CN106341417A - Content delivery network-based HTTPS acceleration method and system - Google Patents

Content delivery network-based HTTPS acceleration method and system Download PDF

Info

Publication number
CN106341417A
CN106341417A CN201610873442.6A CN201610873442A CN106341417A CN 106341417 A CN106341417 A CN 106341417A CN 201610873442 A CN201610873442 A CN 201610873442A CN 106341417 A CN106341417 A CN 106341417A
Authority
CN
China
Prior art keywords
server
client
https
session
authentication server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610873442.6A
Other languages
Chinese (zh)
Other versions
CN106341417B (en
Inventor
苗辉
江桂林
庄吴敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou White Cloud Technology Co Ltd
Guizhou Baishancloud Technology Co Ltd
Original Assignee
Guizhou White Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou White Cloud Technology Co Ltd filed Critical Guizhou White Cloud Technology Co Ltd
Priority to CN201610873442.6A priority Critical patent/CN106341417B/en
Priority to CN201911090331.8A priority patent/CN110808989B/en
Publication of CN106341417A publication Critical patent/CN106341417A/en
Priority to PCT/CN2017/104806 priority patent/WO2018059578A1/en
Application granted granted Critical
Publication of CN106341417B publication Critical patent/CN106341417B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a content delivery network-based HTTPS acceleration method and system. An SSL acceleration card board scheme is adopted, so that the problem of heavy burden of performance and low efficiency of business processing capability of software-based SSL implementation can be solved; and an SSL acceleration card board is deployed in the server of an edge node of a CDN (content delivery network), and therefore, centralized management of certificates can be realized, and one SSL acceleration card board can serve a plurality of clients to carry out encryption and decryption, and the problems of resource waste and high management cost caused by a condition that each acceleration card board is bound with a specific client request can be solved.

Description

A kind of https acceleration method and system based on content distributing network
Technical field
The present invention relates to a kind of web information flow method is and in particular to a kind of be based on cdn(content distributing network) https add Fast method and system.
Background technology
Https-secure agreement is the http passage with safety as target, by adding ssl layer under http, is capable of Transmission encryption, it is to avoid the significant data such as user data, transaction data is stolen.Https, in protection privacy of user, prevents flow Abduction aspect plays very crucial effect, but meanwhile, https also can reduce user's access speed, increases website clothes The computing resource consumption of business device.
In ssl session, amount of calculation the best part surely belongs to ssl handshake phase, and ssl has two kinds of main handshake-type, One kind is based on rsa, and one kind is based on deiffie-hellman(dh).The public key algorithm of rsa and dh employ a lot of cpu and Be shake hands in the slowest part.Hundreds of rsa encryption per second can be carried out on one notebook computer, contrast per second about 1,000 Ten thousand sub-symmetry encryption aes.The groundwork in this stage is consulting session key, and this key is typically symmetric key, will be passed through Wear and be applied in corresponding conversation procedure;Meanwhile, ssl shake hands itself encryption and signature be then included in non-in certificate Symmetric key is bigger to the consumption of computing resource than symmetric key using this unsymmetrical key.
Ssl based on software realizes, and the key that each conversation initial is responsible for by the processor of server exchanges and follow-up Data encrypting and deciphering, server can be made to bear great pressure for this intensive calculating process so that other transaction capabilities are big Big reduction.Ssl therefore based on software realizes, and is only applicable to manage the scene of a small amount of ssl flow;And the feature of cdn network, it is Node small scale, the number of servers of each node is less, but cdn Node distribution is more, dissipates distribution in geographic.? It is https in cdn network to accelerate, the ssl based on software realizes substantially meeting acceleration demand.
Based on above-mentioned present situation, cdn manufacturer proposes hardware based ssl speeding scheme, and such as ssl accelerates board or ssl to add Fast equipment.
Ssl accelerates board can effectively share the pressure that server cpu processes ssl affairs, one or more coprocessors Calculate for realizing ssl, these coprocessors may be using general cpu it is also possible to be referred to using the asic chip and risc of customization Order collection chip.But, each client is accessed, will distribute the server that a slotting ssl accelerates board complete to shake hands, encryption and decryption Process, while waste of resource, unit management cost is also high.In addition, must possess uniqueness digital certificate on every server, So many certificates are easily revealed, and there is safety problem.
Secondly, ssl acceleration equipment is the autonomous device that embedded ssl accelerates board, encryption flow is decrypted, and will solve Overstocked data message is sent to background server;In the opposite direction, it is responsible for the plaintext number that encryption is sent by background server According to forwarding it to client again;Ssl acceleration equipment has terminated ssl session, and background server can be released use completely In data, services or operation application program, but ssl acceleration equipment holistic cost is higher, is not a preferable alternative Case.
Content of the invention
Therefore, for above-mentioned problem, the present invention proposes one kind and is based on content distributing network (content delivery Network, abbreviation cdn) https acceleration method and system, using ssl accelerate board scheme, solve the ssl based on software The performance realized bears the problem that pressure is big, transaction capabilities is poorly efficient;And ssl accelerator card card is deployed in cdn network edge On the server of node, centralized management is realized to certificate, and a ssl acceleration board can service multiple clients and carry out plus solution Close work, solve the problems, such as each accelerate board only bind particular clients request the wasting of resources, management cost high.
In order to solve above-mentioned technical problem, the technical solution adopted in the present invention is, a kind of based on content distributing network Https accelerated method, this content distributing network include positioned at the cdn network management center of core and dns redirect analytical center, Multiple cdn network edge nodes positioned at marginal portion and the source server being located at rear end;Each cdn network edge node is respectively Deploy the session & caching server positioned at front end and the unified authentication server being located at rear end;This https accelerated method includes Following steps:
Step 1: client initiates https access request to cdn network edge node;Cdn network edge node passes through front end Load balancing, distributes a corresponding session & caching server, carries out three-way handshake with client;
Step 2: in handshake procedure, the session & caching server distributing is responsible for https session management, this session & buffer service Encryption and decryption work and unified authentication server with regard to private key and user certificate interact device simultaneously, return client afterwards;
Step 3: after completing handshake procedure, the buffer service of described session & caching server is normally carried out, provides for client Cdn services;The data asked for client, if can be data cached, directly obtains in session & caching server, such as Fruit is can not be data cached, then obtain to source server.
Wherein, described unified authentication server is provided with user certificate and private key, and is integrated with some ssl acceleration boards, One or multiple stage are unified authentication server and are corresponded to a user certificate, and this is unified authentication server and is used for processing encryption and decryption;Described Step 2 also includes following process: if there are multiple client, is then mapped to each client by this session & caching server On one unified authentication server, each client is made to share the hardware acceleration capability of unified authentication server.
As a further scheme, this https accelerated method also comprises the steps: unified authentication server Ratio quantity is linearly disposed with flow, will unify authentication server linear expansion, every unified authentication server is plugged Some ssl accelerate board, to tackle more massive ssl issued transaction demand and reply troubleshooting.
The present invention also provides a kind of https acceleration system based on content distributing network, this content distributing network bag simultaneously Include and redirect analytical center, be located at multiple cdn network edges of marginal portion positioned at the cdn network management center of core and dns Node and the source server being located at rear end;Each cdn network edge node deploys the session & buffer service positioned at front end respectively Device and the unified authentication server being located at rear end;This https acceleration system includes as lower unit:
Https access request initiates unit, for executing: client initiates https access request to cdn network edge node;
Three-way handshake initiates unit, for executing: the load balancing by front end for the cdn network edge node, distribute a correspondence Session & caching server, carry out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & caching server distributing is responsible for https session Management, handed over by encryption and decryption work and unified authentication server with regard to private key and user certificate simultaneously for this session & caching server Mutually, return client afterwards;
Https accesses response unit, for executing: after completing handshake procedure, the buffer service of described session & caching server is just Normally opened exhibition, provides cdn service for client;The data asked for client, if can be data cached, directly in meeting Words & caching server obtains, if can not be data cached, then obtains to source server.
The present invention is effectively combined ssl and accelerates board and the respective technical advantage of cdn network edge node, with existing scheme Between difference be:
(1) use ssl to accelerate board to replace the encryption and decryption work of common edge server, make Edge Server offload, portion Affix one's name on unified authentication server, the cpu greatly reducing common edge server consumes, and improves efficiency;
(2) the encryption and decryption work of some clients is serviced using a ssl accelerator card, right to 1 from original man-to-man service N, so for cdn manufacturer, greatlys save cost;
(3) calorie requirement is accelerated to manage a certificate from an original ssl, n client till now uses a ssl accelerator card Card, certificate centralized management, the management amount of such certificate greatly reduces, and unit management cost substantially reduces;
(4) unified authentication server therein, except accelerating board to do encryption and decryption work by inserting ssl, can also be according to client Different demands situation, deployment software on unified authentication server, such as cdn server application certificate schemes, cloudflare Keyless-ssl scheme etc., the present invention can effectively support;In realization with front-end server with interacting in fringe node, Which reduce and come and go rtt between server, improve efficiency;
(5) ssl accelerates board can unify linear expansion in authentication server cluster at edge, to increase its issued transaction energy Power, does not affect to manage concentratedly, so also saves dilatation cost.
Brief description
Fig. 1 is that the client of the present invention accesses schematic diagram.
Specific embodiment
In conjunction with the drawings and specific embodiments, the present invention is further described.
The present invention provides a kind of https accelerated method based on content distributing network, and this content distributing network includes being located at The cdn network management center of core and dns redirect analytical center, be located at multiple cdn network edge nodes of marginal portion with And it is located at the source server of rear end.
The cdn network management center of core and dns redirect analytical center and are responsible for GSLB, and device systems are installed In administrative center's machine room.
The carrier that cdn network edge node is distributed for cdn, is mainly cached by cache() and load equalizer etc. form, respectively Cdn network edge node deploys session & caching and the unified authentication server (uas) being located at rear end positioned at front end respectively. Wherein, session & caching server is provided with multiple, responsible https session management, and unifies authentication server with rear end and interact;Complete After becoming interaction, then changing role is caching server, provides cdn to service for client.In an optional example, this session & Caching server completes above-mentioned functions using openssl the and nginx software of configuration.Unified authentication server be provided with multiple, its Containing user certificate, private key, it is integrated with some ssl and accelerates board (as intel or navimn), be the main place of user's encryption and decryption Reason server.Board is accelerated to ssl, its single deck tape-recorder handling capacity can generally achieve 20gbps, to 1024 rsa and 2048 rsa Encryption and decryption, its processing speed is respectively 35k-200kqps and 6k-35kqps.Unified authentication server can be fortune on linux Row (redhat/centos, debian and ubuntu, and other), other unix operating systems (comprising freebsd) and micro- Soft windows server.User certificate on each unified authentication server can share that is to say, that multiple unified authentication server A user certificate can be corresponded to using same certificate or each unified authentication server.Unifying authentication server is Stateless, permission client uses ready-made hardware, and unifies the ratio of authentication server with flow linear deployment;Pass through Run multiple unified authentication servers and by the load balancing of dns, the website of client can be kept High Availabitity.
Source server comprises can be data cached and can not be data cached, can data cached for session caching server Update caching, can not data cached Hui Yuan use after client sets up session with fringe node.
Based on content distributing network, in conjunction with the schematic diagram of Fig. 1, the https accelerated method of the present invention includes following process:
Step 1: client is initiated https and accessed, by the load balancing of front end, distributes a corresponding session & buffer service Device, initiates three-way handshake (rsa/dh) process;Wherein, client is network terminal user, it is therefore possible to use instantly popular browses Device (chrome, firefox, ie etc.) browses webpage, the client 1 of in figure, client 2, client 3, refers to different web sites respectively The client accelerating client represents access, such as refers to the different web sites such as Sina website, www.qq.com, Netease respectively and accelerates client;
Step 2: in handshake procedure, this session & caching server is verified with unified with regard to the encryption and decryption work of private key and user certificate Server interaction (depending on different schemes are realized), returns client afterwards;For multiple client, clothes are cached by session & Each client is mapped on a unified authentication server business device, makes each client share the hardware of unified authentication server Acceleration capacity;
Step 3: after completing handshake procedure, the cache service of session & caching server is normal to be carried out, and client then normally uses Cdn services, for can be data cached, directly in the server acquisition of fringe node, for can not be data cached, to source server Obtain;
Step 4: the quantity of unified authentication server can linearly dispose the ratio of unified authentication server with flow, needs to expand Unified authentication server can be carried out linear expansion, every server be plugged some ssl and accelerates board, to tackle more by Zhan Shi Large-scale ssl issued transaction demand;Or formed active and standby, to tackle troubleshooting.
The present invention also provides a kind of https acceleration system based on content distributing network, this content distributing network bag simultaneously Include and redirect analytical center, be located at multiple cdn network edges of marginal portion positioned at the cdn network management center of core and dns Node and the source server being located at rear end;Each cdn network edge node deploys the session & buffer service positioned at front end respectively Device and the unified authentication server being located at rear end;This https acceleration system includes as lower unit:
Https access request initiates unit, for executing: client initiates https access request to cdn network edge node;
Three-way handshake initiates unit, for executing: the load balancing by front end for the cdn network edge node, distribute a correspondence Session & caching server, carry out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & caching server distributing is responsible for https session Management, handed over by encryption and decryption work and unified authentication server with regard to private key and user certificate simultaneously for this session & caching server Mutually, return client afterwards;If there are multiple client, then by this session & caching server, each client is mapped to one Platform is unified on authentication server, makes each client share the hardware acceleration capability of unified authentication server.
Https accesses response unit, for executing: after completing handshake procedure, the caching clothes of described session & caching server Do honest work normally opened exhibition, provide cdn service for client;The data asked for client, if can be data cached, directly exists Session & caching server obtains, if can not be data cached, then obtains to source server.
Wherein, unified authentication server is provided with user certificate and private key, and is integrated with some ssl acceleration boards, one Or multiple stage is unified authentication server and is corresponded to a user certificate, and this is unified authentication server and is used for processing encryption and decryption;Unified checking The quantity of server can linearly dispose the ratio of unified authentication server with flow, when needing extension, can be by unified checking Server carries out linear expansion, every server is plugged some ssl and accelerates board, to tackle more massive ssl office Reason demand;Or formed active and standby, to tackle troubleshooting.
It should be understood that disclosed system, apparatus and method in embodiment provided herein, can pass through Other modes are realized.For example, device embodiment described above is only schematically, for example, the division of described unit, It is only a kind of division of logic function, actual can have other dividing mode when realizing, and for example multiple units or assembly are permissible In conjunction with or be desirably integrated into another system, or some features can be ignored, or does not execute.Another, shown or discussed Coupling each other direct-coupling or communication connection can be by some interfaces, the INDIRECT COUPLING of device or unit or Communication connection, can be electrical, mechanical or other forms.
The described unit illustrating as separating component can be or may not be physically separate, show as unit The part showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.The mesh to realize this embodiment scheme for some or all of unit therein can be selected according to the actual needs 's.
In addition, can be integrated in a processing unit in each functional unit in each embodiment of the present invention it is also possible to It is that unit is individually physically present it is also possible to two or more units are integrated in a unit.Above-mentioned integrated list Unit both can be to be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If described integrated unit is realized and as independent production marketing or use using in the form of SFU software functional unit When, can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part in other words prior art being contributed or all or part of this technical scheme can be in the form of software products Embody, this computer software product is stored in a storage medium, including some instructions with so that a computer Equipment (can be personal computer, server, or network equipment etc.) executes the complete of each embodiment methods described of the present invention Portion or part steps.And aforesaid storage medium includes: u disk, portable hard drive, read only memory (rom, read-only Memory), random access memory (ram, random access memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The above, above example only in order to technical scheme to be described, is not intended to limit;Although with reference to front State embodiment the present invention has been described in detail, it will be understood by those within the art that: it still can be to front State the technical scheme described in each embodiment to modify, or equivalent is carried out to wherein some technical characteristics;And these Modification or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (8)

1. a kind of https accelerated method based on content distributing network it is characterised in that: during this content distributing network includes being located at Cdn network management center that center portion is divided and dns redirect analytical center, the multiple cdn network edge nodes being located at marginal portion and Source server positioned at rear end;Each cdn network edge node deploys the session & caching server positioned at front end respectively and is located at The unified authentication server of rear end;
This https accelerated method comprises the steps:
Step 1: client initiates https access request to cdn network edge node;Cdn network edge node passes through front end Load balancing, distributes a corresponding session & caching server, carries out three-way handshake with client;
Step 2: in handshake procedure, the session & caching server distributing is responsible for https session management, this session & buffer service Encryption and decryption work and unified authentication server with regard to private key and user certificate interact device simultaneously, return client afterwards;
Step 3: after completing handshake procedure, the buffer service of described session & caching server is normally carried out, provides for client Cdn services;The data asked for client, if can be data cached, directly obtains in session & caching server, such as Fruit is can not be data cached, then obtain to source server.
2. https accelerated method according to claim 1 it is characterised in that: described unified authentication server is provided with use Family certificate and private key, and be integrated with some ssl and accelerate boards, one or multiple stage are unified authentication server and are corresponded to a user certificate Book, this is unified authentication server and is used for processing encryption and decryption.
3. https accelerated method according to claim 2 it is characterised in that: described step 2 also includes following process: such as Fruit has multiple client, then by this session & caching server, each client is mapped on a unified authentication server, makes Each client shares the hardware acceleration capability of unified authentication server.
4. the https accelerated method according to claim 1 or 2 or 3 it is characterised in that: this https accelerated method also includes Following steps: the ratio quantity of unified authentication server is linearly disposed with flow, will unify authentication server linear expansion, Some ssl are plugged on every unified authentication server and accelerates board, to tackle more massive ssl issued transaction demand and reply Troubleshooting.
5. a kind of https acceleration system based on content distributing network, this content distributing network includes the cdn positioned at core Network management center and dns redirect analytical center, the multiple cdn network edge nodes being located at marginal portion and the source being located at rear end Server;Each cdn network edge node deploys the session & caching server positioned at front end respectively and the unification positioned at rear end is tested Card server;
This https acceleration system includes as lower unit:
Https access request initiates unit, for executing: client initiates https access request to cdn network edge node;
Three-way handshake initiates unit, for executing: the load balancing by front end for the cdn network edge node, distribute a correspondence Session & caching server, carry out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & caching server distributing is responsible for https session Management, handed over by encryption and decryption work and unified authentication server with regard to private key and user certificate simultaneously for this session & caching server Mutually, return client afterwards;
Https accesses response unit, for executing: after completing handshake procedure, the buffer service of described session & caching server is just Normally opened exhibition, provides cdn service for client;The data asked for client, if can be data cached, directly in meeting Words & caching server obtains, if can not be data cached, then obtains to source server.
6. https acceleration system according to claim 5 it is characterised in that: described unified authentication server is provided with use Family certificate and private key, and be integrated with some ssl and accelerate boards, one or multiple stage are unified authentication server and are corresponded to a user certificate Book, this is unified authentication server and is used for processing encryption and decryption.
7. https acceleration system according to claim 6 it is characterised in that: described three-way handshake processing unit also executes Following operation: if there are multiple client, then each client is mapped to by a unified checking by this session & caching server On server, each client is made to share the hardware acceleration capability of unified authentication server.
8. the https acceleration system according to claim 5 or 6 or 7 it is characterised in that: described unified authentication server Ratio quantity is linearly disposed with flow, will unify authentication server linear expansion, every unified authentication server is plugged Some ssl accelerate board, to tackle more massive ssl issued transaction demand and reply troubleshooting.
CN201610873442.6A 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network Active CN106341417B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network
CN201911090331.8A CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
PCT/CN2017/104806 WO2018059578A1 (en) 2016-09-30 2017-09-30 Https acceleration method and system based on content distribution network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201911090331.8A Division CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Publications (2)

Publication Number Publication Date
CN106341417A true CN106341417A (en) 2017-01-18
CN106341417B CN106341417B (en) 2019-11-05

Family

ID=57839835

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
CN201610873442.6A Active CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Country Status (2)

Country Link
CN (2) CN110808989B (en)
WO (1) WO2018059578A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789344A (en) * 2017-01-19 2017-05-31 上海帝联信息科技股份有限公司 Data transmission method, system, CDN and client
CN107257327A (en) * 2017-05-25 2017-10-17 中央民族大学 A kind of high concurrent SSL conversation managing methods
CN107707514A (en) * 2017-02-08 2018-02-16 贵州白山云科技有限公司 A kind of method and system for being used between CDN node encrypt and device
CN107707517A (en) * 2017-05-09 2018-02-16 贵州白山云科技有限公司 A kind of HTTPs handshake methods, device and system
WO2018059578A1 (en) * 2016-09-30 2018-04-05 贵州白山云科技有限公司 Https acceleration method and system based on content distribution network
CN108401011A (en) * 2018-01-30 2018-08-14 网宿科技股份有限公司 The accelerated method of handshake request, equipment and fringe node in content distributing network
CN108429682A (en) * 2018-02-26 2018-08-21 湖南科技学院 A kind of optimization method and system of network transmission link
CN108574687A (en) * 2017-07-03 2018-09-25 北京金山云网络技术有限公司 A kind of communication connection method for building up, device and electronic equipment
CN109428876A (en) * 2017-09-01 2019-03-05 腾讯科技(深圳)有限公司 One kind is shaken hands connection method and device
WO2019062543A1 (en) * 2017-09-26 2019-04-04 中兴通讯股份有限公司 Traffic optimization method for transparent cache, load balancer and storage medium
CN109842664A (en) * 2017-11-29 2019-06-04 苏宁云商集团股份有限公司 A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS
CN110324290A (en) * 2018-03-30 2019-10-11 贵州白山云科技股份有限公司 Method, network element device, medium and the computer equipment of network equipment certification
CN110324365A (en) * 2018-03-28 2019-10-11 网易(杭州)网络有限公司 Without key front end cluster system, application method, storage medium, electronic device
WO2019205192A1 (en) * 2018-04-25 2019-10-31 网宿科技股份有限公司 Webpage loading method, webpage loading system, and server
CN110999248A (en) * 2017-07-28 2020-04-10 阿里巴巴集团控股有限公司 Secure communication acceleration using system-on-chip (SoC) architecture
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware
CN117857095A (en) * 2023-12-05 2024-04-09 天翼云科技有限公司 Non-private key TLS handshake solving method

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338629A (en) * 2020-09-25 2022-04-12 北京金山云网络技术有限公司 Data processing method, device, equipment and medium
CN112187804B (en) * 2020-09-29 2023-01-20 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium
CN113301159B (en) * 2021-05-26 2022-12-09 中国电子科技集团公司第五十四研究所 Service position obtaining method and device in edge computing system
CN115460083B (en) * 2021-06-09 2024-04-19 贵州白山云科技股份有限公司 Security acceleration service deployment method, device, medium and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9531691B2 (en) * 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating TLS connection proxy
CN104702611B (en) * 2015-03-15 2018-05-25 西安电子科技大学 A kind of device and method for protecting Secure Socket Layer session key
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server
CN106027646B (en) * 2016-05-19 2019-06-21 北京云钥网络科技有限公司 A kind of method and device accelerating HTTPS
CN106230782A (en) * 2016-07-20 2016-12-14 腾讯科技(深圳)有限公司 A kind of information processing method based on content distributing network and device
CN110808989B (en) * 2016-09-30 2022-01-21 贵州白山云科技股份有限公司 HTTPS acceleration method and system based on content distribution network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018059578A1 (en) * 2016-09-30 2018-04-05 贵州白山云科技有限公司 Https acceleration method and system based on content distribution network
CN106789344A (en) * 2017-01-19 2017-05-31 上海帝联信息科技股份有限公司 Data transmission method, system, CDN and client
CN106789344B (en) * 2017-01-19 2019-11-12 上海帝联信息科技股份有限公司 Data transmission method, system, CDN network and client
US11252133B2 (en) 2017-02-08 2022-02-15 Guizhou Baishancloud Technology Co., Ltd. Method, device, medium and apparatus for CDN inter-node encryption
CN107707514A (en) * 2017-02-08 2018-02-16 贵州白山云科技有限公司 A kind of method and system for being used between CDN node encrypt and device
CN107707517B (en) * 2017-05-09 2018-11-13 贵州白山云科技有限公司 A kind of HTTPs handshake methods, device and system
CN107707517A (en) * 2017-05-09 2018-02-16 贵州白山云科技有限公司 A kind of HTTPs handshake methods, device and system
CN107257327A (en) * 2017-05-25 2017-10-17 中央民族大学 A kind of high concurrent SSL conversation managing methods
CN108574687A (en) * 2017-07-03 2018-09-25 北京金山云网络技术有限公司 A kind of communication connection method for building up, device and electronic equipment
CN108574687B (en) * 2017-07-03 2020-11-27 北京金山云网络技术有限公司 Communication connection establishment method and device, electronic equipment and computer readable medium
CN110999248B (en) * 2017-07-28 2022-07-08 阿里巴巴集团控股有限公司 Secure communication acceleration using system-on-chip (SoC) architecture
CN110999248A (en) * 2017-07-28 2020-04-10 阿里巴巴集团控股有限公司 Secure communication acceleration using system-on-chip (SoC) architecture
CN109428876A (en) * 2017-09-01 2019-03-05 腾讯科技(深圳)有限公司 One kind is shaken hands connection method and device
CN109428876B (en) * 2017-09-01 2021-10-08 腾讯科技(深圳)有限公司 Handshake connection method and device
WO2019062543A1 (en) * 2017-09-26 2019-04-04 中兴通讯股份有限公司 Traffic optimization method for transparent cache, load balancer and storage medium
CN109842664A (en) * 2017-11-29 2019-06-04 苏宁云商集团股份有限公司 A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS
CN108401011B (en) * 2018-01-30 2021-09-24 网宿科技股份有限公司 Acceleration method and device for handshake request in content distribution network and edge node
EP3541051A4 (en) * 2018-01-30 2019-09-18 Wangsu Science & Technology Co., Ltd. Acceleration method for handshake request in content delivery network, device and edge node
WO2019148562A1 (en) * 2018-01-30 2019-08-08 网宿科技股份有限公司 Acceleration method for handshake request in content delivery network, device and edge node
CN108401011A (en) * 2018-01-30 2018-08-14 网宿科技股份有限公司 The accelerated method of handshake request, equipment and fringe node in content distributing network
CN108429682A (en) * 2018-02-26 2018-08-21 湖南科技学院 A kind of optimization method and system of network transmission link
CN110324365A (en) * 2018-03-28 2019-10-11 网易(杭州)网络有限公司 Without key front end cluster system, application method, storage medium, electronic device
CN111010404A (en) * 2018-03-30 2020-04-14 贵州白山云科技股份有限公司 Data transmission method, data transmission equipment and computer readable storage medium
CN110324290A (en) * 2018-03-30 2019-10-11 贵州白山云科技股份有限公司 Method, network element device, medium and the computer equipment of network equipment certification
CN110324290B (en) * 2018-03-30 2022-02-01 贵州白山云科技股份有限公司 Network equipment authentication method, network element equipment, medium and computer equipment
CN111010404B (en) * 2018-03-30 2022-07-29 贵州白山云科技股份有限公司 Data transmission method, data transmission equipment and computer readable storage medium
WO2019205192A1 (en) * 2018-04-25 2019-10-31 网宿科技股份有限公司 Webpage loading method, webpage loading system, and server
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware
CN117857095A (en) * 2023-12-05 2024-04-09 天翼云科技有限公司 Non-private key TLS handshake solving method

Also Published As

Publication number Publication date
CN106341417B (en) 2019-11-05
WO2018059578A1 (en) 2018-04-05
CN110808989A (en) 2020-02-18
CN110808989B (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN106341417A (en) Content delivery network-based HTTPS acceleration method and system
EP2901308B1 (en) Load distribution in data networks
US8903938B2 (en) Providing enhanced data retrieval from remote locations
US8713636B2 (en) Computer network running a distributed application
CN107707943B (en) A kind of method and system for realizing cloud service fusion
CN105979007A (en) Acceleration resource processing method and device and network function virtualization system
US10318747B1 (en) Block chain based authentication
KR20150023354A (en) System and method for supporting implicit versioning in a transactional middleware machine environment
AU2021246978B2 (en) Multi-level cache-mesh-system for multi-tenant serverless environments
CN113315706B (en) Private cloud flow control method, device and system
US8132246B2 (en) Kerberos ticket virtualization for network load balancers
CN110351364A (en) Date storage method, equipment and computer readable storage medium
US11405369B1 (en) Distributed encrypted session resumption
US10481963B1 (en) Load-balancing for achieving transaction fault tolerance
JP2023088313A (en) Computer program, method and computer system for authorizing service request in multi-cluster system
US20220021532A1 (en) Tracking Tainted Connection Agents
JP7485046B2 (en) LOAD DISTRIBUTING METHOD, LOAD DISTRIBUTING DEVICE, LOAD DISTRIBUTING SYSTEM, AND PROGRAM
JP2022088326A (en) Method of selectively updating world state database in block chain network, system therefor, and computer program therefor
US11405364B1 (en) Privacy-preserving endorsements in blockchain transactions
Srivatsa Cloudless and Mixclaves
Hong et al. Global-scale event dissemination on mobile social channeling platform
US11778548B2 (en) Deploying containers on a 5G slice network
Rashmi Shree et al. Enhanced Data Security Architecture in Enterprise Networks
CN118488111A (en) Communication method and device
Santangelo Cloud-native Kubernetes application to efficiently and securely stream and collect real-time data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province

Applicant after: Guizhou Baishan cloud Polytron Technologies Inc

Address before: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province

Applicant before: Guizhou white cloud Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant