TW201138399A - Multi-terminal connection method capable of traversing network address translator without third party transfer - Google Patents

Abstract

A multi-terminal connection method capable of traversing network address translator without third party transfer can be operated in current Internet communication protocols and mainly applied in proceeding Internet connection with third parties when the client-end has a network address translator or a network firewall. Further, the method allows the client-end to directly establish Internet connection with other client-ends through the Internet multi-terminal connection system of the invention without additionally opening to the public the communication connection ports of the network address translator or the network firewall. In addition, the invented method also enables the user at the client-end to additionally load Internet application programs, such as Internet telephone and video conference, on the Internet multi-terminal connection system of the invention based upon personal or work demands. The invention allows the client-ends to directly connect Internet through the data verification mechanism of communication connection ports of the network address translator such that the information security breach can be prevented from irregularly opening network communication ports to the public because of Internet connection. Furthermore, while connecting Internet, the translation may not be performed through the third party or proxy servers. Accordingly, security of connecting Internet between the client-ends can be improved to reduce information breach.

Description

201138399 VI. Description of the Invention: [Technical Fields of the Invention] A method for multi-end connection of the Internet is mainly applied to the Internet connection between the user terminals, and the present invention particularly relates to an existing Internet. In the communication protocol, the client does not need to open the network connection due to the Internet connection, and can further load the Internet application on an Internet multi-end connection system. [Prior Art] With the development of technology and the popularization of broadband networks, the traditional client-server network structure has gradually been replaced by Peer to Peer (P2P). However, the general user side is equipped with a network firewall to prevent the target from being used by the Internet to steal, or set up a network address translator (NAT) for the user to have multiple people. Use the same Internet address (IP) to generate Internet connection externally. However, in order to connect to other users, the Internet connection needs to change the network firewall or network address converter settings to enable specific network communication.埠 埠 对外 对外 对外 , , , , , , , , , 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路Network address translator technology, such as UPnP (Universal Plug and Play), TURN (Traversal Using Relay NAT) 'STUN (Session Traversal Utilities 201138399 for NAT or Techniques such as Simple Traversal of User Datagram Protocol through Network Address Translators (NATs), TURN technology, please refer to r i-th figure, which is a schematic diagram of the implementation of TURN technology, as shown in the figure. A user terminal ίο mainly generates an internet connection with other client terminals 12 through a proxy server u, and the client terminal 1 has a network firewall 1.1 (or a network address converter), and please See the "Figure 2" for matching. The figure shows the implementation flow chart of TURN technology. When the user terminal wants to connect to other clients 12 to generate Internet connection, the Internet connection process is as follows: The following: (1) Step 21 (issuing the intermediary requirement): When the user terminal 1 wants to generate an Internet connection with the other client terminal 12, the client terminal 1 sends an intermediary agent's request to the proxy server U; 2) Step 22 (Network Connection/Assignment): After receiving the signal, the proxy server allocates a referral network communication to the client 10 in the public network communication port of the proxy server. (3) Step 23 (with proxy server Connection): The proxy server replies an associated Internet connection message to the client 10, so that the client 10 can transmit the information through the proxy server; (4) Step 24 (connect with a third party) After the client 10 and the proxy server 11 are connected, the proxy server 11 can generate an Internet connection with the third party, such as other client terminals 12 and the like. For example, the TURN technology described above uses a proxy server to mediate between users 201138399 (10, 12). Although this technology can penetrate the network firewall, it loses the characteristics of peer-to-peer communication and becomes a user. The mode of the proxy server, and all communication payloads are required to be borne by the proxy server. In addition, STUN technology runs in a symmetric network address translator architecture, although it can be temporarily transferred by the proxy server. In order to make the Internet connection between the two parties, but because it is limited by the symmetric network address converter architecture (Symmetric), the network communication can not be reset (Reuse), in addition, to solve the penetration network In addition to the above-mentioned penetration technology, many enterprises use other Internet connection technologies and architecture related hardware devices, such as private virtual Internet (Virtual). Private Netw〇rk, VPN), etc., but if the company's strongholds are scattered around, the establishment of a private virtual Internet will create a huge expense. SUMMARY OF THE INVENTION In view of the above problems, the present inventors have conducted research and analysis on penetration technologies and Internet communication protocols for network firewalls and network address translators based on years of experience in related product development. It is possible to develop a more appropriate solution; therefore, the main purpose of this book is to provide an Internet that does not require special open Internet access, no need to refer to the data through a proxy server, and can load Internet applications. The method of network multi-end connection. In order to achieve the above objective, the present invention constructs an Internet 201138399 multi-end connection line on the user side, and the present invention enables the two users to generate an Internet signal connection through a proxy (four) device, when the proxy server performs in the middle. Intermediary, in this way, when the user conducts the Internet connection with the first party, the relevant Internet connection can be made in the state of having the network fire protection or the network address converter. The user can load the internet application according to the requirements and preferences in the so-called internet multi-end connection system of the present invention. The above description of the present invention and the following description of the embodiments are intended to illustrate and explain the spirit and principles of the present invention, and to provide further explanation of the scope of the invention. [Embodiment] Please refer to "3rd figure", which is shown in the figure. The implementation architecture of the present invention is not intended to be 'as shown in the figure'. Each of the user terminals 3 is provided with an internet multi-end connection system 301. In an information device 302, and in the state in which the network firewall 303 is turned on (or has a network address translator), the Internet multi-end connection system 301 can be connected to a proxy server 31. . Please refer to FIG. 4, which is a flowchart of the implementation of the present invention. Please refer to FIG. 3 and FIG. 5, which are schematic diagrams of the implementation of the present invention (1). When a caller 32 wants to connect to a third party to generate an Internet connection, the Internet connection is performed through the Internet multi-end connection system 321 , and the implementation process is as follows: (1) 201138399 sends an Internet connection Line requirement 41: The calling end 32 wants to connect to the called end 33 for internet connection, and the calling end 32 uses the internet multi-end connection system 321 to send an internet connection request to the proxy server 31; The feeding device sends the connection demand 42: the proxy server 31 forwards the connection request sent by the calling terminal 32 to the called terminal 33; % (3) agrees to connect 43: the proxy server 31 according to the calling terminal 32 After the demand for the Internet connection is sent, after the caller 33 responds and agrees to connect to the line for a certain period of time (for example, 9 seconds), the proxy server 31 returns the related message to the call. End 32; Start the network address translator internet protocol checking mechanism 44: both sides After the connection, the network connection system (321, 331) of the calling terminal 32 and the called terminal 33 respectively starts to check the network firewall 303 (or network address translator) of the two user equipments. Network connection 埠 coding principle, and generate an expected network communication data (D1, D2); (5) transmission network connection 埠 information 45: the network communication data expected by both parties (Dl, D2) And transmitted to the calling terminal 32 and the called terminal 33 through the proxy server 31, for example, the expected network communication data D2, 8 201138399 of the called terminal 33 is transmitted to the calling terminal 32, and the expected network of the calling terminal 32 is transmitted. Road communication data D1 is transmitted to the called terminal 33; (6) Direct Internet connection 46 is generated: Please refer to "Figure 6", which is a schematic diagram of the implementation of the present invention (2), such as As shown in the figure, after the calling end 32 and the called end 33 respectively receive the expected network communication data (D1, D2) of the other party, an instant internet connection is generated, and the calling end 32 and the called end are at this time. Internet connection between 33, no need to go through a proxy server 31 for intermediary processing, only through the two-client Internet multi-end connection system (321, 331) to carry out the relevant Internet connection. Please refer to "Figure 7". The figure shows the flow chart of the implementation of the verification mechanism. In the past, the Internet connection and the information device on the use side generated an internal network when the Internet connection was to be made. The connection can be connected to the external Internet through an Internet firewall or a network address translator to generate an external network connection. However, the user cannot know the external network connection. The invention refers to the network address converter internet protocol checking mechanism, which mainly uses the network communication of the current operating system network firewall or network address translator to make a loop for cyclic coding or permeable setting. After the verification of the sexual code, the user can know the information about the external network connection and pass it on to the third party, so that the connection between the two parties is as shown in the "7th 201138399", and please refer to the reference. In the fifth figure, as described above, when the called terminal 33 agrees to connect, the calling terminal 32 and the called terminal 33 respectively start the verification mechanism referred to in the present invention, and only call The terminal 32 is exemplified, and the implementation of the called terminal 33 is the same as that of the calling terminal 32. Moreover, the implementation process of the network address converter internet protocol checking mechanism is as follows: (1) multiple connections with the proxy server Line 51: After receiving the consent connection message, the calling terminal 32 enters with the proxy server 31.

The connection is made multiple times, and the proxy server 31 returns an external communication data D3 to the calling terminal 32 after each connection; (2) obtains a logical communication 埠 information 52: when the calling terminal commits After receiving multiple external communication data D3, the external communication data D3 is checked by the Internet multi-end connection system 321, and a logical communication data can be obtained after verification; (3) Generating the expected network communication 埠 Data 53: After generating the logical communication data according to step 52, the Internet multi-terminal connection system 321 of the calling terminal 32 further utilizes the data to generate the external network of the first phase. The connection itch data D1' is such that the caller 32 can pass this data to the called terminal 33, thereby generating a direct internet connection. Please refer to "8th figure", which is a preferred embodiment of the present invention 201138399. According to step 46 of "Fig. 4", the calling end 32 and the called end 33 generate an instant internet. After the network is connected, you can further use step 47 (starting the Internet application) shown in this figure; step 47 (starting the Internet application) shown in this figure refers to the caller 32 and the called. After the end 33 generates an instant Internet connection, the Internet connection application (301, 321, 331) of the present invention can be further loaded with various Internet applications according to individual or enterprise requirements. For example, video conferencing, instant messaging, and the like, please refer to "FIG. 9", which is a connection diagram of a preferred embodiment of the present invention. As shown in the figure, the present invention is referred to as The Internet Multi-Terminal Connection System 3〇1 is installed on the information device of the user side and has a menu interface 3011. The interface 3011 has multiple menus, for example, the contact menu 3012' can be used in the same enterprise. Or a friend's related network connection埠The s is also recorded in the contact list, and, for example, the Internet application function menu 3013, when the user loads any Internet application, on the Internet multi-end connection system 301 The Internet application loaded by the user will be displayed. As shown in the figure, the Internet multi-end connection system 301 is loaded with a live chat application 3〇14, a remote remote control application 3015, and a video conferencing application. 3〇16 and other Internet applications, the implementation of which is as follows, with remote control as an example, please refer to "Figure 3" and "Figure 8" for the Internet connection with two clients ( 32, 33) All need to set up the Internet multi-end connection system (321, 331) of the present invention, and at the same time need to load the remote control should be 11 201138399 application 3015 in the Internet multi-end connection system (321, 331 When the called terminal 33 receives the connection request of the calling terminal 32, after confirming the connection, the direct connection can be performed and the remote control application 3015 can be used to access the information device of the called terminal 33. Information setting Handling, specific embodiments thereof contents' system mentioned above, which is not to be described herein. It can be seen from the above that the method of the present invention, which can penetrate the network address translator and does not require the second party to refer to the multi-end connection, can be operated in the current Internet communication protocol, and its main system Set up an Internet multi-terminal connection system on each user's side to provide the user-side settings for the Internet connection or load related Internet applications, and then do not need to pass through the Internet connection. The agent feeding machine is used for performing data forwarding and the like, and the Internet connection end system is used to check the communication connection between the calling end and the called end, thereby generating an instant internet connection. In this way, the Internet connection between the client and the third party does not need to close the network firewall or the network address converter setting to generate an information security vulnerability, which helps to improve the information security of the Internet. According to this, after the invention is implemented, the invention can provide a proxy-free server, and can penetrate the network firewall and the network address converter, and can be further utilized. The method of Internet connection multiport off Internet app. It is to be understood that the foregoing description of the preferred embodiments of the present invention is not intended to limit the scope of the present invention. 12 201138399

Modifications should be covered by the scope of this creation. In summary, the effects of the present invention are patents such as "industry availability," "novelty," and "progressiveness" of the invention; the applicant filed a new patent with the bureau in accordance with the provisions of the Patent Law. Application. 13 201138399 [Simple description of the diagram] Figure 1 is a schematic diagram of the implementation of TURN technology. Figure 2 is a flow chart of the implementation of the TURN technology. Figure 3 is a schematic diagram of the implementation structure of the present invention. Figure 4 is a flow chart showing the implementation of the present invention. Figure 5 is a schematic view (I) of the implementation of the present invention. Figure 6 is a schematic view (2) of the implementation of the present invention. Figure 7 is a flow chart for the implementation of the verification mechanism.

Figure 8 is a preferred embodiment of the invention. Figure 9 is a connection diagram of a wiring system in accordance with a preferred embodiment of the present invention. [Main component symbol description] 10 Client 101 Network firewall 11 Proxy server 12 Other client 21 Intermediary request 22 Network connection 埠 Assignment 23 Connection with proxy server 24 Connection with third party 30 Client 301 Internet Multi-Terminal Connection System 3011 Interface 3012 Contact Menu 3013 Internet Application Function Menu 14 201138399 3014 Instant Chat Application 3015 Remote Control Application 3016 Video Conferencing Application 302 Information Device 303 Network Firewall 31 Proxy Server 32 Calling Terminal 321 Internet Multi-Terminal Connection System 33 Calling Terminal 331 Internet Multi-End Connection System 41 Making Internet Connection Requirements 42 Server Sending Connection Requirements 43 Agreeing to Connect 44 Starting Network Address Translator Internet Protocol Checking Mechanism 45 Transferring Network Connections Information 46 Generating Direct Internet Connections 47 Enabling Internet Applications 51 Multiple Connections with Proxy Servers 52 Logical Communication 埠 Data 53 Generating Expected Network Communications埠 Data D1 Expected Network Communication 埠 Data D2 Expectations Network communication port information 15 201138399 D3 external data communication port

I Si 16

Claims (1)

201138399 VII. Patent application scope: 1. A multi-end connection method that can penetrate the network address converter without third-party referral, which can run in the current network communication protocol and has a message at the user end. The device is provided with an internet multi-end connection system, and the steps are as follows: 1. When an internet connection requirement step is sent, a call end sends a demand signal to a proxy server through the internet multi-end connection system. a server sends a connection request step, the proxy server receives the connection request of the call terminal and then transmits the message to a called terminal; and the agreed connection step, the called terminal is in a specific time, Calling the connection request from the proxy server, after agreeing to connect, the proxy server sends back relevant information to the caller; a step of starting the network address translator internet protocol checking mechanism step 'the caller and the The called end uses the associated internet multi-end connection system to check the coding principle of the network connection, and generates an expected network. Connection data; a transmission network connection 埠 information step, the calling end and the called end respectively check the network connection 埠 coding principle, the generated network connection 埠 data will be respectively sent via the proxy server The data is transmitted to the other party; and a direct Internet connection step is generated, the calling end and the called end respectively receive the expected network connection information of the other party, and then the Internet is transmitted through the network. Connected to the system, you can create a direct Internet. Road connection. 2. The method for translating a network address translator as described in claim 1 and which does not require a third-party referral, wherein the network address converter network protocol checking mechanism is activated. The implementation steps are as follows: · A plurality of connection steps with the proxy server: after receiving the connection information, the client connects to the proxy server multiple times, and each time the connection is made The proxy server will return an external connection • 4 data to the client; a logical communication 埠 data step: 4 the client's Internet multi-end connection system checks the number of external connections 埠 data, and Further generating a logical network communication data; a step of generating the expected network communication data: the internet multi-end connection system generates an expected external network by using the logical network communication data The connection is made to the data, and the expected external network connection data is transmitted to other clients to generate a direct Internet connection. 3. A method for a multi-end connection capable of penetrating a network address translator and requiring no third party referral as described in the patent scope 帛i, wherein the direct network interconnection step can be initiated Internet application steps. A method for translating a network address translator and a m-way referral multi-end connection as described in claim 1 wherein the internet m 18 201138399 The multi-end connection system further has a user interface. 5. A method of translating a network address translator as described in claim 4, and which does not require third party referral, wherein the user interface architecture has more than one functional menu. 19