CN108322477A - A kind of document transmission method of open platform - Google Patents
A kind of document transmission method of open platform Download PDFInfo
- Publication number
- CN108322477A CN108322477A CN201810165609.2A CN201810165609A CN108322477A CN 108322477 A CN108322477 A CN 108322477A CN 201810165609 A CN201810165609 A CN 201810165609A CN 108322477 A CN108322477 A CN 108322477A
- Authority
- CN
- China
- Prior art keywords
- server
- client
- file
- sessid
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a kind of document transmission method of open platform, this method includes:User end to server sends out checking request, and server authentication returns to the token for authentication after passing through;Token is sent to server and carries out authentication by client, is proved to be successful the sessid returned for file transmission verification;Client utilizes the sliced transmission that file is carried out between the Sessid and server;Solve the problems, such as that MD5 verifies the technical issues of slow when username and password is easy leakage and transmits big file in the prior art.
Description
Technical field
The present invention relates to computer network communication technology field more particularly to a kind of document transmission methods of open platform.
Background technology
Currently, file transfer technology is an important component of computer networking technology, and file general at present passes
Transferring technology includes file copy, ftp file transfer protocol, TCP/IP transport protocols and http protocol etc..In addition, using JAVA languages
Say the Ftp server and client of exploitation, it may be convenient to these embedded transport protocols.
Traditional user name pin mode distributes a user name and close by Ftp server to client first
Code, client are written into configuration file, and before client transmissions file, username and password is sent to server first, take
Business device receives request, verifies, is verified to it, server returns successfully.Client receives the successful letter of server return
After breath, client and server starts to transmit file content, and ftp file transfer protocol, TCP/IP transmission can be used in transport protocol
After file is transmitted, a md5 coding is carried out to entire file for agreement and http protocol etc., once authentication failed, then it will be literary
Part transmits one time again.
Usually in the pattern that this client and server transmits file, need to arrange username and password, to test
Demonstrate,prove the legitimacy of client.But this mode of user name password is a kind of permanent effective, once leakage, other people can be easily
Attack server (such as large batch of upload, download, delete file);On the other hand, but when the file data amount of transmission is larger
When, especially transmission media file when, a large amount of resource will be expended by transmitting entire file again, greatly influence transmission speed,
Even it can also cause network congestion.
Invention content
Based on the above technical problem, the present invention provides a kind of document transmission methods of open platform, solve existing skill
The technical issues of MD5 verifies slow problem when username and password is easy leakage and transmits big file in art.
In order to solve the above technical problems, the technical method that the present invention uses is as follows:
A kind of document transmission method of open platform, the method includes:
S1:User end to server sends out checking request, and server authentication returns after passing through for authentication
token;
S2:Token is sent to server and carries out authentication by client, is proved to be successful return for file transmission verification
Sessid;
S3:Client utilizes the sliced transmission that file is carried out between the Sessid and server.
Further, the step S1 the specific steps are:
S11:Client obtains PKCS12 certificates using HTPPS agreements in server;
S12:Client utilizes the verification interface of PKCS12 certificate invoking servers;
S13:Client sends out checking request by the verification interface to server;
S14:Server verifies the checking request, is verified the token for returning to a time-effectiveness.
Further, in the step S14, the server verifies the signature and IP of requestor, and verification is logical
Later the token with temporary permit function is returned to client.
Further, the step S2 the specific steps are:
S21:After client successfully gets token, token and HTTPS agreements are sent to server and are verified;
S22:The validity of the timeliness and HTTPS agreements of server authentication token;
S23:After being verified, sessid and burst information are returned to client.
Further, the sessid in the step S23 is primary effective, and one-time authentication ceases to be in force automatically after finishing.
Further, the step S3 the specific steps are:
S31:Client sends file transmission request using sessid to server;
S32:After server is verified sessid, file transmission response is initiated to client, and send out to client
Send new sessid;
S33:For server to after the complete fragment of client transmissions, client receives new sessid, repeat step S31 and
S32, until file end of transmission.
Further, it is passed through when equal when the user end to server transmission information or server are to client transmissions information
Cross the acceleration of SSL accelerators.
In conclusion by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
1. by the present invention in that being signed with pkcs12 certification authentications and being verified using token, token has timeliness, text
Just it loses after part end of transmission confirmatory, effectively prevents password from revealing, evade file by the random risk for uploading and downloading, carry
The safety of high server.
2. by the present invention in that being verified with sliced transmission and fragment, the load of network is effectively reduced, once wherein one
The file loading error occurring of a fragment, file server return to sessId and file fragmentation to client again, recover immediately transmission,
It prevents from just finding mistake after All Files end of transmission, transmission again wastes time, and effectively raises working efficiency;Simultaneously
The access quantity for increasing the client of a large amount of servers, improves the stability of server.
Description of the drawings
Fig. 1 is the flow chart of the present invention;
Fig. 2 is a kind of file transmission frame composition of the embodiment of the present invention.
Specific implementation mode
Description of specific embodiments of the present invention below in conjunction with the accompanying drawings.Embodiments of the present invention include but unlimited
In the following example.
A kind of document transmission method of open platform, the method includes:
S1:User end to server sends out checking request, and server authentication returns after passing through for authentication
token;
The step S1 is specially:
S11:Client obtains PKCS12 certificates using HTPPS agreements in server;
S12:Client utilizes the verification interface of PKCS12 certificate invoking servers;
S13:Client sends out checking request by the verification interface to server;
S14:Server verifies the checking request, is verified the token for returning to a time-effectiveness.
Further, in the step S14, the server verifies the signature and IP of requestor, and verification is logical
Later the token with temporary permit function is returned to client.
S2:Token is sent to server and carries out authentication by client, is proved to be successful return for file transmission verification
Sessid;
The step S2 the specific steps are:
S21:After client successfully gets token, token and HTTPS agreements are sent to server and are verified;
S22:The validity of the timeliness and HTTPS agreements of server authentication token;
S23:After being verified, sessid and burst information are returned to client.
Further, the sessid in the step S23 is primary effective, and one-time authentication ceases to be in force automatically after finishing.
S3:Client utilizes the sliced transmission that file is carried out between the Sessid and server.
The step S3 the specific steps are:
S31:Client sends file transmission request using sessid to server;
S32:After server is verified sessid, file transmission response is initiated to client, and send out to client
Send new sessid;
S33:For server to after the complete fragment of client transmissions, client receives new sessid, repeat step S31 and
S32, until file end of transmission.
Further, it is passed through when equal when the user end to server transmission information or server are to client transmissions information
Cross the acceleration of SSL accelerators.
Specific embodiment
As shown in Fig. 2, being a kind of file transmission frame composition of deployment of the embodiment of the present invention, tested by using pkcs12 certificates
It signed certificate name and is verified using token, effectively prevents password from revealing;And it is verified by using sliced transmission and fragment, effectively
The load for reducing network, effectively raise the stability of working efficiency and server.
In in the implementation, system includes SDK, OpenApi gateway, Oauth and file server.
SDK:For create data capsule, management fileinfo, and according to exchange files cluster server authorization message into
The file of row cross-network segment transmits.
OpenApi gateways:The service of website is packaged into series of computation machine data-interface easy to identify to open away, is supplied
Third party developer uses;
Oauth:Third party's authorization server, for receiving client third party's social activity user-authorization-request information;
File server:Repertoire with TSS file management provides the network user and accesses file, catalogue
The LAN server of con current control and safe and secret measure.
The method includes:
S1:SDK sends out checking request to OpenApi gateways, and OpenApi gateway authentications return after passing through and are used for authentication
Token;
The step S1 is specially:
S11:SDK obtains PKCS12 certificates using HTPPS agreements in OpenApi gateways;
S12:SDK calls the verification interface of OpenApi gateways using PKCS12 certificates;
S13:SDK sends out checking request by the verification interface to Oauth;
S14:Oauth verifies the checking request, is verified the token for returning to a time-effectiveness.
Further, in the step S14, the Oauth verifies the signature and IP of requestor, is verified
Backward SDK returns to the token with temporary permit function.
S2:Token is sent to file server to SDK and Oauth carries out authentication, is proved to be successful return and is used for file
Transmit the sessid of verification;
The step S2 the specific steps are:
S21:After SDK successfully gets token, by token and HTTPS agreements be sent to file server and Oauth into
Row verification;
S22:File server verifies the validity of HTTPS agreements and the timeliness of Oauth verifications token;
S23:After being verified, sessid and burst information are returned to SDK.
Further, the sessid in the step S23 is primary effective, and one-time authentication ceases to be in force automatically after finishing.
S3:SDK utilizes the sliced transmission that file is carried out between the Sessid and file server.
The step S3 the specific steps are:
S31:SDK sends file transmission request using sessid to file server;
S32:After file server is verified sessid, file transmission response is initiated to SDK, and send to SDK
New sessid;
S33:After file server transfers fragment to SDK, SDK receives new sessid, repeats step S31 and S32,
Until file end of transmission.
Further, the SDK to file server or OpenApi gateways transmission information and file server or
Accelerate by SSL accelerators when person OpenApi gateways are equal when transmitting information to SDK.
It since file is larger, can be transmitted by fragment sliced fashion, be that fragment size is transmitted successively by file declustering,
Until end of file transfer;The load of network can be reduced by way of sliced transmission, once the file of one of fragment passes
Output is wrong, and file server returns to sessId and file fragmentation information to SDK again, recovers immediately transmission, prevents All Files
Mistake is just found after end of transmission, and transmission again wastes time, and effectively raises working efficiency;Increase a large amount of clothes simultaneously
The access quantity of the client of business device, improves the stability of server.
The OAuth authentication functions of the present embodiment combination open platform, promoted file transmission stability and safety it is same
The access sides Shi Zengjia, reduce bandwidth load.
Further to elaborate to the technical solution of the present embodiment, with reference to data and specific implementation mode is quoted
It is further elaborated.
The concrete mode of sliced transmission is,
1. hypothesis fragment size is 2M, the file of a 4M size is then divided into 2 fragments, and first fragment 2M is labeled as
F01, second fragment are 2M, mark f02;First fragment f01 is first transmitted, and the complete of the fragment is verified using md5 algorithms
Property;Then second fragment f02 is transmitted, and verifies the integrality of the fragment using md5 algorithms.
2. hypothesis fragment size is 2M, the file of a 5M size is then divided into 3 fragments, and first fragment 2M is labeled as
F01, second fragment are 2M, and it is 1M to mark f02, third fragment, marks f03;First fragment f01 is first transmitted, and is used
Md5 algorithms verify the integrality of the fragment;Then second fragment f02 is transmitted, and the complete of the fragment is verified using md5 algorithms
Property, third fragment f03 is finally transmitted, and the integrality of the fragment is verified using md5 algorithms.
It is the embodiment of the present invention as described above.Each preferred embodiment described previously for the present invention, it is each preferred
Preferred embodiment in embodiment if not apparent contradictory or premised on a certain preferred embodiment, it is each preferably
Embodiment can arbitrarily stack combinations use, and the design parameter in the embodiment and embodiment is merely to understand table
State the invention verification process of inventor, not to limit the present invention scope of patent protection, scope of patent protection of the invention
Still it is subject to its claims, equivalent structure variation made by every specification and accompanying drawing content with the present invention, together
Reason should be included within the scope of the present invention.
Claims (7)
1. a kind of document transmission method of open platform, which is characterized in that the method includes:
S1:User end to server sends out checking request, and server authentication returns to the token for authentication after passing through;
S2:Token is sent to server and carries out authentication by client, is proved to be successful and is returned for file transmission verification
sessid;
S3:Client utilizes the sliced transmission that file is carried out between the Sessid and server.
2. a kind of document transmission method of open platform according to claim 1, which is characterized in that the step S1 tools
Body is:
S11:Client obtains PKCS12 certificates using HTPPS agreements in server;
S12:Client utilizes the verification interface of PKCS12 certificate invoking servers;
S13:Client sends out checking request by the verification interface to server;
S14:Server verifies the checking request, is verified the token for returning to a time-effectiveness.
3. a kind of document transmission method of open platform according to claim 2, which is characterized in that the step S14
In, the server verifies the signature and IP of requestor, and being returned to client after being verified has temporary traffic
Demonstrate,prove the token of function.
4. a kind of document transmission method of open platform according to claim 2, which is characterized in that the step S2's
The specific steps are:
S21:After client successfully gets token, token and HTTPS agreements are sent to server and are verified;
S22:The validity of the timeliness and HTTPS agreements of server authentication token;
S23:After being verified, sessid and burst information are returned to client.
5. a kind of document transmission method of open platform according to claim 4, which is characterized in that the step S23
In sessid be it is primary effectively, one-time authentication ceases to be in force automatically after finishing.
6. a kind of document transmission method of open platform according to claim 1, which is characterized in that the step S3's
The specific steps are:
S31:Client sends file transmission request using sessid to server;
S32:After server is verified sessid, file transmission response is initiated to client, and send newly to client
Sessid;
S33:For server to after the complete fragment of client transmissions, client receives new sessid, repeats step S31 and S32, directly
To file end of transmission.
7. a kind of document transmission method of open platform according to claim 1, which is characterized in that the client to
Accelerate by SSL accelerators when equal when server transport information or server are to client transmissions information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810165609.2A CN108322477A (en) | 2018-02-28 | 2018-02-28 | A kind of document transmission method of open platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810165609.2A CN108322477A (en) | 2018-02-28 | 2018-02-28 | A kind of document transmission method of open platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108322477A true CN108322477A (en) | 2018-07-24 |
Family
ID=62901595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810165609.2A Pending CN108322477A (en) | 2018-02-28 | 2018-02-28 | A kind of document transmission method of open platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108322477A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112614560A (en) * | 2020-12-30 | 2021-04-06 | 杭州溢点信息技术有限公司 | Medical record information input method for tumor patient |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101132292A (en) * | 2006-08-22 | 2008-02-27 | 华为技术有限公司 | Method and system for transmitting electric program guidebooks |
US20120110469A1 (en) * | 2010-11-01 | 2012-05-03 | Gregory Magarshak | Systems and Methods for Cross Domain Personalization |
CN103188344A (en) * | 2013-02-22 | 2013-07-03 | 浪潮电子信息产业股份有限公司 | Method for safely invoking REST API (representational state transfer, application programming interface) |
CN105245939A (en) * | 2015-08-07 | 2016-01-13 | 北京市空越技术有限公司 | Mobile streaming media offline caching system based on HTTP proxy and method |
CN107707504A (en) * | 2016-08-08 | 2018-02-16 | 中国电信股份有限公司 | A kind of player method of Streaming Media, system and server and client side |
-
2018
- 2018-02-28 CN CN201810165609.2A patent/CN108322477A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101132292A (en) * | 2006-08-22 | 2008-02-27 | 华为技术有限公司 | Method and system for transmitting electric program guidebooks |
US20120110469A1 (en) * | 2010-11-01 | 2012-05-03 | Gregory Magarshak | Systems and Methods for Cross Domain Personalization |
CN103188344A (en) * | 2013-02-22 | 2013-07-03 | 浪潮电子信息产业股份有限公司 | Method for safely invoking REST API (representational state transfer, application programming interface) |
CN105245939A (en) * | 2015-08-07 | 2016-01-13 | 北京市空越技术有限公司 | Mobile streaming media offline caching system based on HTTP proxy and method |
CN107707504A (en) * | 2016-08-08 | 2018-02-16 | 中国电信股份有限公司 | A kind of player method of Streaming Media, system and server and client side |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112614560A (en) * | 2020-12-30 | 2021-04-06 | 杭州溢点信息技术有限公司 | Medical record information input method for tumor patient |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109413201B (en) | SSL communication method, device and storage medium | |
CN102946333B (en) | A kind of DPD method based on IPsec and equipment | |
US20080072043A1 (en) | Device management system and method of controlling the same | |
JP2018528679A (en) | Device and method for establishing a connection in a load balancing system | |
CN105337935A (en) | Method of establishing long connection of client and server and apparatus thereof | |
CN110800248A (en) | Method for mutual symmetric authentication between a first application and a second application | |
CN104767742A (en) | Safe communication method, gateway, network side server and system | |
CN104426837A (en) | Application specific packet filter method and device of file transfer protocol | |
CN106688218A (en) | Method and apparatus for controlling handshake in a packet transmission network | |
US7376721B2 (en) | System for inhibiting installing a radio configuration file onto a software defined radio device unless the file is compatible with the device | |
US8386783B2 (en) | Communication apparatus and communication method | |
CN106255155A (en) | A kind of data transmission method based on mobile Internet and system | |
CN101453479A (en) | Fast document transmission system | |
WO2022099683A1 (en) | Data transmission method and apparatus, device, system, and storage medium | |
CN108322477A (en) | A kind of document transmission method of open platform | |
CN107040508B (en) | Device and method for adapting authorization information of terminal device | |
JP4472920B2 (en) | Method for establishing end-to-end security for transactions between a mobile terminal and an Internet server at the application level and proxy server used for the method | |
EP3381208B1 (en) | Charging record authentication for anonymized network service utilization | |
CN110417804A (en) | A kind of bidirectional identity authentication encryption communication method and system suitable for chip microcontroller | |
Amend et al. | RobE: Robust connection establishment for multipath TCP | |
CN105530687B (en) | A kind of wireless network access controlling method and access device | |
CN111064571B (en) | Communication terminal, server and method for dynamically updating pre-shared key | |
CN108429700A (en) | A kind of method and device sending message | |
CN114765805A (en) | Communication method, network equipment, base station and computer readable storage medium | |
CN109429226B (en) | Temporary user certificate generation method, user card, terminal and network equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180724 |
|
RJ01 | Rejection of invention patent application after publication |