CN106341417B - A kind of HTTPS acceleration method and system based on content distributing network - Google Patents

A kind of HTTPS acceleration method and system based on content distributing network Download PDF

Info

Publication number
CN106341417B
CN106341417B CN201610873442.6A CN201610873442A CN106341417B CN 106341417 B CN106341417 B CN 106341417B CN 201610873442 A CN201610873442 A CN 201610873442A CN 106341417 B CN106341417 B CN 106341417B
Authority
CN
China
Prior art keywords
server
client
https
authentication server
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610873442.6A
Other languages
Chinese (zh)
Other versions
CN106341417A (en
Inventor
苗辉
江桂林
庄吴敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Baishan Cloud Polytron Technologies Inc
Original Assignee
Guizhou Baishan Cloud Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Baishan Cloud Polytron Technologies Inc filed Critical Guizhou Baishan Cloud Polytron Technologies Inc
Priority to CN201911090331.8A priority Critical patent/CN110808989B/en
Priority to CN201610873442.6A priority patent/CN106341417B/en
Publication of CN106341417A publication Critical patent/CN106341417A/en
Priority to PCT/CN2017/104806 priority patent/WO2018059578A1/en
Application granted granted Critical
Publication of CN106341417B publication Critical patent/CN106341417B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention discloses a kind of HTTPS acceleration method and system based on content distributing network, accelerates board scheme using SSL, solves the problems, such as that the performance receiving pressure that software-based SSL is realized is big, transaction capabilities is inefficient;And SSL accelerator card card is deployed on the server of CDN network fringe node, centralized management is realized to certificate, and a SSL accelerates board that can service multiple clients' progress encryption and decryption work, solves the problems, such as that each wasting of resources for accelerating board only to bind particular clients request, management cost are high.

Description

A kind of HTTPS acceleration method and system based on content distributing network
Technical field
The present invention relates to a kind of web information flow methods, and in particular to one kind be based on CDN(content distributing network) HTTPS add Fast method and system.
Background technique
HTTPS security protocol is to can be realized with the channel HTTP safely for target by the way that SSL layers are added under http Transmission encryption, avoids the significant datas such as user data, transaction data from being stolen.HTTPS prevents flow in protection privacy of user It kidnaps aspect and plays very crucial effect, but at the same time, HTTPS can also reduce user's access speed, increase website clothes The computing resource consumption of business device.
In SSL session, calculation amount the best part surely belongs to SSL handshake phase, main handshake-type that there are two types of SSL, One is RSA is based on, one is be based on Deiffie-Hellman(DH).The public key algorithm of RSA and DH used many CPU and It is part most slow in shaking hands.Several hundred secondary rsa encryptions, comparison per second about 1,000 per second can be carried out on one laptop Ten thousand sub-symmetries encrypt AES.The groundwork in this stage is consult session key, which is usually symmetric key, will be passed through It wears and is applied in corresponding conversation procedure;At the same time, SSL shake hands itself encryption and signature be then included in it is non-in certificate Symmetric key is bigger than the consumption of symmetrical key pair computing resource using this unsymmetrical key.
Software-based SSL realizes, the processor of server is responsible for the key exchange of each conversation initial and subsequent Data encrypting and deciphering, this intensive calculating process can make server bear great pressure, so that other transaction capabilities are big It is big to reduce.Therefore software-based SSL is realized, is only applicable to manage the scene of a small amount of SSL flow;And the characteristics of CDN network, it is Node size is small, and the number of servers of each node is less, however CDN node distribution is more, in geographic diverging distribution.In HTTPS acceleration is done in CDN network, software-based SSL, which is realized, is not obviously able to satisfy acceleration demand.
Based on above-mentioned status, CDN manufacturer proposes hardware based SSL speeding scheme, as SSL accelerates board or SSL to add Fast equipment.
SSL accelerates board that can effectively share the pressure that server CPU handles SSL affairs, one or more coprocessors For realizing SSL calculating, these coprocessors may use universal cpu, it is also possible to be referred to using the asic chip and RISC of customization Enable collection chip.But each client is accessed, will distribute a slotting SSL accelerate the server completion of board to shake hands, encryption and decryption Process, while waste of resource, single machine management cost is also high.In addition, must have uniqueness digital certificate on every server, So more certificates are easy leakage, and there are safety problems.
Secondly, SSL acceleration equipment is the autonomous device for being embedded in SSL and accelerating board, encryption flow is decrypted, and will solution Overstocked data information is sent to background server;In the opposite direction, it is responsible for the plaintext number that encryption is sent by background server According to forwarding it to client again;SSL acceleration equipment has terminated SSL session, and background server can be released use completely In data service or operation application program, but SSL acceleration equipment overall cost is higher, is not an ideal alternative Case.
Summary of the invention
Therefore, for above-mentioned problem, the present invention proposes a kind of based on content distributing network (Content Delivery Network, abbreviation CDN) HTTPS acceleration method and system, using SSL accelerate board scheme, solve software-based SSL The performance of realization bears the problem that pressure is big, transaction capabilities is inefficient;And SSL accelerator card card is deployed in CDN network edge On the server of node, centralized management is realized to certificate, and a SSL acceleration board can service multiple clients and carry out plus solve Close work solves the problems, such as that each wasting of resources for accelerating board only to bind particular clients request, management cost are high.
In order to solve the above-mentioned technical problem, the technical scheme adopted by the invention is that, it is a kind of based on content distributing network HTTPS accelerated method, the content distributing network include positioned at central part CDN network management center and DNS redirect analytical center, Positioned at multiple CDN network fringe nodes of marginal portion and positioned at the source server of rear end;Each CDN network fringe node difference Deploy the unified authentication server positioned at the session & cache server of front end and positioned at rear end;The HTTPS accelerated method includes Following steps:
Step 1: client initiates HTTPS access request to CDN network fringe node;Before CDN network fringe node passes through The load balancing at end distributes a corresponding session & cache server, carries out three-way handshake with client;
Step 2: in handshake procedure, the session & cache server distributed is responsible for HTTPS session management, session & caching Server is interacted with regard to the work of the encryption and decryption of private key and user certificate and unified authentication server simultaneously, returns to client later End;
Step 3: after completing handshake procedure, the buffer service of the session & cache server is normally carried out, and mentions for client For CDN service;Data requested for client are directly obtained in session & cache server if it is can be data cached, If it is can not be data cached, be then obtained to source server.
Wherein, the unified authentication server is equipped with user certificate and private key, and is integrated with several SSL and accelerates board, The one or more unified corresponding user certificate of authentication server, this unifies authentication server for handling encryption and decryption;It is described Step 2 further includes following process: if there is multiple client, being then mapped to each client by session & cache server On one unified authentication server, each client is made to share the hardware acceleration capability of unified authentication server.
As a further scheme, which further includes following steps: unified authentication server Ratio quantity is linearly disposed with flow, will be unified authentication server linear expansion, is plugged on every unified authentication server Several SSL accelerate board, to cope with more massive SSL issued transaction demand and reply troubleshooting.
The present invention goes back while providing a kind of HTTPS acceleration system based on content distributing network, the content distributing network packet It includes and redirects analytical center, multiple CDN network edges positioned at marginal portion positioned at the CDN network management center of central part and DNS Node and source server positioned at rear end;Each CDN network fringe node deploys the session & buffer service positioned at front end respectively Device and unified authentication server positioned at rear end;The HTTPS acceleration system includes such as lower unit:
HTTPS access request initiates unit, for executing: client, which initiates HTTPS access to CDN network fringe node, asks It asks;
Three-way handshake initiates unit, for executing: CDN network fringe node distributes one by the load balancing of front end Corresponding session & cache server carries out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & cache server distributed is responsible for HTTPS Session management, session & cache server simultaneously with regard to the encryption and decryption of private key and user certificate work with unified authentication server into Row interaction, returns to client later;
HTTPS accesses response unit, for executing: after completing handshake procedure, the caching of the session & cache server is taken It does honest work normally opened exhibition, provides CDN service for client;Data requested for client directly exist if it is can be data cached Session & cache server obtains, and if it is can not be data cached, then obtains to source server.
The present invention is effectively combined SSL and accelerates board and the respective technical advantage of CDN network fringe node, with existing scheme Between difference be:
(1) it is worked using the encryption and decryption that SSL accelerates board to replace common edge server, makes Edge Server Offload is deployed on unified authentication server, is greatly reduced the CPU consumption of common edge server, is improved efficiency;
(2) the encryption and decryption work that several clients are serviced using a SSL accelerator card, from original one-to-one service Cost is greatly saved in this way for CDN manufacturer to 1 couple of N;
(3) need to manage a certificate from an original SSL accelerator card, N number of client till now is added using a SSL The management amount of fast board, certificate centralized management, such certificate greatly reduces, and single machine management cost substantially reduces;
(4) unified authentication server therein accelerates board to do encryption and decryption work except through inserting SSL, can also basis The different demands situation of client, the deployment software on unified authentication server, as CDN server application certificate schemes, Keyless-SSL scheme of Cloudflare etc., the present invention can be supported effectively;In realization and front-end server in edge section The interaction of point, reduces round-trip RTT between server in this way, improves efficiency;
(5) SSL accelerates board that can unify linear expansion in authentication server cluster at edge, to increase its issued transaction Ability, does not influence to manage concentratedly, also saves dilatation cost in this way.
Detailed description of the invention
Fig. 1 is that client of the invention accesses schematic diagram.
Specific embodiment
Now in conjunction with the drawings and specific embodiments, the present invention is further described.
The present invention provides a kind of HTTPS accelerated method based on content distributing network, which includes being located at The CDN network management center of central part and DNS redirect analytical center, positioned at marginal portion multiple CDN network fringe nodes with And the source server positioned at rear end.
The CDN network management center of central part and DNS redirect analytical center and are responsible for global load balancing, device systems installation In administrative center's computer room.
CDN network fringe node is the carrier of CDN distribution, is mainly cached by Cache() and load balancer etc. form, respectively CDN network fringe node deploys the unified authentication server (UAS) positioned at the session & caching of front end and positioned at rear end respectively. Wherein, session & cache server is equipped with multiple, is responsible for HTTPS session management, and unify authentication server with rear end and interact;It is complete After interaction, then changing role is cache server, provides CDN service for client.In an optional example, session & Cache server completes above-mentioned function using OpenSSL the and Nginx software of configuration.Uniformly authentication server is equipped with multiple, Containing user certificate, private key, it is integrated with several SSL and accelerates board (such as Intel or NAVIMN), be the main place of user's encryption and decryption Manage server.Board is accelerated to SSL, single deck tape-recorder handling capacity can generally achieve 20Gbps, to 1024 RSA and 2048 RSA Encryption and decryption, processing speed are respectively 35K-200Kqps and 6K-35Kqps.Unified authentication server can be to be transported on linux Row (RedHat/CentOS, Debian and Ubuntu, and other), other Unix operating systems (including FreeBSD) and micro- Soft Windows server.User certificate on each unified authentication server can be shared, that is to say, that multiple unified authentication servers The same certificate can be used, be also possible to each corresponding user certificate of unified authentication server.Unifying authentication server is Stateless, permission client uses ready-made hardware, and as flow linear deployment unifies the ratio of authentication server;Pass through High Availabitity can be kept by running multiple unified authentication servers and the load balancing by DNS, the website of client.
Source server includes can be data cached and can not be data cached, data cached can be used for and session cache server Caching is updated, it can not the data cached Hui Yuan use after client and fringe node establish session.
Based on content distributing network, in conjunction with the schematic diagram of Fig. 1, HTTPS accelerated method of the invention is comprised the following processes:
Step 1: client initiates HTTPS access, by the load balancing of front end, the corresponding session & caching of distribution one Server initiates three-way handshake (RSA/DH) process;Wherein, client is network terminal user, it is therefore possible to use instantly popular Browser (Chrome, Firefox, IE etc.) browses webpage, and client 1, client 2, client 3 in figure respectively refer to difference Website accelerates the client of client to represent access, such as respectively refers to Sina website, www.qq.com, Netease's different web sites acceleration client;
Step 2: in handshake procedure, session & cache server is with regard to the work of the encryption and decryption of private key and user certificate and uniformly Authentication server interaction (depending on different schemes realization), returns to client later;It is slow by session & for multiple client It deposits server each client is mapped on a unified authentication server, each client is made to share unified authentication server Hardware acceleration capability;
Step 3: after completing handshake procedure, the Cache service of session & cache server is normal to be carried out, and client is then normal It using CDN service, for can be data cached, directly obtains in the server of fringe node, for can not be data cached, be taken to source Business device obtains;
Step 4: the quantity of unified authentication server can linearly dispose the ratio of unified authentication server with flow, need When extending, unified authentication server can be subjected to linear expansion, several SSL are plugged on every server and accelerate board, to answer To more massive SSL issued transaction demand;Or formation is active and standby, to cope with troubleshooting.
The present invention goes back while providing a kind of HTTPS acceleration system based on content distributing network, the content distributing network packet It includes and redirects analytical center, multiple CDN network edges positioned at marginal portion positioned at the CDN network management center of central part and DNS Node and source server positioned at rear end;Each CDN network fringe node deploys the session & buffer service positioned at front end respectively Device and unified authentication server positioned at rear end;The HTTPS acceleration system includes such as lower unit:
HTTPS access request initiates unit, for executing: client, which initiates HTTPS access to CDN network fringe node, asks It asks;
Three-way handshake initiates unit, for executing: CDN network fringe node distributes one by the load balancing of front end Corresponding session & cache server carries out three-way handshake with client;
Three-way handshake processing unit, for executing: in handshake procedure, the session & cache server distributed is responsible for HTTPS Session management, session & cache server simultaneously with regard to the encryption and decryption of private key and user certificate work with unified authentication server into Row interaction, returns to client later;If there is multiple client, then each client is mapped by session & cache server Onto a unified authentication server, each client is made to share the hardware acceleration capability of unified authentication server.
HTTPS accesses response unit, for executing: after completing handshake procedure, the caching of the session & cache server is taken It does honest work normally opened exhibition, provides CDN service for client;Data requested for client directly exist if it is can be data cached Session & cache server obtains, and if it is can not be data cached, then obtains to source server.
Wherein, unified authentication server is equipped with user certificate and private key, and is integrated with several SSL acceleration boards, and one Or the more unified corresponding user certificates of authentication server, this unifies authentication server for handling encryption and decryption;Unified verifying The quantity of server can linearly dispose the ratio of unified authentication server with flow, when needing to extend, can verify unified Server carries out linear expansion, and several SSL are plugged on every server and accelerate board, to cope with more massive SSL office Reason demand;Or formation is active and standby, to cope with troubleshooting.
In embodiment provided herein, it should be understood that disclosed system, device and method can pass through Other modes are realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be with In conjunction with or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING of device or unit or Communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey The medium of sequence code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (8)

1. a kind of HTTPS accelerated method based on content distributing network, it is characterised in that: the content distributing network includes in being located at The CDN network management center of center portion point and DNS redirect analytical center, positioned at marginal portion multiple CDN network fringe nodes and Source server positioned at rear end;Each CDN network fringe node deploy respectively positioned at front end session & cache server and be located at The unified authentication server of rear end;
The HTTPS accelerated method includes the following steps:
Step 1: client initiates HTTPS access request to CDN network fringe node;CDN network fringe node passes through front end Load balancing distributes a corresponding session & cache server, carries out three-way handshake with client;
Step 2: in handshake procedure, the session & cache server distributed is responsible for HTTPS session management, session & buffer service Device is interacted with regard to the work of the encryption and decryption of private key and user certificate and unified authentication server simultaneously, returns to client later, should For unified authentication server for handling encryption and decryption, unified authentication server is equipped with user certificate and private key, and one or more The unified corresponding user certificate of authentication server;
Step 3: after completing handshake procedure, the buffer service of the session & cache server is normally carried out, and provides for client CDN service;Data requested for client are directly obtained, such as in session & cache server if it is can be data cached Fruit is can not be data cached, then obtains to source server.
2. HTTPS accelerated method according to claim 1, it is characterised in that: if the unified authentication server is integrated with Dry SSL accelerates board.
3. HTTPS accelerated method according to claim 2, it is characterised in that: the step 2 further includes following process: such as Fruit has multiple client, then each client is mapped on a unified authentication server by session & cache server, is made Each client shares the hardware acceleration capability of unified authentication server.
4. HTTPS accelerated method according to claim 1 or 2 or 3, it is characterised in that: the HTTPS accelerated method further includes Following steps: the ratio quantity for unifying authentication server is linearly disposed with flow, will unify authentication server linear expansion, Several SSL are plugged on every unified authentication server and accelerate board, to cope with more massive SSL issued transaction demand and reply Troubleshooting.
5. a kind of HTTPS acceleration system based on content distributing network, which includes the CDN positioned at central part Network management center and DNS redirect analytical center, positioned at multiple CDN network fringe nodes of marginal portion and positioned at the source of rear end Server;Each CDN network fringe node is deployed respectively positioned at the session & cache server of front end and uniformly testing positioned at rear end Demonstrate,prove server;
The HTTPS acceleration system includes such as lower unit:
HTTPS access request initiates unit, for executing: client initiates HTTPS access request to CDN network fringe node;
Three-way handshake initiates unit, and for executing: CDN network fringe node distributes a correspondence by the load balancing of front end Session & cache server, with client carry out three-way handshake;
Three-way handshake processing unit, for executing: in handshake procedure, the session & cache server distributed is responsible for HTTPS session Management, session & cache server are handed over regard to the work of the encryption and decryption of private key and user certificate and unified authentication server simultaneously Mutually, client is returned later, this is unified authentication server and is equipped with user certificate for handling encryption and decryption, unified authentication server And private key, the one or more unified corresponding user certificate of authentication server;
HTTPS accesses response unit, for executing: after completing handshake procedure, the buffer service of the session & cache server is just Normally opened exhibition provides CDN service for client;Data requested for client, if it is can be data cached, directly in meeting It talks about & cache server to obtain, if it is can not be data cached, then be obtained to source server.
6. HTTPS acceleration system according to claim 5, it is characterised in that: if the unified authentication server is integrated with Dry SSL accelerates board.
7. HTTPS acceleration system according to claim 6, it is characterised in that: the three-way handshake processing unit also executes Following operation: if there is multiple client, then each client is mapped to by a unified verifying by session & cache server On server, each client is made to share the hardware acceleration capability of unified authentication server.
8. according to HTTPS acceleration system described in claim 5 or 6 or 7, it is characterised in that: the unified authentication server Ratio quantity is linearly disposed with flow, will be unified authentication server linear expansion, is plugged on every unified authentication server Several SSL accelerate board, to cope with more massive SSL issued transaction demand and reply troubleshooting.
CN201610873442.6A 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network Active CN106341417B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201911090331.8A CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network
PCT/CN2017/104806 WO2018059578A1 (en) 2016-09-30 2017-09-30 Https acceleration method and system based on content distribution network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610873442.6A CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201911090331.8A Division CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Publications (2)

Publication Number Publication Date
CN106341417A CN106341417A (en) 2017-01-18
CN106341417B true CN106341417B (en) 2019-11-05

Family

ID=57839835

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network
CN201610873442.6A Active CN106341417B (en) 2016-09-30 2016-09-30 A kind of HTTPS acceleration method and system based on content distributing network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201911090331.8A Active CN110808989B (en) 2016-09-30 2016-09-30 HTTPS acceleration method and system based on content distribution network

Country Status (2)

Country Link
CN (2) CN110808989B (en)
WO (1) WO2018059578A1 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808989B (en) * 2016-09-30 2022-01-21 贵州白山云科技股份有限公司 HTTPS acceleration method and system based on content distribution network
CN106789344B (en) * 2017-01-19 2019-11-12 上海帝联信息科技股份有限公司 Data transmission method, system, CDN network and client
CN107707514B (en) 2017-02-08 2018-08-21 贵州白山云科技有限公司 One kind is for encrypted method and system and device between CDN node
CN107707517B (en) * 2017-05-09 2018-11-13 贵州白山云科技有限公司 A kind of HTTPs handshake methods, device and system
CN107257327B (en) * 2017-05-25 2020-12-29 中央民族大学 High-concurrency SSL session management method
CN108574687B (en) * 2017-07-03 2020-11-27 北京金山云网络技术有限公司 Communication connection establishment method and device, electronic equipment and computer readable medium
US11153289B2 (en) * 2017-07-28 2021-10-19 Alibaba Group Holding Limited Secure communication acceleration using a System-on-Chip (SoC) architecture
CN109428876B (en) * 2017-09-01 2021-10-08 腾讯科技(深圳)有限公司 Handshake connection method and device
CN109561027A (en) * 2017-09-26 2019-04-02 中兴通讯股份有限公司 Flow optimization method, load balancer and the storage medium of transparent caching
CN109842664A (en) * 2017-11-29 2019-06-04 苏宁云商集团股份有限公司 A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS
CN108401011B (en) * 2018-01-30 2021-09-24 网宿科技股份有限公司 Acceleration method and device for handshake request in content distribution network and edge node
CN108429682A (en) * 2018-02-26 2018-08-21 湖南科技学院 A kind of optimization method and system of network transmission link
CN110324365B (en) * 2018-03-28 2023-01-24 网易(杭州)网络有限公司 Keyless front-end cluster system, application method, storage medium and electronic device
CN110324290B (en) * 2018-03-30 2022-02-01 贵州白山云科技股份有限公司 Network equipment authentication method, network element equipment, medium and computer equipment
CN108804515B (en) * 2018-04-25 2021-05-28 网宿科技股份有限公司 Webpage loading method, webpage loading system and server
CN114338629A (en) * 2020-09-25 2022-04-12 北京金山云网络技术有限公司 Data processing method, device, equipment and medium
CN112187804B (en) * 2020-09-29 2023-01-20 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware
CN113301159B (en) * 2021-05-26 2022-12-09 中国电子科技集团公司第五十四研究所 Service position obtaining method and device in edge computing system
CN115460083B (en) * 2021-06-09 2024-04-19 贵州白山云科技股份有限公司 Security acceleration service deployment method, device, medium and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9531691B2 (en) * 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating TLS connection proxy
CN104702611B (en) * 2015-03-15 2018-05-25 西安电子科技大学 A kind of device and method for protecting Secure Socket Layer session key
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server
CN106027646B (en) * 2016-05-19 2019-06-21 北京云钥网络科技有限公司 A kind of method and device accelerating HTTPS
CN106230782A (en) * 2016-07-20 2016-12-14 腾讯科技(深圳)有限公司 A kind of information processing method based on content distributing network and device
CN110808989B (en) * 2016-09-30 2022-01-21 贵州白山云科技股份有限公司 HTTPS acceleration method and system based on content distribution network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
KR101491697B1 (en) * 2013-12-10 2015-02-11 주식회사 시큐아이 Security device including ssl acceleration card and operating method thereof
CN104732164A (en) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 Device and method both for accelerating SSL (Security Socket Layer) data processing speed
CN106101007A (en) * 2016-05-24 2016-11-09 杭州迪普科技有限公司 Process the method and device of message

Also Published As

Publication number Publication date
CN110808989A (en) 2020-02-18
CN106341417A (en) 2017-01-18
CN110808989B (en) 2022-01-21
WO2018059578A1 (en) 2018-04-05

Similar Documents

Publication Publication Date Title
CN106341417B (en) A kind of HTTPS acceleration method and system based on content distributing network
US10382408B1 (en) Computing instance migration
JP2021508877A (en) High-performance distributed recording system
CN108683747A (en) Resource acquisition, distribution, method for down loading, device, equipment and storage medium
JP2021508876A (en) Simultaneous transaction processing in a high-performance distributed recording system
US8903938B2 (en) Providing enhanced data retrieval from remote locations
US7860975B2 (en) System and method for secure sticky routing of requests within a server farm
JP2022512324A (en) High-performance distributed recording system with secure interoperability to external systems
US20130173747A1 (en) System, method and apparatus providing address invisibility to content provider/subscriber
CN110336833A (en) Image content common recognition method, server based on block chain
US10318747B1 (en) Block chain based authentication
US10187458B2 (en) Providing enhanced access to remote services
CN113472794B (en) Multi-application system authority unified management method based on micro-service and storage medium
US8132246B2 (en) Kerberos ticket virtualization for network load balancers
Qureshi et al. Stream-based authentication strategy using IoT sensor data in multi-homing sub-aqueous big data network
US11418342B2 (en) System and methods for data exchange using a distributed ledger
Li et al. A distributed authentication protocol using identity-based encryption and blockchain for LEO network
US20090185685A1 (en) Trust session management in host-based authentication
CN110351364A (en) Date storage method, equipment and computer readable storage medium
US9800568B1 (en) Methods for client certificate delegation and devices thereof
da Costa et al. Securing light clients in blockchain with DLCP
CN112231415B (en) Data synchronization method and system of block chain network, electronic device and readable medium
CN110995730B (en) Data transmission method and device, proxy server and proxy server cluster
US8312154B1 (en) Providing enhanced access to remote services
da Costa et al. DLCP: A protocol for securing light client operation in blockchains

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province

Applicant after: Guizhou Baishan cloud Polytron Technologies Inc

Address before: 550000 Fuyuan Medical Logistics Park Phase II 41, No. 22 Fuyuan North Road, Nanming District, Guiyang City, Guizhou Province

Applicant before: Guizhou white cloud Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant