CN106341417A - Content delivery network-based HTTPS acceleration method and system - Google Patents
Content delivery network-based HTTPS acceleration method and system Download PDFInfo
- Publication number
- CN106341417A CN106341417A CN201610873442.6A CN201610873442A CN106341417A CN 106341417 A CN106341417 A CN 106341417A CN 201610873442 A CN201610873442 A CN 201610873442A CN 106341417 A CN106341417 A CN 106341417A
- Authority
- CN
- China
- Prior art keywords
- server
- client
- https
- session
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a content delivery network-based HTTPS acceleration method and system. An SSL acceleration card board scheme is adopted, so that the problem of heavy burden of performance and low efficiency of business processing capability of software-based SSL implementation can be solved; and an SSL acceleration card board is deployed in the server of an edge node of a CDN (content delivery network), and therefore, centralized management of certificates can be realized, and one SSL acceleration card board can serve a plurality of clients to carry out encryption and decryption, and the problems of resource waste and high management cost caused by a condition that each acceleration card board is bound with a specific client request can be solved.
Description
Technical field
The present invention relates to a kind of web information flow method is and in particular to a kind of be based on cdn(content distributing network) https add
Fast method and system.
Background technology
Https-secure agreement is the http passage with safety as target, by adding ssl layer under http, is capable of
Transmission encryption, it is to avoid the significant data such as user data, transaction data is stolen.Https, in protection privacy of user, prevents flow
Abduction aspect plays very crucial effect, but meanwhile, https also can reduce user's access speed, increases website clothes
The computing resource consumption of business device.
In ssl session, amount of calculation the best part surely belongs to ssl handshake phase, and ssl has two kinds of main handshake-type,
One kind is based on rsa, and one kind is based on deiffie-hellman(dh).The public key algorithm of rsa and dh employ a lot of cpu and
Be shake hands in the slowest part.Hundreds of rsa encryption per second can be carried out on one notebook computer, contrast per second about 1,000
Ten thousand sub-symmetry encryption aes.The groundwork in this stage is consulting session key, and this key is typically symmetric key, will be passed through
Wear and be applied in corresponding conversation procedure;Meanwhile, ssl shake hands itself encryption and signature be then included in non-in certificate
Symmetric key is bigger to the consumption of computing resource than symmetric key using this unsymmetrical key.
Ssl based on software realizes, and the key that each conversation initial is responsible for by the processor of server exchanges and follow-up
Data encrypting and deciphering, server can be made to bear great pressure for this intensive calculating process so that other transaction capabilities are big
Big reduction.Ssl therefore based on software realizes, and is only applicable to manage the scene of a small amount of ssl flow;And the feature of cdn network, it is
Node small scale, the number of servers of each node is less, but cdn Node distribution is more, dissipates distribution in geographic.?
It is https in cdn network to accelerate, the ssl based on software realizes substantially meeting acceleration demand.
Based on above-mentioned present situation, cdn manufacturer proposes hardware based ssl speeding scheme, and such as ssl accelerates board or ssl to add
Fast equipment.
Ssl accelerates board can effectively share the pressure that server cpu processes ssl affairs, one or more coprocessors
Calculate for realizing ssl, these coprocessors may be using general cpu it is also possible to be referred to using the asic chip and risc of customization
Order collection chip.But, each client is accessed, will distribute the server that a slotting ssl accelerates board complete to shake hands, encryption and decryption
Process, while waste of resource, unit management cost is also high.In addition, must possess uniqueness digital certificate on every server,
So many certificates are easily revealed, and there is safety problem.
Secondly, ssl acceleration equipment is the autonomous device that embedded ssl accelerates board, encryption flow is decrypted, and will solve
Overstocked data message is sent to background server;In the opposite direction, it is responsible for the plaintext number that encryption is sent by background server
According to forwarding it to client again;Ssl acceleration equipment has terminated ssl session, and background server can be released use completely
In data, services or operation application program, but ssl acceleration equipment holistic cost is higher, is not a preferable alternative
Case.
Content of the invention
Therefore, for above-mentioned problem, the present invention proposes one kind and is based on content distributing network (content delivery
Network, abbreviation cdn) https acceleration method and system, using ssl accelerate board scheme, solve the ssl based on software
The performance realized bears the problem that pressure is big, transaction capabilities is poorly efficient;And ssl accelerator card card is deployed in cdn network edge
On the server of node, centralized management is realized to certificate, and a ssl acceleration board can service multiple clients and carry out plus solution
Close work, solve the problems, such as each accelerate board only bind particular clients request the wasting of resources, management cost high.
In order to solve above-mentioned technical problem, the technical solution adopted in the present invention is, a kind of based on content distributing network
Https accelerated method, this content distributing network include positioned at the cdn network management center of core and dns redirect analytical center,
Multiple cdn network edge nodes positioned at marginal portion and the source server being located at rear end;Each cdn network edge node is respectively
Deploy the session & caching server positioned at front end and the unified authentication server being located at rear end;This https accelerated method includes
Following steps:
Step 1: client initiates https access request to cdn network edge node;Cdn network edge node passes through front end
Load balancing, distributes a corresponding session & caching server, carries out three-way handshake with client;
Step 2: in handshake procedure, the session & caching server distributing is responsible for https session management, this session & buffer service
Encryption and decryption work and unified authentication server with regard to private key and user certificate interact device simultaneously, return client afterwards;
Step 3: after completing handshake procedure, the buffer service of described session & caching server is normally carried out, provides for client
Cdn services;The data asked for client, if can be data cached, directly obtains in session & caching server, such as
Fruit is can not be data cached, then obtain to source server.
Wherein, described unified authentication server is provided with user certificate and private key, and is integrated with some ssl acceleration boards,
One or multiple stage are unified authentication server and are corresponded to a user certificate, and this is unified authentication server and is used for processing encryption and decryption;Described
Step 2 also includes following process: if there are multiple client, is then mapped to each client by this session & caching server
On one unified authentication server, each client is made to share the hardware acceleration capability of unified authentication server.
As a further scheme, this https accelerated method also comprises the steps: unified authentication server
Ratio quantity is linearly disposed with flow, will unify authentication server linear expansion, every unified authentication server is plugged
Some ssl accelerate board, to tackle more massive ssl issued transaction demand and reply troubleshooting.
The present invention also provides a kind of https acceleration system based on content distributing network, this content distributing network bag simultaneously
Include and redirect analytical center, be located at multiple cdn network edges of marginal portion positioned at the cdn network management center of core and dns
Node and the source server being located at rear end;Each cdn network edge node deploys the session & buffer service positioned at front end respectively
Device and the unified authentication server being located at rear end;This https acceleration system includes as lower unit:
Https access request initiates unit, for executing: client initiates https access request to cdn network edge node;
Three-way handshake initiates unit, for executing: the load balancing by front end for the cdn network edge node, distribute a correspondence
Session & caching server, carry out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & caching server distributing is responsible for https session
Management, handed over by encryption and decryption work and unified authentication server with regard to private key and user certificate simultaneously for this session & caching server
Mutually, return client afterwards;
Https accesses response unit, for executing: after completing handshake procedure, the buffer service of described session & caching server is just
Normally opened exhibition, provides cdn service for client;The data asked for client, if can be data cached, directly in meeting
Words & caching server obtains, if can not be data cached, then obtains to source server.
The present invention is effectively combined ssl and accelerates board and the respective technical advantage of cdn network edge node, with existing scheme
Between difference be:
(1) use ssl to accelerate board to replace the encryption and decryption work of common edge server, make Edge Server offload, portion
Affix one's name on unified authentication server, the cpu greatly reducing common edge server consumes, and improves efficiency;
(2) the encryption and decryption work of some clients is serviced using a ssl accelerator card, right to 1 from original man-to-man service
N, so for cdn manufacturer, greatlys save cost;
(3) calorie requirement is accelerated to manage a certificate from an original ssl, n client till now uses a ssl accelerator card
Card, certificate centralized management, the management amount of such certificate greatly reduces, and unit management cost substantially reduces;
(4) unified authentication server therein, except accelerating board to do encryption and decryption work by inserting ssl, can also be according to client
Different demands situation, deployment software on unified authentication server, such as cdn server application certificate schemes, cloudflare
Keyless-ssl scheme etc., the present invention can effectively support;In realization with front-end server with interacting in fringe node,
Which reduce and come and go rtt between server, improve efficiency;
(5) ssl accelerates board can unify linear expansion in authentication server cluster at edge, to increase its issued transaction energy
Power, does not affect to manage concentratedly, so also saves dilatation cost.
Brief description
Fig. 1 is that the client of the present invention accesses schematic diagram.
Specific embodiment
In conjunction with the drawings and specific embodiments, the present invention is further described.
The present invention provides a kind of https accelerated method based on content distributing network, and this content distributing network includes being located at
The cdn network management center of core and dns redirect analytical center, be located at multiple cdn network edge nodes of marginal portion with
And it is located at the source server of rear end.
The cdn network management center of core and dns redirect analytical center and are responsible for GSLB, and device systems are installed
In administrative center's machine room.
The carrier that cdn network edge node is distributed for cdn, is mainly cached by cache() and load equalizer etc. form, respectively
Cdn network edge node deploys session & caching and the unified authentication server (uas) being located at rear end positioned at front end respectively.
Wherein, session & caching server is provided with multiple, responsible https session management, and unifies authentication server with rear end and interact;Complete
After becoming interaction, then changing role is caching server, provides cdn to service for client.In an optional example, this session &
Caching server completes above-mentioned functions using openssl the and nginx software of configuration.Unified authentication server be provided with multiple, its
Containing user certificate, private key, it is integrated with some ssl and accelerates board (as intel or navimn), be the main place of user's encryption and decryption
Reason server.Board is accelerated to ssl, its single deck tape-recorder handling capacity can generally achieve 20gbps, to 1024 rsa and 2048 rsa
Encryption and decryption, its processing speed is respectively 35k-200kqps and 6k-35kqps.Unified authentication server can be fortune on linux
Row (redhat/centos, debian and ubuntu, and other), other unix operating systems (comprising freebsd) and micro-
Soft windows server.User certificate on each unified authentication server can share that is to say, that multiple unified authentication server
A user certificate can be corresponded to using same certificate or each unified authentication server.Unifying authentication server is
Stateless, permission client uses ready-made hardware, and unifies the ratio of authentication server with flow linear deployment;Pass through
Run multiple unified authentication servers and by the load balancing of dns, the website of client can be kept High Availabitity.
Source server comprises can be data cached and can not be data cached, can data cached for session caching server
Update caching, can not data cached Hui Yuan use after client sets up session with fringe node.
Based on content distributing network, in conjunction with the schematic diagram of Fig. 1, the https accelerated method of the present invention includes following process:
Step 1: client is initiated https and accessed, by the load balancing of front end, distributes a corresponding session & buffer service
Device, initiates three-way handshake (rsa/dh) process;Wherein, client is network terminal user, it is therefore possible to use instantly popular browses
Device (chrome, firefox, ie etc.) browses webpage, the client 1 of in figure, client 2, client 3, refers to different web sites respectively
The client accelerating client represents access, such as refers to the different web sites such as Sina website, www.qq.com, Netease respectively and accelerates client;
Step 2: in handshake procedure, this session & caching server is verified with unified with regard to the encryption and decryption work of private key and user certificate
Server interaction (depending on different schemes are realized), returns client afterwards;For multiple client, clothes are cached by session &
Each client is mapped on a unified authentication server business device, makes each client share the hardware of unified authentication server
Acceleration capacity;
Step 3: after completing handshake procedure, the cache service of session & caching server is normal to be carried out, and client then normally uses
Cdn services, for can be data cached, directly in the server acquisition of fringe node, for can not be data cached, to source server
Obtain;
Step 4: the quantity of unified authentication server can linearly dispose the ratio of unified authentication server with flow, needs to expand
Unified authentication server can be carried out linear expansion, every server be plugged some ssl and accelerates board, to tackle more by Zhan Shi
Large-scale ssl issued transaction demand;Or formed active and standby, to tackle troubleshooting.
The present invention also provides a kind of https acceleration system based on content distributing network, this content distributing network bag simultaneously
Include and redirect analytical center, be located at multiple cdn network edges of marginal portion positioned at the cdn network management center of core and dns
Node and the source server being located at rear end;Each cdn network edge node deploys the session & buffer service positioned at front end respectively
Device and the unified authentication server being located at rear end;This https acceleration system includes as lower unit:
Https access request initiates unit, for executing: client initiates https access request to cdn network edge node;
Three-way handshake initiates unit, for executing: the load balancing by front end for the cdn network edge node, distribute a correspondence
Session & caching server, carry out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & caching server distributing is responsible for https session
Management, handed over by encryption and decryption work and unified authentication server with regard to private key and user certificate simultaneously for this session & caching server
Mutually, return client afterwards;If there are multiple client, then by this session & caching server, each client is mapped to one
Platform is unified on authentication server, makes each client share the hardware acceleration capability of unified authentication server.
Https accesses response unit, for executing: after completing handshake procedure, the caching clothes of described session & caching server
Do honest work normally opened exhibition, provide cdn service for client;The data asked for client, if can be data cached, directly exists
Session & caching server obtains, if can not be data cached, then obtains to source server.
Wherein, unified authentication server is provided with user certificate and private key, and is integrated with some ssl acceleration boards, one
Or multiple stage is unified authentication server and is corresponded to a user certificate, and this is unified authentication server and is used for processing encryption and decryption;Unified checking
The quantity of server can linearly dispose the ratio of unified authentication server with flow, when needing extension, can be by unified checking
Server carries out linear expansion, every server is plugged some ssl and accelerates board, to tackle more massive ssl office
Reason demand;Or formed active and standby, to tackle troubleshooting.
It should be understood that disclosed system, apparatus and method in embodiment provided herein, can pass through
Other modes are realized.For example, device embodiment described above is only schematically, for example, the division of described unit,
It is only a kind of division of logic function, actual can have other dividing mode when realizing, and for example multiple units or assembly are permissible
In conjunction with or be desirably integrated into another system, or some features can be ignored, or does not execute.Another, shown or discussed
Coupling each other direct-coupling or communication connection can be by some interfaces, the INDIRECT COUPLING of device or unit or
Communication connection, can be electrical, mechanical or other forms.
The described unit illustrating as separating component can be or may not be physically separate, show as unit
The part showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.The mesh to realize this embodiment scheme for some or all of unit therein can be selected according to the actual needs
's.
In addition, can be integrated in a processing unit in each functional unit in each embodiment of the present invention it is also possible to
It is that unit is individually physically present it is also possible to two or more units are integrated in a unit.Above-mentioned integrated list
Unit both can be to be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If described integrated unit is realized and as independent production marketing or use using in the form of SFU software functional unit
When, can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part in other words prior art being contributed or all or part of this technical scheme can be in the form of software products
Embody, this computer software product is stored in a storage medium, including some instructions with so that a computer
Equipment (can be personal computer, server, or network equipment etc.) executes the complete of each embodiment methods described of the present invention
Portion or part steps.And aforesaid storage medium includes: u disk, portable hard drive, read only memory (rom, read-only
Memory), random access memory (ram, random access memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The above, above example only in order to technical scheme to be described, is not intended to limit;Although with reference to front
State embodiment the present invention has been described in detail, it will be understood by those within the art that: it still can be to front
State the technical scheme described in each embodiment to modify, or equivalent is carried out to wherein some technical characteristics;And these
Modification or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (8)
1. a kind of https accelerated method based on content distributing network it is characterised in that: during this content distributing network includes being located at
Cdn network management center that center portion is divided and dns redirect analytical center, the multiple cdn network edge nodes being located at marginal portion and
Source server positioned at rear end;Each cdn network edge node deploys the session & caching server positioned at front end respectively and is located at
The unified authentication server of rear end;
This https accelerated method comprises the steps:
Step 1: client initiates https access request to cdn network edge node;Cdn network edge node passes through front end
Load balancing, distributes a corresponding session & caching server, carries out three-way handshake with client;
Step 2: in handshake procedure, the session & caching server distributing is responsible for https session management, this session & buffer service
Encryption and decryption work and unified authentication server with regard to private key and user certificate interact device simultaneously, return client afterwards;
Step 3: after completing handshake procedure, the buffer service of described session & caching server is normally carried out, provides for client
Cdn services;The data asked for client, if can be data cached, directly obtains in session & caching server, such as
Fruit is can not be data cached, then obtain to source server.
2. https accelerated method according to claim 1 it is characterised in that: described unified authentication server is provided with use
Family certificate and private key, and be integrated with some ssl and accelerate boards, one or multiple stage are unified authentication server and are corresponded to a user certificate
Book, this is unified authentication server and is used for processing encryption and decryption.
3. https accelerated method according to claim 2 it is characterised in that: described step 2 also includes following process: such as
Fruit has multiple client, then by this session & caching server, each client is mapped on a unified authentication server, makes
Each client shares the hardware acceleration capability of unified authentication server.
4. the https accelerated method according to claim 1 or 2 or 3 it is characterised in that: this https accelerated method also includes
Following steps: the ratio quantity of unified authentication server is linearly disposed with flow, will unify authentication server linear expansion,
Some ssl are plugged on every unified authentication server and accelerates board, to tackle more massive ssl issued transaction demand and reply
Troubleshooting.
5. a kind of https acceleration system based on content distributing network, this content distributing network includes the cdn positioned at core
Network management center and dns redirect analytical center, the multiple cdn network edge nodes being located at marginal portion and the source being located at rear end
Server;Each cdn network edge node deploys the session & caching server positioned at front end respectively and the unification positioned at rear end is tested
Card server;
This https acceleration system includes as lower unit:
Https access request initiates unit, for executing: client initiates https access request to cdn network edge node;
Three-way handshake initiates unit, for executing: the load balancing by front end for the cdn network edge node, distribute a correspondence
Session & caching server, carry out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & caching server distributing is responsible for https session
Management, handed over by encryption and decryption work and unified authentication server with regard to private key and user certificate simultaneously for this session & caching server
Mutually, return client afterwards;
Https accesses response unit, for executing: after completing handshake procedure, the buffer service of described session & caching server is just
Normally opened exhibition, provides cdn service for client;The data asked for client, if can be data cached, directly in meeting
Words & caching server obtains, if can not be data cached, then obtains to source server.
6. https acceleration system according to claim 5 it is characterised in that: described unified authentication server is provided with use
Family certificate and private key, and be integrated with some ssl and accelerate boards, one or multiple stage are unified authentication server and are corresponded to a user certificate
Book, this is unified authentication server and is used for processing encryption and decryption.
7. https acceleration system according to claim 6 it is characterised in that: described three-way handshake processing unit also executes
Following operation: if there are multiple client, then each client is mapped to by a unified checking by this session & caching server
On server, each client is made to share the hardware acceleration capability of unified authentication server.
8. the https acceleration system according to claim 5 or 6 or 7 it is characterised in that: described unified authentication server
Ratio quantity is linearly disposed with flow, will unify authentication server linear expansion, every unified authentication server is plugged
Some ssl accelerate board, to tackle more massive ssl issued transaction demand and reply troubleshooting.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610873442.6A CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
CN201911090331.8A CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
PCT/CN2017/104806 WO2018059578A1 (en) | 2016-09-30 | 2017-09-30 | Https acceleration method and system based on content distribution network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610873442.6A CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911090331.8A Division CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106341417A true CN106341417A (en) | 2017-01-18 |
CN106341417B CN106341417B (en) | 2019-11-05 |
Family
ID=57839835
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911090331.8A Active CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
CN201610873442.6A Active CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911090331.8A Active CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
Country Status (2)
Country | Link |
---|---|
CN (2) | CN110808989B (en) |
WO (1) | WO2018059578A1 (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789344A (en) * | 2017-01-19 | 2017-05-31 | 上海帝联信息科技股份有限公司 | Data transmission method, system, CDN and client |
CN107257327A (en) * | 2017-05-25 | 2017-10-17 | 中央民族大学 | A kind of high concurrent SSL conversation managing methods |
CN107707514A (en) * | 2017-02-08 | 2018-02-16 | 贵州白山云科技有限公司 | A kind of method and system for being used between CDN node encrypt and device |
CN107707517A (en) * | 2017-05-09 | 2018-02-16 | 贵州白山云科技有限公司 | A kind of HTTPs handshake methods, device and system |
WO2018059578A1 (en) * | 2016-09-30 | 2018-04-05 | 贵州白山云科技有限公司 | Https acceleration method and system based on content distribution network |
CN108401011A (en) * | 2018-01-30 | 2018-08-14 | 网宿科技股份有限公司 | The accelerated method of handshake request, equipment and fringe node in content distributing network |
CN108429682A (en) * | 2018-02-26 | 2018-08-21 | 湖南科技学院 | A kind of optimization method and system of network transmission link |
CN108574687A (en) * | 2017-07-03 | 2018-09-25 | 北京金山云网络技术有限公司 | A kind of communication connection method for building up, device and electronic equipment |
CN109428876A (en) * | 2017-09-01 | 2019-03-05 | 腾讯科技(深圳)有限公司 | One kind is shaken hands connection method and device |
WO2019062543A1 (en) * | 2017-09-26 | 2019-04-04 | 中兴通讯股份有限公司 | Traffic optimization method for transparent cache, load balancer and storage medium |
CN109842664A (en) * | 2017-11-29 | 2019-06-04 | 苏宁云商集团股份有限公司 | A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS |
CN110324290A (en) * | 2018-03-30 | 2019-10-11 | 贵州白山云科技股份有限公司 | Method, network element device, medium and the computer equipment of network equipment certification |
CN110324365A (en) * | 2018-03-28 | 2019-10-11 | 网易(杭州)网络有限公司 | Without key front end cluster system, application method, storage medium, electronic device |
WO2019205192A1 (en) * | 2018-04-25 | 2019-10-31 | 网宿科技股份有限公司 | Webpage loading method, webpage loading system, and server |
CN110999248A (en) * | 2017-07-28 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Secure communication acceleration using system-on-chip (SoC) architecture |
US11579781B2 (en) | 2020-10-23 | 2023-02-14 | Red Hat, Inc. | Pooling distributed storage nodes that have specialized hardware |
CN117857095A (en) * | 2023-12-05 | 2024-04-09 | 天翼云科技有限公司 | Non-private key TLS handshake solving method |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114338629A (en) * | 2020-09-25 | 2022-04-12 | 北京金山云网络技术有限公司 | Data processing method, device, equipment and medium |
CN112187804B (en) * | 2020-09-29 | 2023-01-20 | 北京金山云网络技术有限公司 | Communication method and device of server, computer equipment and storage medium |
CN113301159B (en) * | 2021-05-26 | 2022-12-09 | 中国电子科技集团公司第五十四研究所 | Service position obtaining method and device in edge computing system |
CN115460083B (en) * | 2021-06-09 | 2024-04-19 | 贵州白山云科技股份有限公司 | Security acceleration service deployment method, device, medium and equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7634650B1 (en) * | 2004-07-22 | 2009-12-15 | Xsigo Systems | Virtualized shared security engine and creation of a protected zone |
CN104081711A (en) * | 2011-12-16 | 2014-10-01 | 阿卡麦科技公司 | Terminating SSL connections without locally-accessible private keys |
KR101491697B1 (en) * | 2013-12-10 | 2015-02-11 | 주식회사 시큐아이 | Security device including ssl acceleration card and operating method thereof |
CN104732164A (en) * | 2013-12-18 | 2015-06-24 | 国家计算机网络与信息安全管理中心 | Device and method both for accelerating SSL (Security Socket Layer) data processing speed |
CN106101007A (en) * | 2016-05-24 | 2016-11-09 | 杭州迪普科技有限公司 | Process the method and device of message |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9531691B2 (en) * | 2011-12-16 | 2016-12-27 | Akamai Technologies, Inc. | Providing forward secrecy in a terminating TLS connection proxy |
CN104702611B (en) * | 2015-03-15 | 2018-05-25 | 西安电子科技大学 | A kind of device and method for protecting Secure Socket Layer session key |
CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
CN106027646B (en) * | 2016-05-19 | 2019-06-21 | 北京云钥网络科技有限公司 | A kind of method and device accelerating HTTPS |
CN106230782A (en) * | 2016-07-20 | 2016-12-14 | 腾讯科技(深圳)有限公司 | A kind of information processing method based on content distributing network and device |
CN110808989B (en) * | 2016-09-30 | 2022-01-21 | 贵州白山云科技股份有限公司 | HTTPS acceleration method and system based on content distribution network |
-
2016
- 2016-09-30 CN CN201911090331.8A patent/CN110808989B/en active Active
- 2016-09-30 CN CN201610873442.6A patent/CN106341417B/en active Active
-
2017
- 2017-09-30 WO PCT/CN2017/104806 patent/WO2018059578A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7634650B1 (en) * | 2004-07-22 | 2009-12-15 | Xsigo Systems | Virtualized shared security engine and creation of a protected zone |
CN104081711A (en) * | 2011-12-16 | 2014-10-01 | 阿卡麦科技公司 | Terminating SSL connections without locally-accessible private keys |
KR101491697B1 (en) * | 2013-12-10 | 2015-02-11 | 주식회사 시큐아이 | Security device including ssl acceleration card and operating method thereof |
CN104732164A (en) * | 2013-12-18 | 2015-06-24 | 国家计算机网络与信息安全管理中心 | Device and method both for accelerating SSL (Security Socket Layer) data processing speed |
CN106101007A (en) * | 2016-05-24 | 2016-11-09 | 杭州迪普科技有限公司 | Process the method and device of message |
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018059578A1 (en) * | 2016-09-30 | 2018-04-05 | 贵州白山云科技有限公司 | Https acceleration method and system based on content distribution network |
CN106789344A (en) * | 2017-01-19 | 2017-05-31 | 上海帝联信息科技股份有限公司 | Data transmission method, system, CDN and client |
CN106789344B (en) * | 2017-01-19 | 2019-11-12 | 上海帝联信息科技股份有限公司 | Data transmission method, system, CDN network and client |
US11252133B2 (en) | 2017-02-08 | 2022-02-15 | Guizhou Baishancloud Technology Co., Ltd. | Method, device, medium and apparatus for CDN inter-node encryption |
CN107707514A (en) * | 2017-02-08 | 2018-02-16 | 贵州白山云科技有限公司 | A kind of method and system for being used between CDN node encrypt and device |
CN107707517B (en) * | 2017-05-09 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of HTTPs handshake methods, device and system |
CN107707517A (en) * | 2017-05-09 | 2018-02-16 | 贵州白山云科技有限公司 | A kind of HTTPs handshake methods, device and system |
CN107257327A (en) * | 2017-05-25 | 2017-10-17 | 中央民族大学 | A kind of high concurrent SSL conversation managing methods |
CN108574687A (en) * | 2017-07-03 | 2018-09-25 | 北京金山云网络技术有限公司 | A kind of communication connection method for building up, device and electronic equipment |
CN108574687B (en) * | 2017-07-03 | 2020-11-27 | 北京金山云网络技术有限公司 | Communication connection establishment method and device, electronic equipment and computer readable medium |
CN110999248B (en) * | 2017-07-28 | 2022-07-08 | 阿里巴巴集团控股有限公司 | Secure communication acceleration using system-on-chip (SoC) architecture |
CN110999248A (en) * | 2017-07-28 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Secure communication acceleration using system-on-chip (SoC) architecture |
CN109428876A (en) * | 2017-09-01 | 2019-03-05 | 腾讯科技(深圳)有限公司 | One kind is shaken hands connection method and device |
CN109428876B (en) * | 2017-09-01 | 2021-10-08 | 腾讯科技(深圳)有限公司 | Handshake connection method and device |
WO2019062543A1 (en) * | 2017-09-26 | 2019-04-04 | 中兴通讯股份有限公司 | Traffic optimization method for transparent cache, load balancer and storage medium |
CN109842664A (en) * | 2017-11-29 | 2019-06-04 | 苏宁云商集团股份有限公司 | A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS |
CN108401011B (en) * | 2018-01-30 | 2021-09-24 | 网宿科技股份有限公司 | Acceleration method and device for handshake request in content distribution network and edge node |
EP3541051A4 (en) * | 2018-01-30 | 2019-09-18 | Wangsu Science & Technology Co., Ltd. | Acceleration method for handshake request in content delivery network, device and edge node |
WO2019148562A1 (en) * | 2018-01-30 | 2019-08-08 | 网宿科技股份有限公司 | Acceleration method for handshake request in content delivery network, device and edge node |
CN108401011A (en) * | 2018-01-30 | 2018-08-14 | 网宿科技股份有限公司 | The accelerated method of handshake request, equipment and fringe node in content distributing network |
CN108429682A (en) * | 2018-02-26 | 2018-08-21 | 湖南科技学院 | A kind of optimization method and system of network transmission link |
CN110324365A (en) * | 2018-03-28 | 2019-10-11 | 网易(杭州)网络有限公司 | Without key front end cluster system, application method, storage medium, electronic device |
CN111010404A (en) * | 2018-03-30 | 2020-04-14 | 贵州白山云科技股份有限公司 | Data transmission method, data transmission equipment and computer readable storage medium |
CN110324290A (en) * | 2018-03-30 | 2019-10-11 | 贵州白山云科技股份有限公司 | Method, network element device, medium and the computer equipment of network equipment certification |
CN110324290B (en) * | 2018-03-30 | 2022-02-01 | 贵州白山云科技股份有限公司 | Network equipment authentication method, network element equipment, medium and computer equipment |
CN111010404B (en) * | 2018-03-30 | 2022-07-29 | 贵州白山云科技股份有限公司 | Data transmission method, data transmission equipment and computer readable storage medium |
WO2019205192A1 (en) * | 2018-04-25 | 2019-10-31 | 网宿科技股份有限公司 | Webpage loading method, webpage loading system, and server |
US11579781B2 (en) | 2020-10-23 | 2023-02-14 | Red Hat, Inc. | Pooling distributed storage nodes that have specialized hardware |
CN117857095A (en) * | 2023-12-05 | 2024-04-09 | 天翼云科技有限公司 | Non-private key TLS handshake solving method |
Also Published As
Publication number | Publication date |
---|---|
CN106341417B (en) | 2019-11-05 |
WO2018059578A1 (en) | 2018-04-05 |
CN110808989A (en) | 2020-02-18 |
CN110808989B (en) | 2022-01-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106341417A (en) | Content delivery network-based HTTPS acceleration method and system | |
EP2901308B1 (en) | Load distribution in data networks | |
US8903938B2 (en) | Providing enhanced data retrieval from remote locations | |
US8713636B2 (en) | Computer network running a distributed application | |
CN107707943B (en) | A kind of method and system for realizing cloud service fusion | |
CN105979007A (en) | Acceleration resource processing method and device and network function virtualization system | |
US10318747B1 (en) | Block chain based authentication | |
KR20150023354A (en) | System and method for supporting implicit versioning in a transactional middleware machine environment | |
AU2021246978B2 (en) | Multi-level cache-mesh-system for multi-tenant serverless environments | |
CN113315706B (en) | Private cloud flow control method, device and system | |
US8132246B2 (en) | Kerberos ticket virtualization for network load balancers | |
CN110351364A (en) | Date storage method, equipment and computer readable storage medium | |
US11405369B1 (en) | Distributed encrypted session resumption | |
US10481963B1 (en) | Load-balancing for achieving transaction fault tolerance | |
JP2023088313A (en) | Computer program, method and computer system for authorizing service request in multi-cluster system | |
US20220021532A1 (en) | Tracking Tainted Connection Agents | |
JP7485046B2 (en) | LOAD DISTRIBUTING METHOD, LOAD DISTRIBUTING DEVICE, LOAD DISTRIBUTING SYSTEM, AND PROGRAM | |
JP2022088326A (en) | Method of selectively updating world state database in block chain network, system therefor, and computer program therefor | |
US11405364B1 (en) | Privacy-preserving endorsements in blockchain transactions | |
Srivatsa | Cloudless and Mixclaves | |
Hong et al. | Global-scale event dissemination on mobile social channeling platform | |
US11778548B2 (en) | Deploying containers on a 5G slice network | |
Rashmi Shree et al. | Enhanced Data Security Architecture in Enterprise Networks | |
CN118488111A (en) | Communication method and device | |
Santangelo | Cloud-native Kubernetes application to efficiently and securely stream and collect real-time data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province Applicant after: Guizhou Baishan cloud Polytron Technologies Inc Address before: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province Applicant before: Guizhou white cloud Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |