CN107332821B

CN107332821B - Method and device for realizing communication between client and server

Info

Publication number: CN107332821B
Application number: CN201710392654.7A
Authority: CN
Inventors: 武胜利; 田晓川
Original assignee: Beijing Qihoo Technology Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2017-05-27
Filing date: 2017-05-27
Publication date: 2020-11-13
Anticipated expiration: 2037-05-27
Also published as: CN107332821A

Abstract

The invention discloses a method, a device and a server for realizing communication between a client and the server. The method comprises the following steps: judging whether a preset condition is met; if the preset condition is met, establishing connection with a server in an HTTP mode; when request data are sent to a server, encrypting request parameters in the request data according to a preset encryption algorithm to obtain a first check value, and sending the request data containing the request parameters and the first check value to the server through the established connection; and receiving response data corresponding to the request data returned by the server. Through the technical scheme, the communication process between the client and the server does not include a tls handshake process, the process is simple, the consumed time is short, the data transmission speed is high, the data response time is short, meanwhile, the safety and the integrity in the data transmission process can be ensured, and the user experience is enhanced.

Description

Method and device for realizing communication between client and server

Technical Field

The invention relates to the technical field of computers, in particular to a method, a device and a server for realizing communication between a client and the server.

Background

With the continuous development of the functions of the intelligent terminal, various clients installed on the intelligent terminal are developed, and the clients communicate with the server to meet the use requirements of users. In the prior art, communication between a client and a server is generally performed in an http (hyper Text Transfer Protocol over Secure Socket layer) manner. HTTPs, which is targeted for security, includes a security transport layer protocol tls for ensuring security and data integrity during data transmission. And the security transport layer protocol tls mainly provides security connection through tls handshake process. Therefore, in the process of establishing a connection in an http manner, in addition to the three-way handshake process of the TCP, a tls handshake process, that is, a key transmission process, is required, so that if the http manner is used for communication between the client and the server, the process of establishing the tls handshake connection between the client and the server is complicated and takes a long time, which affects the transmission speed of data, and particularly for data with instant response, the transmission speed has a great influence on the response time of the data.

Therefore, when the HTTPs protocol is used for communication between the client and the server, the following problems may occur: the communication process is complex and time-consuming, the data transmission speed is low, the data response time is slow, and the user experience is reduced.

Disclosure of Invention

In view of the above, the present invention is proposed in order to provide a method and a corresponding apparatus, server for enabling communication between a client and a server that overcomes or at least partially solves the above mentioned problems.

According to an aspect of the present invention, there is provided a method for enabling communication between a client and a server, the method comprising: judging whether a preset condition is met; if the preset condition is met, establishing connection with a server in an HTTP mode; when request data are sent to a server, encrypting request parameters in the request data according to a preset encryption algorithm to obtain a first check value, and sending the request data containing the request parameters and the first check value to the server through the established connection; and receiving response data corresponding to the request data returned by the server.

Optionally, the method further comprises: if the preset condition is not met, establishing connection with a server in an HTTPS mode; when request data is sent to a server, the request data is sent to the server through the established connection; and receiving response data corresponding to the request data returned by the server through the established connection.

Optionally, the encrypting the request parameter in the request data according to a preset encryption algorithm includes: and acquiring a secret key issued by the server in advance, and encrypting the request parameters in the request data by using the secret key according to a specified encryption algorithm.

Optionally, the determining whether the preset condition is met includes: and judging whether the HTTP port of the server is available, if so, meeting the preset condition.

Optionally, the determining whether the preset condition is met includes: and judging whether the currently accessed network is a safe network, wherein if the currently accessed network is the safe network, the preset condition is met.

Optionally, the determining whether the currently accessed network is a secure network includes one or more of the following: judging whether the currently accessed network is the network of a mobile network operator, if so, the currently accessed network is a secure network; judging whether the currently accessed network is matched with a network in a preset safety network list, and if so, determining that the network is a safety network; and judging whether the number of times of using the currently accessed network is greater than a preset value, and if so, determining that the network is a safe network.

Optionally, the determining whether the preset condition is met includes: and judging whether the current operating system allows the request data to be sent to the HTTP port, and if so, meeting the preset condition.

Optionally, the determining whether the preset condition is met includes: and judging whether the instruction type of the request data to be sent is a low-safety requirement instruction, and if so, meeting the preset condition.

Optionally, the determining whether the type of the request data to be sent is a low security requirement instruction includes: and judging whether the instruction type of the request data to be sent is matched with the instruction type in the preset low-safety requirement instruction list, and if so, determining that the instruction type of the request data to be sent is a low-safety requirement instruction.

According to another aspect of the present invention, there is provided a method for enabling communication between a client and a server, including: establishing connection with a client through an HTTP port; receiving request data containing request parameters and a first check value sent by the client through an HTTP port; encrypting the request parameters in the request data according to a preset encryption algorithm to obtain a second check value; and judging whether the first check value and the second check value are consistent, and if so, returning response data corresponding to the request data to the client through an HTTP port.

Optionally, the method further comprises: establishing connection with the client through an HTTPS port; receiving request data sent by the client through an HTTPS port; and returning response data corresponding to the request data to the client through the HTTPS port.

Optionally, the encrypting the request parameter in the request data according to a preset encryption algorithm includes: carrying out encryption processing on the request parameters in the request data by using a specified key and according to a specified encryption algorithm; and the specified key is a key issued to the client.

According to another aspect of the present invention, there is provided an apparatus for enabling communication between a client and a server, the apparatus comprising: a judging unit for judging whether a preset condition is satisfied; the connection unit is used for establishing connection with the server in an HTTP mode if the preset conditions are met; the encryption processing unit is used for encrypting the request parameters in the request data according to a preset encryption algorithm when the request data are sent to the server, so as to obtain a first check value; a sending unit, configured to send request data including a request parameter and the first check value to a server through the established connection; and the receiving unit is used for receiving response data which is returned by the server and corresponds to the request data.

Optionally, the connection unit is configured to establish a connection with a server in an HTTPS manner if the preset condition is not met; the sending unit is used for sending the request data to the server through the established connection when the request data is sent to the server; and the receiving unit is used for receiving response data which is returned by the server through the established connection and corresponds to the request data.

Optionally, the encryption processing unit is configured to obtain a key issued by the server in advance, and encrypt the request parameter in the request data according to a specified encryption algorithm by using the key.

Optionally, the determining unit is configured to determine whether an HTTP port of the server is available, and if the HTTP port of the server is available, the preset condition is satisfied.

Optionally, the determining unit is configured to determine whether the currently accessed network is a secure network, and if the currently accessed network is the secure network, the preset condition is met.

Optionally, the determining unit is configured to determine whether the current operating system allows sending the request data to the HTTP port, and if so, the preset condition is satisfied.

Optionally, the determining unit is configured to determine whether an instruction type of the request data to be sent is a low security requirement instruction, and if the instruction type is the low security requirement instruction, the preset condition is met.

Optionally, the determining unit is further configured to determine whether the instruction type of the request data to be sent is matched with an instruction type in a preset low-security-requirement instruction list, and if so, the instruction type of the request data to be sent is a low-security-requirement instruction.

According to still another aspect of the present invention, there is provided a server including: the connection unit is used for establishing connection with the client through the HTTP port; the receiving unit is used for receiving request data containing request parameters and a first check value sent by the client through an HTTP port; the encryption processing unit is used for encrypting the request parameters in the request data according to a preset encryption algorithm to obtain a second check value; a judging unit configured to judge whether the first check value and the second check value are consistent; and the sending unit is used for returning the response data corresponding to the request data to the client through the HTTP port if the request data are consistent with the HTTP port.

Optionally, the connection unit is further configured to establish a connection with the client through an HTTPS port; the receiving unit is further configured to receive request data sent by the client through an HTTPS port; and the sending unit is used for returning response data corresponding to the request data to the client through an HTTPS port.

Optionally, the encryption processing unit is configured to perform encryption processing on the request parameter in the request data by using a specified key and according to a specified encryption algorithm; and the specified key is a key issued to the client.

According to the technical scheme of the invention, firstly, a client judges whether a preset condition is met; if the preset condition is met, establishing connection with a server in an HTTP mode; meanwhile, in order to ensure the safety and the integrity of the data, when the request data is sent to the server, the request parameters in the request data are encrypted according to a preset encryption algorithm to obtain a first check value, and the request data containing the request parameters and the first check value are sent to the server through the established connection; and when the server receives the data and the verification is successful, corresponding response data can be returned, so that the client can timely receive the response data which is returned by the server and corresponds to the request data. Therefore, in the technical scheme, the communication process between the client and the server does not include a tls handshake process, the process is simple, the consumed time is short, the data transmission speed is high, the data response time is short, meanwhile, the safety and the integrity in the data transmission process can be ensured, and the user experience is enhanced.

The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.

Drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:

FIG. 1 is a flow diagram illustrating a method for enabling communication between a client and a server according to one embodiment of the present invention;

FIG. 2 is a flow diagram illustrating a method of enabling communication between a client and a server according to another embodiment of the present invention;

FIG. 3 is a schematic diagram of an apparatus for implementing communication between a client and a server according to an embodiment of the present invention;

fig. 4 shows a schematic structural diagram of a server according to an embodiment of the present invention.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

Fig. 1 shows a flow chart of a method for implementing communication between a client and a server according to an embodiment of the invention, which is illustrated from the client side. As shown in fig. 1, the method includes:

step S110, determining whether a preset condition is satisfied.

And step S120, if the preset condition is met, establishing connection with the server in an HTTP mode.

In the prior art, when a default condition is usually adopted, the communication between the client and the server adopts an HTTP mode, and in short, the HTTP is a secure version of HTTP, so as to ensure the security and integrity of data. If the HTTP is used instead of the HTTP for communication between the client and the server, that is, when the technical scheme of this embodiment is used, to ensure smooth implementation of the scheme, it is first determined whether the preset condition is satisfied, and only if the preset condition is satisfied, the connection with the server may be established in the HTTP manner. And under the condition that the request data needs to be responded in time, in order to ensure that the data transmission can be completed in a short time, whether the preset condition is met or not needs to be judged firstly, and the technical scheme of the invention can be adopted after the preset condition is met. That is to say, the judgment of the preset condition not only can ensure the effective implementation of the scheme, but also can select the adaptive scheme according to different scenes.

Step S130, when the request data is sent to the server, the request parameter in the request data is encrypted according to a preset encryption algorithm to obtain a first check value, and the request data including the request parameter and the first check value are sent to the server through the established connection.

In this embodiment, when the request data is sent to the server, the request parameter in the request data is encrypted according to a preset encryption algorithm to obtain a first check value, and the request data including the request parameter and the first check value are sent to the server through the established connection, so that the server checks the received request data according to the first check value, and only after the check is successful, response data corresponding to the request data is returned to the client. In this way, data incompleteness caused by loss in the data transmission process is prevented, and hijacking and tampering in the data transmission process are prevented.

Step S140, receiving response data corresponding to the request data returned by the server.

Therefore, in the technical scheme, the communication process between the client and the server is in an HTTP mode, a tls handshake process is not included, the process is simple, the consumed time is short, the data transmission speed is high, the data response time is short, meanwhile, the safety and the integrity in the data transmission process can be guaranteed, and the user experience is enhanced.

By adopting the technical scheme of the invention, whether the preset condition is met or not is judged, and if not, the client can not establish connection with the server in an HTTP mode. Therefore, in one embodiment of the present invention, the method shown in fig. 1 further comprises: if the preset condition is not met, establishing connection with a server in an HTTPS mode; when the request data is sent to the server, the request data is sent to the server through the established connection; and receiving response data corresponding to the request data returned by the server through the established connection.

In an embodiment of the present invention, the encrypting the request parameter in the request data according to the preset encryption algorithm in step S130 includes: and acquiring a secret key issued by the server in advance, and encrypting the request parameters in the request data by using the secret key according to a specified encryption algorithm.

The encryption algorithm may use an encryption algorithm in the prior art, such as the MD5 algorithm or the sha1 algorithm, without limitation, to ensure that the key and the specified encryption algorithm are consistent on the client side and the server side, so as to ensure that the server side may also use the key and perform encryption processing on the request parameters in the request data according to the specified encryption algorithm, and check the received encrypted data, and after the check is successful, it is determined that the request data is secure and complete.

For example, the request data includes parameter 1, parameter 2, parameter 3, and parameter 4, which are pieced together with an acquired signature key (which may be a character string, for example) according to a predetermined rule to form a signature string, the signature string is calculated to be an MD5 value by using a designated encryption algorithm MD5 algorithm and is sent to the server, and after the server receives the parameter 1, parameter 2, parameter 3, parameter 4, and MD5 values, the server also splices the parameter 1, parameter 2, parameter 3, parameter 4, and its own signature key (which may be a character string, for example) according to a predetermined rule to form a signature string, and performs an MD5 value calculation, and then determines whether the received MD5 value is consistent with the MD5 value calculated by the server itself. If the request data are consistent, the request data are normal, and if the request data are inconsistent, the request data have an exception.

One skilled in the art will appreciate that the client may obtain the signature key in a variety of ways. For the sake of security, the client may adopt an https mode when communicating with the server for the first time, and obtain the signature key in the communication mode, or obtain the signature key by means of encrypted transmission of a third party. Of course, the client may also obtain the signature key by using other secure ways, and the invention is not limited thereto.

In the implementation of the technical solution of the present invention, it is necessary to first determine whether a preset condition is satisfied, that is, whether a connection between the client and the server can be established in an HTTP manner, and transmit data in a manner of encrypting data according to an encryption algorithm. In practical applications, in some cases, the operating system of the smart terminal usually defaults that the connection between the client and the server is usually in an http manner, but is not supported or compatible for other manners; in some cases, the HTTP port on the server side is not available; in some cases, the data transmission process is relatively safe; in some cases, the security requirement of the type of the requested data is low, so in the invention, on one hand, whether the preset condition is met or not needs to be judged under the condition that effective implementation of the scheme needs to be ensured, and on the other hand, the technical scheme of the invention can be selected or not according to actual requirements, so that the user experience is further improved.

Different schemes for determining whether the preset condition is satisfied will be specifically described below through embodiments, and it should be noted that the schemes in the following embodiments are only preferred embodiments that are generally used and proposed by the present invention, and in the actual application process of the present invention, the preset condition may be set by itself according to requirements.

The first scheme is as follows:

the judging whether the preset condition is satisfied in the step S110 includes: judging whether an HTTP port of the server is available, if so, meeting preset conditions; and if not, determining that the preset condition is not met.

No matter which way the client and the server establish connection, there are ports corresponding to the connection way to receive data, for example, HTTP port is 80 port, and HTTP port is 443 port. Therefore, in the present technical solution, in order to ensure effective implementation of the present solution, before the client and the server establish a connection in an HTTP manner, it needs to be determined that the server can receive the request data, that is, the 80 ports corresponding to the server side are available.

In one embodiment, the relevant interface information may be obtained by a first communication between the client and the server. Specifically, the client may use https mode when communicating with the server for the first time, and obtain corresponding port information (e.g., whether the port 80 is available or not) in the communication mode. In another embodiment, the specific determination process may be that the client may first send a data transmitted by HTTP to the server, and if the client can receive the correct response data, determine that the HTTP port of the server is available, otherwise, it is not available. After the determination is performed, the client may mark the HTTP port of the server as available. When data transmission is carried out again, the judgment of the step can be saved, and the data transmission speed is improved to a certain extent.

It should be understood by those skilled in the art that the present availability of the corresponding port may also be accurately known by periodically acquiring port information (or sending data and determining a response), or the present availability of the responding port may be determined after determining that data transmission/communication is needed and before deciding the data transmission/communication mode, and the present invention is not limited thereto.

Scheme II:

the judging whether the preset condition is satisfied in the step S110 includes: judging whether the currently accessed network is a safe network, and if the currently accessed network is the safe network, meeting preset conditions; if not, the preset condition is determined to be not satisfied.

Because the connection established in the HTTP mode is adopted in the technical scheme of the invention, plaintext transmission is still adopted in the data transmission process, and if the current network is an insecure network, an illegal user can hijack and tamper the plaintext of the data, so that insecurity of data transmission is caused, and the correctness and the integrity of the data are influenced. Therefore, in order to ensure that data is not hijacked in the implementation process of the present invention, before a connection is established between a client and a server through HTTP, whether a network currently accessed by the client side is a secure network is determined.

Specifically, the above-mentioned determining whether the currently accessed network is a secure network includes one or more of the following:

(1) and judging whether the currently accessed network is the network of the mobile network operator, and if so, determining that the currently accessed network is a secure network. Such as mobile, connected, etc. network operators.

(2) And judging whether the currently accessed network is matched with a network in a preset safety network list, and if so, determining that the network is a safety network. For example a 4G network.

(3) And judging whether the number of times of using the currently accessed network is greater than a preset value, and if so, determining that the network is a safe network.

The number of times of use of the currently accessed network may be the number of times of use of the network by the intelligent terminal device where the current client is located, and the number of times of use is greater than a preset value, which indicates that the commonly used network of the intelligent terminal device can be determined as a secure network, for example, a working local area network; it may be the number of times the network is used by a trusted device, where the trusted device may be set to a device that has certain requirements on the security of the transmission of data, e.g. a device that involves personal payments.

The third scheme is as follows:

the judging whether the preset condition is satisfied in the step S110 includes: judging whether the current operating system allows to send request data to the HTTP port, if so, meeting preset conditions; if not, the preset condition is determined not to be satisfied.

The HTTP mode is used to establish a connection and successfully transmit data, and whether an operating system in the smart terminal on which the client is installed allows data transmission to the HTTP port is also required. For example, a particular version of a particular operating system may not allow communication using HTTP. Therefore, in order to ensure effective implementation of the present solution, it is necessary to determine whether the current operating system allows sending request data to the HTTP port.

And the scheme is as follows:

the judging whether the preset condition is satisfied in the step S110 includes: and judging whether the instruction type of the request data to be sent is a low-safety requirement instruction, and if so, meeting the preset condition.

A low security requirement instruction shall mean an instruction whose execution does not have a direct impact on the security of the device responding to the requested data. For example, when a command instruction is sent to a corresponding device through an intelligent terminal, if the type of the instruction indicates power on/off of the device, the type of the instruction may be considered to have a high security requirement, because power on/off directly relates to whether the device can be used normally, and if the command is sent to the device to perform a certain action, the command may be considered to have a low security requirement. For another example, turning on/off the light may be considered as a low security command when watching a video.

Specifically, the low security requirement instruction list may be set in advance according to the demand. The determining whether the type of the request data to be transmitted is a low security requirement instruction includes: and judging whether the instruction type of the request data to be sent is matched with the instruction type in the preset low-safety requirement instruction list, if so, determining that the instruction type of the request data to be sent is a low-safety requirement instruction, namely, the preset condition is met.

And a fifth scheme:

the judging whether the preset condition is satisfied in the step S110 includes: and judging whether the instruction of the request data to be sent is a real-time instruction or not according to the instruction time limit of the request data to be sent, if so, responding the instruction of the request data in real time, namely meeting the preset condition.

Some instructions for requesting data have a timestamp, response of the requested data needs to be completed within the time indicated by the timestamp, if the timestamp is within a preset threshold, it is determined that the requested data needs real-time response, and it is determined that a preset condition is met, so that the technical scheme of the invention with short time consumption needs to be adopted.

For example, the preset threshold is 0.4ms, when the command instruction is sent to the corresponding device through the intelligent terminal, the time indicated by the timestamp is 0.2ms, which is less than the preset threshold of 0.4ms, the command instruction belongs to an instruction of real-time response, the device is required to execute the command instruction in real time, a connection can be established between the client of the intelligent terminal and the server in an HTTP manner, and similarly, a connection can also be established between the device and the server in an HTTP manner.

It should be noted that, the first to fifth embodiments may be implemented individually or in any combination, and are not specifically limited herein.

Fig. 2 is a flow chart illustrating a method for implementing communication between a client and a server according to another embodiment of the present invention, which is described from the server side, and the implementation process corresponds to the implementation process shown in fig. 1. As shown in fig. 2, the method includes:

step S210, establishing a connection with the client through the HTTP port.

When the client determines that the preset condition is satisfied, the client establishes a connection with the server in an HTTP manner, and the server establishes a connection with the client through an HTTP port (i.e., 80 port).

Step S220, receiving request data containing the request parameter and the first check value sent by the client through the HTTP port.

When the client sends the request data, the client sends the request data to the HTTP port of the server. In this embodiment, the server receives, through the HTTP port, request data including the request parameter and the first check value sent by the client.

Step S230, performing encryption processing on the request parameter in the request data according to a preset encryption algorithm to obtain a second check value.

Step S240, determining whether the first check value and the second check value are consistent, and if so, returning response data corresponding to the request data to the client through the HTTP port.

As explained above, the key and the specified encryption algorithm of the server are consistent with the key and encryption algorithm of the client side. After receiving request data containing request parameters and a first check value, a server encrypts the request parameters in the request data according to a preset encryption algorithm to obtain a second check value, and the first check value and the second check value are the same if the request data is normal; the first check value and the second check value are different if the requested data is anomalous. By judging whether the first check value and the second check value are consistent, whether the request data is normal can be judged. If the judgment is consistent, the server returns response data corresponding to the request data to the client through the HTTP port; and if the judgment result is inconsistent, no response data is returned.

When the client side judges that the preset condition is not met, the client side needs to establish connection with the server in an HTTPs mode. Therefore, in one embodiment of the present invention, the method shown in fig. 2 further comprises: establishing connection with a client through an HTTPS port; receiving request data sent by a client through an HTTPS port; and returning response data corresponding to the request data to the client through the HTTPS port.

In an embodiment of the present invention, the encrypting the request parameter in the request data according to the preset encryption algorithm in step S230 includes: carrying out encryption processing on the request parameters in the request data by using the specified key and according to a specified encryption algorithm; wherein, the appointed key is a key issued to the client.

Fig. 3 is a schematic structural diagram of an apparatus for implementing communication between a client and a server according to an embodiment of the present invention. As shown in fig. 3, the apparatus 300 for implementing communication between a client and a server includes:

a judging unit 310, configured to judge whether a preset condition is met.

A connection unit 320, configured to establish a connection with the server in an HTTP manner if the preset condition is met.

The encryption processing unit 330 is configured to, when the request data is sent to the server, perform encryption processing on the request parameter in the request data according to a preset encryption algorithm to obtain a first check value.

A sending unit 340, configured to send the request data including the request parameter and the first check value to the server through the established connection.

A receiving unit 350, configured to receive response data corresponding to the request data returned by the server.

By adopting the technical scheme of the invention, whether the preset condition is met or not is judged, and if not, the client can not establish connection with the server in an HTTP mode. Therefore, in an embodiment of the present invention, the connection unit 320 is configured to establish a connection with the server in an HTTPS manner if the preset condition is not met; a sending unit 340, configured to send the request data to the server through the established connection when sending the request data to the server; a receiving unit 350, configured to receive response data corresponding to the request data returned by the server through the established connection.

In an embodiment of the present invention, the encryption processing unit 330 is configured to obtain a key issued by the server in advance, and encrypt the request parameter in the request data by using the key according to a specified encryption algorithm.

The first scheme is as follows:

a judging unit 310, configured to judge whether an HTTP port of a server is available, and if the HTTP port of the server is available, a preset condition is satisfied; and if not, determining that the preset condition is not met.

Scheme II:

a determining unit 310, configured to determine whether a currently accessed network is a secure network, and if the currently accessed network is a secure network, a preset condition is met; if not, the preset condition is determined to be not satisfied.

The third scheme is as follows:

a determining unit 310, configured to determine whether the current operating system allows sending request data to the HTTP port, where if the current operating system allows sending request data, a preset condition is met; if not, the preset condition is determined not to be satisfied.

And the scheme is as follows:

the determining unit 310 is configured to determine whether an instruction type of the request data to be sent is a low-security-requirement instruction, and if the instruction type is the low-security-requirement instruction, the condition that the preset condition satisfies the low-security-requirement instruction is an instruction whose execution does not directly affect the security of the device responding to the request data. For example, when a command instruction is sent to a corresponding device through an intelligent terminal, if the type of the instruction indicates power on/off of the device, the type of the instruction may be considered to have a high security requirement, because power on/off directly relates to whether the device can be used normally, and if the command is sent to the device to perform a certain action, the command may be considered to have a low security requirement. For another example, turning on/off the light may be considered as a low security command when watching a video.

Specifically, the low security requirement instruction list may be set in advance according to the demand. The determining unit 310 is further configured to determine whether the instruction type of the request data to be sent matches an instruction type in a preset low-security-requirement instruction list, and if so, the instruction type of the request data to be sent is a low-security-requirement instruction, that is, a preset condition is met.

And a fifth scheme:

Fig. 4 shows a schematic structural diagram of a server according to an embodiment of the present invention, and the implementation process corresponds to the implementation process of the apparatus for implementing communication between a client and a server shown in fig. 3. As shown in fig. 4, the server 400 includes:

a connection unit 410, configured to establish a connection with the client through the HTTP port.

A receiving unit 420, configured to receive, through an HTTP port, request data and a first check value that are sent by a client and include a request parameter.

The encryption processing unit 430 is configured to perform encryption processing on the request parameter in the request data according to a preset encryption algorithm to obtain a second check value.

A judging unit 440, configured to judge whether the first check value and the second check value are consistent.

And the sending unit 450 is configured to return response data corresponding to the request data to the client through the HTTP port if the request data is consistent with the request data.

When the client side judges that the preset condition is not met, the client side needs to establish connection with the server in an HTTPs mode. Therefore, in an embodiment of the present invention, the connection unit 410 is further configured to establish a connection with the client through the HTTPS port; the receiving unit 420 is further configured to receive request data sent by the client through the HTTPS port; the sending unit 450 is configured to return response data corresponding to the request data to the client through the HTTPS port.

In an embodiment of the present invention, the encryption processing unit 430 is configured to perform encryption processing on the request parameter in the request data by using a specified key and according to a specified encryption algorithm; wherein, the appointed key is a key issued to the client.

In summary, according to the technical solution of the present invention, firstly, the client determines whether the preset condition is satisfied; if the preset condition is met, establishing connection with a server in an HTTP mode; meanwhile, in order to ensure the safety and the integrity of the data, when the request data is sent to the server, the request parameters in the request data are encrypted according to a preset encryption algorithm to obtain a first check value, and the request data containing the request parameters and the first check value are sent to the server through the established connection; and when the server receives the data and the verification is successful, corresponding response data can be returned, so that the client can timely receive the response data which is returned by the server and corresponds to the request data. Therefore, in the technical scheme, the communication process between the client and the server does not include a tls handshake process, the process is simple, the consumed time is short, the data transmission speed is high, the data response time is short, meanwhile, the safety and the integrity in the data transmission process can be ensured, and the user experience is enhanced.

It should be noted that:

the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may be used with the teachings herein. The required structure for constructing such a device will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.

In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that microprocessors or Digital Signal Processors (DSPs) may be used in practice to implement some or all of the functionality of some or all of the components of the apparatus and servers implementing communications between clients and servers according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

The invention discloses A1, a method for realizing communication between a client and a server, which comprises the following steps:

judging whether a preset condition is met;

if the preset condition is met, establishing connection with a server in an HTTP mode;

when request data are sent to a server, encrypting request parameters in the request data according to a preset encryption algorithm to obtain a first check value, and sending the request data containing the request parameters and the first check value to the server through the established connection;

and receiving response data corresponding to the request data returned by the server.

A2, the method of A1, further comprising:

if the preset condition is not met, establishing connection with a server in an HTTPS mode;

when request data is sent to a server, the request data is sent to the server through the established connection;

and receiving response data corresponding to the request data returned by the server through the established connection.

A3, the method of A1, wherein the encrypting the request parameters in the request data according to the preset encryption algorithm includes:

and acquiring a secret key issued by the server in advance, and encrypting the request parameters in the request data by using the secret key according to a specified encryption algorithm.

A4, the method as claimed in a1 or a2, wherein the determining whether the preset condition is satisfied comprises:

and judging whether the HTTP port of the server is available, if so, meeting the preset condition.

A5, the method as claimed in a1 or a2, wherein the determining whether the preset condition is satisfied comprises:

and judging whether the currently accessed network is a safe network, wherein if the currently accessed network is the safe network, the preset condition is met.

A6, the method as in a5, wherein the judging whether the currently accessed network is a secure network comprises one or more of the following:

judging whether the currently accessed network is the network of a mobile network operator, if so, the currently accessed network is a secure network;

judging whether the currently accessed network is matched with a network in a preset safety network list, and if so, determining that the network is a safety network;

and judging whether the number of times of using the currently accessed network is greater than a preset value, and if so, determining that the network is a safe network.

A7, the method as claimed in a1 or a2, wherein the determining whether the preset condition is satisfied comprises:

and judging whether the current operating system allows the request data to be sent to the HTTP port, and if so, meeting the preset condition.

A8, the method as claimed in a1 or a2, wherein the determining whether the preset condition is satisfied comprises:

and judging whether the instruction type of the request data to be sent is a low-safety requirement instruction, and if so, meeting the preset condition.

A9, the method of A8, wherein the determining whether the type of the request data to be sent is a low security requirement instruction comprises:

and judging whether the instruction type of the request data to be sent is matched with the instruction type in the preset low-safety requirement instruction list, and if so, determining that the instruction type of the request data to be sent is a low-safety requirement instruction.

The invention also discloses B10, a method for realizing communication between the client and the server, comprising the following steps:

establishing connection with a client through an HTTP port;

receiving request data containing request parameters and a first check value sent by the client through an HTTP port;

encrypting the request parameters in the request data according to a preset encryption algorithm to obtain a second check value;

and judging whether the first check value and the second check value are consistent, and if so, returning response data corresponding to the request data to the client through an HTTP port.

B11, the method of B10, further comprising:

establishing connection with the client through an HTTPS port;

receiving request data sent by the client through an HTTPS port;

and returning response data corresponding to the request data to the client through the HTTPS port.

B12, the method according to B10 or B11, wherein the encrypting the request parameters in the request data according to the preset encryption algorithm includes:

carrying out encryption processing on the request parameters in the request data by using a specified key and according to a specified encryption algorithm;

and the specified key is a key issued to the client.

The invention also discloses C13, a device for realizing communication between client and server, the device includes:

a judging unit for judging whether a preset condition is satisfied;

the connection unit is used for establishing connection with the server in an HTTP mode if the preset conditions are met;

the encryption processing unit is used for encrypting the request parameters in the request data according to a preset encryption algorithm when the request data are sent to the server, so as to obtain a first check value;

a sending unit, configured to send request data including a request parameter and the first check value to a server through the established connection;

and the receiving unit is used for receiving response data which is returned by the server and corresponds to the request data.

C14, the device of C13, wherein,

the connection unit is used for establishing connection with the server in an HTTPS mode if the preset condition is not met;

the sending unit is used for sending the request data to the server through the established connection when the request data is sent to the server;

and the receiving unit is used for receiving response data which is returned by the server through the established connection and corresponds to the request data.

C15, the device of C13, wherein,

and the encryption processing unit is used for acquiring a secret key issued by the server in advance, and encrypting the request parameters in the request data by using the secret key according to a specified encryption algorithm.

C16, such as C13 or C14, wherein,

the judging unit is used for judging whether the HTTP port of the server is available, and if the HTTP port of the server is available, the preset condition is met.

C17, such as C13 or C14, wherein,

and the judging unit is used for judging whether the currently accessed network is a safe network or not, and if the currently accessed network is the safe network, the preset condition is met.

C18, the apparatus according to C17, wherein the determining whether the currently accessed network is a secure network includes one or more of:

C19, such as C13 or C14, wherein,

the judging unit is used for judging whether the current operating system allows the request data to be sent to the HTTP port, and if the current operating system allows the request data to be sent to the HTTP port, the preset condition is met.

C20, such as C13 or C14, wherein,

the judging unit is used for judging whether the instruction type of the request data to be sent is a low-safety requirement instruction, and if the instruction type of the request data to be sent is the low-safety requirement instruction, the preset condition is met.

C21, the device of C20, wherein,

the judging unit is further configured to judge whether the instruction type of the request data to be sent is matched with an instruction type in a preset low-security-requirement instruction list, and if so, the instruction type of the request data to be sent is a low-security-requirement instruction.

The invention discloses D22, a server, comprising:

the connection unit is used for establishing connection with the client through the HTTP port;

the receiving unit is used for receiving request data containing request parameters and a first check value sent by the client through an HTTP port;

the encryption processing unit is used for encrypting the request parameters in the request data according to a preset encryption algorithm to obtain a second check value;

a judging unit configured to judge whether the first check value and the second check value are consistent;

and the sending unit is used for returning the response data corresponding to the request data to the client through the HTTP port if the request data are consistent with the HTTP port.

D23, the server of D22, wherein,

the connection unit is further configured to establish a connection with the client through an HTTPS port;

the receiving unit is further configured to receive request data sent by the client through an HTTPS port;

and the sending unit is used for returning response data corresponding to the request data to the client through an HTTPS port.

D24, the server of D22 or D23, wherein,

the encryption processing unit is used for encrypting the request parameters in the request data by using a specified key and according to a specified encryption algorithm;

and the specified key is a key issued to the client.

Claims

1. A method of enabling communication between a client and a server, comprising:

judging whether a preset condition is met; the judging whether the preset condition is satisfied includes: judging whether the currently accessed network is a safe network, and if the currently accessed network is the safe network, meeting preset conditions;

receiving response data corresponding to the request data returned by the server;

receiving response data corresponding to the request data returned by the server through the established connection;

the judging whether the preset condition is satisfied includes:

judging whether the instruction type of the request data to be sent is a low-safety requirement instruction, and if the instruction type of the request data to be sent is the low-safety requirement instruction, meeting a preset condition;

the judging whether the instruction type of the request data to be sent is a low-safety requirement instruction comprises the following steps:

2. The method of claim 1, wherein the encrypting the request parameter in the request data according to a preset encryption algorithm comprises:

3. The method of claim 1, wherein the determining whether a preset condition is satisfied comprises:

4. The method of claim 3, wherein the determining whether the currently accessed network is a secure network comprises one or more of:

5. The method of claim 1, wherein the determining whether a preset condition is satisfied comprises:

6. A method of enabling communication between a client and a server, comprising:

establishing connection with a client through an HTTP port;

judging whether the first check value and the second check value are consistent, if so, returning response data corresponding to the request data to the client through an HTTP port;

establishing connection with the client through an HTTPS port;

receiving request data sent by the client through an HTTPS port;

7. The method of claim 6, wherein the encrypting the request parameter in the request data according to a preset encryption algorithm comprises:

and the specified key is a key issued to the client.

8. An apparatus for enabling communication between a client and a server, the apparatus comprising:

a judging unit for judging whether a preset condition is satisfied; judging whether the currently accessed network is a safe network, and if the currently accessed network is the safe network, meeting preset conditions;

a receiving unit, configured to receive response data corresponding to the request data returned by the server;

the receiving unit is used for receiving response data which is returned by the server through the established connection and corresponds to the request data;

the judging unit is used for judging whether the instruction type of the request data to be sent is a low-safety requirement instruction, and if the instruction type of the request data to be sent is the low-safety requirement instruction, the preset condition is met;

9. The apparatus of claim 8, wherein,

10. The apparatus of claim 8, wherein,

11. The apparatus of claim 10, wherein the determining whether the currently accessed network is a secure network comprises one or more of:

12. The apparatus of claim 8, wherein,

13. A server, comprising:

the sending unit is used for returning response data corresponding to the request data to the client through an HTTP port if the request data are consistent with the HTTP port;

14. The server of claim 13, wherein,

and the specified key is a key issued to the client.

15. An electronic device, comprising: a processor; and a memory arranged to store computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-5 or to perform the method of any of claims 6-7.

16. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-5 or the method of any of claims 6-7.