WO2019206254A1 - Penetration method, device, server and medium for devices under different nat nodes - Google Patents

Penetration method, device, server and medium for devices under different nat nodes Download PDF

Info

Publication number
WO2019206254A1
WO2019206254A1 PCT/CN2019/084447 CN2019084447W WO2019206254A1 WO 2019206254 A1 WO2019206254 A1 WO 2019206254A1 CN 2019084447 W CN2019084447 W CN 2019084447W WO 2019206254 A1 WO2019206254 A1 WO 2019206254A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
relay
signaling server
address
data
Prior art date
Application number
PCT/CN2019/084447
Other languages
French (fr)
Chinese (zh)
Inventor
陈志兴
熊第彬
Original Assignee
深圳市网心科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市网心科技有限公司 filed Critical 深圳市网心科技有限公司
Publication of WO2019206254A1 publication Critical patent/WO2019206254A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method, a penetration system, a device, a server, and a storage medium for a device under different NAT nodes.
  • NAT Network Address Translation
  • WAN Wide Area Network
  • NAT Network Address Translation
  • the application scenarios of client device communication under different NAT nodes are usually real-time streaming services such as voice and video.
  • VoIP Voice over Internet Protocol
  • This kind of real-time streaming media service experience pays more attention to real-time transmission, it does not pursue reliable transmission of data, and because it transmits multimedia data, the security of data transmission is not particularly harsh, and usually such service pairs are established.
  • the speed of the transmission channel is also relatively tolerant. Therefore, based on these characteristics, there are already mature penetration schemes of devices under different NAT nodes, for example, WebRTC (Web Real-Time Communication).
  • the technical problem to be solved by the present application is to provide a device penetration method, a penetration system, a device, a server, and a storage medium under different NAT nodes, which can solve the problem of reliable data transmission, private data transmission, and rapid establishment of a transmission channel. .
  • a technical solution adopted by the present application is to provide a method for penetrating devices under different NAT nodes, the penetration method being applicable to the first penetration system of devices under different NAT nodes.
  • the signaling server feeds back the communication address and a secret key for generating a preset type key to the first device, and sends the communication address and the key seed to The second device;
  • the first device and the second device send a resource allocation request to the data relay server, where the data relay server allocates resources for communication between the first device and the second device;
  • the first device acquires a relay address of the second device from the signaling server, and sends a data channel establishment request with the relay address to the data relay server, after the data channel is established Generating a corresponding encryption key based on the secret key seed, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the secret key seed, and transmitting the encrypted data to the data channel based on the established data channel Said second device.
  • the application of the present application is: different from the prior art, the present application provides a method for penetrating a device under different NAT nodes, a penetration system, a device, a server, and a storage medium, wherein the device includes the first The first device under the NAT node and the second device under the second NAT node, the method for penetrating includes: first, the first device and the second device respectively obtain a communication address and a key seed of the data relay server, and then the first device further Obtaining a relay address of the second device, and requesting the data relay channel to establish a data channel with the relay address, and finally the first device establishes a data channel with the second device, and generates a corresponding key according to the secret key, and uses the corresponding encryption. Way to transfer data. Therefore, since the communication information between the devices is transmitted through an agreed encryption method, the present application can solve the problem of reliable data transmission and private data transmission, and further establish a transmission channel at a high speed.
  • FIG. 1 is a schematic structural diagram of a penetration system of a device under different NAT nodes according to an embodiment of the present application
  • FIG. 2 is a schematic diagram of a packet format of a Remote module of the first device and the second device;
  • FIG. 3 is a schematic diagram of a first signaling server provided by an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to an embodiment of the present application
  • FIG. 5 is a schematic diagram of a program module of the first node device penetration program in FIG. 3;
  • FIG. 6 is a schematic diagram of a first device according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram of a program module of the second node device penetration program of FIG. 6;
  • FIG. 8 is a schematic diagram of a second signaling server according to an embodiment of the present application.
  • FIG. 9 is a schematic diagram of a program module of the third node device penetration program of FIG. 8;
  • FIG. 10 is a schematic diagram of a data relay server according to an embodiment of the present application.
  • FIG. 11 is a schematic diagram of a program module of the fourth node device penetration program in FIG. 10;
  • FIG. 12 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to another embodiment of the present application.
  • FIG. 13 is a schematic diagram of a network architecture corresponding to the penetration method shown in FIG.
  • FIG. 1 is a schematic structural diagram of a penetration system 01 of a device under different NAT nodes according to an embodiment of the present application.
  • the penetration system 01 of the present embodiment includes a first device 1 located under a first NAT node, a second device 2 located under a second NAT node, a data relay server 3, and a signaling server 4.
  • the first device 1 and the second device 2 need to perform data transmission, a data channel needs to be established between the two. After the data channel between the first device 1 and the second device 2 is established, the first device 1 encrypts the data to be transmitted, and transmits the encrypted data to the second device based on the established data channel. 2.
  • the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node.
  • the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3.
  • the signaling server 4 also includes a second signaling server 42 corresponding to the second NAT node.
  • the second signaling server 42 can perform data transmission with the second device 2, the data relay server 3, and the first signaling server 41.
  • both the first device 1 and the second device 2 are integrated with a Remote module. It communicates with the data relay server 3 through the Remote module.
  • the first device 1 includes an Http client (not shown) and a Remote module (not shown)
  • the second device 2 includes an Http server (not shown) and an NGINX server (not shown). Out) and the Remote module (not shown).
  • the Remote module completes the work of reliable data transmission, encrypted transmission, and fast establishment of transmission channels.
  • the message format is shown in Figure 2.
  • FIG. 3 is a schematic diagram of a first signaling server 41 according to an embodiment of the present application.
  • the first signaling server 41 includes a first memory 411 and a first processor 412.
  • the first memory 411 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the first memory 411 may be an internal storage unit of the first signaling server 41, such as a hard disk of the first signaling server 41, in some embodiments.
  • the first memory 411 may also be an external storage device of the first signaling server 41 in other embodiments, such as a plug-in hard disk equipped with the first signaling server 41, and a smart memory card (Smart Media Card, SMC), Secure Digital (SD) card, Flash Card, etc. Further, the first memory 411 may also include both an internal storage unit of the first signaling server 41 and an external storage device.
  • the first memory 411 can be used not only for storing application software and various types of data installed in the first signaling server 41, for example, the first node device penetration program 10 of the device under different NAT nodes, and the like. Store data that has been output or will be output.
  • the first processor 412 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip for running the program stored in the first memory 411
  • CPU central processing unit
  • controller microcontroller
  • microprocessor or other data processing chip for running the program stored in the first memory 411
  • code or processing data such as the first node device penetration program 10.
  • FIG. 3 shows only the first signaling server 41 with components 411-412. It will be understood by those skilled in the art that the structure shown in FIG. 3 does not constitute a limitation on the first signaling server 41, and may include ratios. Less or more components are illustrated, or some components are combined, or different component arrangements.
  • the first signaling server 41 may further include a user interface
  • the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, and an Organic Light-Emitting Diode (OLED) touch device.
  • the display may also be referred to as a display screen or display unit for displaying information processed in the first signaling server 41 and a user interface for displaying visualizations.
  • the first signaling server 41 may further include a communication unit, for example, a Wi-Fi unit, a SIM (Subscriber Identification Module) card-based mobile communication unit, and the like.
  • a communication unit for example, a Wi-Fi unit, a SIM (Subscriber Identification Module) card-based mobile communication unit, and the like.
  • the embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
  • FIG. 4 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to an embodiment of the present application.
  • the method for penetrating the device under different NAT nodes is applicable to the first signaling server 41, the first signaling server 41 is corresponding to the first NAT node, and the first signaling server 41 is applicable to A data channel is established between the first device 1 under the first NAT node and the second device 2 under the second NAT node.
  • the method includes:
  • A10 Detecting and receiving a request for acquiring the communication address of the data relay server 3 sent by the first device 1.
  • the first device 1 requests the communication address of the data relay server 3 through the first signaling server 41.
  • A20 After receiving the request, in response to the request, feed back the communication address and a key seed for generating a preset type key to the first device 1.
  • the key seed of the preset type includes an AES (Advanced Encryption Standard) key seed, a DES (DES full name Data Encryption Standard) data key and RSA (Ron Rivest). At least one of the key seeds, Adi Shamir, asymmetric asymmetric encryption algorithm proposed by Leonard Adleman.
  • AES Advanced Encryption Standard
  • DES DES full name Data Encryption Standard
  • RSA Ron Rivest
  • only one of the AES key seed, the DES key seed, or the RSA key seed may be employed. That is to say, only one of the encryption methods of AES, DES or RSA is adopted. Two or three key seeds of the AES key seed, the DES key seed, or the RSA key seed may also be employed. That is to say, the encryption method using two or three combinations of AES, DES or RSA.
  • each encryption method has its own unique advantages, it also has its shortcomings. Therefore, the combined encryption method can better integrate advantages and avoid disadvantages.
  • the encryption method combining DES and RSA makes the advantages and disadvantages of DES and RSA complement each other, that is, the DES encryption speed is fast, and it is suitable for encrypting long messages, which can be used to encrypt plaintext; RSA encryption speed is slow and security is good.
  • the encryption applied to the DES key solves the problem of DES key distribution.
  • A30 Send the communication address and the secret key to the second device 2.
  • the step A30 includes: sending the communication address and the key seed to the second signaling server 42 corresponding to the second NAT node, and the second signaling server 42 The communication address and the secret key are sent to the second device 2.
  • the second device 2 in this embodiment may receive the first signaling server 41 corresponding to the first NAT node and request the communication address of the data relay server 3, which means that only the first signaling server 41 exists;
  • the communication address and key seed of the data relay server 3 sent by the second signaling server 42 corresponding to the second NAT node means that the first signaling server 41 and the second signaling server 42 exist simultaneously.
  • the second device 2 also receives the communication address and key seed of the data relay server 3. In this way, the timeliness of information transmission is ensured, so that the establishment of subsequent data channels can be timely and fast.
  • A40 receiving an acquisition request of the relay address of the second device 2 sent by the first device 1, sending the acquisition request to the data relay server 3, and responding to the acquisition request by the data relay server 3, A reporting instruction of the relay address is sent to the second device 2.
  • the first signaling server 41 sends the acquisition request to the second signaling server 42
  • the second signaling server 42 sends the acquisition request to the data relay server 3
  • the data relay server 3 transmits a report request of the relay address to the second device 2 in response to the acquisition request.
  • A50 Receive the relay address reported by the second device 2, and feed back the received relay address to the first device 1.
  • receiving the relay address reported by the second device includes: receiving the relay address reported by the second device 2 from the data relay server 3 or the second signaling server 42.
  • the first device 1 After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
  • the corresponding key is generated according to the key seed and the data is transmitted by using the corresponding encryption method.
  • the signaling server 4 includes the first signaling server 41 and the second signaling server 42
  • the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3, or
  • the second device 2 performs data transmission;
  • the second signaling server 42 can only perform data transmission with the second device 2 and the data relay server 3.
  • the first memory 411 as a computer storage medium stores, on the first processor 412, under different NAT nodes.
  • the first node device of the device penetrates the program 10, and when the first node device penetration program 10 is executed by the first processor 412, the method for penetrating the devices under different NAT nodes is implemented.
  • FIG. 5 is a schematic diagram of a program module of the first node device penetration program 10 of FIG.
  • the first node device penetration program 10 can be divided into one or more modules, and the modules referred to in the present application refer to a series of computer program instruction segments capable of performing specific functions.
  • the first node device penetration program 10 can be divided into a first receiving module 101, a first feedback module 102, a second feedback module 103, a second receiving module 104, and a third feedback module 105.
  • the functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
  • FIG. 6 is a schematic diagram of a first device 1 according to an embodiment of the present application.
  • the first device 1 includes a second memory 11 and a second processor 12.
  • the second memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the second memory 11 may in some embodiments be an internal storage unit of the first device 1, such as a hard disk of the first device 1.
  • the second memory 11 may also be an external storage device of the first device 1 in other embodiments, such as a plug-in hard disk equipped on the first device 1, a smart memory card (SMC), and security. Digital (Secure Digital, SD) card, flash card (Flash Card), etc. Further, the second memory 11 may also include both an internal storage unit of the first device 1 and an external storage device.
  • the second memory 11 can be used not only for storing application software and various types of data installed in the first device 1, such as the second node device penetration program 20, but also for temporarily storing data that has been output or is to be output.
  • the second processor 12 may be a central processing unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running the program stored in the second memory 11 in some embodiments. Code or processing data, such as second node device penetration program 20, and the like.
  • CPU central processing unit
  • controller microcontroller
  • microprocessor or other data processing chip for running the program stored in the second memory 11 in some embodiments.
  • Code or processing data such as second node device penetration program 20, and the like.
  • Figure 6 shows only the first device 1 with the components 11-12, it will be understood by those skilled in the art that the structure shown in Figure 6 does not constitute a limitation of the first device 1, and may include fewer than the illustration Or more parts, or some parts, or different parts.
  • the first device 1 may further include a user interface
  • the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, and an Organic Light-Emitting Diode (OLED) touch sensor.
  • the display may also be referred to as a display screen or display unit for displaying information processed in the first device 1 and a user interface for displaying visualizations.
  • the first device 1 may further include a communication unit, for example, a Wi-Fi unit, a SIM (Subscriber Identification Module) card-based mobile communication unit, and the like.
  • a communication unit for example, a Wi-Fi unit, a SIM (Subscriber Identification Module) card-based mobile communication unit, and the like.
  • the embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
  • the method for penetrating the devices under different NAT nodes is applicable to the first device 1 located under the first NAT node, and the first device 1 is applicable to the second device located under the second NAT node.
  • a data channel is established between devices 2. The method includes:
  • B10 if there is data to be transmitted to the second device 2, send a request for acquiring the communication address of the data relay server 3 to the signaling server 4, and receive the communication address from the signaling server 4 and use for generating Preset type key.
  • the first device 1 requests the signaling server 4 for the communication address of the data relay server 3.
  • the signaling server 4 feeds back the communication address and key seed of the data relay server 3 to the first device 1.
  • the signaling server 4 transmits the communication address and the secret key of the data relay server 3 to the second device 2.
  • B20 Send a resource allocation request to the data relay server 3, where the data relay server 3 allocates resources for communication between the first device 1 and the second device 2.
  • the data relay server 3 of this embodiment may be a TURN server supporting the RFC6062 protocol. Therefore, the first device 1 and the second device 2 specifically request resource allocation to the data relay server 3 in the manner of the RFC6062 protocol.
  • first device 1 and the second device 2 may request resource allocation from the data relay server 3CS through the same signaling server 4, or may forward the data to the server through the first signaling server 41 and the second signaling server 42, respectively. 3 request resource allocation.
  • B30 Obtain a relay address of the second device 2 from the signaling server 4, and send a data channel establishment request with the relay address to the data relay server 3, where the data channel is established. And generating a corresponding encryption key based on the secret key, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the secret key, and transmitting the encrypted data to the created data channel according to the established The second device 2.
  • the first device 1 After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
  • the corresponding key is generated according to the key seed, and the corresponding encryption method is used to transmit the data.
  • the obtaining the relay address of the second device 2 from the signaling server 4 in step B30 includes:
  • the first device 1 sends an acquisition request of the relay address of the second device 2 to the signaling server 4;
  • the signaling server 4 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request;
  • the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the signaling server 4;
  • the signaling server 4 feeds back the relay address reported by the second device 2 to the first device 1.
  • the first signaling server 41 receives both the relay address acquisition request sent by the first device 1 and sends the request to the data relay server 3; and receives the data relay server 3 feedback. The relay address reported by the second device 2 is fed back to the first device 1.
  • the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node, and a second signaling server 42 corresponding to the second NAT node, in step B30.
  • the obtaining, by the signaling server 4, the relay address of the second device 2 includes:
  • the first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41;
  • the first signaling server 41 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request, or
  • the first signaling server 41 sends the acquisition request to the second signaling server 42, and the second signaling server 42 sends the acquisition request to the data relay server 3, by the
  • the data relay server 3 sends a report instruction of the relay address to the second device 2 in response to the acquisition request;
  • the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the first signaling server 41 or the second signaling server 42;
  • the first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or the second signaling server 42 relays the relay reported by the second device 2
  • the address is sent to the first signaling server 41, and the relay address reported by the second device 2 is fed back to the first device 1 by the first signaling server 41.
  • the signaling server 4 includes the first signaling server 41 and the second signaling server 42
  • the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3, or
  • the second device 2 performs data transmission;
  • the second signaling server 42 can only perform data transmission with the second device 2 and the data relay server 3.
  • the second memory 11 as a computer storage medium stores devices under different NAT nodes that can be run on the second processor 12.
  • the second node device penetrates the program 20, and when the second node device penetration program 20 is executed by the second processor 12, the method for penetrating the devices under different NAT nodes is implemented.
  • FIG. 7 is a schematic diagram of a program module of the second node device penetration program 20 of FIG.
  • the second node device penetration program 20 can be divided into one or more modules, and the module referred to herein refers to a series of computer program instruction segments capable of performing a specific function.
  • the second node device penetration program 20 can be divided into a third receiving module 201, a resource allocation requesting module 202, and a data transmission module 203.
  • the functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
  • FIG. 8 is a schematic diagram of a second signaling server 42 according to an embodiment of the present application.
  • the second signaling server 42 includes a third memory 421 and a third processor 422.
  • the third memory 421 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the third memory 421 may be an internal storage unit of the second signaling server 42, such as a hard disk of the second signaling server 42, in some embodiments.
  • the third memory 421 may also be an external storage device of the second signaling server 42 in other embodiments, such as a plug-in hard disk equipped on the second signaling server 42, a smart memory card (Smart Media Card, SMC), Secure Digital (SD) card, Flash Card, etc. Further, the third memory 421 may also include both an internal storage unit of the second signaling server 42 and an external storage device.
  • the third memory 421 can be used not only for storing application software and various types of data installed in the second signaling server 42, such as the third node device penetration program 30, but also for temporarily storing the output that has been output or will be output. data.
  • the third processor 422 may be a central processing unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running the program stored in the third memory 421 in some embodiments.
  • the code or processing data such as the third node device penetration program 30.
  • FIG. 8 shows only the second signaling server 42 having components 421-422. It will be understood by those skilled in the art that the structure illustrated in FIG. 8 does not constitute a limitation to the second signaling server 42, and may include ratios. Less or more components are illustrated, or some components are combined, or different component arrangements.
  • the embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
  • the method for penetrating the devices under different NAT nodes is applicable to the second signaling server 42, the second signaling server 42 is corresponding to the second NAT node, and the second signaling server 42 is applicable to A data channel is established between the first device 1 under the first NAT node and the second device 2 under the second NAT node.
  • the method includes:
  • the first device 1 requests the first signaling server 41 corresponding to the first NAT node to request the communication address of the data relay server 3.
  • the first signaling server 41 feeds back the communication address and key seed of the data relay server 3 to the first device 1.
  • the first signaling server 41 sends the communication address and the secret key of the data relay server 3 to the second signaling server 42 to transmit the communication address and the secret key of the data relay server 3 to the second device 2.
  • C20 receiving, from the first signaling server 41, an acquisition request of the relay address of the second device 2 sent by the first device 1, and sending the acquisition request to the data relay server 3, by the The data relay server 3 transmits a report request of the relay address to the second device 2 in response to the acquisition request.
  • C30 receiving, from the data relay server 3, the relay address reported by the second device 2, and transmitting the relay address reported by the second device 2 to the first signaling server 41, and by the A signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1.
  • the first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41, and the first signaling server 41 sends the acquisition request to the second signaling.
  • the server 42 sends the acquisition request to the data relay server 3 by the second signaling server 42, and the data relay server 3 sends a relay address to the second device 2 in response to the acquisition request.
  • the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2
  • the address is fed back to the first signaling server 41 or the second signaling server 42; the first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or
  • the second signaling server 42 sends the relay address reported by the second device 2 to the first signaling server 41, and reports the second device 2 by the first signaling server 41.
  • the relay address is fed back to the first device 1.
  • a third node device 421 that is operable on the third processor 422 is stored on the third memory 421 as a computer storage medium.
  • FIG. 9 is a schematic diagram of a program module of the third node device penetration program 30 of FIG.
  • the third node device penetration program 30 can be divided into one or more modules, and the modules referred to in the present application refer to a series of computer program instruction segments capable of performing specific functions.
  • the third node device penetration program 30 may be divided into a first relay module 301, a second relay module 302, and a third relay module 303.
  • the functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
  • FIG. 10 is a schematic diagram of a data relay server 3 according to an embodiment of the present application.
  • the data relay server 3 includes a fourth memory 31 and a fourth processor 32.
  • the fourth memory 31 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the fourth memory 31 may be an internal storage unit of the data relay server 3, such as a hard disk of the data relay server 3, in some embodiments.
  • the fourth memory 31 may also be an external storage device of the data relay server 3 in other embodiments, such as a plug-in hard disk equipped on the data relay server 3, a smart memory card (SMC), and security. Digital (Secure Digital, SD) card, flash card (Flash Card), etc. Further, the fourth memory 31 may also include both an internal storage unit of the data relay server 3 and an external storage device.
  • the fourth memory 31 can be used not only for storing application software and various types of data installed in the data relay server 3, such as the fourth node device penetration program 30, but also for temporarily storing data that has been output or is to be output.
  • the fourth processor 32 may be a central processing unit (CPU), controller, microcontroller, microprocessor or other data processing chip for operating the memory stored in the fourth memory 31.
  • Program code or processing data such as fourth node device penetration program 30, and the like.
  • FIG. 10 shows only the data relay server 3 having the components 31-32. It will be understood by those skilled in the art that the structure shown in FIG. 10 does not constitute a limitation of the data relay server 3, and may include less than the illustration. Or more parts, or some parts, or different parts.
  • the embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
  • the method for penetrating the devices under different NAT nodes is applicable to the transit server, and the transit server is applicable to the first device 1 under the first NAT node and the second device under the second NAT node.
  • Establish a data channel between 2. The method includes:
  • D10 Receive and respond to a resource allocation request sent by the first device 1 and the second device 2, and allocate resources for communication between the first device 1 and the second device 2.
  • the data relay server 3 of this embodiment may be a TURN server supporting the RFC6062 protocol. Therefore, the first device 1 and the second device 2 specifically request resource allocation to the data relay server 3 in the manner of the RFC6062 protocol.
  • first device 1 and the second device 2 can request resource allocation from the data relay server 3 through the first signaling server 41 and the second signaling server 42, respectively.
  • D20 receiving, from the first signaling server 41 or the second signaling server 42, a response request of a relay address of the second device 2, and sending a reporting instruction of the relay address to the second device 2 Receiving, by the second device 2, the relay address corresponding to the second device 2, and reporting the relay address reported by the second device 2 to the first signaling server 41 or the second signaling Server 42.
  • D30 receiving and responding to the establishment request of the data channel with the relay address of the second device 2 sent by the first device 1, according to the received relay address of the second device 2, in the A data channel is established between a device 1 and the second device 2, for the first device 1 to transmit data to the second device 2 based on the established data channel.
  • the first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41, and the first signaling server 41 sends the acquisition request to the second signaling.
  • the server 42 sends the acquisition request to the data relay server 3 by the second signaling server 42, and the data relay server 3 sends a relay address to the second device 2 in response to the acquisition request.
  • the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2
  • the address is fed back to the first signaling server 41 or the second signaling server 42; the first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or
  • the second signaling server 42 sends the relay address reported by the second device 2 to the first signaling server 41, and reports the second device 2 by the first signaling server 41.
  • the relay address is fed back to the first device 1.
  • the first device 1 After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1
  • the data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
  • the corresponding key is generated according to the key seed, and the corresponding encryption method is used to transmit the data.
  • a fourth node device penetration program 40 executable on the fourth processor 32 is stored on the fourth memory 31 as a computer storage medium.
  • the fourth node device penetration program 40 is executed by the fourth processor 32, the method for penetrating the devices under different NAT nodes is implemented.
  • FIG. 11 is a schematic diagram of a program module of the fourth node device penetration program 40 of FIG.
  • the fourth node device penetration program 40 can be divided into one or more modules, and the modules referred to in the present application refer to a series of computer program instruction segments capable of performing specific functions.
  • the fourth node device penetration program 40 can be divided into a resource allocation module 401, a fourth relay module 402, and a channel establishment module 403.
  • the functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
  • the embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a first/second/third/fourth node device penetration program, the first/second/third The fourth node device penetration procedure can be performed by at least one processor to cause the at least one processor to perform a penetration method of devices under different NAT nodes in any of the above embodiments.
  • FIG. 12 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to an embodiment of the present disclosure
  • FIG. 13 is a schematic diagram of a network architecture corresponding to the penetrating method illustrated in FIG. 12 . .
  • the method for penetrating the device under different NAT nodes is applicable to establishing a data channel between the first device 1 under the first NAT node and the second device 2 located under the second NAT node, and Data interaction based on established data channels.
  • NAT can be used when some hosts inside the private network have already been assigned a local IP address (that is, a private address only used in the private network), but now want to communicate with the host on the Internet (and do not need to encrypt) method.
  • This method requires the installation of NAT software on a router that has a private network connected to the Internet.
  • a router with NAT software is called a NAT router and it has at least one valid external global IP address. In this way, all hosts using local addresses must convert their local addresses to global IP addresses on the NAT router when communicating with the outside world to connect to the Internet.
  • the penetration method of this embodiment includes the following steps:
  • Step S10 If the first device 1 needs to transmit data to the second device 2, the first device 1 sends a request for acquiring the communication address of the data relay server 3 to the signaling server 4.
  • the first device 1 in this embodiment acquires the communication address of the data relay server 3 from the signaling server through the HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) protocol. It can be understood that the first device 1 can also obtain the communication address of the data relay server 3 from the signaling server through other protocols, such as the HTTP protocol.
  • HTTPS Hyper Text Transfer Protocol over Secure Socket Layer
  • Step S20 the signaling server receives and responds to the request, and feeds back to the first device 1 the communication address and a secret key used to generate a preset type secret key, and the communication address and the secret The key seed is sent to the second device 2.
  • the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node, and a second signaling server 42 corresponding to the second NAT node, where the step S20 includes:
  • the first signaling server 41 feeds back the communication address and a key seed for generating a preset type key to the first device 1;
  • the first signaling server 41 sends the communication address and the secret key to the second device 2, or the first signaling server 41 sends the communication address and the key seed
  • the second signaling server 42 is sent to the second device 2 by the second signaling server 42 to send the communication address and the secret key.
  • the first device 1 in this embodiment requests the first signaling server 41 corresponding to the first NAT node to request the communication address of the data relay server 3, and further receives the communication address of the data relay server 3 returned by the first signaling server 41. And key seed.
  • the second device 2 in this embodiment may receive the first signaling server 41 corresponding to the first NAT node and request the communication address of the data relay server 3, which means that only the first signaling server 41 exists;
  • the communication address and key seed of the data relay server 3 sent by the second signaling server 42 corresponding to the second NAT node means that the first signaling server 41 and the second signaling server 42 exist simultaneously.
  • the second device 2 also receives the communication address and key seed of the data relay server 3. In this way, the timeliness of information transmission is ensured, so that the establishment of subsequent data channels can be timely and fast.
  • the key seed of the preset type includes an AES (Advanced Encryption Standard) key seed, a DES (DES full name Data Encryption Standard) data key and RSA (Ron Rivest). At least one of the key seeds, Adi Shamir, asymmetric asymmetric encryption algorithm proposed by Leonard Adleman.
  • AES Advanced Encryption Standard
  • DES DES full name Data Encryption Standard
  • RSA Ron Rivest
  • AES key seed only one of the AES key seed, DES key seed, or RSA key seed may be employed. That is to say, only one of the encryption methods of AES, DES or RSA is adopted. Two or three key seeds of the AES key seed, the DES key seed, or the RSA key seed may also be employed. That is to say, the encryption method using two or three combinations of AES, DES or RSA.
  • each encryption method has its own unique advantages, it also has its shortcomings. Therefore, the combined encryption method can better integrate advantages and avoid disadvantages.
  • the encryption method combining DES and RSA makes the advantages and disadvantages of DES and RSA complement each other, that is, the DES encryption speed is fast, and it is suitable for encrypting long messages, which can be used to encrypt plaintext; RSA encryption speed is slow and security is good.
  • the encryption applied to the DES key solves the problem of DES key distribution.
  • Step S30 The first device 1 and the second device 2 send a resource allocation request to the data relay server 3, where the data relay server 3 is the first device 1 and the second device 2 Communication allocates resources.
  • the data relay server 3 of this embodiment may be a TURN server supporting the RFC6062 protocol. Therefore, the first device 1 and the second device 2 specifically request resource allocation to the data relay server 3 in the manner of the RFC6062 protocol.
  • first device 1 and the second device 2 can request resource allocation from the data relay server 3 through the first signaling server 41 and the second signaling server 42, respectively.
  • Step S40 The first device 1 acquires a relay address of the second device 2 from the signaling server 4, and sends a data channel establishment request with the relay address to the data relay server 3, where After the data channel is established, the corresponding encryption key is generated based on the secret key, and the data to be transmitted is encrypted according to an encryption algorithm corresponding to the key seed, and the encrypted data is established based on the established The data channel is transmitted to the second device 2.
  • the first device 1 After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
  • the corresponding key is generated according to the key seed, and the corresponding encryption method is used to transmit the data. It should be understood that which key seed is obtained in the foregoing step S20, and which encryption method is used in this step for data transmission. For example, if the AES key seed is obtained in step S20, this step generates an AES key and transmits the data using AES encryption.
  • the first device 1 in step S40 acquires the relay address of the second device 2 from the signaling server 4, including:
  • the first device 1 sends an acquisition request of the relay address of the second device 2 to the signaling server 4;
  • the signaling server 4 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request;
  • the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the signaling server 4;
  • the signaling server 4 feeds back the relay address reported by the second device 2 to the first device 1.
  • the first signaling server 41 receives both the relay address acquisition request sent by the first device 1 and sends the request to the data relay server 3; and receives the data relay server 3 feedback. The relay address reported by the second device 2 is fed back to the first device 1.
  • the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node, and a second signaling server 42 corresponding to the second NAT node, in step S40.
  • the acquiring, by the first device 1, the relay address of the second device 2 from the signaling server 4 includes:
  • the first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41;
  • the first signaling server 41 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request, or
  • the first signaling server 41 sends the acquisition request to the second signaling server 42, and the second signaling server 42 sends the acquisition request to the data relay server 3, by the
  • the data relay server 3 sends a report instruction of the relay address to the second device 2 in response to the acquisition request;
  • the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the first signaling server 41 or the second signaling server 42;
  • the first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or the second signaling server 42 relays the relay reported by the second device 2
  • the address is sent to the first signaling server 41, and the relay address reported by the second device 2 is fed back to the first device 1 by the first signaling server 41.
  • the signaling server 4 includes the first signaling server 41 and the second signaling server 42
  • the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3, or
  • the second device 2 performs data transmission;
  • the second signaling server 42 can only perform data transmission with the second device 2 and the data relay server 3.
  • the present application can solve the problem of reliable data transmission and private data transmission, and further establish a transmission channel at a very high speed.

Abstract

Disclosed by the present application are a penetration method and penetration system for devices under different NAT nodes. The system comprises: a first device under a first NAT node, a second device under a second NAT node, a data transfer server and a signaling server; when the first device needs to transmit data to the second device, the first device needs to establish a data channel to the second device by means of the data transfer server and the signaling server; after the data channel is established, data to be transmitted is encrypted by means of a preset type of encryption mode, and the encrypted data is transmitted to the second device on the basis of the established data channel. Also provided by the present application are a device, a server and a medium. Since the communication information between devices is transmitted by means of a preset type of encryption, reliable data transmission and private data transmission may be achieved, and a transmission channel may be further established at high speed.

Description

处于不同NAT节点下的设备的穿透方法、设备、服务器及介质Penetration method, device, server and medium of devices under different NAT nodes
本申请基于巴黎公约申明享有2018年4月24日递交的申请号为CN2018103720572、名称为“处于不同NAT节点下的设备的穿透方法和穿透系统”的中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。This application is based on the priority of the Chinese Patent Application entitled "Penetration Method and Penetration System for Devices Under Different NAT Nodes", filed on April 24, 2018, with the application number CN2018103720572 submitted by the Paris Convention. The entire content of the application is incorporated herein by reference.
技术领域Technical field
本申请涉及通信技术领域,特别是涉及一种处于不同NAT节点下的设备的穿透方法、穿透系统、设备、服务器及存储介质。The present application relates to the field of communications technologies, and in particular, to a method, a penetration system, a device, a server, and a storage medium for a device under different NAT nodes.
背景技术Background technique
NAT(Network Address Translation,网络地址转换)穿透技术,属接入WAN(Wide Area Network,广域网)技术,是一种将私有(保留)地址转化为合法IP地址的转换技术。NAT (Network Address Translation) penetration technology, which is a WAN (Wide Area Network) technology, is a conversion technology that converts private (reserved) addresses into legal IP addresses.
目前网络应用中对于NAT穿透技术的解决方案大都基于STUN(Simple Traversal of UDP over NATs,NAT的UDP(User Data Protocol,用户数据报协议)简单穿透)和TURN(Traversal Using Relays around NAT,使用中继穿透NAT)协议族。两个位于NAT背后的客户端使用STUN协议获取到客户端所在公网地址,并且通过TURN协议获取客户端所在公网的中继地址,最后通过信令服务器交互对端公网地址和中继地址,优先尝试P2P(peer-to-peer,点对点技术)通讯,失败则使用TURN协议进行数据中转。而在大多数情况下,不同的NAT节点下的客户端设备通讯的应用场景通常是语音、视频等实时流媒体服务,其中以VoIP(Voice over Internet Protocol,网络电话)服务最为典型。由于这类实时流媒体服务体验更看重实时传输,并不追求数据的可靠传输,并且由于传输的是多媒体数据,因此对数据传输的安全性也不会特别苛刻,再者通常这类服务对建立传输通道的速度也较为宽容,因此基于这些特性,目前市场上已出现了成熟的不同NAT节点下的设备的穿透方案,例如,WebRTC(Web Real-Time Communication,网页实时通信)。At present, most solutions for NAT penetration technology in network applications are based on STUN (Simple Traversal of UDP over NATs, NAT UDP (User Data Protocol) simple penetration) and TURN (Traversal Using Relays around NAT). Relay through NAT) protocol family. The two clients behind the NAT use the STUN protocol to obtain the public network address of the client, and obtain the relay address of the public network where the client is located through the TURN protocol. Finally, the signaling server exchanges the public network address and relay address of the peer. P2P (peer-to-peer) communication is preferred. If it fails, the TURN protocol is used for data transfer. In most cases, the application scenarios of client device communication under different NAT nodes are usually real-time streaming services such as voice and video. Among them, VoIP (Voice over Internet Protocol) is the most typical. Since this kind of real-time streaming media service experience pays more attention to real-time transmission, it does not pursue reliable transmission of data, and because it transmits multimedia data, the security of data transmission is not particularly harsh, and usually such service pairs are established. The speed of the transmission channel is also relatively tolerant. Therefore, based on these characteristics, there are already mature penetration schemes of devices under different NAT nodes, for example, WebRTC (Web Real-Time Communication).
然而,这类成熟的穿透方案通常并不适用于对数据可靠性和安全性要求较高的应用场景,随着移动互联网的不断发展,将不同NAT节点下的设备应用于对数据可靠性和安全性要求较高的应用场景的需求越来越多,因此,如何为不同NAT节点下的设备,提供一种数据传输更可靠、传输安全性更高、建立传输通道的速度更快的穿透方案,已经成为一个亟待解决的技术问题。However, such mature penetration schemes are generally not suitable for application scenarios with high data reliability and security requirements. With the continuous development of the mobile Internet, devices under different NAT nodes are applied to data reliability and There are more and more requirements for application scenarios with high security requirements. Therefore, how to provide more reliable data transmission, higher transmission security, and faster transmission of transmission channels for devices under different NAT nodes. The program has become a technical problem that needs to be solved urgently.
发明内容Summary of the invention
本申请主要解决的技术问题是提供一种处于不同NAT节点下的设备的穿透方法、穿透系统、设备、服务器及存储介质,能够解决数据可靠传输、数 据私密传输、极速建立传输通道的问题。The technical problem to be solved by the present application is to provide a device penetration method, a penetration system, a device, a server, and a storage medium under different NAT nodes, which can solve the problem of reliable data transmission, private data transmission, and rapid establishment of a transmission channel. .
为解决上述技术问题,本申请采用的一个技术方案是:提供一种处于不同NAT节点下的设备的穿透方法,该穿透方法适用于在不同NAT节点下的设备的穿透系统的第一NAT节点下的第一设备和位于第二NAT节点下的第二设备之间建立数据通道,并基于建立的数据通道进行数据交互,该穿透系统还包括数据中转服务器及信令服务器,该穿透方法包括:In order to solve the above technical problem, a technical solution adopted by the present application is to provide a method for penetrating devices under different NAT nodes, the penetration method being applicable to the first penetration system of devices under different NAT nodes. Establishing a data channel between the first device under the NAT node and the second device located under the second NAT node, and performing data interaction based on the established data channel, the penetration system further includes a data relay server and a signaling server, and the The method includes:
所述第一设备若有数据需要传输给所述第二设备,则向信令服务器发送获取数据中转服务器的通信地址的请求;Sending, by the first device, a request for obtaining a communication address of the data relay server to the signaling server if the data needs to be transmitted to the second device;
所述信令服务器接收并响应该请求,向所述第一设备反馈所述通信地址和用于生成预设类型秘钥的秘钥种子,并将所述通信地址和所述秘钥种子发送给所述第二设备;Receiving and responding to the request, the signaling server feeds back the communication address and a secret key for generating a preset type key to the first device, and sends the communication address and the key seed to The second device;
所述第一设备和所述第二设备向所述数据中转服务器发送资源分配请求,供所述数据中转服务器为所述第一设备和所述第二设备的通信分配资源;The first device and the second device send a resource allocation request to the data relay server, where the data relay server allocates resources for communication between the first device and the second device;
所述第一设备从所述信令服务器获取所述第二设备的中继地址,向所述数据中转服务器发送带有所述中继地址的数据通道建立请求,在所述数据通道建立完毕后,基于所述秘钥种子生成对应的加密秘钥,并根据与所述秘钥种子对应的加密算法,对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备。The first device acquires a relay address of the second device from the signaling server, and sends a data channel establishment request with the relay address to the data relay server, after the data channel is established Generating a corresponding encryption key based on the secret key seed, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the secret key seed, and transmitting the encrypted data to the data channel based on the established data channel Said second device.
本申请的有益效果是:区别于现有技术的情况,本申请提供一种处于不同NAT节点下的设备的穿透方法、穿透系统、设备、服务器及存储介质,其中,设备包括位于第一NAT节点下的第一设备和位于第二NAT节点下的第二设备,穿透方法包括:首先第一设备和第二设备分别获取数据中转服务器的通信地址和密钥种子,然后第一设备进一步获取第二设备的中继地址,并携中继地址向数据中转服务器请求建立数据通道,最后第一设备与第二设备建立数据通道,并且按照秘钥种子生成对应的秘钥,使用对应的加密方式传输数据。因此,本申请由于设备间的通信信息是通过约定的加密方式进行传输的,能够解决数据可靠传输、数据私密传输的问题,并进一步极速建立传输通道。The application of the present application is: different from the prior art, the present application provides a method for penetrating a device under different NAT nodes, a penetration system, a device, a server, and a storage medium, wherein the device includes the first The first device under the NAT node and the second device under the second NAT node, the method for penetrating includes: first, the first device and the second device respectively obtain a communication address and a key seed of the data relay server, and then the first device further Obtaining a relay address of the second device, and requesting the data relay channel to establish a data channel with the relay address, and finally the first device establishes a data channel with the second device, and generates a corresponding key according to the secret key, and uses the corresponding encryption. Way to transfer data. Therefore, since the communication information between the devices is transmitted through an agreed encryption method, the present application can solve the problem of reliable data transmission and private data transmission, and further establish a transmission channel at a high speed.
附图说明DRAWINGS
图1是本申请实施例提供的一种处于不同NAT节点下的设备的穿透系统的结构示意图;1 is a schematic structural diagram of a penetration system of a device under different NAT nodes according to an embodiment of the present application;
图2为第一设备及第二设备的Remote模块的报文格式示意图;2 is a schematic diagram of a packet format of a Remote module of the first device and the second device;
图3是本申请实施例提供的一种第一信令服务器的示意图;3 is a schematic diagram of a first signaling server provided by an embodiment of the present application;
图4是本申请实施例提供的一种处于不同NAT节点下的设备的穿透方法的流程示意图;4 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to an embodiment of the present application;
图5为图3中第一节点设备穿透程序的程序模块示意图;5 is a schematic diagram of a program module of the first node device penetration program in FIG. 3;
图6是本申请实施例提供的一种第一设备的示意图;FIG. 6 is a schematic diagram of a first device according to an embodiment of the present disclosure;
图7为图6中第二节点设备穿透程序的程序模块示意图;7 is a schematic diagram of a program module of the second node device penetration program of FIG. 6;
图8是本申请实施例提供的一种第二信令服务器的示意图;FIG. 8 is a schematic diagram of a second signaling server according to an embodiment of the present application;
图9为图8中第三节点设备穿透程序的程序模块示意图;9 is a schematic diagram of a program module of the third node device penetration program of FIG. 8;
图10是本申请实施例提供的一种数据中转服务器的示意图;10 is a schematic diagram of a data relay server according to an embodiment of the present application;
图11为图10中第四节点设备穿透程序的程序模块示意图;11 is a schematic diagram of a program module of the fourth node device penetration program in FIG. 10;
图12是本申请另一个实施例提供的一种处于不同NAT节点下的设备的穿透方法的流程示意图;FIG. 12 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to another embodiment of the present application;
图13是对应图12所示的穿透方法的网络架构示意图。FIG. 13 is a schematic diagram of a network architecture corresponding to the penetration method shown in FIG.
具体实施方式detailed description
请参阅图1,图1是本申请实施例提供的一种处于不同NAT节点下的设备的穿透系统01的结构示意图。Please refer to FIG. 1. FIG. 1 is a schematic structural diagram of a penetration system 01 of a device under different NAT nodes according to an embodiment of the present application.
如图1所示,本实施例的穿透系统01包括位于第一NAT节点下的第一设备1、位于第二NAT节点下的第二设备2、数据中转服务器3及信令服务器4。As shown in FIG. 1, the penetration system 01 of the present embodiment includes a first device 1 located under a first NAT node, a second device 2 located under a second NAT node, a data relay server 3, and a signaling server 4.
若第一设备1和第二设备2需要进行数据传输,两者之间需建立数据通道。当第一设备1与第二设备2之间的数据通道建立完毕后,第一设备1对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备2。If the first device 1 and the second device 2 need to perform data transmission, a data channel needs to be established between the two. After the data channel between the first device 1 and the second device 2 is established, the first device 1 encrypts the data to be transmitted, and transmits the encrypted data to the second device based on the established data channel. 2.
进一步地,所述信令服务器4包括与第一NAT节点对应的第一信令服务器41。第一信令服务器41可与第一设备1、第二设备2、数据中转服务器3进行数据传输。Further, the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node. The first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3.
所述信令服务器4还包括与第二NAT节点对应的第二信令服务器42。第二信令服务器42可与第二设备2、数据中转服务器3、第一信令服务器41进行数据传输。The signaling server 4 also includes a second signaling server 42 corresponding to the second NAT node. The second signaling server 42 can perform data transmission with the second device 2, the data relay server 3, and the first signaling server 41.
需要说明的是,第一设备1和第二设备2都集成了Remote(远程)模块。其通过Remote模块与数据中转服务器3进行通信。其中,第一设备1包括Http客户端(图中未示出)和Remote模块(图中未示出),第二设备2包括Http服务器(图中未示出)、NGINX服务器(图中未示出)以及Remote模块(图中未示出)。It should be noted that both the first device 1 and the second device 2 are integrated with a Remote module. It communicates with the data relay server 3 through the Remote module. The first device 1 includes an Http client (not shown) and a Remote module (not shown), and the second device 2 includes an Http server (not shown) and an NGINX server (not shown). Out) and the Remote module (not shown).
其中,当第一设备1与第二设备2分别处于不通NAT节点背后时,第一设备1将通过Remote模块实现快速安全访问第二设备2。Remote模块完成数据可靠传输、加密传输、快速建立传输通道等工作,其报文格式如图2所示。When the first device 1 and the second device 2 are respectively behind the NAT node, the first device 1 will implement fast and secure access to the second device 2 through the Remote module. The Remote module completes the work of reliable data transmission, encrypted transmission, and fast establishment of transmission channels. The message format is shown in Figure 2.
请参阅图3,图3是本申请实施例提供的一种第一信令服务器41的示意图。Please refer to FIG. 3. FIG. 3 is a schematic diagram of a first signaling server 41 according to an embodiment of the present application.
所述第一信令服务器41包括第一存储器411及第一处理器412。The first signaling server 41 includes a first memory 411 and a first processor 412.
第一存储器411至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。第一存储器411在一些实施例中可以是所述第一信令服务器41的内部存储单元,例如该第一信令服务器41的硬盘。第一存储器411在另一些实施例中也可以是所述第一信令服务器41的外部存储设 备,例如该第一信令服务器41上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,第一存储器411还可以既包括该第一信令服务器41的内部存储单元也包括外部存储设备。The first memory 411 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The first memory 411 may be an internal storage unit of the first signaling server 41, such as a hard disk of the first signaling server 41, in some embodiments. The first memory 411 may also be an external storage device of the first signaling server 41 in other embodiments, such as a plug-in hard disk equipped with the first signaling server 41, and a smart memory card (Smart Media Card, SMC), Secure Digital (SD) card, Flash Card, etc. Further, the first memory 411 may also include both an internal storage unit of the first signaling server 41 and an external storage device.
第一存储器411不仅可以用于存储安装于该第一信令服务器41的应用软件及各类数据,例如处于不同NAT节点下的设备的第一节点设备穿透程序10等,还可以用于暂时地存储已经输出或者将要输出的数据。The first memory 411 can be used not only for storing application software and various types of data installed in the first signaling server 41, for example, the first node device penetration program 10 of the device under different NAT nodes, and the like. Store data that has been output or will be output.
第一处理器412在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行第一存储器411中存储的程序代码或处理数据,例如第一节点设备穿透程序10。The first processor 412, in some embodiments, may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip for running the program stored in the first memory 411 The code or processing data, such as the first node device penetration program 10.
图3仅示出了具有组件411-412的第一信令服务器41,本领域技术人员可以理解的是,图3示出的结构并不构成对第一信令服务器41的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。FIG. 3 shows only the first signaling server 41 with components 411-412. It will be understood by those skilled in the art that the structure shown in FIG. 3 does not constitute a limitation on the first signaling server 41, and may include ratios. Less or more components are illustrated, or some components are combined, or different component arrangements.
可选地,该第一信令服务器41还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。Optionally, the first signaling server 41 may further include a user interface, and the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface.
在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及有机发光二极管(Organic Light-Emitting Diode,OLED)触摸器等。其中,显示器也可以称为显示屏或显示单元,用于显示在第一信令服务器41中处理的信息以及用于显示可视化的用户界面。In some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, and an Organic Light-Emitting Diode (OLED) touch device. Therein, the display may also be referred to as a display screen or display unit for displaying information processed in the first signaling server 41 and a user interface for displaying visualizations.
可选地,第一信令服务器41还可以包括通信单元,例如,Wi-Fi单元、基于SIM(Subscriber Identification Module)卡的移动通信单元等。Optionally, the first signaling server 41 may further include a communication unit, for example, a Wi-Fi unit, a SIM (Subscriber Identification Module) card-based mobile communication unit, and the like.
本申请实施例还提供一种处于不同NAT节点下的设备的穿透方法。The embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
请参阅图4,图4是本申请实施例提供的一种处于不同NAT节点下的设备的穿透方法的流程示意图。Referring to FIG. 4, FIG. 4 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to an embodiment of the present application.
本实施例中,所述处于不同NAT节点下的设备的穿透方法适用于第一信令服务器41,该第一信令服务器41与第一NAT节点对应,该第一信令服务器41适用于在第一NAT节点下的第一设备1和位于第二NAT节点下的第二设备2之间建立数据通道。该方法包括:In this embodiment, the method for penetrating the device under different NAT nodes is applicable to the first signaling server 41, the first signaling server 41 is corresponding to the first NAT node, and the first signaling server 41 is applicable to A data channel is established between the first device 1 under the first NAT node and the second device 2 under the second NAT node. The method includes:
A10:侦测并接收所述第一设备1发送来的获取数据中转服务器3的通信地址的请求。A10: Detecting and receiving a request for acquiring the communication address of the data relay server 3 sent by the first device 1.
第一设备1通过第一信令服务器41请求数据中转服务器3的通信地址。The first device 1 requests the communication address of the data relay server 3 through the first signaling server 41.
A20:在接收到所述请求后,响应该请求,向所述第一设备1反馈所述通信地址和用于生成预设类型秘钥的秘钥种子。A20: After receiving the request, in response to the request, feed back the communication address and a key seed for generating a preset type key to the first device 1.
本实施例中,上述预设类型的秘钥种子包括AES(Advanced Encryption Standard,高级加密标准)密钥种子、DES(DES全称为Data Encryption Standard,即数据加密标准)密钥种子与RSA(Ron Rivest、Adi Shamir、Leonard Adleman提出的非对称加密算法)密钥种子的至少一种。In this embodiment, the key seed of the preset type includes an AES (Advanced Encryption Standard) key seed, a DES (DES full name Data Encryption Standard) data key and RSA (Ron Rivest). At least one of the key seeds, Adi Shamir, asymmetric asymmetric encryption algorithm proposed by Leonard Adleman.
例如,可以仅采用AES密钥种子、DES密钥种子或RSA密钥种子的其 中一种密钥种子。也就是说仅采用AES、DES或RSA的其中一种加密方式。还可以采用AES密钥种子、DES密钥种子或RSA密钥种子的其中两种或三种密钥种子。也就是说采用AES、DES或RSA的其中两种或三种组合的加密方式。For example, only one of the AES key seed, the DES key seed, or the RSA key seed may be employed. That is to say, only one of the encryption methods of AES, DES or RSA is adopted. Two or three key seeds of the AES key seed, the DES key seed, or the RSA key seed may also be employed. That is to say, the encryption method using two or three combinations of AES, DES or RSA.
由于每种加密方式都会有其特有的优点,也会有其不足之处,因此采用组合的加密方式可以更好的融合优点,避免缺点。例如,采用DES与RSA相结合的加密方式,使DES与RSA的优缺点正好互补,即DES加密速度快,适合加密较长的报文,可用其加密明文;RSA加密速度慢,安全性好,应用于DES密钥的加密,可解决DES密钥分配的问题。Since each encryption method has its own unique advantages, it also has its shortcomings. Therefore, the combined encryption method can better integrate advantages and avoid disadvantages. For example, the encryption method combining DES and RSA makes the advantages and disadvantages of DES and RSA complement each other, that is, the DES encryption speed is fast, and it is suitable for encrypting long messages, which can be used to encrypt plaintext; RSA encryption speed is slow and security is good. The encryption applied to the DES key solves the problem of DES key distribution.
目前这种RSA和DES结合的方法已成为EMAIL保密通信标准。At present, this method of combining RSA and DES has become the EMAIL confidential communication standard.
A30:将所述通信地址和所述秘钥种子发送给所述第二设备2。A30: Send the communication address and the secret key to the second device 2.
在其他实施例中,步骤A30包括:将所述通信地址和所述秘钥种子发送给所述第二NAT节点对应的第二信令服务器42,并由所述第二信令服务器42将所述通信地址和所述秘钥种子发送给所述第二设备2。In other embodiments, the step A30 includes: sending the communication address and the key seed to the second signaling server 42 corresponding to the second NAT node, and the second signaling server 42 The communication address and the secret key are sent to the second device 2.
本实施例中的第二设备2可以接收第一NAT节点对应的第一信令服务器41请求数据中转服务器3的通信地址,这种情况是指仅存在第一信令服务器41;也可以接收与第二NAT节点对应的第二信令服务器42发送的数据中转服务器3的通信地址和密钥种子这种情况是指同时存在第一信令服务器41和第二信令服务器42。The second device 2 in this embodiment may receive the first signaling server 41 corresponding to the first NAT node and request the communication address of the data relay server 3, which means that only the first signaling server 41 exists; The communication address and key seed of the data relay server 3 sent by the second signaling server 42 corresponding to the second NAT node means that the first signaling server 41 and the second signaling server 42 exist simultaneously.
值得注意的是,在第一设备1接收到数据中转服务器3的通信地址和密钥种子的同时,第二设备2也接收到数据中转服务器3的通信地址和密钥种子。以此保证信息发送的及时性,使得后续数据通道的建立也能及时、快速。It is to be noted that, while the first device 1 receives the communication address and key seed of the data relay server 3, the second device 2 also receives the communication address and key seed of the data relay server 3. In this way, the timeliness of information transmission is ensured, so that the establishment of subsequent data channels can be timely and fast.
A40:接收所述第一设备1发送来的所述第二设备2中继地址的获取请求,将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令。A40: receiving an acquisition request of the relay address of the second device 2 sent by the first device 1, sending the acquisition request to the data relay server 3, and responding to the acquisition request by the data relay server 3, A reporting instruction of the relay address is sent to the second device 2.
具体地,所述第一信令服务器41将所述获取请求发送给所述第二信令服务器42,并由所述第二信令服务器42将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令。Specifically, the first signaling server 41 sends the acquisition request to the second signaling server 42, and the second signaling server 42 sends the acquisition request to the data relay server 3, The data relay server 3 transmits a report request of the relay address to the second device 2 in response to the acquisition request.
A50:接收所述第二设备2上报的中继地址,并将接收的中继地址反馈给所述第一设备1。A50: Receive the relay address reported by the second device 2, and feed back the received relay address to the first device 1.
在其他实施例中,接收所述第二设备上报的中继地址,包括:从所述数据中转服务器3或者所述第二信令服务器42接收所述第二设备2上报的中继地址。In other embodiments, receiving the relay address reported by the second device includes: receiving the relay address reported by the second device 2 from the data relay server 3 or the second signaling server 42.
当第一设备1获取第二设备2的中继地址后,第一设备1向数据中转服务器3请求建立数据通道,然后第二设备2与数据中转服务器3完成连接捆绑,同时第一设备1与数据中转服务器3也完成连接捆绑,即,第一设备1与第二设备2之间建立了数据通道。After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
数据通道建立完成后,两者之间按照秘钥种子生成对应的秘钥,使用对 应的加密方式传输数据。After the data channel is established, the corresponding key is generated according to the key seed and the data is transmitted by using the corresponding encryption method.
当信令服务器4包括第一信令服务器41及第二信令服务器42时,第一信令服务器41可与第一设备1、第二设备2、数据中转服务器3进行数据传输,也可与第二设备2进行数据传输;第二信令服务器42则只能与第二设备2及数据中转服务器3进行数据传输。When the signaling server 4 includes the first signaling server 41 and the second signaling server 42, the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3, or The second device 2 performs data transmission; the second signaling server 42 can only perform data transmission with the second device 2 and the data relay server 3.
在图3所示的第一信令服务器41实施例中,作为一种计算机存储介质的所述第一存储器411上存储有可在所述第一处理器412上运行的处于不同NAT节点下的设备的第一节点设备穿透程序10,所述第一节点设备穿透程序10被所述第一处理器412执行时实现上述处于不同NAT节点下的设备的穿透方法。In the first signaling server 41 embodiment shown in FIG. 3, the first memory 411 as a computer storage medium stores, on the first processor 412, under different NAT nodes. The first node device of the device penetrates the program 10, and when the first node device penetration program 10 is executed by the first processor 412, the method for penetrating the devices under different NAT nodes is implemented.
请参阅图5,图5为图3中第一节点设备穿透程序10的程序模块示意图。在本实施例中,第一节点设备穿透程序10可以被分割成一个或多个模块,本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段。例如,在图5中,第一节点设备穿透程序10可以被分割成第一接收模块101、第一反馈模块102、第二反馈模块103、第二接收模块104及第三反馈模块105。其中每个模块实现的功能与上述方法实施例大致相同,这里不作赘述。Please refer to FIG. 5. FIG. 5 is a schematic diagram of a program module of the first node device penetration program 10 of FIG. In the present embodiment, the first node device penetration program 10 can be divided into one or more modules, and the modules referred to in the present application refer to a series of computer program instruction segments capable of performing specific functions. For example, in FIG. 5, the first node device penetration program 10 can be divided into a first receiving module 101, a first feedback module 102, a second feedback module 103, a second receiving module 104, and a third feedback module 105. The functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
请参阅图6,图6是本申请实施例提供的一种第一设备1的示意图。Please refer to FIG. 6. FIG. 6 is a schematic diagram of a first device 1 according to an embodiment of the present application.
所述第一设备1包括第二存储器11及第二处理器12。The first device 1 includes a second memory 11 and a second processor 12.
第二存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。第二存储器11在一些实施例中可以是所述第一设备1的内部存储单元,例如该第一设备1的硬盘。第二存储器11在另一些实施例中也可以是所述第一设备1的外部存储设备,例如该第一设备1上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,第二存储器11还可以既包括该第一设备1的内部存储单元也包括外部存储设备。The second memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The second memory 11 may in some embodiments be an internal storage unit of the first device 1, such as a hard disk of the first device 1. The second memory 11 may also be an external storage device of the first device 1 in other embodiments, such as a plug-in hard disk equipped on the first device 1, a smart memory card (SMC), and security. Digital (Secure Digital, SD) card, flash card (Flash Card), etc. Further, the second memory 11 may also include both an internal storage unit of the first device 1 and an external storage device.
第二存储器11不仅可以用于存储安装于该第一设备1的应用软件及各类数据,例如第二节点设备穿透程序20等,还可以用于暂时地存储已经输出或者将要输出的数据。The second memory 11 can be used not only for storing application software and various types of data installed in the first device 1, such as the second node device penetration program 20, but also for temporarily storing data that has been output or is to be output.
第二处理器12在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行第二存储器11中存储的程序代码或处理数据,例如第二节点设备穿透程序20等。The second processor 12 may be a central processing unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running the program stored in the second memory 11 in some embodiments. Code or processing data, such as second node device penetration program 20, and the like.
图6仅示出了具有组件11-12的第一设备1,本领域技术人员可以理解的是,图6示出的结构并不构成对第一设备1的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。Figure 6 shows only the first device 1 with the components 11-12, it will be understood by those skilled in the art that the structure shown in Figure 6 does not constitute a limitation of the first device 1, and may include fewer than the illustration Or more parts, or some parts, or different parts.
可选地,该第一设备1还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。Optionally, the first device 1 may further include a user interface, the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface.
在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶 显示器以及有机发光二极管(Organic Light-Emitting Diode,OLED)触摸器等。其中,显示器也可以称为显示屏或显示单元,用于显示在第一设备1中处理的信息以及用于显示可视化的用户界面。In some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, and an Organic Light-Emitting Diode (OLED) touch sensor. The display may also be referred to as a display screen or display unit for displaying information processed in the first device 1 and a user interface for displaying visualizations.
可选地,第一设备1还可以包括通信单元,例如,Wi-Fi单元、基于SIM(Subscriber Identification Module)卡的移动通信单元等。Optionally, the first device 1 may further include a communication unit, for example, a Wi-Fi unit, a SIM (Subscriber Identification Module) card-based mobile communication unit, and the like.
本申请实施例还提供一种处于不同NAT节点下的设备的穿透方法。The embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
本实施例中,所述处于不同NAT节点下的设备的穿透方法适用于位于第一NAT节点下的第一设备1,该第一设备1适用于在和位于第二NAT节点下的第二设备2之间建立数据通道。该方法包括:In this embodiment, the method for penetrating the devices under different NAT nodes is applicable to the first device 1 located under the first NAT node, and the first device 1 is applicable to the second device located under the second NAT node. A data channel is established between devices 2. The method includes:
B10:若有数据需要传输给所述第二设备2,则向信令服务器4发送获取数据中转服务器3的通信地址的请求,并从所述信令服务器4接收所述通信地址和用于生成预设类型秘钥。B10: if there is data to be transmitted to the second device 2, send a request for acquiring the communication address of the data relay server 3 to the signaling server 4, and receive the communication address from the signaling server 4 and use for generating Preset type key.
第一设备1向信令服务器4请求数据中转服务器3的通信地址。信令服务器4向第一设备1反馈数据中转服务器3的通信地址和密钥种子。同时,信令服务器4将数据中转服务器3的通信地址和秘钥种子发送至第二设备2。The first device 1 requests the signaling server 4 for the communication address of the data relay server 3. The signaling server 4 feeds back the communication address and key seed of the data relay server 3 to the first device 1. At the same time, the signaling server 4 transmits the communication address and the secret key of the data relay server 3 to the second device 2.
B20:向所述数据中转服务器3发送资源分配请求,供所述数据中转服务器3为所述第一设备1和所述第二设备2的通信分配资源。B20: Send a resource allocation request to the data relay server 3, where the data relay server 3 allocates resources for communication between the first device 1 and the second device 2.
本实施例的数据中转服务器3可为支持RFC6062协议的TURN服务器。因此,第一设备1和第二设备2具体是按照RFC6062协议的方式向数据中转服务器3请求资源分配。The data relay server 3 of this embodiment may be a TURN server supporting the RFC6062 protocol. Therefore, the first device 1 and the second device 2 specifically request resource allocation to the data relay server 3 in the manner of the RFC6062 protocol.
进一步的,第一设备1和第二设备2可通过同一个信令服务器4向数据中转服务器3CS请求资源分配,也可以分别通过第一信令服务器41和第二信令服务器42向数据中转服务器3请求资源分配。Further, the first device 1 and the second device 2 may request resource allocation from the data relay server 3CS through the same signaling server 4, or may forward the data to the server through the first signaling server 41 and the second signaling server 42, respectively. 3 request resource allocation.
B30:从所述信令服务器4获取所述第二设备2的中继地址,向所述数据中转服务器3发送带有所述中继地址的数据通道的建立请求,在所述数据通道建立完毕后,基于所述秘钥种子生成对应的加密秘钥,并根据与所述秘钥种子对应的加密算法,对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备2。B30: Obtain a relay address of the second device 2 from the signaling server 4, and send a data channel establishment request with the relay address to the data relay server 3, where the data channel is established. And generating a corresponding encryption key based on the secret key, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the secret key, and transmitting the encrypted data to the created data channel according to the established The second device 2.
当第一设备1获取第二设备2的中继地址后,第一设备1向数据中转服务器3请求建立数据通道,然后第二设备2与数据中转服务器3完成连接捆绑,同时第一设备1与数据中转服务器3也完成连接捆绑,即,第一设备1与第二设备2之间建立了数据通道。After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
数据通道建立完成后,两者之间按照秘钥种子生成对应的秘钥,使用对应的加密方式传输数据。After the data channel is established, the corresponding key is generated according to the key seed, and the corresponding encryption method is used to transmit the data.
可选地,步骤B30中的所述从所述信令服务器4获取所述第二设备2的中继地址,包括:Optionally, the obtaining the relay address of the second device 2 from the signaling server 4 in step B30 includes:
所述第一设备1向所述信令服务器4发送所述第二设备2中继地址的获取请求;The first device 1 sends an acquisition request of the relay address of the second device 2 to the signaling server 4;
所述信令服务器4将该获取请求发送给所述数据中转服务器3,由所述数 据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令;The signaling server 4 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request;
所述第二设备2响应该上报指令,将所述第二设备2对应的中继地址上报给所述数据中转服务器3,由所述数据中转服务器3将所述第二设备2上报的中继地址反馈给所述信令服务器4;Responding to the reporting instruction, the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the signaling server 4;
所述信令服务器4将所述第二设备2上报的中继地址反馈给所述第一设备1。The signaling server 4 feeds back the relay address reported by the second device 2 to the first device 1.
当仅包括第一信令服务器41时,第一信令服务器41既要接收第一设备1发出的中继地址获取请求,并将请求发送给数据中转服务器3;还要接收数据中转服务器3反馈的第二设备2上报的中继地址,并将该中继地址反馈给第一设备1。When only the first signaling server 41 is included, the first signaling server 41 receives both the relay address acquisition request sent by the first device 1 and sends the request to the data relay server 3; and receives the data relay server 3 feedback. The relay address reported by the second device 2 is fed back to the first device 1.
在其他实施例中,所述信令服务器4包括与所述第一NAT节点对应的第一信令服务器41,及与所述第二NAT节点对应的第二信令服务器42,步骤B30中的所述从所述信令服务器4获取所述第二设备2的中继地址,包括:In other embodiments, the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node, and a second signaling server 42 corresponding to the second NAT node, in step B30. The obtaining, by the signaling server 4, the relay address of the second device 2 includes:
所述第一设备1向所述第一信令服务器41发送所述第二设备2中继地址的获取请求;The first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41;
所述第一信令服务器41将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令,或者,所述第一信令服务器41将所述获取请求发送给所述第二信令服务器42,并由所述第二信令服务器42将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令;The first signaling server 41 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request, or The first signaling server 41 sends the acquisition request to the second signaling server 42, and the second signaling server 42 sends the acquisition request to the data relay server 3, by the The data relay server 3 sends a report instruction of the relay address to the second device 2 in response to the acquisition request;
所述第二设备2响应该上报指令,将所述第二设备2对应的中继地址上报给所述数据中转服务器3,由所述数据中转服务器3将所述第二设备2上报的中继地址反馈给所述第一信令服务器41或者第二信令服务器42;Responding to the reporting instruction, the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the first signaling server 41 or the second signaling server 42;
所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1,或者,所述第二信令服务器42将所述第二设备2上报的中继地址发送给所述第一信令服务器41,并由所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1。The first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or the second signaling server 42 relays the relay reported by the second device 2 The address is sent to the first signaling server 41, and the relay address reported by the second device 2 is fed back to the first device 1 by the first signaling server 41.
当信令服务器4包括第一信令服务器41及第二信令服务器42时,第一信令服务器41可与第一设备1、第二设备2、数据中转服务器3进行数据传输,也可与第二设备2进行数据传输;第二信令服务器42则只能与第二设备2及数据中转服务器3进行数据传输。When the signaling server 4 includes the first signaling server 41 and the second signaling server 42, the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3, or The second device 2 performs data transmission; the second signaling server 42 can only perform data transmission with the second device 2 and the data relay server 3.
在图6所示的第一设备1实施例中,作为一种计算机存储介质的所述第二存储器11上存储有可在所述第二处理器12上运行的处于不同NAT节点下的设备的第二节点设备穿透程序20,所述第二节点设备穿透程序20被所述第二处理器12执行时实现上述处于不同NAT节点下的设备的穿透方法。In the first device 1 embodiment shown in FIG. 6, the second memory 11 as a computer storage medium stores devices under different NAT nodes that can be run on the second processor 12. The second node device penetrates the program 20, and when the second node device penetration program 20 is executed by the second processor 12, the method for penetrating the devices under different NAT nodes is implemented.
请参阅图7,图7为图6中第二节点设备穿透程序20的程序模块示意图。本实施例中,第二节点设备穿透程序20可以被分割成一个或多个模块,本申 请所称的模块是指能够完成特定功能的一系列计算机程序指令段。例如,在图7中,第二节点设备穿透程序20可以被分割成第三接收模块201、资源分配请求模块202及数据传输模块203。其中每个模块实现的功能与上述方法实施例大致相同,这里不作赘述。Please refer to FIG. 7. FIG. 7 is a schematic diagram of a program module of the second node device penetration program 20 of FIG. In this embodiment, the second node device penetration program 20 can be divided into one or more modules, and the module referred to herein refers to a series of computer program instruction segments capable of performing a specific function. For example, in FIG. 7, the second node device penetration program 20 can be divided into a third receiving module 201, a resource allocation requesting module 202, and a data transmission module 203. The functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
请参阅图8,图8是本申请实施例提供的一种第二信令服务器42的示意图。Please refer to FIG. 8. FIG. 8 is a schematic diagram of a second signaling server 42 according to an embodiment of the present application.
所述第二信令服务器42包括第三存储器421及第三处理器422。The second signaling server 42 includes a third memory 421 and a third processor 422.
第三存储器421至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。第三存储器421在一些实施例中可以是所述第二信令服务器42的内部存储单元,例如该第二信令服务器42的硬盘。第三存储器421在另一些实施例中也可以是所述第二信令服务器42的外部存储设备,例如该第二信令服务器42上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,第三存储器421还可以既包括该第二信令服务器42的内部存储单元也包括外部存储设备。The third memory 421 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (eg, SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The third memory 421 may be an internal storage unit of the second signaling server 42, such as a hard disk of the second signaling server 42, in some embodiments. The third memory 421 may also be an external storage device of the second signaling server 42 in other embodiments, such as a plug-in hard disk equipped on the second signaling server 42, a smart memory card (Smart Media Card, SMC), Secure Digital (SD) card, Flash Card, etc. Further, the third memory 421 may also include both an internal storage unit of the second signaling server 42 and an external storage device.
第三存储器421不仅可以用于存储安装于该第二信令服务器42的应用软件及各类数据,例如第三节点设备穿透程序30等,还可以用于暂时地存储已经输出或者将要输出的数据。The third memory 421 can be used not only for storing application software and various types of data installed in the second signaling server 42, such as the third node device penetration program 30, but also for temporarily storing the output that has been output or will be output. data.
第三处理器422在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行第三存储器421中存储的程序代码或处理数据,例如第三节点设备穿透程序30。The third processor 422 may be a central processing unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running the program stored in the third memory 421 in some embodiments. The code or processing data, such as the third node device penetration program 30.
图8仅示出了具有组件421-422的第二信令服务器42,本领域技术人员可以理解的是,图8示出的结构并不构成对第二信令服务器42的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。FIG. 8 shows only the second signaling server 42 having components 421-422. It will be understood by those skilled in the art that the structure illustrated in FIG. 8 does not constitute a limitation to the second signaling server 42, and may include ratios. Less or more components are illustrated, or some components are combined, or different component arrangements.
本申请实施例还提供一种处于不同NAT节点下的设备的穿透方法。The embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
本实施例中,所述处于不同NAT节点下的设备的穿透方法适用于第二信令服务器42,该第二信令服务器42与第二NAT节点对应,该第二信令服务器42适用于在第一NAT节点下的第一设备1和位于第二NAT节点下的第二设备2之间建立数据通道。该方法包括:In this embodiment, the method for penetrating the devices under different NAT nodes is applicable to the second signaling server 42, the second signaling server 42 is corresponding to the second NAT node, and the second signaling server 42 is applicable to A data channel is established between the first device 1 under the first NAT node and the second device 2 under the second NAT node. The method includes:
C10:接收所述第一NAT节点对应的第一信令服务器41发送来的数据中转服务器3的通信地址和用于生成预设类型秘钥的秘钥种子,并将所述通信地址和所述秘钥种子发送给所述第二设备2。C10: receiving a communication address of the data relay server 3 sent by the first signaling server 41 corresponding to the first NAT node, and a secret key for generating a preset type secret key, and the communication address and the The secret key seed is sent to the second device 2.
第一设备1向与第一NAT节点对应的第一信令服务器41请求数据中转服务器3的通信地址。第一信令服务器41向第一设备1反馈数据中转服务器3的通信地址和密钥种子。同时,第一信令服务器41将数据中转服务器3的通信地址和秘钥种子发送至第二信令服务器42,以将数据中转服务器3的通信地址和秘钥种子发送至第二设备2。The first device 1 requests the first signaling server 41 corresponding to the first NAT node to request the communication address of the data relay server 3. The first signaling server 41 feeds back the communication address and key seed of the data relay server 3 to the first device 1. At the same time, the first signaling server 41 sends the communication address and the secret key of the data relay server 3 to the second signaling server 42 to transmit the communication address and the secret key of the data relay server 3 to the second device 2.
C20:从所述第一信令服务器41接收所述第一设备1发送来的所述第二 设备2中继地址的获取请求,将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令。C20: receiving, from the first signaling server 41, an acquisition request of the relay address of the second device 2 sent by the first device 1, and sending the acquisition request to the data relay server 3, by the The data relay server 3 transmits a report request of the relay address to the second device 2 in response to the acquisition request.
C30:从所述数据中转服务器3接收所述第二设备2上报的中继地址,将所述第二设备2上报的中继地址发送给所述第一信令服务器41,并由所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1。C30: receiving, from the data relay server 3, the relay address reported by the second device 2, and transmitting the relay address reported by the second device 2 to the first signaling server 41, and by the A signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1.
所述第一设备1向所述第一信令服务器41发送所述第二设备2中继地址的获取请求,所述第一信令服务器41将所述获取请求发送给所述第二信令服务器42,并由所述第二信令服务器42将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令,或者,所述第一信令服务器41将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令。The first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41, and the first signaling server 41 sends the acquisition request to the second signaling. The server 42 sends the acquisition request to the data relay server 3 by the second signaling server 42, and the data relay server 3 sends a relay address to the second device 2 in response to the acquisition request. Evaluating the instruction, or the first signaling server 41 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a relay address to the second device 2 in response to the acquisition request. Report the instructions.
所述第二设备2响应该上报指令,将所述第二设备2对应的中继地址上报给所述数据中转服务器3,由所述数据中转服务器3将所述第二设备2上报的中继地址反馈给所述第一信令服务器41或者第二信令服务器42;所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1,或者,所述第二信令服务器42将所述第二设备2上报的中继地址发送给所述第一信令服务器41,并由所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1。Responding to the reporting instruction, the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the first signaling server 41 or the second signaling server 42; the first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or The second signaling server 42 sends the relay address reported by the second device 2 to the first signaling server 41, and reports the second device 2 by the first signaling server 41. The relay address is fed back to the first device 1.
在图8所示的第二信令服务器42实施例中,作为一种计算机存储介质的所述第三存储器421上存储有可在所述第三处理器422上运行的第三节点设备穿透程序30,所述第二节电设备穿透程序30被所述第三处理器422执行时实现上述处于不同NAT节点下的设备的穿透方法。In the second signaling server 42 embodiment shown in FIG. 8, a third node device 421 that is operable on the third processor 422 is stored on the third memory 421 as a computer storage medium. The program 30, when the second power saving device penetration program 30 is executed by the third processor 422, implements the above-mentioned method for penetrating devices under different NAT nodes.
请参阅图9,图9为图8中第三节点设备穿透程序30的程序模块示意图。本实施例中,第三节点设备穿透程序30可以被分割成一个或多个模块,本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段。例如,在图9中,第三节点设备穿透程序30可以被分割成第一中转模块301、第二中转模块302及第三中转模块303。其中每个模块实现的功能与上述方法实施例大致相同,这里不作赘述。Please refer to FIG. 9. FIG. 9 is a schematic diagram of a program module of the third node device penetration program 30 of FIG. In this embodiment, the third node device penetration program 30 can be divided into one or more modules, and the modules referred to in the present application refer to a series of computer program instruction segments capable of performing specific functions. For example, in FIG. 9, the third node device penetration program 30 may be divided into a first relay module 301, a second relay module 302, and a third relay module 303. The functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
请参阅图10,图10是本申请实施例提供的一种数据中转服务器3的示意图。Referring to FIG. 10, FIG. 10 is a schematic diagram of a data relay server 3 according to an embodiment of the present application.
所述数据中转服务器3包括第四存储器31及第四处理器32。The data relay server 3 includes a fourth memory 31 and a fourth processor 32.
第四存储器31至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。第四存储器31在一些实施例中可以是所述数据中转服务器3的内部存储单元,例如该数据中转服务器3的硬盘。第四存储器31在另一些实施例中也可以是所述数据中转服务器3的外部存储设备,例如该数据中转服务器3上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,第四存储器31还可以既包括该数据中转服务器3的内部存储单元也包括外部存储设备。The fourth memory 31 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The fourth memory 31 may be an internal storage unit of the data relay server 3, such as a hard disk of the data relay server 3, in some embodiments. The fourth memory 31 may also be an external storage device of the data relay server 3 in other embodiments, such as a plug-in hard disk equipped on the data relay server 3, a smart memory card (SMC), and security. Digital (Secure Digital, SD) card, flash card (Flash Card), etc. Further, the fourth memory 31 may also include both an internal storage unit of the data relay server 3 and an external storage device.
第四存储器31不仅可以用于存储安装于该数据中转服务器3的应用软件及各类数据,例如第四节点设备穿透程序30等,还可以用于暂时地存储已经输出或者将要输出的数据。The fourth memory 31 can be used not only for storing application software and various types of data installed in the data relay server 3, such as the fourth node device penetration program 30, but also for temporarily storing data that has been output or is to be output.
第四处理器32在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行第四存储器31中存储的程序代码或处理数据,例如第四节点设备穿透程序30等。The fourth processor 32, in some embodiments, may be a central processing unit (CPU), controller, microcontroller, microprocessor or other data processing chip for operating the memory stored in the fourth memory 31. Program code or processing data, such as fourth node device penetration program 30, and the like.
图10仅示出了具有组件31-32的数据中转服务器3,本领域技术人员可以理解的是,图10示出的结构并不构成对数据中转服务器3的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。FIG. 10 shows only the data relay server 3 having the components 31-32. It will be understood by those skilled in the art that the structure shown in FIG. 10 does not constitute a limitation of the data relay server 3, and may include less than the illustration. Or more parts, or some parts, or different parts.
本申请实施例还提供一种处于不同NAT节点下的设备的穿透方法。The embodiment of the present application further provides a method for penetrating devices under different NAT nodes.
本实施例中,所述处于不同NAT节点下的设备的穿透方法适用于中转服务器,该中转服务器适用于在第一NAT节点下的第一设备1和位于第二NAT节点下的第二设备2之间建立数据通道。该方法包括:In this embodiment, the method for penetrating the devices under different NAT nodes is applicable to the transit server, and the transit server is applicable to the first device 1 under the first NAT node and the second device under the second NAT node. Establish a data channel between 2. The method includes:
D10:接收并响应所述第一设备1和所述第二设备2发送来的资源分配请求,为所述第一设备1和所述第二设备2的通信分配资源。D10: Receive and respond to a resource allocation request sent by the first device 1 and the second device 2, and allocate resources for communication between the first device 1 and the second device 2.
本实施例的数据中转服务器3可为支持RFC6062协议的TURN服务器。因此,第一设备1和第二设备2具体是按照RFC6062协议的方式向数据中转服务器3请求资源分配。The data relay server 3 of this embodiment may be a TURN server supporting the RFC6062 protocol. Therefore, the first device 1 and the second device 2 specifically request resource allocation to the data relay server 3 in the manner of the RFC6062 protocol.
进一步的,第一设备1和第二设备2可分别通过第一信令服务器41和第二信令服务器42向数据中转服务器3请求资源分配。Further, the first device 1 and the second device 2 can request resource allocation from the data relay server 3 through the first signaling server 41 and the second signaling server 42, respectively.
D20:从所述第一信令服务器41或者所述第二信令服务器42接收并响应所述第二设备2中继地址的获取请求,向所述第二设备2发送中继地址的上报指令,从所述第二设备2接收上报的所述第二设备2对应的中继地址,将所述第二设备2上报的中继地址反馈给所述第一信令服务器41或者第二信令服务器42。D20: receiving, from the first signaling server 41 or the second signaling server 42, a response request of a relay address of the second device 2, and sending a reporting instruction of the relay address to the second device 2 Receiving, by the second device 2, the relay address corresponding to the second device 2, and reporting the relay address reported by the second device 2 to the first signaling server 41 or the second signaling Server 42.
D30:接收并响应所述第一设备1发送来的带有所述第二设备2中继地址的数据通道的建立请求,根据接收的所述第二设备2的中继地址,在所述第一设备1和所述第二设备2之间建立数据通道,供所述第一设备1基于建立的所述数据通道向所述第二设备2传输数据。D30: receiving and responding to the establishment request of the data channel with the relay address of the second device 2 sent by the first device 1, according to the received relay address of the second device 2, in the A data channel is established between a device 1 and the second device 2, for the first device 1 to transmit data to the second device 2 based on the established data channel.
所述第一设备1向所述第一信令服务器41发送所述第二设备2中继地址的获取请求,所述第一信令服务器41将所述获取请求发送给所述第二信令服务器42,并由所述第二信令服务器42将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令,或者,所述第一信令服务器41将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备 2发送中继地址的上报指令。The first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41, and the first signaling server 41 sends the acquisition request to the second signaling. The server 42 sends the acquisition request to the data relay server 3 by the second signaling server 42, and the data relay server 3 sends a relay address to the second device 2 in response to the acquisition request. Evaluating the instruction, or the first signaling server 41 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a relay address to the second device 2 in response to the acquisition request. Report the instructions.
所述第二设备2响应该上报指令,将所述第二设备2对应的中继地址上报给所述数据中转服务器3,由所述数据中转服务器3将所述第二设备2上报的中继地址反馈给所述第一信令服务器41或者第二信令服务器42;所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1,或者,所述第二信令服务器42将所述第二设备2上报的中继地址发送给所述第一信令服务器41,并由所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1。Responding to the reporting instruction, the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the first signaling server 41 or the second signaling server 42; the first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or The second signaling server 42 sends the relay address reported by the second device 2 to the first signaling server 41, and reports the second device 2 by the first signaling server 41. The relay address is fed back to the first device 1.
当第一设备1获取第二设备2的中继地址后,第一设备1向数据中转服务器3请求建立数据通道,然后第二设备2与数据中转服务器3完成连接捆绑,同时第一设备1与数据中转服务器3也完成连接捆绑,即,第一设备1与第二设备2之间建立了数据通道。数据通道建立完成后,两者之间按照秘钥种子生成对应的秘钥,使用对应的加密方式传输数据。After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2. After the data channel is established, the corresponding key is generated according to the key seed, and the corresponding encryption method is used to transmit the data.
在图10所示的数据中转服务器3实施例中,作为一种计算机存储介质的所述第四存储器31上存储有可在所述第四处理器32上运行的第四节点设备穿透程序40,所述第四节点设备穿透程序40被所述第四处理器32执行时实现上述处于不同NAT节点下的设备的穿透方法。In the embodiment of the data relay server 3 shown in FIG. 10, a fourth node device penetration program 40 executable on the fourth processor 32 is stored on the fourth memory 31 as a computer storage medium. When the fourth node device penetration program 40 is executed by the fourth processor 32, the method for penetrating the devices under different NAT nodes is implemented.
请参阅图11,图11为图10中第四节点设备穿透程序40的程序模块示意图。本实施例中,第四节点设备穿透程序40可以被分割成一个或多个模块,本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段。例如,在图11中,第四节点设备穿透程序40可以被分割成资源分配模块401、第四中转模块402及通道建立模块403。其中每个模块实现的功能与上述方法实施例大致相同,这里不作赘述。Please refer to FIG. 11. FIG. 11 is a schematic diagram of a program module of the fourth node device penetration program 40 of FIG. In this embodiment, the fourth node device penetration program 40 can be divided into one or more modules, and the modules referred to in the present application refer to a series of computer program instruction segments capable of performing specific functions. For example, in FIG. 11, the fourth node device penetration program 40 can be divided into a resource allocation module 401, a fourth relay module 402, and a channel establishment module 403. The functions implemented by each module are substantially the same as those of the foregoing method embodiments, and are not described herein.
本申请实施例还提出一种计算机可读存储介质,所述计算机可读存储介质存储有第一/第二/第三/第四节点设备穿透程序,所述第一/第二/第三/第四节点设备穿透程序可被至少一个处理器执行,以使所述至少一个处理器执行上述任一实施例中的处于不同NAT节点下的设备的穿透方法。The embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a first/second/third/fourth node device penetration program, the first/second/third The fourth node device penetration procedure can be performed by at least one processor to cause the at least one processor to perform a penetration method of devices under different NAT nodes in any of the above embodiments.
请参阅图12和图13,图12是本申请实施例提供的一种处于不同NAT节点下的设备的穿透方法的流程示意图,图13是对应图12所示的穿透方法的网络架构示意图。Referring to FIG. 12 and FIG. 13 , FIG. 12 is a schematic flowchart of a method for penetrating a device under different NAT nodes according to an embodiment of the present disclosure, and FIG. 13 is a schematic diagram of a network architecture corresponding to the penetrating method illustrated in FIG. 12 . .
本实施例中,所述处于不同NAT节点下的设备的穿透方法适用于在第一NAT节点下的第一设备1和位于第二NAT节点下的第二设备2之间建立数据通道,并基于建立的数据通道进行数据交互。In this embodiment, the method for penetrating the device under different NAT nodes is applicable to establishing a data channel between the first device 1 under the first NAT node and the second device 2 located under the second NAT node, and Data interaction based on established data channels.
当在专用网内部的一些主机本来已经分配到了本地IP地址(即仅在本专用网内使用的专用地址),但现在又想和因特网上的主机通信(并不需要加密)时,可使用NAT方法。NAT can be used when some hosts inside the private network have already been assigned a local IP address (that is, a private address only used in the private network), but now want to communicate with the host on the Internet (and do not need to encrypt) method.
这种方法需要在专用网连接到因特网的路由器上安装NAT软件。装有NAT软件的路由器叫做NAT路由器,它至少有一个有效的外部全球IP地址。这样,所有使用本地地址的主机在和外界通信时,都要在NAT路由器上将其 本地地址转换成全球IP地址,才能和因特网连接。This method requires the installation of NAT software on a router that has a private network connected to the Internet. A router with NAT software is called a NAT router and it has at least one valid external global IP address. In this way, all hosts using local addresses must convert their local addresses to global IP addresses on the NAT router when communicating with the outside world to connect to the Internet.
如图12和图13所示,本实施例的穿透方法包括以下步骤:As shown in FIG. 12 and FIG. 13, the penetration method of this embodiment includes the following steps:
步骤S10:所述第一设备1若有数据需要传输给所述第二设备2,则向信令服务器4发送获取数据中转服务器3的通信地址的请求。Step S10: If the first device 1 needs to transmit data to the second device 2, the first device 1 sends a request for acquiring the communication address of the data relay server 3 to the signaling server 4.
本实施例中的第一设备1是通过HTTPS(Hyper Text Transfer Protocol over Secure Socket Layer,超文本传输安全协议)协议向信令服务器获取数据中转服务器3的通信地址。可以理解的是,第一设备1还可以通过其他协议,例如HTTP协议向信令服务器获取数据中转服务器3的通信地址。The first device 1 in this embodiment acquires the communication address of the data relay server 3 from the signaling server through the HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) protocol. It can be understood that the first device 1 can also obtain the communication address of the data relay server 3 from the signaling server through other protocols, such as the HTTP protocol.
步骤S20:所述信令服务器接收并响应该请求,向所述第一设备1反馈所述通信地址和用于生成预设类型秘钥的秘钥种子,并将所述通信地址和所述秘钥种子发送给所述第二设备2。Step S20: the signaling server receives and responds to the request, and feeds back to the first device 1 the communication address and a secret key used to generate a preset type secret key, and the communication address and the secret The key seed is sent to the second device 2.
可选地,所述信令服务器4包括与所述第一NAT节点对应的第一信令服务器41,及与所述第二NAT节点对应的第二信令服务器42,所述步骤S20包括:Optionally, the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node, and a second signaling server 42 corresponding to the second NAT node, where the step S20 includes:
所述第一信令服务器41接收并响应该请求,向所述第一设备1反馈所述通信地址和用于生成预设类型秘钥的秘钥种子;Receiving and responding to the request, the first signaling server 41 feeds back the communication address and a key seed for generating a preset type key to the first device 1;
所述第一信令服务器41将所述通信地址和所述秘钥种子发送给所述第二设备2,或者,所述第一信令服务器41将所述通信地址和所述秘钥种子发送给所述第二信令服务器42,并由所述第二信令服务器42将所述通信地址和所述秘钥种子发送给所述第二设备2。The first signaling server 41 sends the communication address and the secret key to the second device 2, or the first signaling server 41 sends the communication address and the key seed The second signaling server 42 is sent to the second device 2 by the second signaling server 42 to send the communication address and the secret key.
本实施例中的第一设备1向与第一NAT节点对应的第一信令服务器41请求数据中转服务器3的通信地址,并进一步接收第一信令服务器41返回的数据中转服务器3的通信地址和密钥种子。The first device 1 in this embodiment requests the first signaling server 41 corresponding to the first NAT node to request the communication address of the data relay server 3, and further receives the communication address of the data relay server 3 returned by the first signaling server 41. And key seed.
本实施例中的第二设备2可以接收第一NAT节点对应的第一信令服务器41请求数据中转服务器3的通信地址,这种情况是指仅存在第一信令服务器41;也可以接收与第二NAT节点对应的第二信令服务器42发送的数据中转服务器3的通信地址和密钥种子这种情况是指同时存在第一信令服务器41和第二信令服务器42。The second device 2 in this embodiment may receive the first signaling server 41 corresponding to the first NAT node and request the communication address of the data relay server 3, which means that only the first signaling server 41 exists; The communication address and key seed of the data relay server 3 sent by the second signaling server 42 corresponding to the second NAT node means that the first signaling server 41 and the second signaling server 42 exist simultaneously.
值得注意的是,在第一设备1接收到数据中转服务器3的通信地址和密钥种子的同时,第二设备2也接收到数据中转服务器3的通信地址和密钥种子。以此保证信息发送的及时性,使得后续数据通道的建立也能及时、快速。It is to be noted that, while the first device 1 receives the communication address and key seed of the data relay server 3, the second device 2 also receives the communication address and key seed of the data relay server 3. In this way, the timeliness of information transmission is ensured, so that the establishment of subsequent data channels can be timely and fast.
本实施例中,上述预设类型的秘钥种子包括AES(Advanced Encryption Standard,高级加密标准)密钥种子、DES(DES全称为Data Encryption Standard,即数据加密标准)密钥种子与RSA(Ron Rivest、Adi Shamir、Leonard Adleman提出的非对称加密算法)密钥种子的至少一种。In this embodiment, the key seed of the preset type includes an AES (Advanced Encryption Standard) key seed, a DES (DES full name Data Encryption Standard) data key and RSA (Ron Rivest). At least one of the key seeds, Adi Shamir, asymmetric asymmetric encryption algorithm proposed by Leonard Adleman.
例如,可以仅采用AES密钥种子、DES密钥种子或RSA密钥种子的其中一种密钥种子。也就是说仅采用AES、DES或RSA的其中一种加密方式。还可以采用AES密钥种子、DES密钥种子或RSA密钥种子的其中两种或三种密钥种子。也就是说采用AES、DES或RSA的其中两种或三种组合的加密 方式。For example, only one of the AES key seed, DES key seed, or RSA key seed may be employed. That is to say, only one of the encryption methods of AES, DES or RSA is adopted. Two or three key seeds of the AES key seed, the DES key seed, or the RSA key seed may also be employed. That is to say, the encryption method using two or three combinations of AES, DES or RSA.
由于每种加密方式都会有其特有的优点,也会有其不足之处,因此采用组合的加密方式可以更好的融合优点,避免缺点。例如,采用DES与RSA相结合的加密方式,使DES与RSA的优缺点正好互补,即DES加密速度快,适合加密较长的报文,可用其加密明文;RSA加密速度慢,安全性好,应用于DES密钥的加密,可解决DES密钥分配的问题。Since each encryption method has its own unique advantages, it also has its shortcomings. Therefore, the combined encryption method can better integrate advantages and avoid disadvantages. For example, the encryption method combining DES and RSA makes the advantages and disadvantages of DES and RSA complement each other, that is, the DES encryption speed is fast, and it is suitable for encrypting long messages, which can be used to encrypt plaintext; RSA encryption speed is slow and security is good. The encryption applied to the DES key solves the problem of DES key distribution.
目前这种RSA和DES结合的方法已成为EMAIL保密通信标准。At present, this method of combining RSA and DES has become the EMAIL confidential communication standard.
步骤S30:所述第一设备1和所述第二设备2向所述数据中转服务器3发送资源分配请求,供所述数据中转服务器3为所述第一设备1和所述第二设备2的通信分配资源。Step S30: The first device 1 and the second device 2 send a resource allocation request to the data relay server 3, where the data relay server 3 is the first device 1 and the second device 2 Communication allocates resources.
本实施例的数据中转服务器3可为支持RFC6062协议的TURN服务器。因此,第一设备1和第二设备2具体是按照RFC6062协议的方式向数据中转服务器3请求资源分配。The data relay server 3 of this embodiment may be a TURN server supporting the RFC6062 protocol. Therefore, the first device 1 and the second device 2 specifically request resource allocation to the data relay server 3 in the manner of the RFC6062 protocol.
进一步的,第一设备1和第二设备2可分别通过第一信令服务器41和第二信令服务器42向数据中转服务器3请求资源分配。Further, the first device 1 and the second device 2 can request resource allocation from the data relay server 3 through the first signaling server 41 and the second signaling server 42, respectively.
步骤S40:所述第一设备1从所述信令服务器4获取所述第二设备2的中继地址,向所述数据中转服务器3发送带有所述中继地址的数据通道建立请求,在所述数据通道建立完毕后,基于所述秘钥种子生成对应的加密秘钥,并根据与所述秘钥种子对应的加密算法,对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备2。Step S40: The first device 1 acquires a relay address of the second device 2 from the signaling server 4, and sends a data channel establishment request with the relay address to the data relay server 3, where After the data channel is established, the corresponding encryption key is generated based on the secret key, and the data to be transmitted is encrypted according to an encryption algorithm corresponding to the key seed, and the encrypted data is established based on the established The data channel is transmitted to the second device 2.
当第一设备1获取第二设备2的中继地址后,第一设备1向数据中转服务器3请求建立数据通道,然后第二设备2与数据中转服务器3完成连接捆绑,同时第一设备1与数据中转服务器3也完成连接捆绑,即,第一设备1与第二设备2之间建立了数据通道。After the first device 1 acquires the relay address of the second device 2, the first device 1 requests the data relay server 3 to establish a data channel, and then the second device 2 completes the connection bundling with the data relay server 3, and the first device 1 and the first device 1 The data relay server 3 also completes the connection bundle, that is, the data channel is established between the first device 1 and the second device 2.
数据通道建立完成后,两者之间按照秘钥种子生成对应的秘钥,使用对应的加密方式传输数据。应理解,前文步骤S20获取的是哪种密钥种子,本步骤即使用哪种加密方式进行数据传输。例如,若步骤S20获取的是AES密钥种子,则本步骤生成AES密钥,并使用AES加密方式传输数据。After the data channel is established, the corresponding key is generated according to the key seed, and the corresponding encryption method is used to transmit the data. It should be understood that which key seed is obtained in the foregoing step S20, and which encryption method is used in this step for data transmission. For example, if the AES key seed is obtained in step S20, this step generates an AES key and transmits the data using AES encryption.
可选地,步骤S40中的所述第一设备1从所述信令服务器4获取所述第二设备2的中继地址,包括:Optionally, the first device 1 in step S40 acquires the relay address of the second device 2 from the signaling server 4, including:
所述第一设备1向所述信令服务器4发送所述第二设备2中继地址的获取请求;The first device 1 sends an acquisition request of the relay address of the second device 2 to the signaling server 4;
所述信令服务器4将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令;The signaling server 4 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request;
所述第二设备2响应该上报指令,将所述第二设备2对应的中继地址上报给所述数据中转服务器3,由所述数据中转服务器3将所述第二设备2上报的中继地址反馈给所述信令服务器4;Responding to the reporting instruction, the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the signaling server 4;
所述信令服务器4将所述第二设备2上报的中继地址反馈给所述第一设 备1。The signaling server 4 feeds back the relay address reported by the second device 2 to the first device 1.
当仅包括第一信令服务器41时,第一信令服务器41既要接收第一设备1发出的中继地址获取请求,并将请求发送给数据中转服务器3;还要接收数据中转服务器3反馈的第二设备2上报的中继地址,并将该中继地址反馈给第一设备1。When only the first signaling server 41 is included, the first signaling server 41 receives both the relay address acquisition request sent by the first device 1 and sends the request to the data relay server 3; and receives the data relay server 3 feedback. The relay address reported by the second device 2 is fed back to the first device 1.
在其他实施例中,所述信令服务器4包括与所述第一NAT节点对应的第一信令服务器41,及与所述第二NAT节点对应的第二信令服务器42,步骤S40中的所述第一设备1从所述信令服务器4获取所述第二设备2的中继地址,包括:In other embodiments, the signaling server 4 includes a first signaling server 41 corresponding to the first NAT node, and a second signaling server 42 corresponding to the second NAT node, in step S40. The acquiring, by the first device 1, the relay address of the second device 2 from the signaling server 4 includes:
所述第一设备1向所述第一信令服务器41发送所述第二设备2中继地址的获取请求;The first device 1 sends an acquisition request of the relay address of the second device 2 to the first signaling server 41;
所述第一信令服务器41将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令,或者,所述第一信令服务器41将所述获取请求发送给所述第二信令服务器42,并由所述第二信令服务器42将该获取请求发送给所述数据中转服务器3,由所述数据中转服务器3响应该获取请求,向所述第二设备2发送中继地址的上报指令;The first signaling server 41 sends the acquisition request to the data relay server 3, and the data relay server 3 sends a report request of the relay address to the second device 2 in response to the acquisition request, or The first signaling server 41 sends the acquisition request to the second signaling server 42, and the second signaling server 42 sends the acquisition request to the data relay server 3, by the The data relay server 3 sends a report instruction of the relay address to the second device 2 in response to the acquisition request;
所述第二设备2响应该上报指令,将所述第二设备2对应的中继地址上报给所述数据中转服务器3,由所述数据中转服务器3将所述第二设备2上报的中继地址反馈给所述第一信令服务器41或者第二信令服务器42;Responding to the reporting instruction, the second device 2 reports the relay address corresponding to the second device 2 to the data relay server 3, and the data relay server 3 relays the relay reported by the second device 2 The address is fed back to the first signaling server 41 or the second signaling server 42;
所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1,或者,所述第二信令服务器42将所述第二设备2上报的中继地址发送给所述第一信令服务器41,并由所述第一信令服务器41将所述第二设备2上报的中继地址反馈给所述第一设备1。The first signaling server 41 feeds back the relay address reported by the second device 2 to the first device 1, or the second signaling server 42 relays the relay reported by the second device 2 The address is sent to the first signaling server 41, and the relay address reported by the second device 2 is fed back to the first device 1 by the first signaling server 41.
当信令服务器4包括第一信令服务器41及第二信令服务器42时,第一信令服务器41可与第一设备1、第二设备2、数据中转服务器3进行数据传输,也可与第二设备2进行数据传输;第二信令服务器42则只能与第二设备2及数据中转服务器3进行数据传输。When the signaling server 4 includes the first signaling server 41 and the second signaling server 42, the first signaling server 41 can perform data transmission with the first device 1, the second device 2, and the data relay server 3, or The second device 2 performs data transmission; the second signaling server 42 can only perform data transmission with the second device 2 and the data relay server 3.
因此,本申请能够解决数据可靠传输、数据私密传输的问题,并进一步极速建立传输通道。Therefore, the present application can solve the problem of reliable data transmission and private data transmission, and further establish a transmission channel at a very high speed.
以上所述仅为本申请的实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above description is only the embodiment of the present application, and thus does not limit the scope of the patent application, and the equivalent structure or equivalent process transformation made by using the specification and the drawings of the present application, or directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of this application.

Claims (20)

  1. 一种第一信令服务器,该第一信令服务器与第一NAT节点对应,该第一信令服务器适用于在第一NAT节点下的第一设备和位于第二NAT节点下的第二设备之间建立数据通道,其特征在于,该第一信令服务器包括第一存储器和第一处理器,所述第一存储器上存储有可在所述第一处理器上运行的第一节点设备穿透程序,所述第一节点设备穿透程序被所述第一处理器执行时实现:a first signaling server, the first signaling server corresponding to the first NAT node, the first signaling server being applicable to the first device under the first NAT node and the second device under the second NAT node Establishing a data channel, wherein the first signaling server includes a first memory and a first processor, wherein the first memory stores a first node device operable on the first processor Through the program, when the first node device penetration program is executed by the first processor:
    侦测并接收所述第一设备发送来的获取数据中转服务器的通信地址的请求;Detecting and receiving a request for acquiring a communication address of the data relay server sent by the first device;
    在接收到所述请求后,响应该请求,向所述第一设备反馈所述通信地址和用于生成预设类型秘钥的秘钥种子;After receiving the request, responding to the request, feeding back the communication address and a key seed for generating a preset type key to the first device;
    将所述通信地址和所述秘钥种子发送给所述第二设备;Transmitting the communication address and the secret key to the second device;
    接收所述第一设备发送来的所述第二设备中继地址的获取请求,将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;及Receiving the acquisition request of the second device relay address sent by the first device, sending the acquisition request to the data relay server, and responding to the acquisition request by the data relay server to the second device Sending a report of the relay address; and
    接收所述第二设备上报的中继地址,并将接收的中继地址反馈给所述第一设备。Receiving a relay address reported by the second device, and feeding back the received relay address to the first device.
  2. 根据权利要求1所述的第一信令服务器,所述第二NAT节点对应第二信令服务器,其特征在于,所述将所述通信地址和所述秘钥种子发送给所述第二设备,包括:The first signaling server according to claim 1, wherein the second NAT node corresponds to a second signaling server, wherein the transmitting the communication address and the secret key to the second device ,include:
    将所述通信地址和所述秘钥种子发送给所述第二信令服务器,并由所述第二信令服务器将所述通信地址和所述秘钥种子发送给所述第二设备。Transmitting the communication address and the secret key to the second signaling server, and sending, by the second signaling server, the communication address and the secret key to the second device.
  3. 根据权利要求2所述的第一信令服务器,其特征在于,所述接收所述第一设备发送来的所述第二设备中继地址的获取请求,将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令,包括:The first signaling server according to claim 2, wherein the receiving the acquisition request of the second device relay address sent by the first device, and sending the acquisition request to the data relay The server, in response to the obtaining request by the data relay server, sends a reporting instruction of the relay address to the second device, including:
    所述第一信令服务器将所述获取请求发送给所述第二信令服务器,并由所述第二信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令。Sending, by the first signaling server, the acquisition request to the second signaling server, and sending, by the second signaling server, the acquisition request to the data relay server, and the data relay server is ringing A request should be obtained to send a reporting instruction of the relay address to the second device.
  4. 根据权利要求3所述的第一信令服务器,其特征在于,所述接收所述第二设备上报的中继地址,包括:The first signaling server according to claim 3, wherein the receiving the relay address reported by the second device comprises:
    从所述数据中转服务器或者所述第二信令服务器接收所述第二设备上报的中继地址,其中,所述第二设备上报的中继地址由所述数据中转服务器反馈给所述第一信令服务器或者第二信令服务器。Receiving, by the data relay server or the second signaling server, a relay address reported by the second device, where the relay address reported by the second device is fed back to the first by the data relay server Signaling server or second signaling server.
  5. 一种处于不同NAT节点下的设备的穿透方法,该穿透方法适用于第一信令服务器,该第一信令服务器与第一NAT节点对应,该第一信令服务器适用于在第一NAT节点下的第一设备和位于第二NAT节点下的第二设备之间 建立数据通道,其特征在于,该方法包括:A method for penetrating a device under different NAT nodes, the penetrating method is applicable to a first signaling server, the first signaling server is corresponding to a first NAT node, and the first signaling server is applicable to the first A data channel is established between the first device of the NAT node and the second device of the second NAT node, where the method includes:
    侦测并接收所述第一设备发送来的获取数据中转服务器的通信地址的请求;Detecting and receiving a request for acquiring a communication address of the data relay server sent by the first device;
    在接收到所述请求后,响应该请求,向所述第一设备反馈所述通信地址和用于生成预设类型秘钥的秘钥种子;After receiving the request, responding to the request, feeding back the communication address and a key seed for generating a preset type key to the first device;
    将所述通信地址和所述秘钥种子发送给所述第二设备;Transmitting the communication address and the secret key to the second device;
    接收所述第一设备发送来的所述第二设备中继地址的获取请求,将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;及Receiving the acquisition request of the second device relay address sent by the first device, sending the acquisition request to the data relay server, and responding to the acquisition request by the data relay server to the second device Sending a report of the relay address; and
    接收所述第二设备上报的中继地址,并将接收的中继地址反馈给所述第一设备。Receiving a relay address reported by the second device, and feeding back the received relay address to the first device.
  6. 根据权利要求5所述的穿透方法,所述第二NAT节点对应第二信令服务器,其特征在于,所述将所述通信地址和所述秘钥种子发送给所述第二设备,包括:The penetration method according to claim 5, wherein the second NAT node corresponds to the second signaling server, wherein the transmitting the communication address and the secret key to the second device comprises :
    将所述通信地址和所述秘钥种子发送给所述第二信令服务器,并由所述第二信令服务器将所述通信地址和所述秘钥种子发送给所述第二设备。Transmitting the communication address and the secret key to the second signaling server, and sending, by the second signaling server, the communication address and the secret key to the second device.
  7. 根据权利要求6所述的穿透方法,其特征在于,所述接收所述第一设备发送来的所述第二设备中继地址的获取请求,将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令,包括:The penetration method according to claim 6, wherein the receiving the acquisition request of the second device relay address sent by the first device, and sending the acquisition request to the data relay server, Responding to the obtaining request by the data relay server, sending a reporting instruction of the relay address to the second device, including:
    所述第一信令服务器将所述获取请求发送给所述第二信令服务器,并由所述第二信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令。Sending, by the first signaling server, the acquisition request to the second signaling server, and sending, by the second signaling server, the acquisition request to the data relay server, and the data relay server is ringing A request should be obtained to send a reporting instruction of the relay address to the second device.
  8. 根据权利要求7所述的穿透方法,其特征在于,所述接收所述第二设备上报的中继地址,包括:The method of claim 7, wherein the receiving the relay address reported by the second device comprises:
    从所述数据中转服务器或者所述第二信令服务器接收所述第二设备上报的中继地址,其中,所述第二设备上报的中继地址由所述数据中转服务器反馈给所述第一信令服务器或者第二信令服务器。Receiving, by the data relay server or the second signaling server, a relay address reported by the second device, where the relay address reported by the second device is fed back to the first by the data relay server Signaling server or second signaling server.
  9. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有第一节点设备穿透程序,所述第一节点设备穿透程序可被至少一个处理器执行,以使所述至少一个处理器执行如权利要求5至8中任意一项所述的处于不同NAT节点下的设备的穿透方法。A computer readable storage medium, wherein the computer readable storage medium stores a first node device penetration program, the first node device penetration program executable by at least one processor to cause the At least one processor performs a method of penetrating a device under different NAT nodes as claimed in any one of claims 5 to 8.
  10. 一种第一设备,该第一设备与第一NAT节点对应,该第一设备适用于在和位于第二NAT节点下的第二设备之间建立数据通道,其特征在于,该第一设备包括第二存储器和第二处理器,所述第二存储器上存储有可在所述第二处理器上运行的第二节点设备穿透程序,所述第二节点设备穿透程序被所述第二处理器执行时实现:A first device, the first device corresponding to the first NAT node, the first device being adapted to establish a data channel between the second device and the second device located under the second NAT node, wherein the first device comprises a second memory and a second processor, the second memory storing a second node device penetration program operable on the second processor, the second node device penetration program being the second When the processor executes:
    若有数据需要传输给所述第二设备,则向信令服务器发送获取数据中转服务器的通信地址的请求,并从所述信令服务器接收所述通信地址和用于生 成预设类型秘钥;And if there is data to be transmitted to the second device, sending a request for acquiring a communication address of the data relay server to the signaling server, and receiving the communication address from the signaling server and generating a preset type key;
    向所述数据中转服务器发送资源分配请求,供所述数据中转服务器为所述第一设备和所述第二设备的通信分配资源;Sending a resource allocation request to the data relay server, where the data relay server allocates resources for communication between the first device and the second device;
    从所述信令服务器获取所述第二设备的中继地址,向所述数据中转服务器发送带有所述中继地址的数据通道的建立请求,在所述数据通道建立完毕后,基于所述秘钥种子生成对应的加密秘钥,并根据与所述秘钥种子对应的加密算法,对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备。Obtaining, by the signaling server, a relay address of the second device, and sending, to the data relay server, a request for establishing a data channel with the relay address, after the data channel is established, based on the Generating a corresponding encryption key, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the key seed, and transmitting the encrypted data to the second device based on the established data channel .
  11. 根据权利要求10所述的第一设备,其特征在于,所述从所述信令服务器获取所述第二设备的中继地址,包括:The first device according to claim 10, wherein the obtaining the relay address of the second device from the signaling server comprises:
    所述第一设备向所述信令服务器发送所述第二设备中继地址的获取请求;Sending, by the first device, an acquisition request of the second device relay address to the signaling server;
    所述信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;The signaling server sends the acquisition request to the data relay server, and the data relay server sends a report request of the relay address to the second device in response to the acquisition request;
    所述第二设备响应该上报指令,将所述第二设备对应的中继地址上报给所述数据中转服务器,由所述数据中转服务器将所述第二设备上报的中继地址反馈给所述信令服务器;及Responding to the reporting instruction, the second device reports the relay address corresponding to the second device to the data relay server, and the data relay server feeds back the relay address reported by the second device to the Signaling server; and
    所述信令服务器将所述第二设备上报的中继地址反馈给所述第一设备。The signaling server feeds back the relay address reported by the second device to the first device.
  12. 根据权利要求11所述的第一设备,其特征在于,所述信令服务器包括与所述第一NAT节点对应的第一信令服务器,及与所述第二NAT节点对应的第二信令服务器,所述从所述信令服务器获取所述第二设备的中继地址,包括:The first device according to claim 11, wherein the signaling server comprises a first signaling server corresponding to the first NAT node, and a second signaling corresponding to the second NAT node The server, the obtaining, by the signaling server, a relay address of the second device, including:
    所述第一设备向所述第一信令服务器发送所述第二设备中继地址的获取请求;Sending, by the first device, an acquisition request of the second device relay address to the first signaling server;
    所述第一信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令,或者,所述第一信令服务器将所述获取请求发送给所述第二信令服务器,并由所述第二信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;Sending, by the first signaling server, the acquisition request to the data relay server, and sending, by the data relay server, the reporting request of the relay address to the second device, or the first The signaling server sends the acquisition request to the second signaling server, and the second signaling server sends the acquisition request to the data relay server, and the data relay server responds to the acquisition request, Sending a reporting instruction of the relay address to the second device;
    所述第二设备响应该上报指令,将所述第二设备对应的中继地址上报给所述数据中转服务器,由所述数据中转服务器将所述第二设备上报的中继地址反馈给所述第一信令服务器或者第二信令服务器;及Responding to the reporting instruction, the second device reports the relay address corresponding to the second device to the data relay server, and the data relay server feeds back the relay address reported by the second device to the a first signaling server or a second signaling server; and
    所述第一信令服务器将所述第二设备上报的中继地址反馈给所述第一设备,或者,所述第二信令服务器将所述第二设备上报的中继地址发送给所述第一信令服务器,并由所述第一信令服务器将所述第二设备上报的中继地址反馈给所述第一设备。The first signaling server feeds back the relay address reported by the second device to the first device, or the second signaling server sends the relay address reported by the second device to the a first signaling server, and the relaying address reported by the second device is fed back to the first device by the first signaling server.
  13. 一种处于不同NAT节点下的设备的穿透方法,该方法适用于第一设备,该第一设备与第一NAT节点对应,该第一设备适用于在和位于第二NAT节点下的第二设备之间建立数据通道,其特征在于,该方法包括:A method for penetrating a device under different NAT nodes, the method being applicable to a first device, the first device corresponding to a first NAT node, the first device being applicable to a second device located under the second NAT node A data channel is established between the devices, and the method includes:
    若有数据需要传输给所述第二设备,则向信令服务器发送获取数据中转服务器的通信地址的请求,并从所述信令服务器接收所述通信地址和用于生成预设类型秘钥;And if there is data to be transmitted to the second device, sending a request for acquiring a communication address of the data relay server to the signaling server, and receiving the communication address from the signaling server and generating a preset type key;
    向所述数据中转服务器发送资源分配请求,供所述数据中转服务器为所述第一设备和所述第二设备的通信分配资源;Sending a resource allocation request to the data relay server, where the data relay server allocates resources for communication between the first device and the second device;
    从所述信令服务器获取所述第二设备的中继地址,向所述数据中转服务器发送带有所述中继地址的数据通道的建立请求,在所述数据通道建立完毕后,基于所述秘钥种子生成对应的加密秘钥,并根据与所述秘钥种子对应的加密算法,对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备。Obtaining, by the signaling server, a relay address of the second device, and sending, to the data relay server, a request for establishing a data channel with the relay address, after the data channel is established, based on the Generating a corresponding encryption key, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the key seed, and transmitting the encrypted data to the second device based on the established data channel .
  14. 根据权利要求13所述的穿透方法,其特征在于,所述从所述信令服务器获取所述第二设备的中继地址,包括:The method of claim 13, wherein the obtaining the relay address of the second device from the signaling server comprises:
    所述第一设备向所述信令服务器发送所述第二设备中继地址的获取请求;Sending, by the first device, an acquisition request of the second device relay address to the signaling server;
    所述信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;The signaling server sends the acquisition request to the data relay server, and the data relay server sends a report request of the relay address to the second device in response to the acquisition request;
    所述第二设备响应该上报指令,将所述第二设备对应的中继地址上报给所述数据中转服务器,由所述数据中转服务器将所述第二设备上报的中继地址反馈给所述信令服务器;及Responding to the reporting instruction, the second device reports the relay address corresponding to the second device to the data relay server, and the data relay server feeds back the relay address reported by the second device to the Signaling server; and
    所述信令服务器将所述第二设备上报的中继地址反馈给所述第一设备。The signaling server feeds back the relay address reported by the second device to the first device.
  15. 根据权利要求14所述的穿透方法,其特征在于,所述信令服务器包括与所述第一NAT节点对应的第一信令服务器,及与所述第二NAT节点对应的第二信令服务器,所述从所述信令服务器获取所述第二设备的中继地址,包括:The penetration method according to claim 14, wherein the signaling server comprises a first signaling server corresponding to the first NAT node, and a second signaling corresponding to the second NAT node The server, the obtaining, by the signaling server, a relay address of the second device, including:
    所述第一设备向所述第一信令服务器发送所述第二设备中继地址的获取请求;Sending, by the first device, an acquisition request of the second device relay address to the first signaling server;
    所述第一信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令,或者,所述第一信令服务器将所述获取请求发送给所述第二信令服务器,并由所述第二信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;Sending, by the first signaling server, the acquisition request to the data relay server, and sending, by the data relay server, the reporting request of the relay address to the second device, or the first The signaling server sends the acquisition request to the second signaling server, and the second signaling server sends the acquisition request to the data relay server, and the data relay server responds to the acquisition request, Sending a reporting instruction of the relay address to the second device;
    所述第二设备响应该上报指令,将所述第二设备对应的中继地址上报给所述数据中转服务器,由所述数据中转服务器将所述第二设备上报的中继地址反馈给所述第一信令服务器或者第二信令服务器;及Responding to the reporting instruction, the second device reports the relay address corresponding to the second device to the data relay server, and the data relay server feeds back the relay address reported by the second device to the a first signaling server or a second signaling server; and
    所述第一信令服务器将所述第二设备上报的中继地址反馈给所述第一设备,或者,所述第二信令服务器将所述第二设备上报的中继地址发送给所述第一信令服务器,并由所述第一信令服务器将所述第二设备上报的中继地址反馈给所述第一设备。The first signaling server feeds back the relay address reported by the second device to the first device, or the second signaling server sends the relay address reported by the second device to the a first signaling server, and the relaying address reported by the second device is fed back to the first device by the first signaling server.
  16. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质 存储有第二节点设备穿透程序,所述第二节点设备穿透程序可被至少一个处理器执行,以使所述至少一个处理器执行如权利要求13-15中任意一项所述的处于不同NAT节点下的设备的穿透方法。A computer readable storage medium, wherein the computer readable storage medium stores a second node device penetration program, the second node device penetration program executable by at least one processor to cause the At least one processor performs a method of penetrating devices under different NAT nodes as claimed in any one of claims 13-15.
  17. 一种处于不同NAT节点下的设备的穿透方法,该穿透方法适用于在不同NAT节点下的设备的穿透系统的第一NAT节点下的第一设备和位于第二NAT节点下的第二设备之间建立数据通道,并基于建立的数据通道进行数据交互,该穿透系统还包括数据中转服务器及信令服务器,其特征在于,该穿透方法包括:A method for penetrating a device under different NAT nodes, the penetration method being applicable to a first device under the first NAT node of the penetration system of the device under different NAT nodes and a second device under the second NAT node A data channel is established between the two devices, and data interaction is performed based on the established data channel. The penetration system further includes a data relay server and a signaling server, wherein the penetration method comprises:
    所述第一设备若有数据需要传输给所述第二设备,则向信令服务器发送获取数据中转服务器的通信地址的请求;Sending, by the first device, a request for obtaining a communication address of the data relay server to the signaling server if the data needs to be transmitted to the second device;
    所述信令服务器接收并响应该请求,向所述第一设备反馈所述通信地址和用于生成预设类型秘钥的秘钥种子,并将所述通信地址和所述秘钥种子发送给所述第二设备;Receiving and responding to the request, the signaling server feeds back the communication address and a secret key for generating a preset type key to the first device, and sends the communication address and the key seed to The second device;
    所述第一设备和所述第二设备向所述数据中转服务器发送资源分配请求,供所述数据中转服务器为所述第一设备和所述第二设备的通信分配资源;及The first device and the second device send a resource allocation request to the data relay server, where the data relay server allocates resources for communication between the first device and the second device;
    所述第一设备从所述信令服务器获取所述第二设备的中继地址,向所述数据中转服务器发送带有所述中继地址的数据通道建立请求,在所述数据通道建立完毕后,基于所述秘钥种子生成对应的加密秘钥,并根据与所述秘钥种子对应的加密算法,对待传输的数据进行加密,并将加密后的数据基于建立的所述数据通道传输给所述第二设备。The first device acquires a relay address of the second device from the signaling server, and sends a data channel establishment request with the relay address to the data relay server, after the data channel is established Generating a corresponding encryption key based on the secret key seed, and encrypting the data to be transmitted according to an encryption algorithm corresponding to the secret key seed, and transmitting the encrypted data to the data channel based on the established data channel Said second device.
  18. 根据权利要求17所述的穿透方法,其特征在于,所述信令服务器包括与所述第一NAT节点对应的第一信令服务器,及与所述第二NAT节点对应的第二信令服务器,所述信令服务器接收并响应该请求,向所述第一设备反馈所述通信地址和用于生成预设类型秘钥的秘钥种子,并将所述通信地址和所述秘钥种子发送给所述第二设备,包括:The penetration method according to claim 17, wherein the signaling server comprises a first signaling server corresponding to the first NAT node, and a second signaling corresponding to the second NAT node a server, the signaling server receiving and responding to the request, feeding back the communication address and a key seed for generating a preset type key to the first device, and the seed address and the key seed Sending to the second device, including:
    所述第一信令服务器接收并响应该请求,向所述第一设备反馈所述通信地址和用于生成预设类型秘钥的秘钥种子;及Receiving and responding to the request, the first signaling server feeds back the communication address and a key seed for generating a preset type key to the first device; and
    所述第一信令服务器将所述通信地址和所述秘钥种子发送给所述第二设备,或者,所述第一信令服务器将所述通信地址和所述秘钥种子发送给所述第二信令服务器,并由所述第二信令服务器将所述通信地址和所述秘钥种子发送给所述第二设备。Transmitting, by the first signaling server, the communication address and the secret key to the second device, or sending, by the first signaling server, the communication address and the secret key to the a second signaling server, and the second signaling server sends the communication address and the secret key to the second device.
  19. 根据权利要求18所述的穿透方法,其特征在于,所述第一设备从所述信令服务器获取所述第二设备的中继地址,包括:The method of claim 18, wherein the acquiring, by the first device, the relay address of the second device from the signaling server comprises:
    所述第一设备向所述信令服务器发送所述第二设备中继地址的获取请求;Sending, by the first device, an acquisition request of the second device relay address to the signaling server;
    所述信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;The signaling server sends the acquisition request to the data relay server, and the data relay server sends a report request of the relay address to the second device in response to the acquisition request;
    所述第二设备响应该上报指令,将所述第二设备对应的中继地址上报给 所述数据中转服务器,由所述数据中转服务器将所述第二设备上报的中继地址反馈给所述信令服务器;及Responding to the reporting instruction, the second device reports the relay address corresponding to the second device to the data relay server, and the data relay server feeds back the relay address reported by the second device to the Signaling server; and
    所述信令服务器将所述第二设备上报的中继地址反馈给所述第一设备。The signaling server feeds back the relay address reported by the second device to the first device.
  20. 根据权利要求19所述的穿透方法,其特征在于,所述第一设备从所述信令服务器获取所述第二设备的中继地址,包括:The method of claim 19, wherein the acquiring, by the first device, the relay address of the second device from the signaling server comprises:
    所述第一设备向所述第一信令服务器发送所述第二设备中继地址的获取请求;Sending, by the first device, an acquisition request of the second device relay address to the first signaling server;
    所述第一信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令,或者,所述第一信令服务器将所述获取请求发送给所述第二信令服务器,并由所述第二信令服务器将该获取请求发送给所述数据中转服务器,由所述数据中转服务器响应该获取请求,向所述第二设备发送中继地址的上报指令;Sending, by the first signaling server, the acquisition request to the data relay server, and sending, by the data relay server, the reporting request of the relay address to the second device, or the first The signaling server sends the acquisition request to the second signaling server, and the second signaling server sends the acquisition request to the data relay server, and the data relay server responds to the acquisition request, Sending a reporting instruction of the relay address to the second device;
    所述第二设备响应该上报指令,将所述第二设备对应的中继地址上报给所述数据中转服务器,由所述数据中转服务器将所述第二设备上报的中继地址反馈给所述第一信令服务器或者第二信令服务器;及Responding to the reporting instruction, the second device reports the relay address corresponding to the second device to the data relay server, and the data relay server feeds back the relay address reported by the second device to the a first signaling server or a second signaling server; and
    所述第一信令服务器将所述第二设备上报的中继地址反馈给所述第一设备,或者,所述第二信令服务器将所述第二设备上报的中继地址发送给所述第一信令服务器,并由所述第一信令服务器将所述第二设备上报的中继地址反馈给所述第一设备。The first signaling server feeds back the relay address reported by the second device to the first device, or the second signaling server sends the relay address reported by the second device to the a first signaling server, and the relaying address reported by the second device is fed back to the first device by the first signaling server.
PCT/CN2019/084447 2018-04-24 2019-04-26 Penetration method, device, server and medium for devices under different nat nodes WO2019206254A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810372057.2A CN108366078A (en) 2018-04-24 2018-04-24 The penetrating method and penetrating system of equipment under different NAT nodes
CN201810372057.2 2018-04-24

Publications (1)

Publication Number Publication Date
WO2019206254A1 true WO2019206254A1 (en) 2019-10-31

Family

ID=63009347

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/084447 WO2019206254A1 (en) 2018-04-24 2019-04-26 Penetration method, device, server and medium for devices under different nat nodes

Country Status (2)

Country Link
CN (1) CN108366078A (en)
WO (1) WO2019206254A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366078A (en) * 2018-04-24 2018-08-03 深圳市网心科技有限公司 The penetrating method and penetrating system of equipment under different NAT nodes
CN111065097B (en) * 2019-10-11 2021-08-10 上海交通大学 Channel protection method and system based on shared secret key in mobile internet
CN111666583B (en) * 2020-04-16 2022-07-26 福建省万物智联科技有限公司 Drainage method for campus private cloud disk

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070058644A1 (en) * 2005-08-04 2007-03-15 Cisco Technology, Inc. Service for NAT traversal using IPSEC
US20070076729A1 (en) * 2005-10-04 2007-04-05 Sony Computer Entertainment Inc. Peer-to-peer communication traversing symmetric network address translators
CN101567831A (en) * 2008-04-21 2009-10-28 成都市华为赛门铁克科技有限公司 Method and device for transmitting and receiving messages among local area networks and communication system
WO2010127610A1 (en) * 2009-05-04 2010-11-11 成都市华为赛门铁克科技有限公司 Method, equipment and system for processing visual private network node information
CN103916485A (en) * 2012-12-31 2014-07-09 北京新媒传信科技有限公司 Nat traversal method and server
CN108366078A (en) * 2018-04-24 2018-08-03 深圳市网心科技有限公司 The penetrating method and penetrating system of equipment under different NAT nodes

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100484134C (en) * 2003-10-10 2009-04-29 华为技术有限公司 Method for traversing NAT equipment/firewall by NGN service
US8769278B2 (en) * 2010-04-07 2014-07-01 Apple Inc. Apparatus and method for efficiently and securely exchanging connection data
CN103067158B (en) * 2012-12-27 2015-12-02 华为技术有限公司 Encrypting and decrypting method, encrypting and decrypting device and key management system
CN103957287B (en) * 2014-04-25 2017-11-17 浙江大学城市学院 A kind of internet of things equipment P2P connection methods that adapter is penetrated based on NAT
CN107517206A (en) * 2017-08-18 2017-12-26 北京北信源软件股份有限公司 A kind of method, apparatus of secure communication, computer-readable recording medium and storage control

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070058644A1 (en) * 2005-08-04 2007-03-15 Cisco Technology, Inc. Service for NAT traversal using IPSEC
US20070076729A1 (en) * 2005-10-04 2007-04-05 Sony Computer Entertainment Inc. Peer-to-peer communication traversing symmetric network address translators
CN101567831A (en) * 2008-04-21 2009-10-28 成都市华为赛门铁克科技有限公司 Method and device for transmitting and receiving messages among local area networks and communication system
WO2010127610A1 (en) * 2009-05-04 2010-11-11 成都市华为赛门铁克科技有限公司 Method, equipment and system for processing visual private network node information
CN103916485A (en) * 2012-12-31 2014-07-09 北京新媒传信科技有限公司 Nat traversal method and server
CN108366078A (en) * 2018-04-24 2018-08-03 深圳市网心科技有限公司 The penetrating method and penetrating system of equipment under different NAT nodes

Also Published As

Publication number Publication date
CN108366078A (en) 2018-08-03

Similar Documents

Publication Publication Date Title
US11108570B2 (en) Method and apparatus for multimedia communication, and storage medium
US20230216947A1 (en) Method and System to Implement Secure Real Time Communications (SRTC) Between WebRTC and the Internet of Things (IoT)
WO2019206254A1 (en) Penetration method, device, server and medium for devices under different nat nodes
US11303614B2 (en) System and method for providing improved optimization for secure session connections
US10250637B2 (en) System and method of pre-establishing SSL session connections for faster SSL connection establishment
US10034057B2 (en) Message processing method, device, gateway, STB and IPTV
US11196833B1 (en) Proxy server synchronizer
US20200344280A1 (en) Relaying media content via a relay server system without decryption
CN103108037B (en) A kind of communication means, Web server and Web communication system
CN102571790B (en) A kind of method and apparatus of the encrypted transmission for realize target file
KR102080230B1 (en) System and method for multiway call processing of rest api service
KR101240552B1 (en) System and method for managing media keys and for transmitting/receiving peer-to-peer messages using the media keys
WO2016177121A1 (en) File transmission method and device, and application server
CN106464596A (en) Openflow communication method, system, controller, and service gateway
WO2019184262A1 (en) Multi-type media data network address translation traversing method, terminal and system
JP5091887B2 (en) Terminal device, communication processing method, and program
JP2017208797A (en) Unified data networking across heterogeneous networks
WO2020237880A1 (en) Data exchange method based on asymmetric encryption technology, sending terminal and computer readable storage medium
JP2016535945A (en) Multimedia sharing method, registration method, server and proxy server
CN106817629B (en) Media information transmission method, device and system
CN104022947A (en) Quantum private communication HTTP (Hyper Text Transport Protocol) proxy gateway
US8739306B2 (en) System and method for accessing private digital content
Cui Comparison of IoT application layer protocols
JP2013513268A5 (en)
US9357269B2 (en) Method and system for providing secure handling of information for complete internet anywhere

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19792748

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 03.03.2021.)

122 Ep: pct application non-entry in european phase

Ref document number: 19792748

Country of ref document: EP

Kind code of ref document: A1