Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide and a kind ofly grow the security control method and system that connect application access, longly connects application access management and control for solve in prior art and takies a large amount of time and the problem of internal memory.
For achieving the above object and other relevant objects, the invention provides a kind of security control method growing connection application access, be applied to applications client and long connection server is carrying out in the process of long connecting communication based on Transmission Control Protocol, the described long security control method connecting application access comprises: applications client adds predefined application ID in the TCP connection request of initiating; The tcp protocol stack of long connection server extracts the described application ID in described TCP connection request; Described long connection server judges, in the relation table whether described application ID prestores in described long connection server, if so, then to process described TCP connection request, set up long connection, if not, then refuse described TCP connection request with described applications client.
Alternatively, described applications client adds described application ID in the Options field of Transmission Control Protocol.
Alternatively, pre-defined described application ID is 64 unsigned int numbers of 8 bytes.
Alternatively, described application ID carries out pre-defined and updating maintenance by long Connection Service side.
Alternatively, the detailed process of adding predefined application ID comprises: the license passport of the application ID that applications client providing package described in described long Connection Service direction is applied containing application developmentpackage and correspondence; When described applications client uses described application developmentpackage, automatically read application ID in described license passport and stored in the Options field of Transmission Control Protocol.
For achieving the above object, the present invention also provides a kind of and grows the security management and control system connecting application access, be applied to applications client and long connection server is carrying out in the process of long connecting communication based on Transmission Control Protocol, the described long security management and control system connecting application access comprises: application ID adds module, be configured in described applications client, in the TCP connection request of initiating, add predefined application ID for described applications client; Application ID extraction module, be configured in described long connection server, the tcp protocol stack for described long connection server extracts the described application ID in described TCP connection request; Relation table memory module, is configured in described long connection server, for storing the relation table comprising described application ID and corresponding Apply Names; Judge module, to be configured in described long connection server and to be connected with described relation table memory module, for judging in the relation table whether described application ID prestores in described long connection server; Control module, to be configured in described long connection server and to be connected with described judge module, described TCP connection request is processed during for there is described application ID in described relation table, set up long connection with described applications client, when there is not described application ID in described relation table, refuse described TCP connection request.
Alternatively, described application ID adds module and adds described application ID in the Options field of Transmission Control Protocol.
Alternatively, pre-defined described application ID is 64 unsigned int numbers of 8 bytes.
Alternatively, also comprise being configured at place of long Connection Service side and adding module with the described ID of application and be connected, for carrying out definition maintenance module that is pre-defined and updating maintenance to described application ID.
Alternatively, described definition maintenance module comprises: to described applications client providing package containing the license passport unit of application developmentpackage with the license passport of the application ID of corresponding application; When described applications client uses described application developmentpackage, described application ID adds module and automatically reads application ID in described license passport and stored in the Options field of Transmission Control Protocol.
As mentioned above, a kind of security control method and system growing connection application access of the present invention, has following beneficial effect:
The present invention detects the application side of request access by adding in Transmission Control Protocol aspect, carry out application access management and control before connection establishment, what avoid that prior art adopts first connects, then the method disconnected, and saves the resource overhead of connection establishment and disconnection.The present invention is simply efficient, has stronger versatility and practicality.
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this specification can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this specification also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
The object of the present invention is to provide and a kind ofly grow the security control method and system that connect application access, longly connect application access management and control for solve in prior art and take a large amount of time and the problem of internal memory.Of the present inventionly a kind ofly growing the security control method and the principle of system and execution mode that connect application access by elaborating below, making those skilled in the art not need creative work to understand and of the present inventionly a kind ofly growing the security control method and system that connect application access.
The present embodiment provides a kind of and grows the security control method connecting application access, and what solve is the safety issue of long Connection Service applications client access based on Transmission Control Protocol (Transmission Control Protocol, TCP).
The present embodiment provides a kind of and grows the security control method connecting application access, adopt in the field specified at Transmission Control Protocol and add application ID (App ID), this application ID, by long Connection Service provider unified definition, safeguards and issues, for identifying each application side that it is approved.Long connection server is when receiving the connection request that applications client is initiated, and its tcp protocol stack extracts this application ID and carries out checking whether into valid application, and check as do not passed through, server is by this connection request of refusal.Meanwhile, application ID is regularly replaced by long Connection Service provider and safeguards, to strengthen the safety and reliability of this mechanism.
Particularly, as shown in Figure 1, the present embodiment provides a kind of and grows the security control method connecting application access, is applied to applications client and long connection server is carrying out in the process of long connecting communication based on Transmission Control Protocol, and the described long security control method connecting application access comprises the following steps.
Step S11, applications client adds predefined application ID in the TCP connection request of initiating; Wherein, described application ID carries out pre-defined and updating maintenance, to ensure its safety and reliability by long Connection Service side.That is, long Connection Service Fang Weiqi allows the various application definitions of access (or certification) to apply ID (App ID) accordingly.
Pre-defined described application ID is 64 unsigned int numbers of 8 bytes.
Particularly, in the present embodiment, described applications client adds described application ID in the Options field of Transmission Control Protocol.Namely, the application ID that the Options field store application of Transmission Control Protocol is relevant is used.
According to RFC 793, Transmission Control Protocol defines the Options field in TCP Header, and this field is used for carrying ancillary information.The present invention adopts this Options field to carry application id information.Options Field Definition is as shown in table 1.
Table 1
As shown in Figure 2, the detailed process of adding predefined application ID comprises: the license passport of the application ID that applications client providing package described in described long Connection Service direction is applied containing application developmentpackage and correspondence; When described applications client uses described application developmentpackage, automatically read application ID in described license passport and stored in the Options field of Transmission Control Protocol.
Long Connection Service provider is responsible for regular update and maintenance application ID, to ensure its safety and reliability, is defined as follows issuing and update mode of application ID:
1) long Connection Service direction application side provides license passport, containing effectively applying ID in this certificate.
2) long Connection Service side provides application developmentpackage (App SDK), when applications client uses SDK, automatically reads the application ID in license passport, stored in the Options field that TCP connects.
3) long Connection Service side reaches the object of more new opplication ID by regular update license passport.
Therefore a kind of security control method connecting application access of growing that the present embodiment provides uses application ID (App ID) to identify application, and this sign, by long Connection Service provider unified definition, is issued by ad hoc fashion and safeguards.
Step S12, the tcp protocol stack of long connection server extracts the described application ID in described TCP connection request; Particularly, in the present embodiment, long connection server checks that TCP connects the application ID in Options field, to judge the legitimacy applied, and whether provides long Connection Service.
Step S13, described long connection server judges in the described relation table that whether prestores in described long connection server of application ID, if so, then then step S14, if not, then then step S15.Wherein, in long connection server, definition and the related table between maintenance application ID and application, as shown in table 2.
Table 2
Application ID |
Apply names |
0x02FF |
Application 1 |
0x045A |
Application 2 |
0x03AC |
Application 3 |
… |
… |
Step S14, processes described TCP connection request, sets up long connection with described applications client.
Step S15, refuses described TCP connection request.
For the security control method making those skilled in the art understand the long connection application access in the present embodiment further, the long implementation process connecting the security control method applying access in the present embodiment will be further illustrated below.
When applications client uses SDK, application ID in automatic reading license passport, stored in the Options field that TCP connects, applications client presses as above rule definition Options field in the TCP connection request of initiating, the tcp protocol stack of long connection server extracts the application ID value of Options field in connection request, in the related table of the application ID value extracted of long connection server inspection whether in server, as existed, then continue process connection request, until connection establishment, if do not existed, then refuse connection request.Long Connection Service provider is responsible for regular update and maintenance application ID, to ensure its safety and reliability.The long security control method connecting application access in the present embodiment adds asking the application side of access to be detected in Transmission Control Protocol aspect, carry out application access management and control before connection establishment, what avoid that prior art adopts first connects, the method disconnected again, saves the resource overhead of connection establishment and disconnection.
For achieving the above object, the present embodiment provides a kind of and grows the security management and control system connecting application access, what solve is the safety issue of long Connection Service applications client access based on Transmission Control Protocol (Transmission Control Protocol, TCP).The present embodiment provides a kind of and grows the security management and control system connecting application access, be applied to applications client and long connection server is carrying out in the process of long connecting communication based on Transmission Control Protocol, adopt in the field specified at Transmission Control Protocol and add application ID (App ID), this application ID is by long Connection Service provider unified definition, safeguard and issue, for identifying each application side that it is approved.Long connection server is when receiving the connection request that applications client is initiated, and its tcp protocol stack extracts this application ID and carries out checking whether into valid application, and check as do not passed through, server is by this connection request of refusal.Meanwhile, application ID is regularly replaced by long Connection Service provider and safeguards, to strengthen the safety and reliability of this mechanism.
Particularly, in the present embodiment, as shown in Figure 3, the long security management and control system 1 connecting application access comprises: application ID adds module 11, relation table memory module 12, application ID extraction module 13, judge module 14, control module 15 and definition maintenance module 16.
Application ID adds module 11 and is configured in described applications client, and relation table memory module 12, application ID extraction module 13, judge module 14, control module 15 are configured in described long connection server, and definition maintenance module 16 is configured at place of long Connection Service side.
As shown in Figure 4, applications client, connection diagram between long connection server and long Connection Service side is shown as.Wherein long Connection Service direction applications client issues the certificate comprising application ID, when applications client uses described application developmentpackage, automatically reads the application ID in described license passport.The TCP that applications client initiates to carry application ID to long connection server connects, and long connection server sets up long connecting communication by detection application ID and applications client.
Application ID adds module 11 and is configured in described applications client, adds predefined application ID for described applications client in the TCP connection request of initiating.Particularly, in the present embodiment, described application ID adds module 11 and adds described application ID in the Options field of Transmission Control Protocol.
Wherein, described application ID carries out pre-defined and updating maintenance, to ensure its safety and reliability by long Connection Service side.Definition maintenance module 16 is configured at place of long Connection Service side and adds module 11 with the described ID of application and is connected, for carrying out pre-defined and updating maintenance to described application ID.
Particularly, in the present embodiment, described definition maintenance module 16 comprises: to described applications client providing package containing the license passport unit of application developmentpackage with the license passport of the application ID of corresponding application; When described applications client uses described application developmentpackage, described application ID adds module 11 and automatically reads application ID in described license passport and stored in the Options field of Transmission Control Protocol.
That is, long Connection Service Fang Weiqi allows the various application definitions of access (or certification) to apply ID (AppID) accordingly.
Pre-defined described application ID is 64 unsigned int numbers of 8 bytes.
Particularly, in the present embodiment, described applications client adds described application ID in the Options field of Transmission Control Protocol.Namely, the application ID that the Options field store application of Transmission Control Protocol is relevant is used.
According to RFC 793, Transmission Control Protocol defines the Options field in TCP Header, and this field is used for carrying ancillary information.The present invention adopts this Options field to carry application id information.Options Field Definition as shown in Table 1 above.
The license passport of the application ID that applications client providing package described in described long Connection Service direction is applied containing application developmentpackage and correspondence; When described applications client uses described application developmentpackage, automatically read application ID in described license passport and stored in the Options field of Transmission Control Protocol.
Application ID extraction module 13 is configured in described long connection server, and the tcp protocol stack for described long connection server extracts the described application ID in described TCP connection request.
Long Connection Service provider is responsible for regular update and maintenance application ID, to ensure its safety and reliability, is defined as follows issuing and update mode of application ID:
1) long Connection Service direction application side provides license passport, containing effectively applying ID in this certificate.
2) long Connection Service side provides application developmentpackage (App SDK), when applications client uses SDK, automatically reads the application ID in license passport, stored in the Options field that TCP connects.
3) long Connection Service side reaches the object of more new opplication ID by regular update license passport.
Therefore a kind of security management and control system 1 connecting application access of growing that the present embodiment provides uses application ID (App ID) to identify application, and this sign, by long Connection Service provider unified definition, is issued by ad hoc fashion and safeguards.
Relation table memory module 12 is configured in described long connection server, for storing the relation table comprising described application ID and corresponding Apply Names.Wherein, definition and the related table between maintenance application ID and application in relation table memory module 12, shown in table 2 as above.
Judge module 14 to be configured in described long connection server and to be connected with described relation table memory module 12, for judging described application in the relation table whether ID prestore in described long connection server, and judged result is sent in control module 15.
Control module 15 to be configured in described long connection server and to be connected with described judge module 14, described TCP connection request is processed during for there is described application ID in described relation table, set up long connection with described applications client, when there is not described application ID in described relation table, refuse described TCP connection request.
For the security management and control system 1 making those skilled in the art understand the long connection application access in the present embodiment further, the long course of work connecting the security management and control system 1 applying access in the present embodiment will be further illustrated below.
When applications client uses SDK, module 11 of adding application ID reads the application ID in license passport automatically, stored in the Options field that TCP connects, applications client presses as above rule definition Options field in the TCP connection request of initiating, the application ID extraction module 13 of long connection server extracts the application ID value of Options field in connection request by tcp protocol stack, long connection server judges in the relation table of the application ID value of extraction whether in relation table memory module 12 by judge module 14, as existed, then control module 15 controls to continue process connection request, until connection establishment, if do not existed, then control module 15 controls refusal connection request.Long Connection Service side passes through definition maintenance module 16 regular update and maintenance application ID, to ensure its safety and reliability.
In sum, the present invention detects the application side of request access by adding in Transmission Control Protocol aspect, carries out application before connection establishment and accesses management and control, and what avoid that prior art adopts first connects, the method disconnected again, saves the resource overhead of connection establishment and disconnection.The present invention is simply efficient, has stronger versatility and practicality.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.