CN108322477A - A kind of document transmission method of open platform - Google Patents

A kind of document transmission method of open platform Download PDF

Info

Publication number
CN108322477A
CN108322477A CN201810165609.2A CN201810165609A CN108322477A CN 108322477 A CN108322477 A CN 108322477A CN 201810165609 A CN201810165609 A CN 201810165609A CN 108322477 A CN108322477 A CN 108322477A
Authority
CN
China
Prior art keywords
server
client
file
sessid
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810165609.2A
Other languages
Chinese (zh)
Inventor
彭剑
王月超
李开宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan XW Bank Co Ltd
Original Assignee
Sichuan XW Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan XW Bank Co Ltd filed Critical Sichuan XW Bank Co Ltd
Priority to CN201810165609.2A priority Critical patent/CN108322477A/en
Publication of CN108322477A publication Critical patent/CN108322477A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a kind of document transmission method of open platform, this method includes:User end to server sends out checking request, and server authentication returns to the token for authentication after passing through;Token is sent to server and carries out authentication by client, is proved to be successful the sessid returned for file transmission verification;Client utilizes the sliced transmission that file is carried out between the Sessid and server;Solve the problems, such as that MD5 verifies the technical issues of slow when username and password is easy leakage and transmits big file in the prior art.

Description

A kind of document transmission method of open platform
Technical field
The present invention relates to computer network communication technology field more particularly to a kind of document transmission methods of open platform.
Background technology
Currently, file transfer technology is an important component of computer networking technology, and file general at present passes Transferring technology includes file copy, ftp file transfer protocol, TCP/IP transport protocols and http protocol etc..In addition, using JAVA languages Say the Ftp server and client of exploitation, it may be convenient to these embedded transport protocols.
Traditional user name pin mode distributes a user name and close by Ftp server to client first Code, client are written into configuration file, and before client transmissions file, username and password is sent to server first, take Business device receives request, verifies, is verified to it, server returns successfully.Client receives the successful letter of server return After breath, client and server starts to transmit file content, and ftp file transfer protocol, TCP/IP transmission can be used in transport protocol After file is transmitted, a md5 coding is carried out to entire file for agreement and http protocol etc., once authentication failed, then it will be literary Part transmits one time again.
Usually in the pattern that this client and server transmits file, need to arrange username and password, to test Demonstrate,prove the legitimacy of client.But this mode of user name password is a kind of permanent effective, once leakage, other people can be easily Attack server (such as large batch of upload, download, delete file);On the other hand, but when the file data amount of transmission is larger When, especially transmission media file when, a large amount of resource will be expended by transmitting entire file again, greatly influence transmission speed, Even it can also cause network congestion.
Invention content
Based on the above technical problem, the present invention provides a kind of document transmission methods of open platform, solve existing skill The technical issues of MD5 verifies slow problem when username and password is easy leakage and transmits big file in art.
In order to solve the above technical problems, the technical method that the present invention uses is as follows:
A kind of document transmission method of open platform, the method includes:
S1:User end to server sends out checking request, and server authentication returns after passing through for authentication token;
S2:Token is sent to server and carries out authentication by client, is proved to be successful return for file transmission verification Sessid;
S3:Client utilizes the sliced transmission that file is carried out between the Sessid and server.
Further, the step S1 the specific steps are:
S11:Client obtains PKCS12 certificates using HTPPS agreements in server;
S12:Client utilizes the verification interface of PKCS12 certificate invoking servers;
S13:Client sends out checking request by the verification interface to server;
S14:Server verifies the checking request, is verified the token for returning to a time-effectiveness.
Further, in the step S14, the server verifies the signature and IP of requestor, and verification is logical Later the token with temporary permit function is returned to client.
Further, the step S2 the specific steps are:
S21:After client successfully gets token, token and HTTPS agreements are sent to server and are verified;
S22:The validity of the timeliness and HTTPS agreements of server authentication token;
S23:After being verified, sessid and burst information are returned to client.
Further, the sessid in the step S23 is primary effective, and one-time authentication ceases to be in force automatically after finishing.
Further, the step S3 the specific steps are:
S31:Client sends file transmission request using sessid to server;
S32:After server is verified sessid, file transmission response is initiated to client, and send out to client Send new sessid;
S33:For server to after the complete fragment of client transmissions, client receives new sessid, repeat step S31 and S32, until file end of transmission.
Further, it is passed through when equal when the user end to server transmission information or server are to client transmissions information Cross the acceleration of SSL accelerators.
In conclusion by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
1. by the present invention in that being signed with pkcs12 certification authentications and being verified using token, token has timeliness, text Just it loses after part end of transmission confirmatory, effectively prevents password from revealing, evade file by the random risk for uploading and downloading, carry The safety of high server.
2. by the present invention in that being verified with sliced transmission and fragment, the load of network is effectively reduced, once wherein one The file loading error occurring of a fragment, file server return to sessId and file fragmentation to client again, recover immediately transmission, It prevents from just finding mistake after All Files end of transmission, transmission again wastes time, and effectively raises working efficiency;Simultaneously The access quantity for increasing the client of a large amount of servers, improves the stability of server.
Description of the drawings
Fig. 1 is the flow chart of the present invention;
Fig. 2 is a kind of file transmission frame composition of the embodiment of the present invention.
Specific implementation mode
Description of specific embodiments of the present invention below in conjunction with the accompanying drawings.Embodiments of the present invention include but unlimited In the following example.
A kind of document transmission method of open platform, the method includes:
S1:User end to server sends out checking request, and server authentication returns after passing through for authentication token;
The step S1 is specially:
S11:Client obtains PKCS12 certificates using HTPPS agreements in server;
S12:Client utilizes the verification interface of PKCS12 certificate invoking servers;
S13:Client sends out checking request by the verification interface to server;
S14:Server verifies the checking request, is verified the token for returning to a time-effectiveness.
Further, in the step S14, the server verifies the signature and IP of requestor, and verification is logical Later the token with temporary permit function is returned to client.
S2:Token is sent to server and carries out authentication by client, is proved to be successful return for file transmission verification Sessid;
The step S2 the specific steps are:
S21:After client successfully gets token, token and HTTPS agreements are sent to server and are verified;
S22:The validity of the timeliness and HTTPS agreements of server authentication token;
S23:After being verified, sessid and burst information are returned to client.
Further, the sessid in the step S23 is primary effective, and one-time authentication ceases to be in force automatically after finishing.
S3:Client utilizes the sliced transmission that file is carried out between the Sessid and server.
The step S3 the specific steps are:
S31:Client sends file transmission request using sessid to server;
S32:After server is verified sessid, file transmission response is initiated to client, and send out to client Send new sessid;
S33:For server to after the complete fragment of client transmissions, client receives new sessid, repeat step S31 and S32, until file end of transmission.
Further, it is passed through when equal when the user end to server transmission information or server are to client transmissions information Cross the acceleration of SSL accelerators.
Specific embodiment
As shown in Fig. 2, being a kind of file transmission frame composition of deployment of the embodiment of the present invention, tested by using pkcs12 certificates It signed certificate name and is verified using token, effectively prevents password from revealing;And it is verified by using sliced transmission and fragment, effectively The load for reducing network, effectively raise the stability of working efficiency and server.
In in the implementation, system includes SDK, OpenApi gateway, Oauth and file server.
SDK:For create data capsule, management fileinfo, and according to exchange files cluster server authorization message into The file of row cross-network segment transmits.
OpenApi gateways:The service of website is packaged into series of computation machine data-interface easy to identify to open away, is supplied Third party developer uses;
Oauth:Third party's authorization server, for receiving client third party's social activity user-authorization-request information;
File server:Repertoire with TSS file management provides the network user and accesses file, catalogue The LAN server of con current control and safe and secret measure.
The method includes:
S1:SDK sends out checking request to OpenApi gateways, and OpenApi gateway authentications return after passing through and are used for authentication Token;
The step S1 is specially:
S11:SDK obtains PKCS12 certificates using HTPPS agreements in OpenApi gateways;
S12:SDK calls the verification interface of OpenApi gateways using PKCS12 certificates;
S13:SDK sends out checking request by the verification interface to Oauth;
S14:Oauth verifies the checking request, is verified the token for returning to a time-effectiveness.
Further, in the step S14, the Oauth verifies the signature and IP of requestor, is verified Backward SDK returns to the token with temporary permit function.
S2:Token is sent to file server to SDK and Oauth carries out authentication, is proved to be successful return and is used for file Transmit the sessid of verification;
The step S2 the specific steps are:
S21:After SDK successfully gets token, by token and HTTPS agreements be sent to file server and Oauth into Row verification;
S22:File server verifies the validity of HTTPS agreements and the timeliness of Oauth verifications token;
S23:After being verified, sessid and burst information are returned to SDK.
Further, the sessid in the step S23 is primary effective, and one-time authentication ceases to be in force automatically after finishing.
S3:SDK utilizes the sliced transmission that file is carried out between the Sessid and file server.
The step S3 the specific steps are:
S31:SDK sends file transmission request using sessid to file server;
S32:After file server is verified sessid, file transmission response is initiated to SDK, and send to SDK New sessid;
S33:After file server transfers fragment to SDK, SDK receives new sessid, repeats step S31 and S32, Until file end of transmission.
Further, the SDK to file server or OpenApi gateways transmission information and file server or Accelerate by SSL accelerators when person OpenApi gateways are equal when transmitting information to SDK.
It since file is larger, can be transmitted by fragment sliced fashion, be that fragment size is transmitted successively by file declustering, Until end of file transfer;The load of network can be reduced by way of sliced transmission, once the file of one of fragment passes Output is wrong, and file server returns to sessId and file fragmentation information to SDK again, recovers immediately transmission, prevents All Files Mistake is just found after end of transmission, and transmission again wastes time, and effectively raises working efficiency;Increase a large amount of clothes simultaneously The access quantity of the client of business device, improves the stability of server.
The OAuth authentication functions of the present embodiment combination open platform, promoted file transmission stability and safety it is same The access sides Shi Zengjia, reduce bandwidth load.
Further to elaborate to the technical solution of the present embodiment, with reference to data and specific implementation mode is quoted It is further elaborated.
The concrete mode of sliced transmission is,
1. hypothesis fragment size is 2M, the file of a 4M size is then divided into 2 fragments, and first fragment 2M is labeled as F01, second fragment are 2M, mark f02;First fragment f01 is first transmitted, and the complete of the fragment is verified using md5 algorithms Property;Then second fragment f02 is transmitted, and verifies the integrality of the fragment using md5 algorithms.
2. hypothesis fragment size is 2M, the file of a 5M size is then divided into 3 fragments, and first fragment 2M is labeled as F01, second fragment are 2M, and it is 1M to mark f02, third fragment, marks f03;First fragment f01 is first transmitted, and is used Md5 algorithms verify the integrality of the fragment;Then second fragment f02 is transmitted, and the complete of the fragment is verified using md5 algorithms Property, third fragment f03 is finally transmitted, and the integrality of the fragment is verified using md5 algorithms.
It is the embodiment of the present invention as described above.Each preferred embodiment described previously for the present invention, it is each preferred Preferred embodiment in embodiment if not apparent contradictory or premised on a certain preferred embodiment, it is each preferably Embodiment can arbitrarily stack combinations use, and the design parameter in the embodiment and embodiment is merely to understand table State the invention verification process of inventor, not to limit the present invention scope of patent protection, scope of patent protection of the invention Still it is subject to its claims, equivalent structure variation made by every specification and accompanying drawing content with the present invention, together Reason should be included within the scope of the present invention.

Claims (7)

1. a kind of document transmission method of open platform, which is characterized in that the method includes:
S1:User end to server sends out checking request, and server authentication returns to the token for authentication after passing through;
S2:Token is sent to server and carries out authentication by client, is proved to be successful and is returned for file transmission verification sessid;
S3:Client utilizes the sliced transmission that file is carried out between the Sessid and server.
2. a kind of document transmission method of open platform according to claim 1, which is characterized in that the step S1 tools Body is:
S11:Client obtains PKCS12 certificates using HTPPS agreements in server;
S12:Client utilizes the verification interface of PKCS12 certificate invoking servers;
S13:Client sends out checking request by the verification interface to server;
S14:Server verifies the checking request, is verified the token for returning to a time-effectiveness.
3. a kind of document transmission method of open platform according to claim 2, which is characterized in that the step S14 In, the server verifies the signature and IP of requestor, and being returned to client after being verified has temporary traffic Demonstrate,prove the token of function.
4. a kind of document transmission method of open platform according to claim 2, which is characterized in that the step S2's The specific steps are:
S21:After client successfully gets token, token and HTTPS agreements are sent to server and are verified;
S22:The validity of the timeliness and HTTPS agreements of server authentication token;
S23:After being verified, sessid and burst information are returned to client.
5. a kind of document transmission method of open platform according to claim 4, which is characterized in that the step S23 In sessid be it is primary effectively, one-time authentication ceases to be in force automatically after finishing.
6. a kind of document transmission method of open platform according to claim 1, which is characterized in that the step S3's The specific steps are:
S31:Client sends file transmission request using sessid to server;
S32:After server is verified sessid, file transmission response is initiated to client, and send newly to client Sessid;
S33:For server to after the complete fragment of client transmissions, client receives new sessid, repeats step S31 and S32, directly To file end of transmission.
7. a kind of document transmission method of open platform according to claim 1, which is characterized in that the client to Accelerate by SSL accelerators when equal when server transport information or server are to client transmissions information.
CN201810165609.2A 2018-02-28 2018-02-28 A kind of document transmission method of open platform Pending CN108322477A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810165609.2A CN108322477A (en) 2018-02-28 2018-02-28 A kind of document transmission method of open platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810165609.2A CN108322477A (en) 2018-02-28 2018-02-28 A kind of document transmission method of open platform

Publications (1)

Publication Number Publication Date
CN108322477A true CN108322477A (en) 2018-07-24

Family

ID=62901595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810165609.2A Pending CN108322477A (en) 2018-02-28 2018-02-28 A kind of document transmission method of open platform

Country Status (1)

Country Link
CN (1) CN108322477A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112614560A (en) * 2020-12-30 2021-04-06 杭州溢点信息技术有限公司 Medical record information input method for tumor patient

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132292A (en) * 2006-08-22 2008-02-27 华为技术有限公司 Method and system for transmitting electric program guidebooks
US20120110469A1 (en) * 2010-11-01 2012-05-03 Gregory Magarshak Systems and Methods for Cross Domain Personalization
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN105245939A (en) * 2015-08-07 2016-01-13 北京市空越技术有限公司 Mobile streaming media offline caching system based on HTTP proxy and method
CN107707504A (en) * 2016-08-08 2018-02-16 中国电信股份有限公司 A kind of player method of Streaming Media, system and server and client side

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132292A (en) * 2006-08-22 2008-02-27 华为技术有限公司 Method and system for transmitting electric program guidebooks
US20120110469A1 (en) * 2010-11-01 2012-05-03 Gregory Magarshak Systems and Methods for Cross Domain Personalization
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN105245939A (en) * 2015-08-07 2016-01-13 北京市空越技术有限公司 Mobile streaming media offline caching system based on HTTP proxy and method
CN107707504A (en) * 2016-08-08 2018-02-16 中国电信股份有限公司 A kind of player method of Streaming Media, system and server and client side

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112614560A (en) * 2020-12-30 2021-04-06 杭州溢点信息技术有限公司 Medical record information input method for tumor patient

Similar Documents

Publication Publication Date Title
CN109413201B (en) SSL communication method, device and storage medium
CN102946333B (en) A kind of DPD method based on IPsec and equipment
US20080072043A1 (en) Device management system and method of controlling the same
JP2018528679A (en) Device and method for establishing a connection in a load balancing system
CN105337935A (en) Method of establishing long connection of client and server and apparatus thereof
CN110800248A (en) Method for mutual symmetric authentication between a first application and a second application
CN104767742A (en) Safe communication method, gateway, network side server and system
CN104426837A (en) Application specific packet filter method and device of file transfer protocol
CN106688218A (en) Method and apparatus for controlling handshake in a packet transmission network
US7376721B2 (en) System for inhibiting installing a radio configuration file onto a software defined radio device unless the file is compatible with the device
US8386783B2 (en) Communication apparatus and communication method
CN106255155A (en) A kind of data transmission method based on mobile Internet and system
CN101453479A (en) Fast document transmission system
WO2022099683A1 (en) Data transmission method and apparatus, device, system, and storage medium
CN108322477A (en) A kind of document transmission method of open platform
CN107040508B (en) Device and method for adapting authorization information of terminal device
JP4472920B2 (en) Method for establishing end-to-end security for transactions between a mobile terminal and an Internet server at the application level and proxy server used for the method
EP3381208B1 (en) Charging record authentication for anonymized network service utilization
CN110417804A (en) A kind of bidirectional identity authentication encryption communication method and system suitable for chip microcontroller
Amend et al. RobE: Robust connection establishment for multipath TCP
CN105530687B (en) A kind of wireless network access controlling method and access device
CN111064571B (en) Communication terminal, server and method for dynamically updating pre-shared key
CN108429700A (en) A kind of method and device sending message
CN114765805A (en) Communication method, network equipment, base station and computer readable storage medium
CN109429226B (en) Temporary user certificate generation method, user card, terminal and network equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180724

RJ01 Rejection of invention patent application after publication