CN110858834B - User information transmission method, device, system and computer readable storage medium - Google Patents

User information transmission method, device, system and computer readable storage medium Download PDF

Info

Publication number
CN110858834B
CN110858834B CN201810965714.4A CN201810965714A CN110858834B CN 110858834 B CN110858834 B CN 110858834B CN 201810965714 A CN201810965714 A CN 201810965714A CN 110858834 B CN110858834 B CN 110858834B
Authority
CN
China
Prior art keywords
user information
client
extension field
information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810965714.4A
Other languages
Chinese (zh)
Other versions
CN110858834A (en
Inventor
李昆仑
张敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201810965714.4A priority Critical patent/CN110858834B/en
Publication of CN110858834A publication Critical patent/CN110858834A/en
Application granted granted Critical
Publication of CN110858834B publication Critical patent/CN110858834B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure relates to a user information transmission method, a device, a system and a computer readable storage medium, and relates to the technical field of communication. The method of the present disclosure comprises: acquiring a Client Hello message sent by a Client; adding user information of a Client in the extension field according to a predefined rule of the extension field in the Client Hello message; and sending the Client Hello message added with the user information of the Client to an HTTPS server so that the HTTPS server can acquire the user information of the Client. According to the method, the device and the system, aiming at the characteristics of HTTPS session establishment, in a TLS/SSL handshake stage at the initial establishment stage of the HTTPS session, the user information is carried to perform a header enhancement function, and the problem that an HTTPS message does not support header enhancement is solved.

Description

User information transmission method, device, system and computer readable storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method, an apparatus, a system, and a computer-readable storage medium for transmitting user information.
Background
HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), which is mainly used for Secure HTTP (Hyper Text Transfer Protocol) data transmission. Because the security, integrity and correctness of data transmission are superior to those of the HTTP protocol, the data transmission method gradually becomes a mainstream application layer protocol for replacing the HTTP. At present, mainstream business applications are shifted to HTTPS protocol.
In the existing HTTP message transmission process, the message header between the terminal application and the server can be enhanced and modified according to the requirements of the service application side, so that the message header can be conveniently used by a service end carrying user related information to the service application.
Disclosure of Invention
The inventor finds that: the HTTP header enhancement is based on parsing and inserting of a service request message, but the HTTPs service message itself is encrypted for transmission and cannot be parsed and inserted for the HTTPs service message, so the HTTP header enhancement method cannot be applied to the HTTPs protocol.
One technical problem to be solved by the present disclosure is: how to transmit user information in the message of HTTPS.
According to some embodiments of the present disclosure, there is provided a user information transmission method, including: acquiring a Client Hello message sent by a Client; adding user information of a Client in the extension field according to a predefined rule of the extension field in the Client Hello message; and sending the Client Hello message added with the user information of the Client to a hypertext transfer protocol (HTTPS) server based on a secure socket layer so that the HTTPS server can acquire the user information of the Client.
In some embodiments, adding the user information of the client in the extension field includes: adding a preset type value at a position corresponding to the type of the extension field, wherein the preset type value indicates that the extension field is used for transmitting user information; adding a type value of the user information at a position corresponding to the type of the sub-extension field, and adding a corresponding user information value in a byte behind the type value of the user information, wherein the user information of different types is added into different sub-extension fields; and respectively adding the length value of each sub extension field and the total length value of the extension field at the position corresponding to the length of each sub extension field and the total length of the extension field.
In some embodiments, before adding the user information of the client in the extension field, the method further comprises: judging whether the type of the extension field in the extension field is a preset type, wherein the preset type represents that the extension field is used for transmitting user information; and deleting the existing information in the extension field under the condition that the type of the extension field is a preset type.
In some embodiments, adding the user information of the client in the extension field includes: encrypting the extension field added with the user information of the client according to an encryption mode negotiated in advance between the client and the HTTPS server; or encrypting the user information of the client according to an encryption mode negotiated by the client and the HTTPS server in advance, and adding the encrypted user information into the extension field.
In some embodiments, adding the user information of the client in the extension field includes: and according to the length of the extension field added with the user information, modifying the information length values and the checksum values of the SSL and the IP layer of the secure socket layer in the Client Hello message.
In some embodiments, adding the user information of the client in the extension field includes: and under the condition that the address information or the type information of the HTTPS server accessed by the Client Hello message is in the range of the preset address information or type information, adding the user information of the Client in the extension field.
In some embodiments, the user information includes a user number; the method further comprises the following steps: the HTTPS server side obtains the user number and authenticates the client side according to the user number.
In some embodiments, the user information includes user private network IP address and path information; the method further comprises the following steps: the HTTPS server side obtains the IP address and the path information of the user private network and sends a service quality adjustment request to the core network equipment, wherein the service quality adjustment request comprises the IP address and the path information of the user private network, so that the core network equipment can adjust the service quality level of the client side according to the IP address and the path information of the user private network.
According to some embodiments of the present disclosure, there is provided a user information transmission apparatus including: the Client Hello module is used for sending a Client Hello message to the Client; the information adding module is used for adding the user information of the Client in the extension field according to the predefined rule of the extension field in the Client Hello message; and the information sending module is used for sending the Client Hello message added with the user information of the Client to a hypertext transfer protocol (HTTPS) server based on a secure socket layer so that the HTTPS server can obtain the user information of the Client.
In some embodiments, the information adding module is configured to add a preset type value at a position corresponding to the extension field type, where the preset type value indicates that the extension field is used for transmitting user information; adding a type value of the user information at a position corresponding to the type of the sub-extension field, and adding a corresponding user information value in a byte behind the type value of the user information, wherein the user information of different types is added into different sub-extension fields; and respectively adding the length value of each sub extension field and the total length value of the extension field at the position corresponding to the length of each sub extension field and the total length of the extension field.
In some embodiments, the apparatus further comprises: the field detection module is used for judging whether the type of the extension field in the extension field is a preset type, and the preset type represents that the extension field is used for transmitting user information; and deleting the existing information in the extension field under the condition that the type of the extension field is a preset type.
In some embodiments, the information adding module is configured to encrypt the extension field to which the user information of the client is added according to an encryption mode negotiated in advance between the client and the HTTPS server; or encrypting the user information of the client according to an encryption mode negotiated by the client and the HTTPS server in advance, and adding the encrypted user information into the extension field.
In some embodiments, the information adding module is configured to modify, according to the length of the extension field after the user information is added, an information length value and a checksum value of the secure socket layer SSL and the IP layer in the Client Hello message.
In some embodiments, the information adding module is configured to add the user information of the Client in the extension field if the address information or the type information of the HTTPS server accessed by the Client Hello message is within a range of preset address information or type information.
According to some embodiments of the present disclosure, there is provided a user information transmission apparatus including: a memory; and a processor coupled to the memory, the processor configured to perform the user information transmission method of any of the foregoing embodiments based on instructions stored in the memory device.
According to some embodiments of the present disclosure, there is provided a computer-readable storage medium having a computer program stored thereon, wherein the program, when executed by a processor, implements the user information transmission method of any of the foregoing embodiments.
According to some embodiments of the present disclosure, there is provided a user information transmission system including: the user information transmission device and the HTTPS server in any of the embodiments described above are configured to parse the Client Hello message to obtain the user information of the Client.
In some embodiments, the user information includes a user number; the HTTPS server is used for acquiring a user number and authenticating the client according to the user number; or the user information comprises the IP address and the path information of the user private network; the HTTPS server is used for acquiring the IP address and the path information of the user private network and sending a service quality adjustment request to the core network equipment, wherein the service quality adjustment request comprises the IP address and the path information of the user private network, so that the core network equipment can adjust the service quality level of the client according to the IP address and the path information of the user private network.
In the method and the system, the Client Hello message sent by the Client is obtained, the user information of the Client is added into the extension field of the Client Hello message, and then the Client Hello message carrying the user information is sent to the HTTPS server, so that the HTTPS server can obtain and use the user information of the Client. Aiming at the characteristics of the establishment of the HTTPS session, the method carries user information to perform a header enhancement function in a TLS/SSL (Secure Sockets Layer/Transport Layer Security) handshake stage at the initial establishment stage of the HTTPS session, and solves the problem that the HTTPS message does not support the header enhancement.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 shows a flow diagram of a user information transmission method of some embodiments of the present disclosure.
Fig. 2 shows a flow diagram of a user information transmission method according to further embodiments of the disclosure.
Fig. 3 shows a schematic structural diagram of a user information transmission apparatus of some embodiments of the present disclosure.
Fig. 4 is a schematic structural diagram of a user information transmission apparatus according to another embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of a user information transmission apparatus according to still other embodiments of the present disclosure.
Fig. 6 shows a schematic structural diagram of a user information transmission system of some embodiments of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The present disclosure provides a user information transmission method, which may be used for enhancing a header of an HTTPS packet, and is described below with reference to fig. 1.
Fig. 1 is a flow chart of some embodiments of a method for user information transmission according to the present disclosure. As shown in fig. 1, the method of this embodiment includes: step S102 to step S106.
In step S102, a Client Hello message sent by the Client is acquired.
The Client Hello message is a message transferred during the TLS/SSL handshake phase at the initial stage of the establishment of the HTTPS session. The TLS/SSL handshake phase is mainly used for the customer service end and the service end to negotiate the key of the subsequent service data. The TLS/SSL handshake phase includes a Client Hello message, a Server Hello message, a Client Key Exchange message, a Change Cipher Spec message, and the like. The interactive process of these messages belongs to the prior art, and is not described in detail herein. The Client Hello message may be acquired by using a user information transmission apparatus or a PGW (Packet Data Network GateWay).
In step S104, according to the predefined rule of the extension field in the Client Hello message, the user information of the Client is added to the extension field.
The Client Hello message may carry an Extension (Extension) field. The addition and parsing rules of the Extension field in the Client Hello message may be predefined and configured in the relevant device. For example, the PGW is made to parse and add the Extension field according to the predefined rule, and the HTTPS server is made to parse the Extension field smoothly afterwards. The Client Hello message can be analyzed through a Deep Packet Inspection (DPI) technology, and an Extension field can be analyzed.
Further, in some embodiments, the Extension field contains, for example, an Extension field Type (Extension _ Type) field, an Extension field Total Length (Total _ Length) field, followed by a list of Sub-Extension (Sub Extension) fields for Extension header data, each Sub Extension field including a Type (Type) of Sub Extension, a Length (Length) of Sub Extension, and user data.
And adding a preset Type value at a position corresponding to the Extension _ Type. The preset type value indicates an extension field for transmitting user information, for example, the preset type value is 1777, and may be converted into 0x 450 x71 in case of occupying 2 bytes.
Adding a Type value of the user information at a position corresponding to the Type (Type) of the Sub Extension field, and adding a corresponding user information value in a byte after the Type value of the user information, different types of user information, and adding to different Sub Extension fields. For example, the user information may include: the Mobile terminal comprises at least one of a Mobile phone Number, a private network IP address, an IMSI (International Mobile Subscriber Identity Number), an IMEI (International Mobile Equipment Identity), an ECGI (E-UTRAN Cell Global Identifier), an SGW (Serving GateWay) IP, a PGW IP and a timestamp, wherein the specific carried information can be flexibly selected according to service requirements, and the information carried by the head enhancement can also be flexibly used according to network operation requirements.
For example, Type of Sub Extension may occupy 1 byte, defined as follows: 1 indicates that the Sub Extension carries a mobile phone number, 2 indicates that the Sub Extension carries a private network IP address, 3 indicates that the Sub Extension carries an IMSI, 4 indicates that the Sub Extension carries an IMEI, 5 indicates that the Sub Extension carries an ECGI, 6 indicates that the Sub Extension carries an SGW IP, 7 indicates that the Sub Extension carries a PGW IP, and 8 indicates that the Sub Extension carries a timestamp.
And respectively adding the Length value of each Sub Extension and the Total Length value of the Extension at the corresponding position of the Length and the Total _ Length of each Sub Extension. For example, Sub Extension Length takes 2 bytes and Total _ Length takes 2 bytes.
The addition of the Extension field is described below by taking as an example the cell phone number 8613312345678, the private network IP address 221.32.1.64, the IMSI 460001999090001, the IMEI 560001999030000, the ECGI 46002238008832, the SGW IP 1.1.1, and the PGW IP 2.2.2.
Extension _ Type value 17777, converted to 2 bytes 0x 450 x 71.
Total _ Length value of 80, converted to 2 bytes of 0x000x 50, less than 2 bytes supplemented by 0.
3. Sub Extension for carrying a mobile phone number:
(3-1) Type value is 1, and the change to 1 byte is represented as 0x 01;
(3-2) a Length value of 8, which is converted into 2 bytes of 0x000x 08, and less than 2 bytes are supplemented with 0;
(3-3) the Value is 8613312345678, the Value is converted into 8 bytes which are 0x000x 000x 070 xd 50 x 710 x6c 0x 360 x4e, and less than 8 bytes are supplemented with 0 in the front.
4. Sub Extension for carrying private network IP:
(4-1) Type value of 2, converted to 1 byte of 0x 02;
(4-2) a Length value of 4, which is converted into 2 bytes of 0x000x 04, less than 2 bytes are supplemented with 0;
(4-3) Value is user private network IP 224.32.1.64, and 4 bytes are 0xe00x 200 x010x 40.
5. Sub Extension for carrying IMSI:
(5-1) Type value of 3, converted to 1 byte of 0x 03;
(5-2) a Length value of 8 is converted into 2 bytes of 0x000x 08, and less than 2 bytes are supplemented with 0;
(5-3) Value of 460001999090001, converted to 8 bytes of 0x000x 010xA 20 x5E 0x8F 0xC 00x 710 x 51; less than 8 bytes are preceded by 0.
6. Sub Extension for carrying source IMEI:
(6-1) Type value of 4, converted to 0x04 with 1 byte;
(6-2) a Length value of 8 is converted into 2 bytes of 0x000x 08, and less than 2 bytes are supplemented with 0;
(6-3) Value of 560001999030000, 8 bytes of 0x000x 010xFD 0x 510 xA 00x 390 xC 60 xF0, less than 8 bytes of 0 is supplemented in front.
7. Sub Extension for carrying source ECGI:
(7-1) Type value of 5, converted to 1 byte of 0x 05;
(7-2) a Length value of 8 is converted into 2 bytes of 0x000x 08, and less than 2 bytes are supplemented with 0;
(7-3) Value of 46002238008832, converted to 8 bytes of 0x000x 000x 290xD 60 xBB 0x0E 0x2E 0x 00; less than 8 bytes are preceded by 0.
8. Sub Extension for carrying source SGW IP:
(8-1) Type value of 6, converted to 1 byte of 0x 06;
(8-2) a Length value of 4 is converted into 2 bytes of 0x000x 04, and less than 2 bytes are supplemented with 0;
(8-3) Value of 1.1.1.1, converted to 4 bytes of 0x010x 010x 010x 01.
9. Sub Extension for carrying source PGW IP:
(9-1) Type value of 7, converted to 1 byte of 0x 07;
(9-2) a Length value of 4 is converted into 2 bytes of 0x000x 04, and less than 2 bytes are supplemented with 0;
(9-3) Value of 2.2.2.2, for 4 bytes 0x 020 x 020 x 02.
10. Sub Extension for identifying time stamp:
(10-1) Type value of 8, converted to 1 byte of 0x 08;
(10-2) a Length value of 8 is converted into 2 bytes of 0x000x 08, and less than 8 bytes are supplemented with 0;
(10-3) timestamp Value 1503368319, representing 2017-08-2210: 18:39, Value 1503368319, to 8 bytes 0x000x 000x 000x 000x 590 x9B 0x940x 7F.
Therefore, the automatically added extensions are:
0x45 0x71 0x00 0x50
0x01 0x00 0x08 0x00 0x00 0x07 0xd5 0x71 0x6c 0x36 0x4e
0x02 0x00 0x04 0xe0 0x20 0x01 0x40
0x03 0x00 0x08 0x00 0x01 0xA2 0x5E 0x8F 0xC0 0x71 0x51
0x04 0x00 0x08 0x00 0x01 0xFD 0x51 0xA0 0x39 0xC6 0xF0
0x05 0x00 0x08 0x00 0x00 0x29 0xD6 0xBB 0x0E 0x2E 0x00
0x06 0x00 0x04 0x01 0x01 0x01 0x01
0x07 0x00 0x04 0x02 0x02 0x02 0x02
0x08 0x00 0x08 0x00 0x00 0x00 0x00 0x59 0x9B 0x94 0x7F
after the extension field is added, other corresponding information in the Client Hello message needs to be modified to ensure the accuracy of the information. In some embodiments, according to the length of the extension field after the user information is added, the length value of the Client Hello message in the message, the information length value and the checksum value (checksum) of the secure socket layer SSL and the IP layer in the Client Hello message are modified.
In the case of adding the extension field, the packet length detection of the Client Hello message may also be performed according to an MTU (Maximum Transmission Unit). And deleting the extension field and deleting the part of the content beyond the extension field when the packet length of the Client Hello message exceeds the MTU.
In order to further increase the security of the information transfer. In some embodiments, the extension field after the user information of the client is added is encrypted according to an encryption mode negotiated in advance between the client and the HTTPS server; or encrypting the user information of the client according to an encryption mode negotiated by the client and the HTTPS server in advance, and adding the encrypted user information into the extension field. For example, RC4(Rivest Cipher 4) may be used to extend fields for user information. The encryption and decryption modes may be preconfigured in the PGW or the server, or the client and the server may be determined in advance through negotiation.
To further increase the security of the Client Hello message and avoid header-enhanced fraud, the Client Hello message may be checked before adding the extension field. And deleting the existing information in the extension field under the condition that the type of the extension field is a preset type. That is, if the extension field has been added and the type of the extension field is analyzed to be a preset type, for example 1777, the existing information is deleted and the extension field is added again according to the method.
In order to adapt to the requirements of different HTTPS servers, the Client Hello messages accessing different servers can be identified, and whether to add the extension fields, the content of the extension fields and the like can be determined. In some embodiments, in the case that address information (e.g., an IP address, a domain name, etc.) or type information of an HTTPS server accessed by the Client Hello message is within a range of preset address information or type information, user information of the Client is added in the extension field. Further, the type of the user information of the Client added in the extension field is determined according to the address information or the type information of the HTTPS server accessed by the Client Hello message. For example, the extension field is added with the mobile phone number of the Client aiming at the Client Hello message sent to some service terminals, and the extension field is added with the private network IP address of the Client aiming at the Client Hello message sent to other service terminals. According to the request of the server, the extended field adding device can set the extended field adding modes corresponding to different servers and the types of the added user information.
In step S106, the Client Hello message to which the user information of the Client is added is sent to the http tps server based on the secure socket layer, so that the HTTPS server obtains the user information of the Client.
In the method of the embodiment, the Client Hello message sent by the Client is acquired, the user information of the Client is added into the extension field of the Client Hello message, and then the Client Hello message carrying the user information is sent to the HTTPS server, so that the HTTPS server can acquire and use the user information of the Client. The method of the embodiment carries user information to perform a header enhancement function in a TLS/SSL (Secure Sockets Layer/Transport Layer Security) handshake stage at an initial establishment stage of the HTTPS session, according to the characteristics of the HTTPS session, thereby solving the problem that the HTTPS message does not support header enhancement.
The HTTPS head enhancement scheme can carry user information to a server, and the server can identify, authenticate and perform other processing on the user by acquiring the user information. Some embodiments of the user information application in the present disclosure are described below in conjunction with fig. 2.
Fig. 2 is a flow chart of some embodiments of a method for user information transmission according to the present disclosure. As shown in fig. 2, the method of this embodiment includes: step S202 to step S222.
Step S202, the client side sends an authentication request to the server side.
The application layer protocol of the authentication request is HTTPS.
And step S204, in the process of establishing the HTTPS session, the Client sends a Client Hello message.
In step S206, the user information transmission apparatus acquires a Client Hello message sent by the Client.
The user information transmission device is, for example, provided in the PGW, or the function of the user information transmission device is realized by using the PGW. The user information transmission apparatus may detect the Client Hello message through the DPI function.
Step S208, the user information transmission device judges whether to modify the extension field of the Client Hello message according to the head enhanced pre-configuration rule. If so, step S210 is performed, otherwise step S211 is performed.
The header enhancement pre-configuration rules include, for example: address information or type information of the HTTPS server side, and whether an extension field is added or not and the type of the user information added in the extension field correspondingly. And the user information transmission device matches the address information or the type information of the HTTPS server side in the Client Hello message with the head enhanced pre-configuration rule to determine whether to modify the extension field of the Client Hello message.
Step S210, the ue detects whether the type of the extension field in the Client Hello message is a preset type. If the type is the preset type, step S212 is executed, otherwise step S214 is executed.
In step S212, the user information transmission apparatus deletes the existing information in the extension field.
Step S214, the user information transmission device adds the user information of the Client in the extension field according to the predefined rule of the extension field in the Client Hello message.
The user information includes a mobile phone number of the user. The user information may be encrypted and added to the extension field.
Step S216, the user information transmission device modifies the length field in the Client Hello message, modifies the length values of the SSL layer and the IP layer, recalculates and replaces the checksum value in the original message, and the message after being enhanced according to the MTU detection head is a legal message.
In step S218, the user information transmitting apparatus transmits the Client Hello message to the server.
Step S220, the server analyzes the Client Hello message and acquires the user information.
Step S222, the server authenticates the client according to the user number.
If the authentication is successful, the server side informs the corresponding service application server to complete the login; if the authentication fails, the service end informs the service application server that the network authentication fails, and other subsequent login modes can be carried out.
At present, in the process of login authentication of a user, a server generally sends a short message verification code, the user inputs the verification code, and the verification login information is sent by a mobile phone number of the user. By using the method of the above embodiment, the user information transmission device directly transmits the Client Hello message, so that the server side authenticates the mobile phone number transmitted by the message. The user does not need a short message verification code, interrupt the existing service and do not need additional operation in the whole authentication process, the non-inductive authentication is completely realized, and the user experience is improved. And the user information transmission device is used for adding the user mobile phone number, and further, the user mobile phone number can be encrypted and transmitted, so that the safety of the transmission process is improved, and the safety and the accuracy of authentication are improved.
Further embodiments of the application of user information are described below.
In some embodiments, the user information includes a user private network IP address. The HTTPS server acquires the user private network IP address and sends a service quality adjustment request to the core network equipment, wherein the service quality adjustment request comprises the user private network IP address, so that the core network equipment adjusts the service quality level of the client according to the user private network IP address.
For users of different grades, the service end can provide different grades of service quality for the users. For example, a user with a high priority may enjoy a higher rate service. The service end can request the core network to adjust the service quality (QoS) of the user in real time by monitoring the service quality of the client sides with different grades. The server can obtain the user private network IP address of the Client through the Client Hello message, and sends a service quality adjustment request carrying the user private network IP address to the core network, so that the core network finds the corresponding bearing of the user according to the user private network IP address, and adjusts the service quality of the user.
Further, in a case that the private network IP address of the user may be duplicated, the Client Hello message may carry path information of the user, for example, at least one of an IP address of the SGW and an IP address of the PGW. The HTTPS server side obtains the IP address and the path information of the user private network and sends a service quality adjustment request to the core network equipment, wherein the service quality adjustment request comprises the IP address and the path information of the user private network, so that the core network equipment can adjust the service quality level of the client side according to the IP address and the path information of the user private network.
According to the method, the server side can automatically adjust the services of different users according to the real-time service quality of the users, the requirements of the different users are met, and the user experience is improved.
In some embodiments, the user information includes: location information of the user, e.g., ECGI information. The HTTPS server side obtains the position information of the user and pushes related application information for the user according to the position of the user. By the method of the embodiment, the server side can acquire the position information of the user, push related services according to the position of the user, and improve user experience.
In some embodiments, the user information includes: a time stamp. And the HTTPS server side confirms whether the Client Hello message is in the valid time according to the timestamp, and does not process the Client Hello message with the valid time. By the method of the embodiment, the safety of message transmission can be improved, and the invalid work and the workload of the server side are reduced.
The present disclosure also provides a user information transmission apparatus, which is described below with reference to fig. 3. The user information transmission apparatus may be disposed in the PGW, or the PGW may be used to implement the function of the user information transmission apparatus.
Fig. 3 is a block diagram of some embodiments of a user information transmitting device of the present disclosure. As shown in fig. 3, the apparatus 30 of this embodiment includes: an information acquisition module 302, an information adding module 304 and an information sending module 306.
An information obtaining module 302, configured to obtain a Client Hello message sent by a Client.
And the information adding module 304 is configured to add the user information of the Client to the extension field according to a predefined rule of the extension field in the Client Hello message.
In some embodiments, the information adding module 304 is configured to add a preset type value to a position corresponding to the type of the extension field, where the preset type value indicates that the extension field is used for transmitting user information; adding a type value of the user information at a position corresponding to the type of the sub-extension field, and adding a corresponding user information value in a byte behind the type value of the user information, wherein the user information of different types is added into different sub-extension fields; and respectively adding the length value of each sub extension field and the total length value of the extension field at the position corresponding to the length of each sub extension field and the total length of the extension field.
In some embodiments, the information adding module 304 is configured to encrypt the extension field to which the user information of the client is added according to an encryption mode negotiated in advance between the client and the HTTPS server; or encrypting the user information of the client according to an encryption mode negotiated by the client and the HTTPS server in advance, and adding the encrypted user information into the extension field.
In some embodiments, the information adding module 304 is configured to modify the information length value and the checksum value of the secure socket layer SSL and the IP layer in the Client Hello message according to the length of the extension field after the user information is added.
In some embodiments, the information adding module 304 is configured to add the user information of the Client in the extension field if the address information or the type information of the HTTPS server accessed by the Client Hello message is within a preset range of the address information or the type information.
The information sending module 306 is configured to send the Client Hello message to which the user information of the Client is added to a hypertext transfer protocol over secure socket layer HTTPS server, so that the HTTPS server obtains the user information of the Client.
In some embodiments, the user information transmission apparatus 30 may further include: a field detection module 303, configured to determine whether a type of an extension field in the extension field is a preset type, where the preset type indicates that the extension field is used for transmitting user information; and deleting the existing information in the extension field under the condition that the type of the extension field is a preset type.
The user information transmission apparatus in the embodiments of the present disclosure may each be implemented by various computing devices or computer systems, which are described below with reference to fig. 4 and 5.
Fig. 4 is a block diagram of some embodiments of a user information transmitting device of the present disclosure. As shown in fig. 4, the apparatus 40 of this embodiment includes: a memory 410 and a processor 420 coupled to the memory 410, the processor 420 configured to perform a user information transmission method in any of the embodiments of the present disclosure based on instructions stored in the memory 410.
Memory 410 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
Fig. 5 is a block diagram of further embodiments of a user information transfer device of the present disclosure. As shown in fig. 5, the apparatus 50 of this embodiment includes: memory 510 and processor 520 are similar to memory 410 and processor 420, respectively. An input output interface 530, a network interface 540, a storage interface 550, and the like may also be included. These interfaces 530, 540, 550 and the connections between the memory 510 and the processor 520 may be, for example, via a bus 560. The input/output interface 530 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 540 provides a connection interface for various networking devices, such as a database server or a cloud storage server. The storage interface 550 provides a connection interface for external storage devices such as an SD card and a usb disk.
The present disclosure also provides a user information transmission system, which is described below with reference to fig. 6.
Fig. 6 is a block diagram of some embodiments of a user information transmission system of the present disclosure. As shown in fig. 6, the system 6 of this embodiment includes: the user information transmission means 30/40/50 of any of the preceding embodiments; and an HTTPS server 62 for parsing the Client Hello message to obtain user information of the Client.
In some embodiments, the user information includes a user number; the HTTPS server 62 is used for acquiring a user number and authenticating the client according to the user number
In some embodiments, the user information includes user private network IP address and path information; the HTTPS server 62 is configured to obtain the IP address and the path information of the user private network, and send a service quality adjustment request to the core network device, where the service quality adjustment request includes the IP address and the path information of the user private network, so that the core network device adjusts the service quality level of the client according to the IP address and the path information of the user private network.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only exemplary of the present disclosure and is not intended to limit the present disclosure, so that any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (14)

1. A user information transmission method comprises the following steps:
acquiring a Client Hello message sent by a Client;
judging whether the type of an extension field in the Client Hello message is a preset type, wherein the preset type represents that the extension field is used for transmitting user information, deleting the existing information in the extension field under the condition that the type of the extension field is the preset type, and adding the user information of the Client in the extension field according to a predefined rule of the extension field;
sending the Client Hello message added with the user information of the Client to a hypertext transfer protocol (HTTPS) server based on a secure socket layer so that the HTTPS server can acquire the user information of the Client;
wherein the adding of the user information of the client in the extension field comprises:
adding a preset type value at a position corresponding to an extension field type, wherein the preset type value indicates that the extension field is used for transmitting user information;
adding a type value of the user information at a position corresponding to the type of the sub-extension field, adding a corresponding user information value in a byte behind the type value of the user information, and adding different types of user information into different sub-extension fields;
and respectively adding the length value of each sub extension field and the total length value of the extension field at the position corresponding to the length of each sub extension field and the total length of the extension field.
2. The user information transmission method according to claim 1,
the adding the user information of the client in the extension field comprises:
encrypting the extension field added with the user information of the client according to an encryption mode negotiated in advance by the client and the HTTPS server;
or encrypting the user information of the client according to an encryption mode negotiated by the client and the HTTPS server in advance, and adding the encrypted user information to the extension field.
3. The user information transmission method according to claim 1,
adding the user information of the client in the extension field comprises:
and modifying the information length value and the checksum value of an SSL (secure socket layer) and an IP (Internet protocol) layer in the Client Hello message according to the length of the extension field added with the user information.
4. The user information transmission method according to claim 1,
the adding the user information of the client in the extension field comprises:
and adding the user information of the Client side in the extension field under the condition that the address information or the type information of the HTTPS server side accessed by the Client Hello message is in the range of preset address information or type information.
5. The user information transmission method according to any one of claims 1 to 4,
the user information comprises a user number;
the method further comprises the following steps:
and the HTTPS server acquires the user number and authenticates the client according to the user number.
6. The user information transmission method according to any one of claims 1 to 4,
the user information comprises a user private network IP address and path information;
the method further comprises the following steps:
the HTTPS server side obtains the user private network IP address and the path information and sends a service quality adjustment request to core network equipment, wherein the service quality adjustment request comprises the user private network IP address and the path information, so that the core network equipment adjusts the service quality grade of the client side according to the user private network IP address and the path information.
7. A user information transmission apparatus comprising:
the Client Hello module is used for sending a Client Hello message to the Client;
a field detection module, configured to determine whether a type of an extension field in the Client Hello message is a preset type, where the preset type indicates that the extension field is used to transmit user information; deleting the existing information in the extension field under the condition that the type of the extension field is a preset type;
the information adding module is used for adding the user information of the client in the extension field according to the predefined rule of the extension field;
the information sending module is used for sending the Client Hello message added with the user information of the Client to a hypertext transfer protocol (HTTPS) server based on a secure socket layer so that the HTTPS server can obtain the user information of the Client;
the information adding module is used for adding a preset type value at a position corresponding to an extension field type, wherein the preset type value indicates that the extension field is used for transmitting user information; adding a type value of the user information at a position corresponding to the type of the sub-extension field, adding a corresponding user information value in a byte behind the type value of the user information, and adding different types of user information into different sub-extension fields; and respectively adding the length value of each sub extension field and the total length value of the extension field at the position corresponding to the length of each sub extension field and the total length of the extension field.
8. The user information transmission apparatus according to claim 7,
the information adding module is used for encrypting the extension field added with the user information of the client according to an encryption mode negotiated in advance by the client and the HTTPS server; or encrypting the user information of the client according to an encryption mode negotiated by the client and the HTTPS server in advance, and adding the encrypted user information to the extension field.
9. The user information transmission apparatus according to claim 7,
and the information adding module is used for modifying the information length value and the checksum value of an SSL (secure socket layer) and an IP (Internet protocol) layer in the Client Hello message according to the length of the extension field after the user information is added.
10. The user information transmission apparatus according to claim 7,
the information adding module is used for adding the user information of the Client side into the extension field under the condition that the address information or the type information of the HTTPS server side accessed by the Client Hello message is within the range of preset address information or type information.
11. A user information transmission apparatus comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of user information transmission of any of claims 1-6 based on instructions stored in the memory device.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
13. A user information transmission system comprising: the user information transmission apparatus of any one of claims 7-11; and
and the HTTPS server is used for analyzing the Client Hello message to acquire the user information of the Client.
14. The user information transmission system according to claim 13,
the user information comprises a user number;
the HTTPS server is used for acquiring the user number and authenticating the client according to the user number;
or the user information comprises a user private network IP address and path information;
the HTTPS server is used for acquiring the user private network IP address and the path information and sending a service quality adjustment request to core network equipment, wherein the service quality adjustment request comprises the user private network IP address and the path information, so that the core network equipment adjusts the service quality level of the client according to the user private network IP address and the path information.
CN201810965714.4A 2018-08-23 2018-08-23 User information transmission method, device, system and computer readable storage medium Active CN110858834B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810965714.4A CN110858834B (en) 2018-08-23 2018-08-23 User information transmission method, device, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810965714.4A CN110858834B (en) 2018-08-23 2018-08-23 User information transmission method, device, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110858834A CN110858834A (en) 2020-03-03
CN110858834B true CN110858834B (en) 2022-02-08

Family

ID=69636060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810965714.4A Active CN110858834B (en) 2018-08-23 2018-08-23 User information transmission method, device, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110858834B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112769807B (en) * 2020-12-31 2023-03-24 天翼数字生活科技有限公司 HTTPS authentication data processing method, device and equipment
CN113691547B (en) * 2021-08-27 2023-11-03 浙江九州云信息科技有限公司 HTTPS head enhancement method of 5G UPF network element
CN114826692B (en) * 2022-04-07 2023-11-07 中国联合网络通信集团有限公司 Information login system, method, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998002005A1 (en) * 1996-07-10 1998-01-15 Telefonaktiebolaget Lm Ericsson (Publ) Method for transporting short messages in a wireless telecommunications system
CN101534262A (en) * 2009-03-30 2009-09-16 成都市华为赛门铁克科技有限公司 A message transmission method, network device and network system
CN103442256A (en) * 2013-08-30 2013-12-11 Tcl集团股份有限公司 Electronic program menu implementation method and system based on HTML5
CN105577738A (en) * 2014-11-10 2016-05-11 中国移动通信集团公司 Method, device and system for processing terminal information
CN107306214A (en) * 2016-04-18 2017-10-31 华为技术有限公司 Terminal connects method, system and the relevant device of Virtual Private Network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6944617B2 (en) * 2001-12-28 2005-09-13 Intel Corporation Communicating transaction types between agents in a computer system using packet headers including an extended type/extended length field
KR100747466B1 (en) * 2005-10-01 2007-08-09 엘지전자 주식회사 A device management client and device management method using nodes having additional properties
CN101478576B (en) * 2008-01-03 2012-02-15 华为技术有限公司 Method, apparatus and system for selecting service network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998002005A1 (en) * 1996-07-10 1998-01-15 Telefonaktiebolaget Lm Ericsson (Publ) Method for transporting short messages in a wireless telecommunications system
CN101534262A (en) * 2009-03-30 2009-09-16 成都市华为赛门铁克科技有限公司 A message transmission method, network device and network system
CN103442256A (en) * 2013-08-30 2013-12-11 Tcl集团股份有限公司 Electronic program menu implementation method and system based on HTML5
CN105577738A (en) * 2014-11-10 2016-05-11 中国移动通信集团公司 Method, device and system for processing terminal information
CN107306214A (en) * 2016-04-18 2017-10-31 华为技术有限公司 Terminal connects method, system and the relevant device of Virtual Private Network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于SSL的文件安全传输系统研究与设计》;王建军;《中国硕士学位论文全文数据库 信息技术辑》;20120511;全文 *

Also Published As

Publication number Publication date
CN110858834A (en) 2020-03-03

Similar Documents

Publication Publication Date Title
US11425047B2 (en) Traffic analysis method, common service traffic attribution method, and corresponding computer system
Naylor et al. Multi-context TLS (mcTLS) enabling secure in-network functionality in TLS
CN104322001B (en) The Transport Layer Security flow control identified using service name
CN110858834B (en) User information transmission method, device, system and computer readable storage medium
US20130238808A1 (en) Mobile link system, method & apparatus
CN112235266B (en) Data processing method, device, equipment and storage medium
US20150156025A1 (en) Message sending and receiving method, apparatus, and system
US20150026236A1 (en) Common Interface Communicating with Multiple Back-End Services via Gateway Application
EP3941015A1 (en) Method, apparatus, and network system for identifying website
WO2019178942A1 (en) Method and system for performing ssl handshake
CN111181912B (en) Browser identifier processing method and device, electronic equipment and storage medium
CN111314288B (en) Relay processing method, relay processing device, server, and storage medium
CN105491073B (en) Data downloading method, device and system
US20200404044A1 (en) Diversified file transfer
CN110719265B (en) Method, device and equipment for realizing network security communication
CN114844730A (en) Network system constructed based on trusted tunnel technology
CN109561010B (en) Message processing method, electronic equipment and readable storage medium
CN103716280A (en) Data transmission method, server and system
CN112910915A (en) Trusted connection authentication method, device, equipment and computer readable storage medium
Urien Convergent identity: Seamless OpenID services for 3G dongles using SSL enabled USIM smart cards
US20150089058A1 (en) System and method for software defined adaptation of broadband network gateway services
CN110266705A (en) A kind of control method and system
WO2018112796A1 (en) Service data policy control method, operator device and server
CN113709135B (en) SSL flow audit acquisition system and method
JP6125196B2 (en) Network system, electronic data management method for network system, program therefor, and program recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant