patents.google.com

CN108696546A - A kind of method and device of the user terminal access public network of Enterprise Mobile private network - Google Patents

  • ️Tue Oct 23 2018
A kind of method and device of the user terminal access public network of Enterprise Mobile private network Download PDF

Info

Publication number
CN108696546A
CN108696546A CN201710081308.7A CN201710081308A CN108696546A CN 108696546 A CN108696546 A CN 108696546A CN 201710081308 A CN201710081308 A CN 201710081308A CN 108696546 A CN108696546 A CN 108696546A Authority
CN
China
Prior art keywords
message
http
user
enterprise
protocol
Prior art date
2017-02-15
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710081308.7A
Other languages
Chinese (zh)
Other versions
CN108696546B (en
Inventor
翟来国
池海祥
池柏祥
李睿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
2017-02-15
Filing date
2017-02-15
Publication date
2018-10-23
2017-02-15 Application filed by ZTE Corp filed Critical ZTE Corp
2017-02-15 Priority to CN201710081308.7A priority Critical patent/CN108696546B/en
2018-02-07 Priority to PCT/CN2018/075548 priority patent/WO2018149342A1/en
2018-10-23 Publication of CN108696546A publication Critical patent/CN108696546A/en
2021-08-24 Application granted granted Critical
2021-08-24 Publication of CN108696546B publication Critical patent/CN108696546B/en
Status Active legal-status Critical Current
2037-02-15 Anticipated expiration legal-status Critical

Links

  • 238000000034 method Methods 0.000 title claims abstract description 24
  • 230000005540 biological transmission Effects 0.000 claims description 8
  • 238000012546 transfer Methods 0.000 claims description 7
  • 238000012545 processing Methods 0.000 description 29
  • 238000010586 diagram Methods 0.000 description 14
  • 238000011144 upstream manufacturing Methods 0.000 description 8
  • 239000000284 extract Substances 0.000 description 5
  • 238000012986 modification Methods 0.000 description 2
  • 230000004048 modification Effects 0.000 description 2
  • 238000004806 packaging method and process Methods 0.000 description 2
  • 238000010295 mobile communication Methods 0.000 description 1

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种企业移动专用网的用户终端访问公网的方法及装置,其方法包括:企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型;企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文;企业移动专用网基站侧将所述上行协议报文路由到所述HTTP代理服务器;企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端。

The present invention discloses a method and device for a user terminal of an enterprise mobile private network to access a public network. The message type of the uplink public network message; the base station side of the enterprise mobile private network establishes the corresponding message type relationship between it and the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message protocol connection, and obtain the uplink protocol message sent by the mobile terminal of the internal user of the enterprise via the protocol connection; the enterprise mobile private network base station side routes the uplink protocol message to the HTTP proxy server; the enterprise mobile private network When the base station side receives the downlink protocol message returned by the HTTP proxy server, it sends the downlink protocol message to the mobile terminal of the user within the enterprise through the established protocol connection.

Description

一种企业移动专用网的用户终端访问公网的方法及装置A method and device for a user terminal of an enterprise mobile private network to access a public network

技术领域technical field

本发明涉及移动通讯技术领域,特别涉及一种企业移动专用网的用户终端访问公网的方法及装置。The invention relates to the technical field of mobile communication, in particular to a method and a device for a user terminal of an enterprise mobile private network to access a public network.

背景技术Background technique

企业网络,一般分为内部网络(简称企业内网)和DMZ区(Demilitarized Zone,非军事化区,也称隔离区)。企业内部计算机(下文简称内网主机)位于企业内网,内网主机访问因特网(Internet,也称为公网、外网)时,通过HTTP代理服务器(也称为WEB代理服务器)访问,HTTP代理服务器一般部署在DMZ区。An enterprise network is generally divided into an internal network (referred to as an intranet) and a DMZ (Demilitarized Zone, also known as a demilitarized zone). The internal computer of the enterprise (hereinafter referred to as the intranet host) is located in the enterprise intranet. When the intranet host accesses the Internet (Internet, also known as the public network, extranet), it accesses through the HTTP proxy server (also known as the WEB proxy server). Servers are generally deployed in the DMZ area.

HTTP代理服务器用于代理HTTP和HTTPS(Hyper Text Transfer Protocol overSecure Socket Layer,超文本传输安全协议)的外网访问。HTTP和HTTPS协议都基于TCP(Transmission Control Protocol,传输控制协议)协议,并通过端口号区分。The HTTP proxy server is used to proxy HTTP and HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, hypertext transfer security protocol) external network access. Both the HTTP and HTTPS protocols are based on the TCP (Transmission Control Protocol, Transmission Control Protocol) protocol, and are distinguished by port numbers.

内网主机对HTTP和HTTPS的公网访问,并不同公网服务器直接建立连接,而是与HTTP代理服务器建立HTTP连接,HTTP代理服务器再与公网服务器建立具体协议连接,如图1所示。The intranet host does not directly establish a connection with the public network server for HTTP and HTTPS public network access, but establishes an HTTP connection with the HTTP proxy server, and the HTTP proxy server establishes a specific protocol connection with the public network server, as shown in Figure 1.

具体来讲,对于HTTP访问,如图2所示,内网主机与代理服务器建立HTTP连接,代理服务器与目标公网WEB服务器建立HTTP连接。Specifically, for HTTP access, as shown in Figure 2, the intranet host establishes an HTTP connection with the proxy server, and the proxy server establishes an HTTP connection with the target public network WEB server.

对于HTTPS访问,如图3所示,内网主机与代理服务器建立HTTP连接并使用CONNECT方法请求代理服务器与公网服务器建立SSL(Secure Socket Layer,安全套接层)连接,内网主机与HTTP代理服务器之间的HTTP连接,透明转发内网主机和公网服务器之间的SSL报文,通常称为WEB隧道。For HTTPS access, as shown in Figure 3, the intranet host establishes an HTTP connection with the proxy server and uses the CONNECT method to request the proxy server to establish an SSL (Secure Socket Layer, Secure Socket Layer) connection with the public network server, and the intranet host and the HTTP proxy server The HTTP connection between the Internet and the transparent forwarding of SSL packets between the intranet host and the public network server is usually called a WEB tunnel.

移动运营商的基站(eNB,evolved Node B,演进节点B)除了为公众用户提供公共移动网服务外,还可为企业构建虚拟的移动专用网,企业内部用户通过这个虚拟网络可以访问到企业内网,这里称为企业移动专用网。相应的,这些基站也可称为企业移动专用网基站,需要说明的是,这里的企业移动专用网基站实际上也是公共基站,它和普通公共基站不同的是,可以用于构建企业移动专用网。In addition to providing public mobile network services for public users, mobile operators' base stations (eNB, evolved Node B, and evolved Node B) can also build virtual mobile private networks for enterprises, through which internal users can access enterprise network, here called enterprise mobile private network. Correspondingly, these base stations can also be called enterprise mobile private network base stations. It should be noted that the enterprise mobile private network base stations here are actually public base stations, which are different from ordinary public base stations in that they can be used to build enterprise mobile private network .

使用企业移动专用网,企业内部用户的移动终端,即用户终端(UE,UserEquipment,用户设备),在基站侧就可以访问到企业内部网络,但在访问公网时,由于APN(Access Point Name,接入点)不能设置代理,也就不能使用HTTP代理服务器访问公网,仍要经过运营商移动网络的基站、回传网络(Backhaul)和核心网EPC(Evolved Packet Core,演进的分组核心网)后到因特网,再路由到公网服务器,如图4所示。Using the enterprise mobile private network, mobile terminals of internal users of the enterprise, that is, user terminals (UE, UserEquipment, user equipment), can access the internal network of the enterprise on the base station side, but when accessing the public network, due to the APN (Access Point Name, Access point) cannot set up a proxy, so you cannot use an HTTP proxy server to access the public network. It still needs to go through the base station of the operator's mobile network, the backhaul network (Backhaul) and the core network EPC (Evolved Packet Core, evolved packet core network) After reaching the Internet, it is routed to the public network server, as shown in Figure 4.

目前还没有企业网络内部用户的移动网终端在移动网基站侧使用企业网络的HTTP代理服务器访问公网的公开方法。At present, there is no public method for a mobile network terminal of an internal user of an enterprise network to use an HTTP proxy server of the enterprise network to access the public network at the base station side of the mobile network.

发明内容Contents of the invention

根据本发明实施例提供的方案解决的技术问题是企业内部用户的移动终端在移动网接入侧无法使用企业网络HTTP代理服务器访问公网的问题。The technical problem solved by the solution provided according to the embodiment of the present invention is the problem that the mobile terminal of the user in the enterprise cannot use the HTTP proxy server of the enterprise network to access the public network at the mobile network access side.

这里的企业移动专用网基站是指可提供构建企业移动专用网功能的移动运营商的公共基站,企业移动专用网只供企业内部用户的移动终端接入。The enterprise mobile private network base station here refers to the public base station of the mobile operator that can provide the function of building an enterprise mobile private network. The enterprise mobile private network is only accessible by mobile terminals of internal users of the enterprise.

根据本发明实施例提供的一种企业移动专用网的用户终端访问公网的方法,包括:According to an embodiment of the present invention, a method for a user terminal of an enterprise mobile private network to access a public network includes:

企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型;When the base station side of the enterprise mobile private network receives the uplink public network message sent by the mobile terminal of the internal user of the enterprise, determine the message type of the uplink public network message;

企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文;The base station side of the enterprise mobile private network establishes a protocol connection of the corresponding message type with the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message, and obtains the The uplink protocol message sent by the mobile terminal of the user within the enterprise;

企业移动专用网基站侧将所述上行协议报文路由到所述HTTP代理服务器,以便所述企业内部用户的移动终端经由所述HTTP代理服务器访问公网;The base station side of the enterprise mobile private network routes the uplink protocol message to the HTTP proxy server, so that the mobile terminal of the internal user of the enterprise accesses the public network via the HTTP proxy server;

企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端。When receiving the downlink protocol message returned by the HTTP proxy server, the base station side of the enterprise mobile private network sends the downlink protocol message to the mobile terminal of the internal user through the established protocol connection.

优选地,所述上行公网报文包括用于标识公网地址的目的地址信息和用于标识报文类型的TCP端口号信息;所述报文类型包括HTTP报文类型和HTTPS报文类型。Preferably, the uplink public network message includes destination address information for identifying the public network address and TCP port number information for identifying the message type; the message type includes HTTP message type and HTTPS message type.

优选地,所述企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型包括:Preferably, when the base station side of the enterprise mobile private network receives an uplink public network message sent by a mobile terminal of an internal user of the enterprise, determining the message type of the uplink public network message includes:

企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,通过对所述上行公网报文进行解析,得到所述上行公网报文的目的地址和TCP端口号;When the base station side of the enterprise mobile private network receives the uplink public network message sent by the mobile terminal of the user in the enterprise, the destination address and TCP port number of the uplink public network message are obtained by analyzing the uplink public network message ;

企业移动专用网基站侧利用预置的公网地址库、HTTP端口列表库以及HTTPS端口列表库,对所得到的目的地址和TCP端口号进行匹配处理;The base station side of the enterprise mobile private network uses the preset public network address library, HTTP port list library and HTTPS port list library to match the obtained destination address and TCP port number;

若得到的目的地址和TCP端口号与所述公网地址库和HTTP端口列表库相匹配,则企业移动专用网基站侧确定所述上行公网报文为HTTP报文类型;If the destination address obtained and the TCP port number match with the public network address base and the HTTP port list base, then the enterprise mobile private network base station side determines that the uplink public network message is an HTTP message type;

若得到的目的地址和TCP端口号与所述公网地址库和HTTPS端口列表库相匹配,则企业移动专用网基站侧确定所述上行公网报文为HTTPS报文类型。If the obtained destination address and TCP port number match the public network address library and the HTTPS port list library, then the enterprise mobile private network base station side determines that the uplink public network message is an HTTPS message type.

优选地,所述企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文包括:Preferably, the base station side of the enterprise mobile private network establishes a protocol connection of the corresponding message type with the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message, and via the The above protocol connection to obtain the uplink protocol message sent by the mobile terminal of the internal user of the enterprise includes:

企业移动专用网基站侧确定所述上行公网报文为HTTP报文类型时,建立其与所述企业内部用户的移动终端之间的HTTP协议连接,并经由所述HTTP协议连接获取所述企业内部用户的移动终端发送的上行HTTP协议报文。When the base station side of the enterprise mobile private network determines that the uplink public network message is an HTTP message type, it establishes an HTTP protocol connection between it and the mobile terminal of the internal user of the enterprise, and obtains the enterprise information through the HTTP protocol connection. Uplink HTTP protocol packets sent by mobile terminals of internal users.

优选地,所述企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文包括:Preferably, the base station side of the enterprise mobile private network establishes a protocol connection of the corresponding message type with the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message, and via the The above protocol connection to obtain the uplink protocol message sent by the mobile terminal of the internal user of the enterprise includes:

企业移动专用网基站侧确定所述上行公网报文为HTTPS报文类型时,建立其与所述企业内部用户的移动终端之间的SSL协议连接,并经由所述SSL协议连接获取所述企业内部用户的移动终端发送的上行SSL协议报文。When the base station side of the enterprise mobile private network determines that the uplink public network message is an HTTPS message type, it establishes an SSL protocol connection between it and the mobile terminal of the internal user of the enterprise, and obtains the enterprise information via the SSL protocol connection. Uplink SSL protocol packets sent by mobile terminals of internal users.

优选地,所述企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端包括:Preferably, when the base station side of the enterprise mobile private network receives the downlink protocol message returned by the HTTP proxy server, it sends the downlink protocol message to the mobile terminal of the internal user of the enterprise through the established protocol connection include:

企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行HTTP协议报文时,将所述下行HTTP协议报文封装成用于发送给所述企业内部用户的移动终端的下行用户报文,并通过所建立的HTTP协议连接将所述下行用户报文发送给所述企业内部用户的移动终端。When the base station side of the enterprise mobile private network receives the downlink HTTP protocol message returned by the HTTP proxy server, it encapsulates the downlink HTTP protocol message into a downlink user message for sending to the mobile terminal of the internal user of the enterprise , and send the downlink user message to the mobile terminal of the user within the enterprise through the established HTTP protocol connection.

优选地,所述企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端包括:Preferably, when the base station side of the enterprise mobile private network receives the downlink protocol message returned by the HTTP proxy server, it sends the downlink protocol message to the mobile terminal of the internal user of the enterprise through the established protocol connection include:

企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行SSL协议报文时,将所述下行SSL协议报文封装成用于发送给所述企业内部用户的移动终端的下行用户报文,并通过所建立的SSL协议连接将所述下行用户报文发送给所述企业内部用户的移动终端。When the base station side of the enterprise mobile private network receives the downlink SSL protocol message returned by the HTTP proxy server, it encapsulates the downlink SSL protocol message into a downlink user message for sending to the mobile terminal of the internal user of the enterprise , and send the downlink user message to the mobile terminal of the internal user of the enterprise through the established SSL protocol connection.

根据本发明实施例提供的一种企业移动专用网的用户终端访问公网的装置,包括:According to an embodiment of the present invention, an apparatus for a user terminal of an enterprise mobile private network to access a public network includes:

确定模块,用于收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型;A determining module, configured to determine the message type of the uplink public network message when receiving the uplink public network message sent by the mobile terminal of the user within the enterprise;

建立协议连接模块,用于根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文;Establish a protocol connection module, which is used to establish a protocol connection with a corresponding message type between the mobile terminal of the internal user of the enterprise and the determined message type of the uplink public network message, and obtain the protocol connection via the protocol connection An uplink protocol message sent by a mobile terminal of a user within the enterprise;

发送模块,用于将所述上行协议报文路由到所述HTTP代理服务器,以便所述企业内部用户的移动终端经由所述HTTP代理服务器访问公网,并在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端。A sending module, configured to route the uplink protocol message to the HTTP proxy server, so that the mobile terminal of the internal enterprise user accesses the public network via the HTTP proxy server, and upon receiving the HTTP proxy server return When the downlink protocol message is sent, the downlink protocol message is sent to the mobile terminal of the internal user of the enterprise through the established protocol connection.

优选地,所述上行公网报文包括用于标识公网地址的目的地址信息和用于标识报文类型的TCP端口号信息;所述报文类型包括HTTP报文类型和HTTPS报文类型。Preferably, the uplink public network message includes destination address information for identifying the public network address and TCP port number information for identifying the message type; the message type includes HTTP message type and HTTPS message type.

优选地,所述确定模块包括:Preferably, the determination module includes:

解析单元,用于收到企业内部用户的移动终端发送的上行公网报文时,通过对所述上行公网报文进行解析,得到所述上行公网报文的目的地址和TCP端口号;The analysis unit is configured to obtain the destination address and TCP port number of the uplink public network message by analyzing the uplink public network message when receiving the uplink public network message sent by the mobile terminal of the user in the enterprise;

匹配单元,用于利用预置的公网地址库、HTTP端口列表库以及HTTPS端口列表库,对所得到的目的地址和TCP端口号进行匹配处理;The matching unit is used to match the obtained destination address and TCP port number by using the preset public network address library, HTTP port list library and HTTPS port list library;

确定单元,用于当得到的目的地址和TCP端口号与所述公网地址库和HTTP端口列表库相匹配,则确定所述上行公网报文为HTTP报文类型,以及当得到的目的地址和TCP端口号与所述公网地址库和HTTPS端口列表库相匹配,则确定所述上行公网报文为HTTPS报文类型。A determining unit, configured to determine that the uplink public network message is an HTTP message type when the obtained destination address and TCP port number match the public network address library and the HTTP port list library, and when the obtained destination address If the TCP port number matches the public network address library and the HTTPS port list library, it is determined that the uplink public network message is an HTTPS message type.

优选地,所述建立协议连接模块包括:Preferably, the module for establishing a protocol connection includes:

建立第一协议连接单元,用于当确定所述上行公网报文为HTTP报文类型时,建立其与所述企业内部用户的移动终端之间的HTTP协议连接,并经由所述HTTP协议连接获取所述企业内部用户的移动终端发送的上行HTTP协议报文。Establishing a first protocol connection unit, used to establish an HTTP protocol connection between the uplink public network message and the mobile terminal of the user in the enterprise when it is determined that the uplink public network message is an HTTP message type, and connect via the HTTP protocol Obtain the uplink HTTP protocol message sent by the mobile terminal of the internal user of the enterprise.

优选地,所述建立协议连接模块包括:Preferably, the module for establishing a protocol connection includes:

建立第二协议连接单元,用于当确定所述上行公网报文为HTTPS报文类型时,建立其与所述企业内部用户的移动终端之间的SSL协议连接,并经由所述SSL协议连接获取所述企业内部用户的移动终端发送的上行SSL协议报文。Establishing a second protocol connection unit, used to establish an SSL protocol connection between the uplink public network message and the mobile terminal of the user in the enterprise when it is determined that the uplink public network message is an HTTPS message type, and connect via the SSL protocol Obtain the uplink SSL protocol message sent by the mobile terminal of the user in the enterprise.

根据本发明实施例提供的方案,本地网络内部用户移动终端,在移动网基站侧,使用本地网络HTTP代理服务器访问公网业务,充分利用企业网络原来租用的有线传输带宽,节约了成本,同时也便于本地网络管控其内部用户移动网终端访问公网的行为。According to the solution provided by the embodiment of the present invention, the mobile terminal of the user in the local network, on the base station side of the mobile network, uses the HTTP proxy server of the local network to access the public network business, fully utilizes the wired transmission bandwidth originally rented by the enterprise network, saves costs, and also It is convenient for the local network to control the behavior of internal user mobile network terminals accessing the public network.

附图说明Description of drawings

图1是现有技术提供的内网主机间接访问公网的示意图;FIG. 1 is a schematic diagram of an internal network host indirectly accessing a public network provided by the prior art;

图2是现有技术提供的内网主机HTTP访问网站的示意图;Fig. 2 is the schematic diagram of the intranet host HTTP access website provided by the prior art;

图3是现有技术提供的内网主机HTTPS访问网站的示意图;FIG. 3 is a schematic diagram of an intranet host HTTPS accessing a website provided by the prior art;

图4是现有技术提供的企业内部用户的移动网终端访问公网的示意图;Fig. 4 is a schematic diagram of a mobile network terminal of an enterprise internal user accessing the public network provided by the prior art;

图5是本发明实施例提供的一种企业移动专用网的用户终端访问公网的方法流程图;5 is a flow chart of a method for a user terminal of an enterprise mobile private network to access a public network provided by an embodiment of the present invention;

图6是本发明实施例提供的一种企业移动专用网的用户终端访问公网的装置示意图;6 is a schematic diagram of a device for accessing a public network by a user terminal of an enterprise mobile private network provided by an embodiment of the present invention;

图7是本发明实施例提供的企业内部用户移动网终端使用HTTP代理服务器的示意图;FIG. 7 is a schematic diagram of an enterprise internal user mobile network terminal using an HTTP proxy server provided by an embodiment of the present invention;

图8是本发明实施例提供的企业内部用户移动网终端使用HTTP代理服务器的示意图;FIG. 8 is a schematic diagram of an enterprise internal user mobile network terminal using an HTTP proxy server provided by an embodiment of the present invention;

图9是本发明实施例提供的新增模块的示意图;Fig. 9 is a schematic diagram of a newly added module provided by an embodiment of the present invention;

图10是本发明实施例提供的图9中的新增模块部署的示意图;Fig. 10 is a schematic diagram of deployment of newly added modules in Fig. 9 provided by an embodiment of the present invention;

图11是本发明实施例提供的企业内部用户HTTP公网访问上行报文处理流程图;Fig. 11 is a flow chart of processing an uplink packet for an enterprise internal user's HTTP public network access provided by an embodiment of the present invention;

图12是本发明实施例提供的企业内部用户HTTP公网访问下行报文处理流程图;Fig. 12 is a flow chart of processing downlink messages of HTTP public network access by internal users of the enterprise provided by an embodiment of the present invention;

图13是本发明实施例提供的内部用户HTTPS公网访问上行报文处理流程图;Fig. 13 is a flow chart of processing an internal user's HTTPS public network access uplink message provided by an embodiment of the present invention;

图14是本发明实施例提供的企业内部用户HTTPS公网访问下行报文处理流程图。Fig. 14 is a flow chart of processing downlink packets for HTTPS public network access by internal enterprise users provided by an embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图对本发明的优选实施例进行详细说明,应当理解,以下所说明的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The preferred embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described below are only used to illustrate and explain the present invention, and are not intended to limit the present invention.

图5是本发明实施例提供的一种企业移动专用网的用户终端访问公网的方法流程图,如图5所示,包括:Fig. 5 is a flow chart of a method for a user terminal of an enterprise mobile private network to access a public network provided by an embodiment of the present invention, as shown in Fig. 5 , including:

步骤S501:企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型;Step S501: When the base station side of the enterprise mobile private network receives the uplink public network message sent by the mobile terminal of the user in the enterprise, determine the message type of the uplink public network message;

步骤S502:企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文;Step S502: The base station side of the enterprise mobile private network establishes a protocol connection of the corresponding message type with the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message, and through the protocol Connect to obtain the uplink protocol message sent by the mobile terminal of the internal user of the enterprise;

步骤S503:企业移动专用网基站侧将所述上行协议报文路由到所述HTTP代理服务器,以便所述企业内部用户的移动终端经由所述HTTP代理服务器访问公网;Step S503: the base station side of the private mobile network of the enterprise routes the uplink protocol message to the HTTP proxy server, so that the mobile terminal of the internal user of the enterprise accesses the public network via the HTTP proxy server;

步骤S504:企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端。Step S504: After receiving the downlink protocol message returned by the HTTP proxy server, the base station side of the enterprise mobile private network sends the downlink protocol message to the mobile terminal of the internal user through the established protocol connection.

其中,所述上行公网报文包括用于标识公网地址的目的地址信息和用于标识报文类型的TCP端口号信息。所述报文类型包括HTTP报文类型和HTTPS报文类型。Wherein, the uplink public network message includes destination address information for identifying the public network address and TCP port number information for identifying the message type. The message types include HTTP message types and HTTPS message types.

其中,所述企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型包括:企业移动专用网基站侧收到企业内部用户的移动终端发送的上行公网报文时,通过对所述上行公网报文进行解析,得到所述上行公网报文的目的地址和TCP端口号;企业移动专用网基站侧利用预置的公网地址库、HTTP端口列表库以及HTTPS端口列表库,对所得到的目的地址和TCP端口号进行匹配处理;若得到的目的地址和TCP端口号与所述公网地址库和HTTP端口列表库相匹配,则企业移动专用网基站侧确定所述上行公网报文为HTTP报文类型;若得到的目的地址和TCP端口号与所述公网地址库和HTTPS端口列表库相匹配,则企业移动专用网基站侧确定所述上行公网报文为HTTPS报文类型。Wherein, when the base station side of the enterprise mobile private network receives the uplink public network message sent by the mobile terminal of the internal user of the enterprise, determining the message type of the uplink public network message includes: When the mobile terminal of the internal user sends the uplink public network message, the destination address and the TCP port number of the uplink public network message are obtained by analyzing the uplink public network message; The public network address storehouse, HTTP port list storehouse and HTTPS port list storehouse of setting, carry out matching processing to the obtained destination address and TCP port number; List library matches, then enterprise mobile private network base station side determines that described uplink public network message is HTTP message type; If the destination address obtained and TCP port number match with described public network address library and HTTPS port list library, Then, the enterprise mobile private network base station side determines that the uplink public network message is an HTTPS message type.

其中,所述企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文包括:企业移动专用网基站侧确定所述上行公网报文为HTTP报文类型时,建立其与所述企业内部用户的移动终端之间的HTTP协议连接,并经由所述HTTP协议连接获取所述企业内部用户的移动终端发送的上行HTTP协议报文。所述企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端包括:企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行HTTP协议报文时,将所述下行HTTP协议报文封装成用于发送给所述企业内部用户的移动终端的下行用户报文,并通过所建立的HTTP协议连接将所述下行用户报文发送给所述企业内部用户的移动终端。Wherein, the base station side of the enterprise mobile private network establishes a protocol connection of the corresponding message type with the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message, and via the The protocol connection acquisition of the uplink protocol message sent by the mobile terminal of the internal user of the enterprise includes: when the base station side of the enterprise mobile private network determines that the uplink public network message is an HTTP message type, it establishes a mobile connection with the internal user of the enterprise. HTTP protocol connection between the terminals, and obtain the uplink HTTP protocol message sent by the mobile terminal of the internal user of the enterprise via the HTTP protocol connection. When the base station side of the enterprise mobile private network receives the downlink protocol message returned by the HTTP proxy server, the downlink protocol message is sent to the mobile terminal of the internal user of the enterprise through the established protocol connection, including: When receiving the downlink HTTP protocol message returned by the HTTP proxy server, the base station side of the mobile private network encapsulates the downlink HTTP protocol message into a downlink user message for sending to the mobile terminal of the internal user of the enterprise, And send the downlink user message to the mobile terminal of the internal user of the enterprise through the established HTTP protocol connection.

其中,所述企业移动专用网基站侧根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文包括:企业移动专用网基站侧确定所述上行公网报文为HTTPS报文类型时,建立其与所述企业内部用户的移动终端之间的SSL协议连接,并经由所述SSL协议连接获取所述企业内部用户的移动终端发送的上行SSL协议报文。所述企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端包括:企业移动专用网基站侧在收到所述HTTP代理服务器返回的下行SSL协议报文时,将所述下行SSL协议报文封装成用于发送给所述企业内部用户的移动终端的下行用户报文,并通过所建立的SSL协议连接将所述下行用户报文发送给所述企业内部用户的移动终端。Wherein, the base station side of the enterprise mobile private network establishes a protocol connection of the corresponding message type with the mobile terminal of the internal user of the enterprise according to the determined message type of the uplink public network message, and via the The protocol connection acquisition of the uplink protocol message sent by the mobile terminal of the internal user of the enterprise includes: when the base station side of the enterprise mobile private network determines that the uplink public network message is an HTTPS message type, establish a mobile connection between it and the internal user of the enterprise. The SSL protocol connection between the terminals, and obtain the uplink SSL protocol message sent by the mobile terminal of the internal user of the enterprise through the SSL protocol connection. When the base station side of the enterprise mobile private network receives the downlink protocol message returned by the HTTP proxy server, the downlink protocol message is sent to the mobile terminal of the internal user of the enterprise through the established protocol connection, including: When receiving the downlink SSL protocol message returned by the HTTP proxy server, the base station side of the mobile private network encapsulates the downlink SSL protocol message into a downlink user message for sending to the mobile terminal of the internal user of the enterprise, And send the downlink user message to the mobile terminal of the internal user of the enterprise through the established SSL protocol connection.

图6是本发明实施例提供的一种企业移动专用网的用户终端访问公网的装置示意图,如图6所示,包括:确定模块601,用于收到企业内部用户的移动终端发送的上行公网报文时,确定所述上行公网报文的报文类型;建立协议连接模块602,用于根据所确定的上行公网报文的报文类型,建立其与所述企业内部用户的移动终端之间的相应报文类型的协议连接,并经由所述协议连接获取所述企业内部用户的移动终端发送的上行协议报文;发送模块603,用于将所述上行协议报文路由到所述HTTP代理服务器,以便所述企业内部用户的移动终端经由所述HTTP代理服务器访问公网,并在收到所述HTTP代理服务器返回的下行协议报文时,通过所建立的协议连接将所述下行协议报文发送给所述企业内部用户的移动终端。FIG. 6 is a schematic diagram of an apparatus for a user terminal of an enterprise mobile private network to access a public network provided by an embodiment of the present invention. As shown in FIG. When using a public network message, determine the message type of the uplink public network message; establish a protocol connection module 602 for establishing a connection with the internal user of the enterprise according to the determined message type of the uplink public network message A protocol connection of the corresponding message type between mobile terminals, and obtain the uplink protocol message sent by the mobile terminal of the internal user of the enterprise through the protocol connection; the sending module 603 is used to route the uplink protocol message to The HTTP proxy server, so that the mobile terminal of the internal user of the enterprise accesses the public network via the HTTP proxy server, and when receiving the downlink protocol message returned by the HTTP proxy server, connects the The downlink protocol message is sent to the mobile terminal of the internal user of the enterprise.

其中,所述上行公网报文包括用于标识公网地址的目的地址信息和用于标识报文类型的TCP端口号信息;所述报文类型包括HTTP报文类型和HTTPS报文类型。Wherein, the uplink public network message includes destination address information for identifying the public network address and TCP port number information for identifying the message type; the message type includes HTTP message type and HTTPS message type.

其中,所述确定模块601包括:解析单元,用于收到企业内部用户的移动终端发送的上行公网报文时,通过对所述上行公网报文进行解析,得到所述上行公网报文的目的地址和TCP端口号;匹配单元,用于利用预置的公网地址库、HTTP端口列表库以及HTTPS端口列表库,对所得到的目的地址和TCP端口号进行匹配处理;确定单元,用于当得到的目的地址和TCP端口号与所述公网地址库和HTTP端口列表库相匹配,则确定所述上行公网报文为HTTP报文类型,以及当得到的目的地址和TCP端口号与所述公网地址库和HTTPS端口列表库相匹配,则确定所述上行公网报文为HTTPS报文类型。Wherein, the determining module 601 includes: an analysis unit, configured to obtain the uplink public network message by analyzing the uplink public network message when receiving the uplink public network message sent by the mobile terminal of the user in the enterprise. The destination address and the TCP port number of the text; the matching unit is used to use the preset public network address library, the HTTP port list library and the HTTPS port list library to match the obtained destination address and the TCP port number; the determination unit, When the obtained destination address and TCP port number match the public network address library and the HTTP port list library, it is determined that the uplink public network message is an HTTP message type, and when the obtained destination address and TCP port number number matches the public network address library and the HTTPS port list library, then it is determined that the uplink public network message is of HTTPS message type.

其中,所述建立协议连接模块602包括:Wherein, the protocol connection establishment module 602 includes:

建立第一协议连接单元,用于当确定所述上行公网报文为HTTP报文类型时,建立其与所述企业内部用户的移动终端之间的HTTP协议连接,并经由所述HTTP协议连接获取所述企业内部用户的移动终端发送的上行HTTP协议报文。Establishing a first protocol connection unit, used to establish an HTTP protocol connection between the uplink public network message and the mobile terminal of the user in the enterprise when it is determined that the uplink public network message is an HTTP message type, and connect via the HTTP protocol Obtain the uplink HTTP protocol message sent by the mobile terminal of the internal user of the enterprise.

其中,所述建立协议连接模块602还包括:Wherein, the establishing protocol connection module 602 also includes:

建立第二协议连接单元,用于当确定所述上行公网报文为HTTPS报文类型时,建立其与所述企业内部用户的移动终端之间的SSL协议连接,并经由所述SSL协议连接获取所述企业内部用户的移动终端发送的上行SSL协议报文。Establishing a second protocol connection unit, used to establish an SSL protocol connection between the uplink public network message and the mobile terminal of the user in the enterprise when it is determined that the uplink public network message is an HTTPS message type, and connect via the SSL protocol Obtain the uplink SSL protocol message sent by the mobile terminal of the user in the enterprise.

其中,所述发送模块603具体用于在收到所述HTTP代理服务器返回的下行HTTP协议报文时,将所述下行HTTP协议报文封装成用于发送给所述企业内部用户的移动终端的下行用户报文,并通过所建立的HTTP协议连接将所述下行用户报文发送给所述企业内部用户的移动终端。Wherein, the sending module 603 is specifically configured to, when receiving the downlink HTTP protocol message returned by the HTTP proxy server, encapsulate the downlink HTTP protocol message into a mobile terminal for sending to the internal user of the enterprise. downlink user message, and send the downlink user message to the mobile terminal of the internal user of the enterprise through the established HTTP protocol connection.

其中,所述发送模块603还具体用于在收到所述HTTP代理服务器返回的下行SSL协议报文时,将所述下行SSL协议报文封装成用于发送给所述企业内部用户的移动终端的下行用户报文,并通过所建立的SSL协议连接将所述下行用户报文发送给所述企业内部用户的移动终端。Wherein, the sending module 603 is also specifically configured to encapsulate the downlink SSL protocol message into a mobile terminal for sending to the internal user of the enterprise when receiving the downlink SSL protocol message returned by the HTTP proxy server and send the downlink user message to the mobile terminal of the internal user of the enterprise through the established SSL protocol connection.

图7是本发明实施例提供的企业内部用户移动网终端使用HTTP代理服务器的示意图,如图7所示,企业网络的内部用户,使用移动网终端访问公网时,新设备模拟公网服务器,与用户终端建立HTTP协议连接,收取用户协议报文;新设备再模拟内网主机代理上网行为,通过HTTP代理服务器访问公网。FIG. 7 is a schematic diagram of an enterprise internal user mobile network terminal using an HTTP proxy server provided by an embodiment of the present invention. As shown in FIG. Establish an HTTP protocol connection with the user terminal and receive the user protocol message; the new device then simulates the behavior of the intranet host as an agent to access the public network through the HTTP proxy server.

对于HTTP访问,新设备模拟公网服务器与用户终端建立HTTP连接,收取用户终端的HTTP请求报文;而后新设备模拟内网主机,与HTTP代理服务器建立HTTP连接,将收取的用户终端HTTP报文,进行URL(Uniform resource locator,统一资源定位符)处理后,发往HTTP代理服务器,HTTP代理服务器通过与公网服务器之间的HTTP连接发给公网服务器。用户终端HTTP报文中URL为相对URL,而内网主机发往代理服务器的HTTP报文为绝对URL,在进行URL处理中,将用户终端HTTP报文中相对URL修正为绝对URL,并收取HTTP代理服务器返回的HTTP响应报文,新设备再模拟公网服务器,通过与用户终端之间的HTTP连接发给用户终端。For HTTP access, the new device simulates the public network server to establish an HTTP connection with the user terminal, and receives the HTTP request message from the user terminal; then the new device simulates the intranet host, establishes an HTTP connection with the HTTP proxy server, and receives the HTTP message from the user terminal , after the URL (Uniform resource locator, uniform resource locator) is processed, it is sent to the HTTP proxy server, and the HTTP proxy server sends it to the public network server through the HTTP connection with the public network server. The URL in the HTTP message of the user terminal is a relative URL, while the HTTP message sent by the intranet host to the proxy server is an absolute URL. During URL processing, the relative URL in the HTTP message of the user terminal is corrected to an absolute URL, and the HTTP For the HTTP response message returned by the proxy server, the new device simulates the public network server and sends it to the user terminal through the HTTP connection with the user terminal.

图8是本发明实施例提供的企业内部用户移动网终端使用HTTP代理服务器的示意图,如图8所示,企业网络的内部用户,使用移动网终端访问公网时,新设备模拟公网服务器,与用户终端建立SSL协议连接,收取用户协议报文;新设备再模拟内网主机代理上网行为,通过HTTP代理服务器访问公网。Fig. 8 is a schematic diagram of an enterprise internal user's mobile network terminal using an HTTP proxy server provided by an embodiment of the present invention. As shown in Fig. 8, when an internal user of an enterprise network uses a mobile network terminal to access the public network, the new device simulates a public network server, Establish an SSL protocol connection with the user terminal and receive user protocol packets; the new device then simulates the behavior of the intranet host as an agent to access the public network through the HTTP proxy server.

对于HTTPS访问,新设备模拟公网服务器与用户终端建立SSL连接,收取SSL报文;而后新设备模拟内网主机,与HTTP代理服务器建立HTTP连接并使用connect方法请求HTTP代理服务器与公网服务器建立SSL连接,将收取的用户终端SSL报文发往HTTP代理服务器,由HTTP代理服务器通过与公网服务器之间的SSL连接发给公网服务器。收取HTTP代理服务器返回的SSL报文,新设备再模拟公网服务器,通过与用户终端之间的SSL连接发给用户终端。For HTTPS access, the new device simulates the public network server to establish an SSL connection with the user terminal, and receives SSL packets; then the new device simulates the intranet host, establishes an HTTP connection with the HTTP proxy server, and uses the connect method to request the HTTP proxy server to establish an HTTP connection with the public network server. SSL connection, the received SSL packets from the user terminal are sent to the HTTP proxy server, and the HTTP proxy server sends them to the public network server through the SSL connection with the public network server. After receiving the SSL message returned by the HTTP proxy server, the new device simulates the public network server and sends it to the user terminal through the SSL connection with the user terminal.

如图7和图8所示,新设备逐包分析移动网基站的用户上行报文,识别出内部用户的公网HTTP/HTTPS访问报文,根据代理配置规则,模拟公网服务器与用户终端建立HTTP或者SSL连接,收取用户终端的HTTP报文或者SSL报文;模拟内网主机,根据代理配置规则,与HTTP代理服务器建立HTTP连接,并把用户HTTP或者SSL协议报文发往HTTP代理服务器;收取代理服务器返回的用户报文,模拟公网服务器,通过之前与用户终端建立的HTTP或者SSL协议连接通过移动网基站发给用户终端。As shown in Figure 7 and Figure 8, the new device analyzes the user's uplink packets of the mobile network base station packet by packet, identifies the public network HTTP/HTTPS access packets of internal users, and simulates the establishment of public network servers and user terminals according to the proxy configuration rules. HTTP or SSL connection, receive the HTTP message or SSL message from the user terminal; simulate the intranet host, establish an HTTP connection with the HTTP proxy server according to the proxy configuration rules, and send the user's HTTP or SSL protocol message to the HTTP proxy server; Receive the user message returned by the proxy server, simulate the public network server, and send it to the user terminal through the mobile network base station through the HTTP or SSL protocol connection established with the user terminal.

具体来讲,包括以下步骤:Specifically, the following steps are included:

1)识别HTTP/HTTPS公网访问报文:目的地址符合公网地址配置规则,并且TCP端口号符合HTTP端口列表规则或者HTTPS端口列表规则的上行报文。1) Identify the HTTP/HTTPS public network access message: the destination address conforms to the public network address configuration rules, and the TCP port number conforms to the HTTP port list rule or the HTTPS port list rule.

2)模拟公网服务器收发HTTP报文:模拟公网服务器与用户终端建立HTTP连接,收取用户终端发来的HTTP协议报文。将从HTTP代理服务器收取的用户HTTP协议报文,通过与用户终端的HTTP连接发给用户终端。2) Simulate the public network server to send and receive HTTP messages: simulate the public network server to establish an HTTP connection with the user terminal, and receive the HTTP protocol message sent by the user terminal. Send the user HTTP protocol message received from the HTTP proxy server to the user terminal through the HTTP connection with the user terminal.

3)模拟公网服务器收发SSL报文:模拟公网服务器与用户终端建立SSL连接,收取用户终端发来的SSL协议报文。将从HTTP代理服务器收取的用户SSL协议报文,通过与用户终端的SSL连接发给用户终端。3) Simulating the public network server to send and receive SSL messages: the simulated public network server establishes an SSL connection with the user terminal, and receives the SSL protocol message sent by the user terminal. Send the user SSL protocol message received from the HTTP proxy server to the user terminal through the SSL connection with the user terminal.

4)模拟内部主机收发与HTTP代理服务器之间的HTTP报文:模拟内部主机行为,与HTTP代理服务器建立HTTP连接。将收取的用户终端HTTP协议报文,进行URL处理后,发送给HTTP代理服务器;收取HTTP代理服务器返回的HTTP协议报文。4) Simulate the HTTP message sent and received between the internal host and the HTTP proxy server: simulate the behavior of the internal host, and establish an HTTP connection with the HTTP proxy server. After URL processing, the collected user terminal HTTP protocol message is sent to the HTTP proxy server; and the HTTP protocol message returned by the HTTP proxy server is collected.

5)模拟内部主机收发与HTTP代理服务器之间SSL报文:模拟内部主机行为,与HTTP代理服务器建立HTTP连接并使用CONNECT方法请求代理服务器与公网服务器建立SSL连接。将收取的用户终端SSL协议报文,通过与代理服务器的HTTP连接发送给HTTP代理服务器;收取HTTP代理服务器返回的SSL协议报文。5) Simulate the sending and receiving of SSL messages between the internal host and the HTTP proxy server: simulate the behavior of the internal host, establish an HTTP connection with the HTTP proxy server and use the CONNECT method to request the proxy server to establish an SSL connection with the public network server. Send the collected user terminal SSL protocol message to the HTTP proxy server through the HTTP connection with the proxy server; receive the SSL protocol message returned by the HTTP proxy server.

图9是本发明实施例提供的新增模块的示意图,如图9所示,包括:规则配置模块、用户报文代理模块、上行报文处理模块以及下行报文处理模块。Fig. 9 is a schematic diagram of a newly added module provided by an embodiment of the present invention. As shown in Fig. 9 , it includes: a rule configuration module, a user packet proxy module, an uplink packet processing module, and a downlink packet processing module.

规则配置模块,提供公网地址规则、HTTP端口列表、HTTPS端口列表和HTTP代理服务器规则。公网地址规则,配置地址信息,这些地址将通过HTTP代理服务器访问公网。具体实施时,可采用类似内网主机的配置方法,即配置例外地址列表,除此之外,均视为公网地址;也可以采用显示指明的方法,即明确指明哪些子网为公网地址。HTTP端口列表配置哪些TCP端口为HTTP端口。HTTPS端口列表配置哪些TCP端口为HTTPS端口。HTTP代理服务器规则配置HTTP代理服务器地址和端口号,允许配置多条HTTP代理服务器配置记录,用于动态选择或者负荷分担。The rule configuration module provides public network address rules, HTTP port list, HTTPS port list and HTTP proxy server rules. Public network address rules, configure address information, these addresses will access the public network through the HTTP proxy server. In specific implementation, a configuration method similar to that of an intranet host can be used, that is, a list of exception addresses is configured, and all other addresses are regarded as public network addresses; the method of displaying and specifying can also be used, that is, which subnets are clearly indicated as public network addresses . The HTTP port list configures which TCP ports are HTTP ports. The HTTPS port list configures which TCP ports are HTTPS ports. The HTTP proxy server rule configures the HTTP proxy server address and port number, allowing the configuration of multiple HTTP proxy server configuration records for dynamic selection or load sharing.

上行报文处理模块,逐包分析内部用户的S1-U上行报文,解析用户报文中的目的地址和TCP端口号,根据公网地址规则和HTTP端口列表规则、HTTPS端口列表规则,识别出上行公网HTTP/HTTPS报文,提取出用户报文(IP报文)发给用户报文代理模块。The upstream message processing module analyzes the S1-U upstream message of the internal user packet by packet, analyzes the destination address and TCP port number in the user message, and identifies the Uplink the public network HTTP/HTTPS message, extract the user message (IP message) and send it to the user message agent module.

用户报文代理模块,分为HTTP报文代理模块和HTTPS报文代理模块。收到上行报文处理模块发来的报文后,根据类型,动态创建HTTP报文代理模块和HTTPS报文代理模块。The user message proxy module is divided into an HTTP message proxy module and an HTTPS message proxy module. After receiving the message sent by the uplink message processing module, dynamically create an HTTP message proxy module and an HTTPS message proxy module according to the type.

HTTP报文代理模块,模拟公网服务器与用户终端建立HTTP连接,收取用户终端的HTTP报文,模拟内网主机行为,根据代理规则配置,与HTTP代理服务器建立HTTP连接,将收取的用户终端HTTP报文,进行URL处理后,发往HTTP代理服务器。收取HTTP代理服务器返回的HTTP响应报文,模拟公网服务器,通过与用户终端之间的HTTP连接发给用户终端,报文打包后发往下行报文处理模块。The HTTP message proxy module simulates the establishment of HTTP connections between the public network server and the user terminal, collects HTTP messages from the user terminal, simulates the behavior of the host on the intranet, and establishes an HTTP connection with the HTTP proxy server according to the configuration of the proxy rules. After URL processing, the message is sent to the HTTP proxy server. Receive the HTTP response message returned by the HTTP proxy server, simulate the public network server, send it to the user terminal through the HTTP connection with the user terminal, and send the message to the downlink message processing module after packaging.

HTTPS报文代理模块,模拟公网服务器与用户终端建立SSL连接,收取用户终端的SSL报文,模拟内网主机行为,根据代理规则配置,与HTTP代理服务器建立HTTP连接,并使用CONNECT方法请求HTTP代理服务器与公网服务器建立SSL连接,将收取的用户终端SSL报文,通过与HTTP代理服务器的HTTP连接发往HTTP代理服务器。收取HTTP代理服务器返回的SSL报文,模拟公网服务器,通过与用户终端之间的SSL连接发给用户终端,报文打包后发往下行报文处理模块。The HTTPS message proxy module simulates the establishment of an SSL connection between the public network server and the user terminal, collects the SSL message from the user terminal, simulates the behavior of the intranet host, establishes an HTTP connection with the HTTP proxy server according to the proxy rule configuration, and uses the CONNECT method to request HTTP The proxy server establishes an SSL connection with the public network server, and sends the received user terminal SSL packets to the HTTP proxy server through the HTTP connection with the HTTP proxy server. Receive the SSL message returned by the HTTP proxy server, simulate the public network server, send it to the user terminal through the SSL connection with the user terminal, and send the message to the downlink message processing module after packaging.

HTTP报文代理模块和HTTPS报文代理模块,收到用户终端的TCP连接释放报文时释放,并通知用户报文代理模块。The HTTP message agent module and the HTTPS message agent module release when receiving the TCP connection release message of the user terminal, and notify the user message agent module.

下行报文处理模块,将用户报文代理模块发来的用户报文,打包成S1-U报文发给移动网基站发往用户终端。The downlink message processing module packs the user message sent by the user message agent module into an S1-U message and sends it to the mobile network base station to the user terminal.

图10是本发明实施例提供的图9中的新增模块部署的示意图,如图10所示,包括两种部署方式:方式1,与移动网基站部署在一起。优点是与移动网基站集成,便于管理;缺点是需要升级移动网基站软件版本,不利于部署。方式2,单独设备部署。优点是对移动网基站没有影响,便于部署;缺点是需要新增一台设备。FIG. 10 is a schematic diagram of the deployment of the newly added module in FIG. 9 provided by an embodiment of the present invention. As shown in FIG. 10 , there are two deployment modes: mode 1, which is deployed together with the mobile network base station. The advantage is that it is integrated with the mobile network base station, which is easy to manage; the disadvantage is that the software version of the mobile network base station needs to be upgraded, which is not conducive to deployment. Mode 2, deploy on individual devices. The advantage is that it has no impact on the mobile network base station and is easy to deploy; the disadvantage is that a new device needs to be added.

图11是本发明实施例提供的企业内部用户HTTP公网访问上行报文处理流程图,如图11所示,S1是移动网基站eNB和核心网EPC之间的逻辑链路,S1-U报文指S1链路上的用户报文,S1-U报文中封装着用户终端的IP报文,也称为用户报文。在本示例中,本发明技术方案从移动网基站eNB收到S1-U上行报文,识别出内部用户的上行HTTP公网访问报文,模拟公共代理服务器收取,经过URL处理,模拟内网主机发往HTTP代理服务器访问公网。具体包括:Fig. 11 is a flow chart of processing an uplink message accessed by an enterprise internal user's HTTP public network access provided by an embodiment of the present invention. As shown in Fig. 11, S1 is a logical link between the mobile network base station eNB and the core network EPC, and S1-U reports The message refers to the user message on the S1 link, and the IP message of the user terminal is encapsulated in the S1-U message, which is also called a user message. In this example, the technical solution of the present invention receives the S1-U uplink message from the mobile network base station eNB, identifies the uplink HTTP public network access message of the internal user, simulates the collection by the public proxy server, and simulates the intranet host after URL processing Sent to the HTTP proxy server to access the public network. Specifically include:

步骤1101:UE发送空口报文,携带用户报文(用户HTTP报文);Step 1101: UE sends an air interface message, carrying a user message (user HTTP message);

步骤1102:移动网基站提取用户报文(用户HTTP报文),打包成S1-U发送;Step 1102: the mobile network base station extracts the user message (user HTTP message), packs it into S1-U and sends it;

步骤1103:上行报文处理模块逐包分析内部用户的S1-U上行报文,解析出内部用户报文中的目的地址和TCP端口号,识别出上行HTTP公网报文;Step 1103: The upstream message processing module analyzes the S1-U upstream message of the internal user packet by packet, parses out the destination address and TCP port number in the internal user message, and identifies the upstream HTTP public network message;

步骤1104:上行报文处理模块将用户报文(用户HTTP报文)发给用户报文代理模块;Step 1104: the uplink message processing module sends the user message (user HTTP message) to the user message agent module;

步骤1105:用户报文代理模块检查是否存在该用户连接的HTTP报文代理模块,没有则创建该用户连接的HTTP报文代理模块;Step 1105: the user message proxy module checks whether there is an HTTP message proxy module connected by the user, if not, the HTTP message proxy module connected by the user is created;

步骤1106:用户报文代理模块转给HTTP报文代理模块处理;Step 1106: the user message agent module forwards the HTTP message agent module to process;

步骤1107:HTTP报文代理模块模拟公网服务器,创建与UE的HTTP连接;Step 1107: The HTTP packet proxy module simulates a public network server and creates an HTTP connection with the UE;

步骤1108:UE和HTTP报文代理模块间的HTTP连接创建成功。UE和HTTP报文代理模块之间的报文将通过这个HTTP连接发送;Step 1108: The HTTP connection between the UE and the HTTP packet proxy module is established successfully. The message between the UE and the HTTP message proxy module will be sent through this HTTP connection;

步骤1109:HTTP报文代理模块发起建立与HTTP代理服务器的HTTP连接;Step 1109: the HTTP packet proxy module initiates the establishment of an HTTP connection with the HTTP proxy server;

步骤1110:HTTP报文代理模块收取用户HTTP报文;Step 1110: HTTP packet proxy module receives user HTTP packets;

步骤1111:HTTP报文代理模块将收取的用户HTTP报文,进行URL处理后,发送给HTTP代理服务器。Step 1111: The HTTP message proxy module sends the received user HTTP message to the HTTP proxy server after URL processing.

图12是本发明实施例提供的内部用户HTTP公网访问下行报文处理流程图,如图12所示,在收到HTTP代理服务器返回的HTTP报文,模拟公网服务器,通过与UE之间的HTTP连接发给用户终端,将用户报文打包成S1-U下行报文发往移动网基站。具体包括:Figure 12 is a flow chart of the internal user's HTTP public network access downlink message processing flow provided by the embodiment of the present invention. The HTTP connection sent to the user terminal, and the user packet is packaged into an S1-U downlink packet and sent to the mobile network base station. Specifically include:

步骤1201:UE与HTTP报文代理模块的HTTP连接已建立;Step 1201: The HTTP connection between the UE and the HTTP packet proxy module has been established;

步骤1202:HTTP报文代理模块与HTTP代理服务器的HTTP连接已建立;Step 1202: The HTTP connection between the HTTP packet proxy module and the HTTP proxy server has been established;

步骤1203:HTTP代理服务器发送HTTP响应报文给HTTP报文代理模块;Step 1203: the HTTP proxy server sends an HTTP response message to the HTTP message proxy module;

步骤1204:HTTP报文代理模块收取HTTP响应报文;Step 1204: the HTTP message agent module receives the HTTP response message;

步骤1205:HTTP报文代理模块将收取的HTTP响应报文封装成发给UE的用户报文(用户IP报文);Step 1205: The HTTP message proxy module encapsulates the received HTTP response message into a user message (user IP message) sent to the UE;

步骤1206:HTTP报文代理模块将用户报文发给下行处理模块;Step 1206: the HTTP message proxy module sends the user message to the downlink processing module;

步骤1207:下行处理模块打包成S1-U下行报文发往移动网基站;Step 1207: The downlink processing module packs it into an S1-U downlink message and sends it to the mobile network base station;

步骤1208:移动网基站提取用户报文,通过空口报文携带给UE。Step 1208: The base station of the mobile network extracts the user message, and carries it to the UE through the air interface message.

图13是本发明实施例提供的内部用户HTTPS公网访问上行报文处理流程图,如图13所示,从移动网基站eNB收到S1-U上行报文,识别出内部用户的上行HTTPS公网报文,模拟公共代理服务器收取,再模拟内网主机发往HTTP代理服务器访问公网。具体包括:Fig. 13 is a flow chart of processing an internal user's HTTPS public network access uplink message provided by an embodiment of the present invention. Network packets, simulated by the public proxy server to collect, and then simulated by the internal network host to send to the HTTP proxy server to access the public network. Specifically include:

步骤1301:UE发送空口报文,携带用户报文(用户SSL报文);Step 1301: UE sends an air interface message, carrying a user message (user SSL message);

步骤1302:移动网基站提取用户报文(用户SSL报文),打包成S1-U发送;Step 1302: the mobile network base station extracts the user message (user SSL message), packs it into S1-U and sends it;

步骤1303:上行报文处理模块逐包分析内部用户的S1-U上行报文,解析出内部用户报文中的目的地址和TCP端口号,识别出上行HTTPS公网报文;Step 1303: The upstream message processing module analyzes the S1-U upstream message of the internal user packet by packet, parses out the destination address and TCP port number in the internal user message, and identifies the upstream HTTPS public network message;

步骤1304:上行报文处理模块将用户报文(用户SSL报文)发给用户报文代理模块;Step 1304: the uplink message processing module sends the user message (user SSL message) to the user message agent module;

步骤1305:用户报文代理模块检查是否存在该用户连接的HTTPS报文代理模块,没有则创建该用户连接的HTTPS报文代理模块;Step 1305: the user message agent module checks whether there is an HTTPS message agent module connected by the user, if not, the HTTPS message agent module connected by the user is created;

步骤1306:用户报文代理模块转给HTTPS报文代理模块处理;Step 1306: the user message agent module transfers the HTTPS message agent module to process;

步骤1307:HTTPS报文代理模块模拟公网服务器,创建与UE的SSL连接;Step 1307: The HTTPS packet proxy module simulates a public network server and creates an SSL connection with the UE;

步骤1308:UE和HTTPS报文代理模块间的SSL连接创建成功。UE和HTTPS报文代理模块之间的报文将通过这个SSL连接发送;Step 1308: The SSL connection between the UE and the HTTPS packet proxy module is established successfully. The message between the UE and the HTTPS message proxy module will be sent through this SSL connection;

步骤1309:HTTPS报文代理模块发起建立与HTTP代理服务器的HTTP连接,并通过CONNECT方法请求HTTP代理服务器建立与公网服务器的SSL连接;Step 1309: the HTTPS message proxy module initiates to establish an HTTP connection with the HTTP proxy server, and requests the HTTP proxy server to establish an SSL connection with the public network server through the CONNECT method;

步骤1310:HTTPS报文代理模块收取用户SSL报文;Step 1310: the HTTPS packet proxy module receives user SSL packets;

步骤1311:HTTPS报文代理模块将收取的用户SSL报文发送给HTTP代理服务器。Step 1311: The HTTPS message proxy module sends the received user SSL message to the HTTP proxy server.

图14是本发明实施例提供的内部用户HTTPS公网访问下行报文处理流程图,如图14所示,在收到HTTP代理服务器返回的SSL报文,模拟公网服务器,通过与UE之间的SSL连接发给用户终端,将用户报文打包成S1-U下行报文发往移动网基站。具体包括:Figure 14 is a flow chart of the internal user's HTTPS public network access downlink message processing provided by the embodiment of the present invention. The SSL connection is sent to the user terminal, and the user packet is packaged into an S1-U downlink packet and sent to the mobile network base station. Specifically include:

步骤1401:UE与HTTPS报文代理模块的SSL连接已建立;Step 1401: The SSL connection between the UE and the HTTPS packet proxy module has been established;

步骤1402:HTTPS报文代理模块与HTTP代理服务器的HTTP连接已建立;Step 1402: The HTTP connection between the HTTPS packet proxy module and the HTTP proxy server has been established;

步骤1403:HTTP代理服务器发送SSL报文给HTTPS报文代理模块;Step 1403: HTTP proxy server sends SSL message to HTTPS message proxy module;

步骤1404:HTTPS报文代理模块收取SSL报文;Step 1404: the HTTPS message proxy module receives the SSL message;

步骤1405:HTTPS报文代理模块将收取的SSL报文封装成发给UE的用户报文(用户IP报文);Step 1405: The HTTPS message proxy module encapsulates the received SSL message into a user message (user IP message) sent to the UE;

步骤1406:HTTPS报文代理模块将用户报文发给下行处理模块;Step 1406: The HTTPS message proxy module sends the user message to the downlink processing module;

步骤1407:下行处理模块打包成S1-U下行报文发往移动网基站;Step 1407: The downlink processing module packs it into an S1-U downlink message and sends it to the mobile network base station;

步骤1408:移动网基站提取用户报文,通过空口报文携带给UE。Step 1408: The base station of the mobile network extracts the user message, and carries it to the UE through the air interface message.

根据本发明实施例提供的方案,企业网络内部用户移动终端,在移动网基站侧,使用企业网络HTTP代理服务器访问公网业务,充分利用企业网络原来租用的有线传输带宽,节约了成本,同时也便于企业网络管控其内部用户移动网终端访问公网的行为。According to the solution provided by the embodiment of the present invention, the mobile terminal of the user in the enterprise network, on the base station side of the mobile network, uses the HTTP proxy server of the enterprise network to access the public network services, fully utilizes the wired transmission bandwidth originally rented by the enterprise network, saves costs, and also It is convenient for the enterprise network to control the behavior of its internal users' mobile network terminals accessing the public network.

尽管上文对本发明进行了详细说明,但是本发明不限于此,本技术领域技术人员可以根据本发明的原理进行各种修改。因此,凡按照本发明原理所作的修改,都应当理解为落入本发明的保护范围。Although the present invention has been described in detail above, the present invention is not limited thereto, and various modifications can be made by those skilled in the art based on the principle of the present invention. Therefore, any modifications made according to the principles of the present invention should be understood as falling within the protection scope of the present invention.

Claims (12)

1. a kind of method of the user terminal access public network of Enterprise Mobile private network, including:

When Enterprise Mobile private network base station side receives the uplink public net message of mobile terminal transmission of enterprises user, institute is determined State the type of message of uplink public net message;

Enterprise Mobile private network base station side according to the type of message of identified uplink public net message, establish its in the enterprise The agreement of corresponding type of message between the mobile terminal of portion user connects, and is obtained in the enterprise via agreement connection The uplink protocol massages that the mobile terminal of portion user is sent;

The uplink protocol massages are routed to the http proxy server by Enterprise Mobile private network base station side, so as to the enterprise The mobile terminal of industry internal user accesses public network via the http proxy server;

Enterprise Mobile private network base station side is when receiving the descending protocol message that the http proxy server returns, by being built The descending protocol message is sent to the mobile terminal of the enterprises user by vertical agreement connection;

Wherein, the HTTP refers to hypertext transfer protocol.

2. according to the method described in claim 1, the uplink public net message includes the destination address for identifying public network address Information and TCP port number information for identification message type;The type of message includes HTTP message type and HTTPS messages Type;

Wherein, the TCP refers to transmission control protocol;The HTTPS refers to Hyper text transfer security protocol.

3. according to the method described in claim 2, the Enterprise Mobile private network base station side receives the movement of enterprises user When the uplink public net message that terminal is sent, determine that the type of message of the uplink public net message includes:

When Enterprise Mobile private network base station side receives the uplink public net message of mobile terminal transmission of enterprises user, by right The uplink public net message is parsed, and the destination address and TCP port number of the uplink public net message are obtained;

Enterprise Mobile private network base station side utilizes preset public network address library, http port list storehouse and HTTPS port lists Library carries out matching treatment to obtained destination address and TCP port number;

If obtained destination address and TCP port number match with the public network address library and http port list storehouse, enterprise Mobile private network base station side determines that the uplink public net message is HTTP message type;

If obtained destination address and TCP port number match with the public network address library and HTTPS port lists library, enterprise Mobile private network base station side determines that the uplink public net message is HTTPS type of messages.

4. according to the method described in claim 3, the Enterprise Mobile private network base station side is according to identified uplink public network report The type of message of text establishes the agreement connection of its corresponding type of message between the mobile terminal of the enterprises user, And the uplink protocol massages that the mobile terminal that the enterprises user is obtained via agreement connection is sent include:

When Enterprise Mobile private network base station side determines that the uplink public net message is HTTP message type, itself and the enterprise are established Http protocol connection between the mobile terminal of internal user, and obtain the enterprises via http protocol connection and use The uplink http protocol message that the mobile terminal at family is sent.

5. according to the method described in claim 3, the Enterprise Mobile private network base station side is according to identified uplink public network report The type of message of text establishes the agreement connection of its corresponding type of message between the mobile terminal of the enterprises user, And the uplink protocol massages that the mobile terminal that the enterprises user is obtained via agreement connection is sent include:

When Enterprise Mobile private network base station side determines that the uplink public net message is HTTPS type of messages, itself and the enterprise are established Ssl protocol connection between the mobile terminal of industry internal user, and obtain the enterprises via ssl protocol connection and use The uplink ssl protocol message that the mobile terminal at family is sent;

Wherein, the SSL refers to Secure Socket Layer.

6. according to the method described in claim 4, the Enterprise Mobile private network base station side is receiving the HTTP Proxy service When the descending protocol message that device returns, is connected by the agreement established and the descending protocol message is sent in the enterprise The mobile terminal of portion user includes:

Enterprise Mobile private network base station side is when receiving the downlink http protocol message that the http proxy server returns, by institute The downlink user message for the mobile terminal that downlink http protocol message is packaged into for being sent to the enterprises user is stated, and The mobile terminal that the downlink user message is sent to the enterprises user is connected by the http protocol established.

7. according to the method described in claim 5, the Enterprise Mobile private network base station side is receiving the HTTP Proxy service When the descending protocol message that device returns, is connected by the agreement established and the descending protocol message is sent in the enterprise The mobile terminal of portion user includes:

Enterprise Mobile private network base station side is when receiving the downlink ssl protocol message that the http proxy server returns, by institute The downlink user message for the mobile terminal that downlink ssl protocol message is packaged into for being sent to the enterprises user is stated, and The mobile terminal that the downlink user message is sent to the enterprises user is connected by the ssl protocol established.

8. a kind of device of the user terminal access public network of Enterprise Mobile private network, including:

Determining module, for receive enterprises user mobile terminal send uplink public net message when, determine the uplink The type of message of public net message;

Agreement link block is established, for the type of message according to identified uplink public net message, establishes itself and the enterprise The agreement of corresponding type of message between the mobile terminal of internal user connects, and obtains the enterprise via agreement connection The uplink protocol massages that the mobile terminal of internal user is sent;

Sending module, for the uplink protocol massages to be routed to the http proxy server, so as to the enterprises The mobile terminal of user accesses public network via the http proxy server, and is receiving what the http proxy server returned When descending protocol message, is connected by the agreement established and the descending protocol message is sent to the enterprises user's Mobile terminal;

Wherein, the HTTP refers to hypertext transfer protocol.

9. device according to claim 8, the uplink public net message includes the destination address for identifying public network address Information and TCP port number information for identification message type;The type of message includes HTTP message type and HTTPS messages Type;

Wherein, the TCP refers to transmission control protocol;The HTTPS refers to Hyper text transfer security protocol.

10. device according to claim 8, the determining module include:

Resolution unit, when the uplink public net message that the mobile terminal for receiving enterprises user is sent, by described Row public net message is parsed, and the destination address and TCP port number of the uplink public net message are obtained;

Matching unit, for utilizing preset public network address library, http port list storehouse and HTTPS port lists library, to institute Obtained destination address and TCP port number carries out matching treatment;

Determination unit, for when obtained destination address and TCP port number and the public network address library and http port list storehouse Match, it is determined that the uplink public net message is HTTP message type, and when obtained destination address and TCP port number with The public network address library and HTTPS port lists library match, it is determined that the uplink public net message is HTTPS type of messages.

11. device according to claim 10, the agreement link block of establishing include:

Establish the first agreement connection unit, for when determine the uplink public net message be HTTP message type when, establish its with Http protocol connection between the mobile terminal of the enterprises user, and obtain the enterprise via http protocol connection The uplink http protocol message that the mobile terminal of industry internal user is sent.

12. device according to claim 10, the agreement link block of establishing include:

Establish second protocol connection unit, for when determine the uplink public net message be HTTPS type of messages when, establish its with Ssl protocol connection between the mobile terminal of the enterprises user, and obtain the enterprise via ssl protocol connection The uplink ssl protocol message that the mobile terminal of internal user is sent;

Wherein, the SSL refers to Secure Socket Layer.

CN201710081308.7A 2017-02-15 2017-02-15 A method and device for accessing a public network by a user terminal of an enterprise mobile private network Active CN108696546B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710081308.7A CN108696546B (en) 2017-02-15 2017-02-15 A method and device for accessing a public network by a user terminal of an enterprise mobile private network
PCT/CN2018/075548 WO2018149342A1 (en) 2017-02-15 2018-02-07 Public network accessing method and device and computer storage medium for user terminal of mobile private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710081308.7A CN108696546B (en) 2017-02-15 2017-02-15 A method and device for accessing a public network by a user terminal of an enterprise mobile private network

Publications (2)

Publication Number Publication Date
CN108696546A true CN108696546A (en) 2018-10-23
CN108696546B CN108696546B (en) 2021-08-24

Family

ID=63169126

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710081308.7A Active CN108696546B (en) 2017-02-15 2017-02-15 A method and device for accessing a public network by a user terminal of an enterprise mobile private network

Country Status (2)

Country Link
CN (1) CN108696546B (en)
WO (1) WO2018149342A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587204A (en) * 2017-09-29 2019-04-05 中兴通讯股份有限公司 A kind of method, apparatus and electronic equipment accessing public network
CN111405615A (en) * 2020-03-19 2020-07-10 联想(北京)有限公司 Communication data transmission method, device and storage medium
CN115913746A (en) * 2022-12-05 2023-04-04 中国电信股份有限公司 Communication method, device, electronic equipment and storage medium between private network and external network

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113301106A (en) * 2021-03-23 2021-08-24 阿里巴巴新加坡控股有限公司 Operation and maintenance processing system, method and device
CN113364842B (en) * 2021-05-31 2022-12-16 深圳市光网世纪科技有限公司 Network data transmission method
CN113900978B (en) * 2021-10-27 2024-05-10 海光信息技术股份有限公司 Data transmission method, device and chip

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030191935A1 (en) * 2002-04-05 2003-10-09 Ferguson Derek M. Pre-authenticated communication within a secure computer network
CN101052022A (en) * 2006-04-05 2007-10-10 华为技术有限公司 System and method for virtual special net user to access public net
CN102316153A (en) * 2010-06-30 2012-01-11 丛林网络公司 To the local dynamically VPN networking client of structure demonstration that inserts of webpage mail
CN102835093A (en) * 2010-04-15 2012-12-19 微软公司 Method and system for reliable protocol tunneling over http
CN103118147A (en) * 2013-01-24 2013-05-22 中国联合网络通信集团有限公司 Method, equipment and system for accessing intranet server
US8498626B1 (en) * 2012-12-10 2013-07-30 Verizon Patent And Licensing Inc. Service-based access for enterprise private network devices to service provider network services
CN103475699A (en) * 2013-08-27 2013-12-25 北京创毅讯联科技股份有限公司 Enterprise network agent device and method for enterprise network to communicate with public network
KR101472964B1 (en) * 2013-12-11 2014-12-16 콘텔라 주식회사 Security system and security method for enterprise communication service using mobile communication network
CN104798355A (en) * 2012-09-18 2015-07-22 思杰系统有限公司 Mobile device management and security
CN106302839A (en) * 2015-05-12 2017-01-04 中兴通讯股份有限公司 The distribution method of internet protocol address and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6397259B1 (en) * 1998-05-29 2002-05-28 Palm, Inc. Method, system and apparatus for packet minimized communications
CN100372323C (en) * 2003-06-12 2008-02-27 华为技术有限公司 A method for accessing server group
US8819233B2 (en) * 2011-03-11 2014-08-26 Qualcomm Incorporated System and method using a web proxy-server to access a device having an assigned network address
US9935879B2 (en) * 2012-12-29 2018-04-03 Netronome Systems, Inc. Efficient intercept of connection-based transport layer connections
CN106101015B (en) * 2016-07-19 2020-08-14 广东药科大学 Mobile internet traffic class marking method and system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030191935A1 (en) * 2002-04-05 2003-10-09 Ferguson Derek M. Pre-authenticated communication within a secure computer network
CN101052022A (en) * 2006-04-05 2007-10-10 华为技术有限公司 System and method for virtual special net user to access public net
CN102835093A (en) * 2010-04-15 2012-12-19 微软公司 Method and system for reliable protocol tunneling over http
CN102316153A (en) * 2010-06-30 2012-01-11 丛林网络公司 To the local dynamically VPN networking client of structure demonstration that inserts of webpage mail
CN104798355A (en) * 2012-09-18 2015-07-22 思杰系统有限公司 Mobile device management and security
US8498626B1 (en) * 2012-12-10 2013-07-30 Verizon Patent And Licensing Inc. Service-based access for enterprise private network devices to service provider network services
CN103118147A (en) * 2013-01-24 2013-05-22 中国联合网络通信集团有限公司 Method, equipment and system for accessing intranet server
CN103475699A (en) * 2013-08-27 2013-12-25 北京创毅讯联科技股份有限公司 Enterprise network agent device and method for enterprise network to communicate with public network
KR101472964B1 (en) * 2013-12-11 2014-12-16 콘텔라 주식회사 Security system and security method for enterprise communication service using mobile communication network
CN106302839A (en) * 2015-05-12 2017-01-04 中兴通讯股份有限公司 The distribution method of internet protocol address and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587204A (en) * 2017-09-29 2019-04-05 中兴通讯股份有限公司 A kind of method, apparatus and electronic equipment accessing public network
CN109587204B (en) * 2017-09-29 2021-11-02 中兴通讯股份有限公司 Method and device for accessing public network and electronic equipment
CN111405615A (en) * 2020-03-19 2020-07-10 联想(北京)有限公司 Communication data transmission method, device and storage medium
CN111405615B (en) * 2020-03-19 2021-10-22 联想(北京)有限公司 Communication data transmission method, device and storage medium
CN115913746A (en) * 2022-12-05 2023-04-04 中国电信股份有限公司 Communication method, device, electronic equipment and storage medium between private network and external network

Also Published As

Publication number Publication date
WO2018149342A1 (en) 2018-08-23
CN108696546B (en) 2021-08-24

Similar Documents

Publication Publication Date Title
CN108696546A (en) 2018-10-23 A kind of method and device of the user terminal access public network of Enterprise Mobile private network
EP2764662B1 (en) 2019-06-12 Test traffic interceptor in a data network
CN106488508B (en) 2019-11-19 A kind of data transmission method, apparatus and system
US8804716B2 (en) 2014-08-12 Methods, systems, and computer readable media for evolved general packet radio service (GPRS) tunneling protocol (eGTP) indirect tunneling in a voice over LTE (VoLTE) simulation
JP2012156988A (en) 2012-08-16 Method for identifying topology of network, network monitoring system, and computer-readable storage medium
KR20140023435A (en) 2014-02-26 Communication method and system, access network device, and application server
US20110222414A1 (en) 2011-09-15 Method and apparatus for active probing of tunneled internet protocol (ip) transmission paths
EP3520444B1 (en) 2021-03-31 Enhancement of traffic detection and routing in virtualized environment
EP2887742B1 (en) 2016-11-09 Telecommunications networks
US20190124043A1 (en) 2019-04-25 Traffic rerouting and filtering in packet core networks
CN106899500B (en) 2020-06-26 Message processing method and device for cross-virtual extensible local area network
CN111294798A (en) 2020-06-16 A method, apparatus, terminal device and medium for data interaction
US20150181592A1 (en) 2015-06-25 Telecommunications Networks
US10476835B2 (en) 2019-11-12 Dynamically identifying and associating control packets to an application layer
Subramanya et al. 2017 A practical architecture for mobile edge computing
CN111262715B (en) 2021-04-02 Virtual intranet acceleration method and system and computer equipment
CN104488232B (en) 2018-10-09 Device and method for interconnecting two sub-networks
CN107277882A (en) 2017-10-20 A kind of data routing method, device and base station
CN109587204B (en) 2021-11-02 Method and device for accessing public network and electronic equipment
CN105722145B (en) 2019-10-15 Data communication method and base station based on S1 interface
CN103532789B (en) 2017-02-15 Inter-network transparent transmission detecting system
TW202103480A (en) 2021-01-16 Method for providing network service through edge computing
US12052219B2 (en) 2024-07-30 Chassis system management through data paths
CN108124280A (en) 2018-06-05 Monitoring and diagnosis system and network monitoring diagnostic method
TWI606709B (en) 2017-11-21 Method for netwok sharing of multiple network operators and network sharing management proxy device using the same

Legal Events

Date Code Title Description
2018-10-23 PB01 Publication
2018-10-23 PB01 Publication
2019-11-19 SE01 Entry into force of request for substantive examination
2019-11-19 SE01 Entry into force of request for substantive examination
2021-08-24 GR01 Patent grant
2021-08-24 GR01 Patent grant