WO2018059578A1 - Procédé et système d'accélération https basés sur un réseau de distribution de contenu - Google Patents

Procédé et système d'accélération https basés sur un réseau de distribution de contenu Download PDF

Info

Publication number
WO2018059578A1
WO2018059578A1 PCT/CN2017/104806 CN2017104806W WO2018059578A1 WO 2018059578 A1 WO2018059578 A1 WO 2018059578A1 CN 2017104806 W CN2017104806 W CN 2017104806W WO 2018059578 A1 WO2018059578 A1 WO 2018059578A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
session
https
unified
client
Prior art date
Application number
PCT/CN2017/104806
Other languages
English (en)
Chinese (zh)
Inventor
苗辉
江桂林
杨洋
林胜恩
Original Assignee
贵州白山云科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 贵州白山云科技有限公司 filed Critical 贵州白山云科技有限公司
Publication of WO2018059578A1 publication Critical patent/WO2018059578A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Definitions

  • the embodiment of the invention relates to a website optimization method, and in particular to a content distribution network (CDN)-based HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) acceleration method and system.
  • CDN content distribution network
  • HTTPS Hyper Text Transfer Protocol over Secure Socket Layer
  • HTTPS security protocol is a security-oriented HTTP channel.
  • SSL layer By adding an SSL layer under HTTP, transmission encryption can be implemented to prevent important data such as user data and transaction data from being stolen.
  • HTTPS plays a key role in protecting user privacy and preventing traffic hijacking. But at the same time, HTTPS will also reduce user access speed and increase the computing resource consumption of the web server.
  • SSL Secure Sockets Layer
  • SSL has two main types of handshakes, one based on RSA and one based on Deiffie-Hellman (DH).
  • the public key algorithms of RSA and DH use a lot of CPU processing power and are the slowest part of the handshake.
  • a laptop can perform hundreds of RSA encryptions per second, compared to approximately 10 million symmetric encryption AES per second.
  • the main task of this phase is to negotiate the session key, which is usually a symmetric key, which will be applied throughout the corresponding session; at the same time, the encryption and signature of the SSL handshake itself is included in the certificate.
  • a symmetric key that uses this asymmetric key to consume more computing resources than a symmetric key.
  • the server's processor is responsible for the initial key exchange of each session and subsequent data encryption and decryption. This intensive computing process puts the server under great pressure and greatly reduces other transaction processing capabilities. Therefore, the software-based SSL implementation is only applicable to scenarios that manage a small amount of SSL traffic.
  • the CDN network is characterized by a small node size and a small number of servers per node. However, CDN nodes are distributed more and are geographically divergent. HTTPS acceleration in CDN networks, software-based SSL implementation can not meet the acceleration needs.
  • the SSL acceleration board can effectively share the pressure of the server CPU to handle SSL transactions.
  • One or more coprocessors are used to implement SSL computing. These coprocessors may use general-purpose CPUs or custom ASIC chips and RISC instruction set chips.
  • a server with an SSL acceleration board is assigned to complete the handshake, encryption and decryption process, which wastes resources and has a high stand-alone management cost.
  • each server must have a unique digital certificate, so many certificates are easy to leak, there are security issues.
  • the SSL acceleration device is an independent device embedded in the SSL acceleration board, decrypts the encrypted traffic, and sends the decrypted data information to the background server; in the opposite direction, it is responsible for encrypting the plaintext data sent by the background server. Forward it to the client; the SSL acceleration device terminates the SSL session, and the backend server can be completely freed for data services or running applications, but the overall cost of the SSL acceleration device is not an ideal alternative.
  • the embodiment of the invention provides an HTTPS acceleration method and system based on a content distribution network, which adopts an SSL acceleration board solution, and solves the problem that the performance of the software-based SSL implementation is under pressure and the transaction processing capability is inefficient; and the SSL is accelerated.
  • the board is deployed on the server of the edge node of the CDN network to implement centralized management of the certificate, and an SSL acceleration board can serve multiple clients for encryption and decryption, which solves the problem that each acceleration board is only bound to a specific client request. The problem of wasted resources and high management costs.
  • the content distribution network-based HTTPS acceleration method includes: the content distribution network includes a content distribution network CDN network management center located in a central part, and a domain name system DNS redirection analysis center, and multiple CDN network edges located at an edge portion a node and a source server located at the back end; each CDN network edge node respectively deploys a session & cache server at the front end and a unified authentication server at the back end;
  • the HTTPS acceleration method includes:
  • Step 1 The client initiates an HTTPS access request to the CDN network edge node; the CDN network edge node allocates a session & cache server to perform a three-way handshake with the client through load balancing of the front end;
  • Step 2 During the handshake process, the assigned session & cache server is responsible for HTTPS session management.
  • the session & cache server interacts with the unified authentication server for encrypting and decrypting the private key and the user certificate, and returns the interaction result to the client;
  • Step 3 After the handshake process is completed, the session & cache server performs a cache service to provide a CDN service for the client; if the data requested by the client is cacheable data, it is directly obtained in the session & cache server, if not Cache data and get it from the source server.
  • the method may further include: providing a user certificate and a private key on the unified verification server, integrating at least one SSL acceleration board, and one or more unified verification servers corresponding to one user certificate, and the unified verification server is set to process plus Decrypt.
  • the above method may further include: if there are multiple clients, mapping each client to a unified authentication server through the session & cache server.
  • the method may further include: linearly deploying the proportion of the unified verification server with the traffic, linearly expanding the unified verification server, and inserting at least one SSL acceleration board on each unified verification server.
  • the method may further include: inserting multiple SSL acceleration boards on each unified authentication server, and different SSL acceleration boards form an active/standby relationship.
  • the embodiment of the present invention further provides an HTTPS acceleration system based on a content distribution network, where the content distribution network includes a CDN network management center and a DNS redirection analysis center located at a central portion, a plurality of CDN network edge nodes located at an edge portion, and a rear location.
  • the HTTPS acceleration system includes the following units:
  • the HTTPS access request initiating unit is configured to execute: the client initiates an HTTPS access request to the CDN network edge node;
  • the three-way handshake initiation unit is configured to perform: the CDN network edge node allocates a corresponding session & cache server through the load balancing of the front end, and performs three-way handshake with the client; the three-way handshake processing unit is set to execute: during the handshake process, the allocation is performed.
  • the good session & cache server is responsible for HTTPS session management.
  • the session & cache server interacts with the unified authentication server for the encryption and decryption of the private key and the user certificate, and returns the interaction result to the client.
  • the HTTPS access response unit is set to execute: after the handshake process is completed, the session & cache server performs a cache service to provide a CDN service for the client; for the data requested by the client, if The data can be cached and obtained directly at the session & cache server. If it is non-cacheable, it is obtained from the source server.
  • the system may further include: a user certificate and a private key are provided on the unified verification server, and at least one SSL acceleration board is integrated, and one or more unified verification servers correspond to a user certificate, and the unified verification server is set to process plus Decrypt.
  • the system may further include: the three-way handshake processing unit is further configured to perform the following operations: if there are multiple clients, the clients are mapped to a unified authentication server through the session & cache server.
  • the above system may further include: the proportion of the unified verification server is linearly distributed with the traffic, and the unified verification server is linearly expanded, and each unified verification server is plugged with at least one SSL acceleration board.
  • the above system may further include: inserting multiple SSL acceleration boards on each unified authentication server, and different SSL acceleration boards form an active/standby relationship.
  • the embodiments of the present invention effectively combine the technical advantages of the SSL acceleration board and the CDN network edge node, and have the following advantages:
  • the unified authentication server can perform encryption and decryption work by plugging in the SSL acceleration board. It can also deploy software on the unified authentication server according to different needs of customers, such as CDN server application certificate scheme and Cloudflare keyless-SSL scheme.
  • the embodiments of the present invention can effectively support; realize the interaction with the front-end server at the edge node, reduce the round-trip RTT between servers, and improve the efficiency.
  • the SSL acceleration board can be linearly extended in the edge unified authentication server cluster to increase its transaction processing capability without affecting centralized management and saving expansion costs.
  • FIG. 1 is a schematic diagram of client access according to an embodiment of the present invention.
  • An embodiment of the present invention provides an HTTPS acceleration method based on a content distribution network, where the content distribution network includes a CDN network management center and a DNS redirection analysis center located in a central portion, a plurality of CDN network edge nodes located at an edge portion, and a source located at the back end. server.
  • the central part of the CDN network management center and the DNS redirection analysis center are responsible for global load balancing, and the equipment system is installed in the management center equipment room.
  • the CDN network edge node is a carrier for CDN distribution. It is mainly composed of a cache (Cache) and a load balancer. Each CDN network edge node deploys a session & cache at the front end and a unified authentication server (UAS) at the back end. Among them, the session & cache server is provided with multiple, responsible for HTTPS session management, and interacts with the back-end unified authentication server; after the interaction is completed, the role is changed to a cache server to provide CDN services for the client. In an optional example, the session & cache server performs the above functions using the configured OpenSSL and Nginx software.
  • the unified authentication server is provided with multiple user certificates and private keys, and integrates several SSL acceleration boards (such as Intel or NAVIMN), which is the main processing server for user encryption and decryption.
  • SSL acceleration board the single card throughput can usually reach 20Gbps, and the 1024-bit RSA and 2048-bit RSA are encrypted and decrypted, and the processing rates are 35K-200Kqps and 6K-35Kqps, respectively.
  • the unified authentication server can be run on Linux (RedHat/CentOS, Debian and Ubuntu, and others), other Unix operating systems (including FreeBSD) and Microsoft Windows servers.
  • each unified authentication server can be shared, that is, multiple unified authentication servers can use the same certificate, or one unified authentication server can correspond to one user certificate.
  • the unified authentication server is stateless, allowing the client to use off-the-shelf hardware and deploying a uniform authentication server scale with traffic; by running multiple unified authentication servers and load balancing through DNS, The customer's site can be kept highly available.
  • the source server contains cacheable data and non-cacheable data.
  • the cacheable data is used to update the cache with the session & cache server.
  • the non-cacheable data is used by the client after establishing a session with the edge node.
  • the HTTPS acceleration method of the embodiment of the present invention includes the following steps:
  • Step 1 The client initiates HTTPS access, and allocates a corresponding session & cache server through the front-end load balancing to initiate a three-way handshake (RSA/DH) process.
  • the client is a network terminal user and may use the current popular browsing. (Chrome, Firefox, IE, etc.) browse the webpage, the client 1, the client 2, and the client 3 in the figure respectively refer to the client representative access of different websites to accelerate the customer, such as Sina, Tencent, Netease, etc. Different websites accelerate customers;
  • Step 2 During the handshake process, the session & cache server interacts with the unified authentication server for the encryption and decryption of the private key and the user certificate (depending on different implementations), and returns the interaction result to the client; for multiple clients, The session & cache server maps each client to a unified authentication server, so that each client shares the hardware acceleration capability of the unified authentication server;
  • Step 3 After the handshake process is completed, the session & cache server performs the cache service to provide the CDN service for the client, and the client normally uses the CDN service. For the data requested by the client, if the data is cacheable, the server directly at the edge node Get, if it is non-cacheable data, get it from the source server.
  • Step 4 The number of unified authentication servers can be deployed linearly with the proportion of the traffic.
  • the unified authentication server can be linearly extended, and at least one SSL acceleration board is inserted into each server to cope with the larger Scale SSL transaction processing requirements; or form an active/standby to handle fault handling.
  • the embodiment of the present invention further provides an HTTPS acceleration system based on a content distribution network, where the content distribution network includes a CDN network management center and a DNS redirection analysis center located at a central portion, a plurality of CDN network edge nodes located at an edge portion, and a rear location.
  • the HTTPS acceleration system includes the following units:
  • the HTTPS access request initiating unit is configured to execute: the client initiates an HTTPS access request to the CDN network edge node;
  • the three-way handshake initiation unit is configured to perform: the CDN network edge node allocates a corresponding session & cache server through the load balancing of the front end, and performs a three-way handshake with the client;
  • the three-way handshake processing unit is set to execute: during the handshake process, the assigned session & cache server is responsible for HTTPS session management, and the session & cache server simultaneously interacts with the unified authentication server for encryption and decryption of the private key and the user certificate, and interacts with each other.
  • the result is returned to the client; if there are multiple clients, each client is mapped to a unified authentication server through the session & cache server, so that each client shares the hardware acceleration capability of the unified authentication server.
  • the HTTPS access response unit is set to execute: after completing the handshake process, the session & cache server performs a cache service to provide a CDN service for the client; for the data requested by the client, if the data is cacheable, directly in the session & cache server Get, if it is non-cacheable data, get it from the source server.
  • the unified authentication server is provided with a user certificate and a private key, and integrates a plurality of SSL acceleration boards, one or more unified authentication servers corresponding to one user certificate, the unified verification server is set to handle encryption and decryption;
  • the number can be distributed with the linearity of the traffic to the proportion of the unified authentication server.
  • the unified authentication server can be linearly extended, and several SSL acceleration boards are inserted into each server to cope with the larger-scale SSL transaction processing requirements; or Form the master and backup to deal with the fault handling.
  • the embodiments of the present invention effectively combine the technical advantages of the SSL acceleration board and the CDN network edge node, and have the following advantages:
  • the unified authentication server can also deploy software on the unified authentication server according to different needs of customers, such as CDN server application certificate.
  • the scheme, the keyless-SSL scheme of Cloudflare, etc. can be effectively supported by the embodiments of the present invention; the interaction with the front-end server at the edge node is realized, the round-trip RTT between servers is reduced, and the efficiency is improved.
  • the SSL acceleration board can be linearly extended in the edge unified authentication server cluster to increase its transaction processing capability without affecting centralized management and saving expansion costs.
  • computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
  • the embodiment of the present invention uses the SSL acceleration board to replace the encryption and decryption work of the common edge server, so that the edge server reduces the load and deploys the SSL acceleration board to the unified verification server, which greatly reduces the CPU consumption of the common edge server and improves the efficiency.

Abstract

Des modes de réalisation de la présente invention concernent un procédé et un système d'accélération HTTPS basés sur un réseau de distribution de contenu. Le procédé comprend : l'étape 1) une extrémité client lance une requête d'accès HTTPS à un nœud de bordure de réseau CDN, et le nœud de bordure de réseau CDN attribue en retour un serveur de session et de tampon par l'intermédiaire d'une charge frontale pour effectuer trois établissements de liaison avec l'extrémité client ; l'étape 2) pendant le processus d'établissement de liaison, le serveur de session et de tampon attribué effectue une gestion de session HTTPS, et réalise simultanément une interaction avec un serveur d'authentification centralisé, au moyen d'une clé privée et du chiffrement et déchiffrement d'un certificat d'utilisateur, et renvoie un résultat de l'interaction à l'extrémité client ; et l'étape 3) après achèvement du processus d'établissement de liaison, le serveur de session et de tampon lance un service tampon pour fournir l'extrémité client à un service CDN, dans lequel, si des données demandées par l'extrémité client peuvent être mises en mémoire en tampon, les données sont acquises directement à partir du serveur de session et de tampon, et si les données demandées par l'extrémité client ne peuvent pas être mises en mémoire tampon, les données sont acquises à partir d'un serveur source.
PCT/CN2017/104806 2016-09-30 2017-09-30 Procédé et système d'accélération https basés sur un réseau de distribution de contenu WO2018059578A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610873442.6A CN106341417B (zh) 2016-09-30 2016-09-30 一种基于内容分发网络的https加速方法和系统
CN201610873442.6 2016-09-30

Publications (1)

Publication Number Publication Date
WO2018059578A1 true WO2018059578A1 (fr) 2018-04-05

Family

ID=57839835

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/104806 WO2018059578A1 (fr) 2016-09-30 2017-09-30 Procédé et système d'accélération https basés sur un réseau de distribution de contenu

Country Status (2)

Country Link
CN (2) CN106341417B (fr)
WO (1) WO2018059578A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115460083A (zh) * 2021-06-09 2022-12-09 贵州白山云科技股份有限公司 安全加速服务部署方法、装置、介质及设备
CN115460083B (zh) * 2021-06-09 2024-04-19 贵州白山云科技股份有限公司 安全加速服务部署方法、装置、介质及设备

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341417B (zh) * 2016-09-30 2019-11-05 贵州白山云科技股份有限公司 一种基于内容分发网络的https加速方法和系统
CN106789344B (zh) * 2017-01-19 2019-11-12 上海帝联信息科技股份有限公司 数据传输方法、系统、cdn网络及客户端
CN107707514B (zh) 2017-02-08 2018-08-21 贵州白山云科技有限公司 一种用于cdn节点间加密的方法及系统及装置
CN107707517B (zh) * 2017-05-09 2018-11-13 贵州白山云科技有限公司 一种HTTPs握手方法、装置和系统
CN107257327B (zh) * 2017-05-25 2020-12-29 中央民族大学 一种高并发ssl会话管理方法
CN108574687B (zh) * 2017-07-03 2020-11-27 北京金山云网络技术有限公司 通信连接建立方法、装置、电子设备和计算机可读介质
US11153289B2 (en) * 2017-07-28 2021-10-19 Alibaba Group Holding Limited Secure communication acceleration using a System-on-Chip (SoC) architecture
CN109428876B (zh) * 2017-09-01 2021-10-08 腾讯科技(深圳)有限公司 一种握手连接方法及装置
CN109561027A (zh) * 2017-09-26 2019-04-02 中兴通讯股份有限公司 透明缓存的流量优化方法、负载均衡器及存储介质
CN109842664A (zh) * 2017-11-29 2019-06-04 苏宁云商集团股份有限公司 一种高可用的安全无私钥的cdn支持https的系统及方法
CN108401011B (zh) * 2018-01-30 2021-09-24 网宿科技股份有限公司 内容分发网络中握手请求的加速方法、设备及边缘节点
CN108429682A (zh) * 2018-02-26 2018-08-21 湖南科技学院 一种网络传输链路的优化方法及系统
CN110324365B (zh) * 2018-03-28 2023-01-24 网易(杭州)网络有限公司 无密钥前端集群系统、应用方法、存储介质、电子装置
CN110324290B (zh) * 2018-03-30 2022-02-01 贵州白山云科技股份有限公司 网络设备认证的方法、网元设备、介质及计算机设备
CN108804515B (zh) * 2018-04-25 2021-05-28 网宿科技股份有限公司 一种网页加载方法、网页加载系统和服务器
CN114338629A (zh) * 2020-09-25 2022-04-12 北京金山云网络技术有限公司 数据处理方法、装置、设备及介质
CN112187804B (zh) * 2020-09-29 2023-01-20 北京金山云网络技术有限公司 服务器的通信方法、装置、计算机设备和存储介质
US11579781B2 (en) 2020-10-23 2023-02-14 Red Hat, Inc. Pooling distributed storage nodes that have specialized hardware
CN113301159B (zh) * 2021-05-26 2022-12-09 中国电子科技集团公司第五十四研究所 一种边缘计算系统中的服务位置获取方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104732164A (zh) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 一种提高ssl数据处理速度的装置及其方法
CN106027646A (zh) * 2016-05-19 2016-10-12 杜在东 一种加速https的方法及装置
CN106230782A (zh) * 2016-07-20 2016-12-14 腾讯科技(深圳)有限公司 一种基于内容分发网络的信息处理方法及装置
CN106341417A (zh) * 2016-09-30 2017-01-18 贵州白山云科技有限公司 一种基于内容分发网络的https加速方法和系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9531691B2 (en) * 2011-12-16 2016-12-27 Akamai Technologies, Inc. Providing forward secrecy in a terminating TLS connection proxy
US9647835B2 (en) * 2011-12-16 2017-05-09 Akamai Technologies, Inc. Terminating SSL connections without locally-accessible private keys
KR101491697B1 (ko) * 2013-12-10 2015-02-11 주식회사 시큐아이 Ssl 가속 카드를 포함하는 보안 장치 및 그것의 동작 방법
CN104702611B (zh) * 2015-03-15 2018-05-25 西安电子科技大学 一种保护安全套接层会话密钥的设备及方法
CN105871797A (zh) * 2015-11-19 2016-08-17 乐视云计算有限公司 客户端与服务器进行握手的方法、装置及系统
CN106101007B (zh) * 2016-05-24 2019-05-07 杭州迪普科技股份有限公司 处理报文的方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634650B1 (en) * 2004-07-22 2009-12-15 Xsigo Systems Virtualized shared security engine and creation of a protected zone
CN104732164A (zh) * 2013-12-18 2015-06-24 国家计算机网络与信息安全管理中心 一种提高ssl数据处理速度的装置及其方法
CN106027646A (zh) * 2016-05-19 2016-10-12 杜在东 一种加速https的方法及装置
CN106230782A (zh) * 2016-07-20 2016-12-14 腾讯科技(深圳)有限公司 一种基于内容分发网络的信息处理方法及装置
CN106341417A (zh) * 2016-09-30 2017-01-18 贵州白山云科技有限公司 一种基于内容分发网络的https加速方法和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115460083A (zh) * 2021-06-09 2022-12-09 贵州白山云科技股份有限公司 安全加速服务部署方法、装置、介质及设备
CN115460083B (zh) * 2021-06-09 2024-04-19 贵州白山云科技股份有限公司 安全加速服务部署方法、装置、介质及设备

Also Published As

Publication number Publication date
CN110808989B (zh) 2022-01-21
CN106341417B (zh) 2019-11-05
CN110808989A (zh) 2020-02-18
CN106341417A (zh) 2017-01-18

Similar Documents

Publication Publication Date Title
WO2018059578A1 (fr) Procédé et système d'accélération https basés sur un réseau de distribution de contenu
US10382408B1 (en) Computing instance migration
US20150358312A1 (en) Systems and methods for high availability of hardware security modules for cloud-based web services
US11303431B2 (en) Method and system for performing SSL handshake
CN106341375B (zh) 实现资源加密访问的方法及系统
US10318747B1 (en) Block chain based authentication
US10341118B2 (en) SSL gateway with integrated hardware security module
JP2018503318A (ja) 量子鍵配送のための方法、装置、及びシステム
US10623186B1 (en) Authenticated encryption with multiple contexts
US10257171B2 (en) Server public key pinning by URL
US9749354B1 (en) Establishing and transferring connections
JP2020522164A (ja) Tls検査のための方法、装置およびプログラム
US20190028559A1 (en) Tcp fast open hardware support in proxy devices
US8132246B2 (en) Kerberos ticket virtualization for network load balancers
US9191201B1 (en) Optimizing secure communications
CN108574687B (zh) 通信连接建立方法、装置、电子设备和计算机可读介质
US11621856B2 (en) Generating a domain name system container image to create an instance of a domain name system container
EP3220604B1 (fr) Procédés de délégation de certificat client et dispositifs associés
WO2020093609A1 (fr) Procédé, appareil et dispositif de génération de blocs pour chaîne de blocs, et support de stockage lisible non volatil
US20210014217A1 (en) Technologies for securing network function virtualization images
US11271968B2 (en) Zero round trip time transmission for anticipatory request messages
CN112235274B (zh) 支持多种加密算法进行安全通信的银企直连系统和方法
US11121864B1 (en) Secure private key distribution between endpoint instances
WO2022063213A1 (fr) Procédé et système d'accès réseau reposant sur une distribution en nuage, et support et dispositif
Rajathi et al. Practical Implementation and Analysis of TLS Client Certificate Authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17855028

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17855028

Country of ref document: EP

Kind code of ref document: A1