WO2019000597A1 - Procédé et dispositif de dissimulation d'adresses ip - Google Patents

Procédé et dispositif de dissimulation d'adresses ip Download PDF

Info

Publication number
WO2019000597A1
WO2019000597A1 PCT/CN2017/097201 CN2017097201W WO2019000597A1 WO 2019000597 A1 WO2019000597 A1 WO 2019000597A1 CN 2017097201 W CN2017097201 W CN 2017097201W WO 2019000597 A1 WO2019000597 A1 WO 2019000597A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
level
access level
access
super
Prior art date
Application number
PCT/CN2017/097201
Other languages
English (en)
Chinese (zh)
Inventor
杨帆
王根平
朱旗
义远科
Original Assignee
深圳市欧乐在线技术发展有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欧乐在线技术发展有限公司 filed Critical 深圳市欧乐在线技术发展有限公司
Publication of WO2019000597A1 publication Critical patent/WO2019000597A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an IP address hiding method and apparatus.
  • the main purpose of the present invention is to provide an IP address hiding method and apparatus, which use different levels of super nodes for different access levels of the terminal, so that the terminal does not directly connect to the server, and the hidden IP address is reached, and the ecosystem is prevented.
  • the purpose of the attack is to ensure the security of the device and the server.
  • an IP address hiding method provided by the present invention includes:
  • the terminal is connected to an access server by the at least one super node.
  • the access level of the terminal includes: a primary access level, a secondary access level, and a tertiary access.
  • the selecting the at least one super node according to the access level of the terminal includes:
  • the access level of the terminal is a three-level access level
  • three super nodes are selected.
  • the connecting, by the terminal, to the access server by using the at least one super node includes: [0013] when the access level of the terminal is a primary access level, the terminal passes the Describe a super node connected to the access server;
  • the terminal when the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes;
  • the access level of the terminal is a three-level access level
  • the terminal is connected to the access server by using the three super nodes.
  • the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
  • an IP address hiding apparatus including:
  • an obtaining module configured to acquire an access level of the terminal
  • a selection module configured to select at least one super node according to an access level of the terminal
  • connection module configured to connect, by the terminal, the access server by using the at least one super node.
  • the access level of the terminal includes: a first level access level, a second level access level, and a third level access level;
  • the selecting module includes:
  • the access level of the terminal is a three-level access level
  • three super nodes are selected.
  • the connecting module includes:
  • the terminal when the access level of the terminal is a level 1 access level, the terminal is connected to the access server by using the one super node;
  • the terminal when the access level of the terminal is a secondary access level, the terminal connects through the two super nodes. Received access to the server;
  • the access level of the terminal is a three-level access level
  • the terminal is connected to the access server by using the three super nodes.
  • the access level of the terminal is changed according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after being offline.
  • An IP address hiding method and apparatus includes: acquiring an access level of a terminal; selecting at least one super node according to an access level of the terminal; and the terminal passing the at least one super
  • the node is connected to the access server, and different levels of super nodes are used for different access levels of the terminal, so that the terminal does not directly connect to the server, thereby achieving the purpose of hiding the IP address and preventing the ecosystem from being attacked, thereby ensuring the device and the server end.
  • Safety included
  • FIG. 1 is a flowchart of an IP address hiding method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic diagram of a system connection with an access level of a first level according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic diagram of a system connection of an access level of a second level according to Embodiment 1 of the present invention.
  • FIG. 4 is a schematic diagram of a system connection with an access level of three levels according to Embodiment 1 of the present invention.
  • FIG. 5 is a schematic structural diagram of a communication system according to Embodiment 1 of the present invention.
  • FIG. 6 is a block diagram showing an exemplary structure of an IP address hiding apparatus according to Embodiment 2 of the present invention.
  • an IP address hiding method includes:
  • S20 Select at least one super node according to an access level of the terminal.
  • the terminal is connected to the access server by using the at least one super node.
  • the communication system is composed of a terminal 1 ⁇ a super node SN, an access server SCR, and a management system BBOSS, wherein the terminal is composed of an electronic device that can be connected to the network, and the terminal cannot directly connect to the server, and must pass through the super node.
  • the SN accesses the server, and at least one to three SN super nodes are forwarded to access the server; the access server is responsible for access authentication with the terminal device. It is the service server device of the operator, which is the entry point for the terminal to request processing of all services; the super node is responsible for forwarding information, and may be composed of any networked electronic device.
  • SN can be divided into three types: SN1, SN2, and SN3. Each SN node can directly connect to the terminal device. Only SN1 can connect to the SCR server. The three types of SNs are hierarchical.
  • the management system is used to operate the system and develop super nodes. Connection strategy.
  • the access level of the terminal includes: a first level access level, a second level access level, and a third level access level; and the at least one super is selected according to the access level of the terminal.
  • Nodes include:
  • the access level of the terminal is a level 1 access level, selecting a super node, only SN1 can be selected;
  • the access level of the terminal is a secondary access level
  • two super nodes are selected, namely, SN1 and SN2.
  • the access level of the terminal is a three-level access level
  • three super nodes namely, SN1, SN2, and SN3, are selected.
  • the terminal connecting to the access server by using the at least one super node includes:
  • the terminal connects through the one super node.
  • the connection diagram is shown in Figure 2.
  • the terminal will connect to the SN1 node, connect to the SCR server through SN1, and the SCR server will authenticate the terminal. Then the SCR verifies that the terminal is connected to the server via SN1. of. If the verification passes this connection will be valid. Otherwise you cannot connect to the server
  • the terminal When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes, and the connection diagram is as shown in FIG. 3, and the terminal is connected to the SN2 node. Connect SN1 through SN2, and SNl connects to the SCR server to perform authentication verification on the terminal. This ⁇ SCR verifies that the terminal is connected to the server via SN2. If the verification passes this connection will be valid. Otherwise the server cannot be connected;
  • the terminal When the access level of the terminal is a three-level access level, the terminal is connected to the access server by using the three super nodes, and the connection diagram is as shown in FIG. 4, and the terminal is connected to the SN3 node.
  • SN2 is connected through SN3, and SN2 is connected to SN1, and SNl is connected to the SCR server to perform authentication verification on the terminal.
  • This ⁇ SCR verifies that the terminal is connected to the server via SN3. If the verification passes this connection will be valid. Otherwise the server cannot be connected.
  • 1 ⁇ 3 are SN1 super nodes
  • 4 ⁇ 11 are SN2 super nodes
  • 12 ⁇ 22 are SN3 super nodes
  • 23 ⁇ 31 are ordinary terminals.
  • SN1, SN2, and SN3 form a complete SN proxy pool ecosystem.
  • the BBOSS determines the access line of the SN super node according to the policy, and resets the access level of the terminal.
  • the specific strategy includes: the number of nodes of each type; the maximum length of each type of node is on the line, if it exceeds the length of the node, it is offline; the node is selected again, if the terminal is selected, the node is considered The difference of the selected node; the number of times the node is selected again; the network bandwidth threshold is greater than the bandwidth to be selected; the firewall type, the terminal must have public IP and no firewall setting; IP address change rate; CPU processing capacity .
  • the access level of the terminal changes according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the BBOOS performs the SN policy to calculate that the access level of the ordinary terminal 31 is changed from the original three levels to the second level.
  • the BBOSS sends the data to the SCR server (n_l process), the SCR server sends the data to the super node 3 (n_5 process), and the super node 3 sends the data to the super node 11 (n_6 process)
  • the super node 11 sends the data to the super node 22 (n_7 flow), and the super node 22 sends the data to the terminal 31 (n_8 flow), and the terminal 31 receives the data, and the data has a list of connected super SN2.
  • the terminal selects an optimal SN2 node to establish a connection. As shown in the figure, the terminal finally selects the super node 11 to establish a connection.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
  • the BBOOS executes the SN policy to calculate that the super node 8 needs to go offline.
  • BBOSS sends the data to the SCR server (n_l process), and the SCR server sends the data to the super node 2 (n_2 process), and the super node 2 sends the data to the super node 8 (n_3 process).
  • the super node After the super node receives the data, it will execute the offline program. After the program is executed, the connection between SuperNode 8 and SuperNode 2 will be broken. This super node 8 will send a message to the corresponding connection to tell the super node 18 "I am offline", let the other party connect to other nodes. This super node 18 will connect to other SN2 nodes to find a good node connection.
  • the super node 18 is connected to the super node 9 as shown. This ensures the normal offline of the node without affecting all terminal services.
  • an IP address hiding device includes:
  • the obtaining module 10 is configured to acquire an access level of the terminal.
  • the selecting module 20 is configured to select at least one super node according to an access level of the terminal;
  • connection module 30 is configured to connect, by the terminal, the access server by using the at least one super node.
  • the communication system is composed of a terminal 1 ⁇ super node SN, an access server SCR, and a management system BBOSS, wherein the terminal is composed of an electronic device that can be connected to the network, and the terminal cannot directly connect to the server, and must pass through the super node.
  • the SN accesses the server, and at least one to three SN super nodes are forwarded to access the server; the access server is responsible for access authentication with the terminal device. It is the service server device of the operator, and is the portal for the terminal to request processing of all services; the super node is responsible for forwarding information, and may be any networked electronic device.
  • SN can be divided into three types: SN1, SN2, and SN3, each SN section. Points can be directly connected to the terminal device, only SN1 can connect to the SCR server, and the three types of SN are hierarchical.
  • the management system is used to operate the system and develop a connection strategy for the super nodes.
  • the access level of the terminal includes: a first level access level, a second level access level, and a third level access level;
  • the selection module includes:
  • the access level of the terminal is a level 1 access level, selecting a super node, only SN1 can be selected;
  • the access level of the terminal is a secondary access level
  • two super nodes are selected, namely, SN1 and SN2.
  • the access level of the terminal is a three-level access level
  • three super nodes namely, SN1, SN2, and SN3, are selected.
  • connection module includes:
  • the access level of the terminal is a level 1 access level
  • the terminal is connected to the access server by using the one super node, and the connection diagram is as shown in FIG. 2, and the terminal is connected to the SN1 node.
  • the SCR server is connected to the SCR server through SN1, and the SCR server performs authentication verification on the terminal, and then the SCR verifies whether the terminal is connected to the server through SN1. If the verification passes this connection will be valid. Otherwise you cannot connect to the server
  • the terminal When the access level of the terminal is a secondary access level, the terminal is connected to the access server by using the two super nodes, and the connection diagram is as shown in FIG. 3, and the terminal is connected to the SN2 node. Connect SN1 through SN2, and SNl connects to the SCR server to perform authentication verification on the terminal. This ⁇ SCR verifies that the terminal is connected to the server via SN2. If the verification passes this connection will be valid. Otherwise the server cannot be connected;
  • the access level of the terminal is a three-level access level
  • the terminal is connected to the access server by using the three super nodes, and the connection diagram is as shown in FIG. 4, and the terminal is connected to the SN3 node.
  • SN2 is connected through SN3, and SN2 is connected to SN1, and SNl is connected to the SCR server to perform authentication verification on the terminal.
  • This ⁇ SCR verifies that the terminal is connected to the server via SN3. If the verification passes this connection will be valid. Otherwise the server cannot be connected.
  • 1 ⁇ 3 are SN1 super nodes
  • 4 ⁇ 11 are SN2 super nodes
  • 12 ⁇ 22 are SN3 super nodes
  • 23 ⁇ 31 are ordinary terminals.
  • SN1, SN2, and SN3 form a complete SN proxy pool ecosystem.
  • BBOSS determines the upper and lower lines of the SN super node according to the policy, and resets The access level of the terminal.
  • the specific strategy includes: the number of nodes of each type; the maximum length of each type of node is on the line, if it exceeds the length of the node, it is offline; the node is selected again, if the terminal is selected, the node is considered The difference of the selected node; the number of times the node is selected again; the network bandwidth threshold is greater than the bandwidth to be selected; the firewall type, the terminal must have public IP and no firewall setting; IP address change rate; CPU processing capacity .
  • the access level of the terminal changes according to a policy preset by the management system, and the super node corresponding to the terminal also changes.
  • the BBOOS performs the SN policy to calculate that the access level of the ordinary terminal 31 is changed from the original three levels to the second level.
  • the BBOSS sends the data to the SCR server (n_l process), the SCR server sends the data to the super node 3 (n_5 process), the super node 3 sends the data to the super node 11 (n_6 process), and the super node 11 sends the data to The super node 22 (n_7 flow), the super node 22 sends the data to the terminal 31 (n_8 flow), and the terminal 31 receives the data, which has a list of connected super SN2.
  • the terminal selects an optimal SN2 node to establish a connection. As shown in the figure, the terminal finally selects the super node 11 to establish a connection.
  • the super node goes online and offline according to a policy preset by the management system, and the super node enters the proxy pool after going offline.
  • the BBOOS executes the SN policy to calculate that the super node 8 needs to go offline.
  • BBOSS sends the data to the SCR server (n_l process), and the SCR server sends the data to the super node 2 (n_2 process), and the super node 2 sends the data to the super node 8 (n_3 process).
  • the super node After the super node receives the data, it will execute the offline program. After the program is executed, the connection between SuperNode 8 and SuperNode 2 will be broken. This super node 8 will send a message to the corresponding connection to tell the super node 18 "I am offline", let the other party connect to other nodes. This super node 18 will connect to other SN2 nodes to find a good node connection.
  • the super node 18 is connected to the super node 9 as shown. This ensures the normal offline of the node without affecting all terminal services.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention se rapporte au domaine technique des communications, et concerne un procédé et dispositif de dissimulation d'adresses de protocole Internet (IP), le procédé comportant les étapes consistant à: obtenir un niveau d'accès d'un terminal; sélectionner au moins un super-nœud selon le niveau d'accès du terminal; le terminal se connectant à un serveur d'accès au moyen du ou des super-nœuds. Pour différents niveaux d'accès du terminal, des super-nœuds de différents niveaux sont utilisés de telle sorte que le terminal ne se connecte pas directement au serveur, atteignant ainsi les objectifs consistant à dissimuler l'adresse IP et à empêcher que l'écosphère ne soit attaquée de façon à garantir la sécurité du côté du dispositif et du serveur.
PCT/CN2017/097201 2017-06-28 2017-08-11 Procédé et dispositif de dissimulation d'adresses ip WO2019000597A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710505015.7 2017-06-28
CN201710505015.7A CN107196961A (zh) 2017-06-28 2017-06-28 一种ip地址隐藏方法及装置

Publications (1)

Publication Number Publication Date
WO2019000597A1 true WO2019000597A1 (fr) 2019-01-03

Family

ID=59880495

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/097201 WO2019000597A1 (fr) 2017-06-28 2017-08-11 Procédé et dispositif de dissimulation d'adresses ip

Country Status (2)

Country Link
CN (1) CN107196961A (fr)
WO (1) WO2019000597A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108400967B (zh) * 2018-01-12 2020-12-22 深圳壹账通智能科技有限公司 一种鉴权方法及鉴权系统
CN110233827A (zh) * 2019-05-10 2019-09-13 匿名科技(重庆)集团有限公司 一种服务器的单层和多层防御系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594798A (zh) * 2011-12-31 2012-07-18 苏州阔地网络科技有限公司 一种连接数据库的代理方法及系统
CN102681889A (zh) * 2012-04-27 2012-09-19 电子科技大学 一种云计算开放平台的调度方法
CN102739799A (zh) * 2012-07-04 2012-10-17 合一网络技术(北京)有限公司 一种分布式应用中的分布式通讯方法
CN106716376A (zh) * 2014-09-30 2017-05-24 第三雷沃通讯有限责任公司 从本地库提供针对网络连接的功能要求

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594798A (zh) * 2011-12-31 2012-07-18 苏州阔地网络科技有限公司 一种连接数据库的代理方法及系统
CN102681889A (zh) * 2012-04-27 2012-09-19 电子科技大学 一种云计算开放平台的调度方法
CN102739799A (zh) * 2012-07-04 2012-10-17 合一网络技术(北京)有限公司 一种分布式应用中的分布式通讯方法
CN106716376A (zh) * 2014-09-30 2017-05-24 第三雷沃通讯有限责任公司 从本地库提供针对网络连接的功能要求

Also Published As

Publication number Publication date
CN107196961A (zh) 2017-09-22

Similar Documents

Publication Publication Date Title
US8599695B2 (en) Selective internet priority service
MX2011003223A (es) Acceso al proveedor de servicio.
US10250581B2 (en) Client, server, radius capability negotiation method and system between client and server
US20110016523A1 (en) Apparatus and method for detecting distributed denial of service attack
JP2010529571A (ja) 構造化ピアツーピア・ネットワークにおいて悪意のあるピアを検出するためのプロクタ・ピア
US20140041012A1 (en) System for the management of access points
EP4335083A1 (fr) Procédés, systèmes et supports lisibles par ordinateur permettant de générer et d'utiliser des jetons d'accès oauth 2.0 à usage unique pour sécuriser des interfaces d'architecture basée sur un service (sba) spécifique
US20170180382A1 (en) Method and Apparatus for Using Software Defined Networking and Network Function Virtualization to Secure Residential Networks
JP4299621B2 (ja) サービス提供方法、サービス提供プログラム、ホスト装置、および、サービス提供装置
JP2005244964A (ja) セッション情報管理方法およびセッション情報管理装置
JP2014501959A (ja) ユーザにサービスアクセスを提供する方法およびシステム
JP5486523B2 (ja) ネットワーク接続制御システム及び接続制御方法
JP4693174B2 (ja) 中間ノード
WO2019000597A1 (fr) Procédé et dispositif de dissimulation d'adresses ip
JP4768761B2 (ja) サービス提供システム、サービス提供方法およびサービス提供プログラム
JP2005122695A (ja) 認証方法、サーバ計算機、クライアント計算機、および、プログラム
JP4950095B2 (ja) サービス提供システム、サービス提供方法およびサービス提供プログラム
JP4950096B2 (ja) サービス提供システム、サービス提供方法およびサービス提供プログラム
US11784993B2 (en) Cross site request forgery (CSRF) protection for web browsers
US10079857B2 (en) Method of slowing down a communication in a network
WO2021223097A1 (fr) Procédé d'authentification et d'autorisation pour contenu de données dans un réseau et support de stockage lisible par ordinateur
JP2004242161A (ja) データ通信網システムおよびデータ通信網接続制御方法
JP4862803B2 (ja) アプリケーションサービスシステム、サーバシステム、セッション管理方法、及びプログラム
JP2004220075A (ja) ネットワーク認証アクセス制御サーバ、アプリケーション認証アクセス制御サーバ、および統合型認証アクセス制御システム
EP3907967A1 (fr) Procédé pour empêcher un dispositif sip d'être attaqué, dispositif d'appel et dispositif appelé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17915208

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 20.05.2020.

122 Ep: pct application non-entry in european phase

Ref document number: 17915208

Country of ref document: EP

Kind code of ref document: A1