WO2019000597A1 - Ip address hiding method and device - Google Patents

Ip address hiding method and device Download PDF

Info

Publication number
WO2019000597A1
WO2019000597A1 PCT/CN2017/097201 CN2017097201W WO2019000597A1 WO 2019000597 A1 WO2019000597 A1 WO 2019000597A1 CN 2017097201 W CN2017097201 W CN 2017097201W WO 2019000597 A1 WO2019000597 A1 WO 2019000597A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
level
access level
access
super
Prior art date
Application number
PCT/CN2017/097201
Other languages
French (fr)
Chinese (zh)
Inventor
杨帆
王根平
朱旗
义远科
Original Assignee
深圳市欧乐在线技术发展有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欧乐在线技术发展有限公司 filed Critical 深圳市欧乐在线技术发展有限公司
Publication of WO2019000597A1 publication Critical patent/WO2019000597A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an IP address hiding method and apparatus.
  • the main purpose of the present invention is to provide an IP address hiding method and apparatus, which use different levels of super nodes for different access levels of the terminal, so that the terminal does not directly connect to the server, and the hidden IP address is reached, and the ecosystem is prevented.
  • the purpose of the attack is to ensure the security of the device and the server.
  • an IP address hiding method provided by the present invention includes:
  • the terminal is connected to an access server by the at least one super node.
  • the access level of the terminal includes: a primary access level, a secondary access level, and a tertiary access.
  • the selecting the at least one super node according to the access level of the terminal includes:
  • the access level of the terminal is a three-level access level
  • three super nodes are selected.
  • the connecting, by the terminal, to the access server by using the at least one super node includes: [0013] when the access level of the terminal is a primary access level, the terminal passes the Describe a super node connected to the access server;
  • the terminal when the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes;
  • the access level of the terminal is a three-level access level
  • the terminal is connected to the access server by using the three super nodes.
  • the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
  • an IP address hiding apparatus including:
  • an obtaining module configured to acquire an access level of the terminal
  • a selection module configured to select at least one super node according to an access level of the terminal
  • connection module configured to connect, by the terminal, the access server by using the at least one super node.
  • the access level of the terminal includes: a first level access level, a second level access level, and a third level access level;
  • the selecting module includes:
  • the access level of the terminal is a three-level access level
  • three super nodes are selected.
  • the connecting module includes:
  • the terminal when the access level of the terminal is a level 1 access level, the terminal is connected to the access server by using the one super node;
  • the terminal when the access level of the terminal is a secondary access level, the terminal connects through the two super nodes. Received access to the server;
  • the access level of the terminal is a three-level access level
  • the terminal is connected to the access server by using the three super nodes.
  • the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
  • An IP address hiding method and apparatus includes: acquiring an access level of a terminal; selecting at least one super node according to an access level of the terminal; and the terminal passing the at least one super
  • the node is connected to the access server, and different levels of super nodes are used for different access levels of the terminal, so that the terminal does not directly connect to the server, thereby achieving the purpose of hiding the IP address and preventing the ecosystem from being attacked, thereby ensuring the device and the server end.
  • Safety included
  • FIG. 1 is a flowchart of an IP address hiding method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic diagram of a system connection with an access level of a first level according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic diagram of a system connection of an access level of a second level according to Embodiment 1 of the present invention.
  • FIG. 4 is a schematic diagram of a system connection with an access level of three levels according to Embodiment 1 of the present invention.
  • FIG. 5 is a schematic structural diagram of a communication system according to Embodiment 1 of the present invention.
  • FIG. 6 is a block diagram showing an exemplary structure of an IP address hiding apparatus according to Embodiment 2 of the present invention.
  • an IP address hiding method includes:
  • S20 Select at least one super node according to an access level of the terminal.
  • the terminal is connected to the access server by using the at least one super node.
  • the communication system is composed of a terminal 1 ⁇ a super node SN, an access server SCR, and a management system BBOSS, wherein the terminal is composed of an electronic device that can be connected to the network, and the terminal cannot directly connect to the server, and must pass through the super node.
  • the SN accesses the server, and at least one to three SN super nodes are forwarded to access the server; the access server is responsible for access authentication with the terminal device. It is the service server device of the operator, which is the entry point for the terminal to request processing of all services; the super node is responsible for forwarding information, and may be composed of any networked electronic device.
  • SN can be divided into three types: SN1, SN2, and SN3. Each SN node can directly connect to the terminal device. Only SN1 can connect to the SCR server. The three types of SNs are hierarchical.
  • the management system is used to operate the system and develop super nodes. Connection strategy.
  • the access level of the terminal includes: a first level access level, a second level access level, and a third level access level; and the at least one super is selected according to the access level of the terminal.
  • Nodes include:
  • the access level of the terminal is a level 1 access level, selecting a super node, only SN1 can be selected;
  • the access level of the terminal is a secondary access level
  • two super nodes are selected, namely, SN1 and SN2.
  • the access level of the terminal is a three-level access level
  • three super nodes namely, SN1, SN2, and SN3, are selected.
  • the terminal connecting to the access server by using the at least one super node includes:
  • the terminal connects through the one super node.
  • the connection diagram is shown in Figure 2.
  • the terminal will connect to the SN1 node, connect to the SCR server through SN1, and the SCR server will authenticate the terminal. Then the SCR verifies that the terminal is connected to the server via SN1. of. If the verification passes this connection will be valid. Otherwise you cannot connect to the server
  • the terminal When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes, and the connection diagram is as shown in FIG. 3, and the terminal is connected to the SN2 node. Connect SN1 through SN2, and SNl connects to the SCR server to perform authentication verification on the terminal. This ⁇ SCR verifies that the terminal is connected to the server via SN2. If the verification passes this connection will be valid. Otherwise the server cannot be connected;
  • the terminal When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super nodes, and the connection diagram is as shown in FIG. 4, and the terminal is connected to the SN3 node.
  • SN2 is connected through SN3, and SN2 is connected to SN1, and SNl is connected to the SCR server to perform authentication verification on the terminal.
  • This ⁇ SCR verifies that the terminal is connected to the server via SN3. If the verification passes this connection will be valid. Otherwise the server cannot be connected.
  • 1 ⁇ 3 are SN1 super nodes
  • 4 ⁇ 11 are SN2 super nodes
  • 12 ⁇ 22 are SN3 super nodes
  • 23 ⁇ 31 are ordinary terminals.
  • SN1, SN2, and SN3 form a complete SN proxy pool ecosystem.
  • the BBOSS determines the access line of the SN super node according to the policy, and resets the access level of the terminal.
  • the specific strategy includes: the number of nodes of each type; the maximum length of each type of node is on the line, if it exceeds the length of the node, it is offline; the node is selected again, if the terminal is selected, the node is considered The difference of the selected node; the number of times the node is selected again; the network bandwidth threshold is greater than the bandwidth to be selected; the firewall type, the terminal must have public IP and no firewall setting; IP address change rate; CPU processing capacity .
  • the access level of the terminal changes according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the BBOOS performs the SN policy to calculate that the access level of the ordinary terminal 31 is changed from the original three levels to the second level.
  • the BBOSS sends the data to the SCR server (n_l process), the SCR server sends the data to the super node 3 (n_5 process), and the super node 3 sends the data to the super node 11 (n_6 process)
  • the super node 11 sends the data to the super node 22 (n_7 flow), and the super node 22 sends the data to the terminal 31 (n_8 flow), and the terminal 31 receives the data, and the data has a list of connected super SN2.
  • the terminal selects an optimal SN2 node to establish a connection. As shown in the figure, the terminal finally selects the super node 11 to establish a connection.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
  • the BBOOS executes the SN policy to calculate that the super node 8 needs to go offline.
  • BBOSS sends the data to the SCR server (n_l process), and the SCR server sends the data to the super node 2 (n_2 process), and the super node 2 sends the data to the super node 8 (n_3 process).
  • the super node After the super node receives the data, it will execute the offline program. After the program is executed, the connection between SuperNode 8 and SuperNode 2 will be broken. This super node 8 will send a message to the corresponding connection to tell the super node 18 "I am offline", let the other party connect to other nodes. This super node 18 will connect to other SN2 nodes to find a good node connection.
  • the super node 18 is connected to the super node 9 as shown. This ensures the normal offline of the node without affecting all terminal services.
  • an IP address hiding device includes:
  • the obtaining module 10 is configured to acquire an access level of the terminal.
  • the selecting module 20 is configured to select at least one super node according to an access level of the terminal;
  • connection module 30 is configured to connect, by the terminal, the access server by using the at least one super node.
  • the communication system is composed of a terminal 1 ⁇ super node SN, an access server SCR, and a management system BBOSS, wherein the terminal is composed of an electronic device that can be connected to the network, and the terminal cannot directly connect to the server, and must pass through the super node.
  • the SN accesses the server, and at least one to three SN super nodes are forwarded to access the server; the access server is responsible for access authentication with the terminal device. It is the service server device of the operator, and is the portal for the terminal to request processing of all services; the super node is responsible for forwarding information, and may be any networked electronic device.
  • SN can be divided into three types: SN1, SN2, and SN3, each SN section. Points can be directly connected to the terminal device, only SN1 can connect to the SCR server, and the three types of SN are hierarchical.
  • the management system is used to operate the system and develop a connection strategy for the super nodes.
  • the access level of the terminal includes: a first level access level, a second level access level, and a third level access level;
  • the selection module includes:
  • the access level of the terminal is a level 1 access level, selecting a super node, only SN1 can be selected;
  • the access level of the terminal is a secondary access level
  • two super nodes are selected, namely, SN1 and SN2.
  • the access level of the terminal is a three-level access level
  • three super nodes namely, SN1, SN2, and SN3, are selected.
  • connection module includes:
  • the access level of the terminal is a level 1 access level
  • the terminal is connected to the access server by using the one super node, and the connection diagram is as shown in FIG. 2, and the terminal is connected to the SN1 node.
  • the SCR server is connected to the SCR server through SN1, and the SCR server performs authentication verification on the terminal, and then the SCR verifies whether the terminal is connected to the server through SN1. If the verification passes this connection will be valid. Otherwise you cannot connect to the server
  • the terminal When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes, and the connection diagram is as shown in FIG. 3, and the terminal is connected to the SN2 node. Connect SN1 through SN2, and SNl connects to the SCR server to perform authentication verification on the terminal. This ⁇ SCR verifies that the terminal is connected to the server via SN2. If the verification passes this connection will be valid. Otherwise the server cannot be connected;
  • the access level of the terminal is a three-level access level
  • the terminal is connected to the access server by using the three super nodes, and the connection diagram is as shown in FIG. 4, and the terminal is connected to the SN3 node.
  • SN2 is connected through SN3, and SN2 is connected to SN1, and SNl is connected to the SCR server to perform authentication verification on the terminal.
  • This ⁇ SCR verifies that the terminal is connected to the server via SN3. If the verification passes this connection will be valid. Otherwise the server cannot be connected.
  • 1 ⁇ 3 are SN1 super nodes
  • 4 ⁇ 11 are SN2 super nodes
  • 12 ⁇ 22 are SN3 super nodes
  • 23 ⁇ 31 are ordinary terminals.
  • SN1, SN2, and SN3 form a complete SN proxy pool ecosystem.
  • BBOSS determines the upper and lower lines of the SN super node according to the policy, and resets The access level of the terminal.
  • the specific strategy includes: the number of nodes of each type; the maximum length of each type of node is on the line, if it exceeds the length of the node, it is offline; the node is selected again, if the terminal is selected, the node is considered The difference of the selected node; the number of times the node is selected again; the network bandwidth threshold is greater than the bandwidth to be selected; the firewall type, the terminal must have public IP and no firewall setting; IP address change rate; CPU processing capacity .
  • the access level of the terminal changes according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the BBOOS performs the SN policy to calculate that the access level of the ordinary terminal 31 is changed from the original three levels to the second level.
  • the BBOSS sends the data to the SCR server (n_l process), the SCR server sends the data to the super node 3 (n_5 process), the super node 3 sends the data to the super node 11 (n_6 process), and the super node 11 sends the data to The super node 22 (n_7 flow), the super node 22 sends the data to the terminal 31 (n_8 flow), and the terminal 31 receives the data, which has a list of connected super SN2.
  • the terminal selects an optimal SN2 node to establish a connection. As shown in the figure, the terminal finally selects the super node 11 to establish a connection.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
  • the BBOOS executes the SN policy to calculate that the super node 8 needs to go offline.
  • BBOSS sends the data to the SCR server (n_l process), and the SCR server sends the data to the super node 2 (n_2 process), and the super node 2 sends the data to the super node 8 (n_3 process).
  • the super node After the super node receives the data, it will execute the offline program. After the program is executed, the connection between SuperNode 8 and SuperNode 2 will be broken. This super node 8 will send a message to the corresponding connection to tell the super node 18 "I am offline", let the other party connect to other nodes. This super node 18 will connect to other SN2 nodes to find a good node connection.
  • the super node 18 is connected to the super node 9 as shown. This ensures the normal offline of the node without affecting all terminal services.

Abstract

The present invention relates to the technical field of communications, and disclosed thereby are an internet protocol (IP) address hiding method and device, the method comprising: obtaining an access level of a terminal; selecting at least one super node according to the access level of the terminal; the terminal connecting to an access server by means of the at least one super node. For different access levels of the terminal, super nodes of different levels are used so that the terminal does not directly connect to the server, thus achieving the purposes of hiding the IP address and preventing the ecosphere from being attacked so as to ensure the security of the device and server side.

Description

一种 IP地址隐藏方法及装置  IP address hiding method and device
技术领域  Technical field
[0001] 本发明涉及通信技术领域, 尤其涉及一种 IP地址隐藏方法及装置。  [0001] The present invention relates to the field of communications technologies, and in particular, to an IP address hiding method and apparatus.
背景技术  Background technique
[0002] 互联网市场的蓬勃发展促进社会的进步同吋也暴露了许多的危机, 在网络上每 台计算机有惟一的 IP地址, 计算机把目标 IP地址和一个惟一的顺序号加载于传输 的每一个数据包上实现通讯, 再此阶段黑客可以利用探测、 截获的方式或者网 段的信息轻易拦截数据包信息, 导致数据信息以及 IP地址 (终端或者服务器端) 泄露, 黑客可用 DDOS方式轻易的攻破服务器端或终端。 现有市场的通信领域可 分为两种。 第一种: 点对点的方式, 如客户端 A直接连接服务器端 S。 这也是目 前市场最常见的一种方式。 在直连的过程中黑客可轻易的拦截用户信息。 获取 两端 IP等信息。 第二种:代理节点的透传。 例如:客户端 A发给代理节点 N, 代理节 点转发到服务器端。 这种方式代理节点因为是固定不变的。 黑客探寻到代理节 点后轻易的可获取到服务端的相关信息。 在整个过程中代理节点的安全性较低 技术问题  [0002] The booming development of the Internet market and the advancement of society have also exposed many crises. Each computer on the network has a unique IP address. The computer loads the target IP address and a unique sequence number into each of the transmissions. The communication is implemented on the data packet. At this stage, the hacker can easily intercept the data packet information by means of detection, interception or network segment information, resulting in leakage of data information and IP address (terminal or server). The hacker can easily break the server by DDOS. End or terminal. The field of communication in the existing market can be divided into two types. The first type: Peer-to-peer, such as client A directly connected to server S. This is also the most common way in the market today. In the process of direct connection, hackers can easily intercept user information. Get information such as IP at both ends. Second: transparent transmission of proxy nodes. For example, client A sends to proxy node N, and the proxy node forwards to the server. In this way, the proxy node is fixed. After the hacker finds the agent node, it can easily obtain information about the server. The security of the proxy node is low throughout the process.
[0003] 本发明的主要目的在于提出一种 IP地址隐藏方法及装置, 针对终端不同的接入 级别, 使用不同层级的超级节点, 使得终端不直接连接服务器, 达到了隐藏 IP地 址、 防止生态圈被攻击的目的, 从而保证了设备及服务器端的安全。  [0003] The main purpose of the present invention is to provide an IP address hiding method and apparatus, which use different levels of super nodes for different access levels of the terminal, so that the terminal does not directly connect to the server, and the hidden IP address is reached, and the ecosystem is prevented. The purpose of the attack is to ensure the security of the device and the server.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0004] 为实现上述目的, 本发明提供的一种 IP地址隐藏方法, 包括:  [0004] In order to achieve the above object, an IP address hiding method provided by the present invention includes:
[0005] 获取终端的接入级别; [0005] obtaining an access level of the terminal;
[0006] 根据所述终端的接入级别选择至少一个超级节点;  [0006] selecting at least one super node according to an access level of the terminal;
[0007] 所述终端通过所述至少一个超级节点连接到接入服务器。 [0007] The terminal is connected to an access server by the at least one super node.
[0008] 可选地, 所述终端的接入级别包括: 一级接入级别、 二级接入级别和三级接入 级别; 所述根据所述终端的接入级别选择至少一个超级节点包括: [0008] Optionally, the access level of the terminal includes: a primary access level, a secondary access level, and a tertiary access. The selecting the at least one super node according to the access level of the terminal includes:
[0009] 当所述终端的接入级别为一级接入级别吋, 选择一个超级节点;  [0009] when the access level of the terminal is a level 1 access level, selecting a super node;
[0010] 当所述终端的接入级别为二级接入级别吋, 选择两个超级节点; [0010] when the access level of the terminal is a secondary access level, two super nodes are selected;
[0011] 当所述终端的接入级别为三级接入级别吋, 选择三个超级节点。 [0011] When the access level of the terminal is a three-level access level, three super nodes are selected.
[0012] 可选地, 所述所述终端通过所述至少一个超级节点连接到接入服务器包括: [0013] 当所述终端的接入级别为一级接入级别吋, 所述终端通过所述一个超级节点连 接到接入服务器; [0012] Optionally, the connecting, by the terminal, to the access server by using the at least one super node includes: [0013] when the access level of the terminal is a primary access level, the terminal passes the Describe a super node connected to the access server;
[0014] 当所述终端的接入级别为二级接入级别吋, 所述终端通过所述两个超级节点连 接到接入服务器;  [0014] when the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes;
[0015] 当所述终端的接入级别为三级接入级别吋, 所述终端通过所述三个超级节点连 接到接入服务器。  [0015] When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super nodes.
[0016] 可选地, 所述终端的接入级别按照管理系统预设的策略进行变化, 所述终端对 应的超级节点也随之发生变化。  [0016] Optionally, the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
[0017] 可选地, 所述超级节点按照管理系统预设的策略进行上下线, 所述超级节点下 线后进入代理池中。 [0017] Optionally, the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
[0018] 作为本发明的另一方面, 提供的一种 IP地址隐藏装置, 包括: [0018] As another aspect of the present invention, an IP address hiding apparatus is provided, including:
[0019] 获取模块, 用于获取终端的接入级别; [0019] an obtaining module, configured to acquire an access level of the terminal;
[0020] 选择模块, 用于根据所述终端的接入级别选择至少一个超级节点;  [0020] a selection module, configured to select at least one super node according to an access level of the terminal;
[0021] 连接模块, 用于所述终端通过所述至少一个超级节点连接到接入服务器。 [0021] a connection module, configured to connect, by the terminal, the access server by using the at least one super node.
[0022] 可选地, 所述终端的接入级别包括: 一级接入级别、 二级接入级别和三级接入 级别; 所述选择模块包括: [0022] Optionally, the access level of the terminal includes: a first level access level, a second level access level, and a third level access level; the selecting module includes:
[0023] 当所述终端的接入级别为一级接入级别吋, 选择一个超级节点; [0023] when the access level of the terminal is a level 1 access level, selecting a super node;
[0024] 当所述终端的接入级别为二级接入级别吋, 选择两个超级节点; [0024] when the access level of the terminal is a secondary access level, two super nodes are selected;
[0025] 当所述终端的接入级别为三级接入级别吋, 选择三个超级节点。 [0025] When the access level of the terminal is a three-level access level, three super nodes are selected.
[0026] 可选地, 所述连接模块包括: Optionally, the connecting module includes:
[0027] 当所述终端的接入级别为一级接入级别吋, 所述终端通过所述一个超级节点连 接到接入服务器;  [0027] when the access level of the terminal is a level 1 access level, the terminal is connected to the access server by using the one super node;
[0028] 当所述终端的接入级别为二级接入级别吋, 所述终端通过所述两个超级节点连 接到接入服务器; [0028] when the access level of the terminal is a secondary access level, the terminal connects through the two super nodes. Received access to the server;
[0029] 当所述终端的接入级别为三级接入级别吋, 所述终端通过所述三个超级节点连 接到接入服务器。  [0029] When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super nodes.
[0030] 可选地, 所述终端的接入级别按照管理系统预设的策略进行变化, 所述终端对 应的超级节点也随之发生变化。  [0030] Optionally, the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
[0031] 可选地, 所述超级节点按照管理系统预设的策略进行上下线, 所述超级节点下 线后进入代理池中。 [0031] Optionally, the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0032] 本发明提出的一种 IP地址隐藏方法及装置, 该方法包括: 获取终端的接入级别 ; 根据所述终端的接入级别选择至少一个超级节点; 所述终端通过所述至少一 个超级节点连接到接入服务器, 针对终端不同的接入级别, 使用不同层级的超 级节点, 使得终端不直接连接服务器, 达到了隐藏 IP地址、 防止生态圈被攻击的 目的, 从而保证了设备及服务器端的安全。  [0032] An IP address hiding method and apparatus according to the present invention, the method includes: acquiring an access level of a terminal; selecting at least one super node according to an access level of the terminal; and the terminal passing the at least one super The node is connected to the access server, and different levels of super nodes are used for different access levels of the terminal, so that the terminal does not directly connect to the server, thereby achieving the purpose of hiding the IP address and preventing the ecosystem from being attacked, thereby ensuring the device and the server end. Safety.
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0033] 图 1为本发明实施例一提供的一种 IP地址隐藏方法流程图;  1 is a flowchart of an IP address hiding method according to Embodiment 1 of the present invention;
[0034] 图 2为本发明实施例一提供的接入级别为一级吋的系统连接示意图;  2 is a schematic diagram of a system connection with an access level of a first level according to Embodiment 1 of the present invention;
[0035] 图 3为本发明实施例一提供的接入级别为二级吋的系统连接示意图;  3 is a schematic diagram of a system connection of an access level of a second level according to Embodiment 1 of the present invention;
[0036] 图 4为本发明实施例一提供的接入级别为三级吋的系统连接示意图;  4 is a schematic diagram of a system connection with an access level of three levels according to Embodiment 1 of the present invention;
[0037] 图 5为本发明实施例一提供的通信系统结构示意图;  5 is a schematic structural diagram of a communication system according to Embodiment 1 of the present invention;
[0038] 图 6为本发明实施例二提供的一种 IP地址隐藏装置示范性结构框图。  FIG. 6 is a block diagram showing an exemplary structure of an IP address hiding apparatus according to Embodiment 2 of the present invention.
[0039] 本发明目的的实现、 功能特点及优点将结合实施例, 参照附图做进一步说明。  [0039] The implementation, functional features, and advantages of the present invention will be further described with reference to the accompanying drawings.
实施该发明的最佳实施例  BEST MODE FOR CARRYING OUT THE INVENTION
本发明的最佳实施方式  BEST MODE FOR CARRYING OUT THE INVENTION
[0040] 应当理解, 此处所描述的具体实施例仅仅用以解释本发明, 并不用于限定本发 明。 [0041] 在后续的描述中, 使用用于表示元件的诸如"模块"、 "部件 "或"单元"的后缀仅 为了有利于本发明的说明, 其本身并没有特定的意义。 因此, "模块 "与"部件"可 以混合地使用。 The specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. [0041] In the following description, the use of suffixes such as "module", "component" or "unit" for indicating an element is merely an explanation for facilitating the present invention, and does not have a specific meaning per se. Therefore, "module" and "component" can be used in combination.
[0042] 如图 1所示, 在本实施例中, 一种 IP地址隐藏方法, 包括:  [0042] As shown in FIG. 1, in this embodiment, an IP address hiding method includes:
[0043] S10、 获取终端的接入级别; [0043] S10. Obtain an access level of the terminal.
[0044] S20、 根据所述终端的接入级别选择至少一个超级节点;  [0044] S20. Select at least one super node according to an access level of the terminal.
[0045] S30、 所述终端通过所述至少一个超级节点连接到接入服务器。 [0045] S30. The terminal is connected to the access server by using the at least one super node.
[0046] 在本实施例中, 针对终端不同的接入级别, 使用不同层级的超级节点, 使得终 端不直接连接服务器, 达到了隐藏 IP地址、 防止生态圈被攻击的目的, 从而保证 了设备及服务器端的安全。 [0046] In this embodiment, different levels of super nodes are used for different access levels of the terminal, so that the terminal does not directly connect to the server, thereby achieving the purpose of hiding the IP address and preventing the ecosystem from being attacked, thereby ensuring the device and Server-side security.
[0047] 在本实施例中, 通信系统由终端1\ 超级节点 SN、 接入服务器 SCR及管理系统 BBOSS组成, 其中, 终端由可入网的电子设备构成, 终端不能直连接服务器, 必须经过超级节点 SN来接入服务器, 至少要经过 1~3个 SN超级节点的转发才能 接入服务器; 接入服务器负责与终端设备的接入鉴权。 是运营商的业务服务器 设备, 是终端请求所有业务的处理的入口; 超级节点负责信息的转发, 可以是 任意的联网的电子设备构成。 SN可分为 SN1、 SN2、 SN3三种类型, 每种 SN节 点都能直连终端设备, 只有 SN1才能连接 SCR服务器, 三种类型的 SN是层级关系 ; 管理系统用于运营系统, 制定超级节点的连接策略。  [0047] In this embodiment, the communication system is composed of a terminal 1\ a super node SN, an access server SCR, and a management system BBOSS, wherein the terminal is composed of an electronic device that can be connected to the network, and the terminal cannot directly connect to the server, and must pass through the super node. The SN accesses the server, and at least one to three SN super nodes are forwarded to access the server; the access server is responsible for access authentication with the terminal device. It is the service server device of the operator, which is the entry point for the terminal to request processing of all services; the super node is responsible for forwarding information, and may be composed of any networked electronic device. SN can be divided into three types: SN1, SN2, and SN3. Each SN node can directly connect to the terminal device. Only SN1 can connect to the SCR server. The three types of SNs are hierarchical. The management system is used to operate the system and develop super nodes. Connection strategy.
[0048] 在本实施例中, 所述终端的接入级别包括: 一级接入级别、 二级接入级别和三 级接入级别; 所述根据所述终端的接入级别选择至少一个超级节点包括:  [0048] In this embodiment, the access level of the terminal includes: a first level access level, a second level access level, and a third level access level; and the at least one super is selected according to the access level of the terminal. Nodes include:
[0049] 当所述终端的接入级别为一级接入级别吋, 选择一个超级节点, 仅能选 SN1 ;  [0049] When the access level of the terminal is a level 1 access level, selecting a super node, only SN1 can be selected;
[0050] 当所述终端的接入级别为二级接入级别吋, 选择两个超级节点, 即 SN1和 SN2  [0050] When the access level of the terminal is a secondary access level, two super nodes are selected, namely, SN1 and SN2.
[0051] 当所述终端的接入级别为三级接入级别吋, 选择三个超级节点, 即 SN1、 SN2 和 SN3。 [0051] When the access level of the terminal is a three-level access level, three super nodes, namely, SN1, SN2, and SN3, are selected.
[0052] 在本实施例中, 所述所述终端通过所述至少一个超级节点连接到接入服务器包 括:  [0052] In this embodiment, the terminal connecting to the access server by using the at least one super node includes:
[0053] 当所述终端的接入级别为一级接入级别吋, 所述终端通过所述一个超级节点连 接到接入服务器, 其连接示意图如图 2所示, 终端就会连接 SN1节点, 通过 SN1 连接 SCR服务器, SCR服务器再对终端进行鉴权验证, 此吋 SCR校验终端是否经 过 SN1连接到服务器的。 如果验证通过本次连接才会有效。 否则无法连接服务器 [0053] when the access level of the terminal is a primary access level, the terminal connects through the one super node. Connected to the access server, the connection diagram is shown in Figure 2. The terminal will connect to the SN1 node, connect to the SCR server through SN1, and the SCR server will authenticate the terminal. Then the SCR verifies that the terminal is connected to the server via SN1. of. If the verification passes this connection will be valid. Otherwise you cannot connect to the server
[0054] 当所述终端的接入级别为二级接入级别吋, 所述终端通过所述两个超级节点连 接到接入服务器, 其连接示意图如图 3所示, 终端就会连接 SN2节点, 通过 SN2 连接 SN1, SNl连接 SCR服务器再对终端进行鉴权验证。 此吋 SCR校验终端是否 经过 SN2连接到服务器的。 如果验证通过本次连接才会有效。 否则无法连接服务 器; [0054] When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes, and the connection diagram is as shown in FIG. 3, and the terminal is connected to the SN2 node. Connect SN1 through SN2, and SNl connects to the SCR server to perform authentication verification on the terminal. This 吋 SCR verifies that the terminal is connected to the server via SN2. If the verification passes this connection will be valid. Otherwise the server cannot be connected;
[0055] 当所述终端的接入级别为三级接入级别吋, 所述终端通过所述三个超级节点连 接到接入服务器, 其连接示意图如图 4所示, 终端就会连接 SN3节点, 通过 SN3 连接 SN2, SN2连接 SN1, SNl连接 SCR服务器再对终端进行鉴权验证。 此吋 SCR 校验终端是否经过 SN3连接到服务器的。 如果验证通过本次连接才会有效。 否则 无法连接服务器。  [0055] When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super nodes, and the connection diagram is as shown in FIG. 4, and the terminal is connected to the SN3 node. SN2 is connected through SN3, and SN2 is connected to SN1, and SNl is connected to the SCR server to perform authentication verification on the terminal. This 吋 SCR verifies that the terminal is connected to the server via SN3. If the verification passes this connection will be valid. Otherwise the server cannot be connected.
[0056] 如图 5所示, 为本实施例的一种通信系统, 1~3为 SN1超级节点, 4~11为 SN2超 级节点, 12~22为 SN3超级节点, 23~31为普通终端, SN1、 SN2、 SN3组成一个 完整的 SN代理池生态圈。 BBOSS根据策略决定 SN超级节点的上下线, 以及重置 终端的接入级别。 具体的策略包含: 每种类型节点的数量; 每种类型节点的上 线最大吋长, 如果超过该吋长节点就下线; 节点被再次被选中的吋长, 如果选 中终端为节点吋要考虑上次被选中节点的吋差; 再次被选中节点的次数; 网络 带宽阀值, 大于该带宽才能被选中; 防火墙类型, 必须有公网 IP且没有防火墙设 置的终端; IP地址变化率; CPU处理能力。 BBOSS通过以上条件计算处理后从 数据库中筛选出需要下线的超级节点, 以及被选中超级节点的终端。  [0056] As shown in FIG. 5, in the communication system of the present embodiment, 1~3 are SN1 super nodes, 4~11 are SN2 super nodes, 12~22 are SN3 super nodes, and 23~31 are ordinary terminals. SN1, SN2, and SN3 form a complete SN proxy pool ecosystem. The BBOSS determines the access line of the SN super node according to the policy, and resets the access level of the terminal. The specific strategy includes: the number of nodes of each type; the maximum length of each type of node is on the line, if it exceeds the length of the node, it is offline; the node is selected again, if the terminal is selected, the node is considered The difference of the selected node; the number of times the node is selected again; the network bandwidth threshold is greater than the bandwidth to be selected; the firewall type, the terminal must have public IP and no firewall setting; IP address change rate; CPU processing capacity . After the BBOSS calculates and processes the above conditions, the super node that needs to go offline is selected from the database, and the terminal of the selected super node is selected.
[0057] 在本实施例中, 所述终端的接入级别按照管理系统预设的策略进行变化, 所述 终端对应的超级节点也随之发生变化。  [0057] In this embodiment, the access level of the terminal changes according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
[0058] 如图 5所示, BBOOS执行 SN策略计算出普通终端 31的接入级别由原来的三级变 为二级。 此吋 BBOSS把数据发送给 SCR服务器 (n_l流程) , SCR服务器把数据 发送给超级节点 3 (n_5流程) , 超级节点 3把数据发送给超级节点 11 (n_6流程 ) , 超级节点 11把数据发给超级节点 22 (n_7流程) , 超级节点 22把数据发给终 端 31 (n_8流程) ,此吋终端 31收到该数据, 该数据里面有连接的超级 SN2的列表 。 终端选择一个最优的 SN2节点建立连接。 如图所示终端最终选择了超级节点 11 建立连接。 [0058] As shown in FIG. 5, the BBOOS performs the SN policy to calculate that the access level of the ordinary terminal 31 is changed from the original three levels to the second level. The BBOSS sends the data to the SCR server (n_l process), the SCR server sends the data to the super node 3 (n_5 process), and the super node 3 sends the data to the super node 11 (n_6 process) The super node 11 sends the data to the super node 22 (n_7 flow), and the super node 22 sends the data to the terminal 31 (n_8 flow), and the terminal 31 receives the data, and the data has a list of connected super SN2. . The terminal selects an optimal SN2 node to establish a connection. As shown in the figure, the terminal finally selects the super node 11 to establish a connection.
[0059] 在本实施例中, 所述超级节点按照管理系统预设的策略进行上下线, 所述超级 节点下线后进入代理池中。  [0059] In this embodiment, the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
[0060] 如图 5所示, BBOOS执行 SN策略计算出超级节点 8需要下线。 此吋 BBOSS把数 据发送给 SCR服务器 (n_l流程) , SCR服务器把数据发给超级节点 2 (n_2流程 ) , 此吋超级节点 2把数据发给超级节点 8 (n_3流程) 。 此吋超级节点收到该数 据后就会执行下线的程序。 执行该程序后超级节点 8就与超级节点 2直连的连接 就会断幵。 此吋超级节点 8就会发送消息给相应的连接告诉超级节点 18"我下线了 ", 让对方去连接其他的节点。 此吋超级节点 18就会去连接其他的 SN2节点, 找 到一个优质的节点连接。 如图所示超级节点 18连接到超级节点 9。 这样就保证了 节点的正常下线而不影响所有的终端业务。  As shown in FIG. 5, the BBOOS executes the SN policy to calculate that the super node 8 needs to go offline. Here, BBOSS sends the data to the SCR server (n_l process), and the SCR server sends the data to the super node 2 (n_2 process), and the super node 2 sends the data to the super node 8 (n_3 process). After the super node receives the data, it will execute the offline program. After the program is executed, the connection between SuperNode 8 and SuperNode 2 will be broken. This super node 8 will send a message to the corresponding connection to tell the super node 18 "I am offline", let the other party connect to other nodes. This super node 18 will connect to other SN2 nodes to find a good node connection. The super node 18 is connected to the super node 9 as shown. This ensures the normal offline of the node without affecting all terminal services.
[0061] 实施例二  Embodiment 2
[0062] 如图 6所示, 在本实施例中, 一种 IP地址隐藏装置, 包括:  [0062] As shown in FIG. 6, in this embodiment, an IP address hiding device includes:
[0063] 获取模块 10, 用于获取终端的接入级别; [0063] The obtaining module 10 is configured to acquire an access level of the terminal.
[0064] 选择模块 20, 用于根据所述终端的接入级别选择至少一个超级节点;  [0064] The selecting module 20 is configured to select at least one super node according to an access level of the terminal;
[0065] 连接模块 30, 用于所述终端通过所述至少一个超级节点连接到接入服务器。 [0065] The connection module 30 is configured to connect, by the terminal, the access server by using the at least one super node.
[0066] 在本实施例中, 针对终端不同的接入级别, 使用不同层级的超级节点, 使得终 端不直接连接服务器, 达到了隐藏 IP地址、 防止生态圈被攻击的目的, 从而保证 了设备及服务器端的安全。 [0066] In this embodiment, different levels of super nodes are used for different access levels of the terminal, so that the terminal does not directly connect to the server, thereby achieving the purpose of hiding the IP address and preventing the ecosystem from being attacked, thereby ensuring the device and Server-side security.
[0067] 在本实施例中, 通信系统由终端1\ 超级节点 SN、 接入服务器 SCR及管理系统 BBOSS组成, 其中, 终端由可入网的电子设备构成, 终端不能直连接服务器, 必须经过超级节点 SN来接入服务器, 至少要经过 1~3个 SN超级节点的转发才能 接入服务器; 接入服务器负责与终端设备的接入鉴权。 是运营商的业务服务器 设备, 是终端请求所有业务的处理的入口; 超级节点负责信息的转发, 可以是 任意的联网的电子设备构成。 SN可分为 SN1、 SN2、 SN3三种类型, 每种 SN节 点都能直连终端设备, 只有 SN1才能连接 SCR服务器, 三种类型的 SN是层级关系[0067] In this embodiment, the communication system is composed of a terminal 1\super node SN, an access server SCR, and a management system BBOSS, wherein the terminal is composed of an electronic device that can be connected to the network, and the terminal cannot directly connect to the server, and must pass through the super node. The SN accesses the server, and at least one to three SN super nodes are forwarded to access the server; the access server is responsible for access authentication with the terminal device. It is the service server device of the operator, and is the portal for the terminal to request processing of all services; the super node is responsible for forwarding information, and may be any networked electronic device. SN can be divided into three types: SN1, SN2, and SN3, each SN section. Points can be directly connected to the terminal device, only SN1 can connect to the SCR server, and the three types of SN are hierarchical.
; 管理系统用于运营系统, 制定超级节点的连接策略。 The management system is used to operate the system and develop a connection strategy for the super nodes.
[0068] 在本实施例中, 所述终端的接入级别包括: 一级接入级别、 二级接入级别和三 级接入级别; 所述选择模块包括: [0068] In this embodiment, the access level of the terminal includes: a first level access level, a second level access level, and a third level access level; the selection module includes:
[0069] 当所述终端的接入级别为一级接入级别吋, 选择一个超级节点, 仅能选 SN1 ; [0069] When the access level of the terminal is a level 1 access level, selecting a super node, only SN1 can be selected;
[0070] 当所述终端的接入级别为二级接入级别吋, 选择两个超级节点, 即 SN1和 SN2 [0070] When the access level of the terminal is a secondary access level, two super nodes are selected, namely, SN1 and SN2.
[0071] 当所述终端的接入级别为三级接入级别吋, 选择三个超级节点, 即 SN1、 SN2 和 SN3。 [0071] When the access level of the terminal is a three-level access level, three super nodes, namely, SN1, SN2, and SN3, are selected.
[0072] 在本实施例中, 所述连接模块包括:  [0072] In this embodiment, the connection module includes:
[0073] 当所述终端的接入级别为一级接入级别吋, 所述终端通过所述一个超级节点连 接到接入服务器, 其连接示意图如图 2所示, 终端就会连接 SN1节点, 通过 SN1 连接 SCR服务器, SCR服务器再对终端进行鉴权验证, 此吋 SCR校验终端是否经 过 SN1连接到服务器的。 如果验证通过本次连接才会有效。 否则无法连接服务器  [0073] When the access level of the terminal is a level 1 access level, the terminal is connected to the access server by using the one super node, and the connection diagram is as shown in FIG. 2, and the terminal is connected to the SN1 node. The SCR server is connected to the SCR server through SN1, and the SCR server performs authentication verification on the terminal, and then the SCR verifies whether the terminal is connected to the server through SN1. If the verification passes this connection will be valid. Otherwise you cannot connect to the server
[0074] 当所述终端的接入级别为二级接入级别吋, 所述终端通过所述两个超级节点连 接到接入服务器, 其连接示意图如图 3所示, 终端就会连接 SN2节点, 通过 SN2 连接 SN1, SNl连接 SCR服务器再对终端进行鉴权验证。 此吋 SCR校验终端是否 经过 SN2连接到服务器的。 如果验证通过本次连接才会有效。 否则无法连接服务 器; [0074] When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes, and the connection diagram is as shown in FIG. 3, and the terminal is connected to the SN2 node. Connect SN1 through SN2, and SNl connects to the SCR server to perform authentication verification on the terminal. This 吋 SCR verifies that the terminal is connected to the server via SN2. If the verification passes this connection will be valid. Otherwise the server cannot be connected;
[0075] 当所述终端的接入级别为三级接入级别吋, 所述终端通过所述三个超级节点连 接到接入服务器, 其连接示意图如图 4所示, 终端就会连接 SN3节点, 通过 SN3 连接 SN2, SN2连接 SN1, SNl连接 SCR服务器再对终端进行鉴权验证。 此吋 SCR 校验终端是否经过 SN3连接到服务器的。 如果验证通过本次连接才会有效。 否则 无法连接服务器。  [0075] When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super nodes, and the connection diagram is as shown in FIG. 4, and the terminal is connected to the SN3 node. SN2 is connected through SN3, and SN2 is connected to SN1, and SNl is connected to the SCR server to perform authentication verification on the terminal. This 吋 SCR verifies that the terminal is connected to the server via SN3. If the verification passes this connection will be valid. Otherwise the server cannot be connected.
[0076] 如图 5所示, 为本实施例的一种通信系统, 1~3为 SN1超级节点, 4~11为 SN2超 级节点, 12~22为 SN3超级节点, 23~31为普通终端, SN1、 SN2、 SN3组成一个 完整的 SN代理池生态圈。 BBOSS根据策略决定 SN超级节点的上下线, 以及重置 终端的接入级别。 具体的策略包含: 每种类型节点的数量; 每种类型节点的上 线最大吋长, 如果超过该吋长节点就下线; 节点被再次被选中的吋长, 如果选 中终端为节点吋要考虑上次被选中节点的吋差; 再次被选中节点的次数; 网络 带宽阀值, 大于该带宽才能被选中; 防火墙类型, 必须有公网 IP且没有防火墙设 置的终端; IP地址变化率; CPU处理能力。 BBOSS通过以上条件计算处理后从 数据库中筛选出需要下线的超级节点, 以及被选中超级节点的终端。 [0076] As shown in FIG. 5, in the communication system of the embodiment, 1~3 are SN1 super nodes, 4~11 are SN2 super nodes, 12~22 are SN3 super nodes, and 23~31 are ordinary terminals. SN1, SN2, and SN3 form a complete SN proxy pool ecosystem. BBOSS determines the upper and lower lines of the SN super node according to the policy, and resets The access level of the terminal. The specific strategy includes: the number of nodes of each type; the maximum length of each type of node is on the line, if it exceeds the length of the node, it is offline; the node is selected again, if the terminal is selected, the node is considered The difference of the selected node; the number of times the node is selected again; the network bandwidth threshold is greater than the bandwidth to be selected; the firewall type, the terminal must have public IP and no firewall setting; IP address change rate; CPU processing capacity . After the BBOSS calculates and processes the above conditions, the super node that needs to go offline is selected from the database, and the terminal of the selected super node is selected.
[0077] 在本实施例中, 所述终端的接入级别按照管理系统预设的策略进行变化, 所述 终端对应的超级节点也随之发生变化。  [0077] In this embodiment, the access level of the terminal changes according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
[0078] 如图 5所示, BBOOS执行 SN策略计算出普通终端 31的接入级别由原来的三级变 为二级。 此吋 BBOSS把数据发送给 SCR服务器 (n_l流程) , SCR服务器把数据 发送给超级节点 3 (n_5流程) , 超级节点 3把数据发送给超级节点 11 (n_6流程 ) , 超级节点 11把数据发给超级节点 22 (n_7流程) , 超级节点 22把数据发给终 端 31 (n_8流程) ,此吋终端 31收到该数据, 该数据里面有连接的超级 SN2的列表 。 终端选择一个最优的 SN2节点建立连接。 如图所示终端最终选择了超级节点 11 建立连接。  As shown in FIG. 5, the BBOOS performs the SN policy to calculate that the access level of the ordinary terminal 31 is changed from the original three levels to the second level. The BBOSS sends the data to the SCR server (n_l process), the SCR server sends the data to the super node 3 (n_5 process), the super node 3 sends the data to the super node 11 (n_6 process), and the super node 11 sends the data to The super node 22 (n_7 flow), the super node 22 sends the data to the terminal 31 (n_8 flow), and the terminal 31 receives the data, which has a list of connected super SN2. The terminal selects an optimal SN2 node to establish a connection. As shown in the figure, the terminal finally selects the super node 11 to establish a connection.
[0079] 在本实施例中, 所述超级节点按照管理系统预设的策略进行上下线, 所述超级 节点下线后进入代理池中。  [0079] In this embodiment, the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
[0080] 如图 5所示, BBOOS执行 SN策略计算出超级节点 8需要下线。 此吋 BBOSS把数 据发送给 SCR服务器 (n_l流程) , SCR服务器把数据发给超级节点 2 (n_2流程 ) , 此吋超级节点 2把数据发给超级节点 8 (n_3流程) 。 此吋超级节点收到该数 据后就会执行下线的程序。 执行该程序后超级节点 8就与超级节点 2直连的连接 就会断幵。 此吋超级节点 8就会发送消息给相应的连接告诉超级节点 18"我下线了 ", 让对方去连接其他的节点。 此吋超级节点 18就会去连接其他的 SN2节点, 找 到一个优质的节点连接。 如图所示超级节点 18连接到超级节点 9。 这样就保证了 节点的正常下线而不影响所有的终端业务。  [0080] As shown in FIG. 5, the BBOOS executes the SN policy to calculate that the super node 8 needs to go offline. Here, BBOSS sends the data to the SCR server (n_l process), and the SCR server sends the data to the super node 2 (n_2 process), and the super node 2 sends the data to the super node 8 (n_3 process). After the super node receives the data, it will execute the offline program. After the program is executed, the connection between SuperNode 8 and SuperNode 2 will be broken. This super node 8 will send a message to the corresponding connection to tell the super node 18 "I am offline", let the other party connect to other nodes. This super node 18 will connect to other SN2 nodes to find a good node connection. The super node 18 is connected to the super node 9 as shown. This ensures the normal offline of the node without affecting all terminal services.
[0081] 需要说明的是, 在本文中, 术语"包括"、 "包含 "或者其任何其他变体意在涵盖 非排他性的包含, 从而使得包括一系列要素的过程、 方法、 物品或者装置不仅 包括那些要素, 而且还包括没有明确列出的其他要素, 或者是还包括为这种过 程、 方法、 物品或者装置所固有的要素。 在没有更多限制的情况下, 由语句 "包 括一个 ...... "限定的要素, 并不排除在包括该要素的过程、 方法、 物品或者装置 中还存在另外的相同要素。 [0081] It is to be understood that the term "comprising", "comprising", or any other variants thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a plurality of elements includes Those elements, but also other elements that are not explicitly listed, or are included for this The elements inherent in a process, method, item, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional elements in the process, method, article, or device that comprises the element.
[0082] 上述本发明实施例序号仅仅为了描述, 不代表实施例的优劣。  The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
[0083] 以上仅为本发明的优选实施例, 并非因此限制本发明的专利范围, 凡是利用本 发明说明书及附图内容所作的等效结构或等效流程变换, 或直接或间接运用在 其他相关的技术领域, 均同理包括在本发明的专利保护范围内。 The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the present invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the contents of the drawings may be directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of the present invention.

Claims

权利要求书 Claim
一种 IP地址隐藏方法, 其特征在于, 包括: An IP address hiding method, comprising:
获取终端的接入级别; Obtain the access level of the terminal;
根据所述终端的接入级别选择至少一个超级节点; Selecting at least one super node according to an access level of the terminal;
所述终端通过所述至少一个超级节点连接到接入服务器。 The terminal is connected to the access server by the at least one super node.
根据权利要求 1所述的一种 IP地址隐藏方法, 其特征在于, 所述终端 的接入级别包括: 一级接入级别、 二级接入级别和三级接入级别; 所 述根据所述终端的接入级别选择至少一个超级节点包括: The IP address hiding method according to claim 1, wherein the access level of the terminal comprises: a first level access level, a second level access level, and a third level access level; Selecting at least one super node for the access level of the terminal includes:
当所述终端的接入级别为一级接入级别吋, 选择一个超级节点; 当所述终端的接入级别为二级接入级别吋, 选择两个超级节点; 当所述终端的接入级别为三级接入级别吋, 选择三个超级节点。 根据权利要求 2所述的一种 IP地址隐藏方法, 其特征在于, 所述所述 终端通过所述至少一个超级节点连接到接入服务器包括: When the access level of the terminal is a level 1 access level, a super node is selected; when the access level of the terminal is a level 2 access level, two super nodes are selected; when the terminal accesses The level is the three-level access level吋, and three super nodes are selected. The IP address hiding method according to claim 2, wherein the connecting the terminal to the access server by using the at least one super node comprises:
当所述终端的接入级别为一级接入级别吋, 所述终端通过所述一个超 级节点连接到接入服务器; When the access level of the terminal is a primary access level, the terminal is connected to the access server by using the one super node;
当所述终端的接入级别为二级接入级别吋, 所述终端通过所述两个超 级节点连接到接入服务器; When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes;
当所述终端的接入级别为三级接入级别吋, 所述终端通过所述三个超 级节点连接到接入服务器。 When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super-nodes.
根据权利要求 3所述的一种 IP地址隐藏方法, 其特征在于, 所述终端 的接入级别按照管理系统预设的策略进行变化, 所述终端对应的超级 节点也随之发生变化。 The IP address hiding method according to claim 3, wherein the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
根据权利要求 1所述的一种 IP地址隐藏方法, 其特征在于, 所述超级 节点按照管理系统预设的策略进行上下线, 所述超级节点下线后进入 代理池中。 The IP address hiding method according to claim 1, wherein the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
一种 IP地址隐藏装置, 其特征在于, 包括: An IP address hiding device, comprising:
获取模块, 用于获取终端的接入级别; An obtaining module, configured to acquire an access level of the terminal;
选择模块, 用于根据所述终端的接入级别选择至少一个超级节点; 连接模块, 用于所述终端通过所述至少一个超级节点连接到接入服务 器。 a selecting module, configured to select at least one super node according to an access level of the terminal; And a connection module, configured to connect, by the terminal, the access server by using the at least one super node.
[权利要求 7] 根据权利要求 6所述的一种 IP地址隐藏装置, 其特征在于, 所述终端 的接入级别包括: 一级接入级别、 二级接入级别和三级接入级别; 所 述选择模块包括:  [Claim 7] The IP address hiding device according to claim 6, wherein the access level of the terminal includes: a primary access level, a secondary access level, and a third level access level; The selection module includes:
当所述终端的接入级别为一级接入级别吋, 选择一个超级节点; 当所述终端的接入级别为二级接入级别吋, 选择两个超级节点; 当所述终端的接入级别为三级接入级别吋, 选择三个超级节点。  When the access level of the terminal is a level 1 access level, a super node is selected; when the access level of the terminal is a level 2 access level, two super nodes are selected; when the terminal accesses The level is the three-level access level吋, and three super nodes are selected.
[权利要求 8] 根据权利要求 7所述的一种 IP地址隐藏装置, 其特征在于, 所述连接 模块包括: [Claim 8] The IP address hiding device according to claim 7, wherein the connection module comprises:
当所述终端的接入级别为一级接入级别吋, 所述终端通过所述一个超 级节点连接到接入服务器;  When the access level of the terminal is a primary access level, the terminal is connected to the access server by using the one super node;
当所述终端的接入级别为二级接入级别吋, 所述终端通过所述两个超 级节点连接到接入服务器;  When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes;
当所述终端的接入级别为三级接入级别吋, 所述终端通过所述三个超 级节点连接到接入服务器。  When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super-nodes.
[权利要求 9] 根据权利要求 8所述的一种 IP地址隐藏装置, 其特征在于, 所述终端 的接入级别按照管理系统预设的策略进行变化, 所述终端对应的超级 节点也随之发生变化。 [Claim 9] The IP address hiding device according to claim 8, wherein the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal is also followed. A change has occurred.
[权利要求 10] 根据权利要求 6所述的一种 IP地址隐藏方法, 其特征在于, 所述超级 节点按照管理系统预设的策略进行上下线, 所述超级节点下线后进入 代理池中。  [Claim 10] The IP address hiding method according to claim 6, wherein the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
PCT/CN2017/097201 2017-06-28 2017-08-11 Ip address hiding method and device WO2019000597A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710505015.7A CN107196961A (en) 2017-06-28 2017-06-28 A kind of IP address hidden method and device
CN201710505015.7 2017-06-28

Publications (1)

Publication Number Publication Date
WO2019000597A1 true WO2019000597A1 (en) 2019-01-03

Family

ID=59880495

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/097201 WO2019000597A1 (en) 2017-06-28 2017-08-11 Ip address hiding method and device

Country Status (2)

Country Link
CN (1) CN107196961A (en)
WO (1) WO2019000597A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108400967B (en) * 2018-01-12 2020-12-22 深圳壹账通智能科技有限公司 Authentication method and authentication system
CN110233827A (en) * 2019-05-10 2019-09-13 匿名科技(重庆)集团有限公司 A kind of single layer and layered defense system of server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594798A (en) * 2011-12-31 2012-07-18 苏州阔地网络科技有限公司 Agent method and system for connecting databases
CN102681889A (en) * 2012-04-27 2012-09-19 电子科技大学 Scheduling method of cloud computing open platform
CN102739799A (en) * 2012-07-04 2012-10-17 合一网络技术(北京)有限公司 Distributed communication method in distributed application
CN106716376A (en) * 2014-09-30 2017-05-24 第三雷沃通讯有限责任公司 Providing functional requirements for a network connection from a local library

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594798A (en) * 2011-12-31 2012-07-18 苏州阔地网络科技有限公司 Agent method and system for connecting databases
CN102681889A (en) * 2012-04-27 2012-09-19 电子科技大学 Scheduling method of cloud computing open platform
CN102739799A (en) * 2012-07-04 2012-10-17 合一网络技术(北京)有限公司 Distributed communication method in distributed application
CN106716376A (en) * 2014-09-30 2017-05-24 第三雷沃通讯有限责任公司 Providing functional requirements for a network connection from a local library

Also Published As

Publication number Publication date
CN107196961A (en) 2017-09-22

Similar Documents

Publication Publication Date Title
US8599695B2 (en) Selective internet priority service
MX2011003223A (en) Service provider access.
US10250581B2 (en) Client, server, radius capability negotiation method and system between client and server
US20110016523A1 (en) Apparatus and method for detecting distributed denial of service attack
JP2010529571A (en) Proctor peers for detecting malicious peers in structured peer-to-peer networks
US10348687B2 (en) Method and apparatus for using software defined networking and network function virtualization to secure residential networks
US20140041012A1 (en) System for the management of access points
US20150047041A1 (en) Method for prefix reachability in a communication system
EP4335083A1 (en) Methods, systems, and computer readable media for generating and using single-use oauth 2.0 access tokens for securing specific service-based architecture (sba) interfaces
JP4299621B2 (en) Service providing method, service providing program, host device, and service providing device
JP2005244964A (en) Session information management method and session information management apparatus
JP2014501959A (en) Method and system for providing service access to a user
JP5486523B2 (en) Network connection control system and connection control method
JP4693174B2 (en) Intermediate node
WO2019000597A1 (en) Ip address hiding method and device
US11784993B2 (en) Cross site request forgery (CSRF) protection for web browsers
JP4768761B2 (en) Service providing system, service providing method, and service providing program
JP2005122695A (en) Authentication method, server computer, client computer, and program therefor
JP4950095B2 (en) Service providing system, service providing method, and service providing program
JP4950096B2 (en) Service providing system, service providing method, and service providing program
US10079857B2 (en) Method of slowing down a communication in a network
WO2021223097A1 (en) Authentication and authorization method for data content in network and computer readable storage medium
JP2004242161A (en) Data communication network system and method for controlling data communication network connection
JP2004220075A (en) Network authentication access control server, application authentication access control server, and integrated authentication access control system
EP3907967A1 (en) Method for preventing sip device from being attacked, calling device, and called device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17915208

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 20.05.2020.

122 Ep: pct application non-entry in european phase

Ref document number: 17915208

Country of ref document: EP

Kind code of ref document: A1