WO2022164201A1 - Dispositif de contrôle d'accès à un réseau privé pour permettre à un terminal utilisateur d'un réseau internet d'accéder à un réseau privé afin d'exécuter un service à distance, et son procédé de commande - Google Patents

Dispositif de contrôle d'accès à un réseau privé pour permettre à un terminal utilisateur d'un réseau internet d'accéder à un réseau privé afin d'exécuter un service à distance, et son procédé de commande Download PDF

Info

Publication number
WO2022164201A1
WO2022164201A1 PCT/KR2022/001397 KR2022001397W WO2022164201A1 WO 2022164201 A1 WO2022164201 A1 WO 2022164201A1 KR 2022001397 W KR2022001397 W KR 2022001397W WO 2022164201 A1 WO2022164201 A1 WO 2022164201A1
Authority
WO
WIPO (PCT)
Prior art keywords
private network
user terminal
network
remote service
address
Prior art date
Application number
PCT/KR2022/001397
Other languages
English (en)
Korean (ko)
Inventor
김태영
김태현
진성근
Original Assignee
대구대학교 산학협력단
주식회사 크래프트엑스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020210022145A external-priority patent/KR102595308B1/ko
Application filed by 대구대학교 산학협력단, 주식회사 크래프트엑스 filed Critical 대구대학교 산학협력단
Publication of WO2022164201A1 publication Critical patent/WO2022164201A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/60Router architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to an apparatus for controlling access to a private network that allows a user terminal of an Internet network to access a private network to execute a remote service, a system including the same, and a method for controlling the same.
  • Terminals are assigned a public IP (Internet Protocol) from an Internet Service Provider (ISP) or a private IP assigned from a Network Address Translator (NAT) to access the network.
  • IP Internet Protocol
  • ISP Internet Service Provider
  • NAT Network Address Translator
  • the NAT device controls a plurality of terminals to access an external network using one public IP allocated from the ISP. More specifically, the NAT device is an address translator of a communication network used to convert a private IP address into a public IP address. To this end, the NAT device classifies the terminals using the private IPs allocated differently within the network, and allows the terminals to access the external network while sharing the public IP.
  • a NAT device There are two purposes of using a NAT device. First, it can save the public IP address of the Internet, and second, it can protect users' own private network connected to the public network of the Internet from intruders.
  • NAT is a device that connects to an external communication network, that is, the Internet network
  • the router notifies only the public IP address assigned to it to the outside, and only uses the private IP address internally, and converts them when necessary. . Therefore, in order for an external intruder to attack, it is impossible to attack because the internal private IP address of the private network must be known, so the internal network can be protected.
  • a plurality of virtual machines are installed inside the server.
  • a Linux-based Kernel-based Virtual Machine (KVM) hypervisor a Windows-based VmWare hypervisor, and the like are used.
  • the operator when a virtual machine is used as described above, the operator must set port forwarding information in response to a firewall, a NAT device, and the like. In particular, when a private IP is assigned to a virtual machine, the operator must continuously update the settings.
  • the present invention aims to solve the above and other problems.
  • One object of the present invention is to propose an apparatus, system and method for efficiently accessing a remote service existing in a private network or a cloud computing internal network by a terminal from the outside.
  • An embodiment of the present invention for realizing the above problems relates to a control method of a private network access control apparatus.
  • the control method may include: logging in to a user terminal accessing a portal through an Internet network; obtaining user information about the user terminal in response to the user terminal logging in; changing settings of a router connecting the Internet network and the private network using the user information; and providing a remote service located in the private network to the user terminal using the router.
  • the changing of the router configuration includes: setting a destination address of a packet transmitted from the user terminal to the private network as a private network IP address of a node in which the remote service is located; and setting a destination address of a packet sent by the remote service to the user terminal as an Internet network IP address of the user terminal.
  • the user information may include the Internet network IP address of the user terminal, remote service information to be used by the user terminal, and a private network IP address of a node in which the remote service is located.
  • the portal may be operated in a server connected to the private network, and the address of the portal may be fixed to a specific address accessible from the Internet network to the private network.
  • control method may include: discovering a first user terminal and a second user terminal that exist in the private network and access the remote service; disposing the remote service providing node differently as a first node corresponding to the first user terminal and a second node corresponding to the second user terminal; and providing the remote service to the first user terminal through the first node and providing the remote service to the second user terminal through the second node.
  • An embodiment of the present invention relates to a system including a private network access control device that allows a user terminal of an Internet network to access a private network to execute a desktop service.
  • the system includes a plurality of hosts providing different remote services; a router connected to the hosts by a private network and configured to connect the private network to an Internet network; and a private network access control device connected to the hosts through the private network and configured to change the settings of the router so that a user terminal connected to the private network can use a remote service provided by at least one of the hosts.
  • a user terminal can quickly and efficiently access a remote service existing in a private network or an internal cloud computing network from the outside.
  • FIGS. 1A and 1B are diagrams illustrating a network environment including a NAT device and a firewall;
  • FIG. 2 is a diagram for explaining a port forward method
  • FIG. 3 is a diagram for explaining a method of using a relay server in a private network
  • FIG. 4 is a view for explaining a system including a private network access control device according to an embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating a control method according to an embodiment of the present invention.
  • the terminal may be divided into a mobile/portable terminal and a stationary terminal according to whether the terminal can be moved.
  • the mobile terminal can be divided into a handheld terminal and a vehicle mounted terminal according to whether the user can carry it directly.
  • the terminal described in this specification includes a mobile phone, a smart phone, a laptop computer, a digital broadcasting terminal, a personal digital assistant (PDA), a portable multimedia player (PMP), a navigation system, a slate PC, A tablet PC, an ultrabook, a wearable device, for example, a watch-type terminal (smartwatch), a glass-type terminal (smart glass), a head mounted display (HMD), etc. may be included.
  • PDA personal digital assistant
  • PMP portable multimedia player
  • a navigation system a slate PC
  • a tablet PC an ultrabook
  • a wearable device for example, a watch-type terminal (smartwatch), a glass-type terminal (smart glass), a head mounted display (HMD), etc. may be included.
  • the remote service refers to a service in which a user terminal accesses a specific computing device through an Internet network to use resources of the computing device or to control the computing device.
  • a typical example of a remote service is Remote Desktop Services.
  • Remote Desktop Services is one of the components of Microsoft Windows that allows users to take control of a remote computer or virtual machine that is connected to a network.
  • Remote Desktop Services is Microsoft's implementation of Thin Client, which allows full computer desktops running Windows software, Remote Desktop Services (RDS), to connect to remote client machines that support Remote Desktop Protocol (RDP).
  • RDP Remote Desktop Protocol
  • Remote Desktop Services only the software user interfaces are sent to the client system. All input from the client system is sent to the server, where the software execution takes place. This is in contrast to application streaming systems such as Microsoft's App-V, where computer programs are streamed to the requesting client and run on a streaming machine.
  • VNC Virtual Network Computing
  • FIGS. 1A and 1B are diagrams illustrating a network environment including a NAT device and a firewall.
  • various types of hosts 6 , 8 , 10 , and 12 are located in an internal network, and the hosts 6 , 8 , 10 , and 12 are connected to a router ( 4) (or switch). And, the first terminal 20 is connected to the internal network (16).
  • the first host 6 is set to a first type (Type-1).
  • the first type means a host to which a public IP is allocated.
  • the second host 8 is set to a second type (Type-2).
  • the second type means a host including a virtual machine (VM) therein by a NAT type provided by an operating system (OS).
  • OS operating system
  • the third host 10 is set to a third type (Type-3).
  • the third type means a host connected to the internal network 16 via the NAT device 14 .
  • the fourth host 12 is set to a fourth type (Type-4).
  • the fourth type refers to a host connected to the internal network 16 via the NAT device 14 and including a virtual machine (VM) therein by the NAT type provided by the operating system (OS).
  • OS operating system
  • the internal network is connected to an external network (eg, the Internet, etc.) via the firewall 2 .
  • the firewall 2 protects the internal network from the external network by controlling only the session that meets the policy set in advance from the external network to be communicated to the internal network.
  • the second terminal 30 located outside the firewall 2 may block communication with the internal network by the packet filtering function of the firewall 2 .
  • the above-described first host 6 is assigned a public IP.
  • the second host 8 is allocated one public IP, and virtual machines (VM) located therein are allocated a private IP.
  • the third host 10 and the fourth host 12 connected to the NAT device 14 are assigned a private IP. Additionally, virtual machines (VMs) included in the fourth host 12 are allocated a different private IP from the fourth host 12 .
  • the first terminal 20 connected to the internal network 16 can communicate with the first host 6 assigned a public IP. However, even in the first terminal 20 connected to the internal network 16 , the virtual machines (VM) of the second host 8 using the private IP, the third host 10 and the fourth host 12 Communication with virtual machines (VMs) is not allowed.
  • VM virtual machines
  • a private IP is generally used for network configuration.
  • the operator when configuring a network using a private IP, the operator must set port forwarding information for remote access such as telnet or ssh.
  • remote access such as telnet or ssh is required from an external network, the operator must additionally set a firewall permission policy, which limits network utility.
  • an apparatus for controlling port forwarding may include hosts 106 , 108 , 110 , 112 , a router 104 , and an internal forwarder 140 .
  • Hosts 106 , 108 , 110 , 112 , router 104 and internal forwarding unit 140 are connected by internal network 116 (internal network formation).
  • the first host 106 is set to a first type (Type-1).
  • the first type means a host to which a public IP is allocated.
  • the second host 108 is set to a second type (Type-2).
  • the second type refers to a host including virtual machines VM-1 and VM-2 (or first virtual machines) therein by a NAT type provided by an operating system (OS).
  • OS operating system
  • Such a second host 108 includes a forwarding agent (FA).
  • the forwarding agent FA transfers the access information to be provided by the second host 108 to the internal forwarding unit 140 .
  • the forwarding agent (FA) of the second host 108 may transmit connection information that can be connected to the virtual machines VM-1 and VM2 of the second host 108 to the internal forwarding unit 140 . have.
  • the forwarding agent (FA) is illustrated as being separately included in the host for convenience of description, the present invention is not limited thereto.
  • the forwarding agent (FA) may be deleted, and the operation of the forwarding agent (FA) may be performed in the corresponding host.
  • the forwarding agent (FA) may be implemented as a program or the like.
  • the third host 110 is set to a third type (Type-3).
  • the third type means a host connected to the internal network 116 via the NAT device 114 .
  • Such a third host 110 includes a forwarding agent (FA).
  • the forwarding agent FA transmits access information to be provided by the third host 110 to the internal forwarding unit 140 .
  • the fourth host 112 is set to a fourth type (Type-4).
  • the fourth type is connected to the internal network 116 via the NAT device 114, and virtual machines (VM-1', VM-2') inside by the NAT type provided by the operating system (OS). (or second virtual machines) means a host.
  • Such a fourth host 112 includes a forwarding agent (FA).
  • FA forwarding agent
  • the forwarding agent FA transmits the access information to be provided by the fourth host 112 to the internal forwarding unit 140 .
  • the forwarding agent FA of the fourth host 112 may transmit connection information that can be connected to the virtual machines VM-1' and VM-2' to the internal forwarding unit 140 .
  • FIG. 1B shows four hosts 106 to 112 formed in different types for convenience of description, the present invention is not limited thereto.
  • one or more types of hosts included in the internal network of the present invention may be configured, and the number of hosts may be variously configured.
  • a router 104 (or a switch) connects the internal network with any external network.
  • the router 104 is connected to the Internet via the firewall 102 , and accordingly, the internal network may be connected to any external network (or terminal, etc.) via the Internet.
  • the internal forwarding unit 140 sets port forwarding information in response to access information from a forwarding agent (FA) included in each of the hosts 108 to 112 . That is, the internal forwarding unit 140 automatically sets port forwarding information in response to the access information of the forwarding agent (FA).
  • the first terminal 120 connected to the internal network 116 may be connected to the second host 108 to the fourth host 112 in response to the port forwarding information set in the internal forwarding unit 140 . have.
  • the first host 106 to which the public IP is assigned can communicate with the first terminal 120 without a separate port forwarding.
  • the internal forwarding unit 140 does not generate separate port forwarding information in relation to the first host 106
  • the present invention is not limited thereto.
  • port forwarding information of the first host 106 may be set in the internal forwarding unit 140 to be connected to an external network via the firewall 102 .
  • the firewall 102 protects the internal network from the external network by controlling only a session meeting a policy set in advance from the external network to be communicated to the internal network.
  • the second terminal 130 located outside the firewall 102 may block communication with the internal network by the packet filtering function of the firewall 102 .
  • the present invention provides a method for a terminal located outside to use a desktop service existing in an internal network.
  • the port forwarding control apparatus includes hosts 106 ′, 108 , 110 , 112 , a router 104 , an internal forwarding unit 140 , and an external forwarding unit 150 . can do.
  • Each of hosts 106', 108, 110, 112 includes a forwarding agent (FA).
  • the forwarding agent (FA) included in each of the hosts 106', 108, 110, and 112 transmits the access information of the host 106', 108, 110, and 112 to the internal forwarding unit 140. forward to
  • the internal forwarding unit 140 sets port forwarding information (or internal port forwarding information) in response to access information from the forwarding agent (FA). Then, the internal forwarding unit 140 transmits the port forwarding information to the external forwarding unit 150 .
  • FA forwarding agent
  • the external forwarding unit 150 is located outside the firewall 102 . Such an external forwarding unit 150 sets port forwarding information (or external port forwarding information) based on the port forwarding information from the internal forwarding unit 140 .
  • the external forwarding unit 150 transmits the packet from the second terminal 130 to the internal forwarding unit 140 in response to the port forwarding information stored therein.
  • the internal forwarding unit 140 may supply the packet transferred from the external forwarding unit 150 to the specific host 106' to any one of 112 in response to the port forwarding information stored therein.
  • FIG. 2 is a diagram for simplifying the port forward method described above with reference to FIGS. 1A and 1B .
  • IP IP is a unique value, it does not have duplicate addresses.
  • IPv4 which consists of 4 numbers from 0 to 255, can allocate only 4,294,967,296 (about 4.2 billion) addresses to the power of 2, 32. Therefore, a separate private network is established for devices that do not need a network worldwide.
  • the above-mentioned Internet-capable IP is called a public IP.
  • These public IPs are unique values and are assigned to each device using the Internet. However, some IP bands are not used in these public IPs.
  • the 10.x.x.x bands, the 172.16 ⁇ 31.x.x bands, and the 192.168.x.x bands are all unused.
  • This IP band is used only in a private network (or private network) that a company or individual will establish separately.
  • a private network is a local network, not the global Internet, and is used when the Internet is not necessary. In order to build such a private network, a DHCP server and a router are required, but the personal equipment that combines these functions is a router.
  • the role of the router is to establish a private network for all devices connected to the router. Because it is a private network, the private IP band is used instead of the public IP band mentioned above.
  • the mainly used IP band is 192.168.x.x. As such, a device with an IP address starting with 192.168 requires a device with a public IP address to access the Internet.
  • the router is assigned a public IP while creating a private network. So, all devices connected to the router must go through the router to access the Internet.
  • the remote access desktop service existing inside the private network allocates a different port for each computer for remote access.
  • the router managing the private network can allow the connection to access the private network from the outside by forwarding all packets that connect to a pre-determined port from the outside for remote access to the desktop service using the pre-determined IP.
  • this method is inconvenient in that a port is allocated for each computer, and a user who wants to access the allocated port from the outside must also know as previously agreed information.
  • FIG. 3 is a diagram for explaining a method of using a relay server in a private network.
  • the method of using the relay server inside the private network is the method suggested by Microsoft (patent application No. 10-2004-0039190), which provides a desktop service that the user terminal can access through the portal, and when the user terminal selects a specific desktop service, the inside of the private network
  • Microsoft patent application No. 10-2004-0039190
  • This is a method that relays traffic between an external user terminal and an internal desktop service by creating a thread for the server in the server to receive the user's traffic and the desktop service traffic inside the private network. Since this method takes a method in which the internal server receives both traffic and relays it again, there is a disadvantage that the efficiency may be greatly reduced if a lot of load is concentrated at once.
  • FIG. 4 is a diagram for explaining a system including a private network access control apparatus according to an embodiment of the present invention
  • FIG. 5 is a flowchart for explaining a control method according to an embodiment of the present invention.
  • the private network access control device performs a function of allowing a user terminal located outside the private network to access a computing device located in the private network through the Internet network and use a remote service for the computing device.
  • the remote service may include various functions, but for convenience of description, the remote desktop service will be exemplified.
  • the remote desktop service In a cloud environment, the remote desktop service usually exists inside a private network and can be accessed by the method described above.
  • the current cloud network is becoming increasingly complex with a structure in which the private network environment is surrounded by double or triple layers, and the need to improve performance in a simpler and more efficient way is increasing in this environment.
  • the user terminal performs membership registration through a login portal operated by the private network access control device inside the private network (S510).
  • User information including remote desktop service information that the user terminal intends to use when signing up for membership and a private network IP address of a node in which the remote desktop service is located may be stored in the memory of the private network access control device.
  • the user terminal accesses the server accessible to the private network through the login portal operated by the server inside the private network, and performs login (S530).
  • the address of the login portal is fixed to a specific address that can access the private network, and a portal that provides a specific service can be installed inside the private network using a known method. Since the IP address that can access the portal service is known externally, anyone can access it.
  • the user terminal When the user terminal is logged in, it is possible to know who the user accessed through the portal is, and the IP information used by the user can be obtained through the user packet. Since the remote desktop service is provided in a one-to-one correspondence with a specific user, by using user information, it is also possible to identify the remote desktop service corresponding to the user. Using internal management information, you can find out which cloud computing node the corresponding remote desktop service is currently deployed on, and you can know the IP address of the corresponding computing node or the IP address represented for access (usually a gateway or router address). have. Therefore, by using the logged-in user information, it is possible to know the IP address of the user terminal, the remote desktop service for users inside the private network, the IP address of the cloud computing node where the service is deployed, and information about the access path.
  • the private network access control apparatus provides the remote desktop service by changing the configuration information of the router (or gateway) connecting the private network and the outside using the obtained IP address of the user terminal as follows ( S550 ).
  • the packet transmitted from the user terminal to the private network is delivered into the private network by using the IP address of the computing node where the corresponding remote desktop service is located inside the private network as the destination address.
  • the packet sent by the Remote Desktop Service to the user can be transmitted outside the private network with the IP address of the user terminal as the destination in the same way as the method currently used in NAT.
  • the host provides the remote desktop service to the user terminal through the router whose settings are changed (S570).
  • a plurality of user terminals may have the same starting address.
  • the computing node providing the remote desktop service is arranged differently or the service is provided through a container having a different address.
  • the private network access control apparatus searches for a first user terminal and a second user terminal that exist in the private network and access the remote desktop service, and provides a node providing the remote desktop service to the first user terminal. disposing differently to a corresponding first node and a second node corresponding to the second user terminal, and providing the remote desktop service to the first user terminal through the first node, and through the second node.
  • the step of providing the remote desktop service to the second user terminal may be additionally performed.
  • the classic method is port forwarding, but this method has a limitation in that traffic with a specific port coming from the outside can be sent to only one server inside the NAT.
  • the method presented by Microsoft is a method of receiving all connections with a server program, reading the traffic, and then sending it back to the server.
  • the traffic consists of a read part and a sending part.
  • the method proposed in the present invention is not to read and then forward it, but to change the address value of the traffic according to a predetermined rule according to the user so that the remote desktop user terminal can directly send the traffic to its own server.
  • the user and the address value are mapped 1:1, and the information is predetermined when the user terminal creates a user account or an administrator creates an account.
  • a user terminal can quickly and efficiently access a remote desktop service existing in a private network or an internal cloud computing network from the outside.
  • the present invention described above can be implemented as computer-readable code (or application or software) on a medium in which a program is recorded.
  • the above-described control method of the diagnostic system may be realized by a code stored in a memory or the like.
  • the computer-readable medium includes all kinds of recording devices in which data readable by a computer system is stored.
  • Examples of computer-readable media include Hard Disk Drive (HDD), Solid State Disk (SSD), Silicon Disk Drive (SDD), ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
  • HDD Hard Disk Drive
  • SSD Solid State Disk
  • SDD Silicon Disk Drive
  • ROM Read Only Memory
  • RAM compact disc-read only memory
  • CD-ROM compact disc-read only memory
  • magnetic tape floppy disk
  • optical data storage device etc.
  • carrier wave eg, transmission over the Internet
  • the computer may include a processor or a processor. Accordingly, the above detailed description should not be construed as restrictive in all respects but as exemplary. The scope of the present invention should be determined by a reasonable interpretation of the appended claims, and all modifications within the equivalent scope of the present invention are included in the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un dispositif de contrôle d'accès à un réseau privé pour permettre à un terminal utilisateur d'un réseau Internet d'accéder à un réseau privé afin d'exécuter un service à distance, et son procédé de commande. Le procédé de commande comprend les étapes consistant à : se connecter à un terminal utilisateur ayant accédé à un portail par l'intermédiaire d'un réseau Internet ; obtenir des informations d'utilisateur concernant le terminal utilisateur en réponse à une connexion du terminal d'utilisateur ; modifier une configuration d'un routeur connectant le réseau Internet et le réseau privé, à l'aide des informations d'utilisateur ; et fournir un service à distance situé dans le réseau privé au terminal utilisateur à l'aide du routeur.
PCT/KR2022/001397 2021-01-27 2022-01-26 Dispositif de contrôle d'accès à un réseau privé pour permettre à un terminal utilisateur d'un réseau internet d'accéder à un réseau privé afin d'exécuter un service à distance, et son procédé de commande WO2022164201A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20210011554 2021-01-27
KR10-2021-0011554 2021-01-27
KR1020210022145A KR102595308B1 (ko) 2021-01-27 2021-02-18 인터넷 망의 사용자 단말이 원격 서비스를 실행하기 위하여 사설망에 접속할 수 있도록 하는 사설망 접속 제어장치 및 그것의 제어 방법
KR10-2021-0022145 2021-02-18

Publications (1)

Publication Number Publication Date
WO2022164201A1 true WO2022164201A1 (fr) 2022-08-04

Family

ID=82654796

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/001397 WO2022164201A1 (fr) 2021-01-27 2022-01-26 Dispositif de contrôle d'accès à un réseau privé pour permettre à un terminal utilisateur d'un réseau internet d'accéder à un réseau privé afin d'exécuter un service à distance, et son procédé de commande

Country Status (1)

Country Link
WO (1) WO2022164201A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061349A (en) * 1995-11-03 2000-05-09 Cisco Technology, Inc. System and method for implementing multiple IP addresses on multiple ports
WO2001097485A2 (fr) * 2000-06-14 2001-12-20 At & T Wireless Services, Inc. Procede de fourniture de reseaux transparents a adressage public a l'interieur de reseaux prives
US20030041136A1 (en) * 2001-08-23 2003-02-27 Hughes Electronics Corporation Automated configuration of a virtual private network
KR20040108568A (ko) * 2003-06-06 2004-12-24 마이크로소프트 코포레이션 원격 클라이언트를 로컬 클라이언트 데스크톱에 접속하기위한 아키텍쳐
US20130128892A1 (en) * 2004-07-23 2013-05-23 Goutham P. Rao Method and systems for routing packets from a gateway to an endpoint

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061349A (en) * 1995-11-03 2000-05-09 Cisco Technology, Inc. System and method for implementing multiple IP addresses on multiple ports
WO2001097485A2 (fr) * 2000-06-14 2001-12-20 At & T Wireless Services, Inc. Procede de fourniture de reseaux transparents a adressage public a l'interieur de reseaux prives
US20030041136A1 (en) * 2001-08-23 2003-02-27 Hughes Electronics Corporation Automated configuration of a virtual private network
KR20040108568A (ko) * 2003-06-06 2004-12-24 마이크로소프트 코포레이션 원격 클라이언트를 로컬 클라이언트 데스크톱에 접속하기위한 아키텍쳐
US20130128892A1 (en) * 2004-07-23 2013-05-23 Goutham P. Rao Method and systems for routing packets from a gateway to an endpoint

Similar Documents

Publication Publication Date Title
EP2745474B1 (fr) Passerelle de virtualisation entre réseaux virtualisés et réseaux non virtualisés
JP6306640B2 (ja) 管理されたコンピュータネットワークのための論理ネットワーキング機能の提供
US8332523B2 (en) Architecture to enable keyboard, video and mouse (KVM) access to a target from a remote client
US9042384B2 (en) Distributed routing domains in multi-tenant datacenter virtual networks
US9106529B2 (en) Virtual network configuration and management
JP2007193429A (ja) ネットワークコンピューティングシステム、通信方法、画像投影装置、画像入出力装置および画面データ取得方法
AU2012340331A1 (en) Virtual network interface objects
JP2009278261A (ja) 情報処理装置および通信制御方法
JP2014525155A (ja) 仮想ネットワークの構成および管理のためのコンピュータ実装方法、コンピュータ・プログラム、およびデータ処理システム
WO2018008933A1 (fr) Procédé pour fournir un service de cpe virtuel à l'aide d'une seule ligne internet et d'un nuage de virtualisation de fonction de réseau
KR102595308B1 (ko) 인터넷 망의 사용자 단말이 원격 서비스를 실행하기 위하여 사설망에 접속할 수 있도록 하는 사설망 접속 제어장치 및 그것의 제어 방법
JP2010239591A (ja) ネットワークシステム、中継装置、およびネットワーク制御方法
WO2022164201A1 (fr) Dispositif de contrôle d'accès à un réseau privé pour permettre à un terminal utilisateur d'un réseau internet d'accéder à un réseau privé afin d'exécuter un service à distance, et son procédé de commande
JP2015002424A (ja) アドレス割当装置、管理装置、アドレス割当プログラムおよび管理プログラム
WO2017154163A1 (fr) Système informatique, procédé de commande de dispositif passerelle, et support de stockage
WO2015020393A1 (fr) Procédé, dispositif et système pour prendre en charge une communication entre des dispositifs de terminal utilisateur par utilisation d'openflow, et support d'enregistrement pouvant être enregistré par ordinateur
KR101996588B1 (ko) Arp 프로토콜을 지원하는 분리망 연계장치 및 그 제어방법
JP7419771B2 (ja) ネットワークシステム及び接続方法
KR102103484B1 (ko) 가상 네트워킹 기술을 이용한 고객사별 인트라넷 서비스 제공 방법 및 그 시스템
JP2007074209A (ja) 認証vlanシステム、認証サーバおよびプログラム
Luevano et al. The Healthcare Simulation Technology Specialist and Information Technology
CN114598600A (zh) 实现网络互通的双系统
Li et al. A Scalable and Efficient Virtual Network for Cloud Computing
JP2012129897A (ja) 通信装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22746227

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22746227

Country of ref document: EP

Kind code of ref document: A1