CN103108037A - Communication method, Web server and Web communication system - Google Patents
Communication method, Web server and Web communication system Download PDFInfo
- Publication number
- CN103108037A CN103108037A CN2013100233882A CN201310023388A CN103108037A CN 103108037 A CN103108037 A CN 103108037A CN 2013100233882 A CN2013100233882 A CN 2013100233882A CN 201310023388 A CN201310023388 A CN 201310023388A CN 103108037 A CN103108037 A CN 103108037A
- Authority
- CN
- China
- Prior art keywords
- web server
- web
- browser
- web browser
- websocket
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the field of communication technology, and particularly relates to a WebSocket trans-domain communication method, a Web server and a Web communication system. A safe communication method based on the WebSocket common connection protocol is provided. In a cluster scenario, a centralized authentication method is applied, and a WebSocket data transmission channel can be safely and efficiently used to push data. The data is encrypted according to the needs, so that occupation of a central processing unit (CPU) is reduced.
Description
Technical field
The present invention relates to communication technical field, be specifically related to the cross-cutting communication means of websocket, Web server and Web communication system.
Background technology
Arrival along with the Web2.0 epoch, network and people's life links together more closely, based on World Wide Web (WWW) (WorldWide Web, Web) social network sites facebook twitter popular, anyone can release news in any place at any time, photo, and relatives and friends just can know, share together at once, directly carry out real-time full duplex (Full Duplex) communication between the communication node of the shared Web of requirement of instant message, namely synchronously carry out data and send and data receiver.
Generally carry out communication based on the technology of HTTP (HTTP) at present between Web browser and Web server, as polling technique (Polling) or server push technology (Comet) etc., wherein the Polling technology can only be supported half-duplex operation, and the Comet technology adopts and to be respectively used to upstream and to be connected two connections with downstream data flow and to simulate full-duplex communication, need to expend double Web server resource, inefficiency.In order to realize the full-duplex communication of real-time high-efficiency, World Wide Web Consortium (World Wide Web Consortium, W3C) webpage socket protocol (WebSocket) has been proposed in the HTML5 standard, WebSocket makes Web browser and Web server set up stable data transmission channel, realizes that synchronous data send and data receiver.
The safe connection protocol of dual mode: WebSocket (WebSocket Secure, WSS), WebSocket generic connectivity agreement (WS) are encrypted and are not encrypted in the Websocket data transmission channel support that Web browser and Web server are set up.
At present nearly all Web system has all used the web proxy server, the problems such as fire compartment wall, website are cross-domain to solve, load balancing, and most of web proxy server is not supported the WSS agreement, can't be with the cipher mode forwarding data.Therefore, can only use the WS generic connectivity, all like this data are all transmitted on unencrypted passage, and fail safe is not high.
Summary of the invention
The embodiment of the present invention provides a kind of safety communicating method based on WebSocket generic connectivity agreement (WS), Web server and Web communication system, adopts the mechanism of Collective qualification, to solve the safety problem of using Websocket generic connectivity passage.
The above-mentioned purpose of the embodiment of the present invention is achieved by the following technical solution:
A kind of communication means based on the WebSocke agreement comprises:
The first Web server receives the first authentication request of Web browser, if described the first Web server returns to the unverified message of carrying random value also not to described Web browser authentication;
The first Web server receives the second authentication request of Web browser, and described the second authentication request is carried IP address and first summary of user's user name, described browser; Wherein, described the first summary is obtained described user name, password, described browser IP address and described random value by described Web browser through irreversible summary;
Described the first Web server obtains password according to described user name from database, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the first summary and described the second summary are compared, if described the first summary is identical with described the second summary, distribute unique ID; Described the first Web server is distributed to described Web browser and the second Web server with described ID, so that described the second Web server is when the ID that relatively obtains from described Web browser is identical with the ID that obtains from the first Web server, described the second Web server and described Web browser are set up the Websocket data transmission channel, carry out session.
Described the first Web server monitor session when described Websocket connection is not used for a long time, is closed the Websocket generic connectivity data transmission channel between described Web server and described Web browser.
A kind of Websocket generic connectivity data transmission channel encryption method comprises:
Web server receives the PKI request of obtaining that Web browser is initiated, and sends described PKI;
Described Web server receives the sensitive data request of obtaining that described Web browser is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to public key encryption by Web browser;
Described Web server uses private key, to described the first dynamic password deciphering through described public key encryption, obtain the second dynamic password, then use described the second dynamic password that the sensitive data that obtains is encrypted, described Web server sends to described Web browser with the sensitive data of described encryption.
A kind of Web server comprises: receiving element, transmitting element, processing unit and monitoring unit;
Described receiving element is used for receiving the first authentication request of described Web browser, if described Web server does not also authenticate described browser, described transmitting element sends the unverified message that carries random value to described browser;
Described receiving element also is used for receiving the second authentication request of described Web browser, described the second authentication request carries user's user name, described browser IP address and the first summary, wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and is obtained through irreversible summary;
Described processing unit is used for, obtain password from database according to user name, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the second summary and described the first summary are compared, if described the first summary is identical with described the second summary, distribute unique ID, and described ID is distributed to described Web browser and is distributed to the second Web server, so that described Web browser and described the second Web server are set up the Websocket data transmission channel according to described ID;
Described monitoring unit is used for monitor session, when the described Websocket data transmission channel between described the second Web server and described Web browser does not use for a long time, closes described Websocket data transmission channel.
A kind of Web server comprises: receiver module, processing module, sending module.
Described receiver module is used for receiving the PKI request of obtaining that Web browser is initiated, and returns to described PKI;
Described receiver module also is used for receiving the sensitive data request of obtaining that described Web browser is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to described public key encryption by Web browser;
Described processing module is used for, and uses private key to described the first dynamic password deciphering through described public key encryption, obtains the second dynamic password, then uses described the second dynamic password that the sensitive data that obtains is encrypted;
Described sending module is used for the sensitive data of described encryption is sent to described Web browser.
A kind of Web communication system comprises: Web browser, the first Web server and the second Web server.
Described browser is used for sending the first authentication request to described the first Web server, if described the first Web server does not also authenticate described browser, described browser receives the unverified message that carries random value that described the first Web server sends;
Described browser also is used for, with user's user name, password, browser IP address with carry out irreversible summary from the random value of the first Web server and process and obtain the first summary, then send the second authentication request to described the first Web server, described the second authentication request carries described user name, described browser IP address and described the first summary;
Described browser also is used for, and initiates connection request to described the second Web server, and described connection request carries unique ID, and described unique ID is that described the first Web server is to rear transmission of described browser authentication;
Described the first Web server comprises: receiving element, transmitting element and processing unit;
Described transmitting element is used for sending random value to Web browser;
Described receiving element is used for receiving the second authentication request of described Web browser, described the second authentication request carries user's user name, described browser IP address and the first summary, wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and is obtained through irreversible summary;
Described processing unit is used for, obtain password from database according to user name, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the first summary and described the second summary are compared, if described the first summary is identical with described the second summary, distributes unique ID, and described ID is distributed to described Web browser and is distributed to the second Web server;
Described the second Web server comprises Websocket data channel link block, be used for setting up the Websocket data transmission channel with described Web browser when the more described ID that obtains from described Web browser is identical with the ID that obtains from described the first Web server;
Described the second Web server also comprises: receiver module, processing module, sending module.
Described receiver module is used for receiving the PKI request of obtaining that described Web browser is initiated, and sends described PKI;
Described receiver module also is used for, and receives the sensitive data request of obtaining that described Web browser is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to described public key encryption by described Web browser;
Described processing module also is used for, and according to private key, described the first dynamic password deciphering is obtained the second dynamic password, uses described the second dynamic password that the sensitive data that obtains is encrypted;
Described sending module is used for the sensitive data of described encryption is sent to described Web browser.
Embodiment provided by the invention under the cluster scene, by the mode of Collective qualification, realizes the use Websocket data transmission channel propelling data of highly effective and safe; As required data are encrypted, save taking of CPU.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or description of the Prior Art, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
A kind of communication means flow chart based on Websocket generic connectivity agreement that Fig. 1 provides for the embodiment of the present invention one;
A kind of communication means signaling diagram based on Websocket generic connectivity agreement that Fig. 2 provides for the embodiment of the present invention two;
A kind of Websocket generic connectivity data transmission channel encryption method signaling diagram that Fig. 3 provides for the embodiment of the present invention three;
A kind of Web server schematic diagram that Fig. 4 provides for the embodiment of the present invention four;
A kind of Web server schematic diagram that Fig. 5 provides for the embodiment of the present invention five;
A kind of Web communication system schematic diagram that Fig. 6 provides for the embodiment of the present invention six.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Better understand for making persons skilled in the art the technical scheme that the embodiment of the present invention provides, to World Wide Web (WWW) (World Wide Web, Web) HTML (Hypertext Markup Language) (Hyper Text Transfer Protocol, HTTP) and the communication mechanism of webpage socket (Websocket) that adopt in communication are done respectively concise and to the point introduction:
Http protocol is a kind of procotol that is most widely used on the Internet, the standard that http protocol has defined Web client and Web Application Server request and replied, and all Web files all must be observed this standard.
Information exchanging process based on the Web clients/applications server request response mechanism of http protocol comprises four steps:
(1) connect: the designated port of Web client and Web Application Server (is 80 for the HTTP default port, for the HTTPS with fail safe, default port is 443) set up TCP(Transmission Control Protocol, transmission control protocol) connect.HTTP is the application layer protocol more higher level than TCP, according to rule, only has lower layer protocol to set up and just can carry out the more connection of upper-layer protocol afterwards, therefore, at first will set up TCP and connect;
(2) send request: after setting up a TCP connection, the Web client is delivered to request message on the corresponding port of Web Application Server, request message comprises: the method for request, URL, protocol version, request head and request msg etc., and complete request action and submit to;
(3) send response: Web Application Server is after handling the Web client-requested, send response message to the Web client, the content of response message comprises that the version of messaging protocol, success or error coded add and comprises Web Application Server information, entity metamessage and possible entity content;
(4) close connection: Web client and Web Application Server both sides can finish the TCP/IP dialogue by closing socket.
There is following shortcoming in the communication technology based on http protocol:
1) can't realize point-to-point full-duplex communication.Because traditional HTTP poll is half-duplex, and realize two-way communication based on the Comet Technology Need of http protocol in two connections, all can't support to realize by a connection real time communication of point-to-point full duplex;
2) serious waste of resources.Because the information that the http protocol that adopts carries often only has several bytes, and HTTP excessive (near 1K), namely invalid information load is many, therefore, frequently poll cause system bandwidth consumption large, postpone high, inefficiency.
Websocket is a kind of new agreement that defines in HTML5, supports to be connected the efficient communication of carrying out full duplex by a Websocket between Web client and Web Application Server.Websocket has the handshake mechanism of compatible HTTP, can share HTTP and the HTTPS port (80 and 443) of acquiescence, and the communication mechanism of Websocket is as follows:
(1) shake hands:
The Web client can be by sending handshake information to Web Application Server, Web client and http protocol between Web Application Server are promoted to the Websocket agreement to be connected to set up Websocket, concrete, the Web client sends a HTTP Upgrade request to Web Application Server, for example:
GET/chat?HTTP/1.1
Host:server.example.com
Upgrade:websocket
Connection:Upgrade
Sec-WebSocket-Key:dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Origin:http://example.com
Sec-WebSocket-Protocol:chat,superchat
(\r\n)
Wherein, Host is the Web Application Server main frame, and Upgrade is agreement upgrading type, and Connection is connection type, and Key is the safety certification key, and Origin is the request source, and Protocol is optional sub-protocol title;
Web Application Server is accepted the HTTPUpgrade request, and returns to response message to the Web client, as:
HTTP/1.1101WebSocket?Protocol?Handshake
Upgrade:WebSocket
Connection:Upgrade
Sec-WebSocket-Origin:http://example.com
Sec-WebSocket-Location:ws://example.com/demo
Sec-WebSocket-Protocol:sample
8jKS’y:G*Co,Wxa-
Wherein, 101 is http response conditional code (101: the customer requirement server is according to request conversion http protocol version), Origin must equal the source of HTTP Upgrade request, Location must equal the address of HTTPUpgrade request, Protocol must comprise the sub-protocol name of HTTP Upgrade request, " 8jKS ' y:G*Co, Wxa-" be the data of 16 bytes of being constructed by the Key in HTTP Upgrade request, carry out the value that md5 encryption obtains 16 bytes;
(2) transfer of data:
After Websocket connected foundation, the Websocket Frame just can come transmission back with the pattern of full duplex between Web client and Web server.
Embodiment one
As shown in Figure 1, the embodiment of the present invention one provides a kind of communication means based on the Websocket agreement, comprises the steps:
S101, the first Web server sends random value to Web browser;
Particularly, authentication module is deployed in arbitrary Web server, described authentication module is used for completing the authentication of described Web browser, claim that described Web server is the first Web server, described the first Web server receive that described Web browser sends the first authentication request, if described the first Web server also not to described Web browser authentication, sends the unverified message that carries random value.
S102, the first Web server receives the second authentication request of Web browser;
Particularly, described the second authentication request carries user name, described Web browser IP address and the first summary, and described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and obtained through irreversible summary;
Particularly, the summary processing is that data are generated unique data through the summary Processing Algorithm.
S103, the first Web server compares the second summary and the first summary, if described the first summary is identical with described the second summary, distributes unique ID, and described ID is returned to Web browser and is distributed to the second Web server;
Particularly, described the first Web server obtains password according to described user name from database, with described user name, described Web browser IP address, described random value, obtains the second summary through irreversible summary.
S104, the second Web server set up the Websocket data transmission channel with described Web browser when the ID that relatively obtains is identical with the ID that obtains from the first Web server from described Web browser, carry out session;
Particularly, when the described Websocket data transmission channel of described the first Web server between described the second Web server and described Web browser do not use for a long time, close described Websocket data transmission channel.
In the communication means based on Websocket generic connectivity agreement that the embodiment of the present invention provides, Web browser is initiated authentication request, the first Web server distributes unique ID through authentication, and ID is returned to Web browser and the second Web server, Web browser is initiated the connection request with the second Web server, consistent through the ID comparison, set up the Websocket data transmission channel.The present embodiment is deployed in authentication module in one of them Web server, by the mode of Collective qualification, makes the Websocket data transmission channel of foundation can realize the safe transmission of data.
Embodiment two
As shown in Figure 2, the embodiment of the present invention two provides a kind of communication means based on Websocket generic connectivity agreement, comprises the steps:
S201, Web browser sends the first authentication request to the first Web server, and receives the unverified message that described the first web server is returned, and this unverified message comprises random value; Initiate the first authentication request and receive the return information of the first Web server;
Concrete, initiate described the first authentication request by the smjs module of described Web browser, concrete example, described the first authentication request can for:
https:\\163.com\auth\session(put)
Described the first Web server is judged described the first authentication request, if described Web server does not also authenticate described browser, returns to the unverified message of carrying random value.
S202, described Web browser is initiated the second authentication request.
Particularly, described the second authentication request can be asked for HTTP, concrete example, can for:
https:\\163.com\auth\session(put)
Described the second authentication request comprises user name, browser IP address and the first summary, and described the first summary carries out irreversible summary by affiliated browser with user's user name, password, browser IP address and described random value to be processed and obtain.
S203, described the first Web server User name is obtained password from database, carry out irreversible summary processing and obtain the second summary, and described the first summary and described the second summary are compared, if identical, distributes unique ID.
Further, described the first Web server returns to this Web browser with described ID, and is distributed to the second Web server.
S204, Web browser is initiated the connection request with the second Web server, and described connection request carries described ID.
S205, described Web server obtains described ID according to this connection request, and with S203 in the ID that receives from the first web server compare, if identical, allow to connect.
Particularly, after relatively more consistent, described Web browser and described Web server are set up the Websocket data transmission channel.
Further, in the present embodiment, also comprise:
S206, described the first Web server close the described Websocket data transmission channel between described Web browser and described Web server.
Embodiment three
Based on the described communication means based on Websocket generic connectivity agreement of embodiment two, as shown in Figure 3, the embodiment of the present invention three provides a kind of Websocket generic connectivity data transmission channel encryption method, comprises the steps:
S301, Web browser initiate to obtain the PKI request, and Web server returns to public key information;
S302, described Web browser generates the first dynamic password, and described the first dynamic password is generated according to described public key encryption by described Web browser;
S303, described Web browser initiates to obtain the sensitive data request to described Web server, and described request carries described the first dynamic password;
S304, described Web server use described the first dynamic password of private key deciphering to obtain the second dynamic password;
S305, described Web server obtain sensitive data and use described the second dynamic password to encrypt the described sensitive data that obtains, and send to described Web browser;
S306, described Web browser use the sensitive data of the first described encryption of dynamic password deciphering.
In the Websocket data transmission channel encryption method of this example, create the first dynamic password and send to Web server by Web browser, Web server uses described the first dynamic password that the data of obtaining are encrypted, and the data after encrypting return to Web browser, thereby realize the safety data transmission of Websocket generic connectivity between Web browser and Web server.Realized on demand data being encrypted, saved CPU and take, lowered resource occupation.
Embodiment four
As shown in Figure 4, according to the communication means based on Websocket generic connectivity agreement of embodiment two, the embodiment of the present invention four provides a kind of Web server 1, comprising: receiving element 101, processing unit 102, transmitting element 103 and monitoring unit 104;
Described receiving element 101, be used for receiving the first authentication request of described Web browser, if also not to described browser authentication, described transmitting element 103 sends unverified message to described browser to described Web server, described unverified message carries described random value;
Described receiving element 101, also be used for receiving the second authentication request of described Web browser, described the second authentication request carries user's user name, described browser IP address and the first summary, wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and is obtained through irreversible summary;
Described processing unit 102, be used for obtaining password according to user name from database, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the second summary and described the first summary are compared, if described the first summary is identical with described the second summary, distribute unique ID, and described ID is distributed to described Web browser and is distributed to the second Web server, so that described Web browser and described the second Web server are set up the Websocket data transmission channel according to described ID;
Described monitoring unit 104 is used for monitor session, when the Websocket data transmission channel between described the second Web server and described Web browser does not use for a long time, closes described Websocket data transmission channel.
Embodiment five
As shown in Figure 5, according to the Websocket generic connectivity data transmission channel encryption method of embodiment three, the embodiment of the present invention five provides a kind of Web server, comprises receiver module 201, processing module 202, sending module 203;
Described receiver module 201 is used for receiving the PKI request of obtaining that Web browser is initiated, and described PKI is returned to described Web browser 3;
Described receiver module 201, also for the request of data of obtaining that receives described Web browser 3 initiations, described request is carried the first dynamic password, and described the first dynamic password is generated according to described public key encryption by Web browser 3;
Described processing module 202 is used for utilizing private key to described the first dynamic password deciphering through described public key encryption, obtains the second dynamic password, then uses described the second dynamic password to encrypt the data of obtaining;
Described sending module 203, the described data that are used for encrypting send to described Web browser 3.
Embodiment six
As shown in Figure 6, the embodiment of the present invention six provides a kind of Web communication system, comprising: Web browser 3, the first Web server 1 and the second Web server 2;
Described Web browser 3, be used for sending the first authentication request to described the first Web server 1, if described the first Web server 1 is not also to described browser authentication, described Web browser 3 receives the unverified message that described the first Web server 1 returns, and described unverified message carries random value.
Described Web browser 3, also be used for user's user name, password, browser IP address and carry out irreversible summary from the random value of the first Web server 1 and process and obtain the first summary, then send the second authentication request to described the first Web server 1, described the second authentication request carries described user name, described browser IP address and described the first summary;
Described Web browser also is used for, and initiates connection request to described the second Web server 2, and described connection request carries unique ID, and described unique ID sends after 1 pair of described Web browser 3 authentication of described the first Web server;
Described the first Web server comprises: receiving element 101, transmitting element 103, processing unit 102 and monitoring unit 104;
Described transmitting element 103 is used for sending random value to web browsing 3;
Described receiving element 101, be used for receiving the second authentication request of described Web browser 3, described the second authentication request carries user's user name, described browser IP address and the first summary, wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser 3 and is obtained through irreversible summary;
Described processing unit 102, be used for obtaining password according to user name from database, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the first summary and described the second summary are compared, if described the first summary is identical with described the second summary, distributes unique ID, and described ID is distributed to described Web browser and is distributed to the second Web server;
Described monitoring unit 104 is used for monitor session, when the Websocket data transmission channel between described the second Web server and described Web browser does not use for a long time, closes described Websocket data transmission channel;
Described the second Web service 2 comprises Websocket data channel link block 204, be used for setting up the Websocket data transmission channel with described Web browser when the more described ID that obtains from described Web browser is identical with the ID that obtains from described the first Web server;
Described the second Web server also comprises: receiver module 201, processing module 202, sending module 203;
Described receiver module 201 is used for receiving the PKI request of obtaining that described web browsing 3 is initiated, and sends described PKI;
Described receiver module 201 also is used for receiving the sensitive data request of obtaining that described Web browser 3 is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to described public key encryption by described Web browser 3;
Described processing module 202 is used for according to private key, described the first dynamic password deciphering being obtained the second dynamic password, uses described the second dynamic password that the sensitive data that obtains is encrypted;
Described sending module 203 is used for the sensitive data of described encryption is sent to described Web browser 3.
Claims (13)
1. communication means based on the Websocket agreement comprises:
The first Web server sends random value to Web browser;
Described the first Web server receives the second authentication request of described Web browser, and described the second authentication request carries user's user name, described Web browser IP address and the first summary; Wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and is obtained through irreversible summary;
Described the first Web server obtains password according to described user name from database, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary;
Described the first Web server compares described the first summary and the second summary, if described the first summary is identical with described the second summary, distributes unique ID;
Described the first Web server is distributed to described Web browser and the second Web server with described ID, so that described the second Web server is when the ID that relatively obtains from described Web browser is identical with the ID that obtains from the first Web server, set up the Websocket data transmission channel with described Web browser, carry out session.
2. method according to claim 1, is characterized in that, also comprises:
Described the first Web server receives the first authentication request that described Web browser sends, if described the first Web server does not also authenticate described Web browser, described the first Web server sends unverified message to described Web browser, and described unverified message is carried described random value.
3. method according to claim 1, is characterized in that, also comprises:
When the described Websocket data transmission channel of described the first Web server between described the second Web server and described Web browser do not use for a long time, close described Websocket data transmission channel.
4. Websocket data transmission channel encryption method comprises:
Web server sends PKI to Web browser;
Described Web server receives the sensitive data request of obtaining that described Web browser is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to described public key encryption by described Web browser;
Described Web server to described the first dynamic password deciphering, obtains the second dynamic password according to private key;
Described Web server utilizes described the second dynamic password that the sensitive data of described Web browser acquisition request is encrypted, and the sensitive data ciphertext after encrypting returns to described Web browser.
5. method according to claim 4, is characterized in that, described Web server sends PKI to Web browser and comprises:
Described Web server receives the PKI request of obtaining that described Web browser is initiated, and described PKI is sent to described Web browser.
6. a Web server, comprising: receiving element, transmitting element and processing unit;
Described transmitting element is used for sending random value to Web browser;
Described receiving element is used for receiving the second authentication request of described Web browser, described the second authentication request carries user's user name, described browser IP address and the first summary, wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and is obtained through irreversible summary;
Described processing unit is used for, obtain password from database according to user name, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the second summary and described the first summary are compared, if described the first summary is identical with described the second summary, distribute unique ID, and described ID is distributed to described Web browser and is distributed to the second Web server, so that described Web browser and described the second Web server are set up the Websocket data transmission channel according to described ID.
7. Web server according to claim 6, it is characterized in that, described receiving element also is used for receiving the first authentication request of described Web browser, if described Web server is not also to described browser authentication, described transmitting element sends unverified message to described browser, and described unverified message carries described random value.
8. Web server according to claim 6, it is characterized in that, also comprise monitoring unit, described monitoring unit is used for monitor session, when the Websocket data transmission channel between described the second Web server and described Web browser does not use for a long time, close described Websocket data transmission channel.
9. a Web server, comprising: receiver module, processing module, sending module;
Described receiver module is used for receiving the PKI request that Web browser is initiated, and returns to described PKI;
Described receiver module also be used for to receive the sensitive data request of obtaining that Web browser is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to described public key encryption by Web browser;
Described processing module is used for according to private key, described the first dynamic password being deciphered, and obtains the second dynamic password, then uses described the second dynamic password that the sensitive data that obtains is encrypted;
Described sending module is used for the sensitive data of described encryption is sent to described Web browser.
10. a Web communication system, comprising: web browser, the first web server and the second web server;
Described browser is used for, with user's user name, password, browser IP address with carry out irreversible summary from the random value of the first Web server and process and obtain the first summary, then send the second authentication request to described the first Web server, described the second authentication request carries described user name, described browser IP address and described the first summary;
Described browser also is used for, and initiates connection request to described the second Web server, and described connection request carries unique ID, and described unique ID is that described the first Web server is to rear transmission of described browser authentication;
Described the first Web server comprises: receiving element, transmitting element and processing unit;
Described transmitting element is used for sending random value to Web browser;
Described receiving element is used for receiving the second authentication request of described Web browser, described the second authentication request carries user's user name, described browser IP address and the first summary, wherein, described the first summary is processed described user name, password, described browser IP address and described random value by described Web browser and is obtained through irreversible summary;
Described processing unit is used for, obtain password from database according to user name, with described user name, described Web browser IP address, described random value, process through irreversible summary and obtain the second summary, described the first summary and described the second summary are compared, if described the first summary is identical with described the second summary, distributes unique ID, and described ID is distributed to described Web browser and is distributed to the second Web server;
Described the second Web server comprises Websocket data channel link block, be used for setting up the Websocket data transmission channel with described Web browser when the more described ID that obtains from described Web browser is identical with the ID that obtains from described the first Web server.
11. Web communication system according to claim 10 is characterized in that, described the second Web server also comprises: receiver module, processing module, sending module.
Described receiver module is used for receiving the PKI request of obtaining that described Web browser is initiated, and sends described PKI;
Described receiver module also is used for, and receives the sensitive data request of obtaining that described Web browser is initiated, and describedly obtains the sensitive data request and carries the first dynamic password, and described the first dynamic password is generated according to described public key encryption by described Web browser;
Described processing module also is used for, and according to private key, described the first dynamic password deciphering is obtained the second dynamic password, uses described the second dynamic password that the sensitive data that obtains is encrypted;
Described sending module is used for the sensitive data of described encryption is sent to described Web browser.
12. Web communication system according to claim 10, it is characterized in that, described browser also is used for sending the first authentication request to described the first Web server, if described the first Web server is not also to described browser authentication, described browser receives the unverified message that described the first Web server returns, and described unverified message carries random value.
13. Web communication system according to claim 10, it is characterized in that, described the first Web server also comprises monitoring unit, described monitoring unit is used for monitor session, when the Websocket data transmission channel between described the second Web server and described Web browser does not use for a long time, close described Websocket data transmission channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310023388.2A CN103108037B (en) | 2013-01-22 | 2013-01-22 | A kind of communication means, Web server and Web communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310023388.2A CN103108037B (en) | 2013-01-22 | 2013-01-22 | A kind of communication means, Web server and Web communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103108037A true CN103108037A (en) | 2013-05-15 |
| CN103108037B CN103108037B (en) | 2015-12-02 |
Family
ID=48315604
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310023388.2A Active CN103108037B (en) | 2013-01-22 | 2013-01-22 | A kind of communication means, Web server and Web communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103108037B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
| CN104734936A (en) * | 2013-12-19 | 2015-06-24 | 中兴通讯股份有限公司 | Instant message processing method, device and system |
| CN106411953A (en) * | 2016-11-30 | 2017-02-15 | 深圳前海弘稼科技有限公司 | Planting box login method and device |
| CN107733890A (en) * | 2017-10-17 | 2018-02-23 | 广州亦云信息技术股份有限公司 | The inter-network means of communication, electronic equipment, storage medium, system based on web protocol |
| CN109218546A (en) * | 2017-06-30 | 2019-01-15 | 京瓷办公信息系统株式会社 | Telecommunication system |
| CN110225092A (en) * | 2019-05-14 | 2019-09-10 | 无线生活(杭州)信息科技有限公司 | A kind of communication means and WebSocket server |
| CN110611719A (en) * | 2019-10-16 | 2019-12-24 | 四川虹美智能科技有限公司 | Message pushing method, server and system |
| CN114448962A (en) * | 2022-01-17 | 2022-05-06 | 南昌华勤电子科技有限公司 | Web application instant message notification system, method and server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1830190A (en) * | 2003-07-29 | 2006-09-06 | 汤姆森特许公司 | Controlling access to a network using redirection |
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101783801A (en) * | 2010-01-29 | 2010-07-21 | 福建星网锐捷网络有限公司 | Software protection method based on network, client side and server |
| CN102547701A (en) * | 2010-12-24 | 2012-07-04 | 中国移动通信集团公司 | Authentication method and wireless access point as well as authentication server |
| US20120246190A1 (en) * | 2011-03-23 | 2012-09-27 | Manik Surtani | System and method for performing object relational mapping for a data grid |
-
2013
- 2013-01-22 CN CN201310023388.2A patent/CN103108037B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1830190A (en) * | 2003-07-29 | 2006-09-06 | 汤姆森特许公司 | Controlling access to a network using redirection |
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101783801A (en) * | 2010-01-29 | 2010-07-21 | 福建星网锐捷网络有限公司 | Software protection method based on network, client side and server |
| CN102547701A (en) * | 2010-12-24 | 2012-07-04 | 中国移动通信集团公司 | Authentication method and wireless access point as well as authentication server |
| US20120246190A1 (en) * | 2011-03-23 | 2012-09-27 | Manik Surtani | System and method for performing object relational mapping for a data grid |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
| WO2015074547A1 (en) * | 2013-11-19 | 2015-05-28 | 北京奇虎科技有限公司 | Method for authenticating webpage content and browser |
| CN104734936A (en) * | 2013-12-19 | 2015-06-24 | 中兴通讯股份有限公司 | Instant message processing method, device and system |
| CN106411953A (en) * | 2016-11-30 | 2017-02-15 | 深圳前海弘稼科技有限公司 | Planting box login method and device |
| CN109218546A (en) * | 2017-06-30 | 2019-01-15 | 京瓷办公信息系统株式会社 | Telecommunication system |
| CN107733890A (en) * | 2017-10-17 | 2018-02-23 | 广州亦云信息技术股份有限公司 | The inter-network means of communication, electronic equipment, storage medium, system based on web protocol |
| CN107733890B (en) * | 2017-10-17 | 2020-12-29 | 广州亦云信息技术股份有限公司 | Cross-network communication method based on web protocol, electronic equipment, storage medium and system |
| CN110225092A (en) * | 2019-05-14 | 2019-09-10 | 无线生活(杭州)信息科技有限公司 | A kind of communication means and WebSocket server |
| CN110611719A (en) * | 2019-10-16 | 2019-12-24 | 四川虹美智能科技有限公司 | Message pushing method, server and system |
| CN110611719B (en) * | 2019-10-16 | 2022-04-19 | 四川虹美智能科技有限公司 | Message pushing method, server and system |
| CN114448962A (en) * | 2022-01-17 | 2022-05-06 | 南昌华勤电子科技有限公司 | Web application instant message notification system, method and server |
| CN114448962B (en) * | 2022-01-17 | 2023-08-22 | 南昌华勤电子科技有限公司 | Web application instant message notification system, method and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103108037B (en) | 2015-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103108037B (en) | A kind of communication means, Web server and Web communication system | |
| EP3286896B1 (en) | Scalable intermediate network device leveraging ssl session ticket extension | |
| CA2874317C (en) | Communication session transfer between devices | |
| CN104009938B (en) | The long method and system connected based on route aspect | |
| CN105530254B (en) | A kind of data communications method between intranet and extranet | |
| US20150373048A1 (en) | Enterprise Mobile Notification Solution | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| CN106161368B (en) | Method, device and system for remotely accessing cloud application | |
| US9577988B2 (en) | Data encryption, transport, and storage service for carrier-grade networks | |
| CN104283680A (en) | Data transmission method, client side, server and system | |
| CN104767742A (en) | Safe communication method, gateway, network side server and system | |
| CN103905435A (en) | Communication method of front end page and rear end server | |
| CN102811225A (en) | Method and switch for security socket layer (SSL) intermediate agent to access web resource | |
| CN104010001A (en) | Method and system for carrying out connection communication on same networking requests in mobile terminal | |
| CN104243146A (en) | Encryption communication method and device and terminal | |
| JP6393475B2 (en) | Communication adapter device, communication system, tunnel communication method, and program | |
| CN100428748C (en) | Dual-status-based multi-party communication method | |
| KR101236500B1 (en) | Apparatus for social network service relay service for small embedded apparatus and method thereof | |
| CN111245601B (en) | Communication negotiation method and device | |
| CN110995730B (en) | Data transmission method and device, proxy server and proxy server cluster | |
| Pistek et al. | Using sms for communication with IoT devices | |
| US20150120880A1 (en) | System and methods for accessing content stored on a local area network of a company | |
| CN102457546B (en) | Method, device and system for logging in netty Web application server by single point | |
| Juste et al. | Litter: A lightweight peer-to-peer microblogging service | |
| CN104469758A (en) | Multi-equipment safety login method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |