[go: up one dir, main page]

CN107332821B - A method, device and server for realizing communication between client and server - Google Patents

A method, device and server for realizing communication between client and server Download PDF

Info

Publication number
CN107332821B
CN107332821B CN201710392654.7A CN201710392654A CN107332821B CN 107332821 B CN107332821 B CN 107332821B CN 201710392654 A CN201710392654 A CN 201710392654A CN 107332821 B CN107332821 B CN 107332821B
Authority
CN
China
Prior art keywords
server
request data
client
request
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710392654.7A
Other languages
Chinese (zh)
Other versions
CN107332821A (en
Inventor
武胜利
田晓川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201710392654.7A priority Critical patent/CN107332821B/en
Publication of CN107332821A publication Critical patent/CN107332821A/en
Application granted granted Critical
Publication of CN107332821B publication Critical patent/CN107332821B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, a device and a server for realizing communication between a client and the server. The method comprises the following steps: judging whether a preset condition is met; if the preset condition is met, establishing connection with a server in an HTTP mode; when request data are sent to a server, encrypting request parameters in the request data according to a preset encryption algorithm to obtain a first check value, and sending the request data containing the request parameters and the first check value to the server through the established connection; and receiving response data corresponding to the request data returned by the server. Through the technical scheme, the communication process between the client and the server does not include a tls handshake process, the process is simple, the consumed time is short, the data transmission speed is high, the data response time is short, meanwhile, the safety and the integrity in the data transmission process can be ensured, and the user experience is enhanced.

Description

一种实现客户端与服务器之间通信的方法、装置和服务器A method, device and server for realizing communication between client and server

技术领域technical field

本发明涉及计算机技术领域,具体涉及一种实现客户端与服务器之间通信的方法、装置和服务器。The present invention relates to the field of computer technology, in particular to a method, device and server for realizing communication between a client and a server.

背景技术Background technique

随着智能终端功能的不断发展,基于在智能终端上安装的各种各样的客户端也随之发展,客户端通过与服务器之间进行通信,以满足用户的使用需求。现有技术中,客户端与服务器之间的通信一般是通过HTTPs(Hyper Text Transfer Protocol over SecureSocket Layer)方式。作为以安全为目标的HTTPs包括安全传输层协议tls,用于保证数据传输过程中的安全性和数据完整性。而安全传输层协议tls主要是通过tls握手过程提供安全连接。所以在以HTTPs方式建立连接的过程中,除了要经过传输控制协议TCP的三次握手的过程,还要经过tls握手过程,即一个秘钥的传输过程,所以,如果客户端与服务器之间的通信使用HTTPs方式,两者建立tls握手连接的过程比较复杂且耗时比较长,影响数据的传输速度,特别是对于即时响应的数据来说,传输速度对数据的响应时间有很大的影响。With the continuous development of the functions of the intelligent terminal, various clients installed on the intelligent terminal also develop, and the client communicates with the server to meet the needs of users. In the prior art, the communication between the client and the server is generally through HTTPs (Hyper Text Transfer Protocol over SecureSocket Layer). As a security-oriented HTTPs, it includes the secure transport layer protocol tls, which is used to ensure the security and data integrity in the process of data transmission. The secure transport layer protocol tls mainly provides a secure connection through the tls handshake process. Therefore, in the process of establishing a connection in the HTTPs mode, in addition to the three-way handshake process of the transmission control protocol TCP, it also needs to go through the TLS handshake process, that is, the transmission process of a secret key. Therefore, if the communication between the client and the server is Using the HTTPs method, the process of establishing a tls handshake connection between the two is complicated and time-consuming, which affects the data transmission speed, especially for data that responds instantly, the transmission speed has a great impact on the response time of the data.

所以,客户端与服务器之间通信时使用HTTPs协议,会存在如下问题:通信过程较复杂且耗时比较长,数据传输速度较低,数据响应时间慢,会降低用户的体验。Therefore, using the HTTPs protocol for communication between the client and the server will have the following problems: the communication process is complicated and time-consuming, the data transmission speed is low, and the data response time is slow, which will reduce the user experience.

发明内容SUMMARY OF THE INVENTION

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的实现客户端与服务器之间通信的方法和相应装置、服务器。In view of the above problems, the present invention is proposed to provide a method, a corresponding device, and a server for realizing communication between a client and a server, which overcome the above problems or at least partially solve the above problems.

依据本发明的一个方面,提供了一种实现客户端与服务器之间通信的方法,该方法包括:判断预设条件是否满足;如果预设条件满足,则采用HTTP方式与服务器建立连接;当向服务器发送请求数据时,根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及所述第一校验值通过所建立的连接发送给服务器;接收所述服务器返回的与所述请求数据对应的响应数据。According to one aspect of the present invention, there is provided a method for realizing communication between a client and a server, the method comprising: judging whether a preset condition is met; if the preset condition is met, establishing a connection with the server by means of HTTP; When the server sends the request data, it encrypts the request parameters in the request data according to a preset encryption algorithm to obtain a first check value, and passes the request data including the request parameters and the first check value through the established The connection is sent to the server; the response data corresponding to the request data returned by the server is received.

可选地,所述方法进一步包括:如果预设条件不满足,则采用HTTPS方式与服务器建立连接;当向服务器发送请求数据时,将所述请求数据通过所建立的连接发送给服务器;接收所述服务器通过所建立的连接返回的与所述请求数据对应的响应数据。Optionally, the method further includes: if the preset conditions are not satisfied, establishing a connection with the server by using HTTPS; when sending request data to the server, sending the request data to the server through the established connection; receiving the request data. response data corresponding to the request data returned by the server through the established connection.

可选地,所述根据预设的加密算法对所述请求数据中的请求参数进行加密处理包括:获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理。Optionally, the performing encryption processing on the request parameters in the request data according to a preset encryption algorithm includes: obtaining a key pre-issued by the server, and using the key and according to a specified encryption algorithm to encrypt the request data in the request data. The request parameters are encrypted.

可选地,所述判断预设条件是否满足包括:判断服务器的HTTP端口是否可用,如果可用则预设条件满足。Optionally, the judging whether the preset condition is satisfied includes: judging whether the HTTP port of the server is available, and if it is available, the preset condition is satisfied.

可选地,所述判断预设条件是否满足包括:判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足。Optionally, the judging whether the preset condition is satisfied includes: judging whether the currently accessed network is a secure network, and if it is determined that the preset condition is satisfied.

可选地,所述判断当前接入的网络是否为安全网络包括如下中的一种或多种:判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络;判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络;判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。Optionally, the judging whether the currently accessed network is a secure network includes one or more of the following: judging whether the currently accessed network is a network of a mobile network operator, and if so, it is a secure network; judging the current Whether the accessed network matches the network in the preset safe network list, and if so, it is a safe network; it is judged whether the usage times of the currently accessed network is greater than the preset value, and if so, it is a safe network.

可选地,所述判断预设条件是否满足包括:判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足。Optionally, the judging whether the preset condition is satisfied includes: judging whether the current operating system allows the request data to be sent to the HTTP port, and if so, the preset condition is satisfied.

可选地,所述判断预设条件是否满足包括:判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足。Optionally, the judging whether the preset condition is satisfied includes: judging whether the instruction type of the request data to be sent is a low security requirement instruction, and if it is a low security requirement instruction, the preset condition is satisfied.

可选地,所述判断所要发送的请求数据的指令类型是否为低安全要求指令包括:判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令。Optionally, the judging whether the instruction type of the request data to be sent is a low security requirement instruction includes: judging whether the instruction type of the request data to be sent matches the instruction type in the preset low security requirement instruction list, if it matches Then the command type of the request data to be sent is a low security requirement command.

根据本发明的另一方面,提供了一种实现客户端与服务器之间通信的方法,包括:通过HTTP端口与客户端建立连接;通过HTTP端口接收所述客户端发送的包含请求参数的请求数据和第一校验值;根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第二校验值;判断所述第一校验值和所述第二校验值是否一致,若一致,则将所述请求数据对应的响应数据通过HTTP端口返回给所述客户端。According to another aspect of the present invention, a method for implementing communication between a client and a server is provided, comprising: establishing a connection with the client through an HTTP port; receiving request data including request parameters sent by the client through the HTTP port and the first check value; encrypt the request parameters in the request data according to a preset encryption algorithm to obtain a second check value; determine whether the first check value and the second check value are not If they are consistent, the response data corresponding to the request data is returned to the client through the HTTP port.

可选地,所述方法进一步包括:通过HTTPS端口与所述客户端建立连接;通过HTTPS端口接收所述客户端发送的请求数据;将所述请求数据对应的响应数据通过HTTPS端口返回给所述客户端。Optionally, the method further includes: establishing a connection with the client through an HTTPS port; receiving request data sent by the client through an HTTPS port; returning response data corresponding to the request data to the client through an HTTPS port. client.

可选地,所述根据预设的加密算法对所述请求数据中的请求参数进行加密处理包括:利用指定密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理;其中,所述指定密钥为向所述客户端下发的密钥。Optionally, the performing encryption processing on the request parameters in the request data according to a preset encryption algorithm includes: using a specified key and according to a specified encryption algorithm to perform encryption processing on the request parameters in the request data; wherein, The designated key is a key delivered to the client.

根据本发明的又一个方面,提供了一种实现客户端与服务器之间通信的装置,该装置包括:判断单元,用于判断预设条件是否满足;连接单元,用于如果预设条件满足,采用HTTP方式与服务器建立连接;加密处理单元,用于当向服务器发送请求数据时,根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第一校验值;发送单元,用于将包含请求参数的请求数据以及所述第一校验值通过所建立的连接发送给服务器;接收单元,用于接收所述服务器返回的与所述请求数据对应的响应数据。According to another aspect of the present invention, there is provided an apparatus for realizing communication between a client and a server, the apparatus comprising: a judgment unit for judging whether a preset condition is satisfied; a connection unit for, if the preset condition is satisfied, The connection is established with the server by means of HTTP; the encryption processing unit is used to encrypt the request parameters in the request data according to the preset encryption algorithm when sending the request data to the server, so as to obtain the first check value; the sending unit , which is used to send the request data including the request parameters and the first check value to the server through the established connection; the receiving unit is used to receive the response data corresponding to the request data returned by the server.

可选地,所述连接单元,用于如果预设条件不满足,则采用HTTPS方式与服务器建立连接;所述发送单元,用于当向服务器发送请求数据时,将所述请求数据通过所建立的连接发送给服务器;所述接收单元,用于接收所述服务器通过所建立的连接返回的与所述请求数据对应的响应数据。Optionally, the connecting unit is configured to establish a connection with the server in an HTTPS mode if the preset condition is not satisfied; the sending unit is configured to send the request data to the server through the established The connection is sent to the server; the receiving unit is configured to receive the response data corresponding to the request data returned by the server through the established connection.

可选地,所述加密处理单元,用于获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理。Optionally, the encryption processing unit is configured to obtain a key pre-issued by the server, and perform encryption processing on the request parameters in the request data by using the key and according to a specified encryption algorithm.

可选地,所述判断单元,用于判断服务器的HTTP端口是否可用,如果可用则预设条件满足。Optionally, the judging unit is configured to judge whether the HTTP port of the server is available, and if it is available, the preset condition is satisfied.

可选地,所述判断单元,用于判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足。Optionally, the judging unit is configured to judge whether the currently accessed network is a secure network, and if it is judged to be a secure network, the preset condition is satisfied.

可选地,所述判断当前接入的网络是否为安全网络包括如下中的一种或多种:判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络;判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络;判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。Optionally, the judging whether the currently accessed network is a secure network includes one or more of the following: judging whether the currently accessed network is a network of a mobile network operator, and if so, it is a secure network; judging the current Whether the accessed network matches the network in the preset safe network list, and if so, it is a safe network; it is judged whether the usage times of the currently accessed network is greater than the preset value, and if so, it is a safe network.

可选地,所述判断单元,用于判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足。Optionally, the judging unit is configured to judge whether the current operating system allows sending request data to the HTTP port, and if so, the preset condition is satisfied.

可选地,所述判断单元,用于判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足。Optionally, the judging unit is configured to judge whether the instruction type of the request data to be sent is an instruction with low security requirements, and if it is an instruction with low security requirements, the preset condition is satisfied.

可选地,所述判断单元,进一步用于判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令。Optionally, the judging unit is further used to judge whether the instruction type of the request data to be sent matches the instruction type in the preset low security requirement instruction list, and if it matches, the instruction type of the request data to be sent is low. Safety Requirements Directive.

根据本发明的再一个方面,提供了一种服务器,包括:连接单元,用于通过HTTP端口与客户端建立连接;接收单元,用于通过HTTP端口接收所述客户端发送的包含请求参数的请求数据和第一校验值;加密处理单元,用于根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第二校验值;判断单元,用于判断所述第一校验值和所述第二校验值是否一致;发送单元,用于若一致,将所述请求数据对应的响应数据通过HTTP端口返回给所述客户端。According to yet another aspect of the present invention, a server is provided, comprising: a connection unit for establishing a connection with a client through an HTTP port; a receiving unit for receiving a request including request parameters sent by the client through the HTTP port data and a first check value; an encryption processing unit, used for encrypting the request parameters in the request data according to a preset encryption algorithm, to obtain a second check value; a judgment unit, used for judging the first check value Whether the check value and the second check value are consistent; the sending unit is configured to return the response data corresponding to the request data to the client through the HTTP port if they are consistent.

可选地,所述连接单元,还用于通过HTTPS端口与所述客户端建立连接;所述接收单元,还用于通过HTTPS端口接收所述客户端发送的请求数据;所述发送单元,用于将所述请求数据对应的响应数据通过HTTPS端口返回给所述客户端。Optionally, the connecting unit is further configured to establish a connection with the client through the HTTPS port; the receiving unit is further configured to receive the request data sent by the client through the HTTPS port; the sending unit is configured with for returning the response data corresponding to the request data to the client through the HTTPS port.

可选地,所述加密处理单元,用于利用指定密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理;其中,所述指定密钥为向所述客户端下发的密钥。Optionally, the encryption processing unit is configured to perform encryption processing on the request parameters in the request data by using a specified key and according to a specified encryption algorithm; wherein, the specified key is issued to the client. key.

根据本发明的技术方案,首先客户端判断预设条件是否满足;如果预设条件满足,则采用HTTP方式与服务器建立连接;同时为了保证数据的安全性和完整性,当向服务器发送请求数据时,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及第一校验值通过所建立的连接发送给服务器;当服务器接收到数据并校验成功后,会返回对应的响应数据,以便客户端可以及时接收到服务器返回的与请求数据对应的响应数据。可见,本技术方案中客户端与服务器之间的通信过程不包括tls握手过程,过程简单,耗时短,数据传输速度快,数据响应时间短,同时还可以保证数据传输过程中的安全性和完整性,增强用户的体验。According to the technical scheme of the present invention, the client first determines whether the preset conditions are met; if the preset conditions are met, it establishes a connection with the server by means of HTTP; at the same time, in order to ensure the security and integrity of the data, when sending the request data to the server , encrypt the request parameters in the request data according to the preset encryption algorithm, obtain the first check value, and send the request data including the request parameters and the first check value to the server through the established connection; when the server receives After the data is received and verified successfully, the corresponding response data will be returned, so that the client can receive the response data corresponding to the request data returned by the server in time. It can be seen that the communication process between the client and the server in this technical solution does not include the TLS handshake process, the process is simple, the time consuming is short, the data transmission speed is fast, the data response time is short, and the security and Integrity, enhancing the user experience.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1示出了根据本发明一个实施例的一种实现客户端与服务器之间通信的方法的流程示意图;1 shows a schematic flowchart of a method for implementing communication between a client and a server according to an embodiment of the present invention;

图2示出了根据本发明另一个实施例的一种实现客户端与服务器之间通信的方法的流程示意图;2 shows a schematic flowchart of a method for implementing communication between a client and a server according to another embodiment of the present invention;

图3示出了根据本发明一个实施例的一种实现客户端与服务器之间通信的装置的结构示意图;3 shows a schematic structural diagram of an apparatus for implementing communication between a client and a server according to an embodiment of the present invention;

图4示出了根据本发明一个实施例的一种服务器的结构示意图。FIG. 4 shows a schematic structural diagram of a server according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.

图1示出了根据本发明一个实施例的一种实现客户端与服务器之间通信的方法的流程示意图,从客户端侧对本发明的实施例进行说明。如图1所示,该方法包括:FIG. 1 shows a schematic flowchart of a method for implementing communication between a client and a server according to an embodiment of the present invention, and the embodiment of the present invention is described from the client side. As shown in Figure 1, the method includes:

步骤S110,判断预设条件是否满足。Step S110, judging whether the preset condition is satisfied.

步骤S120,如果预设条件满足,则采用HTTP方式与服务器建立连接。Step S120, if the preset condition is satisfied, establish a connection with the server by means of HTTP.

现有技术中,通常默认的情况时,客户端与服务器之间的通信采用的是HTTPs方式,简单讲,这里的HTTPs是HTTP的安全版,以保证数据的安全性和完整性为目的。如果在客户端与服务器之间通信不采用HTTPs,而是采用HTTP,即采用本实施例的技术方案时,为保证本方案的顺利实施,需要首先判断预设条件是否满足,只有在预设条件满足的情况下,才可以采用HTTP的方式与服务器建立连接。以及,在需要及时响应请求数据的情况下,为保证数据传输可以在较短的时间内完成,需要首先判断预设条件是否满足,满足预设条件后,就可以采用本发明的技术方案。也就是说,该预设条件的判断不仅可以保证本方案的有效实施,还可以根据不同的场景,选择适应的方案。In the prior art, usually by default, the communication between the client and the server adopts the HTTPs mode. To put it simply, the HTTPs here is a secure version of HTTP for the purpose of ensuring the security and integrity of the data. If the communication between the client and the server does not use HTTPs, but uses HTTP, that is, when the technical solution of this embodiment is used, in order to ensure the smooth implementation of the solution, it is necessary to first determine whether the preset conditions are satisfied, and only if the preset conditions are used If satisfied, the connection to the server can be established by means of HTTP. And, in the case that the request data needs to be responded to in time, in order to ensure that the data transmission can be completed in a relatively short time, it is necessary to first determine whether the preset conditions are satisfied, and after the preset conditions are satisfied, the technical solution of the present invention can be adopted. That is to say, the judgment of the preset condition can not only ensure the effective implementation of the solution, but also select an adaptive solution according to different scenarios.

步骤S130,当向服务器发送请求数据时,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及第一校验值通过所建立的连接发送给服务器。Step S130, when sending the request data to the server, perform encryption processing on the request parameters in the request data according to a preset encryption algorithm, obtain a first check value, and pass the request data including the request parameters and the first check value through all the parameters. The established connection is sent to the server.

因为本实施例中客户端与服务器之间建立的连接是通过HTTP方式,此方式传输的数据的安全性以及完整性较差,为了弥补HTTP方式的安全性的缺陷,本实施例中,当向服务器发送请求数据时,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及第一校验值通过所建立的连接发送给服务器,以便服务器根据第一校验值对接收到的请求数据进行校验,只有校验成功后,才会向客户端返回与请求数据对应的响应数据。采用这样的方式,防止数据传输过程中丢失导致的数据不完整,以及防止数据传输过程中被劫持并被篡改。Because the connection between the client and the server in this embodiment is established through HTTP, the security and integrity of data transmitted in this way are poor. In order to make up for the security defect of HTTP, in this embodiment, the When the server sends the request data, it encrypts the request parameters in the request data according to the preset encryption algorithm, obtains the first check value, and sends the request data including the request parameters and the first check value to the The server, so that the server verifies the received request data according to the first verification value, and only after the verification is successful, will the response data corresponding to the request data be returned to the client. In this way, incomplete data caused by loss during data transmission is prevented, and data is prevented from being hijacked and tampered with during data transmission.

步骤S140,接收服务器返回的与请求数据对应的响应数据。Step S140: Receive response data corresponding to the request data returned by the server.

可见,本技术方案中客户端与服务器之间的通信过程是采用HTTP的方式,不包括tls握手过程,过程简单,耗时短,数据传输速度快,数据响应时间短,同时还可以保证数据传输过程中的安全性和完整性,增强用户的体验。It can be seen that the communication process between the client and the server in this technical solution adopts HTTP, excluding the TLS handshake process, the process is simple, time-consuming, data transmission speed is fast, data response time is short, and data transmission can also be guaranteed. Process security and integrity, enhancing the user experience.

采用本发明的技术方案,首先要判断预设条件是否满足,如果不满足的情况下客户端就不能采用HTTP方式与服务器建立连接。所以,在本发明的一个实施例中,图1所示的方法进一步包括:如果预设条件不满足,则采用HTTPS方式与服务器建立连接;当向服务器发送请求数据时,将请求数据通过所建立的连接发送给服务器;接收服务器通过所建立的连接返回的与请求数据对应的响应数据。By adopting the technical scheme of the present invention, it is first necessary to judge whether the preset conditions are satisfied, if not, the client cannot establish a connection with the server by means of HTTP. Therefore, in an embodiment of the present invention, the method shown in FIG. 1 further includes: if the preset condition is not satisfied, establishing a connection with the server by using HTTPS; when sending request data to the server, sending the request data through the established The connection is sent to the server; the response data corresponding to the request data returned by the server through the established connection is received.

在本发明的一个实施例中,步骤S130中的根据预设的加密算法对请求数据中的请求参数进行加密处理包括:获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对请求数据中的请求参数进行加密处理。In an embodiment of the present invention, performing encryption processing on the request parameters in the request data according to the preset encryption algorithm in step S130 includes: obtaining a key pre-issued by the server, using the key and encrypting the request data according to the specified encryption algorithm The request parameters in the request data are encrypted.

这里的加密算法可以利用现有技术中的加密算法,例如MD5算法或sha1算法,不做限定,要保证密钥和指定的加密算法在客户端侧和服务器侧是一致的,以保证服务器侧也可以利用该密钥并根据该指定加密算法对请求数据中的请求参数进行加密处理,并对接收到的加密数据进行校验,校验成功后,才确定请求数据是安全的且是完整的。The encryption algorithm here can use the encryption algorithm in the prior art, such as MD5 algorithm or sha1 algorithm, which is not limited. It is necessary to ensure that the key and the specified encryption algorithm are consistent on the client side and the server side, so as to ensure that the server side can also The key can be used to encrypt the request parameters in the request data according to the specified encryption algorithm, and the received encrypted data can be verified. After the verification is successful, the request data can be determined to be safe and complete.

例如,请求数据包括有参数1、参数2、参数3、参数4,将它们以及获取的一个签名key(例如可以是一个字符串)按照预定规则拼成一个签名串,利用指定的加密算法MD5算法,把该签名串计算成一个MD5值,并发送给服务器,服务器收到参数1、参数2、参数3、参数4和MD5值后,服务器也将参数1、参数2、参数3、参数4以及自己的签名key(例如可以是一个字符串)按照预定规则拼接生成一个签名串,并做一次MD5值计算,然后判断接收到的MD5值和服务器自己计算的MD5值是否一致。如果一致,请求数据就是正常,如果不一致,请求数据就存在异常。For example, the request data includes parameter 1, parameter 2, parameter 3, and parameter 4. Combine them and an acquired signature key (for example, a character string) into a signature string according to predetermined rules, and use the specified encryption algorithm MD5 algorithm. , calculate the signature string into an MD5 value and send it to the server. After the server receives the parameter 1, parameter 2, parameter 3, parameter 4 and MD5 value, the server also sends the parameter 1, parameter 2, parameter 3, parameter 4 and Its own signature key (for example, it can be a string) is spliced according to predetermined rules to generate a signature string, and an MD5 value calculation is performed, and then it is judged whether the received MD5 value is consistent with the MD5 value calculated by the server itself. If it is consistent, the request data is normal, if it is inconsistent, the request data is abnormal.

本领域技术人员应可理解,所述客户端可以通过各种途径获取签名key。为了安全起见,客户端可以在第一次与服务器通讯时采用https方式,并在该通讯模式下获得签名key,或者通过第三方加密传输的方式获取签名key。当然,客户端也可以利用其它安全途径获取签名key,本发明并不以此为限。Those skilled in the art should understand that the client can obtain the signature key through various ways. For the sake of security, the client can use the https method when communicating with the server for the first time, and obtain the signature key in this communication mode, or obtain the signature key through a third-party encrypted transmission. Of course, the client can also obtain the signature key by using other security methods, and the present invention is not limited to this.

在本发明的技术方案的实施中,需要首先判断预设条件是否满足,也就是说客户端和服务器之间是否可以采用HTTP方式建立连接,并根据加密算法加密数据的方式传输数据。因为,在实际应用中,有些情况下,智能终端的操作系统通常会默认客户端与服务器之间的连接通常是HTTPs方式的连接,而对于其他的方式的连接是不支持或不兼容的;有些情况下,服务器侧的HTTP端口是不可用的;有些情况下,数据的传输过程相对安全;还有些情况下,请求数据本身的类型的安全性要求较低,所以,本发明中,一方面,需要保证方案的有效实施的情况下,需要对预设条件是否满足进行判断,另一方面,还可以根据实际需求进行选择,是否选用本发明的技术方案,进一步提高用户的体验。In the implementation of the technical solution of the present invention, it is necessary to first determine whether the preset conditions are satisfied, that is, whether the connection between the client and the server can be established by means of HTTP, and the data is transmitted by encrypting the data according to the encryption algorithm. Because, in practical applications, in some cases, the operating system of the smart terminal usually defaults that the connection between the client and the server is usually an HTTPs connection, while other connections are not supported or compatible; some In some cases, the HTTP port on the server side is unavailable; in some cases, the data transmission process is relatively secure; in other cases, the security requirements of the type of the requested data itself are low, so, in the present invention, on the one hand, When it is necessary to ensure the effective implementation of the scheme, it is necessary to judge whether the preset conditions are satisfied. On the other hand, it can also be selected according to the actual needs, whether to use the technical scheme of the present invention to further improve the user experience.

下面将通过实施例具体说明判断预设条件是否满足的不同方案,需要说明的是,下述实施例中的方案只是本发明提出的普遍使用的优选实施例,在本发明实际应用过程中,预设条件可以根据需求自行设定。Hereinafter, different solutions for judging whether the preset conditions are satisfied will be described in detail through the following examples. It should be noted that the solutions in the following examples are only the commonly used preferred embodiments proposed by the present invention. The setting conditions can be set according to the needs.

方案一:Option One:

步骤S110中的判断预设条件是否满足包括:判断服务器的HTTP端口是否可用,如果可用则预设条件满足;如果不可用就确定为预设条件不满足。The judging whether the preset condition is satisfied in step S110 includes: judging whether the HTTP port of the server is available, if it is available, the preset condition is satisfied; if it is not available, it is determined that the preset condition is not satisfied.

因为不管客户端与服务器通过哪种方式建立连接,都有与连接方式对应的端口接收数据,例如,HTTP端口为80端口,HTTPs端口为443端口。所以,在本技术方案中,为了保证本方案的有效实施,客户端与服务器通过HTTP的方式建立连接前,需要判断服务器可以接收到请求数据,即服务器侧相应的80端口是可用的。Because no matter which method the client and server use to establish a connection, there is a port corresponding to the connection method to receive data. For example, the HTTP port is port 80, and the HTTPs port is port 443. Therefore, in this technical solution, in order to ensure the effective implementation of this solution, before the client and the server establish a connection through HTTP, it is necessary to determine that the server can receive the request data, that is, the corresponding port 80 on the server side is available.

在一实施例中,可以通过客户端与服务器的第一次通讯来获取相关的接口信息。具体来说,客户端可以在第一次与服务器通讯时采用https方式,并在该通讯模式下获得相应的端口信息(如端口80是否可用等)。在另一实施例中,具体地判断过程可以是,客户端可以首先向服务器发送一个通过HTTP方式传输的数据,如果客户端可以接收到正确的响应数据,则判断服务器的HTTP端口是可用的,否则是不可用的。当该判断执行后,客户端可以进行标记,将服务器的HTTP端口标记为可用的。再次进行数据传输时,就可以节省此步骤的判断,在一定程度上,提高数据传输速度。In one embodiment, the relevant interface information may be acquired through the first communication between the client and the server. Specifically, the client can use the https method when communicating with the server for the first time, and obtain corresponding port information (such as whether port 80 is available, etc.) in this communication mode. In another embodiment, the specific determination process may be that the client may first send data transmitted through HTTP to the server, and if the client can receive correct response data, it is determined that the HTTP port of the server is available, Otherwise it is unavailable. After the judgment is performed, the client may mark the server's HTTP port as available. When data transmission is performed again, the judgment of this step can be saved, and to a certain extent, the data transmission speed can be improved.

本领域技术人员应可理解,也可以通过周期性获取端口信息(或发送数据并判断响应)的方式来准确获知相应端口当前的可用性,或者在确定需要进行数据传输/通信之后并在决定数据传输/通信方式之前确定响应端口当前的可用性,本发明并不以此为限。It should be understood by those skilled in the art that the current availability of the corresponding port can also be accurately known by periodically acquiring port information (or sending data and judging the response), or after determining that data transmission/communication is required and determining the data transmission / The current availability of the response port is determined before the communication method, and the present invention is not limited to this.

方案二:Option II:

步骤S110中的判断预设条件是否满足包括:判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足;如果不是安全网络就确定为预设条件不满足。The judging whether the preset condition is satisfied in step S110 includes: judging whether the currently accessed network is a secure network, if it is judged to be a secure network, the preset condition is met; if it is not a secure network, it is determined that the preset condition is not met.

因为本发明的技术方案中采用的是HTTP方式建立的连接,数据传输过程中仍然采用明文传输,如果当前网络是非安全网络,则非法用户可以会将该数据的明文劫持并篡改,造成数据传输的不安全性,影响数据的正确性和完整性。所以,为了保证在本发明的实施过程中数据不被劫持,在客户端与服务器之间通过HTTP建立连接之前,要先判断客户端侧当前接入的网络是否为安全网络。Because the connection established by HTTP is adopted in the technical solution of the present invention, plaintext transmission is still used in the data transmission process. If the current network is a non-secure network, illegal users may hijack and tamper with the plaintext of the data, resulting in data transmission. Insecurity, affecting the correctness and integrity of data. Therefore, in order to ensure that data is not hijacked during the implementation of the present invention, before establishing a connection between the client and the server through HTTP, it is necessary to first determine whether the network currently accessed by the client is a secure network.

具体地,上述的判断当前接入的网络是否为安全网络包括如下中的一种或多种:Specifically, the above-mentioned judging whether the currently accessed network is a secure network includes one or more of the following:

(1)判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络。例如,移动、联通等网络运营商。(1) Determine whether the currently accessed network is a network of a mobile network operator, and if so, it is a secure network. For example, network operators such as China Mobile and China Unicom.

(2)判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络。例如,4G网络。(2) Determine whether the currently accessed network matches the network in the preset safe network list, and if it matches, it is a safe network. For example, 4G network.

(3)判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。(3) Judging whether the usage times of the currently accessed network is greater than a preset value, and if so, it is a secure network.

这里当前接入的网络的使用次数,可以是当前客户端所在智能终端设备对该网络的使用次数,使用次数大于预设值,说明该智能终端设备的常用网络,可确定为是安全网络,例如,工作的局域网;可以是该网络被可信任的设备使用的次数,这里可信任的设备可以设定为对传输数据的安全性有一定要求的设备,例如,涉及到个人支付的设备。The usage times of the network currently accessed here can be the usage times of the network by the smart terminal device where the current client is located. , the working local area network; it can be the number of times the network is used by a trusted device, where the trusted device can be set as a device that has certain requirements for the security of data transmission, for example, a device involved in personal payment.

方案三:third solution:

步骤S110中的判断预设条件是否满足包括:判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足;如果不允许就确定为预设条件不满足。The judging whether the preset condition is satisfied in step S110 includes: judging whether the current operating system allows sending request data to the HTTP port, if so, the preset condition is met; if not, it is determined that the preset condition is not met.

使用HTTP方式建立连接并成功发送数据,不仅仅要看服务器侧的端口是否可用,还要看安装该客户端的智能终端中的操作系统是否允许向HTTP端口发送数据。例如,特定操作系统的某个特定版本可能不允许使用HTTP方式通信。所以,为了保证本方案的有效实施,需要判断当前所处的操作系统是否允许向HTTP端口发送请求数据。To establish a connection using HTTP and send data successfully, it depends not only on whether the port on the server side is available, but also on whether the operating system in the smart terminal where the client is installed allows sending data to the HTTP port. For example, a particular version of a particular operating system may not allow communication using HTTP. Therefore, in order to ensure the effective implementation of this solution, it is necessary to determine whether the current operating system allows sending request data to the HTTP port.

方案四:Option four:

步骤S110中的判断预设条件是否满足包括:判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足。The judging whether the preset condition is satisfied in step S110 includes: judging whether the instruction type of the request data to be sent is a low security requirement instruction, and if it is a low security requirement instruction, the preset condition is satisfied.

低安全要求指令应该是指该指令的执行对响应该请求数据的设备的安全性不产生直接影响的指令。例如,在通过智能终端,向相应的设备发送命令指令的时候,如果指令类型是指示该设备的开机/关机,则可以认为该指令的类型是高安全要求的,因为开机/关机直接涉及到设备是否可以正常使用,如果是对该设备发送的是执行某一动作的指令,则可认为该指令是低安全要求的。又例如,在看视频时,开灯/关灯则也可以认为是低安全性的指令。An instruction with low security requirements shall refer to an instruction whose execution does not directly affect the security of the device responding to the requested data. For example, when a command instruction is sent to a corresponding device through a smart terminal, if the instruction type is to instruct the device to turn on/off, it can be considered that the type of the instruction has high security requirements, because the startup/shutdown directly involves the device Whether it can be used normally, if the instruction to perform a certain action is sent to the device, it can be considered that the instruction has low security requirements. For another example, when watching a video, turning on/off the light can also be regarded as a low-security command.

具体地,可以根据需求预先设定低安全要求指令列表。上述判断所要发送的请求数据的指令类型是否为低安全要求指令包括:判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令,即预设条件满足。Specifically, a low security requirement instruction list can be preset according to requirements. The above-mentioned judging whether the instruction type of the request data to be sent is a low-security requirement instruction includes: judging whether the instruction type of the request data to be sent matches the instruction type in the preset low-security requirement instruction list, and if it matches, the request to be sent. The instruction type of the data is an instruction with low security requirements, that is, the preset condition is satisfied.

方案五:Option five:

步骤S110中的判断预设条件是否满足包括:根据所要发送的请求数据的指令时限,判断所要发送的请求数据的指令是否为实时指令,如果是则,该请求数据的指令需要被实时响应,即预设条件满足。Judging whether the preset condition is satisfied in step S110 includes: according to the instruction time limit of the request data to be sent, judging whether the instruction of the request data to be sent is a real-time instruction, if so, the instruction of the request data needs to be responded in real time, that is Preconditions are met.

有些请求数据的指令中会有一个时间戳,需要在时间戳指示的时间内完成请求数据的响应,如果时间戳在预设阈值内,则判断该请求数据需要实时响应,则确定预设条件满足,需要采用耗时短的本发明的技术方案。Some instructions for requesting data will have a time stamp, and the response to the request data needs to be completed within the time indicated by the time stamp. If the time stamp is within the preset threshold, it is determined that the request data needs a real-time response, and it is determined that the preset condition is satisfied. , it is necessary to adopt the technical solution of the present invention which takes less time.

例如,预设阈值为0.4ms,在通过智能终端,向相应的设备发送命令指令的时候,时间戳指示的时间为0.2ms,小于预设阈值0.4ms,则该命令指令属于实时响应的指令,需要设备实时执行该命令指令,则智能终端的客户端与服务器之间可采用HTTP的方式建立连接,同样,设备和服务器之间也可以采用HTTP方式建立连接。For example, if the preset threshold is 0.4ms, when a command instruction is sent to the corresponding device through the smart terminal, the time indicated by the timestamp is 0.2ms, which is less than the preset threshold of 0.4ms, then the command instruction is a real-time response instruction. If the device needs to execute the command instruction in real time, the connection between the client and the server of the intelligent terminal can be established by means of HTTP, and similarly, the connection between the device and the server can also be established by means of HTTP.

需要说明的,上述方案一至方案五,可以单独实施,也可以进行任意组合后实施,在这里不做具体的限定。It should be noted that the above-mentioned solutions 1 to 5 may be implemented independently, or may be implemented in any combination, which is not specifically limited here.

图2示出了根据本发明另一个实施例的一种实现客户端与服务器之间通信的方法的流程示意图,从服务器侧对本发明的实施例进行说明,其实施过程与图1所示的实施过程相对应。如图2所示,该方法包括:FIG. 2 shows a schematic flowchart of a method for implementing communication between a client and a server according to another embodiment of the present invention. The embodiment of the present invention is described from the server side, and the implementation process is the same as that shown in FIG. 1 . corresponding to the process. As shown in Figure 2, the method includes:

步骤S210,通过HTTP端口与客户端建立连接。Step S210, establishing a connection with the client through the HTTP port.

当客户端判断预设条件满足后,会与服务器通过HTTP方式建立连接,则服务器会通过HTTP端口(即80端口)与客户端建立连接。When the client determines that the preset condition is satisfied, it will establish a connection with the server through HTTP, and the server will establish a connection with the client through the HTTP port (ie, port 80).

步骤S220,通过HTTP端口接收客户端发送的包含请求参数的请求数据和第一校验值。Step S220: Receive request data including request parameters and a first check value sent by the client through the HTTP port.

当客户端发送请求数据时,是向服务器的HTTP端口发送请求数据。在本实施例中,服务器会通过HTTP端口接收客户端发送的包含请求参数的请求数据和第一校验值。When the client sends request data, it sends the request data to the HTTP port of the server. In this embodiment, the server receives the request data including the request parameters and the first check value sent by the client through the HTTP port.

步骤S230,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第二校验值。Step S230: Encrypt the request parameters in the request data according to a preset encryption algorithm to obtain a second check value.

步骤S240,判断第一校验值和第二校验值是否一致,若一致,则将请求数据对应的响应数据通过HTTP端口返回给客户端。Step S240, determine whether the first check value and the second check value are consistent, and if they are consistent, return response data corresponding to the request data to the client through the HTTP port.

如上文说明,服务器的密钥和指定的加密算法与客户端侧的密钥和加密算法是一致的。当服务器接收到包含请求参数的请求数据和第一校验值后,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第二校验值,如何请求数据是正常的,则第一校验值和第二校验值是一样的;如果请求数据是异常的,则第一校验值和第二校验值是不一样的。通过判断第一校验值和第二校验值是否一致,就可以判断请求数据是否是正常的。如果判断一致,服务器再将请求数据对应的响应数据通过HTTP端口返回给客户端;如果判断不一致,则不会返回响应数据。As explained above, the server's key and the specified encryption algorithm are the same as the client's key and encryption algorithm. After the server receives the request data including the request parameters and the first check value, it encrypts the request parameters in the request data according to the preset encryption algorithm to obtain the second check value. If the request data is normal, then The first check value and the second check value are the same; if the request data is abnormal, the first check value and the second check value are different. By judging whether the first check value and the second check value are consistent, it can be judged whether the request data is normal. If the judgment is consistent, the server returns the response data corresponding to the request data to the client through the HTTP port; if the judgment is inconsistent, the response data will not be returned.

当客户端侧判断预设条件不满足时,客户端需要通过HTTPs的方式与服务器建立连接。所以,在本发明的一个实施例中,图2所示的方法进一步包括:通过HTTPS端口与客户端建立连接;通过HTTPS端口接收客户端发送的请求数据;将请求数据对应的响应数据通过HTTPS端口返回给客户端。When the client side determines that the preset conditions are not satisfied, the client needs to establish a connection with the server through HTTPs. Therefore, in an embodiment of the present invention, the method shown in FIG. 2 further includes: establishing a connection with the client through the HTTPS port; receiving request data sent by the client through the HTTPS port; passing the response data corresponding to the request data through the HTTPS port returned to the client.

在本发明的一个实施例中,步骤S230中的根据预设的加密算法对请求数据中的请求参数进行加密处理包括:利用指定密钥并根据指定加密算法对请求数据中的请求参数进行加密处理;其中,指定密钥为向客户端下发的密钥。In an embodiment of the present invention, performing encryption processing on the request parameters in the request data according to a preset encryption algorithm in step S230 includes: using a specified key and performing encryption processing on the request parameters in the request data according to the specified encryption algorithm ; where the specified key is the key delivered to the client.

图3示出了根据本发明一个实施例的一种实现客户端与服务器之间通信的装置的结构示意图。如图3所示,该实现客户端与服务器之间通信的装置300包括:Fig. 3 shows a schematic structural diagram of an apparatus for implementing communication between a client and a server according to an embodiment of the present invention. As shown in FIG. 3, the apparatus 300 for realizing communication between a client and a server includes:

判断单元310,用于判断预设条件是否满足。The judgment unit 310 is used for judging whether the preset condition is satisfied.

连接单元320,用于如果预设条件满足,采用HTTP方式与服务器建立连接。The connection unit 320 is configured to establish a connection with the server by means of HTTP if the preset condition is satisfied.

现有技术中,通常默认的情况时,客户端与服务器之间的通信采用的是HTTPs方式,简单讲,这里的HTTPs是HTTP的安全版,以保证数据的安全性和完整性为目的。如果在客户端与服务器之间通信不采用HTTPs,而是采用HTTP,即采用本实施例的技术方案时,为保证本方案的顺利实施,需要首先判断预设条件是否满足,只有在预设条件满足的情况下,才可以采用HTTP的方式与服务器建立连接。以及,在需要及时响应请求数据的情况下,为保证数据传输可以在较短的时间内完成,需要首先判断预设条件是否满足,满足预设条件后,就可以采用本发明的技术方案。也就是说,该预设条件的判断不仅可以保证本方案的有效实施,还可以根据不同的场景,选择适应的方案。In the prior art, usually by default, the communication between the client and the server adopts the HTTPs mode. To put it simply, the HTTPs here is a secure version of HTTP for the purpose of ensuring the security and integrity of the data. If the communication between the client and the server does not use HTTPs, but uses HTTP, that is, when the technical solution of this embodiment is used, in order to ensure the smooth implementation of the solution, it is necessary to first determine whether the preset conditions are satisfied, and only if the preset conditions are used If satisfied, the connection to the server can be established by means of HTTP. And, in the case that the request data needs to be responded to in time, in order to ensure that the data transmission can be completed in a relatively short time, it is necessary to first determine whether the preset conditions are satisfied, and after the preset conditions are satisfied, the technical solution of the present invention can be adopted. That is to say, the judgment of the preset condition can not only ensure the effective implementation of the solution, but also select an adaptive solution according to different scenarios.

加密处理单元330,用于当向服务器发送请求数据时,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第一校验值。The encryption processing unit 330 is configured to perform encryption processing on request parameters in the request data according to a preset encryption algorithm to obtain a first check value when the request data is sent to the server.

发送单元340,用于将包含请求参数的请求数据以及第一校验值通过所建立的连接发送给服务器。The sending unit 340 is configured to send the request data including the request parameter and the first check value to the server through the established connection.

因为本实施例中客户端与服务器之间建立的连接是通过HTTP方式,此方式传输的数据的安全性以及完整性较差,为了弥补HTTP方式的安全性的缺陷,本实施例中,当向服务器发送请求数据时,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及第一校验值通过所建立的连接发送给服务器,以便服务器根据第一校验值对接收到的请求数据进行校验,只有校验成功后,才会向客户端返回与请求数据对应的响应数据。采用这样的方式,防止数据传输过程中丢失导致的数据不完整,以及防止数据传输过程中被劫持并被篡改。Because the connection between the client and the server in this embodiment is established through HTTP, the security and integrity of data transmitted in this way are poor. In order to make up for the security defect of HTTP, in this embodiment, the When the server sends the request data, it encrypts the request parameters in the request data according to the preset encryption algorithm, obtains the first check value, and sends the request data including the request parameters and the first check value to the The server, so that the server verifies the received request data according to the first verification value, and only after the verification is successful, will the response data corresponding to the request data be returned to the client. In this way, incomplete data caused by loss during data transmission is prevented, and data is prevented from being hijacked and tampered with during data transmission.

接收单元350,用于接收服务器返回的与请求数据对应的响应数据。The receiving unit 350 is configured to receive response data corresponding to the request data returned by the server.

可见,本技术方案中客户端与服务器之间的通信过程是采用HTTP的方式,不包括tls握手过程,过程简单,耗时短,数据传输速度快,数据响应时间短,同时还可以保证数据传输过程中的安全性和完整性,增强用户的体验。It can be seen that the communication process between the client and the server in this technical solution adopts HTTP, excluding the TLS handshake process, the process is simple, time-consuming, data transmission speed is fast, data response time is short, and data transmission can also be guaranteed. Process security and integrity, enhancing the user experience.

采用本发明的技术方案,首先要判断预设条件是否满足,如果不满足的情况下客户端就不能采用HTTP方式与服务器建立连接。所以,在本发明的一个实施例中,连接单元320,用于如果预设条件不满足,则采用HTTPS方式与服务器建立连接;发送单元340,用于当向服务器发送请求数据时,将请求数据通过所建立的连接发送给服务器;接收单元350,用于接收服务器通过所建立的连接返回的与请求数据对应的响应数据。By adopting the technical scheme of the present invention, it is first necessary to judge whether the preset conditions are satisfied, if not, the client cannot establish a connection with the server by means of HTTP. Therefore, in an embodiment of the present invention, the connecting unit 320 is configured to establish a connection with the server by using HTTPS if the preset conditions are not satisfied; the sending unit 340 is configured to send the request data to the server when sending the request data to the server. It is sent to the server through the established connection; the receiving unit 350 is configured to receive the response data corresponding to the request data returned by the server through the established connection.

在本发明的一个实施例中,加密处理单元330,用于获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对请求数据中的请求参数进行加密处理。In an embodiment of the present invention, the encryption processing unit 330 is configured to obtain a key pre-issued by the server, and perform encryption processing on request parameters in the request data by using the key and according to a specified encryption algorithm.

这里的加密算法可以利用现有技术中的加密算法,例如MD5算法或sha1算法,不做限定,要保证密钥和指定的加密算法在客户端侧和服务器侧是一致的,以保证服务器侧也可以利用该密钥并根据该指定加密算法对请求数据中的请求参数进行加密处理,并对接收到的加密数据进行校验,校验成功后,才确定请求数据是安全的且是完整的。The encryption algorithm here can use the encryption algorithm in the prior art, such as MD5 algorithm or sha1 algorithm, which is not limited. It is necessary to ensure that the key and the specified encryption algorithm are consistent on the client side and the server side, so as to ensure that the server side can also The key can be used to encrypt the request parameters in the request data according to the specified encryption algorithm, and the received encrypted data can be verified. After the verification is successful, the request data can be determined to be safe and complete.

例如,请求数据包括有参数1、参数2、参数3、参数4,将它们以及获取的一个签名key(例如可以是一个字符串)按照预定规则拼成一个签名串,利用指定的加密算法MD5算法,把该签名串计算成一个MD5值,并发送给服务器,服务器收到参数1、参数2、参数3、参数4和MD5值后,服务器也将参数1、参数2、参数3、参数4以及自己的签名key(例如可以是一个字符串)按照预定规则拼接生成一个签名串,并做一次MD5值计算,然后判断接收到的MD5值和服务器自己计算的MD5值是否一致。如果一致,请求数据就是正常,如果不一致,请求数据就存在异常。For example, the request data includes parameter 1, parameter 2, parameter 3, and parameter 4. Combine them and an acquired signature key (for example, a character string) into a signature string according to predetermined rules, and use the specified encryption algorithm MD5 algorithm. , calculate the signature string into an MD5 value and send it to the server. After the server receives the parameter 1, parameter 2, parameter 3, parameter 4 and MD5 value, the server also sends the parameter 1, parameter 2, parameter 3, parameter 4 and Its own signature key (for example, it can be a string) is spliced according to predetermined rules to generate a signature string, and an MD5 value calculation is performed, and then it is judged whether the received MD5 value is consistent with the MD5 value calculated by the server itself. If it is consistent, the request data is normal, if it is inconsistent, the request data is abnormal.

本领域技术人员应可理解,所述客户端可以通过各种途径获取签名key。为了安全起见,客户端可以在第一次与服务器通讯时采用https方式,并在该通讯模式下获得签名key,或者通过第三方加密传输的方式获取签名key。当然,客户端也可以利用其它安全途径获取签名key,本发明并不以此为限。Those skilled in the art should understand that the client can obtain the signature key through various ways. For the sake of security, the client can use the https method when communicating with the server for the first time, and obtain the signature key in this communication mode, or obtain the signature key through a third-party encrypted transmission. Of course, the client can also obtain the signature key by using other security methods, and the present invention is not limited to this.

在本发明的技术方案的实施中,需要首先判断预设条件是否满足,也就是说客户端和服务器之间是否可以采用HTTP方式建立连接,并根据加密算法加密数据的方式传输数据。因为,在实际应用中,有些情况下,智能终端的操作系统通常会默认客户端与服务器之间的连接通常是HTTPs方式的连接,而对于其他的方式的连接是不支持或不兼容的;有些情况下,服务器侧的HTTP端口是不可用的;有些情况下,数据的传输过程相对安全;还有些情况下,请求数据本身的类型的安全性要求较低,所以,本发明中,一方面,需要保证方案的有效实施的情况下,需要对预设条件是否满足进行判断,另一方面,还可以根据实际需求进行选择,是否选用本发明的技术方案,进一步提高用户的体验。In the implementation of the technical solution of the present invention, it is necessary to first determine whether the preset conditions are satisfied, that is, whether the connection between the client and the server can be established by means of HTTP, and the data is transmitted by encrypting the data according to the encryption algorithm. Because, in practical applications, in some cases, the operating system of the smart terminal usually defaults that the connection between the client and the server is usually an HTTPs connection, while other connections are not supported or compatible; some In some cases, the HTTP port on the server side is unavailable; in some cases, the data transmission process is relatively secure; in other cases, the security requirements of the type of the requested data itself are low, so, in the present invention, on the one hand, When it is necessary to ensure the effective implementation of the scheme, it is necessary to judge whether the preset conditions are satisfied. On the other hand, it can also be selected according to the actual needs, whether to use the technical scheme of the present invention to further improve the user experience.

下面将通过实施例具体说明判断预设条件是否满足的不同方案,需要说明的是,下述实施例中的方案只是本发明提出的普遍使用的优选实施例,在本发明实际应用过程中,预设条件可以根据需求自行设定。Hereinafter, different solutions for judging whether the preset conditions are satisfied will be described in detail through the following examples. It should be noted that the solutions in the following examples are only the commonly used preferred embodiments proposed by the present invention. The setting conditions can be set according to the needs.

方案一:Option One:

判断单元310,用于判断服务器的HTTP端口是否可用,如果可用则预设条件满足;如果不可用就确定为预设条件不满足。The judging unit 310 is configured to judge whether the HTTP port of the server is available, and if it is available, the preset condition is satisfied; if it is not available, it is determined that the preset condition is not satisfied.

因为不管客户端与服务器通过哪种方式建立连接,都有与连接方式对应的端口接收数据,例如,HTTP端口为80端口,HTTPs端口为443端口。所以,在本技术方案中,为了保证本方案的有效实施,客户端与服务器通过HTTP的方式建立连接前,需要判断服务器可以接收到请求数据,即服务器侧相应的80端口是可用的。Because no matter which method the client and server use to establish a connection, there is a port corresponding to the connection method to receive data. For example, the HTTP port is port 80, and the HTTPs port is port 443. Therefore, in this technical solution, in order to ensure the effective implementation of this solution, before the client and the server establish a connection through HTTP, it is necessary to determine that the server can receive the request data, that is, the corresponding port 80 on the server side is available.

在一实施例中,可以通过客户端与服务器的第一次通讯来获取相关的接口信息。具体来说,客户端可以在第一次与服务器通讯时采用https方式,并在该通讯模式下获得相应的端口信息(如端口80是否可用等)。在另一实施例中,具体地判断过程可以是,客户端可以首先向服务器发送一个通过HTTP方式传输的数据,如果客户端可以接收到正确的响应数据,则判断服务器的HTTP端口是可用的,否则是不可用的。当该判断执行后,客户端可以进行标记,将服务器的HTTP端口标记为可用的。再次进行数据传输时,就可以节省此步骤的判断,在一定程度上,提高数据传输速度。In one embodiment, the relevant interface information may be acquired through the first communication between the client and the server. Specifically, the client can use the https method when communicating with the server for the first time, and obtain corresponding port information (such as whether port 80 is available, etc.) in this communication mode. In another embodiment, the specific determination process may be that the client may first send data transmitted through HTTP to the server, and if the client can receive correct response data, it is determined that the HTTP port of the server is available, Otherwise it is unavailable. After the judgment is performed, the client can mark the HTTP port of the server as available. When data transmission is performed again, the judgment of this step can be saved, and to a certain extent, the data transmission speed can be improved.

本领域技术人员应可理解,也可以通过周期性获取端口信息(或发送数据并判断响应)的方式来准确获知相应端口当前的可用性,或者在确定需要进行数据传输/通信之后并在决定数据传输/通信方式之前确定响应端口当前的可用性,本发明并不以此为限。It should be understood by those skilled in the art that the current availability of the corresponding port can also be accurately known by periodically acquiring port information (or sending data and judging the response), or after determining that data transmission/communication is required and determining the data transmission / The current availability of the response port is determined before the communication method, and the present invention is not limited to this.

方案二:Option II:

判断单元310,用于判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足;如果不是安全网络就确定为预设条件不满足。The judging unit 310 is configured to judge whether the currently accessed network is a secure network, if it is judged to be a secure network, the preset condition is satisfied; if it is not a secure network, it is determined that the preset condition is not met.

因为本发明的技术方案中采用的是HTTP方式建立的连接,数据传输过程中仍然采用明文传输,如果当前网络是非安全网络,则非法用户可以会将该数据的明文劫持并篡改,造成数据传输的不安全性,影响数据的正确性和完整性。所以,为了保证在本发明的实施过程中数据不被劫持,在客户端与服务器之间通过HTTP建立连接之前,要先判断客户端侧当前接入的网络是否为安全网络。Because the connection established by HTTP is adopted in the technical solution of the present invention, plaintext transmission is still used in the data transmission process. If the current network is a non-secure network, illegal users may hijack and tamper with the plaintext of the data, resulting in data transmission. Insecurity, affecting the correctness and integrity of data. Therefore, in order to ensure that data is not hijacked during the implementation of the present invention, before establishing a connection between the client and the server through HTTP, it is necessary to first determine whether the network currently accessed by the client is a secure network.

具体地,上述的判断当前接入的网络是否为安全网络包括如下中的一种或多种:Specifically, the above-mentioned judging whether the currently accessed network is a secure network includes one or more of the following:

(1)判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络。例如,移动、联通等网络运营商。(1) Determine whether the currently accessed network is a network of a mobile network operator, and if so, it is a secure network. For example, network operators such as China Mobile and China Unicom.

(2)判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络。例如,4G网络。(2) Determine whether the currently accessed network matches the network in the preset safe network list, and if it matches, it is a safe network. For example, 4G network.

(3)判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。(3) Judging whether the usage times of the currently accessed network is greater than a preset value, and if so, it is a secure network.

这里当前接入的网络的使用次数,可以是当前客户端所在智能终端设备对该网络的使用次数,使用次数大于预设值,说明该智能终端设备的常用网络,可确定为是安全网络,例如,工作的局域网;可以是该网络被可信任的设备使用的次数,这里可信任的设备可以设定为对传输数据的安全性有一定要求的设备,例如,涉及到个人支付的设备。The usage times of the network currently accessed here can be the usage times of the network by the smart terminal device where the current client is located. , the working local area network; it can be the number of times the network is used by a trusted device, where the trusted device can be set as a device that has certain requirements for the security of data transmission, for example, a device involved in personal payment.

方案三:third solution:

判断单元310,用于判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足;如果不允许就确定为预设条件不满足。The judgment unit 310 is configured to judge whether the current operating system allows sending request data to the HTTP port, if so, the preset condition is satisfied; if not, it is determined that the preset condition is not met.

使用HTTP方式建立连接并成功发送数据,不仅仅要看服务器侧的端口是否可用,还要看安装该客户端的智能终端中的操作系统是否允许向HTTP端口发送数据。例如,特定操作系统的某个特定版本可能不允许使用HTTP方式通信。所以,为了保证本方案的有效实施,需要判断当前所处的操作系统是否允许向HTTP端口发送请求数据。To establish a connection using HTTP and send data successfully, it depends not only on whether the port on the server side is available, but also on whether the operating system in the smart terminal where the client is installed allows sending data to the HTTP port. For example, a particular version of a particular operating system may not allow communication using HTTP. Therefore, in order to ensure the effective implementation of this solution, it is necessary to determine whether the current operating system allows sending request data to the HTTP port.

方案四:Option four:

判断单元310,用于判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足低安全要求指令应该是指该指令的执行对响应该请求数据的设备的安全性不产生直接影响的指令。例如,在通过智能终端,向相应的设备发送命令指令的时候,如果指令类型是指示该设备的开机/关机,则可以认为该指令的类型是高安全要求的,因为开机/关机直接涉及到设备是否可以正常使用,如果是对该设备发送的是执行某一动作的指令,则可认为该指令是低安全要求的。又例如,在看视频时,开灯/关灯则也可以认为是低安全性的指令。The judgment unit 310 is used for judging whether the instruction type of the request data to be sent is a low-security-requirement instruction, and if it is a low-security-requirement instruction, the preset condition satisfying the low-security-requirement instruction should refer to the execution of the instruction to the response to the request data. Directives that do not have a direct impact on the safety of equipment. For example, when a command instruction is sent to a corresponding device through a smart terminal, if the instruction type is to indicate the power-on/shutdown of the device, it can be considered that the type of the instruction has high security requirements, because the power-on/shutdown directly involves the device Whether it can be used normally, if the instruction to perform a certain action is sent to the device, it can be considered that the instruction has low security requirements. For another example, when watching a video, turning on/off the light can also be regarded as a low-security command.

具体地,可以根据需求预先设定低安全要求指令列表。则判断单元310,进一步用于判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令,即预设条件满足。Specifically, a low security requirement instruction list can be preset according to requirements. Then judging unit 310 is further used for judging whether the instruction type of the request data to be sent matches the instruction type in the preset low-security requirement instruction list, and if it matches, the instruction type of the request data to be sent is a low-security requirement instruction, That is, the preset condition is satisfied.

方案五:Option five:

步骤S110中的判断预设条件是否满足包括:根据所要发送的请求数据的指令时限,判断所要发送的请求数据的指令是否为实时指令,如果是则,该请求数据的指令需要被实时响应,即预设条件满足。Judging whether the preset condition is satisfied in step S110 includes: according to the instruction time limit of the request data to be sent, judging whether the instruction of the request data to be sent is a real-time instruction, if so, the instruction of the request data needs to be responded in real time, that is The preset conditions are met.

有些请求数据的指令中会有一个时间戳,需要在时间戳指示的时间内完成请求数据的响应,如果时间戳在预设阈值内,则判断该请求数据需要实时响应,则确定预设条件满足,需要采用耗时短的本发明的技术方案。Some instructions for requesting data will have a time stamp, and the response to the request data needs to be completed within the time indicated by the time stamp. If the time stamp is within the preset threshold, it is determined that the request data needs a real-time response, and it is determined that the preset condition is satisfied. , it is necessary to adopt the technical solution of the present invention which takes less time.

例如,预设阈值为0.4ms,在通过智能终端,向相应的设备发送命令指令的时候,时间戳指示的时间为0.2ms,小于预设阈值0.4ms,则该命令指令属于实时响应的指令,需要设备实时执行该命令指令,则智能终端的客户端与服务器之间可采用HTTP的方式建立连接,同样,设备和服务器之间也可以采用HTTP方式建立连接。For example, if the preset threshold is 0.4ms, when a command instruction is sent to the corresponding device through the smart terminal, the time indicated by the timestamp is 0.2ms, which is less than the preset threshold of 0.4ms, then the command instruction is a real-time response instruction. If the device needs to execute the command instruction in real time, the connection between the client and the server of the intelligent terminal can be established by means of HTTP, and similarly, the connection between the device and the server can also be established by means of HTTP.

需要说明的,上述方案一至方案五,可以单独实施,也可以进行任意组合后实施,在这里不做具体的限定。It should be noted that the above-mentioned solutions 1 to 5 may be implemented independently, or may be implemented in any combination, which is not specifically limited here.

图4示出了根据本发明一个实施例的一种服务器的结构示意图,其实施过程与图3所示的实现客户端与服务器之间通信的装置的实施过程相对应。如图4所示,该服务器400包括:FIG. 4 shows a schematic structural diagram of a server according to an embodiment of the present invention, and the implementation process thereof corresponds to the implementation process of the apparatus for implementing communication between a client and a server shown in FIG. 3 . As shown in Figure 4, the server 400 includes:

连接单元410,用于通过HTTP端口与客户端建立连接。The connection unit 410 is configured to establish a connection with the client through the HTTP port.

当客户端判断预设条件满足后,会与服务器通过HTTP方式建立连接,则服务器会通过HTTP端口(即80端口)与客户端建立连接。When the client determines that the preset condition is satisfied, it will establish a connection with the server through HTTP, and the server will establish a connection with the client through the HTTP port (ie, port 80).

接收单元420,用于通过HTTP端口接收客户端发送的包含请求参数的请求数据和第一校验值。The receiving unit 420 is configured to receive the request data including the request parameters and the first check value sent by the client through the HTTP port.

当客户端发送请求数据时,是向服务器的HTTP端口发送请求数据。在本实施例中,服务器会通过HTTP端口接收客户端发送的包含请求参数的请求数据和第一校验值。When the client sends request data, it sends the request data to the HTTP port of the server. In this embodiment, the server receives the request data including the request parameters and the first check value sent by the client through the HTTP port.

加密处理单元430,用于根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第二校验值。The encryption processing unit 430 is configured to perform encryption processing on the request parameters in the request data according to a preset encryption algorithm to obtain a second check value.

判断单元440,用于判断第一校验值和第二校验值是否一致。The judgment unit 440 is configured to judge whether the first check value and the second check value are consistent.

发送单元450,用于若一致,将请求数据对应的响应数据通过HTTP端口返回给客户端。The sending unit 450 is configured to return the response data corresponding to the request data to the client through the HTTP port if they are consistent.

如上文说明,服务器的密钥和指定的加密算法与客户端侧的密钥和加密算法是一致的。当服务器接收到包含请求参数的请求数据和第一校验值后,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第二校验值,如何请求数据是正常的,则第一校验值和第二校验值是一样的;如果请求数据是异常的,则第一校验值和第二校验值是不一样的。通过判断第一校验值和第二校验值是否一致,就可以判断请求数据是否是正常的。如果判断一致,服务器再将请求数据对应的响应数据通过HTTP端口返回给客户端;如果判断不一致,则不会返回响应数据。As explained above, the server's key and the specified encryption algorithm are the same as the client's key and encryption algorithm. After the server receives the request data including the request parameters and the first check value, it encrypts the request parameters in the request data according to the preset encryption algorithm to obtain the second check value. If the request data is normal, then The first check value and the second check value are the same; if the request data is abnormal, the first check value and the second check value are different. By judging whether the first check value and the second check value are consistent, it can be judged whether the request data is normal. If the judgment is consistent, the server returns the response data corresponding to the request data to the client through the HTTP port; if the judgment is inconsistent, the response data will not be returned.

当客户端侧判断预设条件不满足时,客户端需要通过HTTPs的方式与服务器建立连接。所以,在本发明的一个实施例中,连接单元410,还用于通过HTTPS端口与客户端建立连接;接收单元420,还用于通过HTTPS端口接收客户端发送的请求数据;发送单元450,用于将请求数据对应的响应数据通过HTTPS端口返回给客户端。When the client side determines that the preset conditions are not satisfied, the client needs to establish a connection with the server through HTTPs. Therefore, in an embodiment of the present invention, the connecting unit 410 is further configured to establish a connection with the client through the HTTPS port; the receiving unit 420 is further configured to receive request data sent by the client through the HTTPS port; the sending unit 450 is configured to use It is used to return the response data corresponding to the request data to the client through the HTTPS port.

在本发明的一个实施例中,加密处理单元430,用于利用指定密钥并根据指定加密算法对请求数据中的请求参数进行加密处理;其中,指定密钥为向客户端下发的密钥。In an embodiment of the present invention, the encryption processing unit 430 is configured to perform encryption processing on request parameters in the request data by using a specified key and according to a specified encryption algorithm; wherein the specified key is a key issued to the client .

综上所述,根据本发明的技术方案,首先客户端判断预设条件是否满足;如果预设条件满足,则采用HTTP方式与服务器建立连接;同时为了保证数据的安全性和完整性,当向服务器发送请求数据时,根据预设的加密算法对请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及第一校验值通过所建立的连接发送给服务器;当服务器接收到数据并校验成功后,会返回对应的响应数据,以便客户端可以及时接收到服务器返回的与请求数据对应的响应数据。可见,本技术方案中客户端与服务器之间的通信过程不包括tls握手过程,过程简单,耗时短,数据传输速度快,数据响应时间短,同时还可以保证数据传输过程中的安全性和完整性,增强用户的体验。To sum up, according to the technical solution of the present invention, the client first determines whether the preset conditions are met; if the preset conditions are met, it establishes a connection with the server by means of HTTP; at the same time, in order to ensure the security and integrity of data, when the When the server sends the request data, it encrypts the request parameters in the request data according to the preset encryption algorithm, obtains the first check value, and sends the request data including the request parameters and the first check value to the Server; when the server receives the data and the verification is successful, it will return the corresponding response data, so that the client can receive the response data corresponding to the request data returned by the server in time. It can be seen that the communication process between the client and the server in this technical solution does not include the TLS handshake process, the process is simple, the time consuming is short, the data transmission speed is fast, the data response time is short, and the security and Integrity, enhancing the user experience.

需要说明的是:It should be noted:

在此提供的算法和显示不与任何特定计算机、虚拟装置或者其它设备固有相关。各种通用装置也可以与基于在此的示教一起使用。根据上面的描述,构造这类装置所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual appliance, or other device. Various general-purpose devices can also be used with the teachings based on this. The structure required to construct such a device is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will appreciate that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的实现客户端与服务器之间通信的装置和服务器中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement the apparatus for implementing communication between the client and the server and some or all of the components in the server according to the embodiments of the present invention some or all of the functions. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.

本发明公开了A1、一种实现客户端与服务器之间通信的方法,包括:The present invention discloses A1, a method for realizing communication between a client and a server, comprising:

判断预设条件是否满足;Determine whether the preset conditions are met;

如果预设条件满足,则采用HTTP方式与服务器建立连接;If the preset conditions are met, the connection is established with the server by means of HTTP;

当向服务器发送请求数据时,根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及所述第一校验值通过所建立的连接发送给服务器;When the request data is sent to the server, the request parameters in the request data are encrypted according to the preset encryption algorithm to obtain a first check value, and the request data including the request parameters and the first check value are passed through The established connection is sent to the server;

接收所述服务器返回的与所述请求数据对应的响应数据。Receive response data corresponding to the request data returned by the server.

A2、如A1所述的方法,进一步包括:A2. The method of A1, further comprising:

如果预设条件不满足,则采用HTTPS方式与服务器建立连接;If the preset conditions are not met, use HTTPS to establish a connection with the server;

当向服务器发送请求数据时,将所述请求数据通过所建立的连接发送给服务器;When sending request data to the server, sending the request data to the server through the established connection;

接收所述服务器通过所建立的连接返回的与所述请求数据对应的响应数据。Receive response data corresponding to the request data returned by the server through the established connection.

A3、如A1所述的方法,其中,所述根据预设的加密算法对所述请求数据中的请求参数进行加密处理包括:A3. The method of A1, wherein the encrypting the request parameters in the request data according to a preset encryption algorithm includes:

获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理。The key pre-issued by the server is obtained, and the request parameter in the request data is encrypted by using the key and according to the specified encryption algorithm.

A4、如A1或A2所述的方法,其中,所述判断预设条件是否满足包括:A4. The method according to A1 or A2, wherein the judging whether the preset condition is satisfied includes:

判断服务器的HTTP端口是否可用,如果可用则预设条件满足。Determine whether the HTTP port of the server is available, if available, the preset conditions are met.

A5、如A1或A2所述的方法,其中,所述判断预设条件是否满足包括:A5. The method according to A1 or A2, wherein the judging whether the preset condition is satisfied includes:

判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足。It is determined whether the currently accessed network is a secure network, and if it is determined to be a secure network, the preset condition is satisfied.

A6、如A5所述的方法,其中,所述判断当前接入的网络是否为安全网络包括如下中的一种或多种:A6. The method according to A5, wherein the judging whether the currently accessed network is a secure network includes one or more of the following:

判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络;Determine whether the currently accessed network is the network of the mobile network operator, and if so, it is a secure network;

判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络;Determine whether the currently accessed network matches the network in the preset safe network list, and if it matches, it is a safe network;

判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。It is judged whether the usage times of the currently accessed network is greater than the preset value, and if so, it is a secure network.

A7、如A1或A2所述的方法,其中,所述判断预设条件是否满足包括:A7. The method according to A1 or A2, wherein the judging whether the preset condition is satisfied includes:

判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足。Determines whether the current operating system allows sending request data to the HTTP port, and if so, the preset conditions are met.

A8、如A1或A2所述的方法,其中,所述判断预设条件是否满足包括:A8. The method according to A1 or A2, wherein the judging whether the preset condition is satisfied includes:

判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足。It is judged whether the command type of the request data to be sent is a low security requirement command, and if it is a low security requirement command, the preset condition is satisfied.

A9、如A8所述的方法,其中,所述判断所要发送的请求数据的指令类型是否为低安全要求指令包括:A9. The method according to A8, wherein the judging whether the instruction type of the request data to be sent is an instruction with low security requirements includes:

判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令。It is judged whether the command type of the request data to be sent matches the command type in the preset low security requirement command list, and if it matches, the command type of the request data to be sent is a low security requirement command.

本发明还公开了B10、一种实现客户端与服务器之间通信的方法,包括:The invention also discloses B10, a method for realizing communication between the client and the server, comprising:

通过HTTP端口与客户端建立连接;Establish a connection with the client through the HTTP port;

通过HTTP端口接收所述客户端发送的包含请求参数的请求数据和第一校验值;Receive through the HTTP port the request data and the first check value including the request parameters and sent by the client;

根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第二校验值;Encrypting the request parameters in the request data according to a preset encryption algorithm to obtain a second check value;

判断所述第一校验值和所述第二校验值是否一致,若一致,则将所述请求数据对应的响应数据通过HTTP端口返回给所述客户端。It is judged whether the first check value and the second check value are consistent, and if they are consistent, the response data corresponding to the request data is returned to the client through the HTTP port.

B11、如B10所述的方法,进一步包括:B11. The method of B10, further comprising:

通过HTTPS端口与所述客户端建立连接;establish a connection with the client through the HTTPS port;

通过HTTPS端口接收所述客户端发送的请求数据;Receive the request data sent by the client through the HTTPS port;

将所述请求数据对应的响应数据通过HTTPS端口返回给所述客户端。The response data corresponding to the request data is returned to the client through the HTTPS port.

B12、如B10或B11所述的方法,其中,所述根据预设的加密算法对所述请求数据中的请求参数进行加密处理包括:B12. The method according to B10 or B11, wherein the encrypting the request parameters in the request data according to a preset encryption algorithm includes:

利用指定密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理;Encrypt the request parameters in the request data using the specified key and according to the specified encryption algorithm;

其中,所述指定密钥为向所述客户端下发的密钥。Wherein, the designated key is a key delivered to the client.

本发明还公开了C13、一种实现客户端与服务器之间通信的装置,该装置包括:The invention also discloses C13, a device for realizing communication between the client and the server, the device comprising:

判断单元,用于判断预设条件是否满足;a judging unit for judging whether a preset condition is satisfied;

连接单元,用于如果预设条件满足,采用HTTP方式与服务器建立连接;The connection unit is used to establish a connection with the server by means of HTTP if the preset condition is satisfied;

加密处理单元,用于当向服务器发送请求数据时,根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第一校验值;an encryption processing unit, configured to perform encryption processing on the request parameters in the request data according to a preset encryption algorithm when the request data is sent to the server to obtain a first check value;

发送单元,用于将包含请求参数的请求数据以及所述第一校验值通过所建立的连接发送给服务器;a sending unit, configured to send the request data including the request parameter and the first check value to the server through the established connection;

接收单元,用于接收所述服务器返回的与所述请求数据对应的响应数据。A receiving unit, configured to receive response data corresponding to the request data returned by the server.

C14、如C13所述的装置,其中,C14. The apparatus of C13, wherein,

所述连接单元,用于如果预设条件不满足,则采用HTTPS方式与服务器建立连接;The connection unit is configured to establish a connection with the server in an HTTPS manner if the preset condition is not satisfied;

所述发送单元,用于当向服务器发送请求数据时,将所述请求数据通过所建立的连接发送给服务器;The sending unit is configured to send the request data to the server through the established connection when sending the request data to the server;

所述接收单元,用于接收所述服务器通过所建立的连接返回的与所述请求数据对应的响应数据。The receiving unit is configured to receive response data corresponding to the request data returned by the server through the established connection.

C15、如C13所述的装置,其中,C15. The apparatus of C13, wherein,

所述加密处理单元,用于获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理。The encryption processing unit is configured to obtain a key pre-issued by the server, and perform encryption processing on the request parameters in the request data by using the key and according to a specified encryption algorithm.

C16、如C13或C14所述的装置,其中,C16. The apparatus of C13 or C14, wherein,

所述判断单元,用于判断服务器的HTTP端口是否可用,如果可用则预设条件满足。The judging unit is used for judging whether the HTTP port of the server is available, and if it is available, the preset condition is satisfied.

C17、如C13或C14所述的装置,其中,C17. The apparatus of C13 or C14, wherein,

所述判断单元,用于判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足。The judging unit is configured to judge whether the currently accessed network is a secure network, and if it is judged to be a secure network, the preset condition is satisfied.

C18、如C17所述的装置,其中,所述判断当前接入的网络是否为安全网络包括如下中的一种或多种:C18. The apparatus according to C17, wherein the determining whether the currently accessed network is a secure network includes one or more of the following:

判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络;Determine whether the currently accessed network is the network of the mobile network operator, and if so, it is a secure network;

判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络;Determine whether the currently accessed network matches the network in the preset safe network list, and if it matches, it is a safe network;

判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。It is judged whether the usage times of the currently accessed network is greater than the preset value, and if so, it is a secure network.

C19、如C13或C14所述的装置,其中,C19. The apparatus of C13 or C14, wherein,

所述判断单元,用于判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足。The judging unit is used for judging whether the current operating system allows sending request data to the HTTP port, and if so, the preset condition is satisfied.

C20、如C13或C14所述的装置,其中,C20. The apparatus of C13 or C14, wherein,

所述判断单元,用于判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足。The judging unit is configured to judge whether the instruction type of the request data to be sent is an instruction with low security requirements, and if it is an instruction with low security requirements, the preset condition is satisfied.

C21、如C20所述的装置,其中,C21. The device of C20, wherein,

所述判断单元,进一步用于判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令。The judging unit is further configured to judge whether the command type of the request data to be sent matches the command type in the preset low security requirement command list, and if it matches, the command type of the request data to be sent is a low security requirement command.

本发明公开了D22、一种服务器,包括:The invention discloses D22, a server, comprising:

连接单元,用于通过HTTP端口与客户端建立连接;The connection unit is used to establish a connection with the client through the HTTP port;

接收单元,用于通过HTTP端口接收所述客户端发送的包含请求参数的请求数据和第一校验值;a receiving unit, configured to receive, through the HTTP port, the request data and the first check value including the request parameters sent by the client;

加密处理单元,用于根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第二校验值;an encryption processing unit, configured to perform encryption processing on the request parameters in the request data according to a preset encryption algorithm to obtain a second check value;

判断单元,用于判断所述第一校验值和所述第二校验值是否一致;a judging unit for judging whether the first check value and the second check value are consistent;

发送单元,用于若一致,将所述请求数据对应的响应数据通过HTTP端口返回给所述客户端。A sending unit, configured to return the response data corresponding to the request data to the client through the HTTP port if they are consistent.

D23、如D22所述的服务器,其中,D23. The server according to D22, wherein,

所述连接单元,还用于通过HTTPS端口与所述客户端建立连接;The connection unit is further configured to establish a connection with the client through the HTTPS port;

所述接收单元,还用于通过HTTPS端口接收所述客户端发送的请求数据;The receiving unit is further configured to receive the request data sent by the client through the HTTPS port;

所述发送单元,用于将所述请求数据对应的响应数据通过HTTPS端口返回给所述客户端。The sending unit is configured to return the response data corresponding to the request data to the client through the HTTPS port.

D24、如D22或D23所述的服务器,其中,D24. The server of D22 or D23, wherein,

所述加密处理单元,用于利用指定密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理;The encryption processing unit is configured to perform encryption processing on the request parameters in the request data using a specified key and according to a specified encryption algorithm;

其中,所述指定密钥为向所述客户端下发的密钥。Wherein, the designated key is a key delivered to the client.

Claims (16)

1.一种实现客户端与服务器之间通信的方法,包括:1. A method for realizing communication between a client and a server, comprising: 判断预设条件是否满足;所述判断预设条件是否满足包括:判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足;Judging whether the preset conditions are satisfied; the judging whether the preset conditions are satisfied includes: judging whether the currently accessed network is a secure network, and if it is judged that it is a secure network, the preset conditions are satisfied; 如果预设条件满足,则采用HTTP方式与服务器建立连接;If the preset conditions are met, the connection is established with the server by means of HTTP; 当向服务器发送请求数据时,根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第一校验值,将包含请求参数的请求数据以及所述第一校验值通过所建立的连接发送给服务器;When the request data is sent to the server, the request parameters in the request data are encrypted according to the preset encryption algorithm to obtain a first check value, and the request data including the request parameters and the first check value are passed through The established connection is sent to the server; 接收所述服务器返回的与所述请求数据对应的响应数据;receiving response data corresponding to the request data returned by the server; 如果预设条件不满足,则采用HTTPS方式与服务器建立连接;If the preset conditions are not met, use HTTPS to establish a connection with the server; 当向服务器发送请求数据时,将所述请求数据通过所建立的连接发送给服务器;When sending request data to the server, sending the request data to the server through the established connection; 接收所述服务器通过所建立的连接返回的与所述请求数据对应的响应数据;receiving response data corresponding to the request data returned by the server through the established connection; 所述判断预设条件是否满足包括:The judging whether the preset condition is satisfied includes: 判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足;Determine whether the instruction type of the request data to be sent is a low-security-requirement instruction, and if it is a low-security-requirement instruction, the preset condition is satisfied; 所述判断所要发送的请求数据的指令类型是否为低安全要求指令包括:The judging whether the instruction type of the request data to be sent is a low security requirement instruction includes: 判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令。It is judged whether the command type of the request data to be sent matches the command type in the preset low security requirement command list, and if it matches, the command type of the request data to be sent is a low security requirement command. 2.如权利要求1所述的方法,其中,所述根据预设的加密算法对所述请求数据中的请求参数进行加密处理包括:2. The method according to claim 1, wherein said performing encryption processing on the request parameters in the request data according to a preset encryption algorithm comprises: 获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理。The key pre-issued by the server is obtained, and the request parameter in the request data is encrypted by using the key and according to the specified encryption algorithm. 3.如权利要求1所述的方法,其中,所述判断预设条件是否满足包括:3. The method of claim 1, wherein the judging whether the preset condition is satisfied comprises: 判断服务器的HTTP端口是否可用,如果可用则预设条件满足。Determine whether the HTTP port of the server is available, if available, the preset conditions are met. 4.如权利要求3所述的方法,其中,所述判断当前接入的网络是否为安全网络包括如下中的一种或多种:4. The method according to claim 3, wherein the judging whether the currently accessed network is a secure network comprises one or more of the following: 判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络;Determine whether the currently accessed network is the network of the mobile network operator, and if so, it is a secure network; 判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络;Determine whether the currently accessed network matches the network in the preset safe network list, and if it matches, it is a safe network; 判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。It is judged whether the usage times of the currently accessed network is greater than the preset value, and if so, it is a secure network. 5.如权利要求1所述的方法,其中,所述判断预设条件是否满足包括:5. The method of claim 1, wherein the judging whether the preset condition is satisfied comprises: 判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足。Determines whether the current operating system allows sending request data to the HTTP port, and if so, the preset conditions are met. 6.一种实现客户端与服务器之间通信的方法,包括:6. A method for realizing communication between a client and a server, comprising: 通过HTTP端口与客户端建立连接;Establish a connection with the client through the HTTP port; 通过HTTP端口接收所述客户端发送的包含请求参数的请求数据和第一校验值;Receive through the HTTP port the request data and the first check value including the request parameters and sent by the client; 根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第二校验值;Encrypting the request parameters in the request data according to a preset encryption algorithm to obtain a second check value; 判断所述第一校验值和所述第二校验值是否一致,若一致,则将所述请求数据对应的响应数据通过HTTP端口返回给所述客户端;Determine whether the first check value and the second check value are consistent, and if they are consistent, return the response data corresponding to the request data to the client through the HTTP port; 通过HTTPS端口与所述客户端建立连接;establish a connection with the client through the HTTPS port; 通过HTTPS端口接收所述客户端发送的请求数据;Receive the request data sent by the client through the HTTPS port; 将所述请求数据对应的响应数据通过HTTPS端口返回给所述客户端。The response data corresponding to the request data is returned to the client through the HTTPS port. 7.如权利要求6所述的方法,其中,所述根据预设的加密算法对所述请求数据中的请求参数进行加密处理包括:7. The method according to claim 6, wherein said performing encryption processing on the request parameters in the request data according to a preset encryption algorithm comprises: 利用指定密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理;Encrypt the request parameters in the request data using the specified key and according to the specified encryption algorithm; 其中,所述指定密钥为向所述客户端下发的密钥。Wherein, the designated key is a key delivered to the client. 8.一种实现客户端与服务器之间通信的装置,该装置包括:8. A device for realizing communication between a client and a server, the device comprising: 判断单元,用于判断预设条件是否满足;判断当前接入的网络是否为安全网络,若判断为安全网络,则预设条件满足;a judging unit for judging whether a preset condition is met; judging whether the currently accessed network is a secure network, and if it is judged to be a secure network, the preset condition is met; 连接单元,用于如果预设条件满足,采用HTTP方式与服务器建立连接;The connection unit is used to establish a connection with the server by means of HTTP if the preset condition is satisfied; 加密处理单元,用于当向服务器发送请求数据时,根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第一校验值;an encryption processing unit, configured to perform encryption processing on the request parameters in the request data according to a preset encryption algorithm when the request data is sent to the server to obtain a first check value; 发送单元,用于将包含请求参数的请求数据以及所述第一校验值通过所建立的连接发送给服务器;a sending unit, configured to send the request data including the request parameter and the first check value to the server through the established connection; 接收单元,用于接收所述服务器返回的与所述请求数据对应的响应数据;a receiving unit, configured to receive response data corresponding to the request data returned by the server; 所述连接单元,用于如果预设条件不满足,则采用HTTPS方式与服务器建立连接;The connection unit is configured to establish a connection with the server in an HTTPS manner if the preset condition is not satisfied; 所述发送单元,用于当向服务器发送请求数据时,将所述请求数据通过所建立的连接发送给服务器;The sending unit is configured to send the request data to the server through the established connection when sending the request data to the server; 所述接收单元,用于接收所述服务器通过所建立的连接返回的与所述请求数据对应的响应数据;the receiving unit, configured to receive the response data corresponding to the request data returned by the server through the established connection; 所述判断单元,用于判断所要发送的请求数据的指令类型是否为低安全要求指令,如果是低安全要求指令则预设条件满足;The judging unit is used to judge whether the instruction type of the request data to be sent is a low security requirement instruction, and if it is a low security requirement instruction, the preset condition is satisfied; 所述判断单元,进一步用于判断所要发送的请求数据的指令类型是否与预设的低安全要求指令列表中的指令类型匹配,如果匹配则所要发送的请求数据的指令类型为低安全要求指令。The judging unit is further configured to judge whether the instruction type of the request data to be sent matches the instruction type in the preset low-security-requirement instruction list, and if it matches, the instruction type of the request data to be sent is a low-security-requirement instruction. 9.如权利要求8所述的装置,其中,9. The apparatus of claim 8, wherein, 所述加密处理单元,用于获取服务器预先下发的密钥,利用该密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理。The encryption processing unit is configured to obtain a key pre-issued by the server, and perform encryption processing on the request parameters in the request data by using the key and according to a specified encryption algorithm. 10.如权利要求8所述的装置,其中,10. The apparatus of claim 8, wherein, 所述判断单元,用于判断服务器的HTTP端口是否可用,如果可用则预设条件满足。The judging unit is used for judging whether the HTTP port of the server is available, and if it is available, the preset condition is satisfied. 11.如权利要求10所述的装置,其中,所述判断当前接入的网络是否为安全网络包括如下中的一种或多种:11. The apparatus according to claim 10, wherein the judging whether the currently accessed network is a secure network comprises one or more of the following: 判断当前接入的网络是否为移动网络运营商的网络,如果是则为安全网络;Determine whether the currently accessed network is the network of the mobile network operator, and if so, it is a secure network; 判断当前接入的网络是否与预先设定的安全网络列表中的网络相匹配,如果匹配则为安全网络;Determine whether the currently accessed network matches the network in the preset safe network list, and if it matches, it is a safe network; 判断当前接入的网络的使用次数是否大于预设值,如果是则为安全网络。It is judged whether the usage times of the currently accessed network is greater than the preset value, and if so, it is a secure network. 12.如权利要求8所述的装置,其中,12. The apparatus of claim 8, wherein, 所述判断单元,用于判断当前所处的操作系统是否允许向HTTP端口发送请求数据,如果允许则预设条件满足。The judging unit is used for judging whether the current operating system allows sending request data to the HTTP port, and if so, the preset condition is satisfied. 13.一种服务器,包括:13. A server comprising: 连接单元,用于通过HTTP端口与客户端建立连接;The connection unit is used to establish a connection with the client through the HTTP port; 接收单元,用于通过HTTP端口接收所述客户端发送的包含请求参数的请求数据和第一校验值;a receiving unit, configured to receive, through the HTTP port, the request data and the first check value including the request parameters sent by the client; 加密处理单元,用于根据预设的加密算法对所述请求数据中的请求参数进行加密处理,获得第二校验值;an encryption processing unit, configured to perform encryption processing on the request parameters in the request data according to a preset encryption algorithm to obtain a second check value; 判断单元,用于判断所述第一校验值和所述第二校验值是否一致;a judging unit for judging whether the first check value and the second check value are consistent; 发送单元,用于若一致,将所述请求数据对应的响应数据通过HTTP端口返回给所述客户端;a sending unit, configured to, if consistent, return the response data corresponding to the request data to the client through the HTTP port; 所述连接单元,还用于通过HTTPS端口与所述客户端建立连接;The connection unit is further configured to establish a connection with the client through the HTTPS port; 所述接收单元,还用于通过HTTPS端口接收所述客户端发送的请求数据;The receiving unit is further configured to receive the request data sent by the client through the HTTPS port; 所述发送单元,用于将所述请求数据对应的响应数据通过HTTPS端口返回给所述客户端。The sending unit is configured to return the response data corresponding to the request data to the client through the HTTPS port. 14.如权利要求13所述的服务器,其中,14. The server of claim 13, wherein, 所述加密处理单元,用于利用指定密钥并根据指定加密算法对所述请求数据中的请求参数进行加密处理;The encryption processing unit is configured to perform encryption processing on the request parameters in the request data using a specified key and according to a specified encryption algorithm; 其中,所述指定密钥为向所述客户端下发的密钥。Wherein, the designated key is a key delivered to the client. 15.一种电子设备,其中,包括:处理器;以及被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行根据权利要求1-5中任一项所述的方法,或者,执行根据权利要求6-7中任一项所述的方法。15. An electronic device comprising: a processor; and a memory arranged to store computer-executable instructions which, when executed, cause the processor to perform any one of claims 1-5 The method of claim 6, or, performing the method of any one of claims 6-7. 16.一种计算机可读存储介质,其中,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被处理器执行时,实现权利要求1~5中任一项所述的方法,或者,实现权利要求6-7中任一项所述的方法。16. A computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs that, when executed by a processor, implement any one of claims 1 to 5 The method, alternatively, implements the method of any one of claims 6-7.
CN201710392654.7A 2017-05-27 2017-05-27 A method, device and server for realizing communication between client and server Active CN107332821B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710392654.7A CN107332821B (en) 2017-05-27 2017-05-27 A method, device and server for realizing communication between client and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710392654.7A CN107332821B (en) 2017-05-27 2017-05-27 A method, device and server for realizing communication between client and server

Publications (2)

Publication Number Publication Date
CN107332821A CN107332821A (en) 2017-11-07
CN107332821B true CN107332821B (en) 2020-11-13

Family

ID=60193165

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710392654.7A Active CN107332821B (en) 2017-05-27 2017-05-27 A method, device and server for realizing communication between client and server

Country Status (1)

Country Link
CN (1) CN107332821B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107948170B (en) * 2017-11-30 2020-11-24 中国平安人寿保险股份有限公司 Interface request parameter encryption method, device, equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1478348A (en) * 2000-11-30 2004-02-25 �Ҵ���˾ Secure session management and authentication for WEB sites
CN103188254A (en) * 2011-12-31 2013-07-03 北京市国路安信息技术有限公司 Network security protection method capable of giving consideration to both smoothness and safety of internal and external network information
CN105072125A (en) * 2015-08-26 2015-11-18 北京京东尚科信息技术有限公司 HTTP communication system and method
CN105872052A (en) * 2016-03-30 2016-08-17 北京小米移动软件有限公司 Network connection method and device
CN106357590A (en) * 2015-07-15 2017-01-25 艾默生网络能源系统北美公司 Network protocol conversion system, network protocol converter and network protocol conversion method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566452B1 (en) * 2006-08-03 2013-10-22 F5 Networks, Inc. Intelligent HTTP based load-balancing, persistence, and application traffic management of SSL VPN tunnels
CN104954344A (en) * 2014-03-31 2015-09-30 小米科技有限责任公司 Data exchange method and device thereof based on HTTP protocol
CN104735086B (en) * 2015-04-14 2018-01-16 广东欧珀移动通信有限公司 Method and device for safely downloading file
CN106453353B (en) * 2016-10-25 2019-05-10 四川长虹电器股份有限公司 A kind of method in user end certification cloud

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1478348A (en) * 2000-11-30 2004-02-25 �Ҵ���˾ Secure session management and authentication for WEB sites
CN103188254A (en) * 2011-12-31 2013-07-03 北京市国路安信息技术有限公司 Network security protection method capable of giving consideration to both smoothness and safety of internal and external network information
CN106357590A (en) * 2015-07-15 2017-01-25 艾默生网络能源系统北美公司 Network protocol conversion system, network protocol converter and network protocol conversion method
CN105072125A (en) * 2015-08-26 2015-11-18 北京京东尚科信息技术有限公司 HTTP communication system and method
CN105872052A (en) * 2016-03-30 2016-08-17 北京小米移动软件有限公司 Network connection method and device

Also Published As

Publication number Publication date
CN107332821A (en) 2017-11-07

Similar Documents

Publication Publication Date Title
US10142395B2 (en) Accessing hardware devices using web server abstractions
CN105450730A (en) Method and apparatus for processing request from client
CN112580062B (en) Data consistency checking method and data uploading and downloading device
CN113190828B (en) A request proxy method, client device and proxy service device
US9432189B1 (en) Techniques for handshake-free encrypted communication using symmetric key caching during request-and-response
US10970264B2 (en) Supporting secure layer extensions for communication protocols
CN103501331B (en) Data transmission method, data transmission equipment and data transmission system
CN103166996B (en) HTTP connects and HTTPS connects self-adaptation method, Apparatus and system
WO2019201040A1 (en) File update management method and system and terminal apparatus
CN107395642A (en) The method and system for the Docker containers for starting TLS certifications are accessed based on Websocket
CN104378388A (en) Executable file running control method and device
CN105162802A (en) Portal authentication method and Portal authentication server
CN109067746B (en) Communication method and device between client and server
CN109981262A (en) A kind of client anti-violence crack method and device
CN110515700B (en) Virtual machine migration method, system, device and readable storage medium
CN107342963A (en) A kind of secure virtual machine control method, system and the network equipment
CN107332821B (en) A method, device and server for realizing communication between client and server
US8972733B1 (en) Techniques to prime a stateful request-and-response communication channel
US10341345B1 (en) Network browser configuration
CN111193776B (en) Method, device, equipment and medium for automatically logging in client under cloud desktop environment
CN111064675A (en) Access flow control method, device, network equipment and storage medium
JPWO2021236484A5 (en)
CN112804201B (en) Method and device for acquiring equipment information
CN111786932A (en) Account login method and device, electronic equipment and computer storage medium
CN107707550A (en) Access the method, apparatus and system of virtual machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant