CN105554084B - Generate disposable resource address and the method with real resources address of cache - Google Patents

Generate disposable resource address and the method with real resources address of cache Download PDF

Info

Publication number
CN105554084B
CN105554084B CN201510915277.1A CN201510915277A CN105554084B CN 105554084 B CN105554084 B CN 105554084B CN 201510915277 A CN201510915277 A CN 201510915277A CN 105554084 B CN105554084 B CN 105554084B
Authority
CN
China
Prior art keywords
resource
address
disposable
providing server
security gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510915277.1A
Other languages
Chinese (zh)
Other versions
CN105554084A (en
Inventor
姚博
刘宗孺
李志为
康海洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Bolian Intelligent Technology Co., Ltd.
Original Assignee
Hangzhou Gubei Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Gubei Electronic Technology Co Ltd filed Critical Hangzhou Gubei Electronic Technology Co Ltd
Priority to CN201510915277.1A priority Critical patent/CN105554084B/en
Publication of CN105554084A publication Critical patent/CN105554084A/en
Application granted granted Critical
Publication of CN105554084B publication Critical patent/CN105554084B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2539Hiding addresses; Keeping addresses anonymous
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disposable resource address and system with real resources address of cache are generated the invention discloses a kind of, it is characterized in that, it include: resource bid client, for initiating account certification, resource request to security gateway, account authentication result, disposable resource address are received from security gateway, and resource is downloaded from resource providing server according to disposable resource address;Security gateway, for completing the login authentication and authorization and to the disposable resource address of resource providing server application of account;Resource providing server, for completing resource management, disposable resource address generates and the mapping relations between disposable resource and real resources address;Resource bid client is separately connected security gateway resource providing server;Security gateway connection resource provides server.The invention also discloses the disposable resource address of a kind of generation based on the system and the methods with real resources address of cache.The present invention greatly improves security of system and convenience.

Description

Generate disposable resource address and the method with real resources address of cache
Technical field
The present invention relates to a kind of mapping methods, and in particular to it is a kind of generate disposable resource address and with real resources address The system of mapping, the method the invention further relates to disposable resource address is generated and with real resources address of cache.The invention belongs to In network download technology field.
Background technique
With the development of internet, more and more resources have all saved beyond the clouds, and exposure is on the internet, any Resource can be accessed in the people of access internet.In order to solve safety problem, when accessing resource, it additionally added to log in and recognize Card and authorization, in request plus login after the Session(time domain that returns) or be Token(token), cloud to time domain into Row checks, if legal, related resource is returned to requestor.Although this method can guarantee certain safety, Actually also the lasting addressable position key message of resource is leaked.Therefore the prior art cannot be guaranteed online true money The safety in source.
Summary of the invention
To solve the deficiencies in the prior art, the purpose of the present invention is to provide it is a kind of generate disposable resource address and with it is true The method of real resource address mapping, to solve the technical issues of prior art is difficult to ensure the safety of online real resources.
In order to achieve the above objectives, the present invention adopts the following technical scheme that:
Generate disposable resource address and the system with real resources address of cache characterized by comprising
Resource bid client receives account from security gateway for initiating account certification, resource request to security gateway Authentication result, disposable resource address, and resource is downloaded from resource providing server according to disposable resource address;
Security gateway, for completing the login authentication of account and authorization and disposably providing to resource providing server application Source address;
Resource providing server, for completing resource management, disposable resource address generates and disposable resource and true Mapping relations between real resource address;
Resource bid client is separately connected security gateway resource providing server;Security gateway connection resource provides service Device.
It is aforementioned to generate disposable resource address and the system with real resources address of cache, which is characterized in that resource includes: Picture, script, compressed package, character string.
It is aforementioned to generate disposable resource address and the system with real resources address of cache, which is characterized in that resource bid Client includes: mobile phone, PC machine, router.
It is aforementioned to generate disposable resource address and the method with real resources address of cache, which is characterized in that including as follows Step:
Step 1: resource bid client is completed to the debarkation authentication and authorization, security gateway of security gateway request account The debarkation authentication of account and authorization;
Step 2: resource bid client is to security gateway application resource;
Step 3: security gateway sends resource to resource providing server again and generates request;
Step 4: resource providing server is with generating disposable resource address and disposable resource address and real resources Mapping relations between location, and disposable resource address is sent to security gateway;
Step 5: disposable resource address is sent to resource bid client by security gateway;
Step 6: resource bid client sends resource downloading to resource providing server according to disposable resource address and asks It asks;
Step 7: resource providing server returns to resource to resource bid client.
It is above-mentioned to generate disposable resource address and the method with real resources address of cache, characteristic are, the step Rapid four include:
Step 4a: the resource that resource providing server receives security gateway transmission generates request;
Step 4b: resource providing server generates request according to resource and searches real resources address;
Step 4c: resource providing server generates disposable resource address and saves disposable resource and real resources address Between mapping relations;
Step 4d: disposable resource address is sent to security gateway by resource providing server;
It is above-mentioned to generate disposable resource address and the method with real resources address of cache, characteristic are, the step In rapid 4b, resource providing server saves real resources within the storage system, and safeguards resource position in the buffer Absolute address;After resource providing server receives disposable resource address generation request, corresponding resource is searched in buffering first Absolute address, while generating a unique mark, and save unique mark, absolute address, generation time in the buffer And validity period can be used.
It is above-mentioned to generate disposable resource address and the method with real resources address of cache, characteristic are, it is described only One mark includes: character string, integer, and unique mark has sufficiently large available space, and guarantee can be supported at present All resources.
It is above-mentioned to generate disposable resource address and the method with real resources address of cache, characteristic are, the step In rapid 4c, mapping table of the Resource Server after generating disposable resource address, inside meeting periodic scan;If it find that There is expired resource mark, then deletes mapping relations.
It is above-mentioned to generate disposable resource address and the method with real resources address of cache, characteristic are, the step Rapid seven include: to check that corresponding disposable resource address whether there is, if not after resource providing server receives resource downloading In the presence of or resource it is expired, do not respond;If corresponding disposable resource address exists, read from mapping relations Real resources address is taken, related resource is read and then returns to requesting client.
It is above-mentioned to generate disposable resource address and the method with real resources address of cache, characteristic are, disposably Resource address has self-described attribute, and resource bid client can judge it is using which kind of interconnection according to disposable resource address FidonetFido carries out resource downloading;The validity period of disposable resource address supports the preconfigured and business customized time; Resource providing server can delete expired disposable resource address in the period;User information is contained in disposable resource address, Resource providing server can check the identity and permission of user after having received downloading request, if not corresponding money The download permission in source, then do not respond.
The invention has the beneficial effects that: the disposable resource address of of the invention generation and with real resources address of cache System and method, ensure that the availability and safety of online real resources, therefore greatly improve security of system and just Benefit.
Detailed description of the invention
Fig. 1 is that the present invention generates disposable resource address and a preferred implementation with the system of real resources address of cache Structural schematic diagram;
Fig. 2 is to be generated based on online resource address of the invention disposable and disposable with the system of real resources mapping Online resource address generate and with real resources mapping method flow chart;
Fig. 3 is disposable online resource address generation of the invention and the stream with resource bid in real resources mapping method Cheng Tu;
Fig. 4 is disposable online resource address generation of the invention and the stream with resource downloading in real resources mapping method Cheng Tu.
Specific embodiment
Specific introduce is made to the present invention below in conjunction with the drawings and specific embodiments.
Referring to Fig.1 shown in, the present invention devise it is a kind of generate disposable resource address and with real resources address of cache System.Disposable online resource address is generated at runtime by resource providing server, while safeguarding disposable address and resource True address between mapping relations, disposable online resource address, which has, uses rear ageing mechanism and configurable expired Time ensure that the availability and safety of online real resources by these mechanism.Disposable online resource address also has Randomness and uniqueness guarantee that real resources position can not be extrapolated by analysis address and not will cause resource access mistake Accidentally.When applying for resource, it is necessary to which, by authenticating and authorizing, resource providing server can just generate disposable resource address and return.It is whole A system is made of several parts: resource bid client, security gateway, resource providing server.Its interactive process such as Fig. 1 institute Show:
Resource bid client receives account from security gateway for initiating account certification, resource request to security gateway Authentication result, disposable resource address, and resource is downloaded from resource providing server according to disposable resource address;
Security gateway, for completing the login authentication of account and authorization and disposably providing to resource providing server application Source address;
Resource providing server, for completing resource management, disposable resource address generates and disposable resource and true Mapping relations between real resource address;
Resource bid client is separately connected security gateway resource providing server;Security gateway connection resource provides service Device.Resource includes but is not limited to picture, script, compressed package, the online contents such as character string.Resource bid client includes but unlimited In mobile phone, PC machine, router, Intelligent hardware.
Disposable online resource address generation and the process with real resources mapping method are given as shown in Figure 2.
Include the following steps:
Step 1: resource bid client is completed to the debarkation authentication and authorization, security gateway of security gateway request account The debarkation authentication of account and authorization;
Step 2: resource bid client is to security gateway application resource;
Step 3: security gateway sends resource to resource providing server again and generates request;
Step 4: resource providing server is with generating disposable resource address and disposable resource address and real resources Mapping relations between location, and disposable resource address is sent to security gateway;
Step 5: disposable resource address is sent to resource bid client by security gateway;
Step 6: resource bid client sends resource downloading to resource providing server according to disposable resource address and asks It asks;
Step 7: resource providing server returns to resource to resource bid client.
By the resource conservation of itself in computer memory system, storage system includes but is not limited to resource providing server Database, file system, and the absolute address of resource position is safeguarded in the buffer.As shown in figure 3, resource providing server After receiving disposable resource address generation request, the absolute address of corresponding resource is searched for first in buffering, while generating one Unique mark, and unique mark is saved in the buffer, absolute address generates the time and can use validity period.The present invention is unlimited System generates the concrete mode uniquely indicated, and those skilled in the art can adopt the various prior arts and generate.Resource Server exists After generating disposable resource address, the mapping table inside periodic scan is understood, if it find that having expired resource mark, then Mapping relations are deleted.Unique mark includes but is not limited to character string, and integer has sufficiently large available space, and guarantee can To support resources all at present.
After resource providing server receives resource downloading, as shown in figure 4, first checking for corresponding address whether there is, such as Fruit is not present or resource is expired, does not respond;And if so, the absolute address of resource is read from mapping relations, It reads related resource and then returns to requesting client.
Disposable resource address has self-described attribute, and resource bid client can judge according to disposable resource address It is which kind of Internet protocol to carry out resource downloading using, supports but be not limited to following agreement: HTTP, TCP, UDP, FTP, HTTPS. The validity period of disposable resource address supports the preconfigured and business customized time, can be according to different scenes and peace Full demand is adjusted flexibly.Resource providing server can delete expired disposable resource address in the period.In disposable resource address User information is contained, resource providing server can examine the identity and permission of user after having received downloading request It looks into, if the not download permission of corresponding resource, does not respond.
Resource providing server safeguards the mapping relations between disposable resource and real resources using memory.Entire mapping Relation table uses KEY-VALUE mode, guarantees high-performance when addition, inquiry and deletion.Mapping table not only takes in separate unit It runs, can also be run on multiple servers on business device, constitute a relationship map buffering cluster.
The present invention has been successfully applied in BroadLink DNA system in close beta early period, is greatly improved Security of system and convenience.
The basic principles, main features and advantages of the invention have been shown and described above.The technical staff of the industry should Understand, the above embodiments do not limit the invention in any form, all obtained by the way of equivalent substitution or equivalent transformation Technical solution is fallen within the scope of protection of the present invention.

Claims (6)

1. a kind of generate disposable resource address and the method with real resources address of cache, the method is applied to generate primary Property resource address and in the system of real resources address of cache, the system comprises resource bid client, for safety Gateway initiates account certification, resource request, receives account authentication result, disposable resource address from security gateway, and according to one Secondary property resource address downloads resource from resource providing server;Security gateway, for complete account login authentication and authorization with And to the disposable resource address of resource providing server application;Resource providing server, it is disposable to provide for completing resource management Source address generates and the mapping relations between disposable resource and real resources address;
It is characterized by comprising the following steps:
Step 1: login authentication and authorization of the resource bid client to security gateway request account, security gateway complete account Login authentication and authorization;
Step 2: resource bid client is to security gateway application resource;
Step 3: security gateway sends resource to resource providing server again and generates request;
Step 4: resource providing server generate disposable resource address and disposable resource address and real resources address it Between mapping relations, and disposable resource address is sent to security gateway;
Step 5: disposable resource address is sent to resource bid client by security gateway;
Step 6: resource bid client sends resource download request to resource providing server according to disposable resource address;
Step 7: resource providing server returns to resource to resource bid client;
The step 4 includes:
Step 4a: the resource that resource providing server receives security gateway transmission generates request;
Step 4b: resource providing server generates request according to resource and searches real resources address;
Step 4c: resource providing server generates disposable resource address and saves between disposable resource and real resources address Mapping relations;
Step 4d: disposable resource address is sent to security gateway by resource providing server.
2. according to claim 1 generate disposable resource address and the method with real resources address of cache, characteristic It is, in the step 4b, resource providing server saves real resources within the storage system, and safeguards resource in the buffer The absolute address of position;After resource providing server receives disposable resource address generation request, search in the buffer first The absolute address of rope corresponding resource, while generation one unique mark, and unique indicate, utterly is saved in the buffer Location generates the time and can use validity period.
3. according to claim 2 generate disposable resource address and the method with real resources address of cache, characteristic It is, unique mark includes: character string, integer, and unique mark has sufficiently large available space, and guarantee can To support resources all at present.
4. according to claim 3 generate disposable resource address and the method with real resources address of cache, characteristic It is, in the step 4c, mapping relations of the Resource Server after generating disposable resource address, inside meeting periodic scan Table;If it find that there is expired resource mark, then mapping relations are deleted.
5. according to claim 4 generate disposable resource address and the method with real resources address of cache, characteristic It is, the step 7 includes: whether to check corresponding disposable resource address after resource providing server receives resource downloading In the presence of, if there is no or resource it is expired, do not respond;If corresponding disposable resource address exists, from reflecting Reading real resources address in relationship is penetrated, related resource is read and then returns to requesting client.
6. according to claim 5 generate disposable resource address and the method with real resources address of cache, characteristic Be, disposable resource address have self-described attribute, resource bid client according to disposable resource address judgement be using Which kind of Internet protocol carries out resource downloading;The validity period of disposable resource address supports preconfigured and business customized Time;Resource providing server can delete expired disposable resource address in the period;Use is contained in disposable resource address Family information, resource providing server checks the identity and permission of user after having received downloading request, if do not had The download permission of corresponding resource, then do not respond.
CN201510915277.1A 2015-12-10 2015-12-10 Generate disposable resource address and the method with real resources address of cache Active CN105554084B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510915277.1A CN105554084B (en) 2015-12-10 2015-12-10 Generate disposable resource address and the method with real resources address of cache

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510915277.1A CN105554084B (en) 2015-12-10 2015-12-10 Generate disposable resource address and the method with real resources address of cache

Publications (2)

Publication Number Publication Date
CN105554084A CN105554084A (en) 2016-05-04
CN105554084B true CN105554084B (en) 2018-12-07

Family

ID=55833016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510915277.1A Active CN105554084B (en) 2015-12-10 2015-12-10 Generate disposable resource address and the method with real resources address of cache

Country Status (1)

Country Link
CN (1) CN105554084B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107959654B (en) * 2016-10-14 2020-09-25 北京金山云网络技术有限公司 Data transmission method and device and mixed cloud system
CN111182537A (en) * 2019-12-31 2020-05-19 北京指掌易科技有限公司 Network access method, device and system for mobile application
CN115189900A (en) * 2021-04-07 2022-10-14 中国电信股份有限公司 Method, device and medium for providing cloud service secure access

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399838A (en) * 2008-10-29 2009-04-01 成都市华为赛门铁克科技有限公司 Method, apparatus and system for processing packet
WO2009062504A1 (en) * 2007-11-13 2009-05-22 Tnm Farmguard Aps Secure communication between a client and devices on different private local networks using the same subnet addresses
CN101989909A (en) * 2009-08-04 2011-03-23 西安交大捷普网络科技有限公司 Access link overwriting method of SSL VPN
CN102882885A (en) * 2012-10-17 2013-01-16 北京卓微天成科技咨询有限公司 Method and system for improving cloud computing data security
CN103618752A (en) * 2013-12-18 2014-03-05 广东中科遥感技术有限公司 Virtual machine remote desktop safety access system and method
CN103716326A (en) * 2013-12-31 2014-04-09 华为技术有限公司 Resource access method and URG

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009062504A1 (en) * 2007-11-13 2009-05-22 Tnm Farmguard Aps Secure communication between a client and devices on different private local networks using the same subnet addresses
CN101399838A (en) * 2008-10-29 2009-04-01 成都市华为赛门铁克科技有限公司 Method, apparatus and system for processing packet
CN101989909A (en) * 2009-08-04 2011-03-23 西安交大捷普网络科技有限公司 Access link overwriting method of SSL VPN
CN102882885A (en) * 2012-10-17 2013-01-16 北京卓微天成科技咨询有限公司 Method and system for improving cloud computing data security
CN103618752A (en) * 2013-12-18 2014-03-05 广东中科遥感技术有限公司 Virtual machine remote desktop safety access system and method
CN103716326A (en) * 2013-12-31 2014-04-09 华为技术有限公司 Resource access method and URG

Also Published As

Publication number Publication date
CN105554084A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
CN105472052B (en) Cross-domain server login method and system
US9667654B2 (en) Policy directed security-centric model driven architecture to secure client and cloud hosted web service enabled processes
US20190253366A1 (en) Method of and server for detecting associated web resources
CN112260990B (en) Method and device for safely accessing intranet application
WO2018188558A1 (en) Method and apparatus for identifying account permission
US8745088B2 (en) System and method of performing risk analysis using a portal
CN111045788B (en) Automatic directory joining for virtual machine instances
US20100274910A1 (en) Hosted application sandbox model
CN105338016B (en) Data high-speed caching method and device and resource request response method and device
CN104283875A (en) Cloud disk authority management method
KR102080156B1 (en) Auto Recharge System, Method and Server
CN109542862B (en) Method, device and system for controlling mounting of file system
CN113010818A (en) Access current limiting method and device, electronic equipment and storage medium
CN107836101A (en) Goodwill for URL
CN112528262A (en) Application program access method, device, medium and electronic equipment based on token
US10992669B2 (en) Acquisition of a device fingerprint from an instance of a client application
TW201706901A (en) Authentication method, apparatus, and system
CN108234122B (en) Token checking method and device
US20140317730A1 (en) Providing a Domain to IP Address Reputation Service
CN112118269A (en) Identity authentication method, system, computing equipment and readable storage medium
CN105554084B (en) Generate disposable resource address and the method with real resources address of cache
CN106874315A (en) For providing the method and apparatus to the access of content resource
CN112118238B (en) Method, device, system, equipment and storage medium for authenticating login
CN107566329A (en) A kind of access control method and device
CN117176415A (en) Cluster access method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 310000 Room 101, 1st Floor, Block C, No. 57, Changhe Street, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: Hangzhou Bolian Intelligent Technology Co., Ltd.

Address before: Room 106, Building No. 1, 611 Jianghong Road, Changhe Street, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: Hangzhou Gubei Electronic Technology Co., Ltd.

CP03 Change of name, title or address