CN103108037B - A kind of communication means, Web server and Web communication system - Google Patents
A kind of communication means, Web server and Web communication system Download PDFInfo
- Publication number
- CN103108037B CN103108037B CN201310023388.2A CN201310023388A CN103108037B CN 103108037 B CN103108037 B CN 103108037B CN 201310023388 A CN201310023388 A CN 201310023388A CN 103108037 B CN103108037 B CN 103108037B
- Authority
- CN
- China
- Prior art keywords
- web browser
- web
- web server
- browser
- user name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to communication technical field, be specifically related to the cross-cutting communication means of websocket, Web server and Web communication system.Embodiment provides a kind of safety communicating method of sing on web Socket generic connectivity agreement, under cluster scene, adopts the mode of Collective qualification, realizes the use Websocket data transmission channel propelling data of highly effective and safe; As required to data encryption, save taking of CPU.
Description
Technical field
The present invention relates to communication technical field, be specifically related to the cross-cutting communication means of websocket, Web server and Web communication system.
Background technology
Along with the arrival in Web2.0 epoch, the life of network and people links together more closely, based on World Wide Web (WWW) (WorldWideWeb, Web) social network sites facebook twitter popular, anyone can release news in any place at any time, photo, relatives and friends just can know at once, share together, directly carry out real time full duplex (FullDuplex) communication between the communication node of the shared Web of requirement of instant message, namely synchronously carry out data transmission and data receiver.
Generally communication is carried out based on the technology of HTTP (HTTP) at present between Web browser and Web server, as polling technique (Polling) or server push technology (Comet) etc., wherein Polling technology can only support half-duplex operation, and Comet technology adopts two connections being respectively used to upstream and downstream data flow to simulate full-duplex communication, need to expend double Web server resource, inefficiency.In order to realize the full-duplex communication of real-time high-efficiency, World Wide Web Consortium (WorldWideWebConsortium, W3C) in HTML5 specification, webpage socket protocol (WebSocket) is proposed, WebSocket makes Web browser and Web server set up stable data transmission channel, realizes synchronous data and sends and data receiver.
The Websocket data transmission channel support that Web browser and Web server are set up is encrypted and is not encrypted two kinds of modes: WebSocket secure connection protocols (WebSocketSecure, WSS), WebSocket generic connectivity agreement (WS).
Web system nearly all at present all employ web proxy server, the problem such as fire compartment wall, website are cross-domain to solve, load balancing, and most of web proxy server does not support WSS agreement, cannot cryptographically forwarding data.Therefore, can only use WS generic connectivity, data all so are all transmitted on unencrypted passage, and fail safe is not high.
Summary of the invention
The embodiment of the present invention provides a kind of safety communicating method of sing on web Socket generic connectivity agreement (WS), Web server and Web communication system, adopts the mechanism of Collective qualification, to solve the safety problem using Websocket generic connectivity passage.
The above-mentioned purpose of the embodiment of the present invention is achieved by the following technical solution:
A communication means for sing on web Socke agreement, comprising:
First Web server receives the first authentication request of Web browser, if described first Web server is not also to described Web browser certification, then returns the unverified message of carrying random value;
First Web server receives the second authentication request of Web browser, and described second authentication request carries the user name of user, the IP address of described Web browser and the first summary; Wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary by described Web browser by described first summary;
Described first Web server obtains password according to described user name from database, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described first summary and described second is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID; Described ID is distributed to described Web browser and the second Web server by described first Web server, so that described second Web server is when comparing the ID obtained from described Web browser and being identical with the ID obtained from the first Web server, described second Web server and described Web browser set up Websocket data transmission channel, conversate.
Described first Web server monitor session, when described Websocket connection does not use for a long time, closes the Websocket generic connectivity data transmission channel between described Web server and described Web browser.
A kind of Websocket generic connectivity data transmission channel encryption method, comprising:
Web server receives the acquisition PKI request that Web browser is initiated, and sends described PKI;
Described Web server receives the acquisition sensitive data request that described Web browser is initiated, and the first dynamic password is carried in the request of described acquisition sensitive data, and described first dynamic password is generated according to public key encryption by Web browser;
Described Web server uses private key, to the described first dynamic password deciphering through described public key encryption, obtain the second dynamic password, then use described second dynamic password to the sensitive data encryption obtained, the sensitive data of described encryption is sent to described Web browser by described Web server.
A kind of Web server, comprising: receiving element, transmitting element, processing unit and monitoring unit;
Described receiving element is for receiving the first authentication request of described Web browser, if described Web server is not also to described Web browser certification, then described transmitting element sends the unverified message carrying random value to described Web browser;
Described receiving element is also for receiving the second authentication request of described Web browser, described second authentication request carries the user name of user, described Web browser IP address and the first summary, wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Described processing unit is used for, from database, password is obtained according to user name, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described second summary and described first is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID, and described ID be distributed to described Web browser and be distributed to the second Web server, set up Websocket data transmission channel to make described Web browser and described second Web server according to described ID;
Described monitoring unit, for monitor session, when the described Websocket data transmission channel between described second Web server and described Web browser does not use for a long time, closes described Websocket data transmission channel.
A kind of Web server, comprising: receiver module, processing module, sending module.
The acquisition PKI request that described receiver module is initiated for receiving Web browser, and return described PKI;
Described receiver module is also for receiving the acquisition sensitive data request that described Web browser is initiated, and the first dynamic password is carried in the request of described acquisition sensitive data, and described first dynamic password is generated according to described public key encryption by Web browser;
Described processing module is used for, and uses private key to the described first dynamic password deciphering through described public key encryption, obtains the second dynamic password, then use described second dynamic password to the sensitive data encryption obtained;
Described sending module is used for the sensitive data of described encryption to send to described Web browser.
A kind of Web communication system, comprising: Web browser, the first Web server and the second Web server.
Described Web browser is used for sending the first authentication request to described first Web server, if described first Web server is not also to described Web browser certification, then described Web browser receives the unverified message carrying random value that described first Web server sends;
Described Web browser also for, the user name of user, password, browser IP address and the random value from the first Web server are carried out irreversible summary process and obtains the first summary, then send the second authentication request to described first Web server, described second authentication request carries described user name, described Web browser IP address and described first summary;
Described Web browser also for, to described second Web server initiate connection request, described connection request carries unique ID, and described unique ID is that described first Web server sends after described Web browser certification;
Described first Web server comprises: receiving element, transmitting element and processing unit;
Described transmitting element is used for sending random value to Web browser;
Described receiving element is for receiving the second authentication request of described Web browser, described second authentication request carries the user name of user, described Web browser IP address and the first summary, wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Described processing unit is used for, from database, password is obtained according to user name, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described first summary and described second is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID, and described ID be distributed to described Web browser and be distributed to the second Web server;
Described second Web server comprises Websocket data channel link block, for when the relatively described ID obtained from described Web browser is identical with the ID obtained from described first Web server, set up Websocket data transmission channel with described Web browser;
Described second Web server also comprises: receiver module, processing module, sending module.
The acquisition PKI request that described receiver module is initiated for receiving described Web browser, and send described PKI;
Described receiver module also for, receive described Web browser initiate the request of acquisition sensitive data, the request of described acquisition sensitive data carries the first dynamic password, and described first dynamic password is generated according to described public key encryption by described Web browser;
Described processing module also for, according to private key to described first dynamic password deciphering obtain the second dynamic password, use described second dynamic password to obtain sensitive data encryption;
Described sending module is used for the sensitive data of described encryption to send to described Web browser.
Embodiment provided by the invention, under cluster scene, by the mode of Collective qualification, realizes the use Websocket data transmission channel propelling data of highly effective and safe; As required to data encryption, save taking of CPU.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The communication means flow chart of a kind of sing on web socket generic connectivity agreement that Fig. 1 provides for the embodiment of the present invention one;
The communication means signaling diagram of a kind of sing on web socket generic connectivity agreement that Fig. 2 provides for the embodiment of the present invention two;
A kind of Websocket generic connectivity data transmission channel encryption method signaling diagram that Fig. 3 provides for the embodiment of the present invention three;
A kind of Web server schematic diagram that Fig. 4 provides for the embodiment of the present invention four;
A kind of Web server schematic diagram that Fig. 5 provides for the embodiment of the present invention five;
A kind of Web communication system schematic diagram that Fig. 6 provides for the embodiment of the present invention six.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The technical scheme better understood the embodiment of the present invention for making persons skilled in the art and provide, to World Wide Web (WWW) (WorldWideWeb, Web) HTML (Hypertext Markup Language) (HyperTextTransferProtocol, HTTP) adopted in communication and the communication mechanism of webpage socket (Websocket) do concise and to the point introduction respectively:
Http protocol is a kind of procotol that the Internet is most widely used, and http protocol defines the standard of Web client and Web Application Server request and response, and all Web files all must observe this standard.
Information exchanging process based on the Web client/application server request response mechanism of http protocol comprises four steps:
(1) connect: the designated port of Web client and Web Application Server (is 80 for HTTP default port, for the HTTPS with fail safe, default port is 443) set up TCP (TransmissionControlProtocol, transmission control protocol) connection.HTTP is the application layer protocol more higher level than TCP, according to rule, just can carry out the connection of more upper-layer protocol after only having lower layer protocol foundation, therefore, first will set up TCP and connect;
(2) send request: after setting up a TCP connection, Web client is delivered to request message on the corresponding port of Web Application Server, request message comprises: the method for request, URL, protocol version, request header and request msg etc., completes request action and submits to;
(3) response is sent: Web Application Server is after processing Web client request, will send response message to Web client, the content of response message comprises the version of messaging protocol, success or error coded and adds and comprise Web Application Server information, entity metamessage and possible physical contents;
(4) connection is closed: Web client and Web Application Server both sides can terminate TCP/IP dialogue by closing socket.
There is following shortcoming in the communication technology based on http protocol:
1) point-to-point full-duplex communication cannot be realized.Because traditional HTTP poll is half-duplex, and need to connect at two to realize two-way communication based on the Comet technology of http protocol, all cannot support the real time communication being realized point-to-point full duplex by a connection;
2) serious waste of resources.Because the information that carries of http protocol adopted often only has several byte, and HTTP excessive (nearly 1K), namely invalid information load is many, therefore, frequently poll cause system bandwidth consumption large, postpone high, inefficiency.
Websocket is a kind of new agreement defined in HTML5, supports that Web client is connected the efficient communication of carrying out full duplex with between Web Application Server by a Websocket.Websocket has the handshake mechanism of compatible HTTP, and can share HTTP and the HTTPS port (80 and 443) of acquiescence, the communication mechanism of Websocket is as follows:
(1) shake hands:
Web client can by sending handshake information to Web Application Server, http protocol between Web client with Web Application Server is promoted to Websocket agreement to be connected to set up Websocket, concrete, Web client sends a HTTPUpgrade request to Web Application Server, such as:
GET/chatHTTP/1.1
Host:server.example.com
Upgrade:websocket
Connection:Upgrade
Sec-WebSocket-Key:dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Origin:http://example.com
Sec-WebSocket-Protocol:chat,superchat
(\r\n)
Wherein, Host is Web Application Server main frame, and Upgrade is agreement upgrading type, and Connection is connection type, and Key is secret authentication key, and Origin is request source, and Protocol is optional sub-protocol title;
Web Application Server accepts HTTPUpgrade request, and returns response message to Web client, as:
HTTP/1.1101WebSocketProtocolHandshake
Upgrade:WebSocket
Connection:Upgrade
Sec-WebSocket-Origin:http://example.com
Sec-WebSocket-Location:ws://example.com/demo
Sec-WebSocket-Protocol:sample
8jKS’y:G*Co,Wxa-
Wherein, 101 is http response conditional code (101: customer requirement server is according to request conversion http protocol version), Origin must equal the source of HTTPUpgrade request, Location must equal the address of HTTPUpgrade request, Protocol must comprise the sub-protocol name of HTTPUpgrade request, " 8jKS ' y:G*Co, Wxa-" for the data of 16 bytes of the Key structure in being asked by HTTPUpgrade, carries out the value that md5 encryption obtains 16 bytes;
(2) transfer of data:
After Websocket connection establishment, Websocket Frame just can carry out transmission back with the pattern of full duplex between Web client and Web server.
Embodiment one
As shown in Figure 1, the embodiment of the present invention one provides a kind of communication means of sing on web socket agreement, comprises the steps:
S101, the first Web server sends random value to Web browser;
Particularly, authentication module is deployed in arbitrary Web server, described authentication module is for completing the certification of described Web browser, described Web server is claimed to be the first Web server, described first Web server receive described Web browser send the first authentication request, if described first Web server is not also to described Web browser certification, then send the unverified message carrying random value.
S102, the first Web server receives the second authentication request of Web browser;
Particularly, described second authentication request carries user name, described Web browser IP address and the first summary, and described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Particularly, summary process generates unique data to data through summary Processing Algorithm.
S103, the second summary and first is made a summary and is compared by the first Web server, if described first summary and described second is made a summary identical, then distributes unique ID, described ID is returned to Web browser and is distributed to the second Web server;
Particularly, described first Web server obtains password according to described user name from database, with described user name, described Web browser IP address, described random value, obtains the second summary through irreversible summary.
S104, the second Web server, when comparing the ID obtained from described Web browser and being identical with the ID obtained from the first Web server, is set up Websocket data transmission channel with described Web browser, is conversated;
Particularly, when the described Websocket data transmission channel of described first Web server between described second Web server and described Web browser does not use for a long time, described Websocket data transmission channel is closed.
In the communication means of the sing on web socket generic connectivity agreement that the embodiment of the present invention provides, Web browser initiates authentication request, first Web server distributes unique ID through certification, and ID is returned to Web browser and the second Web server, Web browser initiates the connection request with the second Web server, consistent through ID comparison, then set up Websocket data transmission channel.Authentication module is deployed in one of them Web server by the present embodiment, by the mode of Collective qualification, makes the Websocket data transmission channel set up can realize the safe transmission of data.
Embodiment two
As shown in Figure 2, the embodiment of the present invention two provides a kind of communication means of sing on web socket generic connectivity agreement, comprises the steps:
S201, Web browser sends the first authentication request to the first Web server, and receives the unverified message that described first web server returns, and this unverified message comprises random value; Initiate the first authentication request and receive the return information of the first Web server;
Concrete, initiate described first authentication request, concrete example by the smjs module of described Web browser, described first authentication request can be:
https:\\163.com\auth\session(put)
Described first Web server judges described first authentication request, if described Web server does not also carry out certification to described Web browser, then returns the unverified message of carrying random value.
S202, described Web browser initiates the second authentication request.
Particularly, described second authentication request can be HTTP request, concrete example, Ke Yiwei:
https:\\163.com\auth\session(put)
Described second authentication request comprises user name, browser IP address and the first summary, and the user name of user, password, browser IP address and described random value are carried out irreversible summary process by affiliated browser and obtain by described first summary.
S203, described first Web server obtains password according to user name from database, carries out irreversible summary process and obtains the second summary, is made a summary by described first summary and described second and compares, if identical, distribute unique ID.
Further, described ID is returned to this Web browser by described first Web server, and is distributed to the second Web server.
S204, Web browser initiates the connection request with the second Web server, and described connection request carries described ID.
S205, described Web server obtains described ID according to this connection request, and compares with the ID that receives from the first web server in S203, if identical, then allows to connect.
Particularly, after relatively more consistent, Websocket data transmission channel set up by described Web browser and described Web server.
Further, in the present embodiment, also comprise:
S206, described first Web server cuts out the described Websocket data transmission channel between described Web browser and described Web server.
Embodiment three
Based on the communication means of the sing on web socket generic connectivity agreement described in embodiment two, as shown in Figure 3, the embodiment of the present invention three provides a kind of Websocket generic connectivity data transmission channel encryption method, comprises the steps:
S301, Web browser initiates to obtain PKI request, and Web server returns public key information;
S302, described Web browser generates the first dynamic password, and described first dynamic password is generated according to described public key encryption by described Web browser;
S303, described Web browser initiates to obtain sensitive data request to described Web server, and described request carries described first dynamic password;
S304, described Web server uses described first dynamic password of private key deciphering to obtain the second dynamic password;
S305, described Web server obtains sensitive data and the described sensitive data using described second dynamic password encryption to obtain, and sends to described Web browser;
S306, described Web browser uses the first dynamic password to decipher the sensitive data of described encryption.
In the Websocket data transmission channel encryption method of this example, create the first dynamic password by Web browser and send to Web server, Web server uses described first dynamic password to be encrypted the data obtained, and the data after encryption are returned to Web browser, thus realize the safety data transmission of Websocket generic connectivity between Web browser and Web server.Achieve and on demand data are encrypted, save CPU and take, lower resource occupation.
Embodiment four
As shown in Figure 4, according to the communication means of the sing on web socket generic connectivity agreement of embodiment two, the embodiment of the present invention four provides a kind of Web server 1, comprising: receiving element 101, processing unit 102, transmitting element 103 and monitoring unit 104;
Described receiving element 101, for receiving the first authentication request of described Web browser, if described Web server is not also to described Web browser certification, then described transmitting element 103 sends unverified message to described Web browser, and described unverified message carries described random value;
Described receiving element 101, also for receiving the second authentication request of described Web browser, described second authentication request carries the user name of user, described Web browser IP address and the first summary, wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Described processing unit 102, for obtaining password according to user name from database, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described second summary and described first is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID, and described ID be distributed to described Web browser and be distributed to the second Web server, set up Websocket data transmission channel to make described Web browser and described second Web server according to described ID;
Described monitoring unit 104, for monitor session, when the Websocket data transmission channel between described second Web server and described Web browser does not use for a long time, closes described Websocket data transmission channel.
Embodiment five
As shown in Figure 5, according to the Websocket generic connectivity data transmission channel encryption method of embodiment three, the embodiment of the present invention five provides a kind of Web server, comprises receiver module 201, processing module 202, sending module 203;
The acquisition PKI request that described receiver module 201 is initiated for receiving Web browser, and described PKI is returned to described Web browser 3;
Described receiver module 201, also for receiving the acquisition request of data that described Web browser 3 is initiated, described request carries the first dynamic password, and described first dynamic password is generated according to described public key encryption by Web browser 3;
Described processing module 202, for utilizing private key to the described first dynamic password deciphering through described public key encryption, obtaining the second dynamic password, then using the data that described second dynamic password encryption obtains;
Described sending module 203, for sending to described Web browser 3 by the described data of encryption.
Embodiment six
As shown in Figure 6, the embodiment of the present invention six provides a kind of Web communication system, comprising: Web browser 3, first Web server 1 and the second Web server 2;
Described Web browser 3, for sending the first authentication request to described first Web server 1, if described first Web server 1 is not also to described Web browser certification, then described Web browser 3 receives the unverified message that described first Web server 1 returns, and described unverified message carries random value.
Described Web browser 3, also obtain the first summary for the user name of user, password, browser IP address and the random value from the first Web server 1 are carried out irreversible summary process, then send the second authentication request to described first Web server 1, described second authentication request carries described user name, described Web browser IP address and described first summary;
Described Web browser also for, initiate connection request to described second Web server 2, described connection request carries unique ID, and described unique ID is that described first Web server 1 sends after the certification of described Web browser 3;
Described first Web server comprises: receiving element 101, transmitting element 103, processing unit 102 and monitoring unit 104;
Described transmitting element 103, for sending random value to web browsing 3;
Described receiving element 101, for receiving the second authentication request of described Web browser 3, described second authentication request carries the user name of user, described Web browser IP address and the first summary, wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser 3 by described first summary;
Described processing unit 102, for obtaining password according to user name from database, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described first summary and described second is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID, and described ID be distributed to described Web browser and be distributed to the second Web server;
Described monitoring unit 104, for monitor session, when the Websocket data transmission channel between described second Web server and described Web browser does not use for a long time, closes described Websocket data transmission channel;
Described second Web service 2 comprises Websocket data channel link block 204, for when the relatively described ID obtained from described Web browser is identical with the ID obtained from described first Web server, set up Websocket data transmission channel with described Web browser;
Described second Web server also comprises: receiver module 201, processing module 202, sending module 203;
Described receiver module 201, for receiving the acquisition PKI request that described web browsing 3 is initiated, and sends described PKI;
Described receiver module 201, also for receiving the acquisition sensitive data request that described Web browser 3 is initiated, the request of described acquisition sensitive data carries the first dynamic password, and described first dynamic password is generated according to described public key encryption by described Web browser 3;
Described processing module 202, for obtaining the second dynamic password according to private key to described first dynamic password deciphering, uses described second dynamic password to the sensitive data encryption obtained;
Described sending module 203, for sending to described Web browser 3 by the sensitive data of described encryption.
Claims (10)
1. a communication means for sing on web socket agreement, comprising:
First Web server sends random value to Web browser;
Described first Web server receives the second authentication request of described Web browser, and described second authentication request carries the user name of user, described Web browser IP address and the first summary; Wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Described first Web server obtains password according to described user name from database, with described user name, described Web browser IP address, described random value, obtains the second summary through irreversible summary process;
Described first summary and second is made a summary and is compared by described first Web server, if described first summary and described second is made a summary identical, then distributes unique ID;
Described ID is distributed to described Web browser and the second Web server by described first Web server, so that described second Web server is when comparing the ID obtained from described Web browser and being identical with the ID obtained from the first Web server, set up Websocket data transmission channel with described Web browser, conversate.
2. method according to claim 1, is characterized in that, also comprises:
Described first Web server receives the first authentication request that described Web browser sends, if described first Web server does not also carry out certification to described Web browser, then described first Web server sends unverified message to described Web browser, and described unverified message carries described random value.
3. method according to claim 1, is characterized in that, also comprises:
When the described Websocket data transmission channel of described first Web server between described second Web server and described Web browser does not use for a long time, close described Websocket data transmission channel.
4. a Web server, comprising: receiving element, transmitting element and processing unit;
Described transmitting element is used for sending random value to Web browser;
Described receiving element is for receiving the second authentication request of described Web browser, described second authentication request carries the user name of user, described Web browser IP address and the first summary, wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Described processing unit is used for, from database, password is obtained according to user name, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described second summary and described first is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID, and described ID be distributed to described Web browser and be distributed to the second Web server, set up Websocket data transmission channel to make described Web browser and described second Web server according to described ID.
5. Web server according to claim 4, it is characterized in that, described receiving element is also for receiving the first authentication request of described Web browser, if described Web server is not also to described Web browser certification, then described transmitting element sends unverified message to described Web browser, and described unverified message carries described random value.
6. Web server according to claim 4, it is characterized in that, also comprise monitoring unit, described monitoring unit is used for monitor session, when Websocket data transmission channel between described second Web server and described Web browser does not use for a long time, close described Websocket data transmission channel.
7. a Web communication system, comprising: web browser, the first web server and the second web server;
Described Web browser is used for, the user name of user, password, browser IP address and the random value from the first Web server are carried out irreversible summary process and obtains the first summary, then send the second authentication request to described first Web server, described second authentication request carries described user name, described Web browser IP address and described first summary;
Described Web browser also for, to described second Web server initiate connection request, described connection request carries unique ID, and described unique ID is that described first Web server sends after described Web browser certification;
Described first Web server comprises: receiving element, transmitting element and processing unit;
Described transmitting element is used for sending random value to Web browser;
Described receiving element is for receiving the second authentication request of described Web browser, described second authentication request carries the user name of user, described Web browser IP address and the first summary, wherein, described user name, password, described Web browser IP address and described random value are obtained through irreversible summary process by described Web browser by described first summary;
Described processing unit is used for, from database, password is obtained according to user name, with described user name, described Web browser IP address, described random value, the second summary is obtained through irreversible summary process, described first summary and described second is made a summary and compares, if described first summary and described second is made a summary identical, then distribute unique ID, and described ID be distributed to described Web browser and be distributed to the second Web server;
Described second Web server comprises Websocket data channel link block, for when comparing the ID obtained from described Web browser and being identical with the ID obtained from described first Web server, sets up Websocket data transmission channel with described Web browser.
8. Web communication system according to claim 7, is characterized in that, described second Web server also comprises: receiver module, processing module, sending module;
The acquisition PKI request that described receiver module is initiated for receiving described Web browser, and send described PKI;
Described receiver module also for, receive described Web browser initiate the request of acquisition sensitive data, the request of described acquisition sensitive data carries the first dynamic password, and described first dynamic password is generated according to described public key encryption by described Web browser;
Described processing module also for, according to private key to described first dynamic password deciphering obtain the second dynamic password, use described second dynamic password to obtain sensitive data encryption;
Described sending module is used for the sensitive data of described encryption to send to described Web browser.
9. Web communication system according to claim 7, it is characterized in that, described Web browser is also for sending the first authentication request to described first Web server, if described first Web server is not also to described Web browser certification, then described Web browser receives the unverified message that described first Web server returns, and described unverified message carries random value.
10. Web communication system according to claim 7, it is characterized in that, described first Web server also comprises monitoring unit, described monitoring unit is used for monitor session, when Websocket data transmission channel between described second Web server and described Web browser does not use for a long time, close described Websocket data transmission channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310023388.2A CN103108037B (en) | 2013-01-22 | 2013-01-22 | A kind of communication means, Web server and Web communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310023388.2A CN103108037B (en) | 2013-01-22 | 2013-01-22 | A kind of communication means, Web server and Web communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103108037A CN103108037A (en) | 2013-05-15 |
| CN103108037B true CN103108037B (en) | 2015-12-02 |
Family
ID=48315604
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310023388.2A Active CN103108037B (en) | 2013-01-22 | 2013-01-22 | A kind of communication means, Web server and Web communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103108037B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
| CN104734936A (en) * | 2013-12-19 | 2015-06-24 | 中兴通讯股份有限公司 | Instant message processing method, device and system |
| CN106411953A (en) * | 2016-11-30 | 2017-02-15 | 深圳前海弘稼科技有限公司 | Planting box login method and device |
| JP6751269B2 (en) * | 2017-06-30 | 2020-09-02 | 京セラドキュメントソリューションズ株式会社 | Remote communication control system, session management system and session management program |
| CN107733890B (en) * | 2017-10-17 | 2020-12-29 | 广州亦云信息技术股份有限公司 | Cross-network communication method based on web protocol, electronic equipment, storage medium and system |
| CN110225092B (en) * | 2019-05-14 | 2022-06-14 | 无线生活(杭州)信息科技有限公司 | Communication method and WebSocket server |
| CN110611719B (en) * | 2019-10-16 | 2022-04-19 | 四川虹美智能科技有限公司 | Message pushing method, server and system |
| CN114448962B (en) * | 2022-01-17 | 2023-08-22 | 南昌华勤电子科技有限公司 | Web application instant message notification system, method and server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1830190A (en) * | 2003-07-29 | 2006-09-06 | 汤姆森特许公司 | Controlling access to a network using redirection |
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101783801A (en) * | 2010-01-29 | 2010-07-21 | 福建星网锐捷网络有限公司 | Software protection method based on network, client side and server |
| CN102547701A (en) * | 2010-12-24 | 2012-07-04 | 中国移动通信集团公司 | Authentication method and wireless access point as well as authentication server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9208211B2 (en) * | 2011-03-23 | 2015-12-08 | Red Hat, Inc. | Performing object relational mapping for a data grid |
-
2013
- 2013-01-22 CN CN201310023388.2A patent/CN103108037B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1830190A (en) * | 2003-07-29 | 2006-09-06 | 汤姆森特许公司 | Controlling access to a network using redirection |
| CN101127600A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | A method for user access authentication |
| CN101783801A (en) * | 2010-01-29 | 2010-07-21 | 福建星网锐捷网络有限公司 | Software protection method based on network, client side and server |
| CN102547701A (en) * | 2010-12-24 | 2012-07-04 | 中国移动通信集团公司 | Authentication method and wireless access point as well as authentication server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103108037A (en) | 2013-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103108037B (en) | A kind of communication means, Web server and Web communication system | |
| Andy et al. | Attack scenarios and security analysis of MQTT communication protocol in IoT system | |
| US10686850B2 (en) | Enterprise client-server system and methods of providing web application support through distributed emulation of websocket communications | |
| Kumar et al. | Implementation and analysis of QUIC for MQTT | |
| CN102546800B (en) | Handshake and communication methods for gateway, gateway and Web communication system | |
| EP3275162B1 (en) | Systems and techniques for web communication | |
| EP1892887B1 (en) | Communication method between communication devices and communication apparatus | |
| CN104009938B (en) | The long method and system connected based on route aspect | |
| CN105103522A (en) | Law latency server-side redirection of UDP-based transport protocols traversing client-side NAT firewall | |
| US9936036B2 (en) | Method and system for indirectly establishing a unique communication channel between a plurality of devices | |
| CN102868728B (en) | Network proxy method based on virtual channel in virtual desktop infrastructure (VDI) environment | |
| CN103401946B (en) | HTTP uploads accelerated method and system | |
| CN104767742A (en) | Safe communication method, gateway, network side server and system | |
| Năstase et al. | An experimental evaluation of application layer protocols for the internet of things | |
| CN104010001A (en) | Method and system for carrying out connection communication on same networking requests in mobile terminal | |
| CN101202965B (en) | Method for transmitting safe point-to-point short message facing to connectionless | |
| JP6393475B2 (en) | Communication adapter device, communication system, tunnel communication method, and program | |
| CN100428748C (en) | Dual-status-based multi-party communication method | |
| CN101217532B (en) | An anti-network attack data transmission method and system | |
| CN110995730B (en) | Data transmission method and device, proxy server and proxy server cluster | |
| CN113572678A (en) | Instant messaging method realized based on websocket | |
| WO2011160390A1 (en) | Method and system for managing agent network equipment | |
| Juste et al. | Litter: A lightweight peer-to-peer microblogging service | |
| CN114301968B (en) | Access method, system, equipment and storage medium of server | |
| CN105812416B (en) | The method and system of file is transmitted between heterogeneous networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |