TW202243443A - Method for accessing private network service and service gateway equipment - Google Patents
Method for accessing private network service and service gateway equipment Download PDFInfo
- Publication number
- TW202243443A TW202243443A TW110114280A TW110114280A TW202243443A TW 202243443 A TW202243443 A TW 202243443A TW 110114280 A TW110114280 A TW 110114280A TW 110114280 A TW110114280 A TW 110114280A TW 202243443 A TW202243443 A TW 202243443A
- Authority
- TW
- Taiwan
- Prior art keywords
- service
- private network
- user equipment
- module
- gateway device
- Prior art date
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
本揭露是有關於一種私有網路服務存取方法和服務閘道設備。This disclosure relates to a private network service access method and service gateway equipment.
基於資訊安全的考量,管理者必須設定許多資安政策來管制存取私有網路的終端裝置的電腦狀態或行為。當終端裝置想要使用虛擬私有網路(Virtual Private Network,VPN)服務時,終端裝置必須額外安裝虛擬私有網路軟體。終端裝置須執行此虛擬私有網路軟體以進行認證授權與虛擬私有網路通道(tunnel)的建立,並同時取得私有網路的網際協定(Internet Protocol)與路由,才能連進私有網路。因此,使用私有網路中的私有網路服務對使用者來說是非常不便利的。Based on information security considerations, administrators must set up many information security policies to control the computer status or behavior of terminal devices accessing private networks. When a terminal device wants to use a virtual private network (Virtual Private Network, VPN) service, the terminal device must additionally install VPN software. The terminal device must execute the VPN software to perform authentication and authorization, establish a VPN tunnel, and obtain the Internet Protocol (IP) and routing of the private network before connecting to the private network. Therefore, it is very inconvenient for the user to use the private network service in the private network.
本揭露提供一種私有網路服務存取方法和服務閘道設備,可以讓使用者在不需要額外安裝軟體的情況下,經由用戶設備上的瀏覽器軟體選擇想要使用(存取)的私有網路服務。This disclosure provides a private network service access method and service gateway device, which allow users to select the private network they want to use (access) through the browser software on the user device without additional software installation. road service.
本揭露的一種私有網路服務存取方法,包含:由服務閘道設備通過加密連線通訊連接至公眾網路中的用戶設備;由服務閘道設備通訊連接至私有網路中的私有網路服務伺服器;以及由服務閘道設備根據用戶設備的瀏覽器軟體所選擇的目標服務配置私有網路服務伺服器,以由私有網路服務伺服器提供對應於目標服務的私有網路服務給用戶設備。A private network service access method disclosed in this disclosure includes: connecting the service gateway device to the user equipment in the public network through encrypted connection communication; connecting the service gateway device to the private network in the private network The service server; and the private network service server is configured by the service gateway device according to the target service selected by the browser software of the user equipment, so that the private network service server provides the private network service corresponding to the target service to the user equipment.
本揭露的一種服務閘道設備,包含處理器、儲存媒體以及收發器。收發器通過加密連線通訊連接至公眾網路中的用戶設備,並且通訊連接至私有網路中的私有網路服務伺服器,其中用戶設備儲存瀏覽器軟體。儲存媒體儲存多個模組。處理器存取和執行多個模組,其中多個模組包含服務模組以及轉導模組,其中服務模組根據用戶設備的瀏覽器軟體所選擇的目標服務而控制轉導模組配置私有網路服務伺服器,以由私有網路服務伺服器提供對應於目標服務的私有網路服務給用戶設備。A service gateway device disclosed in the present disclosure includes a processor, a storage medium, and a transceiver. The transceiver is connected to the user equipment in the public network through encrypted connection communication, and is connected to the private network service server in the private network, wherein the user equipment stores browser software. The storage medium stores multiple modules. The processor accesses and executes a plurality of modules, wherein the plurality of modules include a service module and a transduction module, wherein the service module controls the transduction module according to the target service selected by the browser software of the user equipment to configure private The network service server is used to provide the private network service corresponding to the target service to the user equipment by the private network service server.
基於上述,本揭露的私有網路服務存取方法和服務閘道設備可以讓使用者經由用戶設備上的瀏覽器軟體選擇想要使用(存取)的私有網路服務,提高了使用的方便性。另外,當使用者輸入的登入資料與預存的認證資料匹配,服務閘道設備可提供對應於使用者所選擇的允許服務的私有網路服務給瀏覽器軟體。基此,私有網路服務存取的安全性與便利性更能顯著提升。Based on the above, the private network service access method and service gateway device disclosed in this disclosure can allow users to select the private network service they want to use (access) through the browser software on the user device, which improves the convenience of use . In addition, when the login information input by the user matches the pre-stored authentication information, the service gateway device can provide the private network service corresponding to the allowed service selected by the user to the browser software. Based on this, the security and convenience of private network service access can be significantly improved.
為讓本揭露的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present disclosure more comprehensible, the following specific embodiments are described in detail together with the accompanying drawings.
圖1是根據本揭露的一實施例繪示一種私有網路服務存取系統100的示意圖。請參照圖1,私有網路服務存取系統100可包括用戶設備110、私有網路服務伺服器120以及服務閘道設備130。FIG. 1 is a schematic diagram illustrating a private network
用戶設備110可具有處理單元(例如:處理器但不限於此)、通訊單元(例如:各類通訊晶片、行動通訊晶片、藍芽晶片、WiFi晶片等但不限於此)及儲存單元(例如:可移動隨機存取記憶體、快閃記憶體、硬碟等但不限於此)等運行用戶設備110的必要構件。用戶設備110例如是一般常用的終端裝置,例如,用戶設備110可包括桌上型電腦、筆記型電腦、個人數位助理(personal digital assistant,PDA)、智慧型手機或精簡型終端(thin client)等具備IP位址或連網功能的設備。用戶設備110可設置於公眾網路10。公眾網路10例如是可由任意的終端裝置存取的網路。The
用戶設備110可儲存瀏覽器軟體111。瀏覽器軟體111可以是用來瀏覽網頁的軟體,例如,瀏覽器軟體111可支援超文本標記語言(html 5)。The
私有網路服務伺服器120可具有處理單元(例如:處理器但不限於此)、通訊單元(例如:各類通訊晶片、行動通訊晶片、藍芽晶片、WiFi晶片等但不限於此)及儲存單元(例如:可移動隨機存取記憶體、快閃記憶體、硬碟等但不限於此)等運行私有網路服務伺服器120的必要構件。私有網路服務伺服器120可設置於私有網路20。私有網路20例如是僅具有權限的終端裝置才能存取的網路。The private
私有網路服務伺服器120可儲存一或多個私有網路服務。在本實施例中,私有網路服務可以包括但不限於:安全殼協定(secure shell,SSH)、遠端通信網路(Telnet)、遠端桌面協定(remote desktop protocol,RDP)或虛擬網路計算(virtual network computing,VNC)。The private
服務閘道設備130可包含處理器131、儲存媒體132以及收發器133。The
處理器131例如是中央處理單元(central processing unit,CPU),或是其他可程式化之一般用途或特殊用途的微控制單元(micro control unit,MCU)、微處理器(microprocessor)、數位信號處理器(digital signal processor,DSP)、可程式化控制器、特殊應用積體電路(application specific integrated circuit,ASIC)、圖形處理器(graphics processing unit,GPU)、影像訊號處理器(image signal processor,ISP)、影像處理單元(image processing unit,IPU)、算數邏輯單元(arithmetic logic unit,ALU)、複雜可程式邏輯裝置(complex programmable logic device,CPLD)、現場可程式化邏輯閘陣列(field programmable gate array,FPGA)或其他類似元件或上述元件的組合。處理器131可耦接至儲存媒體132以及收發器133,並且存取和執行儲存於儲存媒體132中的多個模組和各種應用程式。The
儲存媒體132例如是任何型態的固定式或可移動式的隨機存取記憶體(random access memory,RAM)、唯讀記憶體(read-only memory,ROM)、快閃記憶體(flash memory)、硬碟(hard disk drive,HDD)、固態硬碟(solid state drive,SSD)或類似元件或上述元件的組合,而用於儲存可由處理器131執行的多個模組或各種應用程式。在本實施例中,儲存媒體132可儲存包括服務模組1321、認證模組1322以及轉導模組1323等多個模組,其功能將於後續說明。The
收發器133以無線或有線的方式傳送及接收訊號。收發器130還可以執行例如低噪聲放大、阻抗匹配、混頻、向上或向下頻率轉換、濾波、放大以及類似的操作。服務閘道設備130的收發器133可通過加密連線通訊連接至公眾網路10中的用戶設備110,並可通訊連接至私有網路20中的私有網路服務伺服器120。The transceiver 133 transmits and receives signals in a wireless or wired manner. The
在一實施例中,認證模組1322可儲存關聯於使用者的認證資料以及包含至少一允許服務的服務列表。
表1
表1是認證模組1322所儲存內容的一個實例。請參照表1,認證模組1322可儲存關聯於使用者的認證資料以及允許服務。例如,使用者A是利用帳號密碼作為認證資料,且使用者A被允許使用的服務為安全殼協定服務A(10.1.1.1/22)以及虛擬網路計算服務B(10.1.1.2/5900)。使用者B是利用憑證作為認證資料,且使用者B被允許使用的服務為安全殼協定服務A(10.1.1.1/22)以及遠端桌面協定服務C(10.1.1.3/3389)。使用者C是利用簡訊一次性密碼(one-time password,OTP)作為認證資料,且使用者C被允許使用的服務為虛擬網路計算服務B(10.1.1.2/5900)、遠端桌面協定服務C(10.1.1.3/3389)以及遠端桌面協定服務D(10.1.1.4/3389)。Table 1 is an example of the content stored in the
以下將以使用者A作為實施例繼續說明。當使用者A想要利用(設置於公眾網路10的)用戶設備100存取私有網路20中的私有網路服務時,使用者A可利用瀏覽器軟體111在公眾網路10中建立用戶設備100和服務閘道設備130之間的加密連線。例如,瀏覽器軟體111可透過超文本傳輸安全協定(https 443 port)連線至服務模組1321,本揭露不限制建立加密連線的方式。In the following, user A will be used as an example to continue the description. When user A wants to use the user equipment 100 (set in the public network 10) to access the private network service in the
圖2是根據本揭露的一實施例繪示一種登入畫面的示意圖,請同時參照圖2與表1。由於使用者A的認證資料是帳號密碼(使用者A是利用帳號密碼作為認證),在使用者A利用瀏覽器軟體111經由加密連線連接至服務閘道設備130後,服務模組1321可提供如圖2的登入頁面給瀏覽器軟體111,以接收使用者A的登入資料。FIG. 2 is a schematic diagram illustrating a login screen according to an embodiment of the present disclosure. Please refer to FIG. 2 and Table 1 at the same time. Since user A's authentication information is account password (user A uses account password as authentication), after user A uses
在使用者A通過瀏覽器軟體111將登入資料輸入至登入頁面後,認證模組1322可判斷使用者A所輸入的登入資料是否與認證模組1322所儲存的認證資料(即表1中關聯於使用者A的認證資料)匹配。若認證模組1322判斷所輸入的登入資料與認證資料匹配,服務模組1321可控制轉導模組1323配置私有網路20中的私有網路服務伺服器120,以由私有網路服務伺服器120提供對應於用戶設備110的目標服務的私有網路服務給用戶設備110的瀏覽器軟體111。圖3是根據本揭露的一實施例繪示一種顯示允許服務的示意圖。請同時參照圖3與表1,在認證模組1322判斷登入資料與認證資料匹配後,由於認證模組1322所儲存的服務列表指示了使用者A被允許使用的服務(即,允許服務)為安全殼協定服務A(10.1.1.1/22)以及虛擬網路計算服務B(10.1.1.2/5900),故服務模組1321可提供如圖3中的畫面以供使用者從服務列表中的至少一允許服務中選擇想要使用的目標服務。在使用者決定目標服務後,使用者可通過用戶設備110的瀏覽器軟體111傳送指令給服務模組1321。服務模組1321可根據指令而從服務列表中的至少一允許服務中選出目標服務。After user A inputs the login information into the login page through the
假設使用者A(在瀏覽器軟體111上)從允許服務中選擇的目標服務是安全殼協定服務A(10.1.1.1/22),服務閘道設備130的轉導模組1323可連接至有私有網路服務伺服器120以配置私有網路服務伺服器120啟動對應於目標服務(安全殼協定服務A(10.1.1.1/22))的私有網路服務。圖4是根據本揭露的一實施例繪示一種提供對應於目標服務的私有網路服務的示意圖,請參照圖4。在轉導模組1323配置私有網路服務伺服器120以啟動對應於目標服務的私有網路服務(即,安全殼協定服務A(10.1.1.1/22))之後,服務模組1321可控制轉導模組1323配置私有網路服務伺服器120,以由私有網路服務伺服器120提供對應於目標服務的私有網路服務(即,安全殼協定服務A(10.1.1.1/22))給用戶設備110的瀏覽器軟體111。在一實施例中,私有網路服務伺服器120可經由服務閘道設備130提供私有網路服務給用戶設備110。例如,轉導模組1323可存取私有網路服務伺服器120以將私有網路服務的連線狀態影像畫面透過服務模組1321以及收發器133提供給瀏覽器軟體111。本揭露不限制提供私有網路服務給瀏覽器軟體111的實施方式。Assuming that the target service selected by user A (on the browser software 111) from the allowed services is the secure shell protocol service A (10.1.1.1/22), the
圖5是根據本揭露的一實施例繪示一種私有網路服務存取方法的流程圖,其中私有網路服務存取方法可由如圖1所示的服務閘道設備130實施。在步驟S501中,由服務閘道設備通過加密連線通訊連接至公眾網路中的用戶設備;由服務閘道設備通訊連接至私有網路中的私有網路服務伺服器。在步驟S502中,由服務閘道設備根據用戶設備的瀏覽器軟體所選擇的目標服務配置私有網路服務伺服器,以由私有網路服務伺服器提供對應於目標服務的私有網路服務給用戶設備。FIG. 5 is a flowchart illustrating a private network service access method according to an embodiment of the present disclosure, wherein the private network service access method can be implemented by the
綜上所述,本揭露的私有網路服務存取方法和服務閘道設備可以讓使用者經由用戶設備上的瀏覽器軟體選擇想要使用(存取)的私有網路服務,提高了使用的方便性。另外,當使用者輸入的登入資料與預存的認證資料匹配,本揭露可提供對應於允許服務的私有網路服務給瀏覽器軟體。基此,私有網路服務存取的安全性與便利性更能有效提升。To sum up, the private network service access method and service gateway device disclosed in this disclosure can allow users to choose the private network service they want to use (access) through the browser software on the user device, which improves the user experience. convenience. In addition, when the login information input by the user matches the pre-stored authentication information, the present disclosure can provide the private network service corresponding to the allowed service to the browser software. Based on this, the security and convenience of private network service access can be effectively improved.
雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何所屬技術領域中具有通常知識者,在不脫離本揭露的精神和範圍內,當可作些許的更動與潤飾,故本揭露的保護範圍當視後附的申請專利範圍所界定者為準。Although the present disclosure has been disclosed above with embodiments, it is not intended to limit the present disclosure. Anyone with ordinary knowledge in the technical field may make some changes and modifications without departing from the spirit and scope of the present disclosure. The scope of protection of this disclosure should be defined by the scope of the appended patent application.
100:私有網路服務存取系統 10:公眾網路 110:用戶設備 111:瀏覽器軟體 20:私有網路 120:私有網路服務伺服器 130:服務閘道設備 1321:服務模組 1322:認證模組 1323:轉導模組 S501、S502:步驟 100: Private network service access system 10: Public Internet 110: user equipment 111:Browser software 20: Private network 120: Private network service server 130: service gateway equipment 1321: service module 1322: authentication module 1323:transduction module S501, S502: steps
圖1是根據本揭露的一實施例繪示一種私有網路服務存取系統的示意圖。 圖2是根據本揭露的一實施例繪示一種登入畫面的示意圖。 圖3是根據本揭露的一實施例繪示一種顯示允許服務的示意圖。 圖4是根據本揭露的一實施例繪示一種提供對應於目標服務的私有網路服務的示意圖。 圖5是根據本揭露的一實施例繪示一種私有網路服務存取方法的流程圖。 FIG. 1 is a schematic diagram illustrating a private network service access system according to an embodiment of the present disclosure. FIG. 2 is a schematic diagram illustrating a login screen according to an embodiment of the present disclosure. FIG. 3 is a schematic diagram illustrating a display permission service according to an embodiment of the present disclosure. FIG. 4 is a schematic diagram illustrating a provision of a private network service corresponding to a target service according to an embodiment of the present disclosure. FIG. 5 is a flowchart illustrating a private network service access method according to an embodiment of the present disclosure.
S501、S502:步驟 S501, S502: steps
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110114280A TWI763449B (en) | 2021-04-21 | 2021-04-21 | Method for accessing private network service and service gateway equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110114280A TWI763449B (en) | 2021-04-21 | 2021-04-21 | Method for accessing private network service and service gateway equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI763449B TWI763449B (en) | 2022-05-01 |
TW202243443A true TW202243443A (en) | 2022-11-01 |
Family
ID=82594148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110114280A TWI763449B (en) | 2021-04-21 | 2021-04-21 | Method for accessing private network service and service gateway equipment |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI763449B (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI624163B (en) * | 2016-08-03 | 2018-05-11 | Chunghwa Telecom Co Ltd | System for controlling IPv6 networking of IoT devices |
CN108200165B (en) * | 2017-12-29 | 2019-07-02 | Oppo广东移动通信有限公司 | Request Transmission system, method, apparatus and storage medium |
TWI692956B (en) * | 2019-03-04 | 2020-05-01 | 中華電信股份有限公司 | Ipv6 accessing management system based on software defined network and method thereof |
CN111371775A (en) * | 2020-02-28 | 2020-07-03 | 深信服科技股份有限公司 | Single sign-on method, device, equipment, system and storage medium |
-
2021
- 2021-04-21 TW TW110114280A patent/TWI763449B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI763449B (en) | 2022-05-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3138257B1 (en) | Enterprise system authentication and authorization via gateway | |
JP6591650B2 (en) | Automatic placeholder finder and filler | |
JP6552519B2 (en) | Portal authentication | |
EP3162103B1 (en) | Enterprise authentication via third party authentication support | |
US20210004453A1 (en) | Device-specific authentication credentials | |
JP2020166906A (en) | Secure single sign on and conditional access for client applications | |
US9729514B2 (en) | Method and system of a secure access gateway | |
US8893255B1 (en) | Device authentication using device-specific proxy addresses | |
TW201106196A (en) | Network location determination for direct access networks | |
WO2015135331A1 (en) | Authorization method, apparatus and system for authentication | |
WO2018010146A1 (en) | Response method, apparatus and system in virtual network computing authentication, and proxy server | |
US11290425B2 (en) | Configuring network security based on device management characteristics | |
US11651099B2 (en) | Persisting encrypted remote browser data at a local browser for use in a remote browser | |
JP2015535362A (en) | Method and apparatus for securely accessing web services | |
US11367445B2 (en) | Virtualized speech in a distributed network environment | |
CA2912774C (en) | Providing single sign-on for wireless devices | |
TWI763449B (en) | Method for accessing private network service and service gateway equipment | |
TW201417535A (en) | Network access control based on risk factor | |
US20230254301A1 (en) | Auto-Configuration of Security Features in Distributed System with Minimal User Interaction | |
US20230254164A1 (en) | Shared device secure access | |
US12126596B2 (en) | Configuring network security based on device management characteristics | |
US20150288675A1 (en) | System, method for computer security | |
JP6073120B2 (en) | Connection authentication system and connection authentication method | |
WO2015139172A1 (en) | Device and method for providing online service | |
Kaushik Srinivasan et al. | Manufacturer Usage Description Specification Implementation |