CN109005179A - Network security tunnel establishing method based on port controlling - Google Patents
Network security tunnel establishing method based on port controlling Download PDFInfo
- Publication number
- CN109005179A CN109005179A CN201810905770.9A CN201810905770A CN109005179A CN 109005179 A CN109005179 A CN 109005179A CN 201810905770 A CN201810905770 A CN 201810905770A CN 109005179 A CN109005179 A CN 109005179A
- Authority
- CN
- China
- Prior art keywords
- client
- master control
- bridge joint
- key
- terminal server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000013507 mapping Methods 0.000 claims abstract description 65
- 230000005540 biological transmission Effects 0.000 claims abstract description 6
- 238000004891 communication Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention relates to a kind of network security tunnel establishing method based on port controlling, comprising: establish bridge joint master control;Connection is established in Terminal Server Client and bridge joint master control;Connection is established in network mapping device and bridge joint master control;Network mapping device sends mapping request order to bridge joint master control;It bridges master control and starts bind command to the transmission of corresponding Terminal Server Client;Terminal Server Client receives bind command, initiates the connection to destination address;After successful connection, Terminal Server Client is newly connect with bridge joint master control foundation, and bridge joint master control associates the newly created data connection of Terminal Server Client with the data connection that network mapping device is initiated in logic, and is responsible for data forwarding.The network security tunnel establishing method based on port controlling passes through the long-range mapping techniques in port, it originally can not be direct-connected to access, across interior network segment, network service across firewall, using centralized management, it can provide high constrained mapping management in terms of safety, the on-demand dynamic configuration function of high flexible also can be used.
Description
Technical field:
The present invention relates to network fields more particularly to one kind to be mainly used in " to the network service in segregate Intranet
Access " or the network security tunnel based on port controlling of " program between different Intranets accesses mutually " establish
Method.
Background technique:
Currently in order to allowing the network service of Intranet that can be disclosed access, depends in firewall and routing and establish port
Mapping will cause some network services for lacking safety guarantee in this way and be disclosed to internet and lead to security risk.And across
The technical solution that different Intranets are exchanged visits relies primarily on VPN, and the VPN of standard will receive agreement limitation in some complex environments, and
Off-gauge scheme again relies on the bottom layer drivings schemes such as simulation network interface card, also can subprogram presence compatibility under the mode of more network interface cards
Property problem, furthermore also results in that the client access authority being connected into is excessive to lead to security risk under vpn environment.Although above scheme
Can be by IP strategy, multiple firewalls are constrained, but considerably increase the complexity of deployment simultaneously.
Summary of the invention:
The purpose of the present invention is in view of the drawbacks of the prior art, provide a kind of network security tunnel based on port controlling to build
Cube method can provide high constrained mapping management in terms of safety, high flexible also can be used using centralized management
On-demand dynamic configuration function.
The present invention is achieved through the following technical solutions: a kind of network security tunnel foundation side based on port controlling
Method, comprising:
Bridge joint master control is established between Terminal Server Client and network mapping device;
Secure connection is established in Terminal Server Client and bridge joint master control;
Application program connects network mapping device, and network mapping device obtains target remote client id and correspondence after receiving request
Secure connection is established in destination address, network mapping device and bridge joint master control;
Network mapping device sends mapping request order to bridge joint master control, and bridge joint master control carries out permission detection to the order, and
Whether detection Terminal Server Client ID connects;
Bridging master control is the random number that current network mapping device request connection dynamic generation includes corresponding relationship, to correspondence
The command channel of Terminal Server Client sends starting bind command, and Terminal Server Client is waited to connect;
Terminal Server Client receives the starting bind command that bridge joint master control is sent, and initiates the connection to destination address;
After successful connection, new connection is established in Terminal Server Client and bridge joint master control, and bridge joint master control newly creates Terminal Server Client
The data connection built associates in logic with the data connection that network mapping device before is initiated, and is responsible for two connections and carries out
Data forwarding.
Preferably, application program connects network mapping device by Transmission Control Protocol.The application program connects network mapping device
The local port of mapping, after network mapping device receives connection request, query configuration information obtains target remote client id and right
Answer destination address.
In addition, the application program can also connect network mapping device by udp protocol.The application program is to network mapping
The local port of device mapping sends UDP message packet, and network mapping device obtains the source information of the data packet, safeguards a memory mapping
Table, records the relationship in the source UDP and secure tunnel, if had existed, the tunnel handle is obtained, if it does not, looking into
Configuration information is ask, target remote client id and corresponding destination address are obtained.The Terminal Server Client is the UDP of each creation
Application program provides receivings time-out and records, when the UDP application program is not received by data within the unit time the case where
Under, Terminal Server Client will be forcibly closed and bridges the new connection of master control foundation.
When Terminal Server Client RC and bridge joint master control BC of the invention establishes secure connection, Terminal Server Client is sent comprising long-range
The log on command of client id and password, bridge joint master control are proved to be successful reply by sending after verifying, and keep this connection simultaneously
The network communication handle of Terminal Server Client ID and tunnel are stored in memory record, the order as the Terminal Server Client is logical
Road.
When Terminal Server Client RC or network mapping device NM and bridge joint master control BC of the invention establishes secure connection, including it is as follows
Step:
Client is connected to bridge joint master control designated port creation;
Client utilizes RSA Algorithm dynamic generation client key and client public key;
Client encrypts client public key using server key, obtains client public key coding;
Will shake hands identify additional client Public key coding binary sequence as first handshake data packet with DP number
Bridge joint master control is sent to according to packet;
Bridge joint master control receives the DP data packet being initially received and detects to mark of shaking hands, and uses client key solution
Close client public key coding obtains client public key;
Bridge joint master control generates key of the crucial key of 8 bytes as DES algorithm at random, and bridge joint master control is public using client
Key pair key key is encrypted, and crucial key coding is generated;
Bridge joint master control carries out signature to crucial key coding using server key and generates crucial key signature;
Master control is bridged by the binary sequence splicing of crucial key coding and crucial key signature and with the return of DP data packet
Client;
Client verifies crucial key coding using client public key and crucial key signature after receiving, and
Using client key decrypted key key coding, crucial key is obtained;
Secure tunnel is initially completed, and client and bridge joint master control are owned by crucial key, and subsequent all DP data packets are all
Crucial key must be used to be encrypted or decrypted according to DES algorithm.
It is remotely reflected the beneficial effects of the present invention are: port should be passed through based on the network security tunnel establishing method of port controlling
Technology is penetrated, originally can not be direct-connected to access, across interior network segment, the network service across firewall, MPOT uses centralized management, is pacifying
It can provide high constrained mapping management in terms of full property, the on-demand dynamic configuration function of high flexible, the program also can be used
It does not need not needing in complicated multitiered network in different fire prevention using the VPN scheme based on operating system drive layer yet
Additionally it is arranged on wall or gateway.
Detailed description of the invention:
Fig. 1 is the structural schematic diagram in the network security tunnel of the invention based on port controlling;
Fig. 2 is the flow chart of the network security tunnel establishing method of the invention based on port controlling.
Specific embodiment:
The preferred embodiments of the present invention will be described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy
It is easier to be understood by those skilled in the art, so as to make a clearer definition of the protection scope of the present invention.
As shown in Figure 1, being mainly to establish leading to for across a network the present invention is based on the network security tunnel (MPOT) of port controlling
News tunnel is made of using expansible communications protocol (BridgeNetProtocal, abbreviation BNP) three layers of service architecture,
It is reflected including Terminal Server Client (RemoteClient, abbreviation RC), bridge joint master control (BridgeController, abbreviation BC), network
Emitter (NetMapper, abbreviation NM).In MPOT system, BridgeController is as open server, RemoteClient
It is all connection client with NetMapper.
As shown in Fig. 2, a kind of network security tunnel establishing method based on port controlling, comprising:
Bridge joint master control is established between Terminal Server Client and network mapping device;
Secure connection is established in Terminal Server Client and bridge joint master control;
Application program connects network mapping device, and network mapping device obtains target remote client id and correspondence after receiving request
Secure connection is established in destination address, network mapping device and bridge joint master control;
Network mapping device sends mapping request order to bridge joint master control, and bridge joint master control carries out permission detection to the order, and
Whether detection Terminal Server Client ID connects;
Bridging master control is the random number that current network mapping device request connection dynamic generation includes corresponding relationship, to correspondence
The command channel of Terminal Server Client sends starting bind command, and Terminal Server Client is waited to connect;
Terminal Server Client receives the starting bind command that bridge joint master control is sent, and initiates the connection to destination address;
After successful connection, new connection is established in Terminal Server Client and bridge joint master control, and bridge joint master control newly creates Terminal Server Client
The data connection built associates in logic with the data connection that network mapping device before is initiated, and is responsible for two connections and carries out
Data forwarding.
BNP a scalable network protocol specification:
1, communication packet control specification
BNP agreement carries out stream data transmitting, using data packet (DP) as minimum transmission units, each data using TCP
Packet indicates data packet length using 2 bytes (unsigned short network byte order) are started, subsequent to closely follow actual number
According to text, as in the table below
2, secure connection rule
Each BC as open server needs to generate a pair of secret keys server using RSA (2048) Encryption Algorithm close
Key ServerPriKey and server Public key ServerPubKey, and ServerPubKey is issued to the RC for connecting the BC
With NM client, steps are as follows for data connection:
S1: client creates TCP connection to BC designated port;
S2: client using RSA (1024) Dynamic building algorithm a pair of secret keys client key ClientPriKey and
Client public ciphering key lientPubKey;
S3: client encrypts ClientPubKey using ServerPubKey, obtains client public key coding
ClientPubKeyEncocded;
S4: the binary sequence that identifies additional ClientPubKeyEncocded of shaking hands as first handshake data packet,
BC server is sent to DP data packet;
S5: server B C, which receives the DP packet being initially received, detects mark of shaking hands, and uses ClientPriKey
It decrypts ClientPubKeyEncocded and obtains ClientPubKey;
S6: server generates key of the crucial key ExKey of 8 bytes as DES algorithm at random;
S7: server encrypts ExKey using ClientPubKey, generates crucial key coding
ExKeyEncoded;
S8: server carries out signature to ExKeyEncoded using ServerPriKey and generates crucial key signature
ExKeySigned;
S9: server by the binary sequence splicing of ExKeyEncoded and ExKeySigned and returns to client with DP packet
End;
S10: client verifies ExKeyEncoded using ClientPubKey and ExKeySigned after receiving,
And ExKeyEncoded is decrypted using ClientPriKey, obtain ExKey;
S11: secure tunnel is initially completed, and client and server-side are owned by ExKey, and subsequent all DP packets must all make
It is encrypted and decrypted with ExKey according to DES algorithm.
3, extendable commands specification
BNP order is the standard of progress control message transmitting between MPOT service, is transmitted in secure tunnel, and every order is all
It must be disposably transmitted in one individually encryption DP packet.BNP order is using formatted text as basic transmission lattice
Formula, including but not limited to XML, JSON etc..Each extendable commands are formed with title and parameter list, are illustrated make with JSON below
To illustrate.
The result response of each corresponding return of order
The subsequent explanation for being related to related command will be reduced to format as login { user, password }.
MPOT Service Description:
1, BridgeController Service Description
BC service is the master control server-side in MPOT framework, the network segment that can be accessed in each client or interconnection
It on the net, is including additionally providing user management and Port Management function except upper provided secure tunnel service function.
(1) subscriber management function includes two kinds of RemoteClient user (RCID) and NetMapper user (NMID), is divided
Other to log in use to RC client and NM client, BC server is maintained comprising RCID and NMID account information and message in cipher
The record sheet of breath.
(2) core of the Port Management function as MPOT patent framework, for safeguarding MPOT Mapping specifications.Port Management needle
Each RCID is arranged, following several modes are divided into:
A, standard-sized sheet mode playback.In this mode, RCID can receive any NMID to the mapping request of arbitrary port.
B, controllability port mapping.In this mode BC management end to each RCID safeguard a remote port define table,
One NMID permission control table, privilege NMID table.These relation tables are using the including but not limited to modes such as database, configuration file
It is saved.
It includes destination name TargetName and destination address TargetAddress (each RCID that remote port, which defines table,
All correspond to a mapping table in logic), as shown in the table:
| TargetName | TargetAddress | NetType (port type) |
| WebA | InnerHost:80 | TCP |
| DataBaseA | InnerIP:1433 | TCP |
| DataBaseB | InnerIP:1521 | TCP |
NMID permission control table, as shown in the table:
| NMID | TargetName |
| NMID1 | WebA |
| NMID2 | DataBaseA |
| NMID3 | DataBaseB |
Franchise NMID mapping table, as shown in the table:
| RCID |
| NMID4 |
| NMID5 |
| NMID6 |
Under controllable port mapping mode, each NM client according to predefined TargetName application port mapping,
The NMID for possessing privileged mode can be to the mapping request of the RC client arbitrary port.
2, RemoteClient Service Description
Each RC client actively connects BC main control server using RCID, receives the access control order of BC, according to
The data exchange task with target port communication is completed in order.
3, NetMapper Service Description
Each NM client maintenance one opens the allocation list of port mapping, allocation list using include but is not limited to database,
The modes such as configuration file are saved, as shown in the table:
BC master control is actively connected using NMID after receiving the data connection request of local program in local listening port
Server, BC notify the Communication tunnel of RemoteClient creation mapping according to permission and configuration information.
MPOT Connection Step explanation:
All in accordance with the secure connection rule creation connection being described above, client has possessed matches all connections of MPOT in advance
The server-side connection public key ServerPubKey set, order referenced below carry out order all in accordance with extendable commands specification above
Transmitting and response.
1, RemoteClient initialization step
S1, RC and BC establish secure connection;
S2, RC send the log on command comprising RCID and password
LOGIN { RCID, PASSWORD };
S3, BC keep this to connect and this by sending the reply being proved to be successful, login { succeed } after verifying
RCID and the network communication handle in tunnel are stored in memory record, the CommandChannel as the RC.
2, NetMapper initialization step
S1, the configuration file (referring to NetMapper Service Description) according to the end NM listen to the corresponding end UDP TCP
Mouthful.
Network security tunnel establishing method based on TCP port control of the invention includes the following steps that (TCP mode connects
Connect step):
S1, application program (such as Web Browser, DateBase Application, RDP Client in diagram)
The local port of NM mapping is connected by respective port (referring to NetMapper initialization step S1);
S2, NM are after receiving connection request, query configuration information, obtain target RCID and corresponding destination address (if work as
Preceding NMID does not possess privilege, then obtains the TargetName configured in target RCID and BC server);
S3, NM and BC create secure connection;
S4, NM send the log on command comprising NMID and password
LOGIN{NMID,PASSWORD};
S5, BC verify NMID, send the order login { succeed } being proved to be successful;
S6, NM send mapping request order, comprising target RCID and destination address (or TargetName) MAP RCID,
TCPMode,TargetAddress/TargetName};
S7, BC carry out permission detection to the address requested the NMID and target, and in the case where NMID does not possess privileged mode, BC will
TargetName is converted to TargetAddress;
Whether S8, BC detection RCID have connected the (command channel established by RemoteClient initialization step S3
CommandChannel);
S9, BC are the random number ConnectionToken that current NM request connection dynamic generation includes corresponding relationship;
S10, to the CommandChannel of corresponding RC, send starting bind command, and the starting of RC is waited to connect
StartConnect:{ ConnectionToken, TargetAddress };
S11, RC receive the StartConnect order of BC transmission, according to TargetAddress in parameter, to target
Initiate TCP connection in location;
If S12, S11 are successfully connected TargetAddress, then RC establishes new connection to BC, which is no longer sent out
The logging request order of RCID is sent, but sends successful connection notification command
NewConnect{ConnectionToken,Succeeded};
The newly created data connection of RC and NM before are initiated data by the relationship of ConnectionToken by S13, BC
Connection associates in logic, and is responsible for two connections of RC and carries out data forwarding;
S14, RC be TargetAddress connection and connect with the NewConnect of BC progress data forwarding.
Network security tunnel establishing method based on udp port control of the invention, different from TCP, logic is not present in UDP
On link, secure tunnel of the MPOT based on TCP, thus must allow UDP by TCP forward, application program is for TCP and UDP
Tupe exist very big difference, TCP logic-based link, and UDP based on source address record (from which [IP: end
Mouthful] obtain, then just back to which [IP: port]), MPOT comes when handling UDP using additional administrative mechanism
Keep the compatibility of UDP.
The local port that S1, application program are mapped to NM sends UDP message packet;
S2:NM obtains source [IP: port] information of the UDP message packet;
S3, NM safeguard a memory mapping table, record the relationship of the source UDP [IP: port] and tunnel, NM basis in the table
The source of UDP is inquired, if had existed, is obtained tunnel communication handle (or object), were it not for and find, then
S3-S13 according to TCP mode Connection Step is essentially identical;
Wherein, the parameter in S6 step is changed to UDPMode:MAP { RCID, UDPMode, TargetAddress/
TargetName};
In S11 step, RC only needs to create a UDP client socket Socket, without to
TargetAddress completes connection;
Different from the S14 step of TCP mode Connection Step, RC client is TargetAddress's and BC
NewConnect connection data forwarding uses overtime recording mechanism, for the resource consumption for avoiding the caused TCP connection of UDP packet,
UDP client Socket that RC client is created to each provides a receivings time-out and records, when changing UDP client in 5-10
In the case that minute (this time-out time can adjust as needed) is not received by data, it will forcibly close RC's and BC
NewConnect connection.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Range.
Claims (8)
1. a kind of network security tunnel establishing method based on port controlling characterized by comprising
Bridge joint master control is established between Terminal Server Client and network mapping device;
Secure connection is established in Terminal Server Client and bridge joint master control;
Application program connects network mapping device, and network mapping device obtains target remote client id and corresponding target after receiving request
Secure connection is established in address, network mapping device and bridge joint master control;
Network mapping device sends mapping request order to bridge joint master control, and bridge joint master control carries out permission detection to the order, and detects
Whether Terminal Server Client ID connects;
Bridge joint master control is the random number that current network mapping device request connection dynamic generation includes corresponding relationship, long-range to corresponding to
The command channel of client sends starting bind command, and Terminal Server Client is waited to connect;
Terminal Server Client receives the starting bind command that bridge joint master control is sent, and initiates the connection to destination address;
After successful connection, new connection is established in Terminal Server Client and bridge joint master control, and bridge joint master control is newly created by Terminal Server Client
Data connection associates in logic with the data connection that network mapping device before is initiated, and is responsible for two connections and carries out data
Forwarding.
2. the network security tunnel establishing method according to claim 1 based on port controlling, which is characterized in that described to answer
Network mapping device is connected by Transmission Control Protocol with program.
3. the network security tunnel establishing method according to claim 2 based on port controlling, which is characterized in that described to answer
With the local port of program connection network mapping device mapping, after network mapping device receives connection request, query configuration information is obtained
Target remote client id and corresponding destination address.
4. the network security tunnel establishing method according to claim 1 based on port controlling, which is characterized in that described to answer
Network mapping device is connected by udp protocol with program.
5. the network security tunnel establishing method according to claim 4 based on port controlling, which is characterized in that described to answer
UDP message packet is sent with the local port that program is mapped to network mapping device, network mapping device obtains the source information of the data packet,
It safeguards a memory mapping table, records the relationship in the source UDP and secure tunnel, if had existed, obtain the tunnel sentence
Handle, if it does not, query configuration information, obtains target remote client id and corresponding destination address.
6. the network security tunnel establishing method according to claim 5 based on port controlling, which is characterized in that described remote
Journey client provides a receiving time-out record for each UDP application program created, when the UDP application program is in unit
In be not received by data in the case where, will forcibly close Terminal Server Client and bridge master control establish new connection.
7. the network security tunnel establishing method according to claim 2 or 4 based on port controlling, which is characterized in that institute
Terminal Server Client and bridge joint master control are stated when establishing secure connection, Terminal Server Client sends stepping on comprising Terminal Server Client ID and password
Record order, bridge joint master control by verifying after send be proved to be successful replys, and keep this connect and Terminal Server Client ID with
The network communication handle in tunnel is stored in memory record, the command channel as the Terminal Server Client.
8. the network security tunnel establishing method according to claim 2 or 4 based on port controlling, which is characterized in that institute
It states Terminal Server Client or network mapping device and when secure connection is established in bridge joint master control, includes the following steps:
Client is connected to bridge joint master control designated port creation;
Client utilizes RSA Algorithm dynamic generation client key and client public key;
Client encrypts client public key using server key, obtains client public key coding;
Will shake hands identify additional client Public key coding binary sequence as first handshake data packet with DP data packet
It is sent to bridge joint master control;
Bridge joint master control receives the DP data packet being initially received and detects to mark of shaking hands, and decrypts visitor using client key
Public key coding in family end obtains client public key;
Bridge joint master control generates key of the crucial key of 8 bytes as DES algorithm at random, and bridge joint master control uses client's Public key
Crucial key is encrypted, crucial key coding is generated;
Bridge joint master control carries out signature to crucial key coding using server key and generates crucial key signature;
Master control is bridged by the binary sequence splicing of crucial key coding and crucial key signature and client is returned to DP data packet
End;
Client verifies crucial key coding using client public key and crucial key signature after receiving, and uses
Client key decrypted key key coding obtains crucial key;
Secure tunnel is initially completed, and client and bridge joint master control are owned by crucial key, and subsequent all DP data packets are all necessary
It is encrypted or is decrypted according to DES algorithm using crucial key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810905770.9A CN109005179B (en) | 2018-08-10 | 2018-08-10 | Network security tunnel establishment method based on port control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810905770.9A CN109005179B (en) | 2018-08-10 | 2018-08-10 | Network security tunnel establishment method based on port control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109005179A true CN109005179A (en) | 2018-12-14 |
| CN109005179B CN109005179B (en) | 2020-11-06 |
Family
ID=64595497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810905770.9A Expired - Fee Related CN109005179B (en) | 2018-08-10 | 2018-08-10 | Network security tunnel establishment method based on port control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109005179B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110492994A (en) * | 2019-07-25 | 2019-11-22 | 北京笛卡尔盾科技有限公司 | A kind of trustable network cut-in method and system |
| CN113014512A (en) * | 2021-03-14 | 2021-06-22 | 白杨 | Network connection accelerated forwarding technology based on N: M connection dynamic mapping |
| CN113329101A (en) * | 2021-08-02 | 2021-08-31 | 杭州钛鑫科技有限公司 | Remote login method and login device for edge computing node |
| CN114124619A (en) * | 2021-12-02 | 2022-03-01 | 深圳通康创智技术有限公司 | Subnet communication method and device, computer equipment and storage medium |
| CN114499976A (en) * | 2021-12-28 | 2022-05-13 | 航天科工智慧产业发展有限公司 | Data exchange method for realizing cross-network exchange |
| CN115460248A (en) * | 2022-09-05 | 2022-12-09 | 锱云(上海)物联网科技有限公司 | A VPN mapping method and system |
| CN115694901A (en) * | 2022-09-27 | 2023-02-03 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101945141A (en) * | 2010-09-17 | 2011-01-12 | 北京神州泰岳软件股份有限公司 | TCP-based method and system for traversing NAT devices |
| US20130039364A1 (en) * | 2005-12-29 | 2013-02-14 | LogMeln, Inc. | Server-mediated setup and maintenance of peer-to-peer client computer communications |
| CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
| CN103765406A (en) * | 2011-06-30 | 2014-04-30 | 亚马逊科技公司 | Methods and apparatus for remotely updating executing processes |
| CN105681487A (en) * | 2009-10-28 | 2016-06-15 | 惠普发展公司,有限责任合伙企业 | Method and device for detecting NAT device |
| CN106793013A (en) * | 2017-01-22 | 2017-05-31 | 深圳国人通信股份有限公司 | Wireless access system and its exchange method based on L2TP |
| US9843505B2 (en) * | 2015-05-28 | 2017-12-12 | Cisco Technology, Inc. | Differentiated quality of service using tunnels with security as a service |
-
2018
- 2018-08-10 CN CN201810905770.9A patent/CN109005179B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130039364A1 (en) * | 2005-12-29 | 2013-02-14 | LogMeln, Inc. | Server-mediated setup and maintenance of peer-to-peer client computer communications |
| CN105681487A (en) * | 2009-10-28 | 2016-06-15 | 惠普发展公司,有限责任合伙企业 | Method and device for detecting NAT device |
| CN101945141A (en) * | 2010-09-17 | 2011-01-12 | 北京神州泰岳软件股份有限公司 | TCP-based method and system for traversing NAT devices |
| CN103765406A (en) * | 2011-06-30 | 2014-04-30 | 亚马逊科技公司 | Methods and apparatus for remotely updating executing processes |
| CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
| US9843505B2 (en) * | 2015-05-28 | 2017-12-12 | Cisco Technology, Inc. | Differentiated quality of service using tunnels with security as a service |
| CN106793013A (en) * | 2017-01-22 | 2017-05-31 | 深圳国人通信股份有限公司 | Wireless access system and its exchange method based on L2TP |
Non-Patent Citations (2)
| Title |
|---|
| IRFAAN COONJAH等: "《Performance evaluation and analysis of layer 3 tunneling between OpenSSH and OpenVPN in a wide area network environment》", 《2015 INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND SECURITY (ICCCS)》 * |
| 韩风等: "《Http隧道在穿越NAT/防火墙技术中的应用》", 《计算机技术与发展》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110492994A (en) * | 2019-07-25 | 2019-11-22 | 北京笛卡尔盾科技有限公司 | A kind of trustable network cut-in method and system |
| CN113014512A (en) * | 2021-03-14 | 2021-06-22 | 白杨 | Network connection accelerated forwarding technology based on N: M connection dynamic mapping |
| CN113329101A (en) * | 2021-08-02 | 2021-08-31 | 杭州钛鑫科技有限公司 | Remote login method and login device for edge computing node |
| CN113329101B (en) * | 2021-08-02 | 2021-11-02 | 杭州钛鑫科技有限公司 | Remote login method and login device for edge computing node |
| CN114124619A (en) * | 2021-12-02 | 2022-03-01 | 深圳通康创智技术有限公司 | Subnet communication method and device, computer equipment and storage medium |
| CN114499976A (en) * | 2021-12-28 | 2022-05-13 | 航天科工智慧产业发展有限公司 | Data exchange method for realizing cross-network exchange |
| CN114499976B (en) * | 2021-12-28 | 2022-11-04 | 航天科工智慧产业发展有限公司 | Data exchange method for realizing cross-network exchange |
| CN115460248A (en) * | 2022-09-05 | 2022-12-09 | 锱云(上海)物联网科技有限公司 | A VPN mapping method and system |
| CN115694901A (en) * | 2022-09-27 | 2023-02-03 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device |
| CN115694901B (en) * | 2022-09-27 | 2023-09-26 | 河北轩昊信息技术有限公司 | VPN tunnel communication method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109005179B (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109005179A (en) | Network security tunnel establishing method based on port controlling | |
| EP1501256B1 (en) | System and method for automatic negotiation of a security protocol | |
| JP4727125B2 (en) | Secure dual channel communication system and method through a firewall | |
| CN100456739C (en) | Remote access vpn mediation method and mediation device | |
| CN103188351B (en) | IPSec VPN traffic method for processing business and system under IPv6 environment | |
| US20020124090A1 (en) | Method and apparatus for data communication between a plurality of parties | |
| FI125972B (en) | Device arrangement and method for creating a data transmission network for remote control of properties | |
| US20080189393A1 (en) | Remote Access to Secure Network Devices | |
| US20060146837A1 (en) | Server for routing connection to client device | |
| EP1635502A1 (en) | Session control server and communication system | |
| JP2005509977A5 (en) | ||
| CN110710171A (en) | Signal communication system | |
| US7316030B2 (en) | Method and system for authenticating a personal security device vis-à-vis at least one remote computer system | |
| CN106169952B (en) | A kind of authentication method that internet Key Management Protocol is negotiated again and device | |
| CN110661858A (en) | Websocket-based intranet penetration method and system | |
| WO2004059903A1 (en) | Network device, network system, and group management method | |
| CN104365056A (en) | Secure method for remote grant of operating rights | |
| US20040243837A1 (en) | Process and communication equipment for encrypting e-mail traffic between mail domains of the internet | |
| CN109698791A (en) | A kind of anonymous cut-in method based on dynamic route | |
| CN108964985B (en) | Method for managing virtual client terminal equipment using protocol message | |
| WO2002017558A2 (en) | Method and apparatus for data communication between a plurality of parties | |
| CN102932359B (en) | Streaming media service requesting method, device and system | |
| CN101599834A (en) | An authentication deployment method and a management device | |
| CN112335215A (en) | Method for coupling terminal equipment into networkable computer infrastructure | |
| KR101329968B1 (en) | Method and system for determining security policy among ipsec vpn devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201106 Termination date: 20210810 |