmed. In step 1544, the PCCBS device client address specified by the invitee is sent to the PCCBS device client (indicated as 1506). In step 1520, from the perspective of the invitee's device, the Password_PCCBS_Device_P2P is accepted and saved for future use.

FIG. 16 illustrates a flowchart of the communication of the PCRS connected to the PCCBS according to the present invention. From the perspective of PCRS, at step 1600, the PCCBS tuple and communication interface are established. In step 1601, an Address_PCCBS_VPN is selected from the registered PCCBS VPN database (PCCBS_VPN database). In step 1602, select the "Connect to PCCBS_VPN (Connect to PCCBS_VPN)" command in the PCCBS_VPN_App. In step 1603, send the P2P connection request to Address_PCCBS_VPN. In step 1640, the point-to-point connection request is sent to PCCBS_VPN Utility (indicated as 1610). Point-to-point negotiation starts using Address_PCCBS_VPN_Client to communicate with PCCBS_VPN at Address_PCCBS_VPN. In step 1641, PCCBS_VPN communicates with PCCBS_VPN Utility (marked as 1611). In step 1605, accept the PCCBS_VPN_Profile to initiate the smart VPN connection with PCCBS_VPN at Address_PCCBS_VPN. In step 1606, a point-to-point connection between the PCCBS_VPN and the device client is established. In step 1643, PCCBS_VPN communicates with PCCBS_VPN Utility (marked as 1613). In step 1607, log in to PCCBS_VPN by using the identity authentication of the client (Connect to PCCBS_VPN, Address_PCCBS_VPN, Address_PCCBS_VPN_Client and Password_PCCBS_VPN_P2P). In step 1644, the authentication of the client is sent to PCCBS_VPN Utility (designated as 1614). At step 1608, PCCBS_VPN waits for authentication. In step 1609, secure peer-to-peer communication starts. In step 1646, PCCBS_VPN communicates with PCCBS_VPN Utility (designated 1617). In step 1620, PCCBS_VPN securely connects to the VPN located in PCCBS_VPN.

From the point of view of PCCBS_VPN Utility, in step 1610, accept the point-to-point connection request from Address_PCCBS_VPN_Client. In step 1611, the point-to-point negotiation starts using Address_PCCBS_VPN to communicate with the PCCBS_VPN Client located at Address_PCCBS_VPN_Client. In step 1641, PCCBS_VPN Utility communicates with PCRS_VPN (marked as 1604). In step 1612, the PCCBS_VPN_Profile is sent to the Address_PCCBS_VPN_Client to activate the smart VPN connection. In step 1642, the PCCBS_VPN_Profile is sent to PCRS_VPN (designated 1605). In step 1613, a point-to-point connection between the PCCBS_VPN and the device client is established. In step 1643, PCCBS_VPN Utility communicates with PCCBS_VPN (designated as 1606). In step 1614, accept the identity authentication of the PCCBS_VPN client (Connect to PCCBS_VPN, Address_PCCBS_VPN, Address_PCCBS_VPN_Client and Password_PCCBS_VPN_P2P). In step 1615 , retrieve the item list (Access_Code, Code_Expiration, Address_Invitee, Address_PCCBS_VPN_Client, Hash_Password_PCCBS_VPN_P2P, Password_PCCBS_VPN_P2P_Expiration and Status) based on the Address_PCCBS_VPN_Client of the PCCBS VPN client database (PCCBS_VPN Client database). In step 1616, the existing peer-to-peer (P2P) password is verified by checking whether the hash value matches the Hash_Password_PCCBS_VPN_P2P entry of the Address_PCCBS_VPN_Client based on the PCCBS_VPN Client database. At step 1645, the existing peer-to-peer (P2P) password is sent to PCRS_VPN (designated 1608). In step 1617, secure peer-to-peer communication is initiated. In step 1646, PCCBS_VPN Utility communicates with PCRS_VPN (marked as 1609). In step 1619, PCCBS_VPN Utility establishes a point-to-point communication channel between PCRS_VPN and PCCBS_VPN. At step 1645, PCRS_VPN starts connecting to PCCBS_VPN (designated 1621).

FIG. 17 illustrates a flow chart of the PCCBS calling back to the PCRS communication according to the present invention. From the perspective of PCCBS, at step 1700, the PCCBS tuple and communication interface are established. In step 1701, an Address_PCRS_VPN is selected from the registered PCRS VPN database (PCRS_VPN database). In step 1702, select the command "Connect to PCRS_VPN (Connect to PCRS_VPN)" in the PCRS_VPN_App. In step 1703, the P2P connection request is sent to Address_PCRS_VPN. At step 1740, the point-to-point connection request is sent to PCRS_VPN Utility (designated as 1710). Point-to-point negotiation starts using Address_PCRS_VPN_Client to communicate with PCRS_VPN at Address_PCRS_VPN. In step 1741, PCRS_VPN communicates with PCRS_VPN Utility (marked as 1711). In step 1705, the PCRS_VPN_Profile is accepted to enable the smart VPN connection with PCRS_VPN at Address_PCRS_VPN. In step 1706, a point-to-point connection between the PCRS_VPN and the device client is established. In step 1743, PCRS_VPN communicates with PCRS_VPN Utility (marked as 1713). In step 1707, log in to the PCCBS_VPN using the identity authentication of the client (Connect to PCRS_VPN, Address_PCRS_VPN, Address_PCRS_VPN_Client and Password_PCRS_VPN_P2P). In step 1744, the authentication of the client is sent to PCRS_VPN Utility (designated as 1714). In step 1708, PCRS_VPN waits for authentication. In step 1709, secure peer-to-peer communication starts. In step 1746, PCRS_VPN communicates with PCRS_VPN Utility (designated 1717). PCCBS_VPN Utility establishes a point-to-point connection channel (marked as 1719 ) between PCRS_VPN and PCCBS_VPN. In step 1721, the PCCBS establishes a point-to-point connection channel between the PCCBS_VPN Device Client and the PCRS Device Client or another PCCBS_VPN Device Client.

From the perspective of PCRS_VPN Utility, at step 1710, the point-to-point connection request from Address_PCRS_VPN_Client is accepted. In step 1711, the point-to-point negotiation starts using Address_PCRS_VPN to communicate with the PCRS_VPN Client located at Address_PCRS_VPN_Client. In step 1741, PCRS_VPN Utility communicates with PCRS_VPN (marked as 1704). In step 1712, the PCRBS_VPN_Profile is sent to the Address_PCRS_VPN_Client to activate the smart VPN connection. In step 1742, the PCRS_VPN_Profile is sent to PCRS_VPN (designated as 1705). In step 1713, a point-to-point connection between the PCRS_VPN and the device client is established. In step 1743, PCRS_VPN Utility communicates with PCRS_VPN (designated as 1706). In step 1714, accept the PCRS_VPN client authentication (Connect to PCRS_VPN, Address_PCRS_VPN, Address_PCRS_VPN_Client and Password_PCRS_VPN_P2P). In step 1715 , retrieve the item list (Access_Code, Code_Expiration, Address_Invitee, Address_PCRS_VPN_Client, Hash_Password_PCRS_VPN_P2P, Password_PCRS_VPN_P2P_Expiration and Status) of the Address_PCRS_VPN_Client based on the PCCBS VPN client database (PCRS_VPN Client database). In step 1716, the existing peer-to-peer (P2P) password is verified by checking whether the hash value matches the Hash_Password_PCRS_VPN_P2P entry of the Address_PCRS_VPN_Client based on the PCRS_VPN Client database. At step 1745, the existing peer-to-peer (P2P) password is sent to PCRS_VPN (designated 1708). In step 1717, secure peer-to-peer communication is initiated. In step 1746, PCCBS_VPN Utility communicates with PCRS_VPN (marked as 1709). PCCBS_VPN Utility establishes a point-to-point communication channel (marked as 1709 ) between PCRS_VPN and PCCBS_VPN. In step 1748, the PCRS establishes a point-to-point connection channel (marked as 1721) between the PCCBS_VPN Device Client and the PCRS Device Client or another PCCBS_VPN Device Client.

18 illustrates a flow chart of the point-to-point connection mechanism of PCRS, PCCBS, PCRS device client and PCCBS device client through the cloud network based on server cluster, computer resource aggregation and virtual machine. In addition, FIG. 18 is an extension of FIG. 14, which adds a server cluster 1830, a computer resource aggregation 1831, and a virtual machine 1832 to illustrate the implementation of the PCRS connection mechanism in a very large data center. The very large data center may have at least one server cluster 1830 , at least one computer resource aggregation 1831 and at least one virtual machine 1832 . The quantity and size of the at least one virtual machine are expandable. At least one of the ultra-large data center or the service provider can construct a large number of independent PCCBSs in a plurality of corresponding virtual machines to provide services to corresponding PCRS and PCRS device clients. In essence, a community pair of point-to-point communication relationships between the PCCBS device client and the PCRS device client is constructed and deployed by the network platform owner, where the network platform owner is responsible for maintaining The virtual machine has a topology of computer resource aggregation and server clusters. For example, one possible business model is for a network platform owner to provide hosting of their private and secure PCCBS to a large number of individual users in the virtual machine. Furthermore, the network platform owner also provides a separate private and secure PCRS for individual users to install the PCRS in their own local area network. Through the present invention, the platform user can build his own PCCBS device client (for example: a smart phone or a tablet computer (Tablet)) and the PCRS device client (for example: notebook computer (Notebook; NB) from anywhere. ), IoT devices, Network Attached Storage (Network Attached Storage; NAS) or media server), and set up in the user's private and secure local area network. FIG. 18 illustrates that according to the technology of the present invention, the device client can connect and access the PCRS, PCCBS, other device clients or network services through the cloud network under the server without the need of a public cloud routing server. As shown in Figure 18, a PCCBS device client 1 (PCCBS Device Client1) 1825 and a PCRS on the cloud network can be connected without passing through a public routing server 112 (not shown) or public VPN routing server 114 (not shown). show) to communicate with each other. The PCRS Utility (marked as 1821 ) transmits the internal messages of the PCRS (marked as 1828 ) to the PCRS_VPN Utility (marked as 1822 ). As shown in Figure 15 and Code 1 in Figure 18, PCRS_VPN Utility (marked as 1822) registers with PCCBS VPN Utility (marked as 1823) using the PCRS registration message, where the registration message includes the IP address and communication in the TCP/UDP protocol port performance. As shown in FIG. 16 , PCRS_VPN Utility (marked as 1822 ) also establishes PCCBS tuple and communication interface (marked as 1600 ). Through the connection with PCCBS Utility (marked 1801), the IP address and communication port capabilities of Device Client 2 (marked 1826) remain active. After registration, PCRS_VPN Utility connects to PCCBS_VPN (marked as 1602), and establishes a point-to-point communication channel between PCRS_VPN and PCCBS_VPN (marked as 1619). PCCBS_VPN Utility (marked as 1823) communicates with PCCBS_Device Utility (marked as 1824) through internal messages of PCCBS (marked as 1827). Please refer to code 2 (marked as 1802 ) in FIG. 18 , the PCCBS_Device Utility keeps in a loop and waits for the request from the PCCBS device client. As shown in Figure 7, first PCCBS Device Client1 (marked as 1805) uses the IP address and communication port performance of the TCP/UDP protocol to register to PCCBS_Device Utility (marked as 1824); through PCCBS_Device Utility (marked as 1824) , PCCBS Device Client1, IP address and communication port remain active (please refer to Figure 7 and Figure 14 code 3-1 (marked as 1803). The PCCBS_Device Utility (marked as 1824) will PCCBS (marked as 1827) internal Registration and connection requirements are sent to PCCBS_VPN Utility (marked as 1823).As shown in Figure 8, after registration, PCCBS Device Client1 (marked as 1825) connects to PCCBS_VPN (see step 802 of Figure 8), and connects to PCCBS Device Client1 (marked as 1824) and PCCBS_VPN (please refer to step 817 of Figure 8) to establish a point-to-point communication channel. Please refer to code number 5 (marked as 1805) and code number 7 (marked as 1807) of Figure 18 and step 818 of Figure 8, PCCBS_VPN Utility (marked as 1823) calls back to PCRS_VPN Utility (marked as 1822) to establish a point-to-point communication channel between PCCBS_VPN Utility (marked as 1823) and PCRS_VPN Utility (marked as 1822). When PCCBS_VPN Utility (marked as 1823) After the callback action to PCRS_VPN Utility (marked as 1822) is successful, a point-to-point communication channel is established between PCCBS_Device Client1 (marked as 1825) and PCRS_VPN, and connected to PCRS Device Client2 (marked as 1826). Figure 17 shows an example from PCCBS_VPN Callback action from Utility to PCRS_VPN (please refer to step 818 in FIG. 8 ).

Although the present invention has been described according to the above-mentioned embodiments, those skilled in the art can easily understand that there are more changes to these embodiments without departing from the basic spirit of the present invention. Accordingly, those skilled in the art can make more changes to the embodiments of the present invention without departing from the scope of the patent application.

As shown below: 0, 1~8, 3-1, 3-3, 4-1, 4-3, 6-3: Code 100, 200, 300, 400: public cloud 102, 103, 202, 203, 302, 303, 403: Router, Router_P, Router_S 104, 105, 204, 205, 304, 305, 334, 405, 434: area network, LAN, Local Area Network 101, 106, 107, 109, 110, 111: smart device client 108: Private cloud server 112, 212, 312, 412, 1200: public routing server 113, 213, 313, 413: public cloud server 114, 214, 314, 414: public VPN routing server 201, 209, 210, 211, 221, 301, 309, 310, 311, 321, 401, 409, 410, 411, 421: PCCBS device client 206, 207, 306, 307, 335, 435: PCRS device client 208, 308, 408: PCRS 216, 316, 416: PCCBS 215, 315, 415: client message box 222, 223, 224, 225, 322, 323, 324, 325, 326, 422, 423, 424, 426: communication path 228, 328, 336, 436: private network service 240, 2400, 340, 440: VLAN 360, 460: LAN2 270, 1300, 1302: PCRS Utility 271: PCRS client database 272, 276, 280, 282: Message Box Utility at the client side 273: PCRS administrator device 274: PCRS Device App 275: PCRS database 277: PCCBS administrator device 278: PCCBS device software 279: PCCBS database 281: Invitee device 1201: device client 1 1202: device client 2 1301: PCRS device client 1 App 1420: PCCBS administrator device 1421: PCRS device Utility 1422:PCRS VPN Utility 1423:PCCBS VPN Utility 1424: PCCBS device Utility 1425: PCCBS device client 1 1830: Server cluster 1831: Computer Resource Aggregation 1832: Virtual Machine 2700: PCCBS Utility 2710: PCCBS client database 2720: Server Message Box Utility 500~508, 510~516, 540~543: steps 600~605, 610~614, 620~622, 640~642: steps 700~707, 710~720, 740~744: steps 800~821, 840~848: steps 900~906, 910~912, 940~942: steps 1000~1008, 1010~1017, 1020, 1040~1045: steps 1100~1105, 1110~1116, 1140~1142: steps 1203~1210: steps 1303~1310: steps 1400~1407, 1411, 1413~1414, 1416, 1427~1428: steps 1500~1507, 1510~1520, 1540~1544: steps 1600~1617, 1619~1620, 1640~1646, 1648: steps 1700~1717, 1719, 1721, 1740~1746, 1748: steps 1801~1807, 1811, 1827~1828: steps

FIG. 1 illustrates a schematic diagram of a traditional cloud network architecture.

FIG. 2 illustrates a schematic diagram of a connection mechanism according to a first embodiment of the present invention. The connection mechanism is between a private cloud routing server, a private cloud callback server, and a smart device client.

FIG. 3 illustrates a schematic diagram of a connection mechanism according to a second embodiment of the present invention, and the connection mechanism is between a private cloud routing server, a private cloud callback server, and a smart device client.

FIG. 4 illustrates a schematic diagram of a connection mechanism according to a third embodiment of the present invention. The connection mechanism is between a private cloud routing server, a private cloud callback server, and a smart device client.

FIG. 5 illustrates a flow chart of initializing and preparing the private cloud routing server by the administrator of the private cloud routing server according to the present invention.

FIG. 6 illustrates a flow chart of creating a client for the private cloud callback server by the administrator of the private cloud callback server according to the present invention.

FIG. 7 illustrates a flow chart of registering a client terminal of a private cloud callback server device to a private cloud callback server according to the present invention.

FIG. 8 illustrates a flow chart from the client end of the private cloud callback server device to the private cloud callback server according to the present invention.

FIG. 9 illustrates a flow chart of an administrator viewing a client terminal of a private cloud routing server according to the present invention.

FIG. 10 illustrates a flow chart of the administrator resetting the user end-to-point password of the private cloud callback server device and editing attributes according to the present invention.

FIG. 11 illustrates a flow chart of modifying the end-to-point password of the user terminal of the private cloud callback server device according to the present invention.

FIG. 12 illustrates a flowchart of a point-to-point connection mechanism between the device client 1 and the device client 2 through the cloud network (prior art).

FIG. 13 illustrates a flow chart of a point-to-point connection mechanism between a private cloud routing server and a client of a private cloud routing server device through a cloud network (prior art).

Fig. 14 illustrates a flow chart of a point-to-point connection mechanism, the point-to-point connection mechanism is between the private cloud routing server, the private cloud callback server, the private cloud routing server device client and the private cloud callback through the cloud network between server devices and clients.

FIG. 15 illustrates a flow chart of the private cloud routing server registering with the private cloud callback server virtual private network according to the present invention.

FIG. 16 illustrates a flowchart of a virtual private network from a private cloud routing server to a private cloud callback server according to the present invention.

FIG. 17 illustrates a flow chart of the private cloud callback server calling back to the private cloud routing server virtual private network according to the present invention.

Figure 18 illustrates a private cloud routing server, a private cloud callback server, a private cloud routing server device client, and a private cloud callback server through a cloud network based on server clusters, computer resource aggregation, and virtual machines Flowchart of the peer-to-peer connection mechanism at the device client.

none

200: Public cloud

202, 203: router

204, 205: area network

201, 209, 210, 211, 221: PCCBS device user end

216:PCCBS

206, 207: PCRS device client

208: PCRS

212: Public routing server

213: Public cloud server

214: Public VPN routing server

215: Client message box

222, 223, 224, 225: communication path

228: Private network service

240, 2400: VLAN

270: PCRS Utility

271: PCRS client database

272, 276, 280, 282: Message Box Utility at the client side

273: PCRS administrator device

274: PCRS Device App

275: PCRS database

277: PCCBS administrator device

278: PCCBS device software

279: PCCBS database

281: Invitee device

2700: PCCBS Utility

2710: PCCBS client database

2720: Server Message Box Utility

Claims (18)

A method for use with a public cloud network, the method comprising: In a client server relationship, set at least one private cloud routing server, at least one private cloud callback server and at least one smart device client; Wherein the at least one private cloud routing server includes a first message box related to the at least one private cloud routing server, and the first message box is located in the public cloud network; Wherein the at least one smart device client includes a second message box associated with the at least one smart device client, the second message box is located in the public cloud network; and wherein the at least one private cloud callback server hosts the first message box and the second message box on the public cloud network; using a secure method to transmit a session message between the first message box and the second message box; Wherein, a secure session message connection mechanism hosted by the at least one private cloud callback server between the at least one private cloud routing server and the at least one smart device client includes: initializing and preparing the at least one Private cloud routing server and the at least one private cloud callback server, create a private cloud callback server client, view the private cloud callback server client, edit a private cloud callback server point-to-point password and the A state of the private cloud callback server, modifying the point-to-point password of the private cloud callback server through the at least one smart device client, and connecting to the at least one private cloud routing server through the at least one smart device client ; wherein the meeting message is verified by the at least one private cloud callback server and the at least one smart device client; wherein the at least one smart device client communicates with the at least one private cloud callback server in response to the session message being verified; Wherein according to the verified session message, the at least one smart device client securely accesses a private network service through the public cloud network; Setting at least one private cloud callback server, the at least one private cloud callback server is in a client server relationship with at least one private cloud routing server; wherein the at least one private cloud callback server and the at least one private cloud routing server communicate with each other in response to the session message being verified; wherein the at least one private cloud callback server and the at least one private cloud callback server privately and securely communicate with each other through the public cloud network; setting the at least one smart device client in a client server relationship with the at least one private cloud callback server; and setting at least one other smart device client, the at least one other smart device client is in a client server relationship with the at least one private cloud routing server; wherein in response to the session message being verified, the at least one smart device client and the at least another smart device client communicate with the at least one private cloud callback server and the at least one private cloud routing server , so that the session message should be authenticated; and Wherein the at least one smart device client and the at least one other smart device client privately and securely communicate with each other through the public cloud network. The method as described in Claim 1, wherein the at least one private cloud callback server comprises: a computing device; a connection to a network; and A program executes instructions stored in a memory to make the at least one private cloud callback server perform the following actions: Create and manage an authenticated client list to accommodate multiple smart device clients; sending a meeting invitation to the second message box; Retrieving a session access request of the at least one smart device client from the first message box; and Send a session confirmation to the second message box. The method as described in claim 2, wherein the program further executes instructions stored in the memory, so that the at least one private cloud callback server performs the following actions: sending a communication request to the at least one smart device client; sending a communication request to the at least one private cloud routing server; binding the network connection between the at least one private cloud callback server and the at least one private cloud routing server; routing an incoming request from the at least one smart device client side of the at least one private cloud callback server to the at least one private cloud routing server; establishing a secure point-to-point communication with the at least one smart device client on the side of the at least one private cloud callback server; enabling access to the at least one private network service from the at least one smart device client on the side of the at least one private cloud routing server; Call back to the at least one private cloud routing server according to the request of the smart device client to connect to the at least one other smart device client, the at least one private cloud routing server is on the at least one private cloud routing server The at least one other smart device client is reachable in a virtual private network of the server; and enabling a private and secure communication. The method as described in claim 2, wherein the at least one smart device client on the side of the at least one private cloud callback server includes: a computing device; and a connection to a network through a router; Wherein the router has a program, the program executes the instructions stored in the memory, so that the at least one smart device client performs the following actions: retrieving a meeting invitation from the at least one smart device client message box; sending a session access request to the at least one private cloud routing server message box; retrieving a session confirmation from the at least one smart device client message box; sending a communication request to the at least one private cloud callback server; sending a communication request to the at least one smart device client; binding the network connection between the at least one private cloud callback server and the at least one smart device client; routing an incoming request from the at least one private cloud callback server to the at least one smart device client; establishing a secure peer-to-peer communication with the at least one private cloud callback server; accessing the at least one private network service through the at least one private cloud callback server; and Communicate with at least one other smart device client at the side of the at least one private cloud routing server through the at least one private cloud routing server. The method as described in claim 2, wherein the at least one smart device client on the side of the at least one private cloud routing server includes: a computing device; a connection to a network by wire or wireless; and A program executes instructions stored in the memory to make the at least one smart device client perform the following actions: retrieving a meeting invitation from the at least one smart device client message box; sending a session response to the at least one private cloud routing server message box; retrieving a session confirmation from the at least one smart device client message box; sending an access request to the at least one private cloud callback server; Waiting for the at least one private cloud routing server to reply; binding the network connection between the at least one private cloud routing server and the at least one smart device client; routing an incoming request from the at least one private cloud routing server to the at least one smart device client; establishing a secure peer-to-peer communication with the at least one private cloud routing server; accessing the at least one private network service through the at least one private cloud routing server; and Communicating with the at least one other smart device client at the side of the at least one private cloud callback server through the at least one private cloud callback server. The method as described in claim item 4, wherein the program also includes: access the at least one private cloud routing server anytime and anywhere; accessing the at least one private cloud routing server with a fixed or a floating IP address behind a firewall; Wherein the at least one smart device client on the side of the at least one private cloud callback server does not require a public cloud routing server in a wide area network, does not require additional router settings in a local area network, and Establish a secure point-to-point communication channel with the at least one private cloud routing server; accessing the at least one private network service through the at least one private cloud callback server and the at least one private cloud routing server; and Communicate with at least one other smart device client on the side of the at least one private cloud routing server through the at least one private cloud routing server. The method as described in claim item 5, wherein the program also includes: access the at least one private cloud routing server anytime and anywhere; accessing the at least one private cloud routing server with a fixed or a floating IP address behind a firewall; Wherein the at least one smart device client does not require a public cloud routing server in a wide area network, does not require additional router settings in the local area network, and establishes a secure point-to-point communication with the server; accessing the private network service through the at least one private cloud routing server; and Communicate with the at least one other smart device client through the at least one private cloud routing server. The method as described in claim item 4, wherein the program also includes: access the at least one private cloud routing server anytime and anywhere; accessing the at least one private cloud routing server with a fixed or a floating IP address behind a firewall; Wherein the at least one smart device client does not require a public cloud routing server in a wide area network, does not require additional router settings in the local area network, and establishes a secure point-to-point with the at least one private cloud routing server communication channel; Mapping a regional physical input and output to a virtual private cloud routing server input and output; accessing a private network service through the at least one private cloud routing server; and Communicate with the at least one other smart device client through the at least one private cloud routing server. The method as described in claim item 5, wherein the program also includes: access the at least one private cloud routing server anytime and anywhere; accessing the at least one private cloud routing server with a fixed or a floating IP address behind a firewall; Wherein the at least one smart device client does not require a public cloud routing server in a wide area network, does not require additional router settings in the local area network, and establishes a secure point-to-point communication with the server; Mapping a region entity I/O to a virtual server I/O; accessing the private network service through the at least one private cloud routing server; and Communicate with the at least one other smart device client through the at least one private cloud routing server. The method as described in claim item 1, wherein the at least one private cloud routing server includes: a computing device; a connection to a network; and A program executes the instructions stored in the storage to make the at least one private cloud routing server perform the following actions: Create and manage an authenticated client list to accommodate multiple smart device clients; sending a meeting invitation to the second message box; Retrieving a session access request of the at least one smart device client from the first message box; and Send a session confirmation to the second message box. The method according to claim 10, wherein the program further executes instructions stored in the memory, so that the at least one private cloud routing server performs the following actions: sending a communication request to the at least one smart device client; sending a communication request to the at least one private cloud routing server; binding the at least one private cloud routing server and the network connection between the at least one private cloud routing server; routing an incoming request from the at least one smart device client side of the at least one private cloud routing server to the at least one private cloud routing server; establishing a secure peer-to-peer communication with the at least one smart device client on the at least one private cloud routing server side; enabling access to the at least one private network service from the at least one smart device client on the side of the at least one private cloud routing server; and Enable private and secure communication between the at least one smart device client on the side of the at least one private cloud callback server and the at least one other smart device client on the side of the at least one private cloud routing server communication. A method for providing a secure session message connection mechanism between a private cloud callback server and at least one smart device client in a private cloud callback server network, the method comprising: Initialize and prepare the private cloud callback server; Create a private cloud callback server client; View the private cloud callback server client; Edit a private cloud callback server point-to-point password and a status of the private cloud callback server; modifying the point-to-point password of the private cloud callback server through the at least one smart device client; resetting the private cloud callback server peer-to-peer password and the status from a private cloud callback server LAN through a system administrator; and Connect to the private cloud callback server through the at least one smart device client. A method for a communication flow of a connection mechanism between at least one private cloud callback server device client and at least one private cloud callback server device client through a cloud network, the method Include: Through the at least one private cloud callback server device, the client application program requests to connect to a private cloud callback server server part utility through a client message box, wherein the private cloud callback server server part utility receiving a registration via a routing server message box; registering a private cloud routing server utility through the at least one private cloud routing server device client; register to a private cloud callback server client part of the utility through the private cloud routing server utility; receiving the request from the server part utility of the private cloud callback server through the client part utility of the private cloud callback server; Call back to the private cloud routing server utility through the private cloud callback server client part utility with a connection intent; sending a communication request from the private cloud routing server utility to the at least one private cloud routing server device client; and Initiate point-to-point communication, the point-to-point communication is sequentially from the at least one private cloud callback server device client to the private cloud callback server client part of the public program, to the private cloud callback server server part of the public program, to the private cloud callback server client part of the utility program, to the private cloud routing server utility program, and to the private cloud routing server device client. The method according to claim 13, wherein the callback server message box or the client message box is hosted on one of an email server, a text message server, a web server, or a server, the servers are configured to host a secure message exchanged between the private cloud callback server and the private cloud callback server device client; wherein the callback server message box or the client message box is accessible and under the secure and private control of the private cloud callback server or the private cloud callback server device client; and Wherein when the callback server message box or the client message box stops, it can be replaced or redeployed immediately without endangering the private cloud callback server and the private cloud callback server in the cloud network communication between device clients. The method as described in claim 13, further comprising providing a secure session message connection mechanism between a private cloud routing server in a private cloud routing server network and at least one smart device client, wherein the secure The meeting message connection mechanism includes: Initialize and prepare the private cloud routing server; Create a private cloud routing server client; View the private cloud routing server client; Edit a private cloud routing server peer-to-peer password and a status; modifying the point-to-point password of the private cloud routing server through the at least one smart device client; Reset the point-to-point password and the state of the private cloud routing server from a private cloud routing server LAN through a system administrator; the client portion connected to the private cloud callback server; and Connect to the private cloud callback server through the at least one smart device client. A non-transitory computer-readable medium storing executable instructions that, when executed, cause a computer to: In a client-server relationship, set up a private cloud callback server and a smart device client; Wherein the private cloud callback server includes a routing server message box utility for accessing a first message box located on a public cloud network; wherein the private cloud callback server registers the public and private IP addresses of the smart device client; wherein the smart device client includes a client message box utility for accessing a second message box located in the public cloud network; and wherein the private cloud callback server sends a session confirmation having public and private IP addresses to the second message box; passing a session message between the first message box and the second message box through the routing server message box utility of the private cloud callback server in a secure process; The secure process for transferring the session message between the first message box and the second message box of the private cloud callback server and the smart device client respectively includes: Initialize and prepare the private cloud callback server; Create a private cloud callback server client; View the private cloud callback server client; Edit the peer-to-peer password of the private cloud callback server and a status of the private cloud callback server; and Modify the point-to-point password of a private cloud callback server through the smart device client, and connect to the private cloud callback server through the smart device client; Wherein the smart device client is connected to the private cloud callback server through at least one of the following connection methods: The smart device client determines that a target is located in a local area network with local access, and decides to directly connect to the private cloud callback server; The smart device client determines that the target is not located in the local area network, and decides to connect to the public cloud via a wide area network, wherein the wide area network locates a router and the location of the local area network, and connect to the private cloud callback server; and The smart device client determines that the target is not located in the local area network that can be accessed locally, and decides to connect to the public cloud network in the wide area network through the local area network and the router; One of the secure meeting messages is verified by the private cloud callback server and the smart device client; wherein the smart device client and the private cloud callback server communicate with each other after the session message is verified; and Wherein according to the verified session message, the smart device client securely accesses a private network service through the public cloud network; configuring at least one other smart device client in a client server relationship with the private cloud callback server; wherein the smart device client and the at least one other smart device client communicate with the private cloud callback server after the session message is verified; and Wherein the smart device client and the at least one other smart device client privately and securely communicate with each other through the public cloud network. A non-transitory computer-readable medium storing executable instructions that, when executed, cause a computer to: request by a client device application to connect to a private cloud callback server utility via a client message box, wherein a server portion of the private cloud callback server utility is received via a routing server message box a registration; a private cloud callback server client device requests, through the client message box, the server portion of the private cloud callback server utility to connect to a client portion of the private cloud callback server utility; the server portion of the private cloud callback server utility receives the request via a routing server message box; the server portion of the private cloud callback server utility notifies the client portion of the private cloud callback server utility of an intent to connect by the server portion; the client portion of the private cloud callback server utility returns a registration to the server portion of the private cloud callback server utility; the server portion of the private cloud callback server utility responding to the client device application via the routing server message box; sending a communication request to the at least one private cloud routing server via the client portion of the private cloud callback server utility; registering the public and private IP addresses of the private cloud callback server client devices through the private cloud callback server utility; sending a session identified based on the public and private Internet addresses to the client message box through the private cloud callback server utility; and initiate point-to-point communication between the private cloud callback server client device and the client portion of the private cloud callback server utility; The private cloud callback server utility program and the private cloud callback server client device exchange information through the routing server message box and the client message box; The client device of the private cloud callback server is connected to the client part of the private cloud callback server utility through at least one of the following connection methods: The private cloud callback server client device determines that the client portion of the private cloud callback server utility is located in a local area network with regional access, and decides to directly connect to the private cloud callback server utility program; the private cloud callback server client device determines that the client portion of the private cloud callback server utility is not located in the local area network with regional access, and decides to connect to the public cloud via a wide area network, wherein the WAN locates a router and the location of the LAN and connects to the private cloud callback server utility; and the private cloud callback server client device determines that the client portion of the private cloud callback server utility is not located in the local area network accessible through the local area network and the router, and Connect to the cloud network in the wide area network. A method of communication, the method comprising: In a client server relationship, at least one virtual machine, at least one private cloud callback server, at least one smart device client on the side of the private cloud callback server for providing cloud network services, At least one private cloud routing server and the at least one smart device client on one side of the private cloud routing server; Wherein the at least one virtual machine includes the at least one private cloud callback server to provide the cloud network service; Wherein the at least one virtual machine and the at least one private cloud callback server are set up in a super-large data center, and the at least one private cloud routing server is set up in a remote factory area of a client. wherein the number and size of the at least one virtual machine are scalable; Wherein at least one of the ultra-large data center or the service provider constructs a plurality of independent private cloud callback servers in a corresponding plurality of corresponding virtual machines to provide services to the corresponding plurality of private cloud routing servers server and a plurality of private cloud routing server device clients; A community pair wherein a network platform owner maintaining the at least one virtual machine constructs and deploys a point-to-point communication relationship between the at least one private cloud callback server device client and a private cloud routing server device client ; Wherein, in the at least one virtual machine, the network platform owner provides hosting of the private cloud callback server to a personal user; Wherein the network platform owner provides individual users with a separate private and secure private cloud routing server to install the private cloud routing server in the individual user's local area network; and Wherein the platform user establishes point-to-point communication between the at least one private cloud callback server device client and the private cloud routing server device client from anywhere, and the private cloud routing server device client is set up on the user private and secure local area network.

Images