Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application.
It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from
In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determination ".
Presently, there are aiming at the problem that, the application provides a kind of solution for establishing the long connection of client and server-side.
The network environment of the solution includes: client, connection server, key server and service server.The client
End is typically mounted on subscriber terminal equipment, and user can access the service server of software supplier by client.Institute
State connection server connection client and service server, the message communicated between transfer client and service server.It is described
Key server is used to provide the information such as key, connection server address for client.
Referring to FIG. 1, Fig. 1 is the method for establishing client and the long connection of server-side that one embodiment of the application provides, it should
Method application is on the client, comprising the following steps:
Step 101, key, connection ID and connection server address are obtained from key server.
In the present embodiment, the key server is used to provide key for client, connection ID, connects server
The information such as location, key expiration time.For user when being logged in using client, client obtains data to from the key server
Key used in communicating, and used connection ID and connection server address are communicated with service server.The connection
ID is the unique identification of client communication, and the connection ID of different clients is different, and the connection server address can be multiple.
Step 102, according to the connection server address, connection request is sent to the connection server, the connection
The connection ID is carried in request, so that the connection server is corresponding to the key server acquisition connection ID
Key.
Based on the connection server address that step 101 is got, client is with can randomly selecting a connection server
Location is initiated the connection to it, and carries the connection ID that key server provides in a connection request, and the connection server is receiving
To after connection request, corresponding key is obtained to the key server according to the connection ID.
Step 103, mutually decryption verification is carried out by the key between the connection server, and is verified in decryption
Connection is established with the connection server by rear.
In the present embodiment, it is based on step 101, client gets key from key server, is based on step 102, even
The key can also be got according to the connection ID carried in client connection request from key server by connecing server.In this step
In rapid, client and connection server pass through according to the key progress mutually decryption verification respectively got if decryption verifies,
Connection server can send successful connection message to notify client connection to be successfully established.
Step 104, heartbeat message is sent to the connection server by the preset time cycle.
Client with connect after server is successfully established connection, by sending heartbeat message periodically come the company of maintenance
The validity connect, in order to which client receives the message of the connection server push.
By the application client it can be seen from above description before being communicated with server-side, first obtained from key server close
Key, connection ID and the connection information such as server address, then client and connection server by carry out mutually decryption verification with
Handshake procedure is completed, is connected subsequently through heartbeat message maintenance and the long of server-side.The application is assisted using the communication of autonomous Design
View, and can realize that the data to user's transmission are encrypted simultaneously, safety is higher.
Referring to FIG. 2, Fig. 2 is the method for establishing client and the long connection of server-side that one embodiment of the application provides, it should
Method is applied on connection server, comprising the following steps:
Step 201, the connection request that client is sent is received, the connection ID of client is carried in the connection request.
Step 202, the corresponding key of the connection ID is obtained from key server.
In the present embodiment, connection server is after the connection request for receiving client transmission, from the connection request
The middle connection ID for obtaining client and carrying, is then sent to key server for the connection ID, is to obtain key server
Send the key of the client distribution of the connection request.
Step 203, mutually decryption verification is carried out by the key between the client, and passed through in decryption verification
Connection is established with the client afterwards.
In the present embodiment, connection server is mutually decrypted based on the key and client got in step 202
Verification sends successful connection message if decryption verification passes through to notify client connection to be successfully established.
Step 204, the heartbeat message that client is sent is received, to safeguard and the connection before client.
Connection server by the application it can be seen from above description after receiving the connection request of client, first from
Key server, which obtains, is handed down to the key of client, then connect server and client side by carry out mutually decryption verification with
Handshake procedure is completed, is connected subsequently through the heartbeat message maintenance and the long of client that receive.The application uses autonomous Design
Communications protocol, and can realize simultaneously to user transmission data be encrypted, safety is higher.
Below with specific implementation during, client and server-side are illustrated for establishing the process of long connection.
Fig. 3 and Fig. 4 are please referred to, what one embodiment of the application provided establishes client and the long method connected of server-side, should
Method the following steps are included:
Step 301, client obtains key, connection ID and connection server address from key server.
In this step, the domain name that the key server would generally be preserved in client, when user uses client
After login system, such as: user inputs username and password on client end interface, and client will be according to the cipher key service of preservation
The information such as the log-on message of user, terminal type and version number are sent to described by key server described in device domain name access
Key server.
Key server is that the client creates key, key expiration time, connection ID, and saves according to above- mentioned information
State the corresponding relationship of information and client log-on message.Meanwhile the key server can also summarize the current client can be with
The connection server address used.Wherein, the key is enciphering and deciphering algorithm, such as: DES (Data Encryption
Standard, data encryption algorithm), AES (Advanced Encryption Standard, Advanced Encryption Standard) etc., this Shen
Please with no restrictions to enciphering and deciphering algorithm.The connection ID and the log-on message of user are corresponding, are the clients in communication process
Used in unique identification, the key server be different clients create different connection IDs.The connection server
Address includes: connection server ip address and port numbers, the connection server address are usually multiple.The cipher key service
The information such as above-mentioned key, key expiration time, connection ID and connection server address are returned to client by device.
Certainly, client is during with key server communication, can also the certificate of authentication secret server whether close
Method is effectively and whether domain name matches etc., and those skilled in the art can be known according to realization process in the related technology, this Shen
It please details are not described herein.
Step 302, client sends connection request to the connection server according to the connection server address.
In this step, client can randomly select a company in the connection server address that key server returns
It connects server and initiates the connection request, and carry connection ID in the connection request.
Step 303, connection server receives the connection request, and it is corresponding close to obtain the connection ID from key server
Key.
In this step, connection server therefrom obtains client and takes after the connection request for receiving client transmission
The connection ID of band, is then sent to key server for the connection ID, and key server sends out the corresponding key of the connection ID
Give the connection server.So far, client and connection server all obtain the key, and then can be according to described close
Verification is decrypted in key.
If the connection server obtains the corresponding key failure of the connection ID, such as: Network Abnormal causes described
Connection server is not received by the key within the preset time, then the connection server disconnects the company with client
It connects, client re-execute the steps 301 after the error is detected.
Step 304, connection server is obtained by the first initial data and according to the first initial data of key encryption
The first encryption data be sent to client.
In this step, the connection server is getting the corresponding key of client connection ID, that is, cipher key service
After device is handed down to the key of client, first initial data is generated at random, then using key encryption described first
Initial data obtains the first encryption data, and first initial data and first encryption data are sent to client, with
It decrypts and verifies for client.
Step 305, client decrypts first encryption data according to the key got from key server.
In this step, client judge to decrypt data that first encryption data obtains whether with it is described first original
Data are consistent, if unanimously, confirming that the decryption verification of this side passes through, going to step 306.If it is inconsistent, disconnecting and the company
The connection for connecing server, re-execute the steps 301.
Step 306, client sends the second initial data and encrypts the second encryption number that second initial data obtains
According to the connection server.
In this step, client generates second initial data at random, then makes after the decryption verification of this side passes through
Second initial data, which is encrypted, in the key that key server is got with it obtains the second encryption data, it is former by described second
Beginning data and the second encryption data are sent to the connection server, so that verification is decrypted in the connection server.
Step 307, connection server decrypts second encryption data.
In this step, the connection server is according to the key decryption got from key server second encryption
Data, whether the data for then judging that decryption second encryption data obtains are consistent with the second initial data, if unanimously,
Confirm that the decryption verification of this side passes through, goes to step 308.It is disconnected if inconsistent and the connection of client, client is detecting
301 are re-execute the steps after mistake.
Step 308, connection server sends successful connection message to the client.
So far, client receive connection server send successful connection message after, would have been completed with it is described
The handshake procedure of server is connected, success establishes connection with the connection server.
Step 309, client sends heartbeat message to the connection server by the preset time cycle.
Client can safeguard the connection by sending heartbeat message after being successfully established connection with connection server
It does not interrupt, the preset time cycle can be arranged by developer.The connection server is receiving client transmission
It is to safeguard that the connection of itself and client is not interrupted after heartbeat message.If the connection server does not have within the preset time
The heartbeat message of client transmission is received, for example, being all not received by the heartbeat message of client transmission in 2 minutes, then
The disconnecting of confirmation and client sends error message to client, so that client re-establishes connection.Certainly, in reality
During border is realized, it is contemplated that the factors such as network oscillation are likely to result in message delay, can also take retry mechanism, such as: even
Continuous 3 in 2 minutes, i.e., are all not received by the heartbeat message of client transmission, then confirm disconnecting in 6 minutes.
So far, long connection is just established between client and connection server, based on the long connection, client can lead to
The connection server and service server communication are crossed, and is encrypted during communication using above-mentioned data key.
Specifically, service server is sent to by the connection server after client encrypts data message according to the key,
It is decrypted after the data message reaches connection server by connection server, and the data message after decryption is sent to
Service server.This is because being usually to transmit data, network security in Intranet between service server and connection server
Property it is relatively high, it is possible to do not encrypt, directly transmitting in plain text.
The PUSH message after the PUSH message of platform, is sent to connection server, institute upon receipt by service server
It states connection server to encrypt the PUSH message, client is then transmitted to by the long connection.Wherein, specifically
Push process those skilled in the art can be with reference to realization rate in the related technology, and the application is without limitation.
Referring to FIG. 5, the message format figure in a kind of embodiment of the application.
Wherein, magic_num is fixed integer, such as 832024031, is equivalent to the ID of type of message, is not needed pair
It is handled.
Type field is for indicating type of message, comprising: uplink downlink, is shaken hands, PUSH message, heartbeat message etc..
Status field is for indicating communication type, encryption type, type of coding etc..
Proto_size field is used to indicate the byte number of structural data.
Checksum field is easy check code.
App_data field can encrypt the field for carrying data, the data such as comparison PUSH message.
Certainly, other message formats can be used also to realize that the application, the application do not do this in those skilled in the art
Limitation.
By the application client it can be seen from above description before being communicated with server-side, first obtained from key server close
Key, connection ID and the connection information such as server address, then client and connection server by carry out mutually decryption verification with
Handshake procedure is completed, is connected subsequently through heartbeat message maintenance and the long of server-side.The application is assisted using the communication of autonomous Design
View, and can realize that the data to user's transmission are encrypted simultaneously, safety is higher.
Corresponding with the embodiment of the method that the application establishes client and the long connection of server-side, present invention also provides one kind
Establish the embodiment of the device of client and the long connection of server-side.Taking software implementation as an example, described device may operate in user
On terminal device, as the operation carrier of the application device, the subscriber terminal equipment typically at least include CPU, memory with
And nonvolatile memory, it is also possible to including hardware such as I/O interfaces.Fig. 6 and Fig. 7 are please referred to, the application establishes client kimonos
The apparatus structure schematic diagram that end length of being engaged in connects, described device includes: first acquisition unit, request transmitting unit, the first verification
Unit, the first heartbeat unit, data transmission unit and data receipt unit.
Wherein, the first acquisition unit obtains key, connection ID and connection server address from key server.
The request transmitting unit sends connection request to the connection server according to the connection server address,
The connection ID is carried in the connection request, so that the connection server obtains the connection to the key server
The corresponding key of ID.
Mutually decryption verification is carried out by the key between first verification unit, with the connection server, and
In decryption verification by establishing connection with the connection server afterwards;
The first heartbeat unit sends heartbeat message to the connection server by the preset time cycle.
Further, it is mutually decrypted between first verification unit and the connection server by the key
Verification, and include: by establishing connection with the connection server afterwards in decryption verification
First obtained after connection server is encrypted according to its key got from key server is received to add
Ciphertext data and the first initial data;
First encryption data is decrypted according to the key got from key server;
When the data that decryption first encryption data obtains are consistent with first initial data, confirmation decryption verification
Pass through, and sends the second initial data and encrypt the second encryption data that second initial data obtains and serviced to the connection
Device;
It receives the connection server and verifies the successful connection message sent after successfully second encryption data in decryption.
Further, when decrypting the data and inconsistent first initial data that first encryption data obtains,
The first acquisition unit obtains key, connection ID and connection server address from key server again.
Further, the first acquisition unit obtains key, connection ID and connection server address from key server
It include: that log-on message is sent to the key server;Receive what the key server was returned according to the log-on message
Key, connection ID and connection server address.
Further, described device further include:
Data transmission unit is sent to business by the connection server after encrypting data message according to the key
Server.
Data receipt unit carries out after receiving the encryption data message that the connection server is sent according to the key
Decryption is to obtain initial data.
Present invention also provides a kind of embodiments of device for establishing client and the long connection of server-side.It is implemented in software to be
Example, described device may operate on connection server, and as the operation carrier of the application device, the connection server is usual
Including at least having CPU, memory and nonvolatile memory, it is also possible to including hardware such as I/O interfaces.Fig. 8 and Fig. 9 are please referred to,
Described device includes: request reception unit, second acquisition unit, the second verification unit, the second heartbeat unit and encryption turn
Bill member.
Wherein, the request reception unit receives the connection request that client is sent, carries visitor in the connection request
The connection ID at family end.
Second acquisition unit obtains the corresponding key of the connection ID from key server.
Mutually decryption verification is carried out by the key between second verification unit, with the client, and in decryption school
It tests and establishes connection with the client by rear.
Second heartbeat unit receives the heartbeat message that client is sent, with the connection between maintenance and client.
Further, mutually decryption school is carried out by the key between second verification unit and the client
It tests, and includes: by establishing connection with the client afterwards in decryption verification
The first encryption data transmission that the first initial data obtains is encrypted by the first initial data and according to the key
Client;
Reception client verifies the second initial data sent after successfully first encryption data and second in decryption and adds
Ciphertext data;
When the data that decryption second encryption data obtains are consistent with second initial data, successful connection is sent
Message gives the client.
Further, when decrypting the data and inconsistent second initial data that second encryption data obtains,
Second verification unit disconnects and the connection of the client.
Further, when being not received by the heartbeat message of client transmission within the preset time, second heartbeat
The disconnecting between unit confirmation and client.
Further, described device further include:
Retransmission unit is encrypted, is forwarded after service server is sent to the PUSH message encryption of client by the connection
To the client.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying
Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.