CN106161394B

CN106161394B - Utilize the method for privately owned routing server, global network and smart client

Info

Publication number: CN106161394B
Application number: CN201510186124.8A
Authority: CN
Inventors: B·W·陈
Original assignee: Kingston Digital Inc
Current assignee: Kingston Digital Inc
Priority date: 2014-10-28
Filing date: 2015-04-17
Publication date: 2019-11-12
Anticipated expiration: 2035-04-17
Also published as: GB2531831A; TWI629598B; TW201616374A; GB2531831B; CN106161394A; GB201505761D0

Abstract

A method of utilizing privately owned routing server, global network and smart client.This method, which is contained in a client server relationship, sets a privately owned cloud routing server and smart client.The privately owned cloud routing server includes a first message box.The smart client includes a second message box.First and second message box is located in the publicly-owned cloud network.This method is also contained in the conversational message that a secured fashion transmits a verifying between the first message box and the second message box.The smart client can mutually be communicated with the privately owned cloud routing server after the verifying for providing safety.This method, which is also contained in client server relationship, sets another smart client and the privately owned cloud routing server.Two smart clients can be via the public cloud network with carrying out secret mutually and communication safely.

Description

Utilize the method for privately owned routing server, global network and smart client

Technical field

What the present invention generally sayed is about network connection (networking), is about privately owned cloud network more specifically Use.

Background technique

It include smartphone, tablet computer, electronic book reading machine (eBook in internet JA(junction ambient) Reader), the intelligent device including notebook computer, personal computer (PC) and various intelligent devices (gadget) Client (Smart Device Client) is widely used (ubiquitous) and ubiquitous (omnipresent).Except connection Except property (connectivity), one of value of smart client be for can be attached whenever and wherever possible with Service is captured from one or more service sides or server.The equal services include message, video content, in real time or archive information, with And execution, Social Media, messaging (messaging), Email, storage, the backup, calendar, telephone directory of application program (contact), synchronization, sharing, remote desktop (remote desktop), Internet of Things (Internet of Things；IoT). Other services include, and between at least two smart clients, in real time, the video of secret and safety, audio, text and answer It is communicated with program, this is main target of the invention.There is different types of server servo from smart client The different request services such as this.In general, the server of the types such as this can be classified into following two groups: public cloud and private There is cloud.Belong to the server in public cloud, as its name suggests, often free but function is limited or charges for provided service And there is more complicated service, and interact with public masses.The example of public cloud server includes data via internet Center, Social Media service and storage/content supplier.On the other hand, the server for belonging to privately owned cloud often solves private People's demand.With service provided by public cloud on the contrary, privately owned long-range provided service more privatization and secret (personal)。

One example system of the application of privately owned cloud server (private cloud server) is a privately owned cloud storage Server (private cloud storage server；PCSS).Privately owned cloud storage server is located to be managed by user Local area network (local area network；LAN in).It is in the local area network or Wide Area Network (wide area network；WAN the user in) provides online (on-line) and standby (backup) storage.User is able to use one Smart client accesses the information in privately owned cloud storage server whenever and wherever possible.Therefore, privately owned cloud store-service Device and associated smart client form an example of privately owned cloud server and client framework.

It traditionally, (include Network Attached Storage (network attached there are many storage server solutions storage；NAS), Windows/Mac/Linux server and directly attached storage (direct attached storage；DAS)) to meet the requirement of privately owned cloud storage server.But in this field for smart client Challenge one it is lineal how to avoid accessing one to penetrate the subsequent firewall of router in (penetrate) local area network Cumbersome (cumbersome) setting that privately owned cloud storage server in family or working environment is carried out.Extremely for this challenge There are four kinds of solutions less.

A solution system is that router assignment (assign) one before privately owned cloud storage server is fixed The Internet Protocol address (IP) and opening (open) certain port (port), so that smart client can be from local area network The privately owned cloud storage server of the outer positioning of network and can self-authentication (authenticate), firewall-penetrating and with it is privately owned Cloud storage server establishes the communication channel of a safety.

When second of solution is suitable for being unable to get a fixed Internet Protocol address.User configures private clound It holds the local area network router of storage server and open certain port is to map to privately owned cloud storage server.Therefore, energy Enough smart clients by expection (intended) are via the dynamic Domain Name System (DNS) on Wide Area Network (dynamic Domain Name System (DDNS)) service positions router.Smart client can self-authentication, penetrate fire prevention Wall and the communication channel that a safety is established with privately owned cloud storage server.

The third solution system is to carry out intelligent device client by another routing server in Wide Area Network Virtual private networks (virtual private network between end and privately owned cloud storage server；VPN it) communicates.Virtually Private network communication enables smart client to position privately owned cloud storage server, self-authentication, penetrate fire prevention Wall and the communication channel that a safety is established with privately owned cloud storage server.

4th kind of solution system is to carry out intelligent device client by another routing server in Wide Area Network Remote Desktop Protocol (remote desktop protocol between end and privately owned cloud storage server；) or virtual network RDP Calculate (virtual network computing；VNC it) communicates.Remote Desktop Protocol/Virtual Networking Computing communicates so that intelligence Type device client can position privately owned cloud storage server, self-authentication, firewall-penetrating and store clothes with privately owned cloud Business device establishes the communication channel of a safety.Other solutions can be for the mix and match of above-mentioned solution.

In the first situation, needs a fixed Internet Protocol address and need to be arranged and configure router.It is unfavorable Place is that the Internet Protocol cost of a fixation is higher and can not usually obtain in family and small corporate environment.Router Setting and configuration may be extremely complex and have user's compatibility (user- for most consumers friendly)。

In second of situation, needs a dynamic Domain Name System service and router needs more complicated settings. Equally, dynamic Domain Name System is arranged so that the system cost is higher and more complicated.Router setting and configuration may be non- It is often complicated and do not have user's compatibility for most consumers.

In third and fourth kind situation, need to establish an external routes server or service, without carrying out one Router setting.External routes server or service are for controlling and handling the login between smart client and server (login)/verifying.Individual's property in privately owned cloud and safety can be reduced due to public cloud type server or service.If should Server or service are broken down (down) for any reason, then can jeopardize (jeopardize) privately owned cloud storage server Communication and availability.

It is all this etc. situations all need profession technology, this is likely to be suited for the situations such as traditional company's environment, but this not (centric deployment) is disposed at smart client center suitable for satisfying the needs of consumers.

In most of legacy systems, during accessing privately owned cloud server, smart client will use one External or public cloud type routing server.It can be caused to the smart client owner using an external server many It worries (concern).

Firstly, trust there is always query, is because all between smart client and privately owned cloud server In communication transaction (transaction), the lineal routing server one of external or public cloud type is an intermediate (middleman).Its all user's account informations, the password that can hold smart client and privately owned cloud server And its corresponding Internet Protocol address.Routing server can monitor the communication of any centre (sniff) and become it It is dangerous.

Second, as an outside and public cloud type routing server, the business prototype of owner may not be always It is consistent with the smart client owner or synchronous.If routing server is out of service because of any business reason, no There are any meanss to save the situation (remedy) or replacement (replacement) option to restore to service.Routing server is potentially A huge commercial risks is caused to user, is because the important link (link) in communication may be damaged but without recourse (recourse)。

Traditionally, for the communication between two smart clients, both sides all must be in a public cloud type Server is signed to reach real-time video, audio, text or application program communication.As described above, it is based on above-mentioned communication The fact that have to pass through a public cloud type server, privacy and safety will compromise easily.

Therefore, it is necessary to a kind of system and methods to solve the above problems.The present invention meets such needs.

Summary of the invention

The invention discloses a kind of methods using privately owned routing server, global network and smart client.It should Method is contained at least one privately owned cloud routing server and at least one smart client by this and is arranged to one Master-slave relationship.At least one privately owned cloud routing server includes first message box associated there.The first message Box is arranged at the publicly-owned cloud network.At least one smart client includes a second message associated there Box.This method is also contained in the meeting for transmitting a verifying between the first message box and the second message box with a secured fashion Words formula message.The conversational message is verified by the privately owned cloud routing server and an at least smart client. The smart client can mutually be communicated with the privately owned cloud routing server after the conversational message is verified.It connects At least one privately owned cloud routing server by smart client and by the publicly-owned cloud network and based on should Conversational message after verifying is safe and receivable ground.This method, which is also contained in a master-slave relationship, sets another intelligent dress Set client and the privately owned cloud routing server.At least two smart clients and the privately owned cloud route service Device can communicate with each other after the conversational message is verified.At least two smart clients can be via the public affairs for this With carrying out secret mutually with cloud network and communication safely.

Detailed description of the invention

Figure 1A system is the block diagram of a traditional cloud network infrastructure development (infrastructure)；

Figure 1B system is the block diagram according to a cloud network infrastructure of an embodiment；

Fig. 2 show can how via configure Router_P in local area network of privately owned cloud server and physically Access a traditional implementations of privately owned cloud server；

Fig. 3, which is shown, how logically to be accessed privately owned via registering in a virtual private networks routing server One traditional implementations of cloud server；

Fig. 4, which is shown, how logically to be deposited via registering in (intermediate) routing server among one Take an embodiment of privately owned cloud server；

Fig. 5 is shown can how logical via point-to-point (peer-to-peer) registered in an intermediate routing server Interrogate and logically access a traditional implementations of privately owned cloud server；

It is one initial to illustrate privately owned cloud server routing server according to the present invention and smart client by Fig. 6 Setting；

Fig. 7 shows the communication flow of smart client according to the present invention；

Fig. 8 shows the communication flow of privately owned cloud routing server according to the present invention；

Fig. 9 shows the block diagram of privately owned cloud routing server according to the present invention；

Figure 10 shows the block diagram of smart client according to the present invention；

Figure 11 shows smart client according to the present invention as a host side or object end to reach a secret And the communication flow of safety；And

Figure 12 is shown according to the present invention to the secret and the block diagram of a cloud network infrastructure of safe communication.

Symbol description

100: public cloud

101: smart client

102: router

103: router

104: local area network

105: local area network

106: smart client

107: smart client

108: privately owned cloud routing server

109: smart client

110: smart client

111: smart client

112: intermediate routing server

113: public cloud server

114: virtual private networks routing server

115: client message box

116: routing server message box

117: public the Internet protocol address

118: privately owned Internet Protocol address

119: public the Internet protocol address

120: privately owned Internet Protocol address

128: private network service

900: processor

902: random access memory

903: network interface

904: input and output

905: non-volatile

907: privately owned cloud routing server driver

908: device driver

909: operating system

1000: processor

1002: random access memory

1003: network interface

1004: input and output

1005: non-volatile

1006: application program

1007: privately owned cloud client driver

1008: device driver

1009: operating system

1100~1116: step

1200: public cloud

1201: smart client

1202:Router_P

1203:Router_S

1204,1205: local area network

1206,1207,1209,1210,1211: smart client

1208: privately owned cloud routing server

1228: private network service

1215: client message box

1216: routing server message box

1217:Public_IP_P

1218:Private_IP_P

1219:Public_IP_S

1220:Private_IP_S

1222,1223,1224,1225: communication path

Specific embodiment

The present invention is about network connection in general, is the use about privately owned cloud network more specifically.There is provided with It is lower to illustrate to be to enable the usual skill in technique to make and using the present invention, and illustrate to be with a patent below Application and its requirement provide for background.To made by embodiment described herein and General Principle and feature it is various retouching for Those who familiarize themselves with the technology will be evident.Therefore, the present invention be not intended to be limited to shown in embodiment, and be intended to meet with The consistent most wide range of principle and feature described herein.

In discussion in the whole text within a context, term " client " can be exchanged with " smart client ".It is discussing In, term " router " generally can be with " gateway (gateway) ", " access point " and/or " network address transmission " (network address translation；NAT it) exchanges.

A system in accordance with the present invention and method can solve in the environment to satisfy the needs of consumers one for a Wide Area Network In smart client following challenge, and then can obtain from a privately owned cloud storage server (PCSS) Or any privately owned cloud server (Private Cloud Server；PCS service):

1. accessing privately owned cloud server (PCS) whenever and wherever possible.

2. accessing PCS after firewall with fixed or dynamic Internet Protocol address.

3. not needing an outside or public cloud type routing server in Wide Area Network.

4. not needing additional router setting in local area network.

5. being verified using PCS.

6. establishing the communication channel of a safety with PCS.

If the grade challenges can be able to cope with and solve, can because plug and play (plug and play) simplification and can With property, and the deployment of privately owned cloud server and service is by build up index mode.It is taken by not utilizing a public cloud type to route Business device, can also eliminate the technology and business is worried.In the infrastructure of private clound end, be used to storage, on long-range table service with And Internet of Things (Internet of Things；IoT privately owned cloud server) can allow people that can afford and be widely used.

In private clound end ring border, if the privately owned cloud server of more than one or service and meanwhile coexist, by privately owned cloud It is advantageous that the function of server, which is divided into two mac functions (comprising privately owned cloud route service and private network service) system,. Private network service (Private Network Service；PNS) be designed in wired or wireless private network environment by Smart client is managed and accesses.The example of private network service includes: providing agreement (RDP) on long-range table Apps server, Virtual Networking Computing, office tools, media player and the dedicated application of other users.It is privately owned Network service also can be used as one for privately owned cloud service and include upper terabyte (terabyte) storage space (storage) Storage server.The function of the privately owned cloud route service of multiple privately owned cloud servers can be polymerize (aggregate) in Become the privately owned cloud routing server (PCRS) of only one together.It is privately owned that privately owned cloud routing server usually can be referred to one Cloud router.

A system in accordance with the present invention and method can solve the following challenge in the environment to satisfy the needs of consumers, to utilize Smart client in Wide Area Network comes from the privately owned of a privately owned cloud routing server (PCRS) to manage and access Network service (PNS).

1. accessing privately owned cloud routing server (PCRS) whenever and wherever possible.

2. accessing PCRS after firewall with fixed or dynamic Internet Protocol address.

4. not needing additional router setting in local area network.

5. being verified using privately owned cloud routing server (PCRS).

6. establishing the communication channel of a safety with private network service (PNS) to be managed and access.

If privately owned cloud routing server (PCRS) can meet above-mentioned challenge, different manufacturers and supplier are come from (vendor) heterogeneity (heterogeneous) privately owned cloud server can be broken down into simpler private network service simultaneously Eliminate the complexity of privately owned cloud setting, configuration and access.

The purpose system of a system in accordance with the present invention and method is to provide a privately owned cloud routing server (PCRS), private There are network service and client framework without utilizing a routing server.System according to the invention and method can solve above-mentioned Challenge a, so that client can access private network service (PNS) whenever and wherever possible.The system and method is also with fixed or dynamic Internet Protocol access PNS after a firewall, additional router setting and public cloud are not needed in Wide Area Network End type routing server, is verified using PCRS, and the communication channel of a safety is directly established with PNS.

As shown in Figure 1A, a cloud network infrastructure includes that the public cloud 100, one in Wide Area Network is public Cloud server 113, an intermediate routing server 112, a VPN routing server 114, a smart client 101, with An an and Router_P 102 and Router_S 103.Router_S103 is connected to a local area network 105 and public cloud Between internet in 100.Router_P 102 is connected between the internet in a local area network 104 and public cloud 100. It is for smart client 106,107 and a privately owned cloud server (PCS) 108 after LAN 104.In local area network It is for smart client 109,110 and 111 after 105.Smart client can be for a personal computer, notes Type computer, tablet computer, electronic book reading machine, global positioning system (GPS), intelligent TV, box (set top on machine Box), MP3 player or any embedded (embedded) device being connected to the network.

Beyond the clouds in network infrastructure development, smart client be represented as 101,106,107,109,110 and 111.The above smart client is therein, and any one is interchangeable in context and discussion.This discussion focuses on intelligent Device client 109, and within a context using it as representative.

Physically, a smart client 101,107 or 109 can be connected to the situation of privately owned cloud server 108 There are three types of.Firstly, smart client 107 judges whether target is located at part and can access (locally accessible) Local area network 104 in and determine be connected directly to privately owned cloud server 108.Second, smart client 101 judges Target is not located in the accessible local area network 104 in part and determines to be connected to public cloud 100 via Wide Area Network.Wide area network Network positions Router_P 102 and local area network 104, and is then connected to privately owned cloud server 108.Third, intelligence Type device client 109 judge target be not located in the accessible local area network 105 in part and determine across local area network 105, Router_S 103 is simultaneously connected to the public cloud 100 in Wide Area Network.

Then smart client 109 is positioned and joined to Router_P 102 and local area network 104 Privately owned cloud server 108.The first and second of situation system are two kinds of special circumstances and are derivation for the third situation (derivative).Therefore, it is beneficial for focusing on that range is wider and being in the higher third situation of complexity.

Fig. 2 show can how by configuring Router_P 102 in local area network 104 of privately owned cloud server 108 and Physically access a traditional implementations of privately owned cloud server 108.Configuration is carried out to Router_P 102 and is related to two A step.Firstly, user needs the privately owned Internet Protocol address by privately owned cloud server 108 to map to Router_P A particular port in 102, as shown in step 200.Second, user needs trustship (host) privately owned cloud server The public the Internet protocol address of 108 Router_P 102 is registered in the intermediate routing server 112 in Wide Area Network, As shown in step 201.Before smart client 109 can access privately owned cloud server 108, intermediate road is searched It is positioned by server 112 with the public the Internet protocol address to privately owned cloud server 108, as shown in step 202. As shown in step 203, then smart client 109 can start to access Router_P 102 predetermined port, wherein The predetermined port of Router_P 102 is accurately mapped to the privately owned Internet Protocol address of privately owned cloud server 108.

The configuration of Router_P 102 and the setting of intermediate routing server 112 be not in fact it is easy and for It can be extremely difficult for most of terminal users.In addition, by by the privately owned Internet Protocol of privately owned cloud server 108 Location, which maps to one, may cause a big safety to privately owned cloud server 108 by the extraneous port directly and permanently addressed Risk.

Privately owned cloud server 108 is direct and is exposed permanently to the external world, this can cause many pernicious attacks.In addition, intermediate 112 system of routing server is a public cloud type server.This causes many Gus to the owner of smart client 109 Consider.Firstly, trust there is always query, is because all between smart client 109 and privately owned cloud server 108 In communication transaction, lineal intermediate routing server 112 1 is an intermediate.It can hold smart client 109 and private There are all user's account informations, password and its corresponding Internet Protocol address of cloud server 108.Centre routing clothes Business device 112 can listen to intermediate any communication and it is made to become dangerous.

Second, as an outside or public cloud type routing server, the business model of intermediate routing server 112 may It will not be consistent with the owner of smart client 109 always or synchronous.If intermediate routing server 112 is because of any business Reason and it is out of service, then there is no the options of any means to save the situation or replacement to restore to service.It is potentially made to user It is because the important link in communication may be damaged but without recourse at a huge commercial risks.

Fig. 3 show can how via registered in a virtual private networks routing server 114 and logically Access a traditional implementations of privately owned cloud server 108.During being configured to a virtual private networks, privately owned cloud Server 108 is first by its public the Internet protocol address and its privately owned Internet Protocol address in a virtual private networks (VPN) it is registered in routing server 114 and keeps logging in (logging in), as shown in step 300.Intelligent device client End 109 is also by its public the Internet protocol address and its privately owned Internet Protocol address and same virtual private networks route service Device 114 is aligned, as shown in step 301.Virtual private networks routing server 114 is privately owned cloud server and intelligent dress It sets both clients 109 distribution virtual IP address and establishes a virtual private networks 302.At this point, intelligent device Client 109 and privately owned 108 system of cloud server are located at same virtual under the control of virtual private networks routing server 114 In Internet Protocol domain (domain).All communications between smart client 109 and privately owned cloud server 108 are root It is packed according to virtual private networks agreement.

In step 303, smart client 109 logs in virtual private networks routing server 114 and searches private There is the virtual IP address of cloud server 108.In step 304, it is blocked by virtual private networks routing server 114 It cuts and encapsulates all communications between smart client 109 and privately owned cloud server 108.As shown at step 305, intelligence Energy type device client 109 then can start to access privately owned cloud server 108.

With method disclosed by Fig. 2 on the contrary, virtual private networks routing server method is by without configuration of routers And it benefits.Therefore, so that setting is more easier for user.However, due to that must be routed via a public cloud type Server carries out all communications, can worry by the business of identical (even if will not be more serious).As a public cloud type clothes Business device, virtual private networks routing server 114 can cause all scrupulous to the user of smart client 109.It is first First, trust is because of all communications between smart client 109 and privately owned cloud server 108 there is always query During transaction, lineal virtual private networks routing server 114 1 is an intermediate.It can hold smart client 109 and privately owned cloud server 108 all user's information, password and its corresponding Internet Protocol address.It is virtual privately owned Network routing server 114 can listen to intermediate any communication and it is made to become dangerous.Second, as an outside and public affairs With cloud type routing server, the business prototype of virtual private networks routing server 114 may not always with intelligent dress The owner for setting client 109 is consistent or synchronizes.If virtual private networks routing server 114 stops because of any business reason Operation, then there is no any meanss to save the situation or the option of replacement to restore to service.Except nonowners fully control it is virtual privately owned Otherwise network routing server potentially causes a huge commercial risks to user, be because of the important link in communication It may be damaged but without recourse.

Fig. 4, which is shown, how via registering in an intermediate routing server 112 logically to access privately owned cloud One embodiment of server 108.In step 400, privately owned cloud server 108 is first by its public the Internet protocol address It is registered in an intermediate routing server 112 with its privately owned Internet Protocol address and obtains one group of ID and password from server. Smart client 109 is then by its public the Internet protocol address and its privately owned Internet Protocol address in same centre It is registered in routing server 112 and obtains one group of ID and password, as shown in the step marked with literal 401.During privately owned cloud server 108 logs in Between routing server 112, as shown at step 402.

Before smart client 109 can access privately owned cloud server 108, it is necessary to carry out multiple steps. Firstly, smart client 109 is via a safe lane (such as call, Email, text message or snail postal Part (snail mail)) ID and password of privately owned cloud server 108 are obtained from server, as shown in step marked with literal 403.It is intelligent Device client 109 is then using in the ID and password login of the ID of their own and privately owned cloud server 108 obtained Between routing server 112, as shown in the step marked with literal 404.It is intercepted by intermediate routing server 112 and encapsulates smart client All communications between 109 and privately owned cloud server 108, as shown in step 405.Finally, smart client 109 can Start to access privately owned cloud server 108, as shown in step 406.

With conventional method shown in Fig. 2 on the contrary, intermediate routing server method is benefited by configuration of routers is cancelled.Cause This, so that setting is more easier for user.However, due to must come via a public cloud type routing server into All communications of row can worry by the business of identical (even if will not be more serious).

As a public cloud type server, intermediate routing server 112 can be to all of smart client 109 Person causes all scrupulous.Firstly, trust there is always query, is because in smart client 109 and privately owned cloud service During all communication transactions between device 108, intermediate 112 system of routing server is an intermediate.It can hold intelligent device visitor All user's account informations, password and its corresponding Internet Protocol of family end 109 and privately owned cloud server 108 Location.Intermediate routing server 112 can listen to intermediate any communication and it is made to become dangerous.

Second, as an outside and public cloud type routing server, the business model of intermediate routing server 112 may It will not be consistent with the owner of smart client 109 always or synchronous.If intermediate routing server 112 is because of any business Reason and it is out of service, then there is no the options of any means to save the situation or replacement to restore to service.It potentially gives user A huge commercial risks is caused, is because the important link in communication may be damaged but without recourse.

Fig. 5 is shown can be how via the point-to- point communication registered in an intermediate routing server 112 and with logic Mode accesses an embodiment of privately owned cloud server 108.In step 500, privately owned cloud server 108 is first by its public affairs It is registered in an intermediate routing server 112 with Internet Protocol address and its privately owned Internet Protocol address and is obtained from server Obtain one group of ID and password.Smart client 109 is then by its public the Internet protocol address and its privately owned internet protocol View address registers in same intermediate routing server 112 and obtains one group of ID and password, as shown in step 501.Private clound End server 108 and smart client 109 log in intermediate routing server 112, as shown in step 502.

Before smart client 109 can access privately owned cloud server 108, it is necessary to carry out multiple steps. Firstly, smart client 109 and privately owned cloud server 108 from intermediate routing server obtain another party it is public because Special fidonetFido address and privately owned Internet Protocol address, as shown in step 503.Both sides are led to the initial output carried out each other News make a call to a hole during attempting in its respective router, as shown in step 504.Smart client 109 and private There are all communications between cloud server 108 to be all bound to together, and then establishes a point-to-point communication channel, such as step therebetween Shown in 505.Finally, smart client 109 can start to access privately owned cloud server 108, such as institute in step 506 Show.

Conventional method with Fig. 2, Fig. 3 and Fig. 4 is on the contrary, the intermediate routing server method of the present embodiment has in client The benefit of point-to- point communication is established between server and more preferably efficiency is provided.However, still can by it is all communication all via " Single Point of Faliure " problem of one single public cloud type routing server.As a public cloud type server, centre routing clothes Business device 112 can cause all scrupulous to the owner of smart client 109.Firstly, trust there is always query, be because Intermediate 112 system of routing server is an intermediate, holds smart client 109 and privately owned cloud server 108 All user's account informations, password and its corresponding Internet Protocol address.

Second, as an outside and public cloud type routing server, the business prototype of intermediate routing server 112 may It will not be consistent with the owner of smart client 109 always or synchronous.If intermediate routing server 112 is because of any business Reason and it is out of service, then there is no the options of any means to save the situation or replacement to restore to service.It potentially gives user A huge commercial risks is caused, is because the important link in communication may be damaged but without recourse.

A system in accordance with the present invention and method are to eliminate better than the great advantage therein one of above-mentioned conventional method The role of public cloud type routing server during access, such as in virtual private networks routing server or intermediate routing clothes It is engaged in general in the situation of device.It is a further advantage of the present invention that in smart client 109 and privately owned cloud server The secret information such as account password is no longer exchanged between 108.

Figure 1B system is the block diagram according to a cloud network infrastructure of an embodiment.The component illustrated with A referring to Fig.1 Identical component label having the same.However, in this embodiment, also there are two message boxes: client message box Message_box_S 115 and routing server message box message_box_P116, the purposes of two message boxes will with Lower detailed description.

It as shown in Figure 1A, is for the privately owned cloud routing of smart client 106,107, one after local area network 104 Server (PCRS) 108 and a private network service (PNS) 128.Original privately owned cloud server (PCS) 108 in Figure 1A Have changed in Figure 1B a privately owned cloud routing server (PCRS) 108 and a private network service (PNS) 128.In local It is for smart client 109,110 and 111 after network 105.Smart client can be for a personal computer, Notebook computer, tablet computer, electronic book reading machine, global positioning system, intelligent TV, box, MP3 are played on machine Machine or any embedded device being connected to the network.The smart clients such as this are expressed in network infrastructure development beyond the clouds It is 101,106,107,109,110 and 111.The above smart client it is therein any one in context and discussion It is interchangeable.This discussion focuses on smart client 109, and in this context using it as representative.

For feature of the invention is explained in more detail, referring now to Fig. 6, Fig. 7 and Fig. 8, wherein Fig. 6, Fig. 7 and Fig. 8 cover this The initial setup phase and access phase of invention.

It is one initial to illustrate privately owned cloud routing server 108 according to the present invention and smart client 109 by Fig. 6 Setting.Privately owned cloud routing server 108 forms a principal and subordinate (server-client) relationship with smart client 109. Privately owned cloud routing server 108 establishes an authorized client first with client account title and corresponding message box information Inventory.Message box information can be the email account for client, text message account or other unique public accounts The form of information.

In step 601, it in privately owned 108 side of cloud routing server, sends a conversational and invites to as authorized The message_box_S 115 of the expection smart client 109 of one of user.The conversational is invited Routing server message box address message_box_P 116.Then privately owned cloud routing server 108 is attempted from route service Device message box message_box_P 116 captures conversational access request, which includes client message box Address message_box_S 115, client public Internet Protocol address Public_IP_S 119 and privately owned internet protocol Address private_IP_S120 is discussed, it is such as shown in step 602.

If access request system is in vain, to be back to step 601.If access request system is effective, privately owned cloud Routing server 108 register the client message box 115 of smart client 109, public the Internet protocol address 119 with And privately owned Internet Protocol address 120, it is such as shown in step 604.Privately owned cloud routing server 108 sends a carrying, and it is worked as Preceding routing server public the Internet protocol address and privately owned Internet Protocol address public_IP_P 117 and private_ The conversational of IP_P 118 confirms to client message box message_box_S 115, as shown in step 605.Privately owned cloud Routing server 108 can start for communication request to be sent to smart client 109, as shown in step 606.

In 109 side of smart client, conversational is captured from the messge_box_S of their own 115 first and is invited Please, as shown in step 611.Conversational invites the message box address message_box_P comprising private clound end routing server 116.If the invitation system from privately owned cloud routing server 108 is in vain, to be back to step 611.If coming from private clound End routing server 108 invitation system be it is effective, then smart client 109 can reply a conversational access request To privately owned 108 message box message_box_P 116 of cloud routing server, to be routed whenever it needs to access privately owned cloud Its current client message box address, public the Internet protocol address and privately owned Internet Protocol are registered when server 108 Location, as shown in step 613.Conversational access request may include 109 message box address message_ of smart client Box_S 115 and client public Internet Protocol address and privately owned Internet Protocol address public_IP_S 119 and private_IP_S 120.Then smart client 109 captures carrying from client message_box_S 115 privately owned The current public the Internet protocol address of cloud routing server and privately owned Internet Protocol address public_IP_P 117 and The conversational of private_IP_P 118 confirms, as shown in step 614.Smart client 109 can start communicate Request is sent to privately owned cloud routing server, as shown in step 615.After two independent processes, just complete privately owned The initial setting up of cloud routing server 108 and smart client 109.

Message box server for Entrust Server or client message box can be for an e-mail server, text Message server (can be made for privately owned cloud routing server 108 (as a server) and smart client 109 For a client) between information exchange trustship security message any kind of server.In the industry cycle, the peace of message box server Full property and the business prototype person of having been used are known and expected.No matter message box server fail is caused for any reason, It can all be replaced or be redeployed immediately without jeopardizing the communication in the infrastructure of private clound end between server and client.

Fig. 7 shows the communication flow of smart client 109 according to the present invention.Smart client 109 Can start in the case where not via an intermediate routing server 112 or a virtual private networks routing server 114 with it is privately owned Cloud routing server 108 carries out point-to- point communication.Smart client 109 first will be by its Router_S's 103 One communication request is sent to the Router_P 102 of privately owned cloud routing server 108, as indicated in step 700.Router_S 103 registration smart clients 109 and privately owned cloud routing server 108 public the Internet protocol address and it is privately owned because Special fidonetFido address, as shown in step 701.Router_S103 output route keeps opening, and then makes a call to a hole and wait From the response of privately owned cloud routing server 108, as shown in step 702.Then Router_S 103 checks whether there is incoming (incoming) response comes from privately owned cloud routing server 108, as shown in step 703.If incoming response system is invalid And overtime, then the initialization procedure of smart client 109 restarts, as shown in step 708.If it does not exceed When, then it is back to step 702.However, if incoming response system be it is effective, Router_S 103 can be by privately owned cloud routing clothes Be engaged in the incoming public the Internet protocol address of device 108 and the institute of privately owned Internet Protocol address and smart client 109 Registration exports privately owned Internet Protocol address binding, as shown in step 704.Then privately owned cloud routing server will be come from 108 incoming request routes to smart client 109, as shown in step 705.Smart client 109 can Start to carry out safe point-to- point communication with privately owned cloud routing server 108 and access from privately owned cloud routing server 108 to take Business, as shown in step 706.

Fig. 8 shows the communication flow of privately owned cloud routing server 108 according to the present invention.Privately owned cloud routing server 108 can start and intelligent device in the case where not via an intermediate routing server 112 or a VPN routing server 114 Client 109 carries out point-to- point communication.The communication that privately owned cloud routing server 108 passes through its Router_P 102 for one first Request is sent to the Router_S 103 of smart client 109, as indicated in step 800.Router_P 102 is then Registered in response to the communication request in output smart client 109 and privately owned cloud routing server 108 it is public because Special fidonetFido address and privately owned Internet Protocol address, as shown in step 801.The output route holding of Router_P 102 is opened It puts, and then makes a call to a hole and wait the response from smart client 109, as shown in step 802.Router_P 102 check whether there is incoming response, to judge whether there is incoming response from smart client 109, such as step 803 Shown in.If incoming response system for it is invalid and its overtime, the initialization procedure of privately owned cloud routing server 108 reappear Start, as shown in step 808.If its non-overtime, is back to step 802.However, if incoming response system be it is effective, Router_P 102 can by the incoming public the Internet protocol address of smart client 109 and privately owned Internet Protocol The privately owned Internet Protocol address of output of registering of location and privately owned cloud routing server 108 is bound, as shown in step 804. Then the incoming request from smart client 109 is routed into privately owned cloud routing server 108.Privately owned cloud road By server 108 can carry out safe point-to- point communication with smart client 109 and receive from intelligent device The access of the service of client 109, as shown in step 806.

To ensure point-to- point communication channel safety, many safety measures are disposed, include AES encryption and/or safe package layer Reach an agreement on (secure socket layer；) and transport layer security agreement (transport layer security SSL；TLS). Conversational communication (including invitation, access request and confirmation) between server and client also utilizes random number seed (random Number seed), time stab (time stamp), encryption and hashing (hashing) defeat go-between (man-in- The middle) and fight back the attack from public cloud, with the safety that ensures to communicate and complete.

Since the present invention does not depend on a public cloud type routing server, therefore it can solve and mitigate smart client The owner's is all scrupulous.Firstly, Single Point of Faliure is not present between a client and a server.Second, in intelligent device visitor Intermediate is not present during any communication transaction between family end 109 and privately owned cloud routing server 108.Therefore, efficiency can be more It is good.Third can be such that intermediate any communication is not monitored, so that process is pacified very much for client and server Entirely.User's account information of smart client 109 and privately owned cloud routing server 108, password and its corresponding Internet Protocol address is from being not exposed to a public cloud.In smart client 109 and privately owned cloud routing server The external communication channel utilized in information exchange between 108 be only for two private message box message_box_S115 and message_box_P 116.In privately owned cloud routing server 108 and smart client 109 (as a client) Between never exchange encrypted message.The safety of communication be used for trustship message_box_S 115 and message_box_P 116 message box server is equally good.If being compromised message box or out of service, can dispose immediately another One replacement or standby message box.In the present invention, replaceable any key component (includes router, the network switch, message Box, smart client 109 or even privately owned cloud routing server 108) without will affect smart client The efficiency and integrality of communication link between 109 and privately owned cloud routing server 108.

Fig. 9 shows the block diagram of privately owned cloud routing server 108 according to the present invention.It includes a processor 900, with Machine access memory (RAM) 902, network interface 903, input and output (input/output；I/O) 904 and non-volatile storage Device (non-volatile storage) 905.Non-volatile 905 more accommodates an operating system (operating system；OS) 909, device driver 908 and privately owned cloud routing server driver 907.

Network interface 903 can be connected to local area network, Wide Area Network or 3G/4G network.904 system of input and output is for connecting It is connected to extraneous User's Interface, including, for example, input/output units such as keyboard, mouse, message and video signals.Non-volatile storage Device 905 is mounted with necessary software (comprising operating system and various device drivers).

Privately owned cloud routing server driver 907 disposed to from the corresponding of smart client 109 Privately owned cloud client driver communication.Privately owned cloud routing server driver 907 initiates to invite, handles access request, is right After will confirm that and send back smart client 109.Then, send communication request to smart client 109 simultaneously A hole is made a call in its router along outbound course.What once the incoming request arrival from smart client was beaten Hole, both-way communication channel are just bound to together.Privately owned cloud routing server driver 907 can start and intelligent device visitor Family end 109 carries out safe point-to- point communication.

Figure 10 shows the block diagram of smart client 109 according to the present invention.Smart client 109 is wrapped Containing a processor 1000, a RAM 1002, a network interface 1003, an input and output (I/O) 1004 and a non-volatile storage Storage 1005.It is private that non-volatile 1005 further includes 1009, one device driver 1008 and one of an operating system (OS) There is cloud client driver 1007.Smart client 109 can also be mounted with application program 1006 with privately owned cloud Routing server 108 communicates.Network interface 1003 can be connected to local area network, Wide Area Network or 3G/4G network.

1004 system of input and output is used to be connected to extraneous User's Interface, including, for example, touch pad, message and video signal etc. Input/output unit.Non-volatile can be for hard disk storage or flash type (flash based) solid magnetic disc (solid state disk).In non-volatile 1005, it is mounted with necessary software and (is driven comprising OS and device Device).Privately owned cloud client driver 1007 disposed to the corresponding private clound from privately owned cloud routing server 108 Routing server driver 907 is held to communicate.Privately owned cloud client driver 1007 is invited in response to server, and is replied to deposit Request is taken, the confirmation from privately owned cloud routing server 108 is then received.Then, communication request is sent to privately owned cloud Routing server 108 simultaneously makes a call to a hole along outbound course in its router.

Once incoming request from privately owned cloud routing server 108 reaches the hole beaten, both-way communication channel just by It is bound to together.Smart client 109 can start to carry out with privately owned cloud routing server 108 safe point-to-point logical News.Then private network service 128 can be managed and be accessed via public cloud 100 by smart client.In the whole text The meaning that middle wording " access " or " can access " are covered management or can be managed.

Consider for efficiency, in certain environments, privately owned cloud routing server 108 and corresponding router Router_P 102 can be for an entity.In any case of two kinds of situations, privately owned cloud routing server 108 is attainable any Private network service can all be accessed by smart client via public cloud 100.

Figure 11 is shown mounted on a privately owned cloud program of the smart client.The privately owned cloud program provides Three kinds of functions for the smart client.Under the privately owned cloud routing server, such as how about the function includes, Same one conversational communication of host side (host) initial, how as same object end (guest) be added a conversational communication and into Enter accessible service in entity local area network (physical LAN) or Virtual Local Area Network (virtual LAN).This is logical The left side of news process indicates how a host side (host) smart client originates a conversational communication.The communication flow Bottom right side indicate how object end (guest) smart client receives a communication and invite and the communication meeting is added Words.

Figure 12 is shown to be used for the secret between smart client and via the publicly-owned cloud and lead to safely One cloud network infrastructure of news.The smart client 1201,1211 and 1221, respectively via the communication path 1222,1224 and 1223, the privately owned cloud routing server 1208 can be set to the construction of aforementioned Fig. 6,7 and 8.This is privately owned Cloud routing server 1208 then sets up privately owned cloud road of the Virtual Local Area Network (figure is not painted) to allow this authorized The Virtual Local Area Network is participated in by such as member of server 1201,1211 and 1221.The smart client 1201 such as one Host side (host) being capable of an initial secret and safe communication via the program of the installation.The smart client 1211 Or 1221 via the program of the installation can be received such as an object end (guest) communication invite and with the intelligent dress of the host side Set the communication-type session that client 1201 carries out the secret and safety.

As shown in Figure 11 and 12, meeting is communicated when a smart client 1201 is intended to a host side (host) initial one such as Words, the installation (locat) are arranged simultaneously via the communication path 1222 first in the program of the host side smart client (log-in) is logined to the privately owned cloud routing server (Private Cloud Routing Server) 1100.In step 1102, after being set to the privately owned cloud routing server 1208, the Virtual Local Area Network (figure is added under the server It is not painted).A smart client such as host side 1104,1105 promises the communication that engages in conversation.The program allows the intelligence It can 1201 foundation of type device client and trustship (host) communication-type session (communication session) 1106.It should The program broadcast host side session is to invite communication object end 1107.Later, which is the starting of cognizable object end 1108 Scanning.Once the object end is authorized to, which can be such as a host side and the authorized object Hold the communication 1109 of smart client initial secret and safety.The secret and safety communication include video (video), Audio (audio), text (text) or application program (application) communication.The application program system all by the host side and A program (program), effectiveness (utility), operation (operation) or the remote desktop (remote of object end identification desk)。

A communication-type session is added when the smart client 1211 or 1221 is intended to an object end 1104,1105 such as, The program is installed on the object end smart client and is arranged and steps on via the communication path 1224 or 1223 respectively first Enter to the privately owned cloud routing server 1100.After the privately owned cloud routing server 1208 is arranged, in step 1102 It is middle that the Virtual Local Area Network is added (figure is not painted).The smart client such as promise of object end 1104,1105, which is added, to be talked Words communication.The program waits a communication to invite 1112.Once its receive one communication invite, the smart client 1211 or A communication-type session can be added in a 1221 such as object ends.The program is then that cognizable host side 1113 starts to be swept It retouches.When defining the host side, which logins verifying by the communication of the host side 1114.When being authorized to, this is intelligent The conversational communication 1115 can be then added in device client.The smart client 1211,2121 such as an object end 1116 With the communication of the 1201 initial secret of host side smart client and safety.The communication of the secret and safety includes view Frequently, audio, text or application program communication.The application program can be the program all recognized by the host side and object end, Effectiveness, operation or remote desktop.

In other embodiments of the invention, the smart client can in the privately owned cloud routing server it Under the entity local area network or the Virtual Local Area Network in any accessible service establish a secret and safety communication.Such as Shown in Figure 11 and 12, when the smart client 1201,1211 or 1221 is arranged and logs into the privately owned cloud routing clothes Business device 1208, can access any entity office under the privately owned cloud routing server via the communication path 1225 The accessible private network service 1110,1228 of domain network or Virtual Local Area Network.The private network service includes message, view Interrogate content, real-time or the execution of archive information and application program, Social Media, messaging (messaging), electronics postal Part, storage, backup, calendar, telephone directory (contact), synchronization, sharing, remote desktop (remote desktop), Internet of Things (Internet of Things；IoT) and other.

Although elaborating the present invention according to illustrated embodiment, the usual skill in technique will be apparent from, can The embodiments such as this are changed and the grade changes will be in spirit and scope of the present invention.Therefore, without departing substantially from accompanying Shen Please be under conditions of the spirit and scope of the scope of the patents, the usual skill in technique can make many retouchings.

Claims

1. a kind of method for a public cloud network, this method includes:

One at least one privately owned cloud routing server and at least one smart client are arranged to a principal and subordinate to close System, wherein at least one privately owned cloud routing server includes first message box associated there, the first message box On a public cloud network；Wherein at least one smart client includes a second message associated there Box；The second message box is located on the public cloud network；

Conversational message is transmitted between the first message box and the second message box with a secured fashion, wherein the conversational disappears Breath is verified by at least one privately owned cloud routing server and at least one smart client, wherein this at least one Smart client mutually communicates after the conversational message is verified at least one privately owned cloud routing server, Wherein at least one private network service is then based on the conversational message being verified by least intelligent device visitor Family end is safely accessed via the public cloud network, and at least one private network service is including at least any privately owned at this An accessible service for an entity local area network or a Virtual Local Area Network under the routing server of cloud；And

One at least one another smart client is set into the master-slave relationship, wherein being verified it in the conversational message Afterwards, an at least smart client and at least another smart client and at least one privately owned cloud route Server communication, wherein an at least smart client and at least one another smart client secret and peace It is mutually communicated via the public cloud network entirely.

2. the method as described in claim 1, which is characterized in that wherein at least one privately owned cloud routing server includes:

One computing device；

Lead to a connection of a network via a router；

One program, to make at least one privately owned cloud routing server:

(a) it creates and manages an authorized client inventory, to accommodate multiple smart clients；

(b) conversational is sent to invite to the second message box；

(c) a conversational access request of an at least smart client is received from the first message box；And

(d) conversational is sent to confirm to the second message box.

3. method according to claim 2, which is characterized in that wherein the program makes at least one privately owned cloud route service Device:

(e) communication request is sent to an at least smart client；

(f) hole is made a call in the router, so that smart client response keeps opening co-pending；

(g) router is waited to bind between an at least smart client and at least one privately owned cloud routing server A network connection；

(h) at least one privately owned cloud routing clothes will be routed to from the one of an at least smart client incoming request Business device；

(i) a safe point-to- point communication is established with an at least smart client；

(j) an at least smart client is made to access an at least private network service；And

(k) make the communication of a secret and safety in an at least smart client and at least one another intelligent device It is carried out between client.

4. method according to claim 2, which is characterized in that wherein this at least a smart client includes:

One computing device；

Lead to a connection of a network via a router；

Wherein the router has a program, which makes an at least smart client:

(a) conversational is captured from a smart client message box to invite；

(b) a conversational access request to a privately owned cloud routing server message box is sent；

(c) conversational confirmation is captured from the smart client message box；

(d) communication request is sent at least one privately owned cloud routing server；

(e) hole is made a call in the router, so that a privately owned cloud routing server response keeps opening co-pending；

(f) router is waited to bind between at least one privately owned cloud routing server and an at least smart client A network connection；

(g) at least intelligent device visitor will be routed to from the one of at least one privately owned cloud routing server incoming request Family end；

(h) a safe point-to- point communication is established at least one privately owned cloud routing server；

(i) private network service is accessed via at least one privately owned cloud routing server；And

(j) it is communicated via at least one privately owned cloud routing server at least one another smart client.

5. method according to claim 2, which is characterized in that wherein this at least a smart client includes:

One computing device；

Towards a network one it is wired and be wirelessly connected one of；

With an appendage, which makes an at least smart client:

(a) conversational is captured from a smart client message box to invite；

(b) it sends a conversational and returns back to a privately owned cloud routing server message box；

(d) access request is sent at least one privately owned cloud routing server；

(e) a privately owned cloud routing server response is waited；

(f) network bound between at least one privately owned cloud routing server and an at least smart client connects It connects；

6. method as claimed in claim 4, which is characterized in that the program executes:

At least one privately owned cloud routing server is accessed whenever and wherever possible；

At least one privately owned cloud routing server is accessed after firewall with fixed or dynamic Internet Protocol address；Wherein An at least smart client does not need an outside or public cloud type routing server in Wide Area Network；In local Additional router setting is not needed in network；And it is point-to-point logical at least one privately owned cloud routing server to establish a safety Interrogate channel；

Private network service is accessed via at least one privately owned cloud routing server；And

It is communicated via at least one privately owned cloud routing server at least one another smart client.

7. method as claimed in claim 5, which is characterized in that the program executes:

8. method as claimed in claim 4, which is characterized in that the program executes:

By local entities' input-output mappings to a virtual private cloud end routing server input and output；

It is communicated via at least one privately owned cloud routing server and at least one another smart client.

9. method as claimed in claim 5, which is characterized in that the program executes:

By local entities' input-output mappings to virtual server input and output；

10. a kind of privately owned cloud routing server, includes:

One computing device；

Lead to a connection of a network via a router；

One program, is executed so that the privately owned cloud routing server by the computing device: being created and to manage an authorized client clear It is single, to accommodate multiple smart clients；A conversational is sent to invite to multiple smart client at least The second message box of one of them；The conversational for receiving an at least smart client from a first message box is deposited Take request；A conversational is sent to confirm to the second message box of an at least smart client；Make an at least intelligence Energy type device client accesses private network service, and wherein the private network service includes at least any in privately owned cloud routing An accessible service for an entity local area network or a Virtual Local Area Network under server；And at least one intelligence The communication of secret and safety is carried out between type device client and one at least one another smart client.

11. privately owned cloud routing server as claimed in claim 10, which is characterized in that the program executes:

A communication request is sent to an at least smart client；

A hole is made a call in the router, so that smart client response keeps opening co-pending；

The router is waited to bind the network between an at least smart client and the privately owned cloud routing server Connection；

The privately owned cloud routing server will be routed to from the one of an at least smart client incoming request；

A safe point-to- point communication is established with an at least smart client；

An at least smart client is set to access private network service；And

Secret and peace are carried out between an at least smart client and at least one another smart client Full communication.

12. a kind of smart client, includes:

One computing device；And

Lead to a connection of a network via a router；Wherein the router has a program, which makes the intelligent dress It sets client: capturing a conversational from a smart client message box and invite；A conversational access request is sent to one Privately owned cloud routing server message box；Conversational confirmation is captured from the smart client message box；It is logical to send one News are requested to a privately owned cloud routing server；A hole is made a call in the router, so that a privately owned cloud routing server is rung It should keep opening co-pending；The router is waited to bind one between the privately owned cloud routing server and the smart client Network connection；The smart client will be routed to from the one of the privately owned cloud routing server incoming request；With this Privately owned cloud routing server establishes a safe point-to- point communication；Via the privately owned cloud routing server access private network clothes Business, wherein the private network service include at least any entity local area network under the privately owned cloud routing server or An accessible service for one Virtual Local Area Network；And via the privately owned cloud routing server and one at least one another intelligence It is communicated between type device client.

13. smart client as claimed in claim 12, which is characterized in that the program executes:

The privately owned cloud routing server is accessed whenever and wherever possible；

The privately owned cloud routing server is accessed after firewall with fixed or dynamic Internet Protocol address；The wherein intelligence Type device client does not need an outside or public cloud type routing server in Wide Area Network；It is not needed in local area network Additional router setting；And a point-to-point communication channel of safety is established with the privately owned cloud routing server；

Private network service is accessed via the privately owned cloud routing server；And

It is communicated via between the privately owned cloud routing server and at least one another smart client.

14. smart client as claimed in claim 12, which is characterized in that the program makes:

The privately owned cloud routing server is accessed after firewall with fixed or dynamic Internet Protocol address；The wherein intelligence Type device client does not need an outside or public cloud type routing server in Wide Area Network；It is not needed in local area network Additional router setting；And a point-to-point communication channel of safety is established with the server；

By local entities' input-output mappings to virtual server input and output；

15. a kind of smart client, includes:

One computing device；

Towards a connection of a network；And

One program, the program make the smart client: capturing a conversational from the smart client message box It invites；It sends a conversational and returns back to a privately owned cloud routing server message box；From a smart client message box Capture conversational confirmation；An access request is sent to a privately owned cloud routing server；Wait the privately owned cloud route service Device response；Bind the network connection between the privately owned cloud routing server and the smart client；The private will be come from There is an incoming request of cloud routing server to route to the smart client；It is built with the privately owned cloud routing server A vertical safe point-to- point communication；Private network service is accessed via the privately owned cloud routing server, wherein the private network takes What business included at least any entity local area network under the privately owned cloud routing server or a Virtual Local Area Network can The service touched；And via between the privately owned cloud routing server and one at least one another smart client into Row communication.

16. smart client as claimed in claim 15, which is characterized in that the program executes:

17. smart client as claimed in claim 15, which is characterized in that the program executes:

By local entities' input-output mappings to virtual private cloud end routing server input and output；

18. a kind of smart client, includes:

One computing device；

Towards a connection of a network；And

One program, the program is to be arranged a privately owned cloud routing server and make the smart client: from an intelligence Type device client message box captures a conversational and invites；It sends a conversational and returns back to a privately owned cloud routing server message Box；Conversational confirmation is captured from the smart client message box；An access request to the privately owned cloud is sent to route Server；Wait the privately owned cloud routing server response；Bind the privately owned cloud routing server and intelligent device visitor A network connection between the end of family；Intelligent device visitor will be routed to from the one of the privately owned cloud routing server incoming request Family end；A safe point-to- point communication is established with the privately owned cloud routing server；It is added on the privately owned cloud routing server One Virtual Local Area Network；Access private network service via the privately owned cloud routing server, wherein the private network service to It is accessible comprising any entity local area network under the privately owned cloud routing server or the Virtual Local Area Network less A service；

With one conversational communication of role's initial of a host side；Establish simultaneously trustship conversational communication；Invite communication object end；For can quilt The object end of identification is scanned；With the communication of one secret of object end initial and safety；And

A communication invitation is received with the role at an object end and the conversational communication is added；Host side for that can be identified is swept It retouches；Login communication verifying；The conversational communication is added；And the communication with the host side initial secret and safety.

19. smart client as claimed in claim 18, which is characterized in that the program executes:

The privately owned cloud routing server is accessed after firewall with fixed or dynamic Internet Protocol address；The wherein intelligence Type device client does not need an outside or public cloud type routing server in Wide Area Network；It is not needed in local area network Additional router setting；And a point-to-point communication channel of safety is established with the server；And

Private network service is accessed via the privately owned cloud routing server.

20. smart client as claimed in claim 18, which is characterized in that the program executes:

The privately owned cloud routing server is accessed after firewall with fixed or dynamic Internet Protocol address；The wherein intelligence Type device client does not need an outside or public cloud type routing server in Wide Area Network；It is not needed in local area network Additional router setting；And a safe point-to- point communication is established with the privately owned cloud routing server；And

The logical of secret and safety is carried out via the privately owned cloud routing server and at least one another smart client News.

21. smart client as claimed in claim 18, which is characterized in that the communication of the secret and safety includes:

One of one video, an audio, text and an application program and the application program are all by the host side and visitor One of a program, effectiveness, operation and the remote desktop of body end identification.