CN107483475A - Network authentication system and its method under large concurrent - Google Patents

Network authentication system and its method under large concurrent Download PDF

Info

Publication number
CN107483475A
CN107483475A CN201710794894.XA CN201710794894A CN107483475A CN 107483475 A CN107483475 A CN 107483475A CN 201710794894 A CN201710794894 A CN 201710794894A CN 107483475 A CN107483475 A CN 107483475A
Authority
CN
China
Prior art keywords
https
equipment
network
https requests
requests
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710794894.XA
Other languages
Chinese (zh)
Inventor
刘军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Shang Yu Network Technology Co Ltd
Original Assignee
Shanghai Shang Yu Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Shang Yu Network Technology Co Ltd filed Critical Shanghai Shang Yu Network Technology Co Ltd
Priority to CN201710794894.XA priority Critical patent/CN107483475A/en
Publication of CN107483475A publication Critical patent/CN107483475A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Abstract

The embodiment of the invention discloses the network authentication system under a kind of large concurrent and its method, wherein, the system includes generating and sending the user equipment of https requests, https requests are handled with the network access equipment of the network address for the server set group facility that is applied, transmission https requests and network address, the application load balancing equipment of https requests is sent according to network address, computing is decrypted to realize the application service cluster device of network authentication to https requests.The embodiment of the present invention provides network authentication system and its method under large concurrent, the decryption computing of https requests is realized by application server cluster equipment, because application server cluster equipment can easily realize equipment dilatation, therefore the https requests solved under large concurrent intercept problem, effectively improve the usage experience effect of user.

Description

Network authentication system and its method under large concurrent
Technical field
The present invention relates to network technique field, and in particular to network authentication system and its method under a kind of large concurrent.
Background technology
At present, in order to lift internet security, the network application supply commercial city of main flow employs whole station https strategy. In the network authentication asked based on https, the interception of https requests is completed by the network equipment.The network equipment blocks Cut during https is asked, it is necessary to carry out substantial amounts of computing.The network device processing https requests of carrier-class at present Interdiction capability is generally all in below 2000PPS, i.e. 2000 https interception requests of processing per second.However, in real process In, the https requests that user equipment is initiated can exceed 2000PPS, beyond the disposal ability of the network equipment.Therefore, in order to The network equipment is avoided to reach the operational capability upper limit, reaching the certification network of certain scale would generally select closing interception https please The function of asking.But close https requests and intercept the usage experience that can have a strong impact on user, can not bullet when accessing the https pages Go out the PORTAL pages.
The content of the invention
The purpose of the embodiment of the present invention is to provide network authentication system and its method under a kind of large concurrent, to solve Https requests under large concurrent intercept problem, lift the usage experience effect of user.
To achieve the above object, the embodiments of the invention provide the network authentication system under a kind of large concurrent, including with Family equipment, network access equipment, application load balancing equipment and application server cluster equipment, the user equipment are used to give birth to Into and send https requests, the network access equipment be used to receiving https request and the https is asked into To obtain the network address of the application server cluster equipment, the network access equipment is additionally operable to will be described for row processing Https is asked and network address is sent to the application load balancing equipment, and the application load balancing equipment is used to receive institute Https requests and network address are stated, the application load balancing equipment is additionally operable to please by the https according to the network address Transmission is asked to the application server cluster equipment, the application server cluster equipment is used to receive the https requests simultaneously Computing is decrypted to realize network authentication to https requests.
As an alternative embodiment, the user equipment is by phonetic entry mode, touch gestures or rocks institute State user equipment mode and generate the https requests.
As an alternative embodiment, the network access equipment includes interchanger and router, the interchanger Be upgraded with the program in router, the interchanger be used to receiving https request the https is not asked into Any processing of row, the interchanger are additionally operable to send https requests to the router, and the router is used to receive Https request and https requests are handled to obtain the network address, the router be additionally operable to by The https requests and network address are sent to the application load balancing equipment.
As an alternative embodiment, the network access equipment includes interchanger and fire wall, the interchanger Be upgraded with the program in fire wall, the interchanger be used to receiving https request the https is not asked into Any processing of row, the interchanger are additionally operable to send https requests to the fire wall, and the fire wall is used to receive Https request and https requests are handled to obtain the network address, the fire wall be additionally operable to by The https requests and network address are sent to the application load balancing equipment.
As an alternative embodiment, the user equipment includes mobile terminal and computer, the mobile terminal leads to Cross wireless mode and send the https and ask to the network access equipment, described in the computer is sent by wired mode Https is asked to the network access equipment.
Correspondingly, the embodiment of the present invention additionally provides the method for network authorization under a kind of large concurrent, suitable for as above institute The network authentication system stated, including:
User equipment generates and sends https and asked to network access equipment;
The network access equipment receives the https requests and https requests is handled to be answered With the network address of server set group facility;
The network access equipment asks the https and network address is sent to application load balancing equipment;
The application load balancing equipment receives the https requests and network address, and will according to the network address The https requests are sent to application server cluster equipment;
The application server cluster equipment receives the https requests and the https is asked to carry out RSA decryption fortune Calculate to realize network authentication.
As an alternative embodiment, before user equipment initiates https requests to network access equipment, the side Method also includes:
Updating operation is carried out to the program of interchanger and router or fire wall.
As an alternative embodiment, the user equipment is by phonetic entry mode, touch gestures or rocks institute State user equipment mode and generate the https requests.
As an alternative embodiment, the network access equipment receives the https requests and to described Https requests are handled to be specifically included with the network address for the server set group facility that is applied:
Interchanger receives the https requests and does not carry out any processing to https requests;
The interchanger sends https requests to the router or fire wall;
The router or fire wall receive the https requests and https requests are handled to obtain The network address.
The embodiment of the present invention provides network authentication system and its method under large concurrent, is set by application server cluster It is standby to realize the decryption computing of https requests, because application server cluster equipment can easily realize equipment dilatation, therefore solve The https requests determined under large concurrent intercept problem, effectively improve the usage experience effect of user.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art The required accompanying drawing used is briefly described in embodiment or description of the prior art.In all of the figs, similar element Or part is typically identified by similar reference.In accompanying drawing, each element or part might not be drawn according to the ratio of reality.
Fig. 1 is the structural representation of the network authentication system under the large concurrent that first embodiment of the invention provides;
Fig. 2 is the method for network authorization schematic flow sheet under the large concurrent that first embodiment of the invention provides.
Embodiment
The embodiment of technical solution of the present invention is described in detail below in conjunction with accompanying drawing.Following examples are only used for Clearly illustrate technical scheme, therefore be intended only as example, and the protection of the present invention can not be limited with this Scope.
It should be noted that unless otherwise indicated, technical term or scientific terminology used in this application should be this hair The ordinary meaning that bright one of ordinary skill in the art are understood.
Fig. 1 is refer to, is that the structure of network authentication system under the large concurrent that first embodiment of the invention is provided is shown Be intended to, as illustrated, the system can include user equipment 100, network access equipment 200, application load balancing equipment 300 with And application server cluster equipment 400.
Wherein, user equipment 100 is asked to network access equipment 200 for generating and sending https.The user equipment 100 can with but be not limited only to mobile terminal (such as mobile phone) and PC.When the user equipment 100 is mobile terminal, user The web browser on mobile terminal can be clicked on to enter its initial interface, in the initial interface, including a network address input frame And voice button, the input method that user can click on network address input frame to be carried using mobile terminal input a network address, can also led to Voice button is crossed, is inputted network address in network address input frame by the way of phonetic entry.The network address inputted is for example as follows: https://www.soinat123.com/.As an alternative embodiment, the also operable user equipment 100 of user, leads to The mode for crossing touch gestures generates https requests.Specifically, user can prestore touch gestures (such as S types gesture) in advance with inputting The mapping relations of one network address, when user enters the initial interface of web browser, S types are drawn in the optional position of initial interface Gesture, the gesture that user is drawn is compared user equipment 100 with the touch gestures to prestore, if comparing successfully, automatically Ground fills in a network address in network address input frame, so as to realize the generation of https requests.As another optional embodiment party Formula, the also operable user equipment 100 of user, https requests are generated by way of rocking user equipment 100.Specifically, when with After family enters the initial interface of web browser, user equipment 100 is rocked to write out the sloshing mode of https characters in the air, User equipment 100 automatically can then fill in a network address in network address input frame, so as to realize the generation of https requests.Enter one Step ground, after mobile device generation https requests, click on and go to button in initial interface, wirelessly send Https is asked to network access equipment 200.
Further, when user equipment 100 is PC, user opens the web browser of computer, in webpage circle Any network address of input in the input frame in face, so as to realize the generation of https requests.Afterwards, the keyboard of operating computer, by wired Mode sends https and asked to network access equipment 200.
Further, network access equipment 200 includes interchanger 20 and router 21.Wherein, the interchanger 20 and route Program in device 21 has been upgraded.The interchanger 20 is used to receive https requests and does not do any place to https requests Reason, it is only directly to send https requests to router 21.The router 21 is asked for receiving https, is right Https request handled with the network address for the server set group facility 400 that is applied, by https request and network address Send to application load balancing equipment 300.
As another optional embodiment of the present invention, network access equipment 200 includes interchanger 20 and fire wall 21. Wherein, the program in the interchanger 20 and fire wall 21 has been upgraded.The interchanger 20 be used for receive https request and it is not right Any processing is done in https requests, and it is only directly to send https requests to fire wall 21.The fire wall 21 is used for Https requests are received, https requests are handled with the network address for the server set group facility 400 that is applied, incited somebody to action Https is asked and network address is sent to application load balancing equipment 300.
Further, application load balancing equipment 300 be used for receive https request and network address, according to network address Https requests are sent to application server cluster equipment 400.
Further, application server cluster equipment 400 is used to receive https requests and https requests is decrypted Computing is to realize network authentication.Specifically, https requests are decrypted using RSA Algorithm for application server cluster equipment 400 Computing.
Network authentication system under the large concurrent that the embodiment of the present invention is provided, user equipment generate and send https Request is to network access equipment, and network access equipment https is not decrypted the processing such as computing, and it is only to ask https Send to application load balancing equipment, the decryption computing of https requests is finally realized by application server cluster equipment.Due to Decrypting the processing such as computing need not be by network device processing, but is handled by application server cluster equipment, using clothes Business device cluster device can easily realize equipment dilatation, and the application server cluster equipment after dilatation, which possesses, compares network access equipment Stronger https request interdiction capabilities, problem is intercepted so as to solve the requests of the https under large concurrent, without closing https Request intercepts function, is not in the problem of can not ejecting the PORTAL pages when accessing the https pages, effectively improves user Usage experience effect.
Fig. 2 is refer to, is the schematic flow sheet of the method for network authorization under the large concurrent that the embodiment of the present invention is provided, This method is applied to foregoing network authentication system.As illustrated, the method for network authorization may include steps of:
S101, updating operation is carried out to the program of network access equipment.
Wherein, network access equipment includes interchanger, router or fire wall.It is to interchanger, router in the step Or the program of fire wall carries out updating operation.
S102, user equipment generate and send https and asked to network access equipment.
User equipment can by phonetic entry mode, touch gestures or rock user equipment mode generate https request, and Https requests are sent to interchanger by wirelessly or non-wirelessly mode.
S103, network access equipment receive https requests, and https requests are handled with the server set that is applied The network address of group facility.
Interchanger in network access equipment receives https requests, but does not do any processing to https requests, and it is only Https requests are sent to router or fire wall.Router or fire wall receive https requests, and https is asked to carry out Processing is with the network address for the server set group facility that is applied.
S104, network access equipment asks https and network address is sent to application load balancing equipment.
The router or fire wall of network access equipment ask https and network address sends to application load balancing and set It is standby.
S105, application load balancing equipment receive https requests and network address, and please by https according to network address Transmission is asked to application server cluster equipment.
Https requests and application server cluster transmitted by application load balancing equipment receiving router or fire wall The network address of equipment, and sent https requests to application server cluster equipment according to the network address.
S106, application server cluster equipment receive https requests and ask to carry out RSA decryption computings to https with reality Existing network authentication.
Application server cluster equipment receives https requests, and fortune is decrypted to https requests using RSA scheduling algorithms Calculate to realize network authentication.
The embodiment of the present invention provides the method for network authorization under large concurrent, is realized by application server cluster equipment The decryption computing of https requests, because application server cluster equipment can easily realize equipment dilatation, therefore solve greatly simultaneously Https requests under hair amount intercept problem, effectively improve the usage experience effect of user.
Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing each reality Example is applied the present invention is described in detail, it will be understood by those within the art that:It still can be to foregoing each Technical scheme described in embodiment is modified, and either carries out equivalent substitution to which part or all technical characteristic;And These modifications are replaced, and the essence of appropriate technical solution is departed from the scope of various embodiments of the present invention technical scheme, its It all should cover among the claim of the present invention and the scope of specification.

Claims (9)

1. the network authentication system under a kind of large concurrent, it is characterised in that including user equipment, network access equipment, application Load-balancing device and application server cluster equipment, the user equipment are used to generate and send https requests, the net Network access device is used to receive the https requests and https requests is handled to obtain the application service The network address of device cluster device, the network access equipment is additionally operable to ask the https and network address is sent to institute Application load balancing equipment is stated, the application load balancing equipment is used to receive the https requests and network address, described to answer It is additionally operable to be sent https requests to the application server cluster according to the network address with load-balancing device and sets It is standby, the application server cluster equipment be used to receiving https request and https requests are decrypted computing with Realize network authentication.
2. the network authentication system under large concurrent as claimed in claim 1, it is characterised in that the user equipment passes through language Sound input mode, touch gestures rock the user equipment mode and generate https request.
3. the network authentication system under large concurrent as claimed in claim 2, it is characterised in that the network access equipment bag Include interchanger and router, the program in the interchanger and router has been upgraded, and the interchanger is used to receiving described Https requests do not carry out any processing to https requests, and the interchanger is additionally operable to ask to send by the https To the router, the router is used to receive the https requests and https requests is handled to obtain The network address, the router is additionally operable to ask the https and network address is sent to the application load balancing Equipment.
4. the network authentication system under large concurrent as claimed in claim 2, it is characterised in that the network access equipment bag Include interchanger and fire wall, the program in the interchanger and fire wall has been upgraded, and the interchanger is used to receiving described Https requests do not carry out any processing to https requests, and the interchanger is additionally operable to ask to send by the https To the fire wall, the fire wall is used to receive the https requests and https requests is handled to obtain The network address, the fire wall is additionally operable to ask the https and network address is sent to the application load balancing Equipment.
5. the network authentication system under large concurrent as claimed in claim 1, it is characterised in that the user equipment includes moving Dynamic terminal and computer, the mobile terminal wirelessly sends the https and asked to the network access equipment, described Computer sends the https by wired mode and asked to the network access equipment.
A kind of 6. method for network authorization under large concurrent, suitable for the network authentication system as described in claim any one of 1-5 System, it is characterised in that methods described includes:
User equipment generates and sends https and asked to network access equipment;
The network access equipment receives the https requests and https requests is handled with the clothes that are applied The network address of business device cluster device;
The network access equipment asks the https and network address is sent to application load balancing equipment;
The application load balancing equipment receives the https requests and network address, and according to the network address by described in Https requests are sent to application server cluster equipment;
The application server cluster equipment receive the https requests and the https is asked to carry out RSA decryption computings with Realize network authentication.
7. the method for network authorization under large concurrent as claimed in claim 6, it is characterised in that user equipment generates and sends Https is asked to before network access equipment, and methods described also includes:
Updating operation is carried out to the program of interchanger and router or fire wall.
8. the method for network authorization under large concurrent as claimed in claim 7, it is characterised in that the user equipment passes through language Sound input mode, touch gestures rock the user equipment mode and generate https request.
9. the method for network authorization under large concurrent as claimed in claim 8, it is characterised in that the network access equipment connects Receive the https requests and https requests are handled with the network address for the server set group facility that is applied Specifically include:
Interchanger receives the https requests and does not carry out any processing to https requests;
The interchanger sends https requests to the router or fire wall;
The router or fire wall receive the https requests and https requests handled described to obtain Network address.
CN201710794894.XA 2017-09-06 2017-09-06 Network authentication system and its method under large concurrent Pending CN107483475A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710794894.XA CN107483475A (en) 2017-09-06 2017-09-06 Network authentication system and its method under large concurrent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710794894.XA CN107483475A (en) 2017-09-06 2017-09-06 Network authentication system and its method under large concurrent

Publications (1)

Publication Number Publication Date
CN107483475A true CN107483475A (en) 2017-12-15

Family

ID=60584614

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710794894.XA Pending CN107483475A (en) 2017-09-06 2017-09-06 Network authentication system and its method under large concurrent

Country Status (1)

Country Link
CN (1) CN107483475A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140207968A1 (en) * 2013-01-23 2014-07-24 Cisco Technology, Inc. Server Load Balancer Traffic Steering
US8966267B1 (en) * 2014-04-08 2015-02-24 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
CN104410604A (en) * 2014-10-28 2015-03-11 国云科技股份有限公司 SaaS service system for achieving large scale of users to log in at the same time and method thereof
CN104660409A (en) * 2013-11-25 2015-05-27 北京神州泰岳软件股份有限公司 System login method in cluster environment and authentication server cluster
CN104852919A (en) * 2015-05-14 2015-08-19 杭州华三通信技术有限公司 Method and apparatus for realizing portal authentication
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN106603491A (en) * 2016-11-10 2017-04-26 上海斐讯数据通信技术有限公司 Portal authentication method based on https protocol, and router
CN106878434A (en) * 2017-02-28 2017-06-20 杭州迪普科技股份有限公司 A kind of method and device of redirection
CN107277043A (en) * 2017-07-21 2017-10-20 携程旅游信息技术(上海)有限公司 Network admittance control system based on cluster service

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140207968A1 (en) * 2013-01-23 2014-07-24 Cisco Technology, Inc. Server Load Balancer Traffic Steering
CN104660409A (en) * 2013-11-25 2015-05-27 北京神州泰岳软件股份有限公司 System login method in cluster environment and authentication server cluster
US8966267B1 (en) * 2014-04-08 2015-02-24 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
CN104410604A (en) * 2014-10-28 2015-03-11 国云科技股份有限公司 SaaS service system for achieving large scale of users to log in at the same time and method thereof
CN104852919A (en) * 2015-05-14 2015-08-19 杭州华三通信技术有限公司 Method and apparatus for realizing portal authentication
CN106603491A (en) * 2016-11-10 2017-04-26 上海斐讯数据通信技术有限公司 Portal authentication method based on https protocol, and router
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN106878434A (en) * 2017-02-28 2017-06-20 杭州迪普科技股份有限公司 A kind of method and device of redirection
CN107277043A (en) * 2017-07-21 2017-10-20 携程旅游信息技术(上海)有限公司 Network admittance control system based on cluster service

Similar Documents

Publication Publication Date Title
US10097350B2 (en) Privacy enhanced key management for a web service provider using a converged security engine
WO2020134704A1 (en) Model parameter training method based on federated learning, terminal, system and medium
CN105378744B (en) User and device authentication in business system
CN104081742B (en) Method and apparatus for providing federated service accounts
CN111756729B (en) Network resource access method, device, computer equipment and storage medium
JP5591232B2 (en) Information transmission using virtual input layout
CN109165725A (en) Neural network federation modeling method, equipment and storage medium based on transfer learning
CN104113533B (en) Log in authorization method and device
US20200184065A1 (en) Dynamically Generating Activity Prompts to Build and Refine Machine Learning Authentication Models
CN106936772A (en) A kind of access method, the apparatus and system of cloud platform resource
CN108632253A (en) Client data secure access method based on mobile terminal and device
US10805083B1 (en) Systems and methods for authenticated communication sessions
CN103200215A (en) Method achieving XenServer virtual machine remote control on https
CN105827658A (en) Method and device for multi-application synchronization login
CN103828291A (en) Method for providing application service, wireless application protocol gateway and system
WO2018082560A1 (en) Account number registration method, related device, and system
CN105635168A (en) Off-line transaction device and security key using method thereof
KR20180081383A (en) Method, system and non-transitory computer-readable recording medium for processing user's request by using chatbot
CN106331003A (en) Method and device for accessing application portal system on cloud desktop
CN107819579A (en) A kind of processing method, server and the computer-readable recording medium of user's request
CN110300046A (en) A kind of business consultation control method, terminal and server
CN105556893B (en) Secure access using password to mobile device
CN109726545A (en) A kind of information display method, equipment, computer readable storage medium and device
CN105100068A (en) System and method for realizing single sign-on
CN103428161A (en) Phone authentication service system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20201211

AD01 Patent right deemed abandoned