CN104601541B

CN104601541B - Method, server and the user equipment of data transmission

Info

Publication number: CN104601541B
Application number: CN201410736781.0A
Authority: CN
Inventors: 孟斌
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-12-05
Filing date: 2014-12-05
Publication date: 2018-12-07
Anticipated expiration: 2034-12-05
Also published as: CN104601541A

Abstract

The embodiment of the invention discloses method, server and the user equipmenies of a kind of transmission of data, this method comprises: after the first connection between server and user equipment is established, server sends the first connection identifier to user equipment, and the first connection identifier is for identifying the first connection；Server receives the request message for establishing transmission control protocol TCP connection that user equipment is sent, the request message of TCP connection is established for requesting second established between user equipment and server to connect, second is connected as TCP connection, and the request message for establishing TCP connection carries the first connection identifier；Server receives establish the request message of TCP connection after, according to the first connection identifier, establish the second connection；Server is carried out data transmission by the second connection with user equipment.The embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.

Description

Method, server and the user equipment of data transmission

Technical field

The present invention relates to the communications field, in particular to a kind of method, server and the user equipment of data transmission.

Background technique

The process of existing transmission control protocol (Transmission Control Protocol, TCP) connection, including with The process of lower three-way handshake, 1 user equipment first send the request for establishing TCP connection to server；2 servers are receiving visitor The handshake at family end distributes resource after synchronization signal (synchronous, SYN) request for this request, and will request It is put into " half linked queue ".Last server confirms character (synchronous to client computer loopback synchronization signal Acknowledgement, SYN ACK) message.If a request is more than to be expected in half linked queue residence time, this Request and its corresponding resource of having distributed can be released.After 3 client computer receive SYN ACK message, confirm to server response Character (Acknowledgement, ACK) message.Server will be correspondingly connected with request from " half links after receiving ACK message It is deleted in queue ".So far this link transmit-receive data can be used between client-server.

The attack of TCP refers to the TCP connection request for sending and largely forging, so that (CPU is full by attacker's resource exhaustion Load or low memory) attack pattern.The attack protection of TCP all must be taken into consideration in the existing application based on TCP connection.It is all in TCP Foremost in more attack patterns is transmission control protocol synchronization signal mighty torrent (Transmission Control Protocol Synchronous Flood, TCP SYN Flood) attack, what TCP SYN Flood attack utilized is that server requests SYN The characteristics of being put into half linked queue sends a large amount of false SYN request packets to server in a short time, leads to TCP server Half-connection queue is overworked or causes very big burden to server, and server cisco unity malfunction is eventually led to.In order to prevent TCP attack, so usual server can also be taken and take current limiting measures together.This current limiting measures is can not to identify true and false TCP Request only carries out upper limit control to the request flow for entering system, and guarantee system is not collapsed.

The attack protection function of existing server end is that this request can not be identified from a normal users equipment or It is set up the user equipment of connection, therefore the request of this user equipment may be discarded when server faces attack, Influence user experience.

Summary of the invention

The embodiment of the invention provides a kind of method, server and user equipmenies for data transmission, can prevent TCP Attack promotes user experience.

In a first aspect, providing a kind of method of data transmission, comprising: first between server and user equipment connects After connecing foundation, which sends the first connection identifier to the user equipment, and first connection identifier is for identifying first company It connects；The server receives the request message for establishing transmission control protocol TCP connection of user equipment transmission, this establishes TCP company For the request message connect for request second established between the user equipment and the server connection, this second is connected as TCP connection, The request message for establishing TCP connection carries first connection identifier；The server receives the request for establishing TCP connection and disappears After breath, according to first connection identifier, second connection is established；The server is carried out by second connection with the user equipment Data transmission.

With reference to first aspect, in the first possible implementation, which receives this and establishes asking for TCP connection After seeking message, according to first connection identifier, establish this second connection, comprising: the server determine first connection identifier with A connection identifier in connection identifier database matches；The server receives after this establishes the request message of TCP connection, Response message is sent to the user equipment；The server receives the confirmation message of user equipment transmission.

With reference to first aspect or the first possible implementation, in the second possible implementation, the server The first connection identifier is sent to the user equipment, comprising: the server is sent by 200OK response message to the user equipment should First connection identifier, wherein first connection identifier is located in the header field of the 200OK response message.

With reference to first aspect, any possible implementation in the first to second possible implementation, In three kinds of possible implementations, received after this establishes the request message of TCP connection in the server, according to first connection Mark, after establishing second connection, further includes: the server sends the second connection identifier to the user equipment, second connection Mark is for establishing third connection between the user equipment and the server.

With reference to first aspect, first any possible implementation into the third possible implementation, In four kinds of possible implementations, this first is connected as TCP connection, the server by second connection and the user equipment into Row data transmission, comprising: the server restores or continue the business based on first connection in second connection.

With reference to first aspect, any possible implementation in first to fourth kind of possible implementation, In five kinds of possible implementations, this first is connected as UDP connection, the server by second connection and the user equipment into Row data transmission, comprising: the server receives the message data of user equipment transmission in second connection, wherein the report The capacity of literary data is greater than the threshold value of preset message data.

Second aspect provides a kind of method of data transmission, comprising: first between user equipment and server connects After connecing foundation, which receives the first connection identifier of server transmission, first connection identifier for identify this One connection；The user equipment sends the request message for establishing TCP connection to the server, and second established between the server connects It connects, wherein the request message for establishing TCP connection carries first connection identifier, which is used for The second connection between the user equipment and the server is established in request, this second is connected as TCP connection；The user equipment is by being somebody's turn to do Second connection carries out data transmission with the server.

In conjunction with second aspect, in the first possible implementation, which receives first that server is sent Connection identifier, comprising: the user equipment receives the 200OK response message of server transmission, wherein the first connection identifier position In in the header field of the 200OK response message.

In conjunction with the possible implementation of the first of second aspect or second aspect, in the second possible implementation This first is connected as TCP connection, which is carried out data transmission by second connection with the server, comprising: the use The business based on first connection is restored or continued to family equipment in second connection.

In conjunction with the possible implementation of the first of second aspect or second aspect, in the third possible implementation In, this first is connected as UDP connection, which is carried out data transmission by second connection with the server, comprising: this User equipment sends message data to the server in second connection, wherein the message data capacity is greater than preset report The threshold value of literary data.

In conjunction with first any possible realization into the third possible implementation of second aspect, second aspect Mode disappears in the user equipment to the request that TCP connection is established in server transmission in the fourth possible implementation Breath, after establishing the second connection between the server, further includes: the user equipment receives the second connection mark of server transmission Know, second connection identifier is for establishing third connection between the user equipment and the server.

The third aspect provides a kind of server, comprising: the first transmission unit, for server and user equipment it Between first connection establish after, to the user equipment send the first connection identifier, first connection identifier for identify this first Connection；Receiving unit, for receiving the request message for establishing transmission control protocol TCP connection of user equipment transmission, this is built For request second established between the user equipment and the server connection, this second is connected as the request message of vertical TCP connection TCP connection, the request message for establishing TCP connection carry first connection identifier；Response unit, for according to first connection Mark and received this of the receiving unit establish the request message of TCP connection, establish second connection；Transmission unit, for leading to Second connection for crossing response unit foundation carries out data transmission with the user equipment.

In conjunction with the third aspect, in the first possible implementation, the response unit determine first connection identifier with A connection identifier in connection identifier database matches, and receives the request message for establishing TCP connection in receiving unit Afterwards, response message is sent to the user equipment, and receives the confirmation message of user equipment transmission.

In conjunction with the possible implementation of the first of the third aspect or the third aspect, in second of possible implementation In, which sends first connection identifier to the user equipment by 200OK response message, wherein the connection Mark is located in the header field of the 200OK response message.

In conjunction with the third aspect, the third aspect the first to second possible implementation in any possible realization Mode, in the third possible implementation, further includes: the second transmission unit, for the response unit according to this first Connection identifier and received this of the receiving unit establish the request message of TCP connection, after establishing second connection, set to the user Preparation send the second connection identifier, and second connection identifier is for establishing third connection between the user equipment and the server.

In conjunction with first any possible realization into the third possible implementation of the third aspect, the third aspect Mode, in the fourth possible implementation, this first is connected as TCP connection, which establishes in the response unit This second connection on restore or continue based on this first connection business.

In conjunction with the third aspect, the third aspect first to fourth kind of possible implementation in any possible realization Mode, in a fifth possible implementation, this first is connected as UDP connection, which establishes in the response unit This second connection on receive the user equipment transmission message data, wherein the capacity of the message data be greater than preset report The threshold value of literary data.

Fourth aspect provides a kind of user equipment, comprising: the first receiving unit, in the user equipment and service After the first connection between device is established, the first connection identifier of server transmission is received, first connection identifier is for identifying First connection；Transmission unit is established between the server for sending the request message for establishing TCP connection to the server Second connection, wherein the request message for establishing TCP connection carries first connection identifier, this establishes the request of TCP connection For message for request second established between the user equipment and the server connection, this second is connected as TCP connection；Transmission is single Member, for being carried out data transmission by second connection with the server.

In conjunction with fourth aspect, in the first possible implementation, which receives server transmission 200OK response message, wherein first connection identifier is located in the header field of the 200OK response message.

In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in second of possible implementation In, this first is connected as TCP connection, which restores or continue the industry based on first connection in second connection Business.

In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in the third possible implementation In, this first is connected as UDP connection, and the second connection is upper sends message data to the server at this for the transmission unit, wherein this Message data capacity is greater than the threshold value of preset message data.

In conjunction with first any possible realization into the third possible implementation of fourth aspect, fourth aspect Mode, in the fourth possible implementation, further includes: the second receiving unit, in the transmission unit to the server The request message for establishing TCP connection is sent, after establishing the second connection between the server, receives the second of server transmission Connection identifier, second connection identifier is for establishing third connection between the user equipment and the server.

Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent Device is the first connection identifier that user equipment is sent, and the server is according to first connection identifier and the request for establishing TCP connection Message establishes TCP connection, and the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promotes the experience of legitimate user.

Detailed description of the invention

In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention Attached drawing is briefly described, it should be apparent that, drawings described below is only some embodiments of the present invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.

Fig. 1 is the method flow schematic diagram of data transmission according to an embodiment of the invention.

Fig. 2 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.

Fig. 3 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.

Fig. 4 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.

Fig. 5 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.

Fig. 6 is the schematic block diagram of server according to an embodiment of the invention.

Fig. 7 is the schematic block diagram of server according to another embodiment of the present invention.

Fig. 8 is the schematic block diagram of user equipment according to an embodiment of the invention.

Fig. 9 is the schematic block diagram of user equipment according to another embodiment of the present invention.

Figure 10 is the schematic block diagram of server according to another embodiment of the present invention.

Figure 11 is the schematic block diagram of user equipment according to another embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiment is a part of the embodiments of the present invention, rather than whole embodiments.Based on this hair Embodiment in bright, those of ordinary skill in the art's every other reality obtained without making creative work Example is applied, all should belong to the scope of protection of the invention.

It should be understood that technical solution of the present invention can be applied to various communication systems, and such as: global system for mobile telecommunications (Global System of Mobile communication, GSM) system, CDMA (Code Division Multiple Access, CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) it system, General Packet Radio Service (General Packet Radio Service, GPRS), drills for a long time Into (Long Term Evolution, LTE) system, advanced long term evolution (Advanced long term evolution, LTE-A) system, Universal Mobile Communication System (Universal Mobile Telecommunication System, UMTS) Deng.

It should also be understood that in embodiments of the present invention, user equipment (UE, User Equipment) includes but is not limited to move Platform (MS, Mobile Station), mobile terminal (Mobile Terminal), mobile phone (Mobile Telephone), hand Machine (handset) and portable equipment (portable equipment) etc., the user equipment can through wireless access network (RAN, Radio Access Network) it is communicated with one or more core nets, for example, user equipment can be mobile phone (or be " honeycomb " phone), computer with wireless communication function etc., user equipment can also be portable, pocket, Hand-held, built-in computer or vehicle-mounted mobile device.

It should also be understood that the server in the embodiment of the present invention can be understood as network side equipment and network side server, In, network side equipment may include intermediate node.It should also be understood that in embodiments of the present invention, intermediate node can be gateway (Gateway, referred to as " GW ") equipment can also be any equipment with similar gateway function, for example, can be interchanger, The equipment such as router and proxy server and SBC, it should be appreciated that in the communications field, mobile terminal is by intermediate node (gateway Or base station) business request information for being used for requested service service is sent to network side server, correspondingly, server is also logical It crosses corresponding intermediate node and sends service response message to terminal, it can be understood as, terminal is by corresponding gateway (intermediate node) is communicated with server.

Fig. 1 is the one of the invention real method flow schematic diagram for data transmission for applying example, method as shown in Figure 1 by Server executes, specifically, this method, including

110, after the first connection between server and user equipment is established, server sends first to user equipment and connects Mark is connect, the first connection identifier is for identifying the first connection.

In other words, after the first connection between server and user equipment is established, the first company is can be generated in server Mark is connect, connects by first to user equipment and sends the first connection identifier, wherein the first connection identifier can indicate the first company It connects, or can be used to indicate that user equipment is to have built up the first connection, wherein the first connection can be TCP connection or use User data packet protocol (User Datagram Protocol, UDP) connection.

Specifically, after user equipment establishes the first connection, in other words after user equipment logs in application, server can be User equipment (the first connection) unique first connection identifier of distribution, wherein the first connection identifier can be server generation An a long character string either random number etc., the embodiment of the present invention limits not to this.

120, server receives the request message for establishing TCP connection that user equipment is sent, and the request for establishing TCP connection disappears For breath for requesting second established between user equipment and server to connect, second is connected as TCP connection, establishes asking for TCP connection Message is asked to carry the first connection identifier.

It specifically, can be to server when user equipment re-initiates TCP connection or establishes a new TCP connection Receive the request message for sending and establishing TCP connection.For example, the request message for establishing TCP connection may include SYN request message and First connection identifier, or establishing the request message of TCP connection can be the SYN request message for carrying the first connection identifier.

It should also be understood that user equipment can send the first connection identifier in the form of plaintext, it can also be by the first connection It is sent after mark encryption, the embodiment of the present invention limits not to this.

130, server receives establish the request message of TCP connection after, according to the first connection identifier, establish the second company It connects.

In other words, server receives establish the request message of TCP connection after, can be excellent according to the first connection identifier First the request message of TCP connection is established in response, establishes the second connection.

Specifically, server can be determined according to the first connection identifier has been established the first company between user equipment and server It connects, after in other words server identifies the first connection identifier, server can determine that user equipment is to have logged in or online Legitimate user equipment, server priority respond the request message for establishing TCP connection, pass through the three-way handshake mistake between user equipment Journey establishes the second connection.

140, server is carried out data transmission by the second connection with user equipment.

Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent The first connection identifier that device is sent to user equipment, server according to the first connection identifier and the request message for establishing TCP connection, TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.

It should be understood that the connection identifier in the embodiment of the present invention is referred to as identity (Identity, ID), for example, First connection identifier is referred to as the first ID.Second connection identifier is referred to as the 2nd ID.

Further, when first is connected as TCP connection, the embodiment of the present invention is attacked while Refresh Services by TCP When hitting, TCP connection also can be normally established, prevents TCP attack protection from refreshing webpage with normal users and conflicts.It is connected as first When UDP connection, TCP falling (for back) can be carried out according to business demand, can normally establish TCP connection, enough prevent TCP Attack promotes user experience.

Optionally, as another embodiment, in 130, server determines the first connection identifier and connection identifier database In a connection identifier match；Server receives establish the request message of TCP connection after, to user equipment send respond Message；Server receives the confirmation message that user equipment is sent.

It should be understood that connection identifier database includes the connection identifier that connection has been established, specifically, in user equipment and service The connection identifier of the connection can be stored in connection identifier database by server after device establishes connection.It should also be understood that response disappears Breath can be SYN ACK message, and confirmation message can be ACK message, and the embodiment of the present invention limits not to this.

Specifically, a kind of situation, server determines that the first connection identifier is connect with one in connection identifier database After mark matches, the request message for establishing TCP connection will be responded, response message is sent to user equipment, so that user sets After standby reception response message, confirmation message is sent to server；Server receives the confirmation message that user equipment is sent.By with Upper process realizes the three-way handshake that normal TCP connection is carried out between server and user equipment, needs not move through flow control and cookie Etc. the process for preventing TCP from attacking, the second establishment of connection between server and user equipment is completed.

Another situation, server determine the first connection identifier and a connection identifier phase in connection identifier database Match, it is the connection identifier that the user equipment distribution of the first connection has been established that wherein connection identifier database, which includes server,；Service The first processing priority of the request message of TCP connection is established in device setting, wherein the first processing priority is higher than without the company of carrying Connect the second processing priority of the request message for establishing TCP connection of mark；Server is according to the request message for establishing TCP connection With the first processing priority, request confirmation message is sent to user equipment；Server receives the confirmation message that user equipment is sent, Establish the second connection.

Specifically, server determines that the first connection identifier matches with a connection identifier in connection identifier database Afterwards, it is the first processing priority that the request message for establishing TCP connection, which can be arranged, wherein the first processing priority, which is higher than, not to be had Carry the second processing priority of the request message for establishing TCP connection of connection identifier；Server is according to establishing asking for TCP connection Message and the first processing priority are asked, preferentially sends response message to user equipment, after receiving response message so as to user equipment, Confirmation message is sent to server；Server receives the confirmation message that user equipment is sent.Server is realized by above procedure The three-way handshake that normal TCP connection is carried out between user equipment needs not move through the stream that flow control and cookie etc. prevent TCP from attacking Journey completes the second establishment of connection between server and user equipment.

Therefore, in the embodiment of the present invention server head after receiving and establishing the request message of TCP connection, it is first determined One connection identifier matches with a connection identifier in connection identifier database；Then response message is sent to user equipment, Server receives the confirmation message that user equipment is sent later.It is realized by above procedure and is carried out between server and user equipment The three-way handshake of normal TCP connection completes the second establishment of connection between server and user equipment, need not move through flow control and The process that cookie etc. prevents TCP from attacking promotes user experience.

Optionally, as another embodiment, server sends connection identifier to user equipment by 200OK response message, Wherein, connection identifier is located in the header field of 200OK response message.

Optionally, as another embodiment, after 130, present invention method can also include:

Server sends the second connection identifier to user equipment, and the second connection identifier is used between user equipment and server Establish third connection.

In other words, server generates the second connection identifier, and server sends the second connection identifier to user equipment, so as to The third link between server is established according to the second connection identifier in user equipment.Wherein the second connection identifier is for indicating The user equipment is that the second connection has been established, and third connection can be TCP connection.

Specifically, after the TCP connection completed between user equipment is established in server, second can be sent to user equipment and connected Mark is connect, specifically, the first connection identifier is easily stolen when user equipment sends the first connection identifier in the form of plaintext With after having established the second connection, server immediately deletes the first connection identifier, such as server is connected first from connection It is deleted in identification database, the second connection identifier is sent to user equipment, and the second connection identifier is stored in connection identifier In database, the situation that can prevent the first connection identifier stolen in this way occurs, if the connection mark of invalid user stealing first When knowing request TCP connection, since server deletes the first connection identifier, server can not be determined according to the first connection identifier The request needs to carry out the request of attack protection flow processing, avoids or effectively locate from the user equipment that the first connection has been established The stolen situation of the first connection identifier has been managed, user experience is promoted.

Optionally, as another embodiment, it is connected as TCP connection first, in 140, server is in the second connection Restore or continue the business based on the first connection.

For example, working as user in webpage real time communication (Web Real-Time Communication, WebRTC) scene After equipment has logged in application, when user equipment needs to re-establish TCP connection, for example, carrying out refresh process to web browser When, server, which can re-request, establishes TCP connection (the second connection), and restores or continue first in the second connection of foundation and connect The business connect.

Alternatively, as another embodiment, it is connected as UDP connection first, in 140, server is in the second connection The upper message data for receiving user equipment and sending, wherein message data capacity is greater than the threshold value of preset message data.

Specifically, the threshold value of preset message data can be preset value, be also possible to determine according to the actual situation Value, the embodiment of the present invention limits not to this, for example, the threshold value of preset message data can be 1300 bytes.In net In network agreement (Internet Protocol, IP) IP multimedia subsystem, IMS (IP Multimedia Subsystem, IMS) scene, According to the definition of third generation partner program (3rd Generation Partnership Project, 3Gpp), when UE to When the infomational message that server is sent is greater than 1300 byte, need to send using TCP link.That is if UE before with clothes What is established between business device is UDP connection, then later in all signalling interactive process, if signaling message super large, needs Creating a TCP connection, wherein the new TCP connection is the second connection, after having established the second connection, user equipment This big signaling message can be sent in the second connection.

The method of the embodiment of the present invention transmitted for data is described from the angle of server above in conjunction with Fig. 1, The method of the embodiment of the present invention transmitted for data is described below in conjunction with Fig. 2 from the angle of number of users equipment.

Fig. 2 is another method flow schematic diagram for data transmission for applying example of the invention real, method shown in Fig. 2 by with Family equipment executes, specifically, as shown in Fig. 2, this method comprises:

210, after the first connection between user equipment and server is established, user equipment receives that server is sent One connection identifier, the first connection identifier is for identifying the first connection.

In other words, user equipment receives the first connection identifier of the user equipment that server is sent, the first connection identifier It can be used to indicate that user equipment has built up the first connection, wherein first is connected as TCP connection or UDP connection.

Specifically, after user equipment establishes the first connection, in other words after user equipment login, server be can be generated First connection identifier, for user equipment (the first connection) unique first connection identifier of distribution, wherein the first connection identifier can To be an a long character string either random number etc. for server generation, the embodiment of the present invention limits not to this.

220, user equipment sends the request message for establishing TCP connection to server, and second established between server connects It connects, wherein the request message for establishing TCP connection carries the first connection identifier, and the request message for establishing TCP connection is built for requesting The second connection between vertical user equipment and server, second is connected as TCP connection.

It specifically, can be to server when user equipment re-initiates TCP connection or establishes a new TCP connection Receive the request message for sending and establishing TCP connection.For example, the request message for establishing TCP connection may include SYN request message and First connection identifier, or establishing the request message of TCP connection can be the SYN request message for carrying the first connection identifier. Server can be determined according to the first connection identifier has been established the first connection between user equipment and server, in other words service After device the first connection identifier of identification or server determines a mark in the first connection identifier and connection identifier database After matching, server can determine that user equipment is the clothes for the first connection has been established, has logged in or online legitimate user equipment Business device preferential answering TCP establishes the link request, and server generates request confirmation message according to the request message for establishing TCP connection； Then, user equipment receives the request confirmation message according to the request message for establishing TCP connection that server is sent；End user Equipment is sent to server confirms the reception that disappears, and completes the three-way handshake between user equipment and server, establishes the second connection.

It should be understood that user equipment can send the first connection identifier in the form of plaintext, the first connection can also be marked It is sent after knowing encryption, the embodiment of the present invention limits not to this.

230, user equipment is carried out data transmission by the second connection with server.

Therefore, therefore, the embodiment of the present invention in the request message for establishing TCP connection that user equipment is sent by carrying Server is the first connection identifier that user equipment is sent, and server, being capable of preferential answering TCP foundation according to the first connection identifier Linking request establishes TCP connection, and the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promotes the body of legitimate user It tests.

Further, when first is connected as TCP connection, the embodiment of the present invention is attacked while Refresh Services by TCP When hitting, TCP connection also can be normally established, prevents TCP attack protection from refreshing webpage with normal users and conflicts, be connected as first When UDP connection, TCP falling can be carried out according to business demand, can normally establish TCP connection, enough prevent TCP attack protection function Manslaughter, specifically, after server determines that user equipment is that the user equipment of the first connection has been established, user equipment and service The three-way handshake that normal TCP connection is carried out between device needs not move through the process that flow control and cookie etc. prevent TCP from attacking, mentions Rise legitimate user's experience.

It should be understood that connection identifier database includes the connection identifier that connection has been established, specifically, in user equipment and service The connection identifier of the connection can be stored in connection identifier database by server after device establishes connection.

Specifically, a kind of situation, user equipment sends the request message for establishing TCP connection to server in 220, Server receives the request message for establishing TCP connection, determines that the first connection identifier is connect with one in connection identifier database After mark matches, the request message for establishing TCP connection will be responded, sends response message to user equipment, user equipment connects After receiving response message, confirmation message is sent to server；Server receives the confirmation message that user equipment is sent.Pass through the above mistake It is anti-to need not move through flow control and cookie etc. for the three-way handshake that normal TCP connection is carried out between Cheng Shixian server and user equipment The only process of TCP attack, completes the second establishment of connection between server and user equipment.

Another situation, user equipment send the request message for establishing TCP connection to server, and server determines the first company It connects mark to match with a connection identifier in connection identifier database, it is that wherein connection identifier database, which includes server, Establish the connection identifier of the user equipment distribution of the first connection；Server setting is established at the first of the request message of TCP connection Manage priority, wherein the first processing priority is higher than second of the request message for establishing TCP connection without carrying connection identifier Processing priority；Server sends to user equipment and requests according to the request message for establishing TCP connection and the first processing priority Confirmation message；Server receives the confirmation message that user equipment is sent, and establishes the second connection.

Specifically, server determines that the first connection identifier matches with a connection identifier in connection identifier database Afterwards, it is the first processing priority that the request message for establishing TCP connection, which can be arranged, wherein the first processing priority, which is higher than, not to be had Carry the second processing priority of the request message for establishing TCP connection of connection identifier；Server is according to establishing asking for TCP connection Message and the first processing priority are asked, preferentially response message is sent to user equipment, after user equipment receives response message, to clothes Business device sends confirmation message；Server receives the confirmation message that user equipment is sent.Server is realized by above procedure and is used The three-way handshake that normal TCP connection is carried out between the equipment of family needs not move through the process that flow control and cookie etc. prevent TCP from attacking, Complete the second establishment of connection between server and user equipment.

Optionally, as another embodiment, in 210, user equipment receives the 200OK response message that server is sent, Wherein, the first connection identifier is located in the header field of 200OK response message.

Specifically, a field can be defined in 200OK message, the first connection identifier (field) is located at 200OK response In the header field of message.

Optionally, as another embodiment, when first is connected as TCP connection, in 230, user equipment connects second It connects and restores or continue the business based on the first connection.

For example, after user equipment has logged in application, user equipment needs to re-establish TCP company in WebRTC scene When connecing, for example, server, which can re-request, establishes TCP connection (the second connection) when carrying out refresh process to web browser, And restore or continue the business of the first connection in the second connection of foundation.

Optionally, as another embodiment, when first is connected as UDP connection, in 230, user equipment connects second Connect the message data sent to server, wherein message data capacity is greater than the threshold value of preset message data.

Specifically, the threshold value of preset message data can be preset value, such as 1300 bytes, be also possible to according to reality Situation and the value of determination, the embodiment of the present invention limit not to this.In IMS scene, according to the definition of 3Gpp, when UE is to clothes When the infomational message that business device is sent is greater than 1300 byte, need to send using TCP link.That is if UE before with service What is established between device is UDP connection, then later in all signalling interactive process, if signaling message super large, needs Creating a TCP connection, wherein the new TCP connection is the second connection, after having established the second connection, user equipment meeting This big signaling message is sent in the second connection.

Optionally, as another embodiment, after 220, present invention method can also include:

User equipment receives the second connection identifier that server is sent, and the second connection identifier is used for user equipment and server Between establish third connection.

Specifically, first connection identifier is easy when user equipment sends the first connection identifier in the form of plaintext Stolen, after having established the second connection, server immediately deletes the first connection identifier, such as the first connection is marked from connection Know in database and delete, and generate the second connection identifier, the second connection identifier is sent to user equipment, and the second connection is marked Knowledge is stored in connection identifier database, wherein the second connection has been established for indicating the user equipment in the second connection identifier, Third connection can be TCP connection.The situation that can prevent the first connection identifier stolen in this way occurs, if illegal user steals When requesting TCP connection with the first connection identifier, since server deletes the first connection identifier, server can not be according to first Connection identifier determines the request from the user equipment that the first connection has been established, and needs to carry out the request of attack protection flow processing, The stolen situation of the first connection identifier is avoided or be effectively treated, user experience is promoted.

The method of the embodiment of the present invention transmitted for data is described from the angle of server above in conjunction with Fig. 1, The method of the embodiment of the present invention transmitted for data is described in conjunction with Fig. 2 from the angle of number of users equipment.Below in conjunction with Fig. 3 and The method for data transmission of Fig. 4 specific example the present invention is described in detail embodiment.

It should be noted that the example of Fig. 1 to Fig. 2 is used for the purpose of helping skilled in the art to understand the embodiment of the present invention, and Specific value or concrete scene illustrated by have to being limited to the embodiment of the present invention.Those skilled in the art are according to given figure 1 to Fig. 2 example, it is clear that the modification or variation of various equivalences can be carried out, such modification or variation also fall into of the invention real In the range of applying example.

It should be understood that magnitude of the sequence numbers of the above procedures are not meant that the order of the execution order, the execution of each process is suitable Sequence should be determined by its function and internal logic, and the implementation process of the embodiments of the invention shall not be constituted with any limitation.

Fig. 3 is real another method flow schematic diagram for data transmission for applying example of the invention, method packet as shown in Figure 3 It includes:

310, user equipment receives the first connection identifier of the user equipment that server is sent.

Specifically, the first connection identifier is for indicating that user equipment is the user equipment for having built up the first connection, first It is connected as TCP connection or UDP connection.Specifically, after the first connection between user equipment and server is established, exist in other words After user equipment logs in, server can distribute unique first connection identifier for first connection, wherein the first connection identifier can To be an a long character string either random number etc. for server generation, the embodiment of the present invention limits not to this.

320, user equipment sends the request message for establishing TCP connection to server.

Specifically, the request message for establishing TCP connection carries the first connection identifier.Connect when user equipment re-initiates TCP When connecing or establish a new TCP connection, it can be received to server and send the request message for establishing TCP connection.For example, establishing The request message of TCP connection may include SYN request message and the first connection identifier.

It should also be understood that user equipment can send the first connection identifier in the form of plaintext, it can also be by the first connection It is sent to server after mark encryption, the embodiment of the present invention limits not to this.

330, server establishes the second connection between user equipment according to the request message for establishing TCP connection.

Specifically, for example, server is according to the first connection identifier of the user equipment in the request message for establishing TCP connection Determine that user equipment is the user equipment that the first connection has been established, for example, server by the first connection identifier and database The connection identifier of storage is matched, and after successful match, determines that the user equipment is the user equipment that the first connection has been established, Server can prioritize processing the request message for establishing TCP connection, and server sends request notification message to user equipment；With Family equipment sends a notification message to server, establishes the second connection between user equipment.

340, server and between equipment pass through second connection carries out with data transmission.

Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent Device is the first connection identifier that user equipment is sent, server according to the first connection identifier, can preferential answering TCP establish the link Request, establishes TCP connection, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.

Fig. 4 is real another method flow schematic diagram for data transmission for applying example of the invention.In the specific embodiment of Fig. 4 One is only gived to be applied in WebRTC scene, the server in Fig. 4 may include the example of SBC, specifically, Fig. 4 example In give the login process of the process and WebRTC of establishing the first connection (TCP connection), and establish the second connection (TCP connect Connect) process.Method shown in Fig. 4 includes:

401, user equipment sends SYN request message to server.

402, server sends SYN ACK message to user equipment.

403, user equipment sends ACK message to server.

It should be understood that TCP attack is needed by TCPCookie and flow control the process of 401 to 403 first connections in order to prevent Reason.

404, user equipment sends HTTP authentication request message to server.

405, server sends HTTP request response message to user equipment.

406, user equipment carries out WebRTC login.

407, server distributes the first connection identifier to user equipment by 200OK message.

408, user equipment sends SYN request message to server.

Specifically, the SYN request message carries the first connection identifier of user equipment.For example, user equipment is in WebRTC After login, user equipment is made to send asking for SYN request message the 2nd PCT connection of initiation to server by refreshing browser It asks.

409, server sends SYN ACK message to user equipment.

Specifically, server takes out the first connection identifier from SYN request message, judges whether the first connection identifier has Effect.I.e. server matches first connection identifier with the connection identifier of distribution in connection identifier database.If With success (there are occurrences), then server determines that TCP connection request comes from online user's equipment, then can bypass TCP The attack protections process such as Cookie and flow control sends SYN ACK message to user equipment.

410, user equipment sends ACK message to server.

Wherein, 408 to 410 the process for establishing the second connection is described.

411, user equipment sends HTTP authentication request message to server.

412, server sends HTTP request response message to user equipment.

413, server distributes the second connection identifier to user equipment by 200OK message.

It specifically, can be by the first connection identifier from connection after server establishes the TCP connection between completing user equipment It is deleted in identification database, and the second connection identifier can be sent to user equipment, wherein the second connection identifier is for indicating the use Family equipment is the user equipment that the second connection has been established.

Specifically, first connection identifier is easy when user equipment sends the first connection identifier in the form of plaintext Stolen, after having established the second connection, the second connection identifier is sent to user equipment immediately by server, can prevent first The stolen situation of connection identifier occurs, and promotes user experience.

Particularly, user equipment obtains the first connection identifier of the corresponding application of current TCP link from service layer, and The first connection identifier is passed into server in SYN request message.Server is judging linking request according to the first connection identifier Carrying out online user then can establish the 2nd TCP chain between user equipment around attack protections processes such as TCP Cookie and flow controls Road.Simultaneously after the data of finishing service level are restored or continue, the first connection identifier is deleted immediately, and be generated for user second Connection identifier.Wherein the second connection identifier is for indicating that the user equipment is the user equipment that the second connection has been established.Finally will Second connection identifier notifying user equipment.

Fig. 5 is another method flow schematic diagram for data transmission for applying example of the invention real, in the specific embodiment of Fig. 5 It only gives one to be applied in the scene of the field IMS, specifically, the server in Fig. 5 may include the example of SBC, Fig. 5 example In give the process for establishing the first connection (UDP connection) and the process of establishing the second connection (TCP connection).Side shown in fig. 5 Method includes:

501, user equipment sends SIP registration request message to server.

502, it includes the 401 certification message for authenticating random number that server is sent to user equipment.

503, user equipment sends the SIP registration request message including abstract random number to server.

504, server distributes the first connection identifier to user equipment by 200OK message.

505, user equipment sends SYN request message to server.

Specifically, the SYN request message carries the first connection identifier of user equipment.

506, server sends SYN ACK message to user equipment.

Specifically, server takes out the first connection identifier information from SYN request message, whether judges the first connection identifier Effectively.I.e. server matches first connection identifier with the connection identifier of distribution in connection identifier database.If Then server determines that TCP connection request comes from online user's equipment to successful match (there are occurrences), then can bypass TCP Cookie and flow control etc. be anti-to be attacked 50 and hits process, sends SYN ACK message to user equipment.

507, user equipment sends ACK message to server.

Wherein, 505 to 507 the process for establishing the second connection is described.

508, user equipment sends the big message of SIP.

Specifically, in IMS scene, according to the definition of 3Gpp, when the infomational message that UE is sent to server is greater than 1300 When byte, need to send using TCP link.That is if what is established between server before UE is that UDP is connect, It later in all signalling interactive process, if signaling message super large, needs to create a TCP connection, wherein this is new TCP connection is the second connection, and after having established the second connection, user equipment can send this big signaling in the second connection Message.

509, server distributes the second connection identifier to user equipment by 200OK message.

Particularly, server is that user equipment distributes the first connection identifier, and the first connection is carried in 200OK message Mark.User equipment is fallen after rise when TCP connection is established in request in TCP carries this connection identifier, and server is according to connection identifier Judge that TCP falling has occurred in linking request, establishes the 2nd TCP link between user equipment.The first connection identifier is deleted immediately, And the second connection identifier is generated for user.Wherein the second connection identifier is for indicating that the user equipment is that the second connection has been established User equipment.Finally by the second connection identifier notifying user equipment.

Above, the method transmitted in conjunction with Fig. 1 to Fig. 5 data that the embodiment of the present invention is described in detail, below in conjunction with The equipment for the data transmission that Fig. 6 is implemented to Figure 11 the present invention is described in detail.

Fig. 6 is the schematic block diagram of server according to an embodiment of the invention.Server packet as shown in FIG. 6 It includes: the first transmission unit 610, receiving unit 620, response unit 630 and transmission unit 640.

Specifically, after the first connection of 610 user of the first transmission unit between server and user equipment is established, Xiang Yong Family equipment sends the first connection identifier, and the first connection identifier is for identifying the first connection；Receiving unit 620 is set for receiving user What preparation was sent establishes the request message of transmission control protocol TCP connection, and the request message for establishing TCP connection is used for requesting to establish The second connection between family equipment and server, second is connected as TCP connection, and the request message for establishing TCP connection carries first and connects Connect mark；Response unit 630 is used for according to the received request message for establishing TCP connection of the first connection identifier and receiving unit, Establish the second connection；The second connection that transmission unit 640 is used to establish by response unit carries out data transmission with user equipment.

Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent Device is the first connection identifier that user equipment is sent, server according to the first connection identifier and the request message for establishing TCP connection, TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.

Optionally, as another embodiment, response unit described in response unit 630 determines first connection identifier and company It connects in identification database connection identifier to match, receives the request message for establishing TCP connection in receiving unit Afterwards, response message is sent to the user equipment, and receives the confirmation message that the user equipment is sent.

Optionally, as another embodiment, the first transmission unit 610 is sent by 200OK response message to user equipment First connection identifier, wherein the first connection identifier is located in the header field of 200OK response message.

Optionally, as another embodiment, the server of the embodiment of the present invention can also include: the second transmission unit, tool Body, server as shown in Figure 7 includes:

First transmission unit 710, receiving unit 720, response unit 730, transmission unit 740 and the second transmission unit 750.

Specifically, the first transmission unit 610, receiving unit 620, response unit 630 and transmission unit 640 are respectively with first Transmission unit 710, receiving unit 720, response unit 730 and transmission unit 740 are corresponding, to avoid repeating, repeat no more.The Two transmission units 750 are used in response unit according to the received request for establishing TCP connection of the first connection identifier and receiving unit Message after establishing the second connection, sends the second connection identifier to user equipment, the second connection identifier is for user equipment and service Third connection is established between device.

Optionally, as another embodiment, first is connected as TCP connection, transmission unit 640 established in response unit Restore or continue the business based on the first connection in two connections.

Optionally, as another embodiment, first is connected as UDP connection, transmission unit 640 established in response unit The message data that user equipment is sent is received in two connections, wherein the capacity of message data is greater than the threshold of preset message data Value.

Optionally, as another embodiment, the first connection identifier is character string or random number etc..

It should be understood that Fig. 6 and server shown in Fig. 7 can be realized each of server involved in Fig. 1 to Fig. 5 embodiment of the method A process repeats no more to avoid repeating.

Fig. 8 is the schematic block diagram of user equipment according to an embodiment of the invention.User equipment packet as shown in Figure 8 It includes: the first receiving unit 810, transmission unit 820 and transmission unit 830.

Specifically, it after the first connection of first receiving unit 810 between user equipment and server is established, receives The first connection identifier that server is sent, the first connection identifier is for identifying the first connection；Transmission unit 820 is used for server The request message for establishing TCP connection is sent, establishes the second connection between server, wherein establish the request message of TCP connection The first connection identifier is carried, establishes the request message of TCP connection for requesting second established between user equipment and server to connect It connects, second is connected as TCP connection；Transmission unit 830 is used to carry out data transmission by the second connection with server.

Optionally, as another embodiment, the first receiving unit 810 receives the 200OK response message that server is sent, In, the first connection identifier is located in the header field of 200OK response message.

Optionally, as another embodiment, first is connected as TCP connection, transmission unit 830 restore in the second connection or Continue the business based on the first connection.

Optionally, as another embodiment, first is connected as UDP connection, and transmission unit 830 is in the second connection to service Device sends message data, wherein message data capacity is greater than the threshold value of preset message data.

Optionally, as another embodiment, user equipment can also include: the second receiving unit.Specifically, such as Fig. 9 institute The user equipment shown includes: the first receiving unit 910, transmission unit 920, transmission unit 930 and the second receiving unit 940.

Specifically, the first receiving unit 910, transmission unit 920 and transmission unit 930 respectively with the first receiving unit 810, Transmission unit 820 and transmission unit 820 are corresponding, and the second receiving unit 940 is used to send in transmission unit to server and establish The request message of TCP connection receives the second connection identifier that server is sent after establishing the second connection between server, the Two connection identifier are for establishing third connection between user equipment and server.

It should be understood that Fig. 8 and user equipment shown in Fig. 9 can be realized user equipment involved in Fig. 1 to Fig. 5 embodiment of the method Each process repeated no more to avoid repeating.

Figure 10 is the schematic block diagram of server according to another embodiment of the present invention.Server as shown in Figure 10 includes Processor 1010, memory 1020, bus system 1030 and transceiver 1040.

Specifically, being sent out after the first connection of the transceiver 1040 between server and user equipment is established to user equipment Send first the first connection identifier of connection identifier for identify first connect；Receive user equipment transmission establishes transmission control protocol The request message of TCP connection establishes the request message of TCP connection for requesting second established between user equipment and server to connect It connects, second is connected as TCP connection, and the request message for establishing TCP connection carries the first connection identifier；Processor 1010 passes through bus System 1030 calls the code being stored in memory 1020, according to the first connection identifier and the received foundation of transceiver 1040 The request message of TCP connection establishes the second connection；Transceiver 1040 is set by the second connection that processor 1010 is established with user It is standby to carry out data transmission.

The method that the embodiments of the present invention disclose can be applied in processor 1010, or real by processor 1010 It is existing.Processor 1010 may be a kind of IC chip, the processing capacity with signal.During realization, the above method Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1010 or software form.Above-mentioned Processor 1010 can be general processor, digital signal processor (English Digital Signal Processor, abbreviation DSP), specific integrated circuit (English Application Specific Integrated Circuit, abbreviation ASIC), ready-made Programmable gate array (English Field Programmable Gate Array, abbreviation FPGA) or other programmable logic devices Part, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute the disclosure in the embodiment of the present invention Each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to any routine Processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processor execution Complete, or in decoding processor hardware and software module combine execute completion.Software module can be located at arbitrary access Memory (English Random Access Memory, abbreviation RAM), flash memory, read-only memory (English Read-Only Memory, abbreviation ROM), this fields such as programmable read only memory or electrically erasable programmable memory, register it is mature In storage medium.The storage medium is located at memory 1020, and processor 1010 reads the information in memory 1020, hard in conjunction with it Part is completed the step of above method, which can also include power bus, control in addition to including data/address bus Bus and status signal bus in addition etc..But for the sake of clear explanation, various buses are all designated as bus system 1030 in figure.

Optionally, as another embodiment, processor 1010 determines first connection identifier and connection identifier database In a connection identifier match, transceiver 1040 receive it is described establish the request message of TCP connection after, transceiver 1040 send response message to the user equipment, and receive the confirmation message that the user equipment is sent.

Optionally, as another embodiment, transceiver 1040 sends first to user equipment by 200OK response message and connects Connect mark, wherein the first connection identifier is located in the header field of 200OK response message.

Optionally, as another embodiment, after processor 1040 establishes the second connection, transceiver 1040 is sent out to user equipment The second connection identifier is sent, the second connection identifier is for establishing third connection between user equipment and server.

Optionally, as another embodiment, first is connected as TCP connection, and transceiver 1040 is established in processor 1010 Restore or continue the business based on the first connection in second connection.

Optionally, as another embodiment, first is connected as UDP connection, and transceiver 1040 is established in processor 1010 The message data that user equipment is sent is received in second connection, wherein the capacity of message data is greater than preset threshold, preset threshold It can be 1300 bytes.

It should be understood that server shown in Fig. 10 can be realized each mistake of server involved in Fig. 1 to Fig. 5 embodiment of the method Journey repeats no more to avoid repeating.

Figure 11 is the schematic block diagram of user equipment according to another embodiment of the present invention.User equipment as shown in figure 11 Including processor 1110, memory 1120, bus system 1130 and transceiver 1140.

Specifically, after the first connection of the transceiver 1140 between user equipment and server is established, server hair is received The first connection identifier sent, the first connection identifier is for identifying the first connection；The request for establishing TCP connection to server transmission disappears Breath, processor 1110 call the code that is stored in memory 1120 by bus system 1130, establish and the between server Two connections, wherein the request message for establishing TCP connection carries the first connection identifier, and the request message for establishing TCP connection is used Family device request establishes the second connection between server, and second is connected as TCP connection；Transceiver 1140 passes through processor 1110 The second connection established carries out data transmission with server.

The method that the embodiments of the present invention disclose can be applied in processor 1110, or real by processor 1110 It is existing.Processor 1110 may be a kind of IC chip, the processing capacity with signal.During realization, the above method Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1110 or software form.Above-mentioned Processor 1110 can be general processor, digital signal processor (English Digital Signal Processor, abbreviation DSP), specific integrated circuit (English Application Specific Integrated Circuit, abbreviation ASIC), ready-made Programmable gate array (English Field Programmable Gate Array, abbreviation FPGA) or other programmable logic devices Part, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute the disclosure in the embodiment of the present invention Each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to any routine Processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processor execution Complete, or in decoding processor hardware and software module combine execute completion.Software module can be located at arbitrary access Memory (English Random Access Memory, abbreviation RAM), flash memory, read-only memory (English Read-Only Memory, abbreviation ROM), this fields such as programmable read only memory or electrically erasable programmable memory, register it is mature In storage medium.The storage medium is located at memory 1120, and processor 1110 reads the information in memory 1120, hard in conjunction with it Part is completed the step of above method, which can also include power bus, control in addition to including data/address bus Bus and status signal bus in addition etc..But for the sake of clear explanation, various buses are all designated as bus system 1130 in figure.

Optionally, as another embodiment, transceiver 1140 receives the 200OK response message that server is sent, wherein the One connection identifier is located in the header field of 200OK response message.

Optionally, as another embodiment, first is connected as TCP connection, and transceiver 1140 is established in processor 1110 Restore or continue the business of the first connection in second connection.

Optionally, as another embodiment, first is connected as UDP connection, and transceiver 1140 is established in processor 1110 Message data is sent to server in second connection, wherein message data capacity is greater than preset threshold, and preset threshold can be 1300 bytes.

Optionally, as another embodiment, after processor 1110 establishes the second connection, transceiver 1140 receives server hair The second connection identifier sent, the second connection identifier is for establishing third connection between user equipment and server.

Optionally, as another embodiment, the first connection identifier is character string or random number.

It should be understood that user equipment shown in Figure 11 can be realized each of user equipment involved in Fig. 1 to Fig. 5 embodiment of the method A process repeats no more to avoid repeating.

It should be understood that " one embodiment " or " embodiment " that specification is mentioned in the whole text mean it is related with embodiment A particular feature, structure, or characteristic is included at least one embodiment of the present invention.Therefore, occur everywhere in the whole instruction " in one embodiment " or " in one embodiment " not necessarily refer to identical embodiment.In addition, these specific features, knot Structure or characteristic can combine in any suitable manner in one or more embodiments.It should be understood that in various implementations of the invention In example, magnitude of the sequence numbers of the above procedures are not meant that the order of the execution order, and the execution sequence of each process should be with its function It can determine that the implementation process of the embodiments of the invention shall not be constituted with any limitation with internal logic.

In addition, the terms " system " and " network " are often used interchangeably herein.The terms " and/ Or ", only a kind of incidence relation for describing affiliated partner, indicates may exist three kinds of relationships, for example, A and/or B, it can be with table Show: individualism A exists simultaneously A and B, these three situations of individualism B.In addition, character "/" herein, typicallys represent front and back Affiliated partner is a kind of relationship of "or".

It should be understood that in embodiments of the present invention, " B corresponding with A " indicates that B is associated with A, B can be determined according to A.But It should also be understood that determining that B is not meant to determine B only according to A according to A, B can also be determined according to A and/or other information.

Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware With the interchangeability of software, each exemplary composition and step are generally described according to function in the above description.This A little functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Specially Industry technical staff can use different methods to achieve the described function each specific application, but this realization is not It is considered as beyond the scope of this invention.

It is apparent to those skilled in the art that for convenience of description and succinctly, foregoing description is The specific work process of system, device and unit, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.

In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.In addition, shown or beg for Opinion mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING of device or unit Or communication connection, it is also possible to electricity, mechanical or other form connections.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.Some or all of unit therein can be selected to realize the embodiment of the present invention according to the actual needs Purpose.

It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, is also possible to two or more units and is integrated in one unit.It is above-mentioned integrated Unit both can take the form of hardware realization, can also realize in the form of software functional units.

Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be with It is realized with hardware realization or firmware realization or their combination mode.It when implemented in software, can be by above-mentioned function Storage in computer-readable medium or as on computer-readable medium one or more instructions or code transmitted.Meter Calculation machine readable medium includes computer storage media and communication media, and wherein communication media includes convenient for from a place to another Any medium of a place transmission computer program.Storage medium can be any usable medium that computer can access.With For this but be not limited to: computer-readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disc storages, disk Storage medium or other magnetic storage apparatus or can be used in carry or store have instruction or data structure form expectation Program code and can be by any other medium of computer access.Furthermore.Any connection appropriate can become computer Readable medium.For example, if software is using coaxial cable, optical fiber cable, twisted pair, Digital Subscriber Line (DSL) or such as The wireless technology of infrared ray, radio and microwave etc is transmitted from website, server or other remote sources, then coaxial electrical The wireless technology of cable, optical fiber cable, twisted pair, DSL or such as infrared ray, wireless and microwave etc includes in affiliated medium In fixing.As used in the present invention, disk (Disk) and dish (disc) are logical including compression optical disc (CD), laser disc, optical disc, number With optical disc (DVD), floppy disk and Blu-ray Disc, the usually magnetic replicate data of which disk, and dish is then with laser come optical duplication Data.Combination above should also be as including within the protection scope of computer-readable medium.

In short, being not intended to limit of the invention the foregoing is merely the preferred embodiment of technical solution of the present invention Protection scope.All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in Within protection scope of the present invention.

Claims

1. a kind of method of data transmission characterized by comprising

After the first connection between server and user equipment is established, the server sends first to the user equipment and connects Connect mark, first connection identifier is the first connection has been established, to have logged in or online for identifying the user equipment Legitimate user equipment；

The server receives the request message for establishing transmission control protocol TCP connection that the user equipment is sent, described to build The request message of vertical TCP connection is for requesting second established between the user equipment and the server to connect, and described second It is connected as TCP connection, the request message for establishing TCP connection carries first connection identifier；

After the server receives the request message for establishing TCP connection, according to first connection identifier, described in foundation Second connection；

The server is carried out data transmission by second connection with the user equipment.

2. the method according to claim 1, wherein the server receives and described establishes asking for TCP connection After seeking message, according to first connection identifier, second connection is established, comprising:

The server determines that first connection identifier matches with a connection identifier in connection identifier database；

After the server receives the request message for establishing TCP connection, response message is sent to the user equipment；

The server receives the confirmation message that the user equipment is sent.

3. method according to claim 1 or 2, which is characterized in that the server sends first to the user equipment Connection identifier, comprising:

The server sends first connection identifier to the user equipment by 200OK response message, wherein described the One connection identifier is located in the header field of the 200OK response message.

4. method according to claim 1 or 2, which is characterized in that received in the server and described establish TCP connection Request message after, according to first connection identifier, after establishing second connection, further includes:

The server sends the second connection identifier to the user equipment, and second connection identifier is used for the user equipment Third is established between the server to connect.

5. method according to claim 1 or 2, which is characterized in that described first is connected as TCP connection, the server Carried out data transmission by second connection with the user equipment, comprising:

The server restores or continues the business based on first connection in second connection.

6. method according to claim 1 or 2, which is characterized in that described first is connected as user datagram protocol UDP company It connects, the server is carried out data transmission by second connection with the user equipment, comprising:

The server receives the message data that the user equipment is sent in second connection, wherein the message number According to capacity be greater than preset message data threshold value.

7. a kind of method of data transmission characterized by comprising

After the first connection between user equipment and server is established, the user equipment receive that the server sends the One connection identifier, first connection identifier are that the first connection has been established, has logged in or has existed for identifying the user equipment The legitimate user equipment of line；

The user equipment sends to the server and establishes the request message of TCP connection, establishes and the between the server Two connections, wherein the request message for establishing TCP connection carries first connection identifier, described to establish asking for TCP connection Ask message for requesting second established between the user equipment and the server to connect, described second is connected as TCP connection；

The user equipment is carried out data transmission by second connection with the server.

8. the method according to the description of claim 7 is characterized in that the user equipment receives the first connection that server is sent Mark, comprising:

The user equipment receives the 200OK response message that the server is sent, wherein first connection identifier is located at institute In the header field for stating 200OK response message.

9. method according to claim 7 or 8, which is characterized in that described first is connected as TCP connection, and the user sets It is standby to be carried out data transmission by second connection with the server, comprising:

The user equipment restores or continues the business based on first connection in second connection.

10. method according to claim 7 or 8, which is characterized in that described first is connected as UDP connection, and the user sets It is standby to be carried out data transmission by second connection with the server, comprising:

The user equipment sends message data to the server in second connection, wherein the message data holds Amount is greater than the threshold value of preset message data.

11. method according to claim 7 or 8, which is characterized in that built in the user equipment to server transmission The request message of vertical TCP connection, after establishing the second connection between the server, further includes:

The user equipment receives the second connection identifier that the server is sent, and second connection identifier is used for the user Third connection is established between equipment and the server.

12. a kind of server characterized by comprising

First transmission unit is sent out after establishing for the first connection between server and user equipment to the user equipment Send the first connection identifier, first connection identifier for identify the user equipment be the first connection has been established, logged in or Online legitimate user equipment；

Receiving unit, the request message for establishing transmission control protocol TCP connection sent for receiving the user equipment are described The request message of TCP connection is established for request second established between the user equipment and the server connection, described the Two are connected as TCP connection, and the request message for establishing TCP connection carries first connection identifier；

Response unit, for described establishing asking for TCP connection according to first connection identifier and the receiving unit are received Message is sought, second connection is established；

Transmission unit, second connection for being established by the response unit carry out data biography with the user equipment It is defeated.

13. server according to claim 12, which is characterized in that the response unit determines first connection identifier Match with a connection identifier in connection identifier database, receives the request for establishing TCP connection in receiving unit After message, response message is sent to the user equipment, and receives the confirmation message that the user equipment is sent.

14. server according to claim 12 or 13, which is characterized in that first transmission unit is answered by 200OK It answers message and sends first connection identifier to the user equipment, wherein the connection identifier is located at the 200OK response and disappears In the header field of breath.

15. server according to claim 12 or 13, which is characterized in that further include:

Second transmission unit is used in the response unit according to first connection identifier and the received institute of the receiving unit The request message for establishing TCP connection is stated, after establishing second connection, sends the second connection identifier, institute to the user equipment The second connection identifier is stated for establishing third connection between the user equipment and the server.

16. server according to claim 12 or 13, which is characterized in that described first is connected as TCP connection, the biography Defeated unit restores or continues the business based on first connection in second connection that the response unit is established.

17. server according to claim 12 or 13, which is characterized in that described first is connected as UDP connection, the biography Defeated unit receives the message data that the user equipment is sent in second connection that the response unit is established, wherein The capacity of the message data is greater than the threshold value of preset message data.

18. a kind of user equipment characterized by comprising

First receiving unit receives the service after establishing for the first connection between the user equipment and server The first connection identifier that device is sent, first connection identifier are that the first connection, has been established for identifying the user equipment Login or online legitimate user equipment；

Transmission unit establishes the request message of TCP connection for sending to the server, establishes and the between the server Two connections, wherein the request message for establishing TCP connection carries first connection identifier, described to establish asking for TCP connection Ask message for requesting second established between the user equipment and the server to connect, described second is connected as TCP connection；

Transmission unit, for being carried out data transmission by second connection with the server.

19. user equipment according to claim 18, which is characterized in that first receiving unit receives the server The 200OK response message of transmission, wherein first connection identifier is located in the header field of the 200OK response message.

20. user equipment described in 8 or 19 according to claim 1, which is characterized in that described first is connected as TCP connection, described Transmission unit restores or continues the business based on first connection in second connection.

21. user equipment described in 8 or 19 according to claim 1, which is characterized in that described first is connected as UDP connection, described Transmission unit sends message data to the server in second connection, wherein the message data capacity is greater than pre- If message data threshold value.

22. user equipment described in 8 or 19 according to claim 1, which is characterized in that further include:

Second receiving unit is established for sending the request message for establishing TCP connection to the server in the transmission unit After second between the server connect, the second connection identifier that the server is sent, second connection identifier are received For establishing third connection between the user equipment and the server.