GAO XI (CN)
ZHONG LI (CN)
| JP2009288894A | 2009-12-10 | |||
| JP2002171286A | 2002-06-14 |
| CLAIMS: 1. A secured Instant Messaging(IM) system structure based on identification, including IM user, IM server and IM router, the main features are: Every IM user has a unique identification User ID(UID) across all networks, the UID includes the server identification Host ID(HID) that the user registered; two or more IM users can securely use IM through IM server; Every IM server has a unique identification HID across all networks, IM servers which its IM users conduct P2P(Peer-to-Peer) or group messaging will interconnects and communicate to form an IM service network, providing IM users secured IM service; Every IM router has a unique identification Router ID(RID) across all networks, manages one or multiple IM servers, IM routers form a routing service network, to provide a secure addressing service based on IM server's identification HID. 2. Referring to "IM system structure" mentioned in claim 1 of claim statement, the features are: IM user has a unique Identification UID across all networks, the UID includes a username and the server identification HID that a user has registered; other information of IM user includes: nickname, real name, gender, birth date, 2-dimensional code and etc. 3. Referring to "IM system structure" mentioned in claim 1 of claim statement, the features are: pre-configured information of IM server includes: name, identification HID , description, network address, status, identification RID of associated IM router, connection relation table and etc. 4. Referring to "IM server" mentioned in claim 1 or 3 of claim statement, the features are: the connection relation table of every IM server stores the information of name, server identification HID , network address and status of other IM servers that was previously connected to this IM server; For a newly added IM server that IM router fed back, after verifying it is in normal working condition, its relevant information of name, server identification HID , network address, status will be added to the connection relation table. 5. Referring to "connection relation table" mentioned in claim 4 of claim statement, the features are: when an IM user initiates P2P(Peer-to peer) or group messaging with other IM users, if the target IM servers that the other IM users registered are already in the connection relation table of the EVI user's source EVI server, then the source IM server will directly establish network connection with the target IM servers without going through IM router. 6. Referring to "IM system structure " mentioned in claim 1 of claim statement, the features are: pre-configured information of IM router includes: name, identification RID, description, network address, status, list of the IM servers HID it manages, neighbor IM router identification RID list, routing table and etc. 7. Referring to "EVI router" mentioned in claim 1 or 6 of claim statement, the features are: when an IM user initiates P2P(Peer-to peer) or group messaging with other IM users, if the target IM servers that the other IM users registered are not in the connection relation table of the EVI user's source EVI server, then the source EVI server will forward the identification HID of the target IM servers to its associated IM router, and send addressing request; The EVI router will search the target EVI servers' network addresses based on its routing strategy; and feed them back to the source IM server after the target EVI servers' network addresses are found. 8. Referring to "EVI router" mentioned in claim 1 or 6 or 7 of claim statement, the features are: the strategies for conducting network addressing for the IM server are based on maximum speed priority strategy or shortest path priority strategy. 9. Referring to "secured IM" mentioned in claim 1 of claim statement, the features are: the network connection from IM user to IM server, amongst IM servers, and the messaging data amongst IM users are being encrypted. 10. Referring to "secure addressing service" mentioned in claim 1 of claim statement, the features are: the confirmation of neighbor relationship among IM routers, IM routers and the IM servers that they manage are required to authenticate from each other. |
Background Art
IM is the process of mobile phones, tablet PCs and computer user to send and receive text, picture, audio clips, video clips via a network; it is one of the common applications on internet. Typical usage of IM including WeChat, QQ, Skype, RTX(Real Time eXpert), e-contact and more. The first three players are targeted for public users; the last two players are targeted for users from enterprise or organizations.
Enterprises and organizations are able to conveniently deploy their own internal IM system using RTX(Real Time eXpert) software, but do not address the connectivity, communication and security issues between different enterprises or organization, and public IM. e-contact is an IM service platform that targets small organization or enterprise, whereby all enterprises and organizations will be assigned to various IM servers according to predefined rules; connectivity among various servers are managed by the primary and secondary controllers; users from enterprises and organizations internally and users from various enterprises and organizations are able to connect IM on the same platform. These systems are still having the following imperfections:
(1) Even if the IM servers deployed by various enterprises or organizations and the public IM servers are using the same IM system, they still won't be able to interconnect and communicate, this will reduce the flexibility of group messaging, seriously affecting the collaborative work efficiency of enterprises and organizations. If they're not using the same IM system, it would be even harder to interconnect and communicate, although there is some protocol converter gateway technology that can tackle this issue, but greatly increase the complexity of implementing the system, as of today, it still doesn't become practical yet.
(2) The present public internet IM system does not provide secure data storage and transmission service; Enterprise version of IM system can provide users secure data transmission, but doesn't provide a secure storage of local data, and will not able to securely transfer and store data when conducting P2P(Peer-to-Peer)or group messaging among enterprises or organizations users, various enterprises or organizations users. Disclosure of Invention
The objective of this invention is to provide a secured IM system structure that enables connectivity and communication amongst internet, enterprises intranet, cloud computing platform and other complex network environments, formed by a three layer "Routing + Service + User" structure to build a flexible, secure, and controllable IM system.
This invention discloses a secured IM system structure base on identification, comprising of IM user, IM server and IM router. Details are as below: (1) IM user. Every IM user has a unique Identification User ID(UID) across all networks, the UID includes the server identification Host ID(HID) that the user registered; two or more IM users can securely use IM through IM server; the UID includes a username and the server identification host HID that the user registered; other information of IM user includes: nickname, real name, gender, birthdate, 2-dimensional code and etc.
(2) IM server. Every IM sever has a unique identification HID across all networks, IM servers which its IM users conduct P2P(Peer-to-Peer) or group messaging will interconnects and communicate to form an IM service network, providing the IM users a secured IM service; pre-configured information of IM server includes: name, Identification HID , description, network address, status, identification Router ID(RID) of associated IM router, connection relation table and etc.
(3) IM router. Every IM router has a unique identification RID across all networks, manages one or multiple IM servers, IM routers form a routing service network, to provide a secure addressing service based on IM server's identification HID to facilitate the network connection among IM servers; pre-configured information of IM router includes: name, identification router RID, description, network address, status, list of the IM server HID it manages, neighbor IM router identification router RID list, routing table and etc. The functionality of the connection relation table of IM server are :The connection relation table of every IM server stores the information of name, server identification host HID , network address and status of the other IM servers that previously connected to this IM server; For a newly added IM server that IM router fed back, after verifying it is in normal working condition, its relevant information of name, server identification host HID , network address, status will be added to the connection relation table.
When an IM user initiate P2P(Peer-to peer) or group messaging, if the target IM servers of relevant IM users are already in the connection relation table of the IM user's source IM server, then the source IM server will directly establish network connection with the target IM servers without going through IM router.
When an IM user initiate P2P(Peer-to peer) or group messaging, if the target IM servers of relevant IM users are not in the connection relation table of the IM user's source IM server, then the source IM server will forward the identification HID of the target servers to its associated IM server, and send addressing request; The IM router will search the target IM servers' network address based on routing strategy; subsequently feed them back to the source server after the target IM servers' network address are found. Regarding a secured IM system structure based on identification mentioned in this invention, strategy used by IM router to conduct addressing for IM servers will be maximum speed priority strategy or shortest path priority strategy.
A secured IM system structure based on identification of this invention also include the data security module, the network connection from IM user to IM server, amongst IM servers, and network conversation data amongst IM users are being encrypted. Moreover the IM router provides a secure addressing service, the confirmation of neighbor relationship among IM routers, IM routers and the IM servers that they manage are required to authenticate each other.
Description Of Drawings and Best Mode for Carrying Out The Invention
The following will further elaborate the appendix and detailed description:
FIG.l: Structure diagram of the invention - A secured IM system structure
FIG.2: Deployment diagram of the invention - A secured IM system structure
FIG.l is the structure diagram of the secured IM system structure.
The system is based on a three layered structure, base structure is user layer, comprising of IM users; Middle layer is service layer, to provide IM service to user layer; top layer is routing layer, to provide addressing and other services to service layer.
(1) User layer
This Layer comprises of IM users. User will acquire an IM account and becoming IM user upon successful registration at an IM server. User can register various user accounts at various IM servers, becoming a different IM user, to login and use on one or multiple mobile phones, tablet computers or personal computer terminals.
Every IM user has a unique Identification User ID (UID) across all networks, the UID includes the server identification HID that the user registered; two or more IM users can securely use IM through IM servers; the UID includes the username and IM server identification HID that the user registered; other information of IM user includes: nickname, real name, gender, birth date, 2-dimensional code and etc.
(2) Service layer
This Service layer comprises of IM servers. Every IM server has a unique identification HID across all networks, IM servers will interconnects and communicate to form an IM service network, providing IM users a secured IM service; pre-configured information of IM server includes: name, Identification HID, description, network address, status, identification RID of associated IM router, connection relation table and etc.
IM server integrates access point, IM application and database in one place; it can be an actual server or virtual machine. Equipped with encrypted storage and access control functions on IM, the network connection from IM user to IM server, amongst IM servers, and network conversation data amongst IM users are being encrypted. Before conducting routing lookup and management operations, the IM server will perform authentications with IM router.
(3) Routing layer
This layer comprises of IM routers. Every IM router has a unique identification RID across all networks, manages one or multiple IM servers, IM routers form a routing service network, to provide a secure addressing service based on IM server's identification HID. Pre-configured information of IM router includes: name, identification RID, description, network address, status, list of the IM server HID it manages, neighbor IM router identification RID list, routing table and etc. FIG.2: Deployment diagram of the invention - A secured IM system structure IM routers can establish IM routing service network in flat mesh topology or hierarchical tree topology, based on the scale of IM servers and the addressing efficiency. They are on the top level of the IM system structure, responsible for providing addressing service for IM servers that they manage. In this diagram, the routing service network of IM network comprises of IM router Rl, R2, R3, R4 to Rm.
IM server is the provider of network IM service, various IM servers forms IM service network, data exchange of IM only store and circulate among IM servers. Every IM server will have an IM router to provide its addressing service. If the IM server of the IM user initiating IM doesn't know the network address of target IM server associated with the target IM user, it will send a network addressing request to its associated IM router. In this scenario, IM server SI and S3 is associated with IM router Rl, IM Server S2, S6 and S7 is associated with IM router R3, Instant Messing Server S4 and S5 is associated with IM router R2, Instant Messing Server S8 is associated with IM router R4, IM Server Sn is associated with IM router Rm.
IM user is the user of IM service; every IM user will register and login at their respective
IM server. In reality, users can register multiple IM user account at the same or various
IM servers, and login at the same or different terminal. In this scenario:
U 1 , U2 and U3 are the IM users of IM server S 1 ,
U4, and U5 are the IM users of IM server S2,
U6 are the IM users of IM server S3,
U 10 are the IM users of IM server S4,
U7 and U8 are the IM users of IM server S5,
U9 are the IM users of IM server S6.
All IM users can initiate P2P(Peer-to-Peer)or group messaging, to conduct IM with the target user.
Here we use a typical IM system to elaborate the details of this invention. Assuming user Ul, U2, U3, U4, U5, U6, U7, and U8 are registered to the IM servers and pass the user authentication. User Ul, U2 and U3 are registered and login at IM server S I,
User U4, and U5 are registered and login at IM server S2,
User U6 are registered and login at IM server S3,
User U7, and U8 are registered and login at IM server S5.
Assuming IM server S2 is in the connection relation table of IM server SI (Because S I and S2 have previously conducted IM, The connection relation table of SI have the network address and status information of S2),IM server S3, S4 and S5 haven't previously establish connection with IM server S 1.
As shown in Diagram 2, the actual steps consists the folio wings:
(1) IM user Ul creates a group chat (group messaging), invites IM user U2, U3, U4, U5, U6, U7 and U8 to join;
(2) The IM server SI associated with Ul discovered that user Ul, U2, and U3 are its own associated users, but U4, U5, U6, U7, and U8 is not its own associated users.
(3) IM server SI analyze the Identification UID data of U4, U5, U6, U7 and U8, identify the IM server names and identification HID that the users registered and logged in, is S2, S3 and S5;
(4) IM server S 1 checks its connection relation table, identify that IM server S2 is already in it, and subsequently establish connection with S2, User U4 and U5 are connected to group chat;
(4) SI doesn't know the network address of IM server S3 and S5, subsequently SI sends addressing request to its associated IM router Rl;
(5) Rl check the HID list of IM server that it manages, identify S3 in the list, subsequently feedback the network address of S3 to S I;
(6) SI and S3 establish network connection according to the network address of S3, user U6 is connected to group chat;
(7) Rl check its neighbor IM router identification RID list, forward addressing request on IM server S5 to neighbor IM router R2 and R3;
(8) IM router R2 receives the addressing request; identify S5 in HID list of IM server that it manages, feedback the network address of S5 to Rl. (9) Rl will send back network address of S5 to SI, SI establish network connection with S5 based on the network address response from SI, subsequently user U7 and U8 join the group chat;
(10) IM server SI establishes network connection with IM server S2, S3, S5 that are connected with all the users, network addressing completed.