TW202243443A - Method for accessing private network service and service gateway equipment - Google Patents

Method for accessing private network service and service gateway equipment Download PDF

Info

Publication number
TW202243443A
TW202243443A TW110114280A TW110114280A TW202243443A TW 202243443 A TW202243443 A TW 202243443A TW 110114280 A TW110114280 A TW 110114280A TW 110114280 A TW110114280 A TW 110114280A TW 202243443 A TW202243443 A TW 202243443A
Authority
TW
Taiwan
Prior art keywords
service
private network
user equipment
module
gateway device
Prior art date
Application number
TW110114280A
Other languages
Chinese (zh)
Other versions
TWI763449B (en
Inventor
顏朝鈞
林淳皓
吳立凡
許世俊
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW110114280A priority Critical patent/TWI763449B/en
Application granted granted Critical
Publication of TWI763449B publication Critical patent/TWI763449B/en
Publication of TW202243443A publication Critical patent/TW202243443A/en

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)

Abstract

A method for accessing private network service and a service gateway equipment are provided. The method for accessing private network service includes: communicatively connecting, by a service gateway equipment, to a user equipment (UE) in a public network through an encrypted connection; communicatively connecting, by the service gateway equipment, to a private network service server in a private network; and configuring, by the service gateway equipment, the private network service server to provide a private network service corresponding to a target service to the UE according to a the target service selected by a browser software of the UE.

Description

私有網路服務存取方法和服務閘道設備Private network service access method and service gateway device

本揭露是有關於一種私有網路服務存取方法和服務閘道設備。This disclosure relates to a private network service access method and service gateway equipment.

基於資訊安全的考量,管理者必須設定許多資安政策來管制存取私有網路的終端裝置的電腦狀態或行為。當終端裝置想要使用虛擬私有網路(Virtual Private Network,VPN)服務時,終端裝置必須額外安裝虛擬私有網路軟體。終端裝置須執行此虛擬私有網路軟體以進行認證授權與虛擬私有網路通道(tunnel)的建立,並同時取得私有網路的網際協定(Internet Protocol)與路由,才能連進私有網路。因此,使用私有網路中的私有網路服務對使用者來說是非常不便利的。Based on information security considerations, administrators must set up many information security policies to control the computer status or behavior of terminal devices accessing private networks. When a terminal device wants to use a virtual private network (Virtual Private Network, VPN) service, the terminal device must additionally install VPN software. The terminal device must execute the VPN software to perform authentication and authorization, establish a VPN tunnel, and obtain the Internet Protocol (IP) and routing of the private network before connecting to the private network. Therefore, it is very inconvenient for the user to use the private network service in the private network.

本揭露提供一種私有網路服務存取方法和服務閘道設備,可以讓使用者在不需要額外安裝軟體的情況下,經由用戶設備上的瀏覽器軟體選擇想要使用(存取)的私有網路服務。This disclosure provides a private network service access method and service gateway device, which allow users to select the private network they want to use (access) through the browser software on the user device without additional software installation. road service.

本揭露的一種私有網路服務存取方法,包含:由服務閘道設備通過加密連線通訊連接至公眾網路中的用戶設備;由服務閘道設備通訊連接至私有網路中的私有網路服務伺服器;以及由服務閘道設備根據用戶設備的瀏覽器軟體所選擇的目標服務配置私有網路服務伺服器,以由私有網路服務伺服器提供對應於目標服務的私有網路服務給用戶設備。A private network service access method disclosed in this disclosure includes: connecting the service gateway device to the user equipment in the public network through encrypted connection communication; connecting the service gateway device to the private network in the private network The service server; and the private network service server is configured by the service gateway device according to the target service selected by the browser software of the user equipment, so that the private network service server provides the private network service corresponding to the target service to the user equipment.

本揭露的一種服務閘道設備,包含處理器、儲存媒體以及收發器。收發器通過加密連線通訊連接至公眾網路中的用戶設備,並且通訊連接至私有網路中的私有網路服務伺服器,其中用戶設備儲存瀏覽器軟體。儲存媒體儲存多個模組。處理器存取和執行多個模組,其中多個模組包含服務模組以及轉導模組,其中服務模組根據用戶設備的瀏覽器軟體所選擇的目標服務而控制轉導模組配置私有網路服務伺服器,以由私有網路服務伺服器提供對應於目標服務的私有網路服務給用戶設備。A service gateway device disclosed in the present disclosure includes a processor, a storage medium, and a transceiver. The transceiver is connected to the user equipment in the public network through encrypted connection communication, and is connected to the private network service server in the private network, wherein the user equipment stores browser software. The storage medium stores multiple modules. The processor accesses and executes a plurality of modules, wherein the plurality of modules include a service module and a transduction module, wherein the service module controls the transduction module according to the target service selected by the browser software of the user equipment to configure private The network service server is used to provide the private network service corresponding to the target service to the user equipment by the private network service server.

基於上述,本揭露的私有網路服務存取方法和服務閘道設備可以讓使用者經由用戶設備上的瀏覽器軟體選擇想要使用(存取)的私有網路服務,提高了使用的方便性。另外,當使用者輸入的登入資料與預存的認證資料匹配,服務閘道設備可提供對應於使用者所選擇的允許服務的私有網路服務給瀏覽器軟體。基此,私有網路服務存取的安全性與便利性更能顯著提升。Based on the above, the private network service access method and service gateway device disclosed in this disclosure can allow users to select the private network service they want to use (access) through the browser software on the user device, which improves the convenience of use . In addition, when the login information input by the user matches the pre-stored authentication information, the service gateway device can provide the private network service corresponding to the allowed service selected by the user to the browser software. Based on this, the security and convenience of private network service access can be significantly improved.

為讓本揭露的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present disclosure more comprehensible, the following specific embodiments are described in detail together with the accompanying drawings.

圖1是根據本揭露的一實施例繪示一種私有網路服務存取系統100的示意圖。請參照圖1,私有網路服務存取系統100可包括用戶設備110、私有網路服務伺服器120以及服務閘道設備130。FIG. 1 is a schematic diagram illustrating a private network service access system 100 according to an embodiment of the present disclosure. Please refer to FIG. 1 , the private network service access system 100 may include a user equipment 110 , a private network service server 120 and a service gateway device 130 .

用戶設備110可具有處理單元(例如:處理器但不限於此)、通訊單元(例如:各類通訊晶片、行動通訊晶片、藍芽晶片、WiFi晶片等但不限於此)及儲存單元(例如:可移動隨機存取記憶體、快閃記憶體、硬碟等但不限於此)等運行用戶設備110的必要構件。用戶設備110例如是一般常用的終端裝置,例如,用戶設備110可包括桌上型電腦、筆記型電腦、個人數位助理(personal digital assistant,PDA)、智慧型手機或精簡型終端(thin client)等具備IP位址或連網功能的設備。用戶設備110可設置於公眾網路10。公眾網路10例如是可由任意的終端裝置存取的網路。The user equipment 110 may have a processing unit (such as a processor but not limited thereto), a communication unit (such as various communication chips, mobile communication chips, Bluetooth chips, WiFi chips, etc. but not limited thereto) and a storage unit (such as: Removable random access memory, flash memory, hard disk, etc. but not limited thereto) and other necessary components to run the user equipment 110 . The user equipment 110 is, for example, a commonly used terminal device. For example, the user equipment 110 may include a desktop computer, a notebook computer, a personal digital assistant (personal digital assistant, PDA), a smart phone, or a thin terminal (thin client), etc. A device with an IP address or networking capability. The user equipment 110 can be set in the public network 10 . The public network 10 is, for example, a network that can be accessed by any terminal device.

用戶設備110可儲存瀏覽器軟體111。瀏覽器軟體111可以是用來瀏覽網頁的軟體,例如,瀏覽器軟體111可支援超文本標記語言(html 5)。The user equipment 110 can store browser software 111 . The browser software 111 may be software for browsing webpages, for example, the browser software 111 may support hypertext markup language (html5).

私有網路服務伺服器120可具有處理單元(例如:處理器但不限於此)、通訊單元(例如:各類通訊晶片、行動通訊晶片、藍芽晶片、WiFi晶片等但不限於此)及儲存單元(例如:可移動隨機存取記憶體、快閃記憶體、硬碟等但不限於此)等運行私有網路服務伺服器120的必要構件。私有網路服務伺服器120可設置於私有網路20。私有網路20例如是僅具有權限的終端裝置才能存取的網路。The private network service server 120 may have a processing unit (for example: a processor but not limited thereto), a communication unit (for example: various communication chips, mobile communication chips, bluetooth chips, WiFi chips, etc. but not limited thereto) and storage Units (for example: removable random access memory, flash memory, hard disk, etc. but not limited thereto) are necessary components for running the private network service server 120 . The private network service server 120 can be set in the private network 20 . The private network 20 is, for example, a network that only authorized terminal devices can access.

私有網路服務伺服器120可儲存一或多個私有網路服務。在本實施例中,私有網路服務可以包括但不限於:安全殼協定(secure shell,SSH)、遠端通信網路(Telnet)、遠端桌面協定(remote desktop protocol,RDP)或虛擬網路計算(virtual network computing,VNC)。The private network service server 120 can store one or more private network services. In this embodiment, the private network service may include but not limited to: secure shell protocol (secure shell, SSH), remote communication network (Telnet), remote desktop protocol (remote desktop protocol, RDP) or virtual network Computing (virtual network computing, VNC).

服務閘道設備130可包含處理器131、儲存媒體132以及收發器133。The service gateway device 130 may include a processor 131 , a storage medium 132 and a transceiver 133 .

處理器131例如是中央處理單元(central processing unit,CPU),或是其他可程式化之一般用途或特殊用途的微控制單元(micro control unit,MCU)、微處理器(microprocessor)、數位信號處理器(digital signal processor,DSP)、可程式化控制器、特殊應用積體電路(application specific integrated circuit,ASIC)、圖形處理器(graphics processing unit,GPU)、影像訊號處理器(image signal processor,ISP)、影像處理單元(image processing unit,IPU)、算數邏輯單元(arithmetic logic unit,ALU)、複雜可程式邏輯裝置(complex programmable logic device,CPLD)、現場可程式化邏輯閘陣列(field programmable gate array,FPGA)或其他類似元件或上述元件的組合。處理器131可耦接至儲存媒體132以及收發器133,並且存取和執行儲存於儲存媒體132中的多個模組和各種應用程式。The processor 131 is, for example, a central processing unit (central processing unit, CPU), or other programmable general purpose or special purpose micro control unit (micro control unit, MCU), microprocessor (microprocessor), digital signal processing Digital signal processor (DSP), programmable controller, application specific integrated circuit (ASIC), graphics processing unit (graphics processing unit, GPU), image signal processor (image signal processor, ISP) ), image processing unit (image processing unit, IPU), arithmetic logic unit (arithmetic logic unit, ALU), complex programmable logic device (complex programmable logic device, CPLD), field programmable logic gate array (field programmable gate array , FPGA) or other similar components or combinations of the above components. The processor 131 can be coupled to the storage medium 132 and the transceiver 133 , and access and execute multiple modules and various application programs stored in the storage medium 132 .

儲存媒體132例如是任何型態的固定式或可移動式的隨機存取記憶體(random access memory,RAM)、唯讀記憶體(read-only memory,ROM)、快閃記憶體(flash memory)、硬碟(hard disk drive,HDD)、固態硬碟(solid state drive,SSD)或類似元件或上述元件的組合,而用於儲存可由處理器131執行的多個模組或各種應用程式。在本實施例中,儲存媒體132可儲存包括服務模組1321、認證模組1322以及轉導模組1323等多個模組,其功能將於後續說明。The storage medium 132 is, for example, any type of fixed or removable random access memory (random access memory, RAM), read-only memory (read-only memory, ROM), flash memory (flash memory) , a hard disk drive (hard disk drive, HDD), a solid state drive (solid state drive, SSD) or similar components or a combination of the above components for storing multiple modules or various application programs executable by the processor 131 . In this embodiment, the storage medium 132 can store multiple modules including a service module 1321 , an authentication module 1322 , and a transduction module 1323 , and their functions will be described later.

收發器133以無線或有線的方式傳送及接收訊號。收發器130還可以執行例如低噪聲放大、阻抗匹配、混頻、向上或向下頻率轉換、濾波、放大以及類似的操作。服務閘道設備130的收發器133可通過加密連線通訊連接至公眾網路10中的用戶設備110,並可通訊連接至私有網路20中的私有網路服務伺服器120。The transceiver 133 transmits and receives signals in a wireless or wired manner. The transceiver 130 may also perform operations such as low noise amplification, impedance matching, frequency mixing, up or down frequency conversion, filtering, amplification, and the like. The transceiver 133 of the service gateway device 130 can communicate with the user equipment 110 in the public network 10 through an encrypted connection, and can communicate with the private network service server 120 in the private network 20 .

在一實施例中,認證模組1322可儲存關聯於使用者的認證資料以及包含至少一允許服務的服務列表。 表1 帳號 認證資料 允許服務 使用者A 帳號密碼 安全殼協定服務A(10.1.1.1/22) 虛擬網路計算服務B(10.1.1.2/5900) 使用者B 憑證 安全殼協定服務A(10.1.1.1/22) 遠端桌面協定服務C(10.1.1.3/3389) 使用者C 簡訊OTP 虛擬網路計算服務B(10.1.1.2/5900) 遠端桌面協定服務C(10.1.1.3/3389) 遠端桌面協定服務D(10.1.1.4/3389) In one embodiment, the authentication module 1322 can store authentication information associated with the user and a service list including at least one allowed service. Table 1 account number Authentication information Allow service User A account password Containment Protocol Service A (10.1.1.1/22) Virtual network computing service B (10.1.1.2/5900) User B certificate Containment Protocol Service A (10.1.1.1/22) Remote Desktop Protocol Service C (10.1.1.3/3389) User C SMS OTP Virtual network computing service B (10.1.1.2/5900) Remote Desktop Protocol Service C (10.1.1.3/3389) Remote Desktop Protocol Service D (10.1.1.4/3389)

表1是認證模組1322所儲存內容的一個實例。請參照表1,認證模組1322可儲存關聯於使用者的認證資料以及允許服務。例如,使用者A是利用帳號密碼作為認證資料,且使用者A被允許使用的服務為安全殼協定服務A(10.1.1.1/22)以及虛擬網路計算服務B(10.1.1.2/5900)。使用者B是利用憑證作為認證資料,且使用者B被允許使用的服務為安全殼協定服務A(10.1.1.1/22)以及遠端桌面協定服務C(10.1.1.3/3389)。使用者C是利用簡訊一次性密碼(one-time password,OTP)作為認證資料,且使用者C被允許使用的服務為虛擬網路計算服務B(10.1.1.2/5900)、遠端桌面協定服務C(10.1.1.3/3389)以及遠端桌面協定服務D(10.1.1.4/3389)。Table 1 is an example of the content stored in the authentication module 1322 . Please refer to Table 1, the authentication module 1322 can store the authentication information associated with the user and the allowed service. For example, user A uses account password as authentication information, and the services that user A is allowed to use are secure shell protocol service A (10.1.1.1/22) and virtual network computing service B (10.1.1.2/5900). User B uses the certificate as authentication information, and the services that user B is allowed to use are Secure Shell Service A (10.1.1.1/22) and Remote Desktop Service C (10.1.1.3/3389). User C uses SMS one-time password (OTP) as authentication information, and the services that user C is allowed to use are virtual network computing service B (10.1.1.2/5900), remote desktop protocol service C (10.1.1.3/3389) and Remote Desktop Protocol Service D (10.1.1.4/3389).

以下將以使用者A作為實施例繼續說明。當使用者A想要利用(設置於公眾網路10的)用戶設備100存取私有網路20中的私有網路服務時,使用者A可利用瀏覽器軟體111在公眾網路10中建立用戶設備100和服務閘道設備130之間的加密連線。例如,瀏覽器軟體111可透過超文本傳輸安全協定(https 443 port)連線至服務模組1321,本揭露不限制建立加密連線的方式。In the following, user A will be used as an example to continue the description. When user A wants to use the user equipment 100 (set in the public network 10) to access the private network service in the private network 20, user A can use the browser software 111 to create a user in the public network 10 An encrypted connection between the device 100 and the service gateway device 130. For example, the browser software 111 can connect to the service module 1321 through HTTPS 443 port, and the present disclosure does not limit the way of establishing an encrypted connection.

圖2是根據本揭露的一實施例繪示一種登入畫面的示意圖,請同時參照圖2與表1。由於使用者A的認證資料是帳號密碼(使用者A是利用帳號密碼作為認證),在使用者A利用瀏覽器軟體111經由加密連線連接至服務閘道設備130後,服務模組1321可提供如圖2的登入頁面給瀏覽器軟體111,以接收使用者A的登入資料。FIG. 2 is a schematic diagram illustrating a login screen according to an embodiment of the present disclosure. Please refer to FIG. 2 and Table 1 at the same time. Since user A's authentication information is account password (user A uses account password as authentication), after user A uses browser software 111 to connect to service gateway device 130 through an encrypted connection, service module 1321 can provide The login page as shown in FIG. 2 is sent to the browser software 111 to receive the login information of user A.

在使用者A通過瀏覽器軟體111將登入資料輸入至登入頁面後,認證模組1322可判斷使用者A所輸入的登入資料是否與認證模組1322所儲存的認證資料(即表1中關聯於使用者A的認證資料)匹配。若認證模組1322判斷所輸入的登入資料與認證資料匹配,服務模組1321可控制轉導模組1323配置私有網路20中的私有網路服務伺服器120,以由私有網路服務伺服器120提供對應於用戶設備110的目標服務的私有網路服務給用戶設備110的瀏覽器軟體111。圖3是根據本揭露的一實施例繪示一種顯示允許服務的示意圖。請同時參照圖3與表1,在認證模組1322判斷登入資料與認證資料匹配後,由於認證模組1322所儲存的服務列表指示了使用者A被允許使用的服務(即,允許服務)為安全殼協定服務A(10.1.1.1/22)以及虛擬網路計算服務B(10.1.1.2/5900),故服務模組1321可提供如圖3中的畫面以供使用者從服務列表中的至少一允許服務中選擇想要使用的目標服務。在使用者決定目標服務後,使用者可通過用戶設備110的瀏覽器軟體111傳送指令給服務模組1321。服務模組1321可根據指令而從服務列表中的至少一允許服務中選出目標服務。After user A inputs the login information into the login page through the browser software 111, the authentication module 1322 can determine whether the login information input by user A is consistent with the authentication information stored in the authentication module 1322 (that is, in Table 1, associated with User A's authentication information) match. If the authentication module 1322 determines that the input login data matches the authentication data, the service module 1321 can control the transduction module 1323 to configure the private network service server 120 in the private network 20, so that the private network service server 120 provides the browser software 111 of the user equipment 110 with the private network service corresponding to the target service of the user equipment 110 . FIG. 3 is a schematic diagram illustrating a display permission service according to an embodiment of the present disclosure. Please refer to FIG. 3 and Table 1 at the same time. After the authentication module 1322 judges that the login information matches the authentication information, the service list stored by the authentication module 1322 indicates that the service that user A is allowed to use (that is, the allowed service) is Secure Shell Protocol Service A (10.1.1.1/22) and Virtual Network Computing Service B (10.1.1.2/5900), so the service module 1321 can provide a screen as shown in Figure 3 for the user to select at least One allows the service to choose the target service you want to use. After the user determines the target service, the user can send an instruction to the service module 1321 through the browser software 111 of the user equipment 110 . The service module 1321 can select a target service from at least one allowed service in the service list according to the instruction.

假設使用者A(在瀏覽器軟體111上)從允許服務中選擇的目標服務是安全殼協定服務A(10.1.1.1/22),服務閘道設備130的轉導模組1323可連接至有私有網路服務伺服器120以配置私有網路服務伺服器120啟動對應於目標服務(安全殼協定服務A(10.1.1.1/22))的私有網路服務。圖4是根據本揭露的一實施例繪示一種提供對應於目標服務的私有網路服務的示意圖,請參照圖4。在轉導模組1323配置私有網路服務伺服器120以啟動對應於目標服務的私有網路服務(即,安全殼協定服務A(10.1.1.1/22))之後,服務模組1321可控制轉導模組1323配置私有網路服務伺服器120,以由私有網路服務伺服器120提供對應於目標服務的私有網路服務(即,安全殼協定服務A(10.1.1.1/22))給用戶設備110的瀏覽器軟體111。在一實施例中,私有網路服務伺服器120可經由服務閘道設備130提供私有網路服務給用戶設備110。例如,轉導模組1323可存取私有網路服務伺服器120以將私有網路服務的連線狀態影像畫面透過服務模組1321以及收發器133提供給瀏覽器軟體111。本揭露不限制提供私有網路服務給瀏覽器軟體111的實施方式。Assuming that the target service selected by user A (on the browser software 111) from the allowed services is the secure shell protocol service A (10.1.1.1/22), the transduction module 1323 of the service gateway device 130 can be connected to a private The network service server 120 configures the private network service server 120 to activate the private network service corresponding to the target service (secure shell protocol service A (10.1.1.1/22)). FIG. 4 is a schematic diagram illustrating a provision of a private network service corresponding to a target service according to an embodiment of the present disclosure, please refer to FIG. 4 . After the transduction module 1323 configures the private network service server 120 to start the private network service corresponding to the target service (that is, the secure shell protocol service A (10.1.1.1/22)), the service module 1321 can control the transduction The guide module 1323 configures the private network service server 120, so that the private network service server 120 provides the private network service corresponding to the target service (that is, the secure shell protocol service A (10.1.1.1/22)) to the user The browser software 111 of the device 110. In one embodiment, the private network service server 120 can provide the private network service to the user equipment 110 via the service gateway device 130 . For example, the transduction module 1323 can access the private network service server 120 to provide the connection status image of the private network service to the browser software 111 through the service module 1321 and the transceiver 133 . The disclosure does not limit the implementation of providing the private network service to the browser software 111 .

圖5是根據本揭露的一實施例繪示一種私有網路服務存取方法的流程圖,其中私有網路服務存取方法可由如圖1所示的服務閘道設備130實施。在步驟S501中,由服務閘道設備通過加密連線通訊連接至公眾網路中的用戶設備;由服務閘道設備通訊連接至私有網路中的私有網路服務伺服器。在步驟S502中,由服務閘道設備根據用戶設備的瀏覽器軟體所選擇的目標服務配置私有網路服務伺服器,以由私有網路服務伺服器提供對應於目標服務的私有網路服務給用戶設備。FIG. 5 is a flowchart illustrating a private network service access method according to an embodiment of the present disclosure, wherein the private network service access method can be implemented by the service gateway device 130 shown in FIG. 1 . In step S501, the service gateway device communicates with the user equipment in the public network through an encrypted connection; the service gateway device communicates with the private network service server in the private network. In step S502, the service gateway device configures the private network service server according to the target service selected by the browser software of the user equipment, so that the private network service server provides the private network service corresponding to the target service to the user equipment.

綜上所述,本揭露的私有網路服務存取方法和服務閘道設備可以讓使用者經由用戶設備上的瀏覽器軟體選擇想要使用(存取)的私有網路服務,提高了使用的方便性。另外,當使用者輸入的登入資料與預存的認證資料匹配,本揭露可提供對應於允許服務的私有網路服務給瀏覽器軟體。基此,私有網路服務存取的安全性與便利性更能有效提升。To sum up, the private network service access method and service gateway device disclosed in this disclosure can allow users to choose the private network service they want to use (access) through the browser software on the user device, which improves the user experience. convenience. In addition, when the login information input by the user matches the pre-stored authentication information, the present disclosure can provide the private network service corresponding to the allowed service to the browser software. Based on this, the security and convenience of private network service access can be effectively improved.

雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何所屬技術領域中具有通常知識者,在不脫離本揭露的精神和範圍內,當可作些許的更動與潤飾,故本揭露的保護範圍當視後附的申請專利範圍所界定者為準。Although the present disclosure has been disclosed above with embodiments, it is not intended to limit the present disclosure. Anyone with ordinary knowledge in the technical field may make some changes and modifications without departing from the spirit and scope of the present disclosure. The scope of protection of this disclosure should be defined by the scope of the appended patent application.

100:私有網路服務存取系統 10:公眾網路 110:用戶設備 111:瀏覽器軟體 20:私有網路 120:私有網路服務伺服器 130:服務閘道設備 1321:服務模組 1322:認證模組 1323:轉導模組 S501、S502:步驟 100: Private network service access system 10: Public Internet 110: user equipment 111:Browser software 20: Private network 120: Private network service server 130: service gateway equipment 1321: service module 1322: authentication module 1323:transduction module S501, S502: steps

圖1是根據本揭露的一實施例繪示一種私有網路服務存取系統的示意圖。 圖2是根據本揭露的一實施例繪示一種登入畫面的示意圖。 圖3是根據本揭露的一實施例繪示一種顯示允許服務的示意圖。 圖4是根據本揭露的一實施例繪示一種提供對應於目標服務的私有網路服務的示意圖。 圖5是根據本揭露的一實施例繪示一種私有網路服務存取方法的流程圖。 FIG. 1 is a schematic diagram illustrating a private network service access system according to an embodiment of the present disclosure. FIG. 2 is a schematic diagram illustrating a login screen according to an embodiment of the present disclosure. FIG. 3 is a schematic diagram illustrating a display permission service according to an embodiment of the present disclosure. FIG. 4 is a schematic diagram illustrating a provision of a private network service corresponding to a target service according to an embodiment of the present disclosure. FIG. 5 is a flowchart illustrating a private network service access method according to an embodiment of the present disclosure.

S501、S502:步驟 S501, S502: steps

Claims (5)

一種私有網路服務存取方法,包括: 由服務閘道設備通過加密連線通訊連接至公眾網路中的用戶設備; 由所述服務閘道設備通訊連接至私有網路中的私有網路服務伺服器;以及 由所述服務閘道設備根據所述用戶設備的瀏覽器軟體所選擇的目標服務配置所述私有網路服務伺服器,以由所述私有網路服務伺服器提供對應於所述目標服務的私有網路服務給所述用戶設備。 A private network service access method, comprising: The service gateway device is connected to the user equipment in the public network through encrypted connection communication; The service gateway device is communicatively connected to the private network service server in the private network; and The service gateway device configures the private network service server according to the target service selected by the browser software of the user equipment, so that the private network service server provides the private network corresponding to the target service. The network service is provided to the user equipment. 一種服務閘道設備,包括: 收發器,通過加密連線通訊連接至公眾網路中的用戶設備,並且通訊連接至私有網路中的私有網路服務伺服器,其中所述用戶設備儲存瀏覽器軟體; 儲存媒體,儲存多個模組;以及 處理器,存取和執行所述多個模組,其中所述多個模組包括服務模組以及轉導模組,其中 所述服務模組根據所述用戶設備的所述瀏覽器軟體所選擇的目標服務而控制所述轉導模組配置所述私有網路服務伺服器,以由所述私有網路服務伺服器提供對應於所述目標服務的私有網路服務給所述用戶設備。 A service gateway device, comprising: The transceiver is connected to the user equipment in the public network through an encrypted connection, and is connected to the private network service server in the private network, wherein the user equipment stores browser software; a storage medium for storing multiple modules; and A processor, accessing and executing the plurality of modules, wherein the plurality of modules include a service module and a transduction module, wherein The service module controls the transduction module to configure the private network service server according to the target service selected by the browser software of the user equipment, so as to be provided by the private network service server The private network service corresponding to the target service is provided to the user equipment. 如請求項2所述的服務閘道設備,其中 所述服務模組提供登入頁面給所述瀏覽器軟體,並通過所述登入頁面接收使用者的登入資料。 The service gateway device as described in claim 2, wherein The service module provides a login page to the browser software, and receives the user's login information through the login page. 如請求項3所述的服務閘道設備,其中 所述多個模組更包括認證模組,其中所述認證模組儲存關聯於所述使用者的認證資料以及至少一允許服務,其中 響應於所述登入資料與所述認證資料匹配,所述服務模組根據所述瀏覽器軟體的指令從所述至少一允許服務中選擇所述目標服務。 The service gateway device as described in claim 3, wherein The plurality of modules further includes an authentication module, wherein the authentication module stores authentication information associated with the user and at least one allowed service, wherein In response to the login information matching the authentication information, the service module selects the target service from the at least one allowed service according to an instruction of the browser software. 如請求項2所述的服務閘道設備,其中所述私有網路服務包括下列的至少其中之一: 安全殼協定、遠端通信網路、遠端桌面協定以及虛擬網路計算。 The service gateway device as claimed in claim 2, wherein the private network service includes at least one of the following: Secure Shell Protocol, Remote Communications Network, Remote Desktop Protocol, and Virtual Network Computing.
TW110114280A 2021-04-21 2021-04-21 Method for accessing private network service and service gateway equipment TWI763449B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110114280A TWI763449B (en) 2021-04-21 2021-04-21 Method for accessing private network service and service gateway equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110114280A TWI763449B (en) 2021-04-21 2021-04-21 Method for accessing private network service and service gateway equipment

Publications (2)

Publication Number Publication Date
TWI763449B TWI763449B (en) 2022-05-01
TW202243443A true TW202243443A (en) 2022-11-01

Family

ID=82594148

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110114280A TWI763449B (en) 2021-04-21 2021-04-21 Method for accessing private network service and service gateway equipment

Country Status (1)

Country Link
TW (1) TWI763449B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI624163B (en) * 2016-08-03 2018-05-11 Chunghwa Telecom Co Ltd System for controlling IPv6 networking of IoT devices
CN108200165B (en) * 2017-12-29 2019-07-02 Oppo广东移动通信有限公司 Request Transmission system, method, apparatus and storage medium
TWI692956B (en) * 2019-03-04 2020-05-01 中華電信股份有限公司 Ipv6 accessing management system based on software defined network and method thereof
CN111371775A (en) * 2020-02-28 2020-07-03 深信服科技股份有限公司 Single sign-on method, device, equipment, system and storage medium

Also Published As

Publication number Publication date
TWI763449B (en) 2022-05-01

Similar Documents

Publication Publication Date Title
EP3138257B1 (en) Enterprise system authentication and authorization via gateway
JP6591650B2 (en) Automatic placeholder finder and filler
JP6552519B2 (en) Portal authentication
EP3162103B1 (en) Enterprise authentication via third party authentication support
US20210004453A1 (en) Device-specific authentication credentials
JP2020166906A (en) Secure single sign on and conditional access for client applications
US9729514B2 (en) Method and system of a secure access gateway
US8893255B1 (en) Device authentication using device-specific proxy addresses
TW201106196A (en) Network location determination for direct access networks
WO2015135331A1 (en) Authorization method, apparatus and system for authentication
WO2018010146A1 (en) Response method, apparatus and system in virtual network computing authentication, and proxy server
US11290425B2 (en) Configuring network security based on device management characteristics
US11651099B2 (en) Persisting encrypted remote browser data at a local browser for use in a remote browser
JP2015535362A (en) Method and apparatus for securely accessing web services
US11367445B2 (en) Virtualized speech in a distributed network environment
CA2912774C (en) Providing single sign-on for wireless devices
TWI763449B (en) Method for accessing private network service and service gateway equipment
TW201417535A (en) Network access control based on risk factor
US20230254301A1 (en) Auto-Configuration of Security Features in Distributed System with Minimal User Interaction
US20230254164A1 (en) Shared device secure access
US12126596B2 (en) Configuring network security based on device management characteristics
US20150288675A1 (en) System, method for computer security
JP6073120B2 (en) Connection authentication system and connection authentication method
WO2015139172A1 (en) Device and method for providing online service
Kaushik Srinivasan et al. Manufacturer Usage Description Specification Implementation