CN110808989A - HTTPS acceleration method and system based on content distribution network - Google Patents
HTTPS acceleration method and system based on content distribution network Download PDFInfo
- Publication number
- CN110808989A CN110808989A CN201911090331.8A CN201911090331A CN110808989A CN 110808989 A CN110808989 A CN 110808989A CN 201911090331 A CN201911090331 A CN 201911090331A CN 110808989 A CN110808989 A CN 110808989A
- Authority
- CN
- China
- Prior art keywords
- server
- session
- https
- client
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an HTTPS acceleration method and system based on a content distribution network, which adopts an SSL acceleration board scheme to solve the problems of large performance bearing pressure and low transaction processing capacity of software-based SSL implementation; the SSL acceleration board card is deployed on a server of a CDN edge node to realize centralized management of the certificate, one SSL acceleration board card can serve a plurality of clients to perform encryption and decryption, and the problems that each acceleration board card only binds specific client requests, resources are wasted, and management cost is high are solved.
Description
The application is a divisional application of Chinese patent application with the name of 'an HTTPS acceleration method and system based on a content distribution network', which is filed by the patent office of the intellectual property office of China, with the application number of 201610873442.6 on 30/09/2016.
Technical Field
The invention relates to a website optimization method, in particular to an HTTPS acceleration method and system based on a content distribution network.
Background
The HTTPS security protocol is an HTTP channel which takes security as a target, and by adding an SSL layer under the HTTP, transmission encryption can be realized, and important data such as user data, transaction data and the like are prevented from being stolen. HTTPS plays a very critical role in protecting user privacy and preventing traffic hijacking, but at the same time, HTTPS also reduces user access speed and increases computing resource consumption of the web server.
In the SSL session, the most computationally intensive part belongs to the SSL handshake phase, and there are two main handshake types for SSL, one is based on RSA and the other is based on defffie-hellman (dh). The public key algorithms of RSA and DH use many CPUs and are the slowest part of the handshake. On a notebook computer, several hundred RSA encryptions per second can be performed, in contrast to approximately one million symmetric encryption AES per second. The main work at this stage is to negotiate a session key, which is usually a symmetric key, to be applied throughout the respective session procedures; at the same time, the encryption and signature of the SSL handshake itself is an asymmetric key contained in the certificate, and the use of such an asymmetric key consumes more computing resources than a symmetric key.
Based on software SSL implementation, a processor of the server is responsible for initial key exchange of each session and subsequent data encryption and decryption, and the intensive calculation process can cause the server to bear great pressure, so that the processing capacity of other transactions is greatly reduced. Therefore, the software-based SSL implementation is only suitable for the scene of managing a small amount of SSL flow; the CDN network is characterized by a small node size, a small number of servers per node, and a large number of CDN nodes distributed in a geographically divergent manner. HTTPS acceleration is performed in a CDN network, and software-based SSL implementation obviously cannot meet the acceleration requirement.
Based on the above current situation, CDN manufacturers propose a hardware-based SSL acceleration scheme, such as an SSL acceleration board or SSL acceleration device.
The SSL acceleration board card can effectively share the pressure of a server CPU for processing SSL transactions, one or more coprocessors are used for realizing SSL calculation, and the coprocessors may adopt a general CPU or a customized ASIC chip and a RISC instruction set chip. However, for each client access, a server inserted with an SSL acceleration board needs to be allocated to complete the handshake, encryption and decryption processes, which wastes resources and increases the cost of single machine management. In addition, each server must have a unique digital certificate, so many certificates are easy to leak, and the security problem exists.
Secondly, the SSL acceleration equipment is an independent equipment embedded with the SSL acceleration board card, decrypts the encrypted traffic, and sends the decrypted data information to the background server; in the opposite direction, the system is responsible for encrypting the plaintext data sent by the background server and then forwarding the plaintext data to the client; the SSL accelerator terminates the SSL session and the background server can be released completely for data services or running applications, but the SSL accelerator is relatively expensive as a whole and is not an ideal alternative. .
Disclosure of Invention
In order to solve the problems, the invention provides an HTTPS acceleration method and system based on a Content Delivery Network (CDN), which adopts an SSL acceleration board scheme to solve the problem of software-based SSL
The realized performance bears the problems of high pressure and low transaction processing capacity; the SSL acceleration board card is deployed on a server of a CDN edge node to realize centralized management of the certificate, one SSL acceleration board card can serve a plurality of clients to perform encryption and decryption, and the problems that each acceleration board card only binds specific client requests, resources are wasted, and management cost is high are solved.
In order to solve the technical problem, the technical scheme adopted by the invention is that the HTTPS acceleration method based on the content delivery network comprises a CDN network management center and a DNS redirection analysis center which are positioned in a central part, a plurality of CDN network edge nodes positioned in an edge part and a source server positioned at a rear end; each CDN edge node is respectively provided with a session & cache server positioned at the front end and a unified verification server positioned at the rear end; the HTTPS acceleration method comprises the following steps:
step 1: a client side initiates an HTTPS access request to a CDN network edge node; the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client;
step 2: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, interacts with the unified verification server on the encryption and decryption work of the private key and the user certificate at the same time, and then returns to the client;
and step 3: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
The unified authentication server is provided with a user certificate and a private key, and integrates a plurality of SSL acceleration board cards, one or more unified authentication servers correspond to one user certificate, and the unified authentication servers are used for processing encryption and decryption; the step 2 further comprises the following processes: if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
As a further aspect, the HTTPS accelerating method further includes the steps of: the proportional quantity of the uniform verification servers is deployed linearly along with the flow, the uniform verification servers are linearly expanded, and each uniform verification server is plugged with a plurality of SSL acceleration board cards so as to meet the requirements of larger-scale SSL transaction processing and deal with fault processing.
The invention also provides an HTTPS acceleration system based on the content delivery network, and the content delivery network comprises a CDN network management center and a DNS redirection analysis center which are positioned in the central part, a plurality of CDN network edge nodes which are positioned in the edge part and a source server which is positioned at the rear end; each CDN edge node is respectively provided with a session & cache server positioned at the front end and a unified verification server positioned at the rear end; the HTTPS acceleration system comprises the following units:
an HTTPS access request initiating unit configured to perform: a client side initiates an HTTPS access request to a CDN network edge node; a three-way handshake initiating unit to perform: the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client; a three-way handshake processing unit to perform: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, interacts with the unified verification server on the encryption and decryption work of the private key and the user certificate at the same time, and then returns to the client;
an HTTPS access response unit to perform: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
The invention effectively combines the respective technical advantages of the SSL acceleration board card and the CDN edge node, and the difference from the prior scheme is that:
(1) the SSL acceleration board card is used for replacing the encryption and decryption work of the common edge server, so that the edge server Offload is deployed on the unified verification server, the CPU consumption of the common edge server is greatly reduced, and the efficiency is improved;
(2) an SSL acceleration card is used for serving the encryption and decryption work of a plurality of customers from the original one-to-one service to 1-to-N service, so that the cost is greatly saved for CDN manufacturers;
(3) from the fact that one SSL acceleration card needs to manage one certificate to the fact that N customers use one SSL acceleration card at present, the certificate is managed in a centralized mode, and therefore management amount of the certificate is greatly reduced, and single machine management cost is greatly reduced;
(4) the unified verification server not only performs encryption and decryption work by inserting the SSL acceleration board card, but also can deploy software on the unified verification server according to different requirements of customers, such as a CDN server certificate application scheme, a Cloudflare keyles-SSL scheme and the like, and the invention can be effectively supported; interaction with the front-end server and the edge node is realized, so that Round Trip Time (RTT) between the servers is reduced, and efficiency is improved;
(5) the SSL acceleration board card can be linearly expanded in the edge unified verification server cluster so as to increase the transaction processing capacity of the SSL acceleration board card, centralized management is not influenced, and therefore the expansion cost is saved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of client access in an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The invention provides an HTTPS acceleration method based on a content delivery network, wherein the content delivery network comprises a CDN (content delivery network) management center and a DNS redirection analysis center which are positioned in a central part, a plurality of CDN network edge nodes which are positioned in an edge part and a source server which is positioned at a rear end.
The CDN network management center and the DNS redirection analysis center of the central part are responsible for global load balancing, and the equipment system is installed in a management center machine room.
The CDN network edge nodes are vectors for CDN delivery, and mainly comprise a Cache (Cache), a load balancer and the like, and each CDN network edge node is respectively deployed with a session & Cache at the front end and a Unified Authentication Server (UAS) at the rear end. A plurality of session and cache servers are provided, are responsible for HTTPS session management and interact with a back-end unified verification server; and after the interaction is completed, the role is changed into a cache server, and CDN service is provided for the customer. In an alternative example, the session & cache server uses OpenSSL and Nginx software configured to perform the above functions. The unified verification servers are provided with a plurality of user certificates and private keys, integrate a plurality of SSL acceleration board cards (such as Intel or NAVIMN), and are main processing servers for encryption and decryption of users. For the SSL acceleration board card, the single card throughput can reach 20Gbps generally, and the processing rates of the encryption and decryption of 1024-bit RSA and 2048-bit RSA are 35K-200Kqps and 6K-35Kqps respectively. The unified authentication server may be a RedHat/CentOS, Debian and Ubuntu, among others, other Unix operating systems (including FreeBSD) and Microsoft Windows servers running on Linux. The user certificate on each unified authentication server can be shared, that is, a plurality of unified authentication servers can use the same certificate, or each unified authentication server can correspond to one user certificate. The unified validation server is stateless, allows the client to use off-the-shelf hardware, and deploys the proportion of the unified validation server linearly with the traffic; by running multiple unified authentication servers and load balancing through DNS, the customer's site can be kept highly available.
The source server comprises cacheable data and non-cacheable data, the cacheable data is used for updating cache with the session & cache server, and the non-cacheable data is returned to the source for use after the client establishes a session with the edge node.
Based on a content distribution network, with reference to the schematic diagram of fig. 1, the HTTPS acceleration method of the present invention includes the following processes: step 1: a client initiates HTTPS access, distributes a corresponding session and cache server through load balance of a front end, and initiates a three-way handshake (RSA/DH) process; the client is a network terminal user, and may browse a webpage by using a currently popular browser (Chrome, Firefox, IE, and the like), and the client 1, the client 2, and the client 3 in the figure respectively refer to clients representing access of different website acceleration clients, such as different website acceleration clients of a new wave network, a Tencent network, a netbook, and the like;
step 2: in the handshake process, the session & cache server interacts with the unified verification server for the encryption and decryption work of the private key and the user certificate (depending on different schemes), and then returns to the client; for a plurality of clients, mapping each client to a unified verification server through a session & cache server, so that each client shares the hardware acceleration capability of the unified verification server;
and step 3: after the handshake process is completed, the Cache service of the session and Cache server is normally developed, the client normally uses the CDN service, for the cacheable data, the data is directly obtained from the server of the edge node, and for the non-cacheable data, the data is obtained from the source server;
and 4, step 4: the number of the uniform verification servers can be linearly deployed according to the flow rate, the uniform verification servers can be linearly expanded when expansion is needed, and each server is plugged with a plurality of SSL acceleration boards so as to meet requirements of larger-scale SSL transaction processing; or forming a master-slave to deal with fault processing.
The invention also provides an HTTPS acceleration system based on the content delivery network, and the content delivery network comprises a CDN network management center and a DNS redirection analysis center which are positioned in the central part, a plurality of CDN network edge nodes which are positioned in the edge part and a source server which is positioned at the rear end; each CDN edge node is respectively provided with a session & cache server positioned at the front end and a unified verification server positioned at the rear end; the HTTPS acceleration system comprises the following units:
an HTTPS access request initiating unit configured to perform: a client side initiates an HTTPS access request to a CDN network edge node; a three-way handshake initiating unit to perform: the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client; a three-way handshake processing unit to perform: in the handshake process, the allocated session and cache server is responsible for HTTPS session
Management, the session and cache server interacts with the unified verification server for the encryption and decryption work of the private key and the user certificate at the same time, and then returns to the client; if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
An HTTPS access response unit to perform: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
The system comprises a unified authentication server, a plurality of SSL acceleration board cards and a plurality of SSL acceleration board cards, wherein the unified authentication server is provided with a user certificate and a private key and integrates the SSL acceleration board cards; the number of the uniform verification servers can be linearly deployed according to the flow rate, the uniform verification servers can be linearly expanded when expansion is needed, and each server is plugged with a plurality of SSL acceleration boards so as to meet requirements of larger-scale SSL transaction processing; or forming a master-slave to deal with fault processing.
The above-described aspects may be implemented individually or in various combinations, and such variations are within the scope of the present invention.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by instructing the relevant hardware through a program, and the program may be stored in a computer readable storage medium, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits, and accordingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
It is to be noted that, in this document, the terms "comprises", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion, so that an article or apparatus including a series of elements includes not only those elements but also other elements not explicitly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional like elements in the article or device comprising the element.
The above embodiments are merely to illustrate the technical solutions of the present invention and not to limit the present invention, and the present invention has been described in detail with reference to the preferred embodiments. It will be understood by those skilled in the art that various modifications and equivalent arrangements may be made without departing from the spirit and scope of the present invention and it should be understood that the present invention is to be covered by the appended claims.
Claims (8)
1. An HTTPS acceleration method based on a content distribution network is characterized in that: the content delivery network comprises CDN network edge nodes, wherein the CDN network edge nodes are respectively provided with a session and cache server positioned at the front end and a unified verification server positioned at the rear end;
the HTTPS acceleration method comprises the following steps:
step 1: the method comprises the following steps that a CDN network edge node receives an HTTPS access request initiated by a client, distributes a corresponding session and cache server through load balancing of a front end, and performs three-way handshake with the client;
step 2: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, the session & cache server interacts with the unified authentication server for encryption and decryption of the private key and the user certificate at the same time, and then returns to the client, the unified authentication server is used for processing encryption and decryption, the unified authentication server is provided with the user certificate and the private key, and one or more unified authentication servers correspond to the multi-user certificate;
and step 3: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
2. The HTTPS acceleration method according to claim 1, characterized in that: the unified verification server integrates a plurality of SSL acceleration board cards.
3. The HTTPS acceleration method according to claim 2, characterized in that: the step 2 further comprises the following processes:
if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
4. HTTPS acceleration method according to claim 1, 2 or 3, characterized in that: the HTTPS acceleration method also comprises the following steps:
the proportional quantity of the uniform verification servers is deployed linearly along with the flow, the uniform verification servers are linearly expanded, and each uniform verification server is plugged with a plurality of SSL acceleration board cards so as to meet the requirements of larger-scale SSL transaction processing and deal with fault processing.
5. An HTTPS acceleration system based on a content delivery network comprises CDN network edge nodes, wherein the CDN network edge nodes are respectively deployed with a session & cache server positioned at the front end and a unified verification server positioned at the rear end;
the HTTPS acceleration system comprises the following units:
an HTTPS access request receiving unit configured to execute: a CDN network edge node receives an HTTPS access request initiated by a client;
a three-way handshake initiating unit to perform: the CDN edge node distributes a corresponding session and cache server through the load balance of the front end and carries out three-way handshake with the client;
a three-way handshake processing unit to perform: in the handshake process, the distributed session & cache server is responsible for HTTPS session management, the session & cache server interacts with the unified authentication server for encryption and decryption of the private key and the user certificate at the same time, and then returns to the client, the unified authentication server is used for processing encryption and decryption, the unified authentication server is provided with the user certificate and the private key, and one or more unified authentication servers correspond to the multi-user certificate;
an HTTPS access response unit to perform: after the handshake process is completed, the cache service of the session and cache server is normally developed to provide CDN service for the client; and for the data requested by the client, if the data is cacheable data, directly obtaining the data from the session & cache server, and if the data is non-cacheable data, obtaining the data from the source server.
6. The HTTPS acceleration system of claim 5, wherein: the unified verification server integrates a plurality of SSL acceleration board cards.
7. The HTTPS acceleration system of claim 6, wherein: the three-way handshake processing unit further performs the following operations:
if a plurality of clients exist, the clients are mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
8. The HTTPS acceleration system according to claim 5, 6 or 7, characterized in that:
the proportional quantity of the uniform verification servers is deployed linearly along with the flow, the uniform verification servers are linearly expanded, and each uniform verification server is plugged with a plurality of SSL acceleration board cards so as to meet requirements of larger-scale SSL transaction processing and deal with fault processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911090331.8A CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610873442.6A CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
| CN201911090331.8A CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610873442.6A Division CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110808989A true CN110808989A (en) | 2020-02-18 |
| CN110808989B CN110808989B (en) | 2022-01-21 |
Family
ID=57839835
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610873442.6A Active CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
| CN201911090331.8A Active CN110808989B (en) | 2016-09-30 | 2016-09-30 | HTTPS acceleration method and system based on content distribution network |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610873442.6A Active CN106341417B (en) | 2016-09-30 | 2016-09-30 | A kind of HTTPS acceleration method and system based on content distributing network |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN106341417B (en) |
| WO (1) | WO2018059578A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112187804A (en) * | 2020-09-29 | 2021-01-05 | 北京金山云网络技术有限公司 | Communication method and device of server, computer equipment and storage medium |
| CN113301159A (en) * | 2021-05-26 | 2021-08-24 | 中国电子科技集团公司第五十四研究所 | Service position obtaining method and device in edge computing system |
| CN114338629A (en) * | 2020-09-25 | 2022-04-12 | 北京金山云网络技术有限公司 | Data processing method, device, equipment and medium |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341417B (en) * | 2016-09-30 | 2019-11-05 | 贵州白山云科技股份有限公司 | A kind of HTTPS acceleration method and system based on content distributing network |
| CN106789344B (en) * | 2017-01-19 | 2019-11-12 | 上海帝联信息科技股份有限公司 | Data transmission method, system, CDN network and client |
| CN107707514B (en) * | 2017-02-08 | 2018-08-21 | 贵州白山云科技有限公司 | One kind is for encrypted method and system and device between CDN node |
| CN107707517B (en) * | 2017-05-09 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of HTTPs handshake methods, device and system |
| CN107257327B (en) * | 2017-05-25 | 2020-12-29 | 中央民族大学 | High-concurrency SSL session management method |
| CN108574687B (en) * | 2017-07-03 | 2020-11-27 | 北京金山云网络技术有限公司 | Communication connection establishment method and device, electronic equipment and computer readable medium |
| US11153289B2 (en) * | 2017-07-28 | 2021-10-19 | Alibaba Group Holding Limited | Secure communication acceleration using a System-on-Chip (SoC) architecture |
| CN109428876B (en) * | 2017-09-01 | 2021-10-08 | 腾讯科技(深圳)有限公司 | Handshake connection method and device |
| CN109561027A (en) * | 2017-09-26 | 2019-04-02 | 中兴通讯股份有限公司 | Flow optimization method, load balancer and the storage medium of transparent caching |
| CN109842664A (en) * | 2017-11-29 | 2019-06-04 | 苏宁云商集团股份有限公司 | A kind of CDN of the safety without private key of High Availabitity supports the system and method for HTTPS |
| CN108401011B (en) * | 2018-01-30 | 2021-09-24 | 网宿科技股份有限公司 | Acceleration method and device for handshake request in content distribution network and edge node |
| CN108429682A (en) * | 2018-02-26 | 2018-08-21 | 湖南科技学院 | A kind of optimization method and system of network transmission link |
| CN110324365B (en) * | 2018-03-28 | 2023-01-24 | 网易(杭州)网络有限公司 | Keyless front-end cluster system, application method, storage medium and electronic device |
| CN110324290B (en) * | 2018-03-30 | 2022-02-01 | 贵州白山云科技股份有限公司 | Network equipment authentication method, network element equipment, medium and computer equipment |
| CN108804515B (en) * | 2018-04-25 | 2021-05-28 | 网宿科技股份有限公司 | Webpage loading method, webpage loading system and server |
| US11579781B2 (en) | 2020-10-23 | 2023-02-14 | Red Hat, Inc. | Pooling distributed storage nodes that have specialized hardware |
| CN115460083B (en) * | 2021-06-09 | 2024-04-19 | 贵州白山云科技股份有限公司 | Security acceleration service deployment method, device, medium and equipment |
| CN117857095A (en) * | 2023-12-05 | 2024-04-09 | 天翼云科技有限公司 | Non-private key TLS handshake solving method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7634650B1 (en) * | 2004-07-22 | 2009-12-15 | Xsigo Systems | Virtualized shared security engine and creation of a protected zone |
| US20150106624A1 (en) * | 2011-12-16 | 2015-04-16 | Akamai Technologies, Inc. | Providing forward secrecy in a terminating TLS connection proxy |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
| CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9647835B2 (en) * | 2011-12-16 | 2017-05-09 | Akamai Technologies, Inc. | Terminating SSL connections without locally-accessible private keys |
| KR101491697B1 (en) * | 2013-12-10 | 2015-02-11 | 주식회사 시큐아이 | Security device including ssl acceleration card and operating method thereof |
| CN104732164A (en) * | 2013-12-18 | 2015-06-24 | 国家计算机网络与信息安全管理中心 | Device and method both for accelerating SSL (Security Socket Layer) data processing speed |
| CN106027646B (en) * | 2016-05-19 | 2019-06-21 | 北京云钥网络科技有限公司 | A kind of method and device accelerating HTTPS |
| CN106101007B (en) * | 2016-05-24 | 2019-05-07 | 杭州迪普科技股份有限公司 | Handle the method and device of message |
| CN106230782A (en) * | 2016-07-20 | 2016-12-14 | 腾讯科技(深圳)有限公司 | A kind of information processing method based on content distributing network and device |
| CN106341417B (en) * | 2016-09-30 | 2019-11-05 | 贵州白山云科技股份有限公司 | A kind of HTTPS acceleration method and system based on content distributing network |
-
2016
- 2016-09-30 CN CN201610873442.6A patent/CN106341417B/en active Active
- 2016-09-30 CN CN201911090331.8A patent/CN110808989B/en active Active
-
2017
- 2017-09-30 WO PCT/CN2017/104806 patent/WO2018059578A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7634650B1 (en) * | 2004-07-22 | 2009-12-15 | Xsigo Systems | Virtualized shared security engine and creation of a protected zone |
| US20150106624A1 (en) * | 2011-12-16 | 2015-04-16 | Akamai Technologies, Inc. | Providing forward secrecy in a terminating TLS connection proxy |
| CN104702611A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Equipment and method for protecting session key of secure socket layer |
| CN105871797A (en) * | 2015-11-19 | 2016-08-17 | 乐视云计算有限公司 | Handshake method, device and system of client and server |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338629A (en) * | 2020-09-25 | 2022-04-12 | 北京金山云网络技术有限公司 | Data processing method, device, equipment and medium |
| CN112187804A (en) * | 2020-09-29 | 2021-01-05 | 北京金山云网络技术有限公司 | Communication method and device of server, computer equipment and storage medium |
| CN113301159A (en) * | 2021-05-26 | 2021-08-24 | 中国电子科技集团公司第五十四研究所 | Service position obtaining method and device in edge computing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110808989B (en) | 2022-01-21 |
| CN106341417A (en) | 2017-01-18 |
| WO2018059578A1 (en) | 2018-04-05 |
| CN106341417B (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110808989B (en) | HTTPS acceleration method and system based on content distribution network | |
| CN111680324B (en) | Credential verification method, management method and issuing method for blockchain | |
| US20200059360A1 (en) | System and method for service-to-service authentication | |
| CN111556120B (en) | Data processing method and device based on block chain, storage medium and equipment | |
| CN108683747A (en) | Resource acquisition, distribution, method for down loading, device, equipment and storage medium | |
| US20200372360A1 (en) | Secure cloud-based machine learning without sending original data to the cloud | |
| US6732277B1 (en) | Method and apparatus for dynamically accessing security credentials and related information | |
| CN110351364A (en) | Date storage method, equipment and computer readable storage medium | |
| US11418342B2 (en) | System and methods for data exchange using a distributed ledger | |
| JP7530146B2 (en) | Secure private key distribution among endpoint instances | |
| US11621856B2 (en) | Generating a domain name system container image to create an instance of a domain name system container | |
| CN112235274B (en) | Bank-enterprise direct connection system and method supporting multiple encryption algorithms to carry out secure communication | |
| WO2016000473A1 (en) | Business access method, system and device | |
| CN115694914B (en) | Password service deployment system and method oriented to Internet of things | |
| CN115706729B (en) | Service providing method and device, equipment and storage medium | |
| Hena et al. | Blockchain Based Authentication Framework for Kerberos Enabled Hadoop Clusters | |
| Prakash et al. | Data verification using block level batch auditing on multi-cloud server | |
| Modh et al. | Mobile Data Security using TPA Initiated Token Based Cryptography | |
| Srivenkatesh et al. | Implementing Multiprime RSA Algorithm to Enhance the Data Security in Federated Cloud Computing | |
| Yang et al. | PADP: A parallel data possession audit model for cloud storage | |
| CN114338056A (en) | Network access method based on cloud distribution and system, medium and equipment thereof | |
| Yun et al. | The biometric signature delegation scheme to balance the load of digital signing in hybrid P2P networks | |
| Krzywiecki et al. | Efficient probabilistic methods for proof of possession in clouds | |
| Alkunte et al. | Enhanced security using shared authority protocol and data partitioning for cloud storage | |
| Zibuschka et al. | Towards privacy-enhancing identity management in mashup-providing platforms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |