[go: up one dir, main page]

CN118827600A - Information processing method, device, equipment and computer storage medium - Google Patents

Information processing method, device, equipment and computer storage medium Download PDF

Info

Publication number
CN118827600A
CN118827600A CN202411017901.1A CN202411017901A CN118827600A CN 118827600 A CN118827600 A CN 118827600A CN 202411017901 A CN202411017901 A CN 202411017901A CN 118827600 A CN118827600 A CN 118827600A
Authority
CN
China
Prior art keywords
server
credential
client
identity authentication
processed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411017901.1A
Other languages
Chinese (zh)
Inventor
殷伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenxinfu Information Security Co ltd
Original Assignee
Shenzhen Shenxinfu Information Security Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenxinfu Information Security Co ltd filed Critical Shenzhen Shenxinfu Information Security Co ltd
Priority to CN202411017901.1A priority Critical patent/CN118827600A/en
Publication of CN118827600A publication Critical patent/CN118827600A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9063Intermediate storage in different physical parts of a node or terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0668Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请实施例公开了一种信息处理方法,包括:发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器;在通过所述第一服务器基于所述身份认证请求对所述用户的身份认证通过的情况下,接收所述第一服务器发送的针对所述第一服务器的第一凭据,并存储处理后的第一凭据至所述客户端的目标存储空间;其中,所述第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据;在所述第一服务器存在故障的情况下,发送连接请求和所述第一凭据至所述分布式系统中的第二服务器,以通过所述第二服务器向所述客户端提供服务。本申请实施例还公开了一种信息处理装置、设备及计算机存储介质。

The embodiment of the present application discloses an information processing method, including: sending an identity authentication request corresponding to a user and attribute information of a client to a first server in a distributed system; when the identity authentication of the user based on the identity authentication request is passed by the first server, receiving a first credential for the first server sent by the first server, and storing the processed first credential to a target storage space of the client; wherein the first credential refers to a credential for exempting identity authentication when the client connects to the server again; when the first server fails, sending a connection request and the first credential to a second server in the distributed system, so as to provide services to the client through the second server. The embodiment of the present application also discloses an information processing device, equipment, and computer storage medium.

Description

一种信息处理方法、装置、设备及计算机存储介质Information processing method, device, equipment and computer storage medium

技术领域Technical Field

本申请涉及互联网技术领域,尤其涉及一种信息处理方法、装置、设备及计算机存储介质。The present application relates to the field of Internet technology, and in particular to an information processing method, device, equipment and computer storage medium.

背景技术Background Art

目前,现有的分布式系统内的服务器切换的具体过程是:服务端之间会话信息互相同步,即用户在分布式系统的其中一个服务端建立会话信息后,该服务端会立即同步用户会话信息到分布式系统内其他的服务端,一旦客户端无法连接该服务端,可以自动切换到其他服务端;但是,现有的分布式系统内的服务器切换方法中,要求分布式系统内的服务端要么在同一个局域网内,要么分布在互联网上,若带宽不足,使得服务端之间会话信息同步的及时性较差,导致客户端无法连接到其他存活服务端上,从而导致服务器切换的效率较低。At present, the specific process of server switching in the existing distributed system is: the session information between the servers is synchronized with each other, that is, after the user establishes session information in one of the servers in the distributed system, the server will immediately synchronize the user session information to other servers in the distributed system. Once the client cannot connect to the server, it can automatically switch to other servers. However, in the existing server switching method in the distributed system, it is required that the servers in the distributed system are either in the same local area network or distributed on the Internet. If the bandwidth is insufficient, the timeliness of the synchronization of session information between the servers is poor, resulting in the inability of the client to connect to other surviving servers, thereby resulting in low efficiency of server switching.

发明内容Summary of the invention

为解决上述技术问题,本申请实施例期望提供一种信息处理方法、装置、设备及计算机存储介质,可以解决相关技术中服务器切换的效率较低的问题。In order to solve the above technical problems, the embodiments of the present application hope to provide an information processing method, device, equipment and computer storage medium, which can solve the problem of low efficiency of server switching in related technologies.

本申请的技术方案是这样实现的:The technical solution of this application is implemented as follows:

一种信息处理方法,所述方法包括:An information processing method, the method comprising:

发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器;Sending an identity authentication request corresponding to the user and attribute information of the client to a first server in the distributed system;

在通过所述第一服务器基于所述身份认证请求对所述用户的身份认证通过的情况下,接收所述第一服务器发送的针对所述第一服务器的第一凭据,并存储处理后的第一凭据至所述客户端的目标存储空间;其中,所述第一凭据指的是所述客户端再一次连接服务器时免除身份认证的凭据;In the case where the identity authentication of the user is passed by the first server based on the identity authentication request, receiving a first credential for the first server sent by the first server, and storing the processed first credential in the target storage space of the client; wherein the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

在所述第一服务器存在故障的情况下,发送连接请求和所述第一凭据至所述分布式系统中的第二服务器,以通过所述第二服务器向所述客户端提供服务。In the event that the first server fails, a connection request and the first credential are sent to a second server in the distributed system, so as to provide services to the client through the second server.

上述方案中,所述接收所述第一服务器发送的针对所述第一服务器的第一凭据,包括:In the above solution, the receiving the first credential for the first server sent by the first server includes:

发送隧道建立请求至所述第一服务器;其中,所述隧道建立请求用于建立所述客户端和所述第一服务器之间的信息传输通道;Sending a tunnel establishment request to the first server; wherein the tunnel establishment request is used to establish an information transmission channel between the client and the first server;

在接收到所述第一服务器发送的同意信息的情况下,通过所述信息传输通道接收所述第一服务器发送的第一凭据;其中,所述同意信息是所述第一服务器基于所述隧道建立请求生成的;所述第一凭据是所述第一服务器采用秘钥对第一待处理凭据进行加密生成的,所述秘钥具有随时间进行周期性变化的特性;所述第一待处理凭据是所述第一服务器生成的。Upon receiving the consent information sent by the first server, the first credential sent by the first server is received through the information transmission channel; wherein the consent information is generated by the first server based on the tunnel establishment request; the first credential is generated by the first server by encrypting the first to-be-processed credential using a secret key, and the secret key has the characteristic of periodically changing over time; the first to-be-processed credential is generated by the first server.

上述方案中,所述通过所述信息传输通道接收所述第一服务器发送的第一凭据之后,还包括:In the above solution, after receiving the first credential sent by the first server through the information transmission channel, the method further includes:

采用所述属性信息对所述第一凭据进行加密,得到所述处理后的第一凭据。The first credential is encrypted using the attribute information to obtain the processed first credential.

上述方案中,所述发送连接请求和所述第一凭据至所述分布式系统中的第二服务器,包括:In the above solution, sending the connection request and the first credential to the second server in the distributed system includes:

采用所述属性信息对所述处理后的第一凭据进行解密,得到所述第一凭据;Decrypting the processed first credential using the attribute information to obtain the first credential;

发送连接请求和所述第一凭据至所述分布式系统中的第二服务器,以使所述第二服务器采用所述秘钥对所述第一凭据进行解密得到所述第一待处理凭据。Send a connection request and the first credential to a second server in the distributed system, so that the second server uses the secret key to decrypt the first credential to obtain the first to-be-processed credential.

一种信息处理方法,应用于第二服务器,所述方法包括:An information processing method, applied to a second server, comprising:

接收客户端发送的连接请求和第一凭据;其中,所述第一凭据是第一服务器发送至所述客户端的,且所述第一凭据指的是所述客户端再一次连接服务器时免除身份认证的凭据;Receive a connection request and a first credential sent by a client; wherein the first credential is sent by a first server to the client, and the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

在采用探测技术确定第一服务器存在故障的情况下,基于所述连接请求和所述第一凭据与所述客户端建立连接,以向所述客户端提供服务。In the case where it is determined by using a detection technology that a fault exists in the first server, a connection is established with the client based on the connection request and the first credential to provide services to the client.

上述方案中,所述基于所述连接请求和所述第一凭据与所述客户端建立连接,以向所述客户端提供服务之后,还包括:In the above solution, after establishing a connection with the client based on the connection request and the first credential to provide a service to the client, the method further includes:

在所述客户端与所述第二服务器建立连接的情况下,采用秘钥对所述第一凭据进行解密,得到第一待处理凭据;When the client establishes a connection with the second server, the first credential is decrypted using a secret key to obtain a first credential to be processed;

基于所述第一待处理凭据和第二服务器的标识,生成针对所述第二服务器的第二待处理凭据。Based on the first pending credential and the identification of the second server, a second pending credential for the second server is generated.

上述方案中,所述信息处理方法还包括:In the above solution, the information processing method further includes:

在采用所述探测技术确定所述第一服务器存活的情况下,发送拒绝连接消息至所述客户端;其中,所述拒绝连接消息是基于所述连接请求生成的。In the case where the detection technology is used to determine that the first server is alive, a connection rejection message is sent to the client; wherein the connection rejection message is generated based on the connection request.

一种第一信息处理装置,所述装置包括:A first information processing device, the device comprising:

第一发送单元,用于发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器;A first sending unit, used to send an identity authentication request corresponding to the user and attribute information of the client to a first server in the distributed system;

第一处理单元,用于在通过所述第一服务器基于所述身份认证请求对所述用户的身份认证通过的情况下,接收所述第一服务器发送的针对所述第一服务器的第一凭据,并存储处理后的第一凭据至所述客户端的目标存储空间;其中,所述第一凭据指的是所述客户端再一次连接服务器时免除身份认证的凭据;A first processing unit is configured to receive a first credential for the first server sent by the first server when the identity authentication of the user based on the identity authentication request is successful, and store the processed first credential in a target storage space of the client; wherein the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

第二发送单元,用于在所述第一服务器存在故障的情况下,发送连接请求和所述第一凭据至所述分布式系统中的第二服务器,以通过所述第二服务器向所述客户端提供服务。The second sending unit is used to send a connection request and the first credential to a second server in the distributed system when the first server fails, so as to provide services to the client through the second server.

一种第二信息处理装置,所述装置包括:A second information processing device, the device comprising:

接收单元,用于接收客户端发送的连接请求和第一凭据;其中,所述第一凭据是第一服务器发送至所述客户端的,且所述第一凭据指的是所述客户端再一次连接服务器时免除身份认证的凭据;A receiving unit, configured to receive a connection request and a first credential sent by a client; wherein the first credential is sent by a first server to the client, and the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

第二处理单元,用于在采用探测技术确定第一服务器存在故障的情况下,基于所述连接请求与所述客户端建立连接,以向所述客户端提供服务。The second processing unit is configured to establish a connection with the client based on the connection request to provide services to the client when it is determined that the first server has a fault by using a detection technology.

一种客户端,所述客户端包括:第一处理器、第一存储器和第一通信总线;A client comprises: a first processor, a first memory and a first communication bus;

所述第一通信总线用于实现所述第一处理器和所述第一存储器之间的通信连接;The first communication bus is used to realize the communication connection between the first processor and the first memory;

所述第一处理器用于执行所述第一存储器中存储的信息处理程序,以实现如上述的信息处理方法的步骤。The first processor is used to execute the information processing program stored in the first memory to implement the steps of the above-mentioned information processing method.

一种第二服务器,所述第二服务器包括:第二处理器、第二存储器和第二通信总线;A second server, the second server comprising: a second processor, a second memory, and a second communication bus;

所述第二通信总线用于实现所述第二处理器和所述第二存储器之间的通信连接;The second communication bus is used to realize the communication connection between the second processor and the second memory;

所述第二处理器用于执行所述第二存储器中存储的信息处理程序,以实现上述的信息处理方法的步骤。The second processor is used to execute the information processing program stored in the second memory to implement the steps of the above-mentioned information processing method.

一种计算机可读存储介质,所述存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如上述的信息处理方法的步骤。A computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of the above-mentioned information processing method.

本申请实施例所提供的信息处理方法、装置、设备及计算机存储介质,首先发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器,然后在通过第一服务器基于身份认证请求对用户的身份认证通过的情况下,接收第一服务器发送的针对第一服务器的第一凭据,并存储处理后的第一凭据至客户端的目标存储空间,且第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据,之后在第一服务器存在故障的情况下,发送连接请求和第一凭据至分布式系统中的第二服务器,以通过第二服务器向客户端提供服务,如此,通过将第一服务器生成的第一凭据存储在客户端,之后由客户端发送至第二服务器,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且将第一凭据存储在客户端,而不是如相关技术中分布式系统中的每一服务器都要存储来自其他服务器同步的凭据,从而降低了的服务端的开销。The information processing method, apparatus, device and computer storage medium provided in the embodiments of the present application first send an identity authentication request corresponding to the user and attribute information of the client to the first server in the distributed system, and then, when the identity authentication of the user based on the identity authentication request is passed by the first server, receive the first credential for the first server sent by the first server, and store the processed first credential in the target storage space of the client, and the first credential refers to the credential that is exempted from identity authentication when the client connects to the server again, and then, when there is a failure in the first server, send a connection request and the first credential to the second server in the distributed system to provide services to the client through the second server. In this way, by storing the first credential generated by the first server in the client and then sending it to the second server by the client, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art, it is not dependent on network bandwidth, thereby improving the efficiency of server switching, and storing the first credential in the client, instead of each server in the distributed system storing credentials synchronized from other servers as in the related art, thereby reducing the overhead of the server.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本申请实施例提供的一种信息处理方法的流程示意图;FIG1 is a schematic diagram of a flow chart of an information processing method provided in an embodiment of the present application;

图2为本申请实施例提供的又一种信息处理方法的流程示意图;FIG2 is a schematic diagram of a flow chart of another information processing method provided in an embodiment of the present application;

图3为本申请实施例提供的另一种信息处理方法的流程示意图;FIG3 is a schematic diagram of a flow chart of another information processing method provided in an embodiment of the present application;

图4为本申请实施例提供的一种第一信息处理装置的结构示意图;FIG4 is a schematic diagram of the structure of a first information processing device provided in an embodiment of the present application;

图5为本申请实施例提供的一种第二信息处理装置的结构示意图;FIG5 is a schematic diagram of the structure of a second information processing device provided in an embodiment of the present application;

图6为本申请实施例提供的一种客户端的结构示意图;FIG6 is a schematic diagram of the structure of a client provided in an embodiment of the present application;

图7为本申请实施例提供的一种第二服务器的结构示意图。FIG. 7 is a schematic diagram of the structure of a second server provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application.

应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It should be understood that the specific embodiments described herein are only used to explain the present application and are not used to limit the present application.

需要说明的是,相关技术中,分布式系统的服务端(即服务器)之间的会话信息互相同步,即用户在分布式系统的其中一个服务端建立会话信息后,该服务端会立即同步用户会话信息到分布式系统内其他的服务端,一旦客户端无法连接该服务端,自动切换到其他服务端时,也可以使用同步的会话信息无感切换、持续保活。It should be noted that in the related technology, the session information between the service ends (i.e., servers) of the distributed system is synchronized with each other. That is, after the user establishes session information on one of the server ends of the distributed system, the server end will immediately synchronize the user session information to other server ends in the distributed system. Once the client cannot connect to the server end and automatically switches to other server ends, the synchronized session information can also be used for seamless switching and continuous keep-alive.

但是,相关技术中采用的服务端会话信息同步的切换方法,主要技术缺陷在于依赖高速网络和服务端开销大,其中,依赖高速网络:使用服务端会话同步方案时,分布式系统内的服务端要么在同一个局域网内,局域网网速千兆以上;要么分布在互联网上,不同服务端间使用裸光纤高速网络连接。以上两种场景才可保障会话信息同步的及时性,若带宽不足,则会出现客户端无法连接到上线的服务端,切换到其他存活服务端时,该服务端尚未获取到同步的会话信息,导致用户需要重新认证,无法持续保活,用户体验较差。服务端开销大:使用服务端会话同步方案时,所有用户的会话信息在分布式系统内的任一服务端全量存储,使得服务端开销极大。However, the main technical drawbacks of the switching method for server-side session information synchronization used in related technologies are that it relies on high-speed networks and has high server-side overhead. Specifically, it relies on high-speed networks: when using a server-side session synchronization solution, the servers in the distributed system are either in the same local area network with a LAN speed of more than 1 gigabit; or they are distributed on the Internet, and different servers are connected using a bare fiber high-speed network. The above two scenarios can guarantee the timeliness of session information synchronization. If the bandwidth is insufficient, the client will not be able to connect to the online server. When switching to other surviving servers, the server has not yet obtained the synchronized session information, resulting in the need for users to re-authenticate and unable to maintain survival, resulting in a poor user experience. High server-side overhead: When using a server-side session synchronization solution, all users' session information is fully stored on any server in the distributed system, which makes the server-side overhead extremely large.

基于此,本申请实施例提供一种信息处理方法,该方法可以应用于客户端中,参照图1所示,该方法包括以下步骤:Based on this, an embodiment of the present application provides an information processing method, which can be applied to a client. As shown in FIG1 , the method includes the following steps:

步骤101、发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器。Step 101: Send an identity authentication request corresponding to a user and attribute information of a client to a first server in a distributed system.

在本申请实施例中,第一服务器可以指的是分布式系统中的当前给客户端提供服务的服务器;身份认证请求可以指的是用于对用户的身份进行认证的请求;客户端的属性信息具体可以指的是客户端的硬件特征;客户端可以接入第一服务器,并发送用户对应的身份认证请求和客户端的硬件特征至第一服务器;需要说明的是,分布式系统中可以包括多个服务器。In an embodiment of the present application, the first server may refer to a server in a distributed system that currently provides services to the client; the identity authentication request may refer to a request for authenticating the identity of the user; the attribute information of the client may specifically refer to the hardware characteristics of the client; the client may access the first server and send the identity authentication request corresponding to the user and the hardware characteristics of the client to the first server; it should be noted that the distributed system may include multiple servers.

在一种可行的实现方式中,客户端的硬件特征可以指的是客户端的内存信息、客户端的媒体访问控制地址(Media Access Control Address,MAC)、客户端的操作系统信息等;第一服务器可以指的是距离客户端最近的服务器。In a feasible implementation, the hardware characteristics of the client may refer to the client's memory information, the client's Media Access Control Address (MAC), the client's operating system information, etc.; the first server may refer to the server closest to the client.

步骤102、在通过第一服务器基于身份认证请求对用户的身份认证通过的情况下,接收第一服务器发送的针对第一服务器的第一凭据,并存储处理后的第一凭据至客户端的目标存储空间。Step 102: When the identity authentication of the user based on the identity authentication request is successful through the first server, a first credential for the first server sent by the first server is received, and the processed first credential is stored in the target storage space of the client.

其中,第一凭据可以指的是客户端再一次连接服务器时免除身份认证的凭据。The first credential may refer to a credential that is used to exempt the client from identity authentication when the client connects to the server again.

在本申请实施例中,第一凭据可以是第一服务器对自身生成的第一待处理凭据进行加密处理后生成的,且第一待处理凭据具体可以是第一服务器基于客户端与第一服务器之间建立的会话的属性信息、身份认证请求中携带的用户标识和客户端的属性信息生成的;对用户的身份认证通过可以说明用户为合法用户;会话的属性信息至少可以包括用户登录第一服务器的登录时间(即会话上线时间)和第一服务器的标识(即会话上线服务端的标识);处理后的第一凭据可以指的是客户端对第一凭据进行处理后生成的凭据;客户端在发送身份认证请求和客户端的属性信息至第一服务器之后,第一服务器可以基于身份认证请求对用户的身份进行认证,并且在对用户的身份认证通过的情况下,第一服务器可以基于身份认证请求中携带的用户标识、客户端的属性信息、会话上线时间和会话上线服务端的标识生成第一待处理凭据,并对第一待处理凭据进行加密处理后生成第一凭据,并发送第一凭据至客户端,之后客户端对第一凭据进行处理,并将处理得到的处理后的第一凭据存储至自身的目标存储空间中;如此,无需分布式系统的服务端同步凭证,而是将凭证存储在客户端上,因此对网络带宽要求极低、不依赖于高速网络,极大地降低了分布式系统间会话保持技术的建设成本、物理环境依赖,拓宽了应用场景;同时,无需分布式系统的服务端存储来自其他服务端同步的凭证,所有用户的凭证分布式存储在全部服务端、客户端上,使得服务端开销大大降低。In an embodiment of the present application, the first credential may be generated by the first server after encrypting the first to-be-processed credential generated by itself, and the first to-be-processed credential may specifically be generated by the first server based on the attribute information of the session established between the client and the first server, the user identifier carried in the identity authentication request, and the attribute information of the client; passing the identity authentication of the user may indicate that the user is a legitimate user; the attribute information of the session may at least include the login time of the user logging into the first server (i.e., the session online time) and the identifier of the first server (i.e., the identifier of the session online server); the processed first credential may refer to the credential generated by the client after processing the first credential; after the client sends the identity authentication request and the attribute information of the client to the first server, the first server may authenticate the identity of the user based on the identity authentication request, and if the identity authentication of the user passes In this case, the first server can generate a first to-be-processed credential based on the user identifier carried in the identity authentication request, the client's attribute information, the session online time and the identifier of the session online server, and encrypt the first to-be-processed credential to generate the first credential, and send the first credential to the client. The client then processes the first credential and stores the processed first credential in its own target storage space. In this way, there is no need for the server of the distributed system to synchronize the credentials, but the credentials are stored on the client. Therefore, the network bandwidth requirement is extremely low and does not rely on high-speed networks, which greatly reduces the construction cost and physical environment dependence of session persistence technology between distributed systems and broadens the application scenarios. At the same time, there is no need for the server of the distributed system to store credentials synchronized from other servers. The credentials of all users are distributed and stored on all servers and clients, which greatly reduces the server overhead.

步骤103、在第一服务器存在故障的情况下,发送连接请求和第一凭据至分布式系统中的第二服务器,以通过第二服务器向客户端提供服务。Step 103: When a failure occurs on the first server, a connection request and a first credential are sent to a second server in the distributed system, so as to provide services to the client through the second server.

在本申请实施例中,第二服务器可以指的是客户端切换至的服务器;可以采用分布式系统中的主服务器采用通信机制探测技术对第一服务器进行探测,并在探测第一服务器存在故障的情况下,发送连接请求和第一凭据至第二服务器,以通过第二服务器继续向客户端提供服务,如此,在分布式系统内任一服务器产生凭据后,无需服务器同步凭据即可实现会话保持;同时,还可以实现分布式系统内的服务器的无感切换和持续保活,从而提高了用户使用体验感。In an embodiment of the present application, the second server may refer to the server to which the client switches; the main server in the distributed system may use communication mechanism detection technology to detect the first server, and when a fault is detected in the first server, a connection request and a first credential may be sent to the second server to continue providing services to the client through the second server. In this way, after any server in the distributed system generates credentials, session maintenance can be achieved without the need for server synchronization of credentials; at the same time, seamless switching and continuous keep-alive of servers in the distributed system can also be achieved, thereby improving the user experience.

本申请实施例所提供的信息处理方法,通过将第一服务器生成的第一凭据存储在客户端,之后由客户端发送至第二服务器,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且将第一凭据存储在客户端,而不是如相关技术中分布式系统中的每一服务器都要存储来自其他服务器同步的凭据,从而降低了的服务端的开销。The information processing method provided in the embodiment of the present application stores the first credential generated by the first server on the client, which is then sent by the client to the second server, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art. It is independent of network bandwidth, thereby improving the efficiency of server switching, and stores the first credential on the client, instead of requiring each server in the distributed system to store credentials synchronized from other servers as in the related art, thereby reducing the overhead of the server.

本申请实施例提供又一种信息处理方法,该方法可以应用于第二服务器中,参照图2所示,该方法包括以下步骤:The present application embodiment provides another information processing method, which can be applied to the second server. As shown in FIG. 2 , the method includes the following steps:

步骤201、接收客户端发送的连接请求和第一凭据。Step 201: Receive a connection request and a first credential sent by a client.

其中,第一凭据是第一服务器发送至客户端的,且第一凭据是第一服务器对基于客户端与第一服务器之间建立的会话的属性信息、客户端发送至第一服务器的身份认证请求中携带的用户标识和客户端的属性信息生成的第一待处理凭据进行加密处理后生成的。Among them, the first credential is sent by the first server to the client, and the first credential is generated by the first server after encrypting the first to-be-processed credential generated based on the attribute information of the session established between the client and the first server, the user identifier carried in the identity authentication request sent by the client to the first server, and the attribute information of the client.

在本申请实施例中,连接请求可以指的是客户端连接第二服务器的连接请求;在向客户端提供服务的第一服务器存在故障的情况下,客户端可以发送连接请求和第一凭据至第二服务器,即第二服务器可以实时接收客户端发送的连接请求和第一凭据。In an embodiment of the present application, a connection request may refer to a connection request from a client to connect to a second server; in the event that a failure occurs in the first server providing services to the client, the client may send a connection request and a first credential to the second server, that is, the second server may receive the connection request and the first credential sent by the client in real time.

步骤202、在采用探测技术确定第一服务器存在故障的情况下,基于连接请求与客户端建立连接,以向客户端提供服务。Step 202: When it is determined that the first server has a fault by using the detection technology, a connection is established with the client based on the connection request to provide services to the client.

在本申请实施例中,第二服务器可以采用通信机制探测第一服务器存在故障还是存活,且在确定第一服务器确定第二服务器存在故障的情况下,则在本机(即第二服务器)中直接免认证客户端的身份,即用户可直接登录第二服务器,由第二服务器继续向客户端提供服务,如此,当客户端的接入第一服务器出现故障,导致服务不可用时,客户端会自动连接分布式系统中仍然存活的服务端(即第二服务器),并在连接过程中向存活服务端传输第一凭据,若第一凭据通过存活服务端的安全校验,则该客户端上的用户直接上线,在存活服务端建立凭据,无需用户重复进行身份认证,实现分布式系统内会话无感切换、持续保活,提高用户使用的体验感。In an embodiment of the present application, the second server can use a communication mechanism to detect whether the first server is faulty or alive, and when it is determined that the first server determines that the second server is faulty, the identity of the client is directly authenticated in the local machine (i.e., the second server), that is, the user can directly log in to the second server, and the second server continues to provide services to the client. In this way, when the client's access to the first server fails, causing the service to be unavailable, the client will automatically connect to the server that is still alive in the distributed system (i.e., the second server), and transmit the first credential to the surviving server during the connection process. If the first credential passes the security check of the surviving server, the user on the client goes online directly and establishes credentials on the surviving server. There is no need for the user to repeatedly perform identity authentication, thereby achieving seamless switching of sessions and continuous keep-alive within the distributed system, thereby improving the user experience.

需要说明的是,当存活服务端(即第二服务器)收到第一凭据时,生成该第一凭据的故障服务端(即第一服务器)必须处于故障状态,否则存活服务端不会通过该第一凭据的安全校验。It should be noted that when the surviving server (ie, the second server) receives the first credential, the faulty server (ie, the first server) that generated the first credential must be in a faulty state, otherwise the surviving server will not pass the security check of the first credential.

本申请实施例所提供的信息处理方法,通过接收客户端发送的由第一服务器生成的第一凭据,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且在接收到第一凭据之后,由于第一凭据是客户端再一次连接服务器时免除身份认证的凭据,那么可以基于第一凭据直接与客户端连接,不用对客户端再一次进行身份认证,从而不仅提高了服务器切换的效率,且提高了用户的体验感。The information processing method provided in the embodiment of the present application, by receiving the first credential generated by the first server and sent by the client, does not rely on network bandwidth, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art, thereby improving the efficiency of server switching. After receiving the first credential, since the first credential is the credential for exempting identity authentication when the client connects to the server again, the client can be directly connected based on the first credential without having to authenticate the client again, thereby not only improving the efficiency of server switching, but also improving the user experience.

基于前述实施例,本申请实施例提供另一种信息处理方法,参照图3所示,该方法可以包括以下步骤:Based on the above embodiments, the present application provides another information processing method. As shown in FIG. 3 , the method may include the following steps:

步骤301、客户端发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器。Step 301: The client sends an identity authentication request corresponding to the user and attribute information of the client to the first server in the distributed system.

步骤302、客户端在通过第一服务器基于身份认证请求对用户的身份认证通过的情况下,发送隧道建立请求至第一服务器。Step 302: When the first server successfully authenticates the user based on the identity authentication request, the client sends a tunnel establishment request to the first server.

其中,隧道建立请求用于建立客户端和第一服务器之间的信息传输通道。The tunnel establishment request is used to establish an information transmission channel between the client and the first server.

步骤303、客户端在接收到第一服务器发送的同意信息的情况下,通过信息传输通道接收第一服务器发送的第一凭据。Step 303: When the client receives the consent information sent by the first server, it receives the first credential sent by the first server through the information transmission channel.

其中,同意信息是第一服务器基于隧道建立请求生成的;第一凭据是第一服务器采用秘钥对第一待处理凭据进行加密生成的,秘钥具有随时间进行周期性变化的特性;第一待处理凭据是第一服务器生成的。Among them, the consent information is generated by the first server based on the tunnel establishment request; the first credential is generated by the first server using a secret key to encrypt the first credential to be processed, and the secret key has the characteristic of periodically changing over time; the first credential to be processed is generated by the first server.

在本申请实施例中,秘钥可以指的是分布式集群秘钥,具体可以是在搭建分布式系统,分布式系统内的所有服务端采用相同的算法、算子生产统一的分布式集群秘钥;第一待处理凭据可以是第一服务器基于客户端与第一服务器之间建立的会话的属性信息、身份认证请求中携带的用户标识和客户端的属性信息生成的;当第一服务器通过对用户的身份认证之后,第一服务器生成第一凭据,之后客户端就可以发送隧道建立请求至第一服务器,以建立客户端和第一服务器之间的信息传输通道,之后在第一服务器同意建立信息传输通道的情况下,使用秘钥对待处理凭据进行加密生成第一凭据,并发送第一凭据至客户端。需要说明的是,秘钥随时间周期性变化的特征,那么采用变化的秘钥对第一凭据加密,可以保障信息的安全,并且,第一凭据可以跟随秘钥同步更新,可以最大限度防止秘钥泄漏后的种子伪造;在一种可行的实现方式中,信息传输通道可以指的是安全套接层(Secure SocketsLayer,SSL)加密隧道。In the embodiment of the present application, the secret key may refer to a distributed cluster secret key, which may be specifically that when building a distributed system, all servers in the distributed system use the same algorithm and operator to produce a unified distributed cluster secret key; the first to-be-processed credential may be generated by the first server based on the attribute information of the session established between the client and the first server, the user identifier carried in the identity authentication request, and the attribute information of the client; after the first server passes the identity authentication of the user, the first server generates the first credential, and then the client can send a tunnel establishment request to the first server to establish an information transmission channel between the client and the first server, and then, if the first server agrees to establish the information transmission channel, the secret key is used to encrypt the to-be-processed credential to generate the first credential, and the first credential is sent to the client. It should be noted that the secret key has the characteristic of periodic changes over time, so the use of a changing secret key to encrypt the first credential can ensure the security of the information, and the first credential can be updated synchronously with the secret key, which can prevent seed forgery after the secret key is leaked to the greatest extent; in a feasible implementation method, the information transmission channel may refer to a Secure Sockets Layer (SSL) encrypted tunnel.

步骤304、客户端采用客户端的属性信息对第一凭据进行加密,得到处理后的第一凭据。Step 304: The client uses the client's attribute information to encrypt the first credential to obtain a processed first credential.

步骤305、客户端存储处理后的第一凭据至目标存储空间。Step 305: The client stores the processed first credential in a target storage space.

在本申请实施例中,处理后的第一凭据可以指的是采用客户端的属性信息对第一凭据进行再一次加密得到的凭据;在客户端接收到第一服务器发送的采用秘钥对第一待处理凭据进行加密后得到第一凭据后,可以采用客户端的属性信息对第一凭据进行二次加密,得到处理后的第一凭据,并存储处理后的第一凭据至本地数据库(即目标存储空间)。如此,通过随机生成及带外传输的秘钥加密、信息传输通道、客户端的属性信息绑定等技术机制,从而实现第一凭据生成、加密、传输、存储、使用全流程的安全可信。In the embodiment of the present application, the processed first credential may refer to the credential obtained by encrypting the first credential again using the client's attribute information; after the client receives the first credential sent by the first server and encrypts the first credential to be processed using a secret key, the first credential may be encrypted again using the client's attribute information to obtain the processed first credential, and the processed first credential is stored in the local database (i.e., the target storage space). In this way, through technical mechanisms such as randomly generated and out-of-band transmitted secret key encryption, information transmission channels, and client attribute information binding, the security and reliability of the entire process of first credential generation, encryption, transmission, storage, and use can be achieved.

步骤306、客户端在第一服务器存在故障的情况下,采用客户端的属性信息对处理后的第一凭据进行解密,得到第一凭据。Step 306: When the first server fails, the client uses the attribute information of the client to decrypt the processed first credential to obtain the first credential.

步骤307、客户端发送连接请求和第一凭据至分布式系统中的第二服务器,以使第二服务器采用秘钥对第一凭据进行解密得到第一待处理凭据。Step 307: The client sends a connection request and a first credential to a second server in the distributed system, so that the second server uses a secret key to decrypt the first credential to obtain a first credential to be processed.

在本申请实施例中,在第一服务器存在故障的情况下,客户端无法连接第一服务器,此时可以触发切换服务端机制,从而选择分布式系统内存活的第二服务器重新接入;具体的,客户端可以先采用客户端的属性信息解密目标存储空间存储的处理后的第一凭据得到第一凭据,之后发送连接请求和第一凭据至第二服务器,在第二服务器接收到第一凭据之后,可以采用秘钥对第一凭据进行解密得到第一待处理凭据。In an embodiment of the present application, when a failure occurs in the first server, the client cannot connect to the first server. At this time, the server switching mechanism can be triggered to select the second server surviving in the distributed system to reconnect; specifically, the client can first use the client's attribute information to decrypt the processed first credential stored in the target storage space to obtain the first credential, and then send a connection request and the first credential to the second server. After the second server receives the first credential, it can use the secret key to decrypt the first credential to obtain the first credential to be processed.

步骤308、第二服务器接收客户端发送的连接请求和第一凭据。Step 308: The second server receives the connection request and the first credential sent by the client.

其中,第一凭据是第一服务器发送至客户端的,且第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据。The first credential is sent by the first server to the client, and the first credential refers to the credential that exempts the client from identity authentication when connecting to the server again.

需要说明的是,当对第一待处理凭据进行两次加密后,第二服务器接收的是客户端发送的连接请求和对客户端存储的处理后的第一凭据进行解密之后得到的第一凭据,那么在第二服务器接收到第一凭据之后,还需要采用秘钥对第一凭据进行解密,得到第一待处理凭据。It should be noted that after the first pending credential is encrypted twice, the second server receives the connection request sent by the client and the first credential obtained after decrypting the processed first credential stored by the client. Therefore, after the second server receives the first credential, it is also necessary to use the secret key to decrypt the first credential to obtain the first pending credential.

步骤309、第二服务器在采用探测技术确定第一服务器存在故障的情况下,基于连接请求和第一凭据与客户端建立连接,以向客户端提供服务。Step 309: When the second server determines that the first server has a fault by using the detection technology, the second server establishes a connection with the client based on the connection request and the first credential to provide services to the client.

需要说明的是,步骤309之后可行执行步骤310~311,步骤309之后也可以执行步骤312;It should be noted that steps 310 to 311 may be performed after step 309, and step 312 may also be performed after step 309;

步骤310、第二服务器在客户端与第二服务器建立连接的情况下,采用秘钥对第一凭据进行解密,得到第一待处理凭据。Step 310: When the client establishes a connection with the second server, the second server uses the secret key to decrypt the first credential to obtain the first credential to be processed.

步骤311、第二服务器基于第一待处理凭据和第二服务器的标识,生成针对第二服务器的第二待处理凭据。Step 311: The second server generates a second credential to be processed for the second server based on the first credential to be processed and the identifier of the second server.

在本申请实施例中,第二待处理凭据可以指的是第二服务器生成的凭据;在客户端与第二服务器建立连接的情况下指的是由第二服务器继续向客户端提供服务,之后,第二服务器获取到用户标识和客户端的属性信息之后,结合第二服务器上的会话上线时间和第二服务器的标识,重新生成新的凭据(即第二待处理凭据),且第二待处理凭据具体可以包括用户标识、属性信息、会话上线时间和第二服务器的标识。In an embodiment of the present application, the second to-be-processed credential may refer to the credential generated by the second server; when the client establishes a connection with the second server, it means that the second server continues to provide services to the client. After that, the second server obtains the user identification and attribute information of the client, and regenerates new credentials (i.e., the second to-be-processed credential) in combination with the session online time on the second server and the identifier of the second server. The second to-be-processed credential may specifically include the user identification, attribute information, session online time, and the identifier of the second server.

需要说明的是,当接收到的是客户端发送的第一凭据的情况下,第二服务器需要先采用秘钥对第一凭据进行解密,从而得到第一待处理凭据。It should be noted that, when the first credential sent by the client is received, the second server needs to first use the secret key to decrypt the first credential to obtain the first credential to be processed.

步骤312、第二服务器在采用探测技术确定第一服务器存活的情况下,发送拒绝连接消息至客户端。Step 312: When the second server uses detection technology to determine that the first server is alive, the second server sends a connection rejection message to the client.

其中,拒绝连接消息是基于连接请求生成的。The connection rejection message is generated based on the connection request.

在本申请实施例中,通信机制探测第一服务器存活可以说明可能存在凭据泄露的情况,因此,在采用探测技术确定第一服务器存活的情况下,第二服务器直接拒绝客户端连接,并判断客户端是否存在凭据泄露情况。In an embodiment of the present application, the communication mechanism detecting the survival of the first server may indicate a possible credential leakage. Therefore, when the detection technology is used to determine the survival of the first server, the second server directly rejects the client connection and determines whether the client has a credential leakage.

需要说明的是,本申请可以应用于分布式部署的零信任系统或其他有身份校验的分布式系统中,且零信任指的是一种“永不信任,总是验证”的安全理念,并发展出“以身份为中心、持续信任评估、动态访问控制”的安全框架,主流技术实现有软件定义边界(Software Defined Perimeter,SDP)、身份识别与访问管理(Identity and AccessManagement,IAM)和微隔离(Micro-Segmentation,MSG)三种,且本申请中的“零信任”概念均特指软件定义边界类产品;其中,SDP是指访问被隐藏的资产之前,需要通过单包授权(Single Packet Authorization,SPA)来建立信任连接,并采用最小授权策略实现对用户的访问控制。由三大组件构成:SDP控制中心、代理网关(即服务端)和SDP连接发起主机(即客户端)。It should be noted that this application can be applied to distributed zero-trust systems or other distributed systems with identity verification, and zero trust refers to a security concept of "never trust, always verify", and develops a security framework of "identity-centric, continuous trust assessment, and dynamic access control". The mainstream technical implementations are software-defined perimeter (SDP), identity and access management (IAM) and micro-segmentation (MSG). The concept of "zero trust" in this application specifically refers to software-defined perimeter products; among them, SDP means that before accessing hidden assets, a trust connection needs to be established through single packet authorization (SPA), and the minimum authorization policy is used to implement user access control. It consists of three major components: SDP control center, proxy gateway (i.e., server) and SDP connection initiator host (i.e., client).

在本申请的其他实施例中,第一凭据由服务器生成并加密存储在客户端,虽然安全性较高的同时限制了使用场景,因此本申请还可以采用浏览器支持的本地数据存储结构和方法,将凭据存储在浏览器中,从而去除对客户端的依赖。In other embodiments of the present application, the first credential is generated by the server and encrypted and stored on the client. Although the security is high, the usage scenarios are limited. Therefore, the present application can also adopt the local data storage structure and method supported by the browser to store the credentials in the browser, thereby eliminating the dependence on the client.

需要说明的是,本实施例中与其它实施例中相同步骤和相同内容的说明,可以参照其它实施例中的描述,此处不再赘述。It should be noted that, for the description of the same steps and the same contents in this embodiment as those in other embodiments, reference can be made to the description in other embodiments and will not be repeated here.

本申请实施例所提供的信息处理方法,通过将第一服务器生成的第一凭据存储在客户端,之后由客户端发送至第二服务器,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且将第一凭据存储在客户端,而不是如相关技术中分布式系统中的每一服务器都要存储来自其他服务器同步的凭据,从而降低了的服务端的开销,且在第二服务器接收到连接请求和第一凭据之后,可以基于第一凭据直接与客户端连接,而不用对客户端再一次进行身份认证,从而不仅提高了服务器切换的效率,且提高了用户的体验感。The information processing method provided in the embodiment of the present application stores the first credential generated by the first server in the client, which is then sent by the client to the second server, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art. It is independent of network bandwidth, thereby improving the efficiency of server switching. The first credential is stored in the client, instead of each server in the distributed system storing credentials synchronized from other servers as in the related art, thereby reducing the overhead of the server. After the second server receives the connection request and the first credential, it can directly connect to the client based on the first credential without authenticating the client again, thereby not only improving the efficiency of server switching but also improving the user experience.

基于前述实施例,本申请实施例提供一种第一信息处理装置,该第一信息处理装置可以应用于图1和图3对应的实施例提供的信息处理方法中,参照图4所示,该第一信息处理装置4可以包括:第一发送单元41、第一处理单元42和第二发送单元43,其中:Based on the foregoing embodiments, the embodiments of the present application provide a first information processing device, which can be applied to the information processing method provided in the embodiments corresponding to FIG. 1 and FIG. 3 . As shown in FIG. 4 , the first information processing device 4 may include: a first sending unit 41, a first processing unit 42, and a second sending unit 43, wherein:

第一发送单元41,用于发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器;A first sending unit 41 is used to send an identity authentication request corresponding to the user and attribute information of the client to a first server in the distributed system;

第一处理单元42,用于在通过第一服务器基于身份认证请求对用户的身份认证通过的情况下,接收第一服务器发送的针对第一服务器的第一凭据,并存储处理后的第一凭据至客户端的目标存储空间;其中,第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据;The first processing unit 42 is configured to receive the first credential for the first server sent by the first server when the identity authentication of the user based on the identity authentication request is successful, and store the processed first credential in the target storage space of the client; wherein the first credential refers to the credential for exempting the identity authentication when the client connects to the server again;

第二发送单元43,用于在第一服务器存在故障的情况下,发送连接请求和第一凭据至分布式系统中的第二服务器,以通过第二服务器向客户端提供服务。The second sending unit 43 is used to send a connection request and a first credential to a second server in the distributed system when the first server fails, so as to provide services to the client through the second server.

在本申请的其他实施例中,第一处理单元42还用于执行以下步骤:In other embodiments of the present application, the first processing unit 42 is further configured to perform the following steps:

发送隧道建立请求至第一服务器;其中,隧道建立请求用于建立客户端和第一服务器之间的信息传输通道;Sending a tunnel establishment request to the first server; wherein the tunnel establishment request is used to establish an information transmission channel between the client and the first server;

在接收到第一服务器发送的同意信息的情况下,通过信息传输通道接收第一服务器发送的第一凭据;其中,同意信息是第一服务器基于隧道建立请求生成的;第一凭据是第一服务器采用秘钥对第一待处理凭据进行加密生成的,秘钥具有随时间进行周期性变化的特性;第一待处理凭据是第一服务器生成的。Upon receiving the consent information sent by the first server, the first credential sent by the first server is received through the information transmission channel; wherein the consent information is generated by the first server based on the tunnel establishment request; the first credential is generated by the first server by encrypting the first to-be-processed credential using a secret key, and the secret key has the characteristic of periodically changing over time; the first to-be-processed credential is generated by the first server.

在本申请的其他实施例中,第一处理单元42还用于执行以下步骤:In other embodiments of the present application, the first processing unit 42 is further configured to perform the following steps:

采用属性信息对第一凭据进行加密,得到处理后的第一凭据。The first credential is encrypted using the attribute information to obtain a processed first credential.

在本申请的其他实施例中,第二发送单元43还用于执行以下步骤:In other embodiments of the present application, the second sending unit 43 is further configured to perform the following steps:

采用属性信息对处理后的第一凭据进行解密,得到第一凭据;Decrypting the processed first credential using the attribute information to obtain the first credential;

发送连接请求和第一凭据至分布式系统中的第二服务器,以使第二服务器采用秘钥对第一凭据进行解密得到第一待处理凭据。Send a connection request and a first credential to a second server in the distributed system, so that the second server uses a secret key to decrypt the first credential to obtain a first credential to be processed.

需要说明的是,本申请实施例中各个模块所执行的步骤的具体实现过程,可以参照图1和图3对应的实施例提供的信息处理方法中的实现过程,此处不再赘述。It should be noted that the specific implementation process of the steps executed by each module in the embodiment of the present application can refer to the implementation process in the information processing method provided in the embodiments corresponding to Figures 1 and 3, and will not be repeated here.

本申请的实施例所提供的第一信息处理装置,通过将第一服务器生成的第一凭据存储在客户端,之后由客户端发送至第二服务器,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且将第一凭据存储在客户端,而不是如相关技术中分布式系统中的每一服务器都要存储来自其他服务器同步的凭据,从而降低了的服务端的开销。The first information processing device provided in the embodiment of the present application stores the first credential generated by the first server on the client, which is then sent by the client to the second server, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art. It is independent of network bandwidth, thereby improving the efficiency of server switching, and stores the first credential on the client, instead of requiring each server in the distributed system to store credentials synchronized from other servers as in the related art, thereby reducing the overhead of the server.

基于前述实施例,本申请实施例提供一种第二信息处理装置,该第二信息处理装置可以应用于图2和图3对应的实施例提供的信息处理方法中,参照图5所示,该第二信息处理装置5可以包括:接收单元51和第二处理单元52,其中:Based on the foregoing embodiments, the embodiments of the present application provide a second information processing device, which can be applied to the information processing method provided in the embodiments corresponding to FIG. 2 and FIG. 3 . As shown in FIG. 5 , the second information processing device 5 may include: a receiving unit 51 and a second processing unit 52, wherein:

接收单元51,用于接收客户端发送的连接请求和第一凭据;其中,第一凭据是第一服务器发送至客户端的,且第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据;The receiving unit 51 is used to receive a connection request and a first credential sent by a client; wherein the first credential is sent by the first server to the client, and the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

第二处理单元52,用于在采用探测技术确定第一服务器存在故障的情况下,基于连接请求和第一凭据与客户端建立连接,以向客户端提供服务。The second processing unit 52 is configured to establish a connection with the client based on the connection request and the first credential to provide services to the client when it is determined that the first server has a fault by using the detection technology.

在本申请的其他实施例中,第二处理单元52还用于执行以下步骤:In other embodiments of the present application, the second processing unit 52 is further configured to perform the following steps:

在客户端与第二服务器建立连接的情况下,采用秘钥对第一凭据进行解密,得到第一待处理凭据;When the client establishes a connection with the second server, the first credential is decrypted using the secret key to obtain a first credential to be processed;

基于第一待处理凭据和第二服务器的标识,生成针对第二服务器的第二待处理凭据。Based on the first pending credential and the identification of the second server, a second pending credential for the second server is generated.

在本申请的其他实施例中,第二处理单元52还用于执行以下步骤:In other embodiments of the present application, the second processing unit 52 is further configured to perform the following steps:

在采用探测技术确定第一服务器存活的情况下,发送拒绝连接消息至客户端;其中,拒绝连接消息是基于连接请求生成的。In the case of using the detection technology to determine that the first server is alive, sending a connection rejection message to the client; wherein the connection rejection message is generated based on the connection request.

需要说明的是,本申请实施例中各个模块所执行的步骤的具体实现过程,可以参照图2和图3对应的实施例提供的信息处理方法中的实现过程,此处不再赘述。It should be noted that the specific implementation process of the steps executed by each module in the embodiment of the present application can refer to the implementation process in the information processing method provided in the embodiments corresponding to Figures 2 and 3, and will not be repeated here.

本申请的实施例所提供的第二信息处理装置,通过接收客户端发送的由第一服务器生成的第一凭据,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且在接收到第一凭据之后,由于第一凭据是客户端再一次连接服务器时免除身份认证的凭据,那么可以基于第一凭据直接与客户端连接,不用对客户端再一次进行身份认证,从而不仅提高了服务器切换的效率,且提高了用户的体验感。The second information processing device provided in the embodiment of the present application improves the efficiency of server switching by receiving the first credential generated by the first server and sent by the client, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art, and is independent of network bandwidth. After receiving the first credential, since the first credential is the credential for exempting identity authentication when the client connects to the server again, the client can be directly connected based on the first credential without having to authenticate the client again, thereby not only improving the efficiency of server switching but also improving the user experience.

基于前述实施例,本申请的实施例提供一种客户端,该客户端可以应用于图1和图3对应的实施例提供的信息处理方法中,参照图6所示,该客户端6可以包括:第一处理器61、第一存储器62和第一通信总线63,其中:Based on the foregoing embodiments, an embodiment of the present application provides a client, which can be applied to the information processing method provided in the embodiments corresponding to FIG. 1 and FIG. 3 . As shown in FIG. 6 , the client 6 may include: a first processor 61, a first memory 62, and a first communication bus 63, wherein:

第一通信总线63用于实现第一处理器61和第一存储器62之间的通信连接;The first communication bus 63 is used to realize the communication connection between the first processor 61 and the first memory 62;

第一处理器61用于执行第一存储器62中的信息处理程序,以实现以下步骤:The first processor 61 is used to execute the information processing program in the first memory 62 to implement the following steps:

发送用户对应的身份认证请求和客户端的属性信息至分布式系统中的第一服务器;Sending an identity authentication request corresponding to the user and attribute information of the client to a first server in the distributed system;

在通过第一服务器基于身份认证请求对用户的身份认证通过的情况下,接收第一服务器发送的针对第一服务器的第一凭据,并存储处理后的第一凭据至客户端的目标存储空间;其中,第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据;When the identity authentication of the user based on the identity authentication request is passed by the first server, a first credential for the first server is received and sent by the first server, and the processed first credential is stored in the target storage space of the client; wherein the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

在第一服务器存在故障的情况下,发送连接请求和第一凭据至分布式系统中的第二服务器,以通过第二服务器向客户端提供服务。In the event of a failure of the first server, a connection request and a first credential are sent to a second server in the distributed system to provide services to the client through the second server.

在本申请的其他实施例中,第一处理器61用于执行第一存储器62中的信息处理程序的接收第一服务器发送的针对第一服务器的第一凭据,以实现以下步骤:In other embodiments of the present application, the first processor 61 is used to execute the information processing program in the first memory 62 to receive the first credential for the first server sent by the first server, so as to implement the following steps:

发送隧道建立请求至第一服务器;其中,隧道建立请求用于建立客户端和第一服务器之间的信息传输通道;Sending a tunnel establishment request to the first server; wherein the tunnel establishment request is used to establish an information transmission channel between the client and the first server;

在接收到第一服务器发送的同意信息的情况下,通过信息传输通道接收第一服务器发送的第一凭据;其中,同意信息是第一服务器基于隧道建立请求生成的;第一凭据是第一服务器采用秘钥对第一待处理凭据进行加密生成的,秘钥具有随时间进行周期性变化的特性;第一待处理凭据是第一服务器生成的。Upon receiving the consent information sent by the first server, the first credential sent by the first server is received through the information transmission channel; wherein the consent information is generated by the first server based on the tunnel establishment request; the first credential is generated by the first server by encrypting the first to-be-processed credential using a secret key, and the secret key has the characteristic of periodically changing over time; the first to-be-processed credential is generated by the first server.

在本申请的其他实施例中,第一处理器61用于执行第一存储器62中的信息处理程序的信息处理方法,以实现以下步骤:In other embodiments of the present application, the first processor 61 is used to execute the information processing method of the information processing program in the first memory 62 to implement the following steps:

采用属性信息对第一凭据进行加密,得到处理后的第一凭据。The first credential is encrypted using the attribute information to obtain a processed first credential.

在本申请的其他实施例中,第一处理器61用于执行第一存储器62中的信息处理程序的发送连接请求和第一凭据至分布式系统中的第二服务器,以实现以下步骤:In other embodiments of the present application, the first processor 61 is used to execute the information processing program in the first memory 62 to send a connection request and a first credential to a second server in the distributed system to implement the following steps:

采用属性信息对处理后的第一凭据进行解密,得到第一凭据;Decrypting the processed first credential using the attribute information to obtain the first credential;

发送连接请求和第一凭据至分布式系统中的第二服务器,以使第二服务器采用秘钥对第一凭据进行解密得到第一待处理凭据。Send a connection request and a first credential to a second server in the distributed system, so that the second server uses a secret key to decrypt the first credential to obtain a first credential to be processed.

需要说明的是,处理器所执行的步骤的具体说明可以参照图1和图3对应的实施例提供的信息处理方法中的实现过程,此处不再赘述。It should be noted that the specific description of the steps executed by the processor can refer to the implementation process in the information processing method provided in the embodiments corresponding to Figures 1 and 3, and will not be repeated here.

本申请实施例所提供的客户端,通过将第一服务器生成的第一凭据存储在客户端,之后由客户端发送至第二服务器,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且将第一凭据存储在客户端,而不是如相关技术中分布式系统中的每一服务器都要存储来自其他服务器同步的凭据,从而降低了的服务端的开销。The client provided in the embodiment of the present application stores the first credential generated by the first server in the client, which is then sent by the client to the second server, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art. It is not dependent on network bandwidth, thereby improving the efficiency of server switching, and stores the first credential in the client, instead of requiring each server in the distributed system to store credentials synchronized from other servers as in the related art, thereby reducing the overhead of the server.

基于前述实施例,本申请的实施例提供一种第二服务器,该第二服务器可以应用于图2和图3对应的实施例提供的信息处理方法中,参照图7所示,该第二服务器可以包括:第二处理器71、第二存储器72和第二通信总线73,其中:Based on the foregoing embodiments, an embodiment of the present application provides a second server, which can be applied to the information processing method provided in the embodiments corresponding to FIG. 2 and FIG. 3 . As shown in FIG. 7 , the second server may include: a second processor 71, a second memory 72, and a second communication bus 73, wherein:

第二通信总线73用于实现第二处理器71和第二存储器72之间的通信连接;The second communication bus 73 is used to realize the communication connection between the second processor 71 and the second memory 72;

第二处理器71用于执行第二存储器72中的信息处理程序,以实现以下步骤:The second processor 71 is used to execute the information processing program in the second memory 72 to implement the following steps:

接收客户端发送的连接请求和第一凭据;其中,第一凭据是第一服务器发送至客户端的,且第一凭据指的是客户端再一次连接服务器时免除身份认证的凭据;Receive a connection request and a first credential sent by a client; wherein the first credential is sent by the first server to the client, and the first credential refers to a credential for exempting identity authentication when the client connects to the server again;

在采用探测技术确定第一服务器存在故障的情况下,基于连接请求和第一凭据与客户端建立连接,以向客户端提供服务。In the case where it is determined by using the detection technology that the first server has a fault, a connection is established with the client based on the connection request and the first credential to provide services to the client.

在本申请的其他实施例中,第二处理器71用于执行第二存储器72中的信息处理程序的信息处理方法,以实现以下步骤:In other embodiments of the present application, the second processor 71 is used to execute the information processing method of the information processing program in the second memory 72 to implement the following steps:

在客户端与第二服务器建立连接的情况下,采用秘钥对第一凭据进行解密,得到第一待处理凭据;When the client establishes a connection with the second server, the first credential is decrypted using the secret key to obtain a first credential to be processed;

基于第一待处理凭据和第二服务器的标识,生成针对第二服务器的第二待处理凭据。Based on the first pending credential and the identification of the second server, a second pending credential for the second server is generated.

在本申请的其他实施例中,第二处理器71用于执行第二存储器72中的信息处理程序的信息处理方法,以实现以下步骤:In other embodiments of the present application, the second processor 71 is used to execute the information processing method of the information processing program in the second memory 72 to implement the following steps:

在采用探测技术确定第一服务器存活的情况下,发送拒绝连接消息至客户端;其中,拒绝连接消息是基于连接请求生成的。In the case of using the detection technology to determine that the first server is alive, sending a connection rejection message to the client; wherein the connection rejection message is generated based on the connection request.

需要说明的是,处理器所执行的步骤的具体说明可以参照图2和图3对应的实施例提供的信息处理方法中的实现过程,此处不再赘述。It should be noted that the specific description of the steps executed by the processor can refer to the implementation process in the information processing method provided in the embodiments corresponding to Figures 2 and 3, and will not be repeated here.

本申请实施例所提供的第二服务器,通过接收客户端发送的由第一服务器生成的第一凭据,而不是如相关技术中那样需要分布式系统的服务端之间进行会话信息(即凭据)的同步,不依赖于网络带宽,从而提高了服务器切换的效率,且在接收到第一凭据之后,由于第一凭据是客户端再一次连接服务器时免除身份认证的凭据,那么可以基于第一凭据直接与客户端连接,不用对客户端再一次进行身份认证,从而不仅提高了服务器切换的效率,且提高了用户的体验感。The second server provided in the embodiment of the present application receives the first credential generated by the first server and sent by the client, instead of requiring synchronization of session information (i.e., credentials) between the servers of the distributed system as in the related art, and does not rely on network bandwidth, thereby improving the efficiency of server switching. After receiving the first credential, since the first credential is the credential for exempting identity authentication when the client connects to the server again, the second server can directly connect to the client based on the first credential without having to authenticate the client again, thereby not only improving the efficiency of server switching, but also improving the user experience.

基于前述实施例,本申请实施例提供一种计算机可读存储介质,该存储介质存储有一个或者多个程序,该一个或者多个程序可被一个或者多个处理器执行,以实现图1、图2和图3对应的实施例提供的信息处理方法中的步骤。Based on the foregoing embodiments, an embodiment of the present application provides a computer-readable storage medium, which stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps in the information processing method provided in the embodiments corresponding to Figures 1, 2 and 3.

需要说明的是,上述计算机可读存储介质可以是只读存储器(Read Only Memory,ROM)、可编程只读存储器(Programmable Read-Only Memory,PROM)、可擦除可编程只读存储器(Erasable Programmable Read-Only Memory,EPROM)、电可擦除可编程只读存储器It should be noted that the computer-readable storage medium may be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EPROM), or a

(Electrically Erasable Programmable Read-Only Memory,EEPROM)、磁性随机存取存储器(Ferromagnetic Random Access Memory,FRAM)、快闪存储器(Flash Memory)、磁表面存储器、光盘、或只读光盘(Compact Disc Read-Only Memory,CD-ROM)等存储器;也可以是包括上述存储器之一或任意组合的各种电子设备,如移动电话、计算机、平板设备、个人数字助理等。The invention relates to a memory device including an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Ferromagnetic Random Access Memory (FRAM), a Flash Memory, a magnetic surface memory, an optical disc, or a Compact Disc Read-Only Memory (CD-ROM); or various electronic devices including one or any combination of the above memories, such as a mobile phone, a computer, a tablet device, a personal digital assistant, etc.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or device including the element.

上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above-mentioned embodiments of the present application are for description only and do not represent the advantages or disadvantages of the embodiments.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所描述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present application, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, a magnetic disk, or an optical disk), and includes a number of instructions for a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the methods described in each embodiment of the present application.

本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to the flowchart and/or block diagram of the method, device (system) and computer program product according to the embodiment of the present application. It should be understood that each process and/or box in the flowchart and/or block diagram, and the combination of the process and/or box in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for realizing the function specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only preferred embodiments of the present application, and are not intended to limit the patent scope of the present application. Any equivalent structure or equivalent process transformation made using the contents of the present application specification and drawings, or directly or indirectly applied in other related technical fields, are also included in the patent protection scope of the present application.

Claims (12)

1. An information processing method, applied to a client, comprising:
Sending an identity authentication request corresponding to a user and attribute information of a client to a first server in a distributed system;
Receiving a first credential sent by the first server for the first server under the condition that the identity authentication of the user passes based on the identity authentication request through the first server, and storing the processed first credential to a target storage space of the client; wherein, the first credential refers to a credential exempted from identity authentication when the client connects to the server again;
And in the case that the first server has a fault, sending a connection request and the first certificate to a second server in the distributed system so as to provide services to the client through the second server.
2. The method of claim 1, wherein the receiving the first credential sent by the first server for the first server comprises:
Sending a tunnel establishment request to the first server; the tunnel establishment request is used for establishing an information transmission channel between the client and the first server;
Receiving a first credential sent by the first server through the information transmission channel under the condition of receiving the consent information sent by the first server; wherein the consent information is generated by the first server based on the tunnel establishment request; the first credential is generated by encrypting a first credential to be processed by the first server by adopting a secret key, and the secret key has the characteristic of periodically changing along with time; the first to-be-processed credential is generated by the first server.
3. The method of claim 2, wherein after receiving the first credential sent by the first server via the information transmission channel, further comprising:
And encrypting the first credential by adopting the attribute information to obtain the processed first credential.
4. The method of claim 3, wherein the sending the connection request and the first credential to a second server in the distributed system comprises:
Decrypting the processed first credential by adopting the attribute information to obtain the first credential;
And sending a connection request and the first credential to a second server in the distributed system, so that the second server adopts the secret key to decrypt the first credential to obtain the first credential to be processed.
5. An information processing method, applied to a second server, comprising:
Receiving a connection request and a first credential sent by a client; wherein the first credential is sent to the client by a first server, and the first credential refers to a credential exempted from identity authentication when the client connects to the server again;
In the event that a failure of the first server is determined using a probing technique, a connection is established with the client based on the connection request and the first credential to provide a service to the client.
6. The method of claim 5, wherein after establishing a connection with the client based on the connection request to provide a service to the client, further comprising:
under the condition that the client side and the second server are connected, decrypting the first credential by adopting a secret key to obtain a first credential to be processed;
Generating a second credential to be processed for the second server based on the first credential to be processed and the identity of the second server.
7. The method of claim 5, wherein the method further comprises:
Transmitting a connection rejection message to the client under the condition that the first server is determined to survive by adopting the detection technology; wherein the reject connection message is generated based on the connection request.
8. A first information processing apparatus, characterized in that the apparatus comprises:
The first sending unit is used for sending an identity authentication request corresponding to the user and attribute information of the client to a first server in the distributed system;
The first processing unit is used for receiving first credentials sent by the first server for the first server and storing the processed first credentials to a target storage space of the client under the condition that the identity authentication of the user based on the identity authentication request passes through the first server; wherein, the first credential refers to a credential exempted from identity authentication when the client connects to the server again;
and the second sending unit is used for sending a connection request and the first certificate to a second server in the distributed system under the condition that the first server fails so as to provide services for the client through the second server.
9. A second information processing apparatus, characterized in that the apparatus comprises:
The receiving unit is used for receiving the connection request and the first certificate sent by the client; wherein the first credential is sent to the client by the first server, and the first credential refers to a credential exempted from identity authentication when the client is connected to the server again;
And the second processing unit is used for establishing connection with the client based on the connection request so as to provide services for the client under the condition that the first server is determined to have faults by adopting a detection technology.
10. A client, characterized in that, the client comprises: a first processor, a first memory, and a first communication bus;
The first communication bus is used for realizing communication connection between the first processor and the first memory;
The first processor is configured to execute an information processing program stored in the first memory to realize the steps of the information processing method according to claims 1 to 4.
11. A second server is characterized in that, the second server includes: a second processor, a second memory, and a second communication bus;
The second communication bus is used for realizing communication connection between the second processor and the second memory;
the second processor is configured to execute an information processing program stored in the second memory to implement the steps of the information processing method according to claims 5 to 7.
12. A computer-readable storage medium storing one or more programs executable by one or more processors to implement the steps of the information processing method of claims 1-4 or 5-7.
CN202411017901.1A 2024-07-26 2024-07-26 Information processing method, device, equipment and computer storage medium Pending CN118827600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411017901.1A CN118827600A (en) 2024-07-26 2024-07-26 Information processing method, device, equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411017901.1A CN118827600A (en) 2024-07-26 2024-07-26 Information processing method, device, equipment and computer storage medium

Publications (1)

Publication Number Publication Date
CN118827600A true CN118827600A (en) 2024-10-22

Family

ID=93076312

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411017901.1A Pending CN118827600A (en) 2024-07-26 2024-07-26 Information processing method, device, equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN118827600A (en)

Similar Documents

Publication Publication Date Title
CN110870277B (en) Introducing middleboxes into secure communication between a client and a server
CN109561066B (en) Data processing method and device, terminal and access point computer
US8468347B2 (en) Secure network communications
US11303431B2 (en) Method and system for performing SSL handshake
CN107040513B (en) Trusted access authentication processing method, user terminal and server
US20100153702A1 (en) Tls key and cgi session id pairing
CN110569638B (en) A method, device, storage medium and computing device for API authentication
CN106878016A (en) Data is activation, method of reseptance and device
US20180375648A1 (en) Systems and methods for data encryption for cloud services
CN104243419A (en) Data processing method, device and system based on secure shell protocol
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN104243452B (en) A kind of cloud computing access control method and system
CN105591748B (en) A kind of authentication method and device
CN111404884A (en) Secure communication method, client and non-public server
US11611541B2 (en) Secure method to replicate on-premise secrets in a cloud environment
CN116915486B (en) Cloud service communication system
CN117354032A (en) Multiple authentication method based on code server
CN113079506B (en) Network security authentication method, device and equipment
CN110995730B (en) Data transmission method and device, proxy server and proxy server cluster
CN118827600A (en) Information processing method, device, equipment and computer storage medium
CN115065530A (en) Trusted data interaction method and system
KR101962349B1 (en) Consolidated Authentication Method based on Certificate
CN117896725A (en) Wireless communication method, system, electronic device and storage medium
CN119697155A (en) A method for implementing software-defined boundaries based on hierarchical scheduling
CN114244569A (en) SSL VPN remote access method, system and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination