Embodiment
Here will be described exemplary embodiment in detail, its sample table shows in the accompanying drawings.When description below relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawing represents same or analogous key element.Execution mode described in following exemplary embodiment does not represent all execution modes consistent with the application.On the contrary, they only with as in appended claims describe in detail, the example of apparatus and method that some aspects of the application are consistent.
Only for describing the object of specific embodiment at term used in this application, and not intended to be limiting the application." one ", " described " and " being somebody's turn to do " of the singulative used in the application and appended claims is also intended to comprise most form, unless context clearly represents other implications.It is also understood that term "and/or" used herein refer to and comprise one or more project of listing be associated any or all may combine.
Term first, second, third, etc. may be adopted although should be appreciated that to describe various information in the application, these information should not be limited to these terms.These terms are only used for the information of same type to be distinguished from each other out.Such as, when not departing from the application's scope, the first information also can be called as the second information, and similarly, the second information also can be called as the first information.Depend on linguistic context, word as used in this " if " can be construed as into " ... time " or " when ... time " or " in response to determining ".
For current Problems existing, the application provides a kind of and sets up the client solution that be connected long with service end.The network environment of this solution comprises: client, connection server, key server and service server.Described client is arranged on subscriber terminal equipment usually, and user can visit the service server of software supplier by client.Described connection server connects client and service server, the message communicated between transfer client and service server.Described key server is used for providing the information such as key, connection server address for client.
Please refer to Fig. 1, Fig. 1 is that the client of setting up that the application one embodiment provides grows with service end the method be connected, and the method application on the client, comprises the following steps:
Step 101, obtains key, connection ID and connection server address from key server.
In the present embodiment, described key server is used for providing the information such as key, connection ID, connection server address, key expiration time for client.User is when using client to log in, and client is to the key used from described key server acquisition data communication, and communicate with service server used connection ID and connection server address.Described connection ID is the unique identification of client communication, and the connection ID of different clients is different, and described connection server address can be multiple.
Step 102, according to described connection server address, sends connection request to described connection server, carries described connection ID, obtain key corresponding to described connection ID for described connection server to described key server in described connection request.
Based on the connection server address that step 101 gets, client can be initiated to connect to it in random selecting connection server address, and carry the connection ID that key server provides in a connection request, described connection server, after receiving connection request, obtains corresponding key according to described connection ID to described key server.
Step 103, and mutually decipher verification by described key between described connection server, and connected by rear and described connection server in deciphering verification.
In the present embodiment, based on step 101, client gets key from key server, and based on step 102, connection server also can get described key from key server according to the connection ID of carrying in client's side link request.In this step, client and connection server decipher verification mutually according to the key got separately, if deciphering verification is passed through, connection server can send successful connection message to notify that client's side link is successfully established.
Step 104, sends heartbeat message to described connection server by the time cycle of presetting.
Client, after successfully connecting with connection server, safeguards the validity of connection by periodically sending heartbeat message, so that client receives the message that described connection server pushes.
Described as can be seen from above, the application's client is before communicating with service end, first obtain the information such as key, connection ID and connection server address from key server, then client and connection server are by carrying out deciphering verification mutually to complete handshake procedure, are connected with the long of service end subsequently through heartbeat message maintenance.The application uses the communications protocol of autonomous Design, and can realize being encrypted the data of user's transmission simultaneously, and fail safe is higher.
Please refer to Fig. 2, Fig. 2 is that the client of setting up that the application one embodiment provides grows with service end the method be connected, and the method is applied on connection server, comprises the following steps:
Step 201, receives the connection request that client sends, carries the connection ID of client in described connection request.
Step 202, obtains key corresponding to described connection ID from key server.
In the present embodiment, connection server is after the connection request receiving client transmission, the connection ID that client is carried is obtained from described connection request, then described connection ID is sent to key server, to obtain the key that key server distributes for the client sending described connection request.
Step 203, and mutually decipher verification by described key between described client, and connected by rear and described client in deciphering verification.
In the present embodiment, connection server is based on the key got in step 202, and client deciphers verification mutually, if deciphering verification is passed through, then sends successful connection message to notify that client's side link is successfully established.
Step 204, receive client send heartbeat message, with safeguard with client before described connection.
Described as can be seen from above, the connection server of the application is after receiving the connection request of client, the key being handed down to client is first obtained from key server, then connection server and client are by carrying out deciphering verification mutually to complete handshake procedure, are connected with the long of client subsequently through the heartbeat message maintenance received.The application uses the communications protocol of autonomous Design, and can realize being encrypted the data of user's transmission simultaneously, and fail safe is higher.
Below with in specific implementation process, it is that example is described that client and service end set up the long process be connected.
Please refer to Fig. 3 and Fig. 4, what the application one embodiment provided sets up the client method that be connected long with service end, and the method comprises the following steps:
Step 301, client obtains key, connection ID and connection server address from key server.
In this step; usually the domain name of described key server can be preserved in client; after user uses client logs system; such as: user inputs username and password on client end interface; the information such as the log-on message of user, terminal type and version number, by key server according to the key server domain name access preserved, are sent to described key server by client.
Key server is this client establishment key, key expiration time, connection ID according to above-mentioned information, and preserves the corresponding relation of above-mentioned information and client logs information.Meanwhile, described key server also can gather the operable connection server address of this client current.Wherein, described key is enciphering and deciphering algorithm, such as: DES (DataEncryptionStandard, DEA), AES (AdvancedEncryptionStandard, Advanced Encryption Standard) etc., the application does not limit enciphering and deciphering algorithm.The log-on message of described connection ID and user is corresponding, and be the unique identification that described client uses in communication process, described key server is that different clients creates different connection ID.Described connection server address includes: connection server IP address and port numbers, and described connection server address is generally multiple.The information such as above-mentioned key, key expiration time, connection ID and connection server address are returned to client by described key server.
Certainly, client is with in the process of key server communication, also can the certificate of authentication secret server whether legal effectively and domain name whether mate etc., those skilled in the art can be known according to the implementation procedure in correlation technique, and the application does not repeat them here.
Step 302, client, according to described connection server address, sends connection request to described connection server.
In this step, in the connection server address that client can return at key server, random selecting connection server initiates connection request, and carries connection ID in described connection request.
Step 303, connection server receives described connection request, obtains key corresponding to described connection ID from key server.
In this step, connection server is after the connection request receiving client transmission, therefrom obtain the connection ID that client is carried, then this connection ID is sent to key server, key corresponding for described connection ID is sent to described connection server by key server.So far, client and connection server all obtain described key, and then can be decrypted verification according to described key.
If described connection server obtains key failure corresponding to described connection ID, such as: Network Abnormal causes described connection server not receive described key within the time of presetting, the then connection of described connection server disconnection and client, client re-executes step 301 after the error is detected.
Step 304, connection server sends to client by the first initial data and according to the first enciphered data that described secret key encryption first initial data obtains.
In this step, described connection server is getting key corresponding to client's side link ID, after namely key server is handed down to the key of client, stochastic generation first initial data, then the first initial data described in described secret key encryption is used to obtain the first enciphered data, described first initial data and described first enciphered data are sent to client, verifies for client decrypts.
Step 305, client is the first enciphered data according to the secret key decryption got from key server.
In this step, client judges that whether the data that described first enciphered data of deciphering obtains are consistent with described first initial data, if unanimously, then confirms that the deciphering verification of this side is passed through, goes to step 306.If inconsistent, then the connection of disconnection and described connection server, re-executes step 301.
Step 306, client sends the second initial data and the second enciphered data of obtaining of described second initial data of encryption to described connection server.
In this step, in this side, deciphering verifies by rear client, stochastic generation second initial data, then the second initial data described in its secret key encryption got at key server is used to obtain the second enciphered data, described second initial data and the second enciphered data are sent to described connection server, is decrypted verification for described connection server.
Step 307, described second enciphered data of connection server deciphering.
In this step, described connection server is the second enciphered data according to the secret key decryption got from key server, then judges that data whether with the second initial data that described second enciphered data of deciphering obtains is consistent, if unanimously, then confirm that the deciphering verification of this side is passed through, go to step 308.If inconsistent, the connection of disconnection and client, client re-executes step 301 after mistake being detected.
Step 308, connection server sends successful connection message to described client.
So far, client, after the successful connection message receiving connection server transmission, would have been completed the handshake procedure with described connection server, and success establishes with described connection server and is connected.
Step 309, client sends heartbeat message to described connection server by the time cycle of presetting.
Client is after successfully connecting with connection server, and can safeguard that described connection is not interrupted by sending heartbeat message, the described default time cycle can be arranged by developer.Described connection server receive client send be heartbeat message after, safeguard that the connection of itself and client is not interrupted.If described connection server does not receive the heartbeat message that client sends within the time of presetting, such as, the heartbeat message that client sends all is not received in 2 minutes, the then disconnecting of confirmation and client, send error message to client, so that client re-establishes connection.Certainly, in practical implementations, consider that the factors such as network concussion may cause message delay, also can take retry mechanism, such as: at continuous 3 in 2 minutes, namely all do not receive the heartbeat message that client sends in 6 minutes, then confirm disconnecting.
So far, just establish long connection between client and connection server, based on described long connection, client can be communicated with service server by described connection server, and uses above-mentioned double secret key data to be encrypted in the process of communication.Particularly, client sends to service server by described connection server after being encrypted by data message according to described key, be decrypted by connection server after described data message arrives connection server, and the data message after deciphering is sent to service server.This is because normally transmit data in Intranet between service server and connection server, internet security is relatively high, so can not encrypt, directly transmit expressly.
After the PUSH message of service server platform upon receipt, described PUSH message is sent to connection server, and described connection server is encrypted described PUSH message, is then transmitted to client by described long connection.Wherein, concrete propelling movement process those skilled in the art can with reference to the realization rate in correlation technique, and the application does not limit this.
Please refer to Fig. 5, the message format figure in a kind of embodiment of the application.
Wherein, magic_num is fixing integer, such as 832024031, and be equivalent to the ID of type of message, do not need to process it.
Type field, for representing type of message, comprising: up, descending, shake hands, PUSH message, heartbeat message etc.
Status field is for representing communication type, encryption type, type of coding etc.
Proto_size field is for representing the byte number of structural data.
Checksum field is easy check code.
The data such as App_data field is used for carrying data, contrast PUSH message can be encrypted this field.
Certainly, those skilled in the art also can use other message formats to realize the application, and the application does not limit this.
Described as can be seen from above, the application's client is before communicating with service end, first obtain the information such as key, connection ID and connection server address from key server, then client and connection server are by carrying out deciphering verification mutually to complete handshake procedure, are connected with the long of service end subsequently through heartbeat message maintenance.The application uses the communications protocol of autonomous Design, and can realize being encrypted the data of user's transmission simultaneously, and fail safe is higher.
To set up the long embodiment of the method connected of client and service end corresponding with the application, present invention also provides a kind ofly to set up the embodiment that client and service end grow the device be connected.For software simulating, described device may operate on subscriber terminal equipment, and as the operation carrier of the application's device, described subscriber terminal equipment at least includes CPU, internal memory and nonvolatile memory usually, also may comprise the hardware such as I/O interface.Please refer to Fig. 6 and Fig. 7, the application sets up the client apparatus structure schematic diagram that be connected long with service end, and described device includes: the first acquiring unit, request transmitting unit, the first verification unit, the first heartbeat unit, data transmission unit and data receipt unit.
Wherein, described first acquiring unit, obtains key, connection ID and connection server address from key server.
Described request transmitting element, according to described connection server address, send connection request to described connection server, carry described connection ID in described connection request, obtain key corresponding to described connection ID for described connection server to described key server.
Described first verification unit, and mutually decipher verification by described key between described connection server, and connected by rear and described connection server in deciphering verification;
Described first heartbeat unit, sends heartbeat message to described connection server by the time cycle of presetting.
Further, between described first verification unit and described connection server, mutually decipher verification by described key, and to be connected by rear and described connection server in deciphering verification and comprise:
Receive connection server according to it from the first enciphered data obtained after the key that key server gets is encrypted and the first initial data;
The first enciphered data according to the secret key decryption got from key server;
When deciphering the data that obtain of described first enciphered data and being consistent with described first initial data, confirm that deciphering verification is passed through, and send the second initial data and encrypt the second enciphered data that described second initial data obtains to described connection server;
Receive the successful connection message that described connection server sends after the second enciphered data described in deciphering verification succeeds.
Further, when deciphering the data that obtain of described first enciphered data and being inconsistent with described first initial data, described first acquiring unit is again from key server acquisition key, connection ID and connection server address.
Further, described first acquiring unit obtains key, connection ID and connection server address from key server and comprises: log-on message is sent to described key server; Receive key that described key server returns according to described log-on message, connection ID and connection server address.
Further, described device also comprises:
Data transmission unit, by described connection server sends to service server after being encrypted by data message according to described key.
Data receipt unit, after receiving the enciphered data message of described connection server transmission, is decrypted to obtain initial data according to described key.
Present invention also provides a kind of embodiment setting up the device that client is connected with service end length.For software simulating, described device may operate on connection server, and as the operation carrier of the application's device, described connection server at least includes CPU, internal memory and nonvolatile memory usually, also may comprise the hardware such as I/O interface.Please refer to Fig. 8 and Fig. 9, described device includes: request reception unit, second acquisition unit, the second verification unit, the second heartbeat unit and encryption retransmission unit.
Wherein, described request receiving element, receives the connection request that client sends, carries the connection ID of client in described connection request.
Second acquisition unit, obtains key corresponding to described connection ID from key server.
Second verification unit, and mutually decipher verification by described key between described client, and connected by rear and described client in deciphering verification.
Second heartbeat unit, receives the heartbeat message that client sends, to safeguard the described connection between client.
Further, between described second verification unit and described client, mutually decipher verification by described key, and to be connected by rear and described client in deciphering verification and comprise:
Client is sent by the first initial data and according to the first enciphered data that described secret key encryption first initial data obtains;
The second initial data that reception client sends after the first enciphered data described in deciphering verification succeeds and the second enciphered data;
When the data that described second enciphered data of deciphering obtains are consistent with described second initial data, send successful connection message to described client.
Further, when deciphering the data that obtain of described second enciphered data and being inconsistent with described second initial data, the connection of described second verification unit disconnection and described client.
Further, when not receiving the heartbeat message of client transmission within the time of presetting, described second heartbeat unit confirms the described disconnecting between client.
Further, described device also comprises:
Encryption retransmission unit, is transmitted to described client after sending to the PUSH message of client to encrypt service server by described connection.
In said apparatus, the implementation procedure of the function and efficacy of unit specifically refers to the implementation procedure of corresponding step in said method, does not repeat them here.
For device embodiment, because it corresponds essentially to embodiment of the method, so relevant part illustrates see the part of embodiment of the method.Device embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the application's scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, within all spirit in the application and principle, any amendment made, equivalent replacements, improvement etc., all should be included within scope that the application protects.