CN104980419A - Agent communication method and device - Google Patents
Agent communication method and device Download PDFInfo
- Publication number
- CN104980419A CN104980419A CN201410462418.4A CN201410462418A CN104980419A CN 104980419 A CN104980419 A CN 104980419A CN 201410462418 A CN201410462418 A CN 201410462418A CN 104980419 A CN104980419 A CN 104980419A
- Authority
- CN
- China
- Prior art keywords
- destination server
- server
- client
- secure connection
- connection request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
An agent communication method comprises the steps as follows: establishing communication with a client; receiving a secure connection request comprising an identification of a target server transmitted by the client, wherein the secure connection request is used for requesting to establish a secure connection with the target server; finding the target server according to the identification of the target server, establishing communication with the target server and transmitting the secure connection request to the target server. In addition, the invention further provides an agent communication device. The agent communication method and the agent communication device could simplify the agent communication process and quicken the data processing speed.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of agent communication method and device.
Background technology
At communication technical field, frequent use proxy server carries out agent communication, this proxy server forwards the data between the destination server of client and its request communication, and realize the communication between this client and this destination server, this proxy server realizes the effect of fictitious host computer with this.
In prior art, agreement (the IP of interconnection between Network Based, Internet Protocol) or transmission control protocol (TCP, Transport Control Protocol) Proxy Signature Scheme of layer, due to the certificate of proxy server driftlessness server, the Content of Communication of client cannot be obtained, the effect of fictitious host computer cannot be realized, and based on HTML (Hypertext Markup Language) (HTTP, Hypertext transfer protocol) Proxy Signature Scheme of layer, owing to needing certificate and the certificate private key of preserving each destination server on proxy server, very high to security requirement, complex operation.
Summary of the invention
In view of this, the invention provides a kind of agent communication method and device, agent communication process can be simplified, accelerate data processing speed.
The agent communication method that the embodiment of the present invention provides, comprising: establish a communications link with client; Receive the secure connection request comprising destination server mark that described client sends, described secure connection request is used for request and sets up secure connection with described destination server; Destination server according to described destination server identifier lookup, establishes a communications link with described destination server, and sends described secure connection request to described destination server.
The agent communication device that the embodiment of the present invention provides, comprising: communication connection sets up module, for establishing a communications link with client; First receiver module, for receiving the secure connection request comprising destination server mark that described client sends, described secure connection request is used for request and sets up secure connection with described destination server; Search module, for destination server according to described destination server identifier lookup; Module is set up in described communication connection, also for establishing a communications link with described destination server; First sending module, for sending described secure connection request to described destination server.
The agent communication method that the embodiment of the present invention provides and device, the secure connection request comprising destination server mark of client transmission is received by proxy server, according to this destination server identifier lookup destination server, establish a communications link with this destination server, and send this secure connection request to this destination server, effect and the multiplexed port of fictitious host computer can be realized, and because proxy server can directly according to the corresponding destination server of destination server identifier lookup, and by destination server return service device certificate, and need not as certificate and the certificate private key preserving each destination server in the prior art on proxy server, therefore agent communication process can be simplified, accelerate data processing speed.
For above and other object of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate institute's accompanying drawings, be described in detail below.
Accompanying drawing explanation
The applied environment figure of the agent communication method that Fig. 1 provides for the embodiment of the present invention and device;
Fig. 2 shows a kind of structural representation of server;
The flow chart of the agent communication method that Fig. 3 provides for first embodiment of the invention;
The flow chart of the agent communication method that Fig. 4 provides for second embodiment of the invention;
The flow chart that in the agent communication method that Fig. 5 provides for second embodiment of the invention, client and proxy server establish a communications link;
The sequential chart of the agent communication method that Fig. 6 provides for third embodiment of the invention;
The structural representation of the agent communication device that Fig. 7 provides for fourth embodiment of the invention;
Fig. 8 is the storage environment schematic diagram of Fig. 7;
The structural representation of the agent communication device that Fig. 9 provides for fifth embodiment of the invention.
Embodiment
For further setting forth the present invention for the technological means that realizes predetermined goal of the invention and take and effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the specific embodiment of the present invention, structure, feature and effect thereof, be described in detail as follows.
The applied environment figure of the agent communication method that Fig. 1 provides for the embodiment of the present invention and device.As shown in Figure 3, client 100, proxy server 200 and destination server 300 are arranged in wired or wireless network, and by this cable network or wireless network, client 100, by proxy server 200, carries out data interaction with destination server 300.
Wherein, client 100 can comprise network enabled function: smart mobile phone, panel computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert compression standard audio frequency aspect 3), MP4 (Moving Picture Experts GroupAudio Layer IV, dynamic image expert compression standard audio frequency aspect 4) player, pocket computer on knee, vehicle-mounted computer, wearable device, desktop computer, Set Top Box, intelligent television, all-in-one etc.
Proxy server 200, for establishing a communications link with client 100; Receive the secure connection request comprising destination server mark that client 100 sends, this secure connection request is used for request and sets up secure connection with destination server 300; According to destination server identifier lookup destination server 300, establish a communications link with destination server 300, and send this secure connection request to destination server 300.
Destination server 300 can be in esse physical server, or is integrated in the virtual server in certain physical server.
Fig. 2 shows a kind of structured flowchart of server, and this structured flowchart goes for proxy server 200, equally also goes for destination server 300.Understandably, the structure shown in Fig. 2 is only signal, and server 200 also can comprise than assembly more or less shown in Fig. 2, or has the configuration different from shown in Fig. 2.Each assembly shown in Fig. 2 can adopt hardware, software or its combination to realize.In addition, the server in the embodiment of the present invention can also comprise the server of multiple concrete difference in functionality.
As shown in Figure 2, server 200 can produce larger difference because of configuration or performance difference, one or more central processing units (central processing units can be comprised, CPU) 222 (such as, one or more processors) and memory 232, one or more store the storage medium 230 (such as one or more mass memory units) of application program 242 or data 244.Wherein, memory 232 and storage medium 230 can be of short duration storages or store lastingly.The program being stored in storage medium 230 can comprise one or more modules (illustrating not shown), and each module can comprise a series of command operatings in server.Further, central processing unit 222 can be set to communicate with storage medium 230, performs a series of command operatings in storage medium 230 on server 200.Server 200 can also comprise one or more power supplys 226, one or more wired or wireless network interfaces 250, one or more input/output interfaces 258, and/or, one or more operating systems 241, such as: Windows Server
tM, Mac OS X
tM, Unix
tM, Linux
tM, FreeBSD
tMetc..
First embodiment
Refer to Fig. 3, the flow chart of the agent communication method that Fig. 3 provides for first embodiment of the invention.The present embodiment can be applicable in the applied environment shown in Fig. 1, realizes the data communication between agent client 100 and destination server 300 by the proxy server 200 shown in Fig. 1.As shown in Figure 3, the agent communication method that the present embodiment provides comprises:
Step S101, establishes a communications link with client;
In the present embodiment, proxy server 200 is set up TCP with client 100 and is connected.
Step S102, receives the secure connection request comprising destination server mark that this client sends;
This secure connection request may be used for request and sets up secure connection with this destination server, wherein comprises the destination server mark for determining destination server.
Further, this secure connection can be HTTPS (Hypertext Transfer Protocol overSecure Socket Layer) secure connection.This destination server is designated HTTP Host.
HTTPS, be take safety as the HTTP passage (the safe version of HTTP) of target, namely add SSL (Secure Sockets Layer, SSL) under HTTP, the foundation for security of HTTPS is SSL, and the process of encryption is completed by SSL.
In http protocol, the domain name of request is placed in HTTP Header as host header (Host), can destination server be found by Host.Wherein a certain computer or calculate the title of unit on the Internet that is made up of the name of a string separation of domain name (Domain Name), for the electronic bearing of the mark computer when transfer of data.Therefore, by HTTP Host information, proxy server 200 can find destination server 300.
Step S103, according to this this destination server of destination server identifier lookup, establishes a communications link with this destination server, and sends this secure connection request to this destination server;
In the present embodiment, proxy server 200 receives the secure connection request comprising destination server mark that client 100 sends, according to the destination server mark in this secure connection request, search corresponding destination server 300, and set up TCP with destination server 300 and be connected, then this secure connection request is transmitted to destination server 300, to make destination server 300 according to this secure connection request, by proxy server 200, the server certificate of destination server 300 is sent to client 100, thus secure connection is set up with client 100 after client 100 has verified this server certificate.
The agent communication method that the embodiment of the present invention provides, the secure connection request comprising destination server mark of client transmission is received by proxy server, according to this destination server identifier lookup destination server, establish a communications link with this destination server, and send this secure connection request to this destination server, effect and the multiplexed port of fictitious host computer can be realized, and because proxy server can directly according to the corresponding destination server of destination server identifier lookup, and by destination server return service device certificate, and need not as certificate and the certificate private key preserving each destination server in the prior art on proxy server, therefore agent communication process can be simplified, accelerate data processing speed.
Second embodiment
Refer to Fig. 4, the flow chart of the agent communication method that Fig. 4 provides for second embodiment of the invention.The present embodiment can be applicable in the applied environment shown in Fig. 1, realizes the data communication between agent client 100 and destination server 300 by the proxy server 200 shown in Fig. 1.As shown in Figure 4, the agent communication method that the present embodiment provides comprises:
Step S201, establishes a communications link with client;
Proxy server 200 and client 100, based on Transmission Control Protocol, through three-way handshake, are set up TCP and are connected.Particularly, as shown in Figure 5, first, client 100 sends to proxy server 200 and comprises synchronous (Synchronize, SYN) TCP message indicated, this sync message can indicate the port of client 100 use and the initial sequence number (ISN) of TCP connection, wherein, ISN by the system random selecting of client 100, and in trace session process from client 100 to the data flow of proxy server 200; Secondly, proxy server 200 receives the SYN message that client 100 sends, and responds the message of confirmation of synchronization (SYNACK) to client 100, and represent that the request of client 100 is accepted, TCP sequence number is added 1 simultaneously; Finally, the SYNACK message that client 100 Receiving Agent server 200 returns, and return confirmation (ACK) message to proxy server 200, same TCP sequence number is added 1, thus sets up TCP with proxy server 200 and be connected.
Step S202, receives the secure connection request comprising destination server mark that this client sends;
This secure connection request may be used for setting up secure connection with destination server 300.Destination server mark may be used for searching destination server 300.
In the present embodiment, this secure connection request may be used for, based on SSL/TLS (Transport Layer Security, Transport Layer Security) agreement, setting up HTTPS secure connection further.
HTTPS, is take safety as the HTTP passage (the safe version of HTTP) of target, namely adds SSL under HTTP.The foundation for security of HTTPS is SSL, and the process of encryption is completed by SSL.
SSL is a kind of security protocol ensureing the data privacy of transfers on network provided on Internet basis, and TLS is the successor of SSL.
SNI (Server Name Indication, server name indicate) is defined in RFC4366, be one for improving the technology of SSL/TLS, be activated in SSLv3/TLSv1.Its permission client, when initiating SSL handshake request, is just submitted the HTTP Host information of request (being also Server Name) to, is made server can be switched to correct territory and return corresponding certificate.
In http protocol, the domain name of request is placed in HTTP Header as host header (Host), can find destination server by Host.Wherein a certain computer or calculate the title of unit on the Internet that is made up of the name of a string separation of domain name (Domain Name), for the electronic bearing of the mark computer when transfer of data.
In the present embodiment, proxy server 200 receive client 100 send comprise by server name instruction (SNI) field with destination server mark secure connection request.
Further, proxy server 200 receives the secure connection request comprising the browse request access network address of HTTP Host information that client 100 sends.By the HTTP Host information comprised in this browse request access network address, proxy server 200 can find destination server 300.
Understandably, secure connection request in this step, i.e. ClientHello request, by this secure connection request, the protocol version (such as TLS1.3 version) that client 100 is provided support to destination server 300 by proxy server 200, the random number that client 100 generates, the encryption method (such as RSA public key encryption) of support, and the compression method supported, the random number that wherein client 100 generates may be used for generating session key.
Step S203, according to this destination server identifier lookup destination server, establishes a communications link with this destination server;
In the present embodiment, proxy server 200 receive client 100 send comprise SNI field with destination server mark secure connection request, according to destination server mark (namely according to HTTP Host information) in this secure connection request, search corresponding destination server 300, with destination server 300 based on Transmission Control Protocol, through three-way handshake, set up TCP and connect.Proxy server 200 and destination server 300 set up the process that TCP is connected, and set up the similar process that TCP is connected, repeat no more herein with client 100 and proxy server 200.Like this, according to SNI field with HTTP Host information determine the destination server that needs to connect thus the effect of fictitious host computer can be realized.
Step S204, sends this secure connection request to this destination server;
Particularly, what the client 100 of reception sent by proxy server 200 comprise by SNI field with the secure connection request of destination server mark be transmitted to destination server 300, make destination server 300 beam back response (SeverHello) information according to this secure connection request.
Step S205, receives the server certificate of this destination server and is transmitted to this client;
In the present embodiment, the secure connection request that destination server 300 forwards according to proxy server 200, sends the echo message comprising the server certificate of destination server 300 to proxy server 200.The echo message comprising the server certificate of destination server 300 that proxy server receiving target server 300 sends, and this echo message is transmitted to client 100.
Understandably, except the server certificate of destination server 300, also can comprise in this echo message: confirm the coded communication protocol version (such as TLS1.3 version) used, the random number that destination server 300 generates, confirm the encryption method (such as RSA public key encryption) used, the random number that wherein destination server 300 generates may be used for producing session key.
Further, can also comprise the request of the client certificate being applied to requesting client 100 in this echo message, such as, financial institution often only allows certification client to be connected into the network of oneself, will provide usb key to formal client, the inside just contains a client certificate.
Step S206, after this client is passed through this server certificate verification, sends to the data retransmission of this destination server to this destination server by this client.
Particularly, the echo message of the destination server 300 that client 100 Receiving Agent server 200 forwards, verifies the server certificate of the destination server 300 comprised in this echo message.If this server certificate be not trust authority promulgate or certificate in domain name and actual domain name is inconsistent or certificate is expired, then confirm this server certificate not by checking, to user's warning, this user is made to select whether also to continue communication according to this warning message; If this server certificate is by checking, then client 100 takes out the PKI of destination server 300 from this server certificate, and by proxy server 200 by a random number (pre-master key), for representing that information subsequently all will change notice with the coding that agreed encryption method and key send, and for representing that client that the handshake phase of client has terminated end notification of shaking hands is transmitted to destination server 300.Wherein, client end notification of shaking hands also is simultaneously Hash (Hash) value of all the elements sent above, for verifying for destination server 300.Further, the request of the client certificate for requesting client 100 that client 100 also can forward according to proxy server 200, is transmitted to destination server 300 by this client certificate by proxy server 200.
The random number that the client 100 of reception sends by proxy server 200, coding change notifies and client is shaken hands, and end notification is transmitted to destination server 300, with the random number making destination server 300 generate according to aforementioned client 100, the random number that destination server 300 generates and pre-master key, calculate and generate this session session key used, and send for representing that the coding sent with agreed encryption method and key is all changed notice by information subsequently by proxy server 200 to client 100, and for representing the server handshaking end notification that the handshake phase of server has terminated, thus set up secure connection with client 100.Wherein, this server handshaking end notification is also the hash value of all the elements sent above simultaneously, for verifying for client 100.
After client 100 sets up secure connection by proxy server 200 and destination server 300, client 100 enters coded communication by proxy server 200 and destination server 300, based on http protocol, carries out data interaction.Wherein mutual data be by aforementioned session key after content, data can be avoided like this to be eavesdropped in transmitting procedure or distort.
The agent communication method that the embodiment of the present invention provides, the secure connection request comprising destination server mark of client transmission is received by proxy server, according to this destination server identifier lookup destination server, establish a communications link with this destination server, and send this secure connection request to this destination server, effect and the multiplexed port of fictitious host computer can be realized, and because proxy server can directly according to the corresponding destination server of destination server identifier lookup, and by destination server return service device certificate, and need not as certificate and the certificate private key preserving each destination server in the prior art on proxy server, therefore agent communication process can be simplified, accelerate data processing speed.
3rd embodiment
Refer to Fig. 6, the sequential chart of the agent communication method that Fig. 6 provides for third embodiment of the invention.The present embodiment can be applicable in the applied environment shown in Fig. 1, realizes the data communication between agent client 100 and destination server 300 by the proxy server 200 shown in Fig. 1.As shown in Figure 6, the agent communication method that the present embodiment provides comprises:
Step S301, proxy server and client establish a communications link;
Particularly, the first step, client 100 sends the TCP message comprising SYN mark to proxy server 200, this SYN message can indicate the port of client 100 use and the initial sequence number (ISN) of TCP connection, wherein, ISN by the system random selecting of client 100, and in trace session process from client 100 to the data flow of proxy server 200;
Second step, proxy server 200 receives the SYN message that client 100 sends, and responds SYNACK message to client 100, and represent that the request of client 100 is accepted, TCP sequence number is added 1 simultaneously;
3rd step, the SYNACK message that client 100 Receiving Agent server 200 returns, and return to proxy server 200 and confirm ACK message, same TCP sequence number is added 1, thus sets up TCP with proxy server 200 and be connected.
Step S302, what this proxy server received that this client sends comprise by SNI field with the secure connection request of HTTP Host information;
This secure connection request may be used for setting up HTTPS secure connection with destination server 300.HTTP Host information may be used for searching destination server 300.
HTTPS, is take safety as the HTTP passage (the safe version of HTTP) of target, namely adds SSL under HTTP.The foundation for security of HTTPS is SSL, and the process of encryption is completed by SSL.SSL is a kind of security protocol ensureing the data privacy of transfers on network provided on Internet basis, and TLS is the successor of SSL.SNI field is activated in SSLv3/TLSv1, and it allows client when initiating SSL handshake request, just submits the HTTP Host information of request to, makes server can be switched to correct territory and return corresponding certificate.In http protocol, the domain name of request is placed in HTTP Header as host header (Host), can find destination server by Host.
Understandably, secure connection request in this step, i.e. ClientHello request, by this secure connection request, the protocol version (such as TLS1.3 version) that client 100 is provided support to destination server 300 by proxy server 200, the random number that client 100 generates, the encryption method (such as RSA public key encryption) of support, and the compression method supported, the random number that wherein client 100 generates may be used for generating session key.
Step S303, this proxy server, according to this HTTP Host information searching destination server, establishes a communications link with this destination server;
In the present embodiment, proxy server 200 receive client 100 send comprise SNI field with destination server mark secure connection request, according to destination server mark (namely according to HTTP Host information) in this secure connection request, search corresponding destination server 300, set up TCP with destination server 300 and be connected.
Particularly, the first step, proxy server 200 sends the TCP message comprising SYN mark to destination server 300, this SYN message can indicate the port of proxy server 200 use and the initial sequence number (ISN) of TCP connection, wherein, ISN by the system random selecting of proxy server 200, and in trace session process from proxy server 200 to the data flow of destination server 300;
Second step, the SYN message that destination server 300 Receiving Agent server 200 sends, responds SYNACK message to proxy server 200, and represent that the request of proxy server 200 is accepted, TCP sequence number is added 1 simultaneously;
3rd step, the SYNACK message that proxy server 200 receiving target server 300 returns, and return to destination server 300 and confirm ACK message, same TCP sequence number is added 1, thus sets up TCP with destination server 300 and be connected.
Like this, according to SNI field with HTTP Host information determine need connect destination server, the effect of fictitious host computer can be realized.
Step S304, this proxy server sends this secure connection request to this destination server;
Particularly, what the client 100 of reception sent by proxy server 200 comprise by SNI field with the secure connection request of HTTP Host information be transmitted to destination server 300, make destination server 300 beam back response (SeverHello) information according to this secure connection request.
Step S305, this proxy server receives the server certificate of this destination server and is transmitted to this client;
In the present embodiment, the secure connection request that destination server 300 forwards according to proxy server 200, sends the echo message comprising the server certificate of destination server 300 to proxy server 200.The echo message comprising the server certificate of destination server 300 that proxy server 200 receiving target server 300 sends, and this echo message is transmitted to client 100.
Understandably, except the server certificate of destination server 300, also can comprise in this echo message: confirm the coded communication protocol version (such as TLS1.3 version) used, the random number that destination server 300 generates, confirm the request of encryption method (such as RSA public key encryption) and the client certificate for requesting client 100 used, such as, financial institution often only allows certification client to be connected into the network of oneself, will provide usb key to formal client, the inside just contains a client certificate.The random number that wherein destination server 300 generates may be used for producing session key.
Step S306, after this client is passed through this server certificate verification, this client sends to the data retransmission of this destination server to this destination server by this proxy server.
Particularly, the echo message of the destination server 300 that client 100 Receiving Agent server 200 forwards, verifies the server certificate of the destination server 300 comprised in this echo message.If this server certificate be not trust authority promulgate or certificate in domain name and actual domain name is inconsistent or certificate is expired, then confirm this server certificate not by checking, to user's warning, this user is made to select whether also to continue communication according to this warning message; If this server certificate is by checking, then client 100 takes out the PKI of destination server 300 from this server certificate, and by proxy server 200 by a random number (pre-master key), for representing that the coding sent with agreed encryption method and key is all changed notice by information subsequently, for representing that client that the handshake phase of client has terminated is shaken hands end notification, and the client certificate of client 100 is transmitted to destination server 300.Wherein, client end notification of shaking hands also is simultaneously Hash (Hash) value of all the elements sent above, for verifying for destination server 300.
The random number that the client 100 of reception sends by proxy server 200, coding changes notice, the shake hands client certificate of end notification and client 100 of client is transmitted to destination server 300, client 100 is verified according to the client certificate received to make destination server 300, and after this client certificate is by checking, according to the random number that aforementioned client 100 generates, the random number that destination server 300 generates and pre-master key, calculate and generate this session session key used, and send for representing that the coding sent with agreed encryption method and key is all changed notice by information subsequently by proxy server 200 to client 100, and for representing the server handshaking end notification that the handshake phase of server has terminated, thus set up secure connection with client 100.Wherein, this server handshaking end notification is also the hash value of all the elements sent above simultaneously, for verifying for client 100.
After client 100 sets up secure connection by proxy server 200 and destination server 300, client 100 enters coded communication by proxy server 200 and destination server 300, based on http protocol, carries out data interaction.Wherein mutual data be by aforementioned session key after content, data can be avoided like this to be eavesdropped in transmitting procedure or distort.
The agent communication method that the embodiment of the present invention provides, the secure connection request comprising destination server mark of client transmission is received by proxy server, according to this destination server identifier lookup destination server, establish a communications link with this destination server, and send this secure connection request to this destination server, effect and the multiplexed port of fictitious host computer can be realized, and because proxy server can directly according to the corresponding destination server of destination server identifier lookup, and by destination server return service device certificate, and need not as certificate and the certificate private key preserving each destination server in the prior art on proxy server, therefore agent communication process can be simplified, accelerate data processing speed.
4th embodiment
The structural representation of the agent communication device that Fig. 7 provides for fourth embodiment of the invention.The agent communication device that the present embodiment provides can run in the proxy server 200 shown in Fig. 1, for realizing the agent communication method in above-described embodiment.As shown in Figure 7, agent communication device 40 comprises: communication connection is set up module 41, first receiver module 42, searched module 43 and the first sending module 44.
Communication connection sets up module 41, for establishing a communications link with client;
First receiver module 42, for receiving the secure connection request comprising destination server mark that this client sends, this secure connection request is used for request and sets up secure connection with this destination server;
Search module 43, for according to this this destination server of destination server identifier lookup;
Communication connection sets up module 41, also for establishing a communications link with this destination server;
First sending module 44, for sending this secure connection request to this destination server.
Each module can be by software code realization above, and now, above-mentioned each module can be stored in memory 232, as shown in Figure 8.Each module can be realized by hardware such as integrated circuit (IC) chip equally above.
The present embodiment, to the detailed process of each Implement of Function Module of agent communication device 40 function separately, refers to the particular content of above-mentioned Fig. 1 to middle description embodiment illustrated in fig. 6, repeats no more herein.
The agent communication device that the embodiment of the present invention provides, by receiving the secure connection request comprising destination server mark that client sends, according to this destination server identifier lookup destination server, establish a communications link with this destination server, and send this secure connection request to this destination server, effect and the multiplexed port of fictitious host computer can be realized, and because proxy server can directly according to the corresponding destination server of destination server identifier lookup, and by destination server return service device certificate, and need not as certificate and the certificate private key preserving each destination server in the prior art on proxy server, therefore agent communication process can be simplified, accelerate data processing speed.
5th embodiment
The structural representation of the agent communication device that Fig. 9 provides for fifth embodiment of the invention.The agent communication device that the present embodiment provides can run in the proxy server 200 shown in Fig. 1, for realizing the agent communication method in above-described embodiment.As shown in Figure 9, agent communication device 50 comprises: communication connection is set up module 41, first receiver module 42, searched module 43, first sending module 44, second receiver module 55, second sending module 56 and the 3rd sending module 57.
Communication connection sets up module 41, for establishing a communications link with client;
First receiver module 42, for receiving the secure connection request comprising destination server mark that this client sends, this secure connection request is used for request and sets up secure connection with this destination server;
Search module 43, for according to this this destination server of destination server identifier lookup;
Communication connection sets up module 41, also for establishing a communications link with this destination server;
First sending module 44, for sending this secure connection request to this destination server;
Second receiver module 55, for receiving the server certificate of this destination server;
Second sending module 56, the server certificate for this destination server received by the first receiver module 55 is transmitted to this client;
3rd sending module 57, for after this client is passed through this server certificate verification, sends to the data retransmission of this destination server to this destination server by this client.
Preferably, the first receiver module 42, also for receive this client send comprise by server name indication field with destination server mark secure connection request.
Preferably, the first receiver module 42, also for receiving the secure connection request comprising the browse request access network address of HTTP Host information that this client sends.
The present embodiment, to the detailed process of each Implement of Function Module of agent communication device 50 function separately, refers to the particular content of above-mentioned Fig. 1 to middle description embodiment illustrated in fig. 6, repeats no more herein.
The agent communication device that the embodiment of the present invention provides, by receiving the secure connection request comprising destination server mark that client sends, according to this destination server identifier lookup destination server, establish a communications link with this destination server, and send this secure connection request to this destination server, effect and the multiplexed port of fictitious host computer can be realized, and because proxy server can directly according to the corresponding destination server of destination server identifier lookup, and by destination server return service device certificate, and need not as certificate and the certificate private key preserving each destination server in the prior art on proxy server, therefore agent communication process can be simplified, accelerate data processing speed.
It should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or device and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or device.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the device comprising described key element and also there is other identical element.
It will be appreciated by those skilled in the art that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be do not depart from technical solution of the present invention content, according to any simple modification that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (10)
1. an agent communication method, is characterized in that, comprising:
Establish a communications link with client;
Receive the secure connection request comprising destination server mark that described client sends, described secure connection request is used for request and sets up secure connection with described destination server;
Destination server according to described destination server identifier lookup, establishes a communications link with described destination server, and sends described secure connection request to described destination server.
2. method according to claim 1, is characterized in that, the secure connection request comprising destination server mark of the described client transmission of described reception comprises:
Receive described client send comprise by server name indication field with destination server mark secure connection request.
3. method according to claim 1, is characterized in that, the secure connection request comprising destination server mark of the described client transmission of described reception also comprises:
Receive the secure connection request comprising the browse request access network address of HTTP Host information that described client sends.
4. the method according to any one of claims 1 to 3, is characterized in that, comprises after described and described destination server establishes a communications link:
Receive the server certificate of described destination server and be transmitted to described client.
5. method according to claim 4, is characterized in that, described method also comprises:
After described client is passed through described server certificate verification, described client sent to the data retransmission of described destination server to described destination server.
6. an agent communication device, is characterized in that, comprising:
Communication connection sets up module, for establishing a communications link with client;
First receiver module, for receiving the secure connection request comprising destination server mark that described client sends, described secure connection request is used for request and sets up secure connection with described destination server;
Search module, for destination server according to described destination server identifier lookup;
Module is set up in described communication connection, also for establishing a communications link with described destination server;
First sending module, for sending described secure connection request to described destination server.
7. device according to claim 6, is characterized in that, described first receiver module, also for receive described client send comprise by server name indication field with destination server mark secure connection request.
8. device according to claim 6, is characterized in that, described first receiver module, also for receiving the secure connection request comprising the browse request access network address of HTTP Host information that described client sends.
9. the device according to any one of claim 6 to 8, is characterized in that, described device also comprises:
Second receiver module, for receiving the server certificate of described destination server;
Second sending module, the server certificate for the described destination server received by described first receiver module is transmitted to described client.
10. device according to claim 9, is characterized in that, described device also comprises:
3rd sending module, for after described client is passed through described server certificate verification, sends to the data retransmission of described destination server to described destination server by described client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410462418.4A CN104980419B (en) | 2014-09-11 | 2014-09-11 | A kind of agent communication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410462418.4A CN104980419B (en) | 2014-09-11 | 2014-09-11 | A kind of agent communication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104980419A true CN104980419A (en) | 2015-10-14 |
| CN104980419B CN104980419B (en) | 2019-04-09 |
Family
ID=54276527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410462418.4A Active CN104980419B (en) | 2014-09-11 | 2014-09-11 | A kind of agent communication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104980419B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105976141A (en) * | 2016-04-29 | 2016-09-28 | 京信通信技术(广州)有限公司 | Networked logistics inventory method and device |
| CN106506461A (en) * | 2016-10-17 | 2017-03-15 | 中国电子技术标准化研究院 | A kind of implementation method of the safe DNP agreements based on SCADA system |
| CN106657076A (en) * | 2016-12-26 | 2017-05-10 | 北京神州绿盟信息安全科技股份有限公司 | TCP service implementation method and device of network namespace |
| WO2018018640A1 (en) * | 2016-07-29 | 2018-02-01 | 华为技术有限公司 | Information interaction method, device and system |
| CN108156224A (en) * | 2017-12-14 | 2018-06-12 | 上海格尔软件股份有限公司 | The method that self-defined agent tunnel agreement is realized based on tls protocol SNI mechanism |
| CN108696506A (en) * | 2017-04-10 | 2018-10-23 | Ise软件定制和电子有限公司 | Method, equipment, computer-readable medium and the system of connection are established between client and target device or terminal device |
| CN109450945A (en) * | 2018-12-26 | 2019-03-08 | 成都西维数码科技有限公司 | A kind of web page access method for safety monitoring based on SNI |
| CN109474568A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | For the detection method and system for realizing malicious attack using the preposition technology in domain |
| CN110166470A (en) * | 2019-05-28 | 2019-08-23 | 北京奇安信科技有限公司 | A kind of network service analogy method and device |
| CN110493353A (en) * | 2019-09-05 | 2019-11-22 | 香港乐蜜有限公司 | Communication means, device and server |
| CN111031063A (en) * | 2019-12-24 | 2020-04-17 | 广东小天才科技有限公司 | Data transmission method and device based on family education machine |
| CN111031122A (en) * | 2019-12-05 | 2020-04-17 | 北京海兰信数据科技股份有限公司 | Ship data processing method and device |
| CN111934888A (en) * | 2020-09-27 | 2020-11-13 | 南京可信区块链与算法经济研究院有限公司 | Safety communication system of improved software defined network |
| WO2023130970A1 (en) * | 2022-01-05 | 2023-07-13 | 华为技术有限公司 | Trusted measurement-integrated communication method and apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242324A (en) * | 2007-02-09 | 2008-08-13 | 联想网御科技(北京)有限公司 | A remote secure access method and system based on SSL protocol |
| US20100049612A1 (en) * | 2001-02-20 | 2010-02-25 | International Business Machines Corporation | Content provision, distribution, registration, management, and reproduction |
| CN102118386A (en) * | 2009-12-25 | 2011-07-06 | 佳能It解决方案股份有限公司 | Relay device and relay processing method |
| CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
-
2014
- 2014-09-11 CN CN201410462418.4A patent/CN104980419B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100049612A1 (en) * | 2001-02-20 | 2010-02-25 | International Business Machines Corporation | Content provision, distribution, registration, management, and reproduction |
| CN101242324A (en) * | 2007-02-09 | 2008-08-13 | 联想网御科技(北京)有限公司 | A remote secure access method and system based on SSL protocol |
| CN102118386A (en) * | 2009-12-25 | 2011-07-06 | 佳能It解决方案股份有限公司 | Relay device and relay processing method |
| CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
Non-Patent Citations (2)
| Title |
|---|
| 付沙等: "基于SSL协议的客户端安全代理的研究与实现", 《计算机与现代化》 * |
| 曲波等: "面向安全Web服务器的SSL代理服务器的设计与实现", 《华中科技大学学报(自然科学版)》 * |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105976141A (en) * | 2016-04-29 | 2016-09-28 | 京信通信技术(广州)有限公司 | Networked logistics inventory method and device |
| WO2018018640A1 (en) * | 2016-07-29 | 2018-02-01 | 华为技术有限公司 | Information interaction method, device and system |
| CN106506461A (en) * | 2016-10-17 | 2017-03-15 | 中国电子技术标准化研究院 | A kind of implementation method of the safe DNP agreements based on SCADA system |
| CN106657076A (en) * | 2016-12-26 | 2017-05-10 | 北京神州绿盟信息安全科技股份有限公司 | TCP service implementation method and device of network namespace |
| CN106657076B (en) * | 2016-12-26 | 2020-04-07 | 北京神州绿盟信息安全科技股份有限公司 | TCP service implementation method and device for network name space |
| CN108696506A (en) * | 2017-04-10 | 2018-10-23 | Ise软件定制和电子有限公司 | Method, equipment, computer-readable medium and the system of connection are established between client and target device or terminal device |
| CN108696506B (en) * | 2017-04-10 | 2020-10-09 | Ise软件定制和电子有限公司 | Method, medium, and system for establishing connection between client and terminal device |
| CN108156224B (en) * | 2017-12-14 | 2020-11-13 | 格尔软件股份有限公司 | Method for realizing custom proxy tunnel protocol based on TLS protocol SNI mechanism |
| CN108156224A (en) * | 2017-12-14 | 2018-06-12 | 上海格尔软件股份有限公司 | The method that self-defined agent tunnel agreement is realized based on tls protocol SNI mechanism |
| CN109474568A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | For the detection method and system for realizing malicious attack using the preposition technology in domain |
| CN109474568B (en) * | 2017-12-25 | 2021-09-28 | 北京安天网络安全技术有限公司 | Detection method and system for realizing malicious attack by using domain pre-positioning technology |
| CN109450945A (en) * | 2018-12-26 | 2019-03-08 | 成都西维数码科技有限公司 | A kind of web page access method for safety monitoring based on SNI |
| CN110166470A (en) * | 2019-05-28 | 2019-08-23 | 北京奇安信科技有限公司 | A kind of network service analogy method and device |
| CN110166470B (en) * | 2019-05-28 | 2022-07-19 | 奇安信科技集团股份有限公司 | Network service simulation method and device |
| CN110493353A (en) * | 2019-09-05 | 2019-11-22 | 香港乐蜜有限公司 | Communication means, device and server |
| CN111031122A (en) * | 2019-12-05 | 2020-04-17 | 北京海兰信数据科技股份有限公司 | Ship data processing method and device |
| CN111031122B (en) * | 2019-12-05 | 2022-07-22 | 北京海兰信数据科技股份有限公司 | Ship data processing method and device |
| CN111031063B (en) * | 2019-12-24 | 2022-03-22 | 广东小天才科技有限公司 | Data transmission method and device based on family education machine |
| CN111031063A (en) * | 2019-12-24 | 2020-04-17 | 广东小天才科技有限公司 | Data transmission method and device based on family education machine |
| CN111934888A (en) * | 2020-09-27 | 2020-11-13 | 南京可信区块链与算法经济研究院有限公司 | Safety communication system of improved software defined network |
| WO2023130970A1 (en) * | 2022-01-05 | 2023-07-13 | 华为技术有限公司 | Trusted measurement-integrated communication method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104980419B (en) | 2019-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104980419A (en) | Agent communication method and device | |
| US11502854B2 (en) | Transparently scalable virtual hardware security module | |
| US8819253B2 (en) | Network message generation for automated authentication | |
| US9021552B2 (en) | User authentication for intermediate representational state transfer (REST) client via certificate authority | |
| JP4061288B2 (en) | WEB service system, requester, SOAP message intermediate processing device, requester request SOAP message processing method, requestor response SOAP message processing method, SOAP message intermediate processing device request SOAP message processing method, SOAP message intermediate SOAP message processing method and program for response of processing device | |
| US11777914B1 (en) | Virtual cryptographic module with load balancer and cryptographic module fleet | |
| US9450758B1 (en) | Virtual requests | |
| CN111628976B (en) | Message processing method, device, equipment and medium | |
| CN102238007A (en) | Method, device and system for acquiring session token of user by third-party application | |
| JP7235930B2 (en) | Methods and apparatus, electronic devices, storage media and computer programs for processing data requests | |
| CN105025041A (en) | File upload method, file upload apparatus and system | |
| CN110276000B (en) | Method and device for acquiring media resources, storage medium and electronic device | |
| JP2017513151A (en) | Private cloud connection device cluster architecture | |
| CN109521956B (en) | Cloud storage method, device, equipment and storage medium based on block chain | |
| WO2014111022A1 (en) | Mobile terminal user information display method, mobile terminal, and service system | |
| CN105354451A (en) | Access authentication method and system | |
| CN104378379A (en) | Encryption transmission method, equipment and system for digital content | |
| CN110401641A (en) | User authen method, device, electronic equipment | |
| CN105791359A (en) | Internet of things system and data interaction method | |
| CN108564363B (en) | Transaction processing method, server, client and system | |
| CN112199622A (en) | Page jump method, system and storage medium | |
| WO2016091067A1 (en) | Data operation method and device | |
| CN111865761B (en) | Social chat information evidence storing method based on block chain intelligent contracts | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190805 Address after: 518000 Nanshan District science and technology zone, Guangdong, Zhejiang Province, science and technology in the Tencent Building on the 1st floor of the 35 layer Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: Shenzhen Futian District City, Guangdong province 518000 Zhenxing Road, SEG Science Park 2 East Room 403 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |
|
| TR01 | Transfer of patent right |