CN104967590A - Method, apparatus and system for transmitting communication message - Google Patents
Method, apparatus and system for transmitting communication message Download PDFInfo
- Publication number
- CN104967590A CN104967590A CN201410480115.5A CN201410480115A CN104967590A CN 104967590 A CN104967590 A CN 104967590A CN 201410480115 A CN201410480115 A CN 201410480115A CN 104967590 A CN104967590 A CN 104967590A
- Authority
- CN
- China
- Prior art keywords
- service server
- terminal
- target service
- server
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 164
- 238000000034 method Methods 0.000 title claims abstract description 139
- 230000008569 process Effects 0.000 claims abstract description 100
- 230000005540 biological transmission Effects 0.000 claims abstract description 88
- 238000012545 processing Methods 0.000 claims abstract description 22
- 238000003860 storage Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 238000013507 mapping Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002224 dissection Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
- H04L67/63—Routing a service request depending on the request content or context
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method, apparatus and system for transmitting a communication message, and belongs to the technical field of internet. The method comprises the following steps: receiving a handshake request message sent by a terminal; according to a corresponding relation between a pre-stored domain name and a service server address, determining a target service server address corresponding to a target domain name carried by the handshake request message; forwarding the handshake request message to a target service server corresponding to the target service server address so as to enable the target service server to carry out a handshake processing process with the terminal; and carrying out unvarnished transmission on a subsequent communication message between the terminal and the target service server. By using the method, apparatus and system provided by the invention, the security of transmitting the communication message can be improved.
Description
Technical field
The present invention relates to Internet technical field, particularly a kind of methods, devices and systems of transport communication message.
Background technology
Along with the development of Internet technology, Web (network) service becomes most important on the Internet, one of trafficwise the most widely.For the transmission means of data in Web service, prior art proposes HTTPS (HyperText Transfer Protocol over Secure Socket Layer, Hyper text transfer security protocol), realize the encryption to transmission data, to strengthen the fail safe of transfer of data.
In order to the response speed of increasing terminal access Web server (also can be described as service server), CDN (Content Delivery Network can be set in a network, content distributing network) server, the private key that CDN server deploy has server to provide and certificate, the server identity information of the PKI corresponding with private key and service server is comprised in certificate, server identity information may be used for the authentication of terminal to CDN, and private key and PKI may be used for encrypting and decrypting the data of transmission.Certificate shaking hands in processing procedure, can be sent to terminal by CDN server.When using HTTPS agreement to carry out transfer of data, terminal can send HTTPS request to CDN server, after CDN server receives HTTPS request, the private key self disposed is used to be decrypted HTTPS request, obtain the domain name in HTTPS request, then according to domain name determination address of service server, and then HTTPS request is sent to service server; After service server receives this request, corresponding data are returned to this CDN server, the private key that CDN server uses self to dispose is encrypted data, then sends the data to terminal, completes transfer of data.
Realizing in process of the present invention, inventor finds that prior art at least exists following problem:
CDN server needs to be decrypted HTTPS request, and to determine address of service server, therefore, service server needs the private key of self to be deployed in CDN server, easily causes the leaking data of private key, thus, reduce the fail safe of transmission data.
Summary of the invention
In order to solve the problem of prior art, embodiments provide a kind of methods, devices and systems of transport communication message.Described technical scheme is as follows:
First aspect, provide a kind of method of transport communication message, described method comprises:
The handshake request message that receiving terminal sends;
According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that the target domain name of carrying in described handshake request message is corresponding;
Forward described handshake request message to the target service server that described target service server address is corresponding, carry out handshake process process to make described target service server and described terminal;
Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server.
Second aspect, provide a kind of method of transport communication message, described method comprises:
Receive the handshake request message of the terminal that content distribution network CDN service device forwards;
Handshake process process is carried out with described terminal;
By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
The third aspect, provides a kind of CDN server, and described CDN server comprises:
Receiver module, for the handshake request message that receiving terminal sends;
Determination module, for the corresponding relation according to the domain name that prestores and address of service server, determines the target service server address that the target domain name of carrying in described handshake request message is corresponding;
Sending module, forwards described handshake request message for the target service server corresponding to described target service server address, carries out handshake process process to make described target service server and described terminal; Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server.
Fourth aspect, provides a kind of service server, and described service server comprises:
Receiver module, for receiving the handshake request message of the terminal that content distribution network CDN service device forwards;
Processing module, for carrying out handshake process process with described terminal; By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
5th aspect, provides a kind of system of transport communication message, and described system comprises terminal, content distribution network CDN service device and service server, wherein:
Described CDN server, for receiving the handshake request message that described terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that the target domain name of carrying in described handshake request message is corresponding; Forward described handshake request message to the target service server that described target service server address is corresponding, carry out handshake process process to make described target service server and described terminal; Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server;
Described service server, for receiving the handshake request message of the terminal that described CDN server forwards; Handshake process process is carried out with described terminal; By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
The beneficial effect that the technical scheme that the embodiment of the present invention provides is brought is:
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the method flow diagram of a kind of transport communication message that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram of a kind of transport communication message that the embodiment of the present invention provides;
Fig. 3 is the method flow diagram of a kind of transport communication message that the embodiment of the present invention provides;
Fig. 4 is a kind of system framework figure that the embodiment of the present invention provides;
Fig. 5 is the structural representation of a kind of CDN server that the embodiment of the present invention provides;
Fig. 6 is the structural representation of a kind of service server that the embodiment of the present invention provides;
Fig. 7 is the structural representation of a kind of CDN server that the embodiment of the present invention provides;
Fig. 8 is the structural representation of a kind of service server that the embodiment of the present invention provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Embodiment one
Embodiments provide a kind of method of transport communication message, the method can be realized jointly by CDN server and service server.
As shown in Figure 1, in the method, the handling process of CDN server can comprise following step:
Step 101, the handshake request message that receiving terminal sends.
Step 102, according to the corresponding relation of the domain name prestored and address of service server, determines the target service server address that the target domain name of carrying in described handshake request message is corresponding.
Step 103, forwards this handshake request message to the target service server that target service server address is corresponding, carries out handshake process process to make target service server and terminal.
Step 104, carries out transparent transmission to the follow-up communication information between terminal and target service server.
As shown in Figure 2, in the method, the handling process of service server can comprise following step:
Step 201, receives the handshake request message of the terminal that content distribution network CDN service device forwards.
Step 202, carries out handshake process process with terminal.
Step 203, by the transparent transmission of CDN server, carries out the transmission of communication information with terminal.
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
Embodiment two
Embodiments provide a kind of method of transport communication message, the method can be realized jointly by CDN server and service server.Wherein, service server can be the server of certain website.As shown in Figure 4, be the system framework figure of the embodiment of the present invention, comprising terminal, CDN server and service server.
As shown in Figure 3, the handling process of the method can comprise following step:
Step 301, the handshake request message that CDN server receiving terminal sends.
Wherein, handshake request message is the message of the initiation handshake process that terminal sends to CDN server, the certificate used during for obtaining Data Encryption Transmission, this handshake process can be SSL (Secure SocketsLayer, SSL) handshake process, handshake request message can be Client Hello (client hello) message.
In force, when user needs in terminal access website, link corresponding to this website can be clicked in a browser, terminal then can detect the click commands to linking, now triggering terminal can send handshake request message to CDN server, in handshake request message, the domain name (i.e. target domain name) of this website can be carried, CDN server can receive this handshake request message, and handshake request message is resolved, obtain the domain name in handshake request message, the information such as the cryptographic algorithm list that in handshake request message, all right carried terminal is supported.Such as, user is in the browser of terminal, click and pat link corresponding to net, then terminal can detect the click commands to linking, now triggering terminal can carry to CDN server transmission the handshake request message that domain name is www.paipai.com, CDN server can receive this handshake request message, and resolves handshake request message, obtains domain name www.paipai.com wherein.
Optionally, if do not carry target domain name in handshake request message, then can refuse this handshake request message.
In force, if SNI (instruction of Server Name Indication server name) do not supported by the browser of terminal, then terminal sends in handshake request message to CDN server, do not carry the domain name (i.e. target domain name) of website, after CDN server receives this handshake request message, resolve the handshake request message received, if determine not carry target domain name in this handshake request message, then CDN server can refuse this handshake request message.The mode of CDN server refusal handshake request message can be varied, refuse information can be returned to terminal, or, this handshake request message can be ignored, or, this handshake request message can be sent to the default server address of presetting, default server can return the feedback message of shaking hands of the certificate carrying self, terminal can receive feedback message of shaking hands, to shaking hands, feedback message is resolved, obtain the domain name in certificate, if the domain name in this certificate is not the domain name that user accesses, then point out access to make mistakes to user.
Step 302, CDN server, according to the corresponding relation of the domain name prestored and address of service server, determines the target service server address that the target domain name of carrying in handshake request message is corresponding.
In force, the service server of website can in advance at the server info of CDN server registration self, as the domain name of website and IP (the Internet Protocol of service server, the agreement interconnected between network) information such as address, wherein, the IP address of service server and address of service server.CDN server can set up the mapping table of domain name and IP address, as table 1:
The mapping table of the IP address of table 1 domain name and service server
| Domain name | The IP address of service server |
| www.paipai.com | 240.395.0.2 |
| www.sohu.com | 240.186.3.2 |
| www.baidu.com | 240.514.1.7 |
After CDN server obtains target domain name, can query aim domain name whether be the domain name recorded in above-mentioned mapping table, if aiming field is called the domain name recorded, then can obtain address of service server corresponding to target domain name (i.e. target service server address).Such as, CDN server can be inquired about after obtaining target domain name www.paipai.com in above-mentioned mapping table, through inquiry, www.paipai.com is the domain name recorded, then CDN server can obtain address of service server 240.395.0.2 corresponding to www.paipai.com.
Optionally, CDN server according to the corresponding relation of the domain name prestored and address of service server, after determining the target service server address that target domain name is corresponding, can also the corresponding relation of storage terminal and target service server.
In force, before terminal sends handshake request message to CDN server, can by setting up TCP (Transmission Control Protocol between network and CDN server, transmission control protocol) connect, CDN server can connect distribution first port for this TCP, and records corresponding first port-mark.After the target service server address that CDN server determination target domain name is corresponding, can be connected by setting up TCP between network with target service server, and be this TCP connection distribution second port, and record corresponding second port-mark.The carrying out that first port-mark is corresponding with the second port-mark can store by CDN server, sets up the corresponding relation of port-mark, i.e. the corresponding relation of terminal and target service server.CDN server can also receive the handshake request message carrying same target domain name that multiple terminal sends, often receive a handshake request message, the TCP that CDN server can be set up between one with target service server is connected, and then CDN server can store the corresponding relation of multipair port-mark.
Step 303, CDN server forwards this handshake request message to the target service server that target service server address is corresponding, carries out handshake process process to make target service server and terminal.
In force, after CDN server obtains target service server address corresponding to target domain name, CDN server can send corresponding handshake request message to this target service server address.Such as, after CDN server obtains target service server address 240.395.0.2 corresponding to www.paipai.com, can according to 240.395.0.2 with pat network server and set up TCP and be connected, then handshake request message can be connected send to by this TCP and pat network server.
Step 304, target service server receives the handshake request message of the terminal that CDN server forwards.
In force, target service server can receive the handshake request message of the terminal that CDN server forwards, and handshake request message is resolved, obtain the information such as the cryptographic algorithm list of the terminal support of carrying in handshake request message, to shake hands in processing procedure, use corresponding cryptographic algorithm, encryption and decryption process is carried out to the data of transmission.
Step 305, target service server and terminal carry out handshake process process.
Wherein, handshake process process is that the PKI of terminal acquisition target service server, the cryptographic algorithm adopted during confirmation transmission data between service server and terminal and terminal carry out the process of authentication to service server.
In force, service server can pre-set a pair PKI and private key, private key is kept at this locality by service server, for service server, encryption and decryption is carried out to transmission data, PKI then stores in the certificate, to send to terminal, carries out encryption and decryption for terminal to transmission data, also include the server identity information of service server in certificate, server identity information may be used for the authentication of terminal to CDN server.After target service server receives handshake request message, the cryptographic algorithm used during one or more cryptographic algorithm in the cryptographic algorithm list of terminal support can being defined as handshake process process, and to terminal send carry the handshake process process determined during the feedback message of shaking hands (or claiming Server Hello message, Server Hello message) of the information such as the cryptographic algorithm that uses and certificate.After terminal receives feedback message of shaking hands, server identity information in the certificate of shaking hands in feedback message can be verified, the legitimacy of authentication server identity information, and the PKI obtaining target service server in certificate, be encrypted or decryption processing data so that follow-up.
Optionally, can forward communication information between terminal and target service server by CDN server, accordingly, the process of step 305 can be as follows: target service server, by the transparent transmission of CDN server, carries out handshake process process with terminal.
In force, after target service server receives handshake request message, feedback message of shaking hands can be sent to CDN server, second port of CDN server then can receive the information of target service server transmission, CDN server can obtain this information and the second port-mark, then in the corresponding relation of the port-mark stored, inquire about the port-mark (i.e. first port-mark) corresponding with the second port-mark, and then determine the first port that the first port-mark is corresponding, then send to the first port feedback message of shaking hands.Like this, this feedback message of shaking hands can be connected by the TCP between CDN server with terminal and send to terminal.In like manner, when terminal sends message by CDN server to target service server, processing procedure is identical, and namely CDN server can realize the transparent transmission to the communication information between target service server and terminal, can complete handshake process process fast to make target service server and terminal.
Step 306, CDN server carries out transparent transmission to the follow-up communication information between terminal and target service server.
Wherein, communication information can be the message of any type such as data request information, data response message.
In force, after terminal and target service server complete handshake process process, CDN server is when receiving the communication message of terminal and target service server, dissection process can not be carried out to communication message, communication information is carried out transparent transmission, with the response speed of increasing terminal access destination service server.
Optionally, the processing procedure of step 306 can be as follows: when CDN server receives the first communication information that terminal sends to target service server, the first communication information is passed through target service server; When CDN server receives the second communication message that target service server sends to terminal, second communication message is passed through terminal.
In force, terminal can send communication information by being connected with the TCP that CDN server is set up, first port of CDN server then can receive the communication information of terminal transmission, CDN server can obtain this communication information and the first port-mark, then in the corresponding relation of the port-mark stored, inquire about the port-mark (i.e. second port-mark) corresponding with the first port-mark, and then determine the second port that the second port-mark is corresponding, the communication information of the terminal then arrived to the second port transmission and reception, like this, this communication information can be connected by the TCP between CDN server with service server and send to service server.In like manner, target service server can send communication information by being connected with the TCP that CDN server is set up to CDN server, second port of CDN server then can receive the communication information of target service server transmission, CDN server can obtain this communication information and the second port-mark, then in the corresponding relation of the port-mark stored, inquire about the port-mark (i.e. first port-mark) corresponding with the second port-mark, and then determine the first port that the first port-mark is corresponding, the communication information of the target service server then arrived to the first port transmission and reception, like this, this communication information can be connected by the TCP between CDN server with terminal and send to terminal.
Step 307, target service server, by the transparent transmission of CDN server, carries out the transmission of communication information with terminal.
Optionally, the process that target service server can be encrypted communication information or decipher, accordingly, the processing procedure of step 307 can be as follows: when target service server receives the first communication information of the terminal of CDN server transparent transmission, use the private key prestored to be decrypted the first communication information, the first communication information after deciphering is processed; When the existence of target service server needs the second communication message sending to terminal, use the private key prestored to be encrypted second communication message, the second communication message after encryption is passed through terminal by CDN server.
In force, when terminal sends data to target service server address, terminal can use public-key and to be encrypted data, generation can the communication information of safe transmission in a network, and then this communication information (i.e. the first communication information) can be sent to CDN server, CDN server can receive the first communication information, and according to the processing mode in above-mentioned steps, the first communication information is passed through target service server, after target service server receives the first communication information, the private key self stored can be used to be decrypted the first communication information, obtain information wherein, and then process accordingly.Such as, user carries out register by terminal on the login page patting net, after user inputs user name and login password, user can click login button, terminal then can detect and log in instruction accordingly, then terminal can use public-key to logging request, the information such as user name and user cipher is encrypted, generation can the communication information (i.e. the first communication information) of safe transmission in a network, and send the first communication information to CDN server, CDN server can receive the first communication information, and the first communication information is passed through pat network server, pat network server and can receive the first communication information, and the private key using self to store is decrypted process to the content in the first communication information, obtain the logging request in the first communication information, user name and user cipher, pat network server to verify user name and user cipher, if user name and user cipher correct, then corresponding to this user name account logs in process.
After target service server receives the request of data of terminal transmission, corresponding data can be sent to terminal by target service server, target service server can use the private key self stored to be encrypted data waiting for transmission, generation can the communication information (i.e. second communication message) of safe transmission in a network, and send second communication message to CDN server, CDN server can receive second communication message, and second communication message is passed through terminal.Such as, pat after network server receives the log on request of certain user, the accounts information (as head image information etc.) of this user is sent to terminal, patting network server can use the accounts information of private key to this user self stored to be encrypted, generate second communication message, and send second communication message to CDN server, CDN server can receive second communication message, and second communication message is passed through terminal, terminal can receive second communication message, and the PKI obtained from certificate in processing procedure of shaking hands before using is decrypted process to second communication message, obtain the accounts information in second communication message.
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
Embodiment three
Based on identical technical conceive, the embodiment of the present invention additionally provides a kind of CDN server, and as shown in Figure 5, described CDN server comprises:
Receiver module 510, for the handshake request message that receiving terminal sends;
Determination module 520, for the corresponding relation according to the domain name that prestores and address of service server, determines the target service server address that the target domain name of carrying in described handshake request message is corresponding;
Sending module 530, forwards described handshake request message for the target service server corresponding to described target service server address, carries out handshake process process to make described target service server and described terminal; Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server.
Optionally, described sending module 530, for:
When receiving the first communication information that described terminal sends to described target service server, described first communication information is passed through described target service server;
When receiving the second communication message that described target service server sends to described terminal, described second communication message is passed through described terminal.
Optionally, described determination module 520, also for:
If do not carry target domain name in described handshake request message, then refuse described handshake request message.
Based on identical technical conceive, the embodiment of the present invention additionally provides a kind of service server, and as shown in Figure 6, described service server comprises:
Receiver module 610, for receiving the handshake request message of the terminal that content distribution network CDN service device forwards;
Processing module 620, for carrying out handshake process process with described terminal; By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
Optionally, described processing module 620, for:
By the transparent transmission of described CDN server, carry out handshake process process with described terminal.
Optionally, described processing module 620, for:
When receiving first communication information of described terminal of described CDN server transparent transmission, using the private key prestored to be decrypted described first communication information, the first communication information after deciphering is processed;
When existence needs the second communication message sending to described terminal, the private key prestored described in using is encrypted described second communication message, and the second communication message after encryption is passed through described terminal by described CDN server.
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
Embodiment four
Based on identical technical conceive, the embodiment of the present invention additionally provides a kind of system of transport communication message, and described system comprises terminal, CDN server and service server, wherein:
Described CDN server, for receiving the handshake request message that described terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that the target domain name of carrying in described handshake request message is corresponding; Forward described handshake request message to the target service server that described target service server address is corresponding, carry out handshake process process to make described target service server and described terminal; Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server;
Described service server, for receiving the handshake request message of the terminal that described CDN server forwards; Handshake process process is carried out with described terminal; By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
Embodiment five
Fig. 7 is the structural representation of the CDN server that the embodiment of the present invention provides.This CDN server 1900 can produce larger difference because of configuration or performance difference, one or more central processing units (central processing units can be comprised, CPU) 1922 (such as, one or more processors) and memory 1932, one or more store the storage medium 1930 (such as one or more mass memory units) of application program 1942 or data 1944.Wherein, memory 1932 and storage medium 1930 can be of short duration storages or store lastingly.The program being stored in storage medium 1930 can comprise one or more modules (diagram does not mark), and each module can comprise a series of command operatings in CDN server.Further, central processing unit 1922 can be set to communicate with storage medium 1930, and CDN server 1900 performs a series of command operatings in storage medium 1930.
CDN server 1900 can also comprise one or more power supplys 1926, one or more wired or wireless network interfaces 1950, one or more input/output interfaces 1958, one or more keyboards 1956, and/or, one or more operating systems 1941, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc.
CDN server 1900 can include memory, and one or more than one program, one of them or more than one program are stored in memory, and are configured to perform described more than one or one program package containing the instruction for carrying out following operation by more than one or one processor:
The handshake request message that receiving terminal sends;
According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that the target domain name of carrying in described handshake request message is corresponding;
Forward described handshake request message to the target service server that described target service server address is corresponding, carry out handshake process process to make described target service server and described terminal;
Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server.
Optionally, described transparent transmission is carried out to the follow-up communication information between described terminal and described target service server, comprising:
When receiving the first communication information that described terminal sends to described target service server, described first communication information is passed through described target service server;
When receiving the second communication message that described target service server sends to described terminal, described second communication message is passed through described terminal.
Optionally, described method also comprises:
If do not carry target domain name in described handshake request message, then refuse described handshake request message.
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
Embodiment six
Fig. 8 is the structural representation of the service server that the embodiment of the present invention provides.This service server 2000 can produce larger difference because of configuration or performance difference, one or more central processing units (central processing units can be comprised, CPU) 2022 (such as, one or more processors) and memory 2032, one or more store the storage medium 2030 (such as one or more mass memory units) of application program 2042 or data 2044.Wherein, memory 2032 and storage medium 2030 can be of short duration storages or store lastingly.The program being stored in storage medium 2030 can comprise one or more modules (diagram does not mark), and each module can comprise a series of command operatings in service server.Further, central processing unit 2022 can be set to communicate with storage medium 2030, and service server 2000 performs a series of command operatings in storage medium 2030.
Service server 2000 can also comprise one or more power supplys 2026, one or more wired or wireless network interfaces 2050, one or more input/output interfaces 2058, one or more keyboards 2056, and/or, one or more operating systems 2041, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc.
Service server 2000 can include memory, and one or more than one program, one of them or more than one program are stored in memory, and are configured to perform described more than one or one program package containing the instruction for carrying out following operation by more than one or one processor:
Receive the handshake request message of the terminal that content distribution network CDN service device forwards;
Handshake process process is carried out with described terminal;
By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
Optionally, described and described terminal carries out handshake process process, comprising:
By the transparent transmission of described CDN server, carry out handshake process process with described terminal.
Optionally, the described transparent transmission by described CDN server, carries out the transmission of communication information with described terminal, comprising:
When receiving first communication information of described terminal of described CDN server transparent transmission, using the private key prestored to be decrypted described first communication information, the first communication information after deciphering is processed;
When existence needs the second communication message sending to described terminal, the private key prestored described in using is encrypted described second communication message, and the second communication message after encryption is passed through described terminal by described CDN server.
In the embodiment of the present invention, the handshake request message carrying target domain name that receiving terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that target domain name is corresponding; Forward this handshake request message to the target service server that target service server address is corresponding, carry out handshake process process to make target service server and terminal; Transparent transmission is carried out to the follow-up communication information between terminal and target service server.Like this, CDN server carries out transparent transmission to the communication information between terminal and target service server, therefore, without the need to being deployed in CDN server by private key, thus can improve the fail safe of transport communication message.
It should be noted that: the device of the transport communication message that above-described embodiment provides is when transport communication message, only be illustrated with the division of above-mentioned each functional module, in practical application, can distribute as required and by above-mentioned functions and be completed by different functional modules, internal structure by equipment is divided into different functional modules, to complete all or part of function described above.In addition, the device of the transport communication message that above-described embodiment provides and the embodiment of the method for transport communication message belong to same design, and its specific implementation process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1. a method for transport communication message, is characterized in that, described method comprises:
The handshake request message that receiving terminal sends;
According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that the target domain name of carrying in described handshake request message is corresponding;
Forward described handshake request message to the target service server that described target service server address is corresponding, carry out handshake process process to make described target service server and described terminal;
Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server.
2. method according to claim 1, is characterized in that, describedly carries out transparent transmission to the follow-up communication information between described terminal and described target service server, comprising:
When receiving the first communication information that described terminal sends to described target service server, described first communication information is passed through described target service server;
When receiving the second communication message that described target service server sends to described terminal, described second communication message is passed through described terminal.
3. method according to claim 1, is characterized in that, described method also comprises:
If do not carry target domain name in described handshake request message, then refuse described handshake request message.
4. a method for transport communication message, is characterized in that, described method comprises:
Receive the handshake request message of the terminal that content distribution network CDN service device forwards;
Handshake process process is carried out with described terminal;
By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
5. method according to claim 4, is characterized in that, described and described terminal carries out handshake process process, comprising:
By the transparent transmission of described CDN server, carry out handshake process process with described terminal.
6. method according to claim 4, is characterized in that, the described transparent transmission by described CDN server, carries out the transmission of communication information, comprising with described terminal:
When receiving first communication information of described terminal of described CDN server transparent transmission, using the private key prestored to be decrypted described first communication information, the first communication information after deciphering is processed;
When existence needs the second communication message sending to described terminal, the private key prestored described in using is encrypted described second communication message, and the second communication message after encryption is passed through described terminal by described CDN server.
7. a CDN server, is characterized in that, described CDN server comprises:
Receiver module, for the handshake request message that receiving terminal sends;
Determination module, for the corresponding relation according to the domain name that prestores and address of service server, determines the target service server address that the target domain name of carrying in described handshake request message is corresponding;
Sending module, forwards described handshake request message for the target service server corresponding to described target service server address, carries out handshake process process to make described target service server and described terminal; Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server.
8. CDN server according to claim 7, is characterized in that, described sending module, for:
When receiving the first communication information that described terminal sends to described target service server, described first communication information is passed through described target service server;
When receiving the second communication message that described target service server sends to described terminal, described second communication message is passed through described terminal.
9. CDN server according to claim 7, is characterized in that, described determination module also for:
If do not carry target domain name in described handshake request message, then refuse described handshake request message.
10. a service server, is characterized in that, described service server comprises:
Receiver module, for receiving the handshake request message of the terminal that content distribution network CDN service device forwards;
Processing module, for carrying out handshake process process with described terminal; By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
11. service servers according to claim 10, is characterized in that, described processing module, for:
By the transparent transmission of described CDN server, carry out handshake process process with described terminal.
12. service servers according to claim 10, is characterized in that, described processing module, for:
When receiving first communication information of described terminal of described CDN server transparent transmission, using the private key prestored to be decrypted described first communication information, the first communication information after deciphering is processed;
When existence needs the second communication message sending to described terminal, the private key prestored described in using is encrypted described second communication message, and the second communication message after encryption is passed through described terminal by described CDN server.
The system of 13. 1 kinds of transport communication message, is characterized in that, described system comprises terminal, content distribution network CDN service device and service server, wherein:
Described CDN server, for receiving the handshake request message that described terminal sends; According to the corresponding relation of the domain name prestored and address of service server, determine the target service server address that the target domain name of carrying in described handshake request message is corresponding; Forward described handshake request message to the target service server that described target service server address is corresponding, carry out handshake process process to make described target service server and described terminal; Transparent transmission is carried out to the follow-up communication information between described terminal and described target service server;
Described service server, for receiving the handshake request message of the terminal that described CDN server forwards; Handshake process process is carried out with described terminal; By the transparent transmission of described CDN server, carry out the transmission of communication information with described terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410480115.5A CN104967590B (en) | 2014-09-18 | 2014-09-18 | A kind of methods, devices and systems for transmitting communication information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410480115.5A CN104967590B (en) | 2014-09-18 | 2014-09-18 | A kind of methods, devices and systems for transmitting communication information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104967590A true CN104967590A (en) | 2015-10-07 |
| CN104967590B CN104967590B (en) | 2017-10-27 |
Family
ID=54221536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410480115.5A Active CN104967590B (en) | 2014-09-18 | 2014-09-18 | A kind of methods, devices and systems for transmitting communication information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104967590B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
| CN107979481A (en) * | 2016-10-25 | 2018-05-01 | 航天信息股份有限公司 | A kind of transmitting terminal, receiving terminal, data interchange platform and its method for execution |
| CN108156160A (en) * | 2017-12-27 | 2018-06-12 | 杭州迪普科技股份有限公司 | Connect method for building up and device |
| CN108418678A (en) * | 2017-02-10 | 2018-08-17 | 贵州白山云科技有限公司 | A kind of method and device of private key secure storage and distribution |
| CN108551477A (en) * | 2018-03-28 | 2018-09-18 | 深圳市网心科技有限公司 | Data transmission channel establishment system, network storage device, server and method |
| CN109660543A (en) * | 2018-12-26 | 2019-04-19 | 山东浪潮商用系统有限公司 | A kind of implementation method of message security mechanism |
| CN109905380A (en) * | 2019-02-15 | 2019-06-18 | 腾讯科技(深圳)有限公司 | Node control method and relevant apparatus in a kind of distributed system |
| EP3576369A4 (en) * | 2017-02-23 | 2020-01-08 | Huawei Technologies Co., Ltd. | Session transfer-based scheduling method and server |
| CN111314288A (en) * | 2019-12-23 | 2020-06-19 | 深信服科技股份有限公司 | Relay processing method, relay processing device, server, and storage medium |
| CN112104605A (en) * | 2020-08-10 | 2020-12-18 | 深信服科技股份有限公司 | Network management method, device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567784A (en) * | 2008-04-21 | 2009-10-28 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for acquiring key |
| CN101640684A (en) * | 2009-08-21 | 2010-02-03 | 中国电信股份有限公司 | Content delivering method, network system, GSLB device and domain name server |
| US20130312054A1 (en) * | 2012-05-17 | 2013-11-21 | Cisco Technology, Inc. | Transport Layer Security Traffic Control Using Service Name Identification |
| CN103442224A (en) * | 2013-09-09 | 2013-12-11 | 杭州巨峰科技有限公司 | NAT penetration-based video monitoring access strategy and realization method |
| CN103532852A (en) * | 2013-10-11 | 2014-01-22 | 小米科技有限责任公司 | Routing scheduling method, routing scheduling device and network equipment |
| CN103841150A (en) * | 2012-11-26 | 2014-06-04 | 华为技术有限公司 | Data delivery method and device based on content delivery network CDN |
-
2014
- 2014-09-18 CN CN201410480115.5A patent/CN104967590B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567784A (en) * | 2008-04-21 | 2009-10-28 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for acquiring key |
| CN101640684A (en) * | 2009-08-21 | 2010-02-03 | 中国电信股份有限公司 | Content delivering method, network system, GSLB device and domain name server |
| US20130312054A1 (en) * | 2012-05-17 | 2013-11-21 | Cisco Technology, Inc. | Transport Layer Security Traffic Control Using Service Name Identification |
| CN103841150A (en) * | 2012-11-26 | 2014-06-04 | 华为技术有限公司 | Data delivery method and device based on content delivery network CDN |
| CN103442224A (en) * | 2013-09-09 | 2013-12-11 | 杭州巨峰科技有限公司 | NAT penetration-based video monitoring access strategy and realization method |
| CN103532852A (en) * | 2013-10-11 | 2014-01-22 | 小米科技有限责任公司 | Routing scheduling method, routing scheduling device and network equipment |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
| CN107979481A (en) * | 2016-10-25 | 2018-05-01 | 航天信息股份有限公司 | A kind of transmitting terminal, receiving terminal, data interchange platform and its method for execution |
| CN108418678A (en) * | 2017-02-10 | 2018-08-17 | 贵州白山云科技有限公司 | A kind of method and device of private key secure storage and distribution |
| EP3576369A4 (en) * | 2017-02-23 | 2020-01-08 | Huawei Technologies Co., Ltd. | Session transfer-based scheduling method and server |
| US11431765B2 (en) | 2017-02-23 | 2022-08-30 | Huawei Technologies Co., Ltd. | Session migration—based scheduling method and server |
| CN108156160A (en) * | 2017-12-27 | 2018-06-12 | 杭州迪普科技股份有限公司 | Connect method for building up and device |
| CN108156160B (en) * | 2017-12-27 | 2021-05-28 | 杭州迪普科技股份有限公司 | Connection establishment method and device |
| CN108551477A (en) * | 2018-03-28 | 2018-09-18 | 深圳市网心科技有限公司 | Data transmission channel establishment system, network storage device, server and method |
| CN108551477B (en) * | 2018-03-28 | 2020-11-20 | 深圳市网心科技有限公司 | Data transmission channel establishment system, network storage device, server and method |
| CN109660543A (en) * | 2018-12-26 | 2019-04-19 | 山东浪潮商用系统有限公司 | A kind of implementation method of message security mechanism |
| CN111064713A (en) * | 2019-02-15 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Node control method and related device in distributed system |
| CN109905380A (en) * | 2019-02-15 | 2019-06-18 | 腾讯科技(深圳)有限公司 | Node control method and relevant apparatus in a kind of distributed system |
| CN109905380B (en) * | 2019-02-15 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Node control method and related device in distributed system |
| US11343233B2 (en) | 2019-02-15 | 2022-05-24 | Tencent Technology (Shenzhen) Company Limited | Node control method and related apparatus in distributed system |
| CN111314288A (en) * | 2019-12-23 | 2020-06-19 | 深信服科技股份有限公司 | Relay processing method, relay processing device, server, and storage medium |
| CN111314288B (en) * | 2019-12-23 | 2022-08-05 | 深信服科技股份有限公司 | Relay processing method, relay processing device, server, and storage medium |
| CN112104605A (en) * | 2020-08-10 | 2020-12-18 | 深信服科技股份有限公司 | Network management method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104967590B (en) | 2017-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104967590A (en) | Method, apparatus and system for transmitting communication message | |
| US10608821B2 (en) | Providing cross site request forgery protection at an edge server | |
| JP6367375B2 (en) | System and method for secure communication over a network using linking addresses | |
| CN107113319B (en) | A method, device, system and proxy server for response in virtual network computing authentication | |
| CN105162772B (en) | A method and device for authentication and key agreement of Internet of Things equipment | |
| KR102095893B1 (en) | Service processing method and device | |
| US20190268764A1 (en) | Data transmission method, apparatus, and system | |
| CN108512846A (en) | Mutual authentication method and device between a kind of terminal and server | |
| TW201706900A (en) | Method and device for authentication using dynamic passwords | |
| US10257171B2 (en) | Server public key pinning by URL | |
| CN105993146A (en) | Secure session capability using public-key cryptography without access to the private key | |
| CN108306872B (en) | Network request processing method and device, computer equipment and storage medium | |
| CN103391292A (en) | Mobile-application-oriented safe login method, system and device | |
| US9843561B2 (en) | MiTM proxy having client authentication support | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| US20170317836A1 (en) | Service Processing Method and Apparatus | |
| CN106357601A (en) | Method for data access, device and system thereof | |
| CN105516169A (en) | Method and device for detecting website security | |
| CN107786515A (en) | A kind of method and apparatus of certificate verification | |
| Duddu et al. | Secure socket layer stripping attack using address resolution protocol spoofing | |
| CN104243488A (en) | Login authentication method of cross-website server | |
| CN105516161A (en) | Method and system for safely obtaining http request | |
| JP6527576B2 (en) | Method, apparatus and system for acquiring local information | |
| KR101880999B1 (en) | End to end data encrypting system in internet of things network and method of encrypting data using the same | |
| CN119853935A (en) | Data transmission method, device, storage medium and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180906 Address after: 100191 Beijing Haidian District Zhichun Road 49 No. 3 West 309 Patentee after: Tencent cloud computing (Beijing) limited liability company Address before: 518000 East 403 room, Sai Ge science and Technology Park, Futian District Zhenxing Road, Shenzhen, Guangdong, China, 2 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |
|
| TR01 | Transfer of patent right |