CN102984277B

CN102984277B - Prevent the system and method that malice connects

Info

Publication number: CN102984277B
Application number: CN201210548620.XA
Authority: CN
Inventors: 吴浩; 任寰
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2012-12-17
Filing date: 2012-12-17
Publication date: 2015-11-25
Anticipated expiration: 2032-12-17
Also published as: CN102984277A

Abstract

The invention provides a kind of system preventing malice from connecting, comprising: browser client, for sending connection request to distributor, and connecting with corresponding socket server according to the distribution of described distributor; Distributor, for receiving the connection request that browser client sends, and be this browser client distribution socket server, and be this connection distribution connection identifier (CID, the link information of distributed socket server and this connection identifier (CID are sent to browser client by distributor, and are cached in buffer by relevant information; Socket server, for receiving described connection identifier (CID with the connection of described browser client from browser client via set up, and according to buffer memory connection identifier (CID in both the buffers, the connection identifier (CID that this receives is verified, keep according to the result or disconnect described connection.Utilize the solution of the present invention can stop taking in a large number and shelving of storage resources, and prevent the generation of illegal connection.

Description

Systems and methods for preventing malicious connections

技术领域technical field

本发明涉及信息技术数据同步领域，尤其涉及一种防止恶意连接的系统和方法。The invention relates to the field of information technology data synchronization, in particular to a system and method for preventing malicious connections.

背景技术Background technique

目前，随着网络技术的发展，互联网作为一个庞大的信息资源，成为人们获取信息的最方便、快捷的途径。目前，用户通常使用个人计算机接入英特网(Internet)，并通过个人计算机中安装的浏览器(Browser)访问网页，获得需要的信息。随着移动通信技术的发展，用户还可以通过支持浏览器功能的移动终端接入英特网，例如手机、个人数字助理(PersonalDigitalAssistant，简称PDA)。At present, with the development of network technology, the Internet, as a huge information resource, has become the most convenient and fast way for people to obtain information. At present, a user usually uses a personal computer to access the Internet (Internet), and accesses a webpage through a browser installed in the personal computer to obtain required information. With the development of mobile communication technologies, users can also access the Internet through mobile terminals supporting browser functions, such as mobile phones and personal digital assistants (Personal Digital Assistant, PDA for short).

然而，无论是个人计算机上的浏览器还是移动终端上的浏览器，一般不提供推送服务，服务器端与客户端的信息交互依赖于客户端发起的连接，服务器端无法主动地将信息发送给客户端，从而无法实现服务器端与浏览器客户端之间的信息的实时同步。However, whether it is a browser on a personal computer or a browser on a mobile terminal, generally no push service is provided, and the information interaction between the server and the client depends on the connection initiated by the client, and the server cannot actively send information to the client , so that real-time synchronization of information between the server and the browser client cannot be realized.

现有技术中，最常用的实现浏览器客户端与服务器端浏览器数据同步的方式是浏览器客户端以一定频率向服务器端发送请求，如每周一次或每月一次，如果服务端有相关信息的更新则获取这些信息。然而，申请人发现该种数据同步方式存在如下技术缺陷：效率比较低、占用资源多、不能做到内容的真正实时同步更新。In the prior art, the most commonly used way to synchronize browser data between the browser client and the server is that the browser client sends a request to the server at a certain frequency, such as once a week or once a month. Updates to the information capture this information. However, the applicant found that this data synchronization method has the following technical defects: relatively low efficiency, takes up a lot of resources, and cannot achieve true real-time synchronous update of content.

在为了实现对浏览器客户端的数据实时同步，而维护浏览器客户端与网络侧的连接的情况下，存在一些浏览器客户端恶意不停地向网络侧发起连接请求的情况，而网络侧不停地向这些浏览器客户端用户分配网络资源，并将分配信息不停地存入相应的存储库中，则会占用大量的存储资源，造成存储资源的大量浪费。现有技术中缺少一种有效的机制来防止非法连接的产生。In order to achieve real-time data synchronization of the browser client and maintain the connection between the browser client and the network side, there are cases where some browser clients maliciously initiate connection requests to the network side continuously, but the network side does not Continuously allocating network resources to these browser client users and continuously storing the allocation information in the corresponding storage repository will occupy a large amount of storage resources, resulting in a large waste of storage resources. An effective mechanism to prevent illegal connections is lacking in the prior art.

发明内容Contents of the invention

鉴于上述问题，提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的防止恶意连接的系统和方法。In view of the above problems, the present invention is proposed to provide a system and method for preventing malicious connections that overcome the above problems or at least partially solve the above problems.

根据本发明的一个方面，提供了一种防止恶意连接的系统，该系统包括：浏览器客户端，用于向分发器发送连接请求，以请求与套接字服务器建立连接，并根据所述分发器的分配与对应的套接字服务器建立连接；分发器，用于接收浏览器客户端发送的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端，并将与该连接请求相关的信息以及该连接标识符缓存到缓存器中；套接字服务器，用于经由所建立的与所述浏览器客户端的连接从浏览器客户端接收所述连接标识符，并根据缓存在缓存器中的连接标识符对该接收到的连接标识符进行验证，根据验证结果保持或断开所述连接。According to one aspect of the present invention, a system for preventing malicious connections is provided, the system includes: a browser client, configured to send a connection request to a distributor to request to establish a connection with a socket server, and according to the distribution The distributor establishes a connection with the corresponding socket server; the distributor is used to receive the connection request sent by the browser client, and allocate a socket server to the browser client according to the connection request, and allocate a socket server to the connection. A globally unique connection identifier, the distributor sends the allocated socket server connection information and the connection identifier to the browser client, and caches the information related to the connection request and the connection identifier to In the cache; the socket server is configured to receive the connection identifier from the browser client via the established connection with the browser client, and receive the received connection identifier according to the connection identifier cached in the cache. The connection identifier is verified, and the connection is maintained or disconnected according to the verification result.

根据本发明的另一个方面，提供了一种防止恶意连接的方法，该方法包括：浏览器客户端向分发器发送连接请求，以请求与套接字服务器建立连接，并根据所述分发器的分配与对应的套接字服务器建立连接；分发器接收浏览器客户端发送的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端，并将与该连接请求相关的信息以及该连接标识符缓存到缓存器中；套接字服务器经由所建立的与所述浏览器客户端的连接从浏览器客户端接收所述连接标识符，并根据缓存在缓存器中的连接标识符对该接收到的连接标识符进行验证，根据验证结果保持或断开所述连接。According to another aspect of the present invention, a method for preventing malicious connections is provided, the method comprising: the browser client sends a connection request to the distributor to request to establish a connection with the socket server, and according to the distributor's Assign and establish a connection with the corresponding socket server; the distributor receives the connection request sent by the browser client, and allocates a socket server to the browser client according to the connection request, and assigns a globally unique connection identifier to the connection character, the distributor sends the allocated socket server connection information and the connection identifier to the browser client, and caches the information related to the connection request and the connection identifier in the buffer; The socket server receives the connection identifier from the browser client via the established connection with the browser client, and verifies the received connection identifier according to the connection identifier cached in the cache, according to The verification result maintains or disconnects the connection.

根据本发明的再一个方面，提供了一种浏览器实时同步中防止恶意连接的系统，该系统包括云存储服务器端、推送服务器和多个浏览器客户端、分发器和套接字服务器，其中：所述云存储服务器端，用于在有数据更新时向所述推送服务器下发条件信息和命令信息；所述推送服务器，用于根据该条件信息在所述多个浏览器客户端中确定目标客户端，并通过套接字服务器将所述命令信息发送给所述目标客户端；以及所述目标客户端，用于根据所述命令信息实现其与云存储服务器端的数据同步；分发器，其连接所述多个浏览器客户端和套接字服务器，用于接收所述多个浏览器客户端发送的与套接字服务器进行连接的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述多个浏览器客户端，并将与连接请求相关的信息以及该连接标识符缓存到缓存器中；套接字服务器，其连接所述分发器、推送服务器和多个浏览器客户端，用于从所述多个浏览器客户端接收所述连接标识符并进行验证，根据验证结果来保持或断开与所述多个浏览器客户端之间的连接，并用于将所述命令信息从推送服务器转发给所述目标客户端。According to another aspect of the present invention, a system for preventing malicious connections in browser real-time synchronization is provided, the system includes a cloud storage server, a push server, and multiple browser clients, distributors and socket servers, wherein : The cloud storage server end is used to send condition information and command information to the push server when there is data update; the push server is used to determine in the plurality of browser clients according to the condition information The target client, and the command information is sent to the target client through the socket server; and the target client is used to realize data synchronization with the cloud storage server according to the command information; the distributor, It connects the multiple browser clients and the socket server, is used to receive the connection requests sent by the multiple browser clients to connect with the socket server, and provides the browser client with the connection request according to the connection request. The terminal allocates a socket server, and allocates a globally unique connection identifier for the connection, and the distributor sends the connection information of the allocated socket server and the connection identifier to the plurality of browser clients, and sends Information related to the connection request and the connection identifier are cached in the buffer; a socket server, which connects the distributor, the push server and a plurality of browser clients, and is used for receiving from the plurality of browser clients The connection identifier is received and verified, and the connection with the plurality of browser clients is maintained or disconnected according to the verification result, and used for forwarding the command information from the push server to the target client.

利用本发明的防止恶意连接的系统和方法，具有以下优点：Utilizing the system and method for preventing malicious connections of the present invention has the following advantages:

1)能够杜绝存储资源的大量占用和搁置，并且防止非法连接的产生；1) It can prevent a large number of occupation and shelving of storage resources, and prevent the generation of illegal connections;

2)通过设置推送服务器，在云存储服务器端存储的数据内容发生更新的情况下，及时地将命令信息通过推送服务器发送至目标客户端，从而简单、高效地实现了云存储服务器端与浏览器客户端的数据实时同步；2) By setting the push server, when the data content stored on the cloud storage server is updated, the command information is sent to the target client through the push server in a timely manner, thus realizing the simple and efficient connection between the cloud storage server and the browser. Real-time synchronization of client data;

3)通过增加套接字服务器、分发器和分发信息数据库，顺利实现了云存储服务器端、推送服务器和目标客户端的连接；3) By adding socket server, distributor and distribution information database, the connection between cloud storage server, push server and target client is successfully realized;

4)由推送服务器推送至目标客户端的命令信息为通知消息，在接收到推送服务器推送的通知消息后，目标客户端从云存储服务器端下载发生更新的数据内容，依照下载内容进行本地数据内容的同步，从而可以进一步节约系统资源。4) The command information pushed by the push server to the target client is a notification message. After receiving the notification message pushed by the push server, the target client downloads the updated data content from the cloud storage server, and executes the local data content according to the downloaded content. Synchronization, which can further save system resources.

上述说明仅是本发明技术方案的概述，为了能够更清楚了解本发明的技术手段，而可依照说明书的内容予以实施，并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂，以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本发明的限制。而且在整个附图中，用相同的参考符号表示相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

图1为根据本发明一个实施例的实现浏览器数据同步的系统的结构示意图；FIG. 1 is a schematic structural diagram of a system for realizing browser data synchronization according to an embodiment of the present invention;

图2为根据本发明另一个实施例的实现浏览器数据同步的系统的结构示意图；2 is a schematic structural diagram of a system for realizing browser data synchronization according to another embodiment of the present invention;

图3为图2所示实现浏览器数据同步的系统中浏览器客户端与套接字服务器建立连接的过程的示意图；Fig. 3 is a schematic diagram of the process of establishing a connection between the browser client and the socket server in the system for realizing browser data synchronization shown in Fig. 2;

图4为图2所示实现浏览器数据同步的系统中在第一类场景下向目标客户端进行信息推送的过程的示意图；Fig. 4 is a schematic diagram of the process of pushing information to the target client in the first type of scenario in the system for realizing browser data synchronization shown in Fig. 2;

图5为图2所示实现浏览器数据同步的系统中在第二类场景下向目标客户端进行信息推送的过程的示意图；Fig. 5 is a schematic diagram of the process of pushing information to the target client in the second type of scenario in the system for implementing browser data synchronization shown in Fig. 2;

图6为图2所示实现浏览器数据同步的系统中在第三类场景下向目标客户端进行信息推送的过程的示意图；Fig. 6 is a schematic diagram of the process of pushing information to the target client in the third type of scenario in the system for realizing browser data synchronization shown in Fig. 2;

图7为根据本发明实施例的实现浏览器数据同步的方法的流程图；7 is a flowchart of a method for implementing browser data synchronization according to an embodiment of the present invention;

图8为根据本发明实施例的实现浏览器数据同步的浏览器客户端的结构示意图；FIG. 8 is a schematic structural diagram of a browser client implementing browser data synchronization according to an embodiment of the present invention;

图9为根据本发明实施例的防止恶意连接的系统的结构图；FIG. 9 is a structural diagram of a system for preventing malicious connections according to an embodiment of the present invention;

图10为根据本发明实施例的防止恶意连接的方法流程图；FIG. 10 is a flowchart of a method for preventing malicious connections according to an embodiment of the present invention;

图11为根据本发明实施例的对多个套接字服务器进行分发的分发器结构图；Fig. 11 is a structural diagram of a distributor for distributing multiple socket servers according to an embodiment of the present invention;

图12为根据本发明实施例的对多个套接字服务器进行分发的方法流程图。Fig. 12 is a flowchart of a method for distributing multiple socket servers according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例，然而应当理解，可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反，提供这些实施例是为了能够更透彻地理解本公开，并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

在本发明的一个示例性实施例中，提供了一种实现浏览器数据同步的系统。如图1所示，该实现浏览器数据同步的系统包括：云存储服务器端1、推送服务器2和多个浏览器客户端3、4。其中，云存储服务器端1，用于在有数据更新时向推送服务器下发条件信息和命令信息；推送服务器2，用于根据条件信息在多个浏览器客户端中确定目标客户端，并将该命令信息推送至目标客户端3；目标客户端3，用于根据该命令信息实现目标客户端与云存储服务器端的数据同步。In an exemplary embodiment of the present invention, a system for implementing browser data synchronization is provided. As shown in FIG. 1 , the system for synchronizing browser data includes: a cloud storage server 1 , a push server 2 and multiple browser clients 3 and 4 . Among them, the cloud storage server 1 is used to send condition information and command information to the push server when there is data update; the push server 2 is used to determine the target client among multiple browser clients according to the condition information, and send The command information is pushed to the target client 3; the target client 3 is used to realize data synchronization between the target client and the cloud storage server according to the command information.

在图1所示的实施例中，通过设置单独的推送服务器2，在云存储服务器端存储的数据内容发生更新的情况下，及时地将命令信息通过推送服务器发送至目标客户端，从而简单、高效地实现了服务端信息与客户端实时同步。In the embodiment shown in Figure 1, by setting up a separate push server 2, when the data content stored at the cloud storage server end is updated, the command information is sent to the target client through the push server in time, so that it is simple, Efficiently realize the real-time synchronization of server-side information and client-side information.

如图1所示，多个浏览器客户端中包含有发起客户端4和目标客户端3。其中，发起客户端4，用于对存储于云存储服务器端1中的数据进行更新。该发起客户端4和目标客户端3可以属于同一个用户，也可以属于不同的用户。该发起客户端4和目标客户端3属于同一个用户的情况主要的应用场景在于：同一用户使用不同的设备(例如手机和PC)登录浏览器，其中一个(例如PC)更改收藏夹，那么需要将该更新同步到同一用户的另一设备(手机)。该发起客户端4和目标客户端3不属于同一个用户的情况的应用场景例如是不同浏览器客户端之间的信息通信。As shown in FIG. 1 , multiple browser clients include an initiating client 4 and a target client 3 . Wherein, the initiating client 4 is used to update the data stored in the cloud storage server 1 . The initiating client 4 and the target client 3 may belong to the same user, or may belong to different users. The main application scenario where the initiating client 4 and the target client 3 belong to the same user is: the same user uses different devices (such as a mobile phone and a PC) to log in to the browser, and one of them (such as a PC) changes favorites, then it needs Sync that update to another device (phone) of the same user. An application scenario where the initiating client 4 and the target client 3 do not belong to the same user is, for example, information communication between different browser clients.

当然，本发明也可以由云存储服务器端自身发起对数据内容的更新，在这种情况下，图1中的发起浏览器客户端4则可以不存在。这种情况的场景例如是：系统向所有浏览器客户端推送新闻消息或天气预报；或系统向所有某版本的浏览器客户端发起更新指示。Of course, in the present invention, the cloud storage server itself can also initiate an update of the data content. In this case, the initiating browser client 4 in FIG. 1 may not exist. The scenario of this situation is, for example: the system pushes news messages or weather forecasts to all browser clients; or the system initiates an update instruction to all browser clients of a certain version.

由于图1中虚线框以内的云存储服务器端1、目标客户端3和发起客户端4是现有浏览器系统中已有的，因此在此基础上添加推送服务器可以有效地利用原有的系统架构，降低实现本发明的成本。Since the cloud storage server 1, the target client 3 and the initiating client 4 within the dotted line box in Figure 1 are existing in the existing browser system, adding a push server on this basis can effectively utilize the original system Architecture, reducing the cost of implementing the present invention.

为了实现云存储服务器端1、推送服务器2和目标客户端3的连接，如图2所示，实现浏览器客户端与云存储服务器端数据同步的系统还可以包括多个套接字服务器、分发器。In order to realize the connection of cloud storage server 1, push server 2 and target client 3, as shown in Figure 2, the system for realizing data synchronization between browser client and cloud storage server can also include multiple socket servers, distribution device.

分发器，用于在接收到客户端的连接请求后，为其分配相应的套接字服务器以及连接标识符，并将用户标识信息以及连接标识符存储至分发信息数据库。详细的连接建立过程如图3所示，包括：The distributor is configured to allocate a corresponding socket server and a connection identifier to the client after receiving the connection request, and store the user identification information and the connection identifier in the distribution information database. The detailed connection establishment process is shown in Figure 3, including:

步骤S301，浏览器客户端向分发器提交连接请求，该连接请求中至少包括用户标识信息，对于登录用户来讲，其用户标识信息可以包括用户名，而对于非登录用户来讲，其用户标识信息可以包括用户的机器硬件标识。Step S301, the browser client submits a connection request to the distributor. The connection request includes at least user identification information. For a logged-in user, the user identification information may include a user name; for a non-login user, the user identification Information may include the user's machine hardware identification.

对于登录用户来讲，该用户标识信息可以为一字符串。其中，该字符串除了登录用户的用户名之外，还包括登录时间和验证字符等信息。用户名为用户唯一标识号，即一个数字，用于代表一个用户。验证字符根据用户名生成，即可通过验证字符判定用户标识信息是否被更改。For a logged-in user, the user identification information may be a character string. Wherein, in addition to the username of the logged-in user, the character string also includes information such as login time and verification characters. The username is the user unique identification number, which is a number used to represent a user. The verification character is generated according to the user name, and it can be determined whether the user identification information has been changed through the verification character.

对于非登录用户来讲，该用户标识信息可以包括非登录用户的机器硬件标识，其中机器硬件标识为机器唯一标识，为客户端通过用户机器硬件、系统配置等哈希生成。For non-logged-in users, the user identification information may include the non-logged-in user's machine hardware ID, where the machine hardware ID is a unique machine ID, which is generated by the client through the hash of the user's machine hardware and system configuration.

此外，为了后续的目标客户端筛选，该连接请求还可以包括用户特征信息，例如：IP地址信息、浏览器版本信息，或用户分类信息等用户特征信息。其中，浏览器版本号、用户分类信息，或IP地址信息等用户特征信息可以用于后续的客户端筛选使用。In addition, for subsequent target client screening, the connection request may also include user feature information, such as IP address information, browser version information, or user feature information such as user classification information. Wherein, user characteristic information such as browser version number, user classification information, or IP address information can be used for subsequent client screening.

步骤S302，分发器基于该用户标识信息使用预设算法进行计算得到一个数值，根据该数值为提交连接请求的浏览器客户端分配套接字服务器；该数值是全局唯一，即连接标识符；分发器将该套接字服务器的IP地址、端口等连接信息及连接标识符发送至提交请求的浏览器客户端；Step S302, the distributor calculates a value based on the user identification information using a preset algorithm, and assigns a socket server to the browser client that submits the connection request according to the value; the value is globally unique, that is, the connection identifier; The server sends the connection information such as the IP address and port of the socket server and the connection identifier to the browser client that submitted the request;

本步骤中，使用预设的算法根据登录用户的用户名计算上述数值。对于非登录用户来讲，直接采用非登录用户的机器硬件标识计算上述数值，该算法可以为循环冗余校验(CRC)32算法。In this step, a preset algorithm is used to calculate the above value based on the username of the logged-in user. For a non-login user, the above-mentioned value is directly calculated using the machine hardware identifier of the non-login user, and the algorithm may be a cyclic redundancy check (CRC) 32 algorithm.

步骤S303，浏览器客户端根据接收到的套接字服务器的IP地址和端口号与对应的套接字服务器建立连接，该连接可以是传输控制协议TCP(TransmissionControlProtocol)连接。在浏览器客户端与套接字服务器建立连接时，该套接字服务器得到标识该套接字服务器和浏览器客户端连接关系的资源标识符。浏览器客户端利用已经建立的连接向该套接字服务器传送其接收到的连接标识符。Step S303, the browser client establishes a connection with the corresponding socket server according to the received IP address and port number of the socket server, and the connection may be a Transmission Control Protocol (TCP) connection. When the browser client establishes a connection with the socket server, the socket server obtains a resource identifier identifying the connection relationship between the socket server and the browser client. The browser client transmits the received connection identifier to the socket server using the established connection.

步骤S304，套接字服务器接收到连接标识符后，向分发器对该连接标识符进行验证，若验证成功，则保持与浏览器客户端之间建立的连接，若验证不成功，则断开已经建立的连接。Step S304, after the socket server receives the connection identifier, it verifies the connection identifier to the distributor, if the verification is successful, it maintains the connection established with the browser client, and if the verification is unsuccessful, it disconnects connection already established.

步骤S305，分发器将用户标识信息(登录用户的用户名或非登录用户的机器硬件标识)、用户特征信息(如果有的话)以及连接标识符存储在分发信息数据库中，并且套接字服务器也将所得到的资源标识符存储在该分发信息数据库中。Step S305, the distributor stores the user identification information (the user name of the logged-in user or the machine hardware identification of the non-logged-in user), the user characteristic information (if any) and the connection identifier in the distribution information database, and the socket server The resulting resource identifier is also stored in the distribution information database.

需要说明的是，为了防止服务器端变化引起的分配混乱，浏览器客户端需要在隔一段时间后重新执行步骤S301-步骤S304进行连接。It should be noted that, in order to prevent allocation confusion caused by server-side changes, the browser client needs to re-execute steps S301-step S304 to connect after a period of time.

此外，对于每一个套接字服务器，在分发信息数据库中均存在对应的单独数据表，以减小数据表的规模，加快在后续信息推送阶段，套接字服务器的查询速度。In addition, for each socket server, there is a corresponding separate data table in the distribution information database, so as to reduce the size of the data table and speed up the query speed of the socket server in the subsequent information push stage.

通过增加分发器和套接字服务器，并且在分发器中设置分发信息数据库，使得能够在建立连接阶段将用户标识信息、连接标识符、资源标识符和用户特征信息等存储于分发信息数据库中，从而实现了推送服务器对预设目标客户端的数据内容的推送。By increasing the distributor and socket server, and setting the distribution information database in the distributor, so that user identification information, connection identifier, resource identifier and user characteristic information can be stored in the distribution information database during the connection establishment phase, Thus, the push server can push the data content of the preset target client.

在信息推送阶段：推送服务器，用于将条件信息和命令信息发送至套接字服务器；套接字服务器，用于将推送服务器推送的信息转发至相应的目标客户端。详细的信息推送过程以下分三类场景进行详细说明。In the information push phase: the push server is used to send condition information and command information to the socket server; the socket server is used to forward the information pushed by the push server to the corresponding target client. The detailed information push process is described in detail in the following three types of scenarios.

(1)当该实时同步由发起客户端发起，且发起客户端和接收客户端属于同一用户时，条件信息中包括用户标识信息。举例来讲，如图4所示，该信息推送过程包括：(1) When the real-time synchronization is initiated by the initiating client, and the initiating client and the receiving client belong to the same user, the condition information includes user identification information. For example, as shown in Figure 4, the information push process includes:

步骤S401，发起客户端发起对存储在云存储服务器端存储的数据进行更新；Step S401, initiating the client to update the data stored in the cloud storage server;

本步骤中，云存储服务器端存储的数据包括以下之一：收藏夹信息、历史记录信息、浏览器配置信息、便签信息、登录管家信息、消息提醒信息、密钥信息等等其他可能的信息。In this step, the data stored on the cloud storage server side includes one of the following: favorites information, history information, browser configuration information, note information, login manager information, message reminder information, key information, and other possible information.

步骤S402，云存储服务器端向推送服务器发送条件信息和命令信息，该条件信息包括用户标识信息，例如登录用户的用户名或未登录用户的机器硬件标识，并且该条件信息中还包括标识该发起客户端与其对应的套接字服务器的连接的资源标识符；Step S402, the cloud storage server sends condition information and command information to the push server, the condition information includes user identification information, such as the user name of the logged-in user or the machine hardware identifier of the user who is not logged in, and the condition information also includes the identification of the initiator the resource identifier of the client's connection to its corresponding socket server;

步骤S403，推送服务器由与分发器中同样的算法根据用户标识信息计算得到一个数值，从而得到为目标客户端分配的套接字服务器，并将条件信息及命令信息发送给该为目标客户端分配的套接字服务器，其中该数值是全局唯一的，即连接标识符；Step S403, the push server uses the same algorithm as in the distributor to calculate a value based on the user identification information, thereby obtaining the socket server allocated for the target client, and sends the condition information and command information to the socket server allocated for the target client. socket server, where the value is globally unique, that is, the connection identifier;

步骤S404，套接字服务器根据条件信息中的用户标识信息查询分发器中的分发信息数据库，确定与目标客户端对应的资源标识符，其中排除了标识发起客户端与其对应的套接字服务器的连接的资源标识符；Step S404, the socket server queries the distribution information database in the distributor according to the user identification information in the condition information, and determines the resource identifier corresponding to the target client, excluding those identifying the originating client and its corresponding socket server the resource identifier for the connection;

步骤S405，套接字服务器根据该资源标识符在与该目标客户端(一个或多个)的连接中向该客户端发送该命令信息。Step S405, the socket server sends the command information to the target client (one or more) in connection with the target client according to the resource identifier.

(2)当该实时同步由发起客户端发起，且发起客户端和接收客户端属于不同登录用户时，即条件信息中包括用户标识信息，如图5所示，该信息推送过程包括：(2) When the real-time synchronization is initiated by the initiating client, and the initiating client and the receiving client belong to different login users, that is, the condition information includes user identification information, as shown in Figure 5, the information push process includes:

步骤S501，发起客户端发起对存储在云存储服务器端存储的数据进行更新；Step S501, the initiating client initiates updating the data stored in the cloud storage server;

本步骤中，云存储服务器端存储的数据包括以下之一：收藏夹信息、历史记录信息、浏览器配置信息、便签信息、登录管家信息、消息提醒信息、密钥信息、新闻信息和/或用户生成的信息等等。In this step, the data stored on the cloud storage server side includes one of the following: favorites information, history information, browser configuration information, note information, login manager information, message reminder information, key information, news information and/or user Generated information and more.

步骤S502，云存储服务器端向推送服务器发送条件信息和命令信息，其中该条件信息可以包括用户标识信息，例如登录用户的用户名或未登录用户的机器硬件标识；Step S502, the cloud storage server sends condition information and command information to the push server, where the condition information may include user identification information, such as the user name of a logged-in user or the machine hardware identifier of a non-logged-in user;

步骤S503，推送服务器由与分发器中同样的算法根据用户标识信息计算得到一个数值，从而得到为目标客户端分配的套接字服务器，并将条件信息及命令信息发送给该为目标客户端分配的套接字服务器，其中该数值是全局唯一的，即连接标识符；Step S503, the push server uses the same algorithm as in the distributor to calculate a value based on the user identification information, thereby obtaining the socket server allocated for the target client, and sends the condition information and command information to the socket server allocated for the target client. socket server, where the value is globally unique, that is, the connection identifier;

步骤S504，套接字服务器根据条件信息中的用户标识信息查询分发器中的分发信息数据库，确定目标客户端的资源标识符；Step S504, the socket server queries the distribution information database in the distributor according to the user identification information in the condition information, and determines the resource identifier of the target client;

步骤S505，对应的套接字服务器依据该资源标识符，在与目标客户端(一个或多个)的连接中向该客户端发送该通知消息，至此，信息推送过程结束。Step S505, according to the resource identifier, the corresponding socket server sends the notification message to the target client (one or more) in connection with the client, so far, the information pushing process ends.

(3)当该实时同步由云存储服务器端主动发起，且条件信息中包括目标客户端的特征筛选信息，而不包括用户标识信息，其中特征筛选信息也可以为空，(3) When the real-time synchronization is actively initiated by the cloud storage server, and the condition information includes the characteristic screening information of the target client, but does not include the user identification information, wherein the characteristic screening information can also be empty,

这种情况下，在连接建立阶段，由浏览器客户端向分发器提交连接请求中还包含特征筛选信息，其与如前的在分发信息数据库中保存的用户特征信息相对应。In this case, during the connection establishment phase, the connection request submitted by the browser client to the distributor also includes feature screening information, which corresponds to the user feature information stored in the distribution information database as before.

如图6所示，该信息推送过程包括：As shown in Figure 6, the information push process includes:

步骤S601，云存储服务器端向推送服务器下发条件信息和命令信息中，条件信息中包含目标客户端的特征筛选信息(例如某浏览器的版本号)，该命令信息例如是通知用户升级的指令；Step S601, the cloud storage server sends condition information and command information to the push server, the condition information includes feature screening information of the target client (such as the version number of a certain browser), and the command information is, for example, an instruction to notify the user to upgrade;

步骤S602，推送服务器将条件信息和命令信息推送给所有的套接字服务器；Step S602, the push server pushes the condition information and command information to all socket servers;

步骤S603，各个套接字服务器分别向分发器的分发信息数据库递交查询请求，该查询请求中包含特征筛选信息；分发信息数据库根据特征筛选条件查询分发信息数据库中各个浏览器客户端的用户特征信息，确定满足该特征筛选条件的目标客户端的资源标识符，并将该资源标识符返回至发起查询的各套接字服务器；Step S603, each socket server submits a query request to the distribution information database of the distributor respectively, and the query request includes characteristic screening information; the distribution information database queries the user characteristic information of each browser client in the distribution information database according to the characteristic screening condition, Determine the resource identifier of the target client satisfying the characteristic filter condition, and return the resource identifier to each socket server that initiates the query;

步骤S604，各套接字服务器根据接收到的资源标识符向相应的客户端发送命令信息，至此，信息推送过程结束。Step S604, each socket server sends command information to the corresponding client according to the received resource identifier, so far, the information pushing process ends.

为了进一步节约系统资源，由推送服务器2推送至浏览器客户端3的命令信息为通知消息。在这种情况下，浏览器客户端，还用于在接收到推送服务器推送的通知消息后，与云存储服务器端建立连接，从云存储服务器端下载发生更新的数据内容，依照下载的数据内容进行本地数据内容的同步。通过传送通知消息可以减少传送数据量，减少系统资源占用。In order to further save system resources, the command information pushed by the push server 2 to the browser client 3 is a notification message. In this case, the browser client is also used to establish a connection with the cloud storage server after receiving the notification message pushed by the push server, and download the updated data content from the cloud storage server. Synchronize local data content. By transmitting notification messages, the amount of transmitted data can be reduced, and the occupation of system resources can be reduced.

当然，由推送服务器推送至目标客户端的命令信息也可以为内容消息，即该内容消息中包含发生更新的数据内容，在这种情况下，目标客户端在接收到推送服务器推送的内容消息后，从该内容消息中提取发生更新的数据内容，依照提取的数据内容进行本地数据内容的同步。通过传送内容消息可以直接将内容消息推送至客户端，信息传递快速，步骤简单。Of course, the command information pushed by the push server to the target client can also be a content message, that is, the content message contains updated data content. In this case, after the target client receives the content message pushed by the push server, The updated data content is extracted from the content message, and the local data content is synchronized according to the extracted data content. The content message can be directly pushed to the client by transmitting the content message, and the information transmission is fast and the steps are simple.

为了实现对多语言的支持、方便地调用文本，推送服务器和云存储服务器端之间采用HTTP接口。In order to support multiple languages and call texts conveniently, an HTTP interface is used between the push server and the cloud storage server.

基于图1及图2所示的实现浏览器数据同步的系统，本发明又提供了一种实现浏览器数据同步的方法。如图7所示，该实现浏览器数据同步的方法包括：Based on the system for realizing browser data synchronization shown in FIG. 1 and FIG. 2 , the present invention further provides a method for realizing browser data synchronization. As shown in Figure 7, the method for implementing browser data synchronization includes:

步骤S710，云存储服务器端在有数据更新时向推送服务器下发条件信息和命令信息；Step S710, the cloud storage server sends condition information and command information to the push server when there is data update;

步骤S720，推送服务器根据该条件信息在多个浏览器客户端中确定目标客户端，并将该命令信息发送给目标客户端；Step S720, the push server determines the target client among multiple browser clients according to the condition information, and sends the command information to the target client;

步骤S730，目标客户端根据命令信息实现其与云存储服务器端的数据同步。In step S730, the target client implements data synchronization with the cloud storage server according to the command information.

进一步地，步骤S710之前还包括浏览器客户端与套接字服务器之间建立套接字连接，该连接的建立过程如图3所示，这里就不再赘述。Further, before step S710, a socket connection is established between the browser client and the socket server, and the establishment process of the connection is shown in FIG. 3 , which will not be repeated here.

进一步地，步骤S710云存储服务器端在有数据更新时向推送服务器下发条件信息和命令信息的步骤中，如果条件信息中包含目标客户端的登录用户用户名或未登录用户的机器硬件标识，包括以下两种情况：Further, in step S710, in the step where the cloud storage server sends condition information and command information to the push server when there is data update, if the condition information includes the user name of the logged-in user of the target client or the machine hardware identifier of the user who is not logged in, including The following two situations:

情况一：发起客户端和接收客户端属于同一用户，该用户使用不同的设备(例如手机和PC)登录浏览器，其中一个(例如PC)更改收藏夹，那么需要将该更新同步到同一用户的另一设备(手机)；Situation 1: The originating client and the receiving client belong to the same user, and the user uses different devices (such as a mobile phone and a PC) to log in to the browser, and one of them (such as a PC) changes favorites, then the update needs to be synchronized to the same user's another device (mobile phone);

该情况下，发起客户端首先发起对存储在云存储服务器端中的有关配置、功能、或收藏的信息或其他的信息的修改。然后云存储服务器端向推送服务器发送条件信息和命令信息，该命令信息包括内容消息和通知消息，推送服务器通过套接字服务器将根据条件信息将该命令信息发送到目标客户端，其中该目标客户端排除了发起客户端。该种情况下的信息推送过程如图4所示，这里也不再赘述。In this case, the initiating client first initiates modification of information about configurations, functions, or favorites or other information stored in the cloud storage server. Then the cloud storage server sends conditional information and command information to the push server, the command information includes content messages and notification messages, and the push server sends the command information to the target client through the socket server according to the condition information, wherein the target client side excludes the originating client. The information pushing process in this case is shown in FIG. 4 , which will not be repeated here.

情况二：发起客户端和接收客户端不属于同一用户，从而实现不同用户之间通过客户端的信息交互。Case 2: The initiating client and the receiving client do not belong to the same user, so that information exchange between different users through the client is realized.

具体来说，一个用户的客户端将条件信息和内容消息发送至云存储服务器端，云存储服务器端将条件信息和相关通知消息其发送至推送器，推送器根据条件信息将通知消息发送至目的客户端，进而目的客户端可以访问云存储服务器端以获取内容。在这种情况下的信息推送过程如图5所示，这里也不再赘述。Specifically, a user's client sends condition information and content messages to the cloud storage server, and the cloud storage server sends the condition information and related notification messages to the pusher, and the pusher sends the notification message to the destination according to the condition information. The client, and then the target client can access the cloud storage server to obtain content. The information pushing process in this case is shown in FIG. 5 , and will not be repeated here.

此外，如果条件信息中不包含目标客户端的用户标识信息，而可以包括特征筛选信息，则还包括以下情况：In addition, if the conditional information does not include the user identification information of the target client, but may include characteristic screening information, the following situations are also included:

情况三：云存储服务器端自身有数据更新，需要浏览器客户端与云存储服务器端进行数据同步，云存储服务器端主动向推送服务器下发条件信息和命令信息，例如：Situation 3: The cloud storage server itself has data updates, and the browser client needs to synchronize data with the cloud storage server. The cloud storage server actively sends condition information and command information to the push server, for example:

1、云存储服务器端向某版本的所有浏览器客户端发起更新指示，以使该版本的所有浏览器客户端升级为新版本，其中，命令信息为升级为新版本的通知消息，条件为某版本浏览器的客户端，即其中的特征筛选信息为浏览器客户端的版本号。则推送服务器根据该条件信息将该命令信息发送给多个浏览器客户端中的目标客户端包括：推送服务器将升级为新版本的通知消息发送给某版本的所有浏览器客户端。1. The cloud storage server sends an update instruction to all browser clients of a certain version, so that all browser clients of this version can be upgraded to a new version, where the command information is a notification message for upgrading to a new version, and the condition is a certain The client version of the browser, that is, the feature filtering information is the version number of the browser client. Then, the push server sending the command information to the target client among the plurality of browser clients according to the condition information includes: the push server sends a notification message of upgrading to a new version to all browser clients of a certain version.

2、云存储服务器端向所有浏览器客户端推送新闻消息，其中条件为所有浏览器客户端，即特征筛选信息为空，命令信息为包含新闻消息的内容消息；则推送服务器根据该条件信息将该命令信息发送给多个浏览器客户端中的目标客户端包括：推送服务器将包含新闻消息的内容消息发送给所有浏览器客户端。应该理解，发送的也可以是通知消息。2. The cloud storage server pushes news messages to all browser clients, where the condition is all browser clients, that is, the feature screening information is empty, and the command information is content messages containing news messages; then the push server will send The sending of the command information to the target client among the plurality of browser clients includes: the push server sends the content message including the news message to all the browser clients. It should be understood that what is sent may also be a notification message.

3、云存储服务器端向不同地区的浏览器客户端推送天气预报，其中条件为某一地区的浏览器客户端，即特征筛选信息为该某一地区对应的IP段，命令信息为包含天气预报的内容消息；则推送服务器根据该条件信息将该命令信息发送给多个浏览器客户端中的目标客户端包括：推送服务器将包含天气预报的内容消息发送给某一地区的浏览器客户端。应该理解，发送的也可以是通知消息。3. The cloud storage server pushes the weather forecast to the browser clients in different regions, where the condition is the browser client in a certain region, that is, the feature screening information is the IP segment corresponding to the certain region, and the command information contains the weather forecast The push server sends the command information to the target client among the plurality of browser clients according to the condition information, including: the push server sends the content message containing the weather forecast to the browser client in a certain area. It should be understood that what is sent may also be a notification message.

在这种情况下的信息推送过程如图6所示，这里也不再赘述。The information pushing process in this case is shown in FIG. 6 , which will not be repeated here.

基于图1及图2所示的实现浏览器数据同步的系统，本发明又提供了一种实现浏览器数据同步的浏览器客户端。如图8所示，该浏览器客户端包括：连接模块，用于通过分发器与套接字服务器建立连接关系，并从相应的套接字服务器接收命令信息；应用模块，用于根据该命令信息，执行其对应的应用操作。其中，所述命令信息为通知消息或内容消息。Based on the system for realizing browser data synchronization shown in FIG. 1 and FIG. 2 , the present invention further provides a browser client for realizing browser data synchronization. As shown in Figure 8, the browser client includes: a connection module, used to establish a connection relationship with the socket server through the distributor, and receive command information from the corresponding socket server; Information, execute its corresponding application operation. Wherein, the command information is a notification message or a content message.

如图8所示，连接模块又包括：分发器连接子模块，用于向所述分发器提交连接请求，该连接请求中至少包括用户标识信息，并接收由分发器返回的被分配的套接字服务器的连接信息及连接标识符；套接字连接子模块，用于根据接收到的套接字服务器的连接信息及所述连接标识符与对应的套接字服务器建立套接字连接，并通过该套接字连接从相应的套接字服务器接收命令信息。其中，所述用户标识信息为登录用户的用户名或非登录用户的机器硬件标识。As shown in Figure 8, the connection module further includes: a distributor connection submodule, which is used to submit a connection request to the distributor, the connection request at least includes user identification information, and receives the allocated socket returned by the distributor The connection information of the word server and the connection identifier; the socket connection submodule is used to establish a socket connection with the corresponding socket server according to the received connection information of the socket server and the connection identifier, and Receive command information from the corresponding socket server through the socket connection. Wherein, the user identification information is a user name of a login user or a machine hardware identification of a non-login user.

如图8所示，上述浏览器客户端中还可以包括：云存储通信模块，用于响应应用模块的应用操作，与云存储服务器端进行通信。As shown in FIG. 8 , the browser client may further include: a cloud storage communication module, configured to communicate with the cloud storage server in response to an application operation of the application module.

综上所述，本发明提供的这种实现浏览器数据同步的系统、方法及浏览器客户端，通过设置单独的推送服务器，在云存储服务器端存储的浏览器相关内容发生更新的情况下，能够及时地将命令信息通过该推送服务器发送至多个浏览器客户端中的目标客户端，解决了无法简单有效地将浏览器客户端与云存储服务器端数据实时同步的问题，从而简单、高效地实现了浏览器客户端与云存储服务器端的数据同步。由此，可以在原有架构的基础上使浏览器客户端可以高效地、主动地、资源节约地将信息与云存储服务器端实时同步。该系统及方法还能够在原有系统架构的基础上实现，有效利用原有架构，实现成本有效。To sum up, the system, method and browser client provided by the present invention for realizing browser data synchronization, by setting up a separate push server, when the browser-related content stored on the cloud storage server is updated, The command information can be sent to the target client among the multiple browser clients in a timely manner through the push server, which solves the problem that the browser client cannot be synchronized with the cloud storage server data in real time simply and effectively, thus simple and efficient Realized data synchronization between browser client and cloud storage server. Therefore, on the basis of the original architecture, the browser client can efficiently, proactively, and resource-savingly synchronize information with the cloud storage server in real time. The system and method can also be implemented on the basis of the original system architecture, effectively utilize the original architecture, and realize cost effectiveness.

在上述结合附图所描述的本发明的实现浏览器数据同步的方法中，在建立连接阶段，如果存在一些浏览器客户端恶意不停地向分发器发出请求，则分发器会相应地不停地向这些用户分配套接字服务器以及对应的连接标识符，并且把分配信息不停地存入分发信息存储库中。然而这些浏览器客户端并不真正建立连接，由此将占用大量的存储资源，造成存储资源的大量浪费。或者存在一些浏览器客户端并未向分发器发出请求，而是用非法的连接标识符尝试与套接字服务器进行连接。In the method for realizing browser data synchronization of the present invention described above in conjunction with the accompanying drawings, during the connection establishment stage, if there are some browser clients maliciously sending requests to the distributor continuously, the distributor will correspondingly stop Allocate socket servers and corresponding connection identifiers to these users continuously, and store the allocation information in the distribution information repository continuously. However, these browser clients do not actually establish a connection, thus occupying a large amount of storage resources, resulting in a large waste of storage resources. Or there are some browser clients that do not make a request to the dispatcher, but try to connect to the socket server with an invalid connection identifier.

为了杜绝存储资源的大量占用和搁置并且防止非法连接的产生，根据本发明的又一实施例，提出了一种防止恶意连接的系统，图9示出了该系统的结构图。In order to prevent a large number of storage resources from being occupied and suspended and to prevent illegal connections, according to another embodiment of the present invention, a system for preventing malicious connections is proposed, and FIG. 9 shows a structural diagram of the system.

参照图9，该防止恶意连接的系统包括浏览器客户端、分发器和套接字服务器。Referring to FIG. 9, the system for preventing malicious connections includes a browser client, a distributor and a socket server.

浏览器客户端用于向分发器发送连接请求，以请求与套接字服务器建立连接，并根据所述分发器的分配与对应的套接字服务器建立连接。The browser client is used to send a connection request to the distributor, so as to request to establish a connection with the socket server, and establish a connection with the corresponding socket server according to the allocation of the distributor.

分发器用于接收浏览器客户端发送的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端，并将与该连接请求相关的信息以及该连接标识符缓存到缓存器中。与该连接请求相关的信息可以包括连接请求中包含的用户标识信息以及用户特征信息。The distributor is used to receive the connection request sent by the browser client, and allocate a socket server for the browser client according to the connection request, and assign a globally unique connection identifier to the connection, and the distributor will allocate the socket The connection information of the word server and the connection identifier are sent to the browser client, and the information related to the connection request and the connection identifier are cached in the buffer. The information related to the connection request may include user identification information and user characteristic information included in the connection request.

套接字服务器用于经由所建立的与所述浏览器客户端的连接从浏览器客户端接收所述连接标识符，并根据缓存在缓存器中的连接标识符对该接收到的连接标识符进行验证，根据验证结果保持或断开所述连接。The socket server is configured to receive the connection identifier from the browser client via the established connection with the browser client, and perform an operation on the received connection identifier according to the connection identifier cached in the buffer. Authenticate, and maintain or disconnect the connection according to the authentication result.

如果套接字服务器对所述连接标识符的验证结果为通过，则保持所述已经建立的连接，如果未通过，则断开所述连接。该验证是指验证所述套接字服务器从所述提交请求的浏览器客户端接收到连接标识符是否保存在所述缓存器中，如果有保存，则验证结果为合法，否则为非法。If the verification result of the connection identifier by the socket server is passed, the established connection is maintained, and if not passed, the connection is disconnected. The verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the buffer, if there is, the verification result is legal, otherwise it is illegal.

浏览器客户端根据分发器的分配与对应的套接字服务器建立连接包括：浏览器客户端根据从分发器接收的连接信息和连接标识符与套接字服务器建立连接，该连接是TCP连接。Establishing a connection between the browser client and the corresponding socket server according to the allocation of the distributor includes: establishing a connection between the browser client and the socket server according to the connection information and the connection identifier received from the distributor, and the connection is a TCP connection.

缓存器对缓存在其中的信息保存一预定时间段后释放。该预定时间段是对缓存器预先进行设定的，可根据实际需要来设置该时间段的大小，例如可以是30秒，该缓存器自动丢弃超过该时长的存储内容，释放存储空间，可根据实际需要来设置该时间段的长短大小。The buffer saves the information buffered in it for a predetermined period of time and then releases it. The predetermined period of time is preset to the buffer, and the size of the period of time can be set according to actual needs, for example, it can be 30 seconds, and the buffer automatically discards the stored content exceeding the duration to release the storage space, which can be set according to It is actually necessary to set the length of the time period.

该缓存器可以使用任何合适的缓存技术来实现，例如可使用redis实现。redis里面可以维护一个以连接标识符为关键字的信息列表，其中可包括连接标识符、用户标识信息、机器硬件标识、版本号等信息。redis是一个键值存储系统，是一个高性能的键值数据库，它支持存储的值的类型相对更多，包括string(字符串)、list(链表)、set(集合)和zset(有序集合)。The cache can be implemented using any suitable caching technology, for example, redis can be used. Redis can maintain an information list with the connection identifier as the key, which can include connection identifier, user identification information, machine hardware identification, version number and other information. Redis is a key-value storage system and a high-performance key-value database. It supports relatively more types of stored values, including string (string), list (linked list), set (set) and zset (ordered set) ).

如果浏览器客户端在与所述套接字服务器建立连接之后的另一预定时间段内，浏览器客户端未向套接字服务器发送连接标识符，则套接字服务器断开所建立的连接。该预定时间段被预先设定，例如可以是10秒，可根据实际需要来设置该时间段的长短。通过设置该预定时间段，可节约系统资源，防止恶意连接的产生。If the browser client does not send a connection identifier to the socket server within another predetermined period of time after the browser client establishes a connection with the socket server, the socket server disconnects the established connection . The predetermined time period is preset, for example, may be 10 seconds, and the length of the time period may be set according to actual needs. By setting the predetermined time period, system resources can be saved and generation of malicious connections can be prevented.

分发器根据连接请求为浏览器客户端分配套接字服务器包括：分发器根据从浏览器客户端接收的连接请求中所包含的用户标识信息使用预设算法进行计算得到一个数值，根据该数值为提交连接请求的浏览器客户端分配套接字服务器。该数值是全局唯一的，即连接标识符。The dispatcher assigns the socket server to the browser client according to the connection request, including: the dispatcher calculates a value based on the user identification information contained in the connection request received from the browser client using a preset algorithm, according to which the value is A browser client that submits a connection request allocates a socket server. This value is globally unique and is the connection identifier.

所述用户标识信息包括：登录用户的用户名、非登录用户的机器硬件标识。对于登录用户来讲，其用户标识信息可以包括用户名，而对于非登录用户来讲，其用户标识信息可以包括用户的机器硬件标识。对于登录用户来讲，该用户标识信息可以为一字符串。其中，该字符串除了登录用户的用户名之外，还包括登录时间和验证字符等信息。用户名为用户唯一标识号，即一个数字，用于代表一个用户。验证字符根据用户名生成，即可通过验证字符判定用户标识信息是否被更改。对于非登录用户来讲，该用户标识信息可以包括非登录用户的机器硬件标识，其中机器硬件标识为机器唯一标识，为客户端通过用户机器硬件、系统配置等哈希生成。The user identification information includes: a user name of a login user, and a machine hardware identification of a non-login user. For a logged-in user, the user identification information may include a user name, and for a non-login user, the user identification information may include the user's machine hardware ID. For a logged-in user, the user identification information may be a character string. Wherein, in addition to the username of the logged-in user, the character string also includes information such as login time and verification characters. The username is the user unique identification number, which is a number used to represent a user. The verification character is generated according to the user name, and it can be determined whether the user identification information has been changed through the verification character. For non-logged-in users, the user identification information may include the non-logged-in user's machine hardware ID, where the machine hardware ID is a unique machine ID, which is generated by the client through the hash of the user's machine hardware and system configuration.

此外，为了后续的目标客户端筛选，该连接请求还可以包括用户特征信息，例如：IP地址信息、浏览器版本信息，或用户分类信息等用户特征信息。其中，浏览器版本号、用户分类信息，或IP地址信息等用户特征信息可以用于后续的浏览器客户端筛选使用。In addition, for subsequent target client screening, the connection request may also include user feature information, such as IP address information, browser version information, or user feature information such as user classification information. Wherein, user feature information such as browser version number, user classification information, or IP address information can be used for subsequent browser client screening.

浏览器客户端在建立与套接字服务器的连接时，套接字服务器得到标识该套接字服务器和浏览器客户端连接关系的资源标识符。When the browser client establishes a connection with the socket server, the socket server obtains a resource identifier identifying the connection relationship between the socket server and the browser client.

套接字服务器在对连接标识符验证成功后，从所述缓存器中提取与该连接请求相关的信息、连接标识符，将提取出的信息连同所得到的资源标识符一并存入分发器的数据库。After the socket server successfully verifies the connection identifier, it extracts the information related to the connection request and the connection identifier from the buffer, and stores the extracted information together with the obtained resource identifier into the distributor database.

该数据库可以使用任何合适的数据库来实现，例如可以选择文档类型数据库，本发明优选地选择对数据列数没有限定的数据库来实现，以使得数据项目灵活可变，有利于对数据项目缺失和扩充的兼容。例如可以使用MongoDB集群来实现该数据库，但是也可以使用CouchDB等类似数据库来实现。具体来说，采用集群的形式可以实现以下优势：1.分布式存储，提高写入更新速度；2.分布式查询计算，提高查询效率；3.集群内冗余备份，提高数据可靠性。The database can be implemented using any suitable database, for example, a document type database can be selected, and the present invention preferably selects a database with no limitation on the number of data columns, so that the data items are flexible and changeable, which is beneficial to the lack and expansion of data items compatible. The database can be implemented, for example, using a MongoDB cluster, but it can also be implemented using a CouchDB or similar database. Specifically, the use of clusters can achieve the following advantages: 1. Distributed storage to improve write update speed; 2. Distributed query computing to improve query efficiency; 3. Redundant backup within the cluster to improve data reliability.

该系统还进一步包括云存储服务器端和推送服务器，其中：云存储服务器端，用于在有数据更新时向所述推送服务器下发条件信息和命令信息；推送服务器，用于根据该条件信息确定目标客户端，并通过所述套接字服务器将命令信息发送给目标客户端；以及目标客户端，用于根据命令信息实现其与云存储服务器端的数据同步，目标客户端是多个浏览器客户端中的客户端。The system further includes a cloud storage server end and a push server, wherein: the cloud storage server end is used to send condition information and command information to the push server when there is data update; the push server is used to determine according to the condition information target client, and send command information to the target client through the socket server; and the target client is used to realize data synchronization between it and the cloud storage server according to the command information, and the target client is a plurality of browser clients client in the terminal.

本发明的该防止恶意连接的系统将分发器的分发信息存储库构建为包括缓存器和数据库，其中对缓存器预先设置了预定时间段，缓存器对缓存在其中的信息保存该预定时间后就释放；另一方面浏览器客户端在与所述套接字服务器建立连接之后的另一预定时间段内，如果未向所述套接字服务器发送连接标识符，则套接字服务器断开建立的连接，从而杜绝存储资源的大量占用和搁置并且防止非法连接的产生。The system for preventing malicious connections of the present invention constructs the distribution information repository of the distributor to include a buffer and a database, wherein a predetermined period of time is preset for the buffer, and the cache saves the information cached therein for the predetermined time. release; on the other hand, within another predetermined period of time after the browser client establishes a connection with the socket server, if the connection identifier is not sent to the socket server, the socket server disconnects the established connection, so as to eliminate a large number of storage resources occupied and shelved and prevent the generation of illegal connections.

根据本发明的再一实施例，还提出了一种防止恶意连接的方法，图10示出了该方法的流程图。According to yet another embodiment of the present invention, a method for preventing malicious connections is also proposed, and FIG. 10 shows a flow chart of the method.

参照图10，该防止恶意连接的方法包括步骤：步骤S1001，浏览器客户端向分发器发送连接请求，以请求与套接字服务器建立连接。Referring to FIG. 10 , the method for preventing malicious connection includes steps: Step S1001 , the browser client sends a connection request to the distributor to request to establish a connection with the socket server.

步骤S1002，分发器接收浏览器客户端发送的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端，并将与该连接请求相关的信息以及该连接标识符缓存到缓存器中。Step S1002, the distributor receives the connection request sent by the browser client, and allocates a socket server for the browser client according to the connection request, and allocates a globally unique connection identifier for the connection, and the distributor distributes the allocated The connection information of the socket server and the connection identifier are sent to the browser client, and the information related to the connection request and the connection identifier are cached in the buffer.

在该步骤，分发器根据从浏览器客户端接收的连接请求中所包含的用户标识信息使用预设算法进行计算得到一个数值，根据该数值为提交连接请求的浏览器客户端分配套接字服务器。该数值是全局唯一的，即连接标识符。通过设置该预定时间段，可节约系统资源，防止恶意连接的产生。In this step, the distributor calculates a value based on the user identification information contained in the connection request received from the browser client using a preset algorithm, and assigns a socket server to the browser client submitting the connection request according to the value . This value is globally unique and is the connection identifier. By setting the predetermined time period, system resources can be saved and generation of malicious connections can be prevented.

所述用户标识信息包括：登录用户的用户名、非登录用户的机器硬件标识。对于登录用户来讲，其用户标识信息可以包括用户名，而对于非登录用户来讲，其用户标识信息可以包括用户的机器硬件标识。对于登录用户来讲，该用户标识信息可以为一字符串。其中，该字符串除了登录用户的用户名之外，还包括登录时间和验证字符等信息。用户名为用户唯一标识号，即一个数字，用于代表一个用户。验证字符根据用户名生成，即可通过验证字符判定用户标识信息是否被更改。对于非登录用户来讲，该用户标识信息可以包括非登录用户的机器硬件标识，其中机器硬件标识为机器唯一标识，为浏览器客户端通过用户机器硬件、系统配置等哈希生成。The user identification information includes: a user name of a login user, and a machine hardware identification of a non-login user. For a logged-in user, the user identification information may include a user name, and for a non-login user, the user identification information may include the user's machine hardware ID. For a logged-in user, the user identification information may be a character string. Wherein, in addition to the username of the logged-in user, the character string also includes information such as login time and verification characters. The username is the user unique identification number, which is a number used to represent a user. The verification character is generated according to the user name, and it can be determined whether the user identification information has been changed through the verification character. For non-logged-in users, the user identification information may include the non-logged-in user's machine hardware identification, where the machine hardware identification is a unique identification of the machine, which is generated by the browser client through the hash of the user's machine hardware and system configuration.

所述缓存器对缓存在其中的信息保存一预定时间段后释放。该预定时间段是对缓存器预先进行设定的，可根据实际需要来设置该时间段的大小，例如可以是30秒，该缓存器自动丢弃超过该时长的存储内容，释放存储空间。The buffer saves the information buffered therein for a predetermined period of time and then releases it. The predetermined time period is preset for the buffer, and the size of the time period can be set according to actual needs, for example, it can be 30 seconds, and the buffer automatically discards the stored content exceeding the time length to release the storage space.

该缓存器可以使用任何合适的缓存技术来实现，例如可使用Redis实现。Redis里面可以维护一个以资源标识符为关键字的信息列表，其中可包括用户标识信息、机器硬件标识、版本号等信息。The cache can be implemented using any suitable caching technology, for example, it can be implemented using Redis. Redis can maintain an information list with resource identifiers as keywords, which can include user identification information, machine hardware identification, version number and other information.

在步骤S1003，浏览器客户端根据分发器的分配与对应的套接字服务器建立连接。In step S1003, the browser client establishes a connection with the corresponding socket server according to the allocation of the distributor.

浏览器客户端在建立与套接字服务器的连接时，套接字服务器得到标识套接字服务器和浏览器客户端连接关系的资源标识符。When the browser client establishes a connection with the socket server, the socket server obtains a resource identifier identifying the connection relationship between the socket server and the browser client.

步骤S1004，套接字服务器经由所建立的与所述浏览器客户端的连接从浏览器客户端接收所述连接标识符，并根据缓存在缓存器中的连接标识符对该接收到的连接标识符进行验证，根据验证结果保持或断开所述连接。Step S1004, the socket server receives the connection identifier from the browser client via the established connection with the browser client, and assigns the received connection identifier to the received connection identifier according to the connection identifier cached in the buffer. Authentication is performed, and the connection is maintained or disconnected according to the authentication result.

如果浏览器客户端在与所述套接字服务器建立连接之后的另一预定时间段内，浏览器客户端未向套接字服务器发送连接标识符，则套接字服务器断开所建立的连接。该预定时间段被预先设定，例如可以是10秒，可根据实际需要来设置该时间段的长短。If the browser client does not send a connection identifier to the socket server within another predetermined period of time after the browser client establishes a connection with the socket server, the socket server disconnects the established connection . The predetermined time period is preset, for example, may be 10 seconds, and the length of the time period may be set according to actual needs.

在该步骤，如果套接字服务器对所述连接标识符的验证结果为通过，则保持所述已经建立的连接，如果未通过，则断开所述连接。该验证是指验证所述套接字服务器从所述提交请求的浏览器客户端接收到连接标识符是否保存在所述缓存器中，如果有保存，则验证结果为合法，否则为非法。In this step, if the verification result of the connection identifier by the socket server is passed, the established connection is maintained, and if not passed, the connection is disconnected. The verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the buffer, if there is, the verification result is legal, otherwise it is illegal.

该数据库可以使用任何合适的数据库来实现，例如可以选择文档类型数据库，本发明优选地选择对数据列数没有限定的数据库来实现，以使得数据项目灵活可变，有利于对数据项目缺失和扩充的兼容。例如可以使用MongoDB集群来实现该数据库，但是也可以使用CouchDB等类似数据库来实现。该方法还进一步包括步骤S1005，云存储服务器端在有数据更新时向所述推送服务器下发条件信息和命令信息。The database can be implemented using any suitable database, for example, a document type database can be selected, and the present invention preferably selects a database with no limitation on the number of data columns, so that the data items are flexible and changeable, which is beneficial to the lack and expansion of data items compatible. The database can be implemented, for example, using a MongoDB cluster, but it can also be implemented using a CouchDB or similar database. The method further includes step S1005, the cloud storage server sends condition information and command information to the push server when there is data update.

步骤S1006，推送服务器根据该条件信息确定目标客户端，并通过套接字服务器将所述命令信息发送给所述目标客户端。Step S1006, the push server determines the target client according to the condition information, and sends the command information to the target client through the socket server.

步骤S1007，目标客户端根据所述命令信息实现其与云存储服务器端的数据同步，目标客户端是多个浏览器客户端中的客户端。Step S1007, the target client implements data synchronization with the cloud storage server according to the command information, and the target client is a client among multiple browser clients.

根据本发明的再一实施例，还提供了一种防止恶意连接的系统。该系统包括：云存储服务器端、推送服务器和多个浏览器客户端、分发器和套接字服务器。According to yet another embodiment of the present invention, a system for preventing malicious connections is also provided. The system includes: cloud storage server side, push server and multiple browser clients, distributor and socket server.

云存储服务器端用于在有数据更新时向所述推送服务器下发条件信息和命令信息。The cloud storage server is used to send condition information and command information to the push server when there is data update.

推送服务器用于根据该条件信息在所述多个浏览器客户端中确定目标客户端，并通过套接字服务器将所述命令信息发送给所述目标客户端。The push server is used to determine the target client among the plurality of browser clients according to the condition information, and send the command information to the target client through the socket server.

目标客户端用于根据所述命令信息实现其与云存储服务器端的数据同步。The target client is used to realize data synchronization with the cloud storage server according to the command information.

分发器连接多个浏览器客户端和套接字服务器，用于接收所述多个浏览器客户端发送的与套接字服务器进行连接的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述多个浏览器客户端，并将与连接请求相关的信息以及该连接标识符缓存到缓存器中。The distributor connects multiple browser clients and the socket server, is used to receive the connection requests sent by the multiple browser clients to connect with the socket server, and provides the browser client with the connection request according to the connection request. assigning a socket server, and assigning a globally unique connection identifier for the connection, the distributor sends the connection information of the assigned socket server and the connection identifier to the plurality of browser clients, and Information related to the connection request and the connection identifier are cached in the cache.

其中分发器根据从浏览器客户端接收的连接请求中所包含的用户标识信息使用预设算法进行计算得到一个数值，根据该数值为提交连接请求的浏览器客户端分配套接字服务器，其中该数值是全局唯一的，即连接标识符。所述用户标识信息包括：登录用户的用户名、非登录用户的机器硬件标识。The distributor calculates a value based on the user identification information contained in the connection request received from the browser client using a preset algorithm, and assigns a socket server to the browser client that submits the connection request according to the value, wherein the The value is globally unique, the connection identifier. The user identification information includes: a user name of a login user, and a machine hardware identification of a non-login user.

套接字服务器连接所述分发器、推送服务器和多个浏览器客户端，用于从所述多个浏览器客户端接收所述连接标识符并进行验证，根据验证结果来保持或断开与所述多个浏览器客户端之间的连接，并用于将所述命令信息从推送服务器转发给所述目标客户端。该验证是指验证所述套接字服务器从所述提交请求的浏览器客户端接收到连接标识符是否保存在所述缓存器中，如果有保存，则验证结果为合法，否则为非法。The socket server connects the distributor, the push server and a plurality of browser clients, and is used to receive and verify the connection identifier from the plurality of browser clients, and maintain or disconnect the connection identifier according to the verification result. The connections between the multiple browser clients are used to forward the command information from the push server to the target client. The verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the buffer, if there is, the verification result is legal, otherwise it is illegal.

其中所述连接是TCP连接，如果所述套接字服务器对所述连接标识符的验证结果为通过，则保持所述已经建立的连接，如果未通过，则断开所述连接。Wherein the connection is a TCP connection, if the verification result of the connection identifier by the socket server is passed, the established connection is maintained, and if not passed, the connection is disconnected.

上述缓存器对缓存在其中的信息保存第一预定时间段后释放。如果所述浏览器客户端在与所述套接字服务器建立连接之后的第二预定时间段内，所述浏览器客户端未向所述套接字服务器发送所述连接标识符，则所述套接字服务器断开所述建立的连接。The above buffer stores the information cached therein for a first predetermined period of time and then releases it. If the browser client does not send the connection identifier to the socket server within a second predetermined period of time after the browser client establishes a connection with the socket server, the The socket server disconnects said established connection.

浏览器客户端在建立与所述套接字服务器的连接时，所述套接字服务器得到标识套接字服务器和浏览器客户端连接关系的资源标识符。When the browser client establishes a connection with the socket server, the socket server obtains a resource identifier identifying the connection relationship between the socket server and the browser client.

上述目标客户端是多个所述浏览器客户端中的客户端。The above-mentioned target client is a client in multiple browser clients.

根据本发明的再一实施例，还提供了一种用于对多个套接字服务器进行分发的分发器，图11为该分发器的结构框图。参照图11，该分发器包括：接收器1101，用于接收浏览器客户端发送的连接请求；分配器1102，用于根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符；发送器1103，用于将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端；缓存器1104，用于缓存与该连接请求相关的信息以及该连接标识符；以及1105数据库，用于在所述连接标识符验证成功后，存储与该连接请求相关的信息、连接标识符，套接字服务器得到的标识套接字服务器和浏览器客户端连接关系的资源标识符。其中缓存器1104对缓存在其中的信息保存第一预定时间段后释放。According to yet another embodiment of the present invention, a distributor for distributing multiple socket servers is also provided, and FIG. 11 is a structural block diagram of the distributor. Referring to Fig. 11, the distributor includes: a receiver 1101 for receiving a connection request sent by a browser client; a distributor 1102 for assigning a socket server to the browser client according to the connection request, and for the browser client The connection allocates a globally unique connection identifier; the sender 1103 is used to send the connection information of the allocated socket server and the connection identifier to the browser client; the buffer 1104 is used to cache the connection information associated with the connection Request-related information and the connection identifier; and 1105 database, used to store the information related to the connection request, the connection identifier, and the socket server obtained by the socket server after the connection identifier is verified successfully The resource identifier associated with the browser client connection. The buffer 1104 saves the information buffered therein for a first predetermined period of time and then releases it.

根据本发明的再一实施例，还提供了一种用于对多个套接字服务器进行分发的方法，图12为该方法的流程图。参照图12，该方法包括步骤：步骤1201，接收浏览器客户端发送的连接请求；步骤1202，根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符；步骤1203，将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端；步骤1204，在缓存器中缓存与该连接请求相关的信息以及该连接标识符；以及步骤1205，在所述连接标识符验证成功后，在数据库中存储与该连接请求相关的信息、连接标识符，套接字服务器得到的标识套接字服务器和浏览器客户端连接关系的资源标识符。According to yet another embodiment of the present invention, a method for distributing multiple socket servers is also provided, and FIG. 12 is a flowchart of the method. Referring to Fig. 12, the method includes steps: step 1201, receiving a connection request sent by the browser client; step 1202, assigning a socket server to the browser client according to the connection request, and assigning a globally unique connection to the connection Identifier; step 1203, send the connection information of the allocated socket server and the connection identifier to the browser client; step 1204, cache the information related to the connection request and the connection identifier in the buffer character; and step 1205, after the successful verification of the connection identifier, store the information related to the connection request, the connection identifier, and the socket server obtained by the socket server to identify the connection relationship between the socket server and the browser client The resource identifier for .

其中，缓存器对缓存在其中的信息保存第一预定时间段后释放。Wherein, the buffer saves the information buffered therein for a first predetermined period of time and then releases it.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述，构造这类系统所要求的结构是显而易见的。此外，本发明也不针对任何特定编程语言。应当明白，可以利用各种编程语言实现在此描述的本发明的内容，并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中，说明了大量具体细节。然而，能够理解，本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中，并未详细示出公知的方法、结构和技术，以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地，应当理解，为了精简本公开并帮助理解各个发明方面中的一个或多个，在上面对本发明的示例性实施例的描述中，本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而，并不应将该公开的方法解释成反映如下意图：即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说，如下面的权利要求书所反映的那样，发明方面在于少于前面公开的单个实施例的所有特征。因此，遵循具体实施方式的权利要求书由此明确地并入该具体实施方式，其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解，可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件，以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外，可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述，本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外，本领域的技术人员能够理解，尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征，但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如，在下面的权利要求书中，所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现，或者以在一个或者多个处理器上运行的软件模块实现，或者以它们的组合实现。本领域的技术人员应当理解，可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的相关设备中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如，计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上，或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到，或者在载体信号上提供，或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in related devices according to the embodiments of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制，并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中，不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中，这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

本文公开了A1、一种防止恶意连接的系统，该系统包括：浏览器客户端，用于向分发器发送连接请求，以请求与套接字服务器建立连接，并根据所述分发器的分配与对应的套接字服务器建立连接；分发器，用于接收浏览器客户端发送的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端，并将与该连接请求相关的信息以及该连接标识符缓存到缓存器中；套接字服务器，用于经由所建立的与所述浏览器客户端的连接从浏览器客户端接收所述连接标识符，并根据缓存在缓存器中的连接标识符对该接收到的连接标识符进行验证，根据验证结果保持或断开所述连接。A2、根据A1所述的系统，其中，所述浏览器客户端根据所述分发器的分配与对应的套接字服务器建立连接包括：所述浏览器客户端根据从分发器接收的所述连接信息和连接标识符与所述套接字服务器建立连接。A3、根据A2所述的系统，其中，所述连接是传输控制协议TCP连接，如果所述套接字服务器对所述连接标识符的验证结果为通过，则保持所述已经建立的连接，如果未通过，则断开所述连接。A4、根据A1-A3任一项所述的系统，其中，所述缓存器对缓存在其中的信息保存第一预定时间段后释放。A5、根据A4所述的系统，其中，如果所述浏览器客户端在与所述套接字服务器建立连接之后的第二预定时间段内，所述浏览器客户端未向所述套接字服务器发送所述连接标识符，则所述套接字服务器断开所述建立的连接。A6、根据A1所述的系统，其中，所述分发器根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符包括：所述分发器根据从浏览器客户端接收的连接请求中所包含的用户标识信息使用预设算法进行计算得到连接标识符，根据该连接标识符为提交连接请求的浏览器客户端分配套接字服务器。A7、根据A1所述的系统，其中，所述浏览器客户端在建立与所述套接字服务器的连接时，所述套接字服务器得到标识该套接字服务器和浏览器客户端连接关系的资源标识符。A8、根据A1所述的系统，其中，所述套接字服务器在对连接标识符验证成功后，从所述缓存器中提取与该连接请求相关的信息、连接标识符，将提取出的信息连同所得到的资源标识符一并存入分发器的数据库。A9、根据A8所述的系统，其中，所述用户标识信息包括：登录用户的用户名、非登录用户的机器硬件标识。A10、根据A4所述的系统，其中，所述验证是指验证所述套接字服务器从所述提交请求的浏览器客户端接收到连接标识符是否保存在所述缓存器中，如果有保存，则验证结果为合法，否则为非法。A11、根据A1-A10任一项所述的系统，其中，该系统进一步包括云存储服务器端和推送服务器，其中：所述云存储服务器端，用于在有数据更新时向所述推送服务器下发条件信息和命令信息；所述推送服务器，用于根据该条件信息确定目标客户端，并通过所述套接字服务器将所述命令信息发送给所述目标客户端；以及所述目标客户端，用于根据所述命令信息实现其与云存储服务器端的数据同步，所述目标客户端是多个所述浏览器客户端中的客户端。This paper discloses A1, a system for preventing malicious connections, the system includes: a browser client, used to send a connection request to the distributor to request to establish a connection with the socket server, and according to the distribution and The corresponding socket server establishes a connection; the distributor is used to receive the connection request sent by the browser client, and allocate a socket server to the browser client according to the connection request, and assign a globally unique connection to the connection identifier, the distributor sends the allocated socket server connection information and the connection identifier to the browser client, and caches the information related to the connection request and the connection identifier in the buffer; The socket server is configured to receive the connection identifier from the browser client via the established connection with the browser client, and to assign the received connection identifier to the received connection identifier according to the connection identifier cached in the buffer. Authentication is performed, and the connection is maintained or disconnected according to the authentication result. A2. The system according to A1, wherein the browser client establishes a connection with the corresponding socket server according to the distribution of the distributor, including: the browser client receives the connection from the distributor information and a connection identifier to establish a connection with the socket server. A3. The system according to A2, wherein the connection is a Transmission Control Protocol TCP connection, and if the verification result of the connection identifier by the socket server is passed, then the established connection is maintained, if If not passed, the connection is disconnected. A4. The system according to any one of A1-A3, wherein the buffer saves the information buffered therein for a first predetermined period of time and then releases it. A5. The system according to A4, wherein if the browser client does not connect to the socket server within a second predetermined period of time after the browser client establishes a connection with the socket server If the server sends the connection identifier, the socket server disconnects the established connection. A6. The system according to A1, wherein the distributor allocates a socket server for the browser client according to the connection request, and assigning a globally unique connection identifier for the connection comprises: The user identification information included in the connection request received by the browser client is calculated using a preset algorithm to obtain a connection identifier, and a socket server is assigned to the browser client that submits the connection request according to the connection identifier. A7. The system according to A1, wherein, when the browser client establishes a connection with the socket server, the socket server obtains an identification of the connection relationship between the socket server and the browser client The resource identifier for . A8. The system according to A1, wherein, after the socket server successfully verifies the connection identifier, it extracts the information related to the connection request and the connection identifier from the cache, and the extracted information Together with the obtained resource identifier, it is stored in the distributor's database. A9. The system according to A8, wherein the user identification information includes: a user name of a logged-in user, and a machine hardware ID of a non-logged-in user. A10. The system according to A4, wherein the verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the cache, if there is , the verification result is legal, otherwise it is illegal. A11. The system according to any one of A1-A10, wherein the system further includes a cloud storage server end and a push server, wherein: the cloud storage server end is used to download to the push server when there is data update sending condition information and command information; the push server is configured to determine a target client according to the condition information, and send the command information to the target client through the socket server; and the target client , used to implement data synchronization with the cloud storage server according to the command information, and the target client is a client among the plurality of browser clients.

本文公开了B12、一种防止恶意连接的方法，该方法包括：浏览器客户端向分发器发送连接请求，以请求与套接字服务器建立连接；分发器接收浏览器客户端发送的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述浏览器客户端，并将与该连接请求相关的信息以及该连接标识符缓存到缓存器中；所述浏览器客户端根据所述分发器的分配与对应的套接字服务器建立连接；套接字服务器经由所建立的与所述浏览器客户端的连接从浏览器客户端接收所述连接标识符，并根据缓存在缓存器中的连接标识符对该接收到的连接标识符进行验证，根据验证结果保持或断开所述连接。B13、根据B12所述的方法，其中，所述浏览器客户端根据所述分发器的分配与对应的套接字服务器建立连接包括：所述浏览器客户端根据从分发器接收的所述连接信息和连接标识符与所述套接字服务器建立连接。B14、根据B13所述的方法，其中，所述连接是传输控制协议TCP连接，并且该方法进一步包括步骤：如果所述套接字服务器对所述连接标识符的验证结果为通过，则保持所述已经建立的连接，如果未通过，则断开所述连接。B15、根据B12-B14任一项所述的方法，其中，该方法进一步包括步骤：所述缓存器对缓存在其中的信息保存第一预定时间段后释放。B16、根据B15所述的方法，其中，该方法进一步包括步骤：如果所述浏览器客户端在与所述套接字服务器建立连接之后的第二预定时间段内，所述浏览器客户端未向所述套接字服务器发送所述连接标识符，则所述套接字服务器断开所述建立的连接。B17、根据B12所述的方法，其中，所述分发器根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符包括：所述分发器根据从浏览器客户端接收的连接请求中所包含的用户标识信息使用预设算法进行计算得到连接标识符，根据该连接标识符为提交连接请求的浏览器客户端分配套接字服务器。B18、根据B12所述的方法，其中，该方法进一步包括步骤：所述浏览器客户端在建立与所述套接字服务器的连接时，所述套接字服务器得到标识该套接字服务器和浏览器客户端连接关系的资源标识符。B19、根据B12所述的方法，其中，该方法进一步包括步骤：所述套接字服务器在对连接标识符验证成功后，从所述缓存器中提取与该连接请求相关的信息、连接标识符，将提取出的信息连同所得到的资源标识符一并存入分发器的数据库。B20、根据B19所述的方法，其中，所述用户标识信息包括：登录用户的用户名、非登录用户的机器硬件标识。B21、根据B15所述的方法，其中，所述验证是指验证所述套接字服务器从所述提交请求的浏览器客户端接收到的连接标识符是否保存在所述缓存器中，如果有保存，则验证结果为合法，否则为非法。B22、根据B12-B21任一项所述的方法，其中，该方法进一步包括步骤：所述云存储服务器端在有数据更新时向所述推送服务器下发条件信息和命令信息；所述推送服务器根据该条件信息确定目标客户端，并通过所述套接字服务器将所述命令信息发送给所述目标客户端；以及所述目标客户端根据所述命令信息实现其与云存储服务器端的数据同步，所述目标客户端是多个所述浏览器客户端中的客户端。This paper discloses B12, a method for preventing malicious connections, the method comprising: the browser client sends a connection request to the distributor to request to establish a connection with the socket server; the distributor receives the connection request sent by the browser client, And assign a socket server to the browser client according to the connection request, and assign a globally unique connection identifier to the connection, and the distributor sends the connection information of the assigned socket server and the connection identifier to all The browser client, and the information related to the connection request and the connection identifier are cached in the buffer; the browser client establishes a connection with the corresponding socket server according to the allocation of the distributor; The socket server receives the connection identifier from the browser client via the established connection with the browser client, and verifies the received connection identifier according to the connection identifier cached in the cache, according to The verification result maintains or disconnects the connection. B13. The method according to B12, wherein the browser client establishes a connection with the corresponding socket server according to the distribution of the distributor, including: the browser client receives the connection from the distributor information and a connection identifier to establish a connection with the socket server. B14. The method according to B13, wherein the connection is a Transmission Control Protocol TCP connection, and the method further includes the step of: if the verification result of the connection identifier by the socket server is passed, then keep the If the established connection is not passed, the connection is disconnected. B15. The method according to any one of B12-B14, wherein the method further includes a step: the buffer saves the information cached therein for a first predetermined period of time and then releases it. B16. The method according to B15, wherein the method further includes the step: if the browser client does not sending the connection identifier to the socket server, and the socket server disconnects the established connection. B17. The method according to B12, wherein the distributor allocates a socket server for the browser client according to the connection request, and assigning a globally unique connection identifier for the connection comprises: The user identification information included in the connection request received by the browser client is calculated using a preset algorithm to obtain a connection identifier, and a socket server is assigned to the browser client that submits the connection request according to the connection identifier. B18. The method according to B12, wherein the method further includes the step: when the browser client establishes a connection with the socket server, the socket server obtains the identification of the socket server and The resource identifier of the browser client connection relationship. B19. The method according to B12, wherein the method further includes the step: after the socket server successfully verifies the connection identifier, extracts the information related to the connection request and the connection identifier from the cache , and store the extracted information together with the obtained resource identifier into the database of the distributor. B20. The method according to B19, wherein the user identification information includes: a user name of a logged-in user, and a machine hardware identifier of a non-logged-in user. B21. The method according to B15, wherein the verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the cache, if there is If saved, the verification result is legal, otherwise it is illegal. B22. The method according to any one of B12-B21, wherein the method further includes the step: the cloud storage server sends condition information and command information to the push server when there is data update; the push server Determine the target client according to the condition information, and send the command information to the target client through the socket server; and the target client realizes data synchronization with the cloud storage server according to the command information , the target client is a client in multiple browser clients.

本文公开了C23、一种浏览器实时同步中防止恶意连接的系统，该系统包括云存储服务器端、推送服务器和多个浏览器客户端、分发器和套接字服务器，其中：所述云存储服务器端，用于在有数据更新时向所述推送服务器下发条件信息和命令信息；所述推送服务器，用于根据该条件信息在所述多个浏览器客户端中确定目标客户端，并通过套接字服务器将所述命令信息发送给所述目标客户端；以及所述目标客户端，用于根据所述命令信息实现其与云存储服务器端的数据同步；分发器，其连接所述多个浏览器客户端和套接字服务器，用于接收所述多个浏览器客户端发送的与套接字服务器进行连接的连接请求，并根据该连接请求为该浏览器客户端分配套接字服务器，并为该连接分配全局唯一的连接标识符，分发器将所分配的套接字服务器的连接信息与该连接标识符发送至所述多个浏览器客户端，并将与连接请求相关的信息以及该连接标识符缓存到缓存器中；套接字服务器，其连接所述分发器、推送服务器和多个浏览器客户端，用于从所述多个浏览器客户端接收所述连接标识符并进行验证，根据验证结果来保持或断开与所述多个浏览器客户端之间的连接，并用于将所述命令信息从推送服务器转发给所述目标客户端。This paper discloses C23, a system for preventing malicious connections in real-time browser synchronization, the system includes a cloud storage server, a push server, multiple browser clients, a distributor, and a socket server, wherein: the cloud storage The server end is used to send condition information and command information to the push server when there is data update; the push server is used to determine the target client among the plurality of browser clients according to the condition information, and Send the command information to the target client through the socket server; and the target client is used to synchronize data with the cloud storage server according to the command information; the distributor connects the multiple A browser client and a socket server, configured to receive connection requests sent by the plurality of browser clients to connect to the socket server, and allocate sockets to the browser clients according to the connection requests server, and allocate a globally unique connection identifier for the connection, the distributor sends the connection information of the allocated socket server and the connection identifier to the multiple browser clients, and sends the connection request-related information to the multiple browser clients. The information and the connection identifier are cached in the cache; the socket server is connected to the distributor, the push server and a plurality of browser clients, and is used to receive the connection identifier from the plurality of browser clients and perform verification, maintain or disconnect the connections with the plurality of browser clients according to the verification results, and forward the command information from the push server to the target client.

Claims

1. A system for preventing malicious connections, the system comprising:

The browser client is used to send a connection request to the distributor to request to establish a connection with the socket server, and to establish a connection with the corresponding socket server according to the distribution of the distributor;

The distributor is used to receive the connection request sent by the browser client, and assign a socket server to the browser client according to the connection request, and assign a globally unique connection identifier to the connection. The socket server connection information and the connection identifier are sent to the browser client, and the information related to the connection request and the connection identifier are cached in the buffer;

The socket server is configured to receive the connection identifier from the browser client via the established connection with the browser client, and to assign the received connection identifier to the received connection identifier according to the connection identifier cached in the buffer. Authentication is performed, and the connection is maintained or disconnected according to the authentication result.

2. The system according to claim 1, wherein said browser client establishes a connection with a corresponding socket server according to the assignment of said distributor, comprising: said browser client receives said browser client from said distributor according to said Establish a connection with the socket server according to the connection information and the connection identifier.

3. The system according to claim 2, wherein the connection is a Transmission Control Protocol (TCP) connection, and if the verification result of the connection identifier by the socket server is passed, the established connection is maintained , and if not passed, disconnect said connection.

4. The system according to claim 1, wherein the cache stores the information cached therein for a first predetermined period of time before releasing it.

5. The system according to claim 4, wherein if the browser client does not send a message to the socket server within a second predetermined period of time after the browser client establishes a connection with the socket server. If the socket server sends the connection identifier, the socket server disconnects the established connection.

6. The system according to claim 1, wherein the distributor allocates a socket server for the browser client according to the connection request, and assigning a globally unique connection identifier for the connection comprises: the distributor According to the user identification information contained in the connection request received from the browser client, the connection identifier is calculated by using a preset algorithm, and the socket server is allocated to the browser client submitting the connection request according to the connection identifier.

7. The system according to claim 1, wherein, when the browser client establishes a connection with the socket server, the socket server obtains the identification of the socket server and the browser client The resource identifier for the connection relationship.

8. The system according to claim 1, wherein, after the socket server verifies the connection identifier successfully, it extracts information related to the connection request and the connection identifier from the buffer, and extracts the The information is stored in the distributor's database together with the obtained resource identifier.

9. The system according to claim 6, wherein the user identification information includes: a user name of a logged-in user, and a machine hardware ID of a non-logged-in user.

10. The system according to claim 4, wherein the verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the buffer, if there is , the verification result is legal, otherwise it is illegal.

11. The system according to any one of claims 1-10, wherein the system further comprises a cloud storage server and a push server, wherein:

The cloud storage server end is used to send condition information and command information to the push server when there is data update;

The push server is configured to determine a target client according to the condition information, and send the command information to the target client through the socket server;

And the target client is used to realize data synchronization with the cloud storage server according to the command information, the target client is a client among the plurality of browser clients.

12. A method of preventing malicious connections, the method comprising:

The browser client sends a connection request to the distributor to request to establish a connection with the socket server;

The distributor receives the connection request sent by the browser client, and allocates a socket server for the browser client according to the connection request, and allocates a globally unique connection identifier for the connection, and the distributor distributes the allocated socket sending the connection information of the server and the connection identifier to the browser client, and caching the information related to the connection request and the connection identifier in the cache;

The browser client establishes a connection with the corresponding socket server according to the distribution of the distributor;

the socket server receives the connection identifier from the browser client via the established connection with the browser client, and verifies the received connection identifier according to the connection identifier cached in the cache, The connection is maintained or disconnected according to the verification result.

13. The method according to claim 12, wherein said browser client establishes a connection with a corresponding socket server according to the distribution of said distributor comprises: said browser client according to said distribution device received from the distributor Establish a connection with the socket server according to the connection information and the connection identifier.

14. The method according to claim 13, wherein the connection is a Transmission Control Protocol (TCP) connection, and the method further comprises the step of: if the verification result of the connection identifier by the socket server is passed, then The established connection is maintained, and if not passed, the connection is disconnected.

15. The method according to claim 12, wherein the method further comprises the step of: the buffer saves the information buffered therein for a first predetermined period of time and then releases it.

16. The method according to claim 15, wherein the method further comprises the step of: if the browser client establishes a connection with the socket server within a second predetermined period of time, the browser client If the client does not send the connection identifier to the socket server, the socket server disconnects the established connection.

17. The method according to claim 12, wherein the distributor allocates a socket server for the browser client according to the connection request, and assigning a globally unique connection identifier for the connection comprises:

The distributor calculates the connection identifier according to the user identification information contained in the connection request received from the browser client using a preset algorithm, and allocates a socket to the browser client submitting the connection request according to the connection identifier server.

18. The method according to claim 12, wherein the method further comprises the step of: when the browser client establishes a connection with the socket server, the socket server obtains an The resource identifier of the server and browser client connection relationship.

19. The method of claim 12, wherein the method further comprises the steps of:

After the socket server successfully verifies the connection identifier, it extracts the information related to the connection request and the connection identifier from the buffer, and stores the extracted information together with the obtained resource identifier in the Distributor's database.

20. The method according to claim 17, wherein the user identification information includes: a user name of a logged-in user, and a machine hardware ID of a non-logged-in user.

21. The method according to claim 15, wherein the verification refers to verifying whether the connection identifier received by the socket server from the browser client submitting the request is stored in the buffer, if there is If saved, the verification result is legal, otherwise it is illegal.

22. The method according to any one of claims 12-21, wherein the method further comprises the steps of:

The cloud storage server sends condition information and command information to the push server when there is data update;

The push server determines the target client according to the condition information, and sends the command information to the target client through the socket server;

And the target client implements data synchronization with the cloud storage server according to the command information, and the target client is a client among the plurality of browser clients.

23. A system for preventing malicious connections in browser real-time synchronization, the system includes cloud storage server, push server and multiple browser clients, distributor and socket server, wherein:

The push server is configured to determine a target client among the plurality of browser clients according to the condition information, and send the command information to the target client through a socket server;

And the target client is used to realize data synchronization with the cloud storage server according to the command information;

A distributor, which connects the multiple browser clients and the socket server, is used to receive the connection requests sent by the multiple browser clients to connect to the socket server, and provide the socket server according to the connection request The browser client allocates a socket server, and allocates a globally unique connection identifier for the connection, and the distributor sends the connection information of the allocated socket server and the connection identifier to the plurality of browser clients , and cache the information related to the connection request and the connection identifier in the cache;

A socket server, which is connected to the distributor, the push server and a plurality of browser clients, is used to receive and verify the connection identifiers from the plurality of browser clients, and maintain or disconnect the connection identifiers according to the verification results. Opening connections with the plurality of browser clients, and for forwarding the command information from the push server to the target client.